DNS tunneling over HTTPS (DoH) and TLS (DoT) is a technique used to bypass network restrictions and security measures by encapsulating DNS queries within encrypted HTTPS or TLS traffic.
In traditional DNS queries, the information exchanged between the client and server is sent in plain text, which makes it susceptible to interception and eavesdropping. By using DoH or DoT, the data is encrypted and hidden within legitimate web traffic, making it much harder to detect.
DNS tunneling over DoH/TLS can be used for both benign and malicious purposes. For example, it can be used by users in countries with strict internet censorship to access blocked websites. On the other hand, cybercriminals can use this technique to hide their malicious activities from security systems that rely on monitoring DNS traffic.
To prevent abuse of DoH/TLS for malicious purposes, some organizations may choose to block all encrypted DNS traffic or only allow it through authorized channels. Additionally, security measures such as advanced threat detection tools can help identify suspicious behavior associated with DNS tunneling over encrypted protocols.