First, let’s deal with what exactly is a Domain Name System (DNS). DNS also known as the phone book of internet maintains a varied database of networks, names and addresses, and provides the computers with means to remotely query or in simple words access the database. The name and addresses are converted into an Internet Protocol address by the DNS, which is in a machine friendly language, for computers to access the website based on the IP addresses. When you type in any sites web address, your Internet Service Provider checks out the domain name associated with it, converts the address into IP address for the computer to read and then directs you to the associated website.
What DNS Tunnelling or hacking does is instead of directing to the website pertaining to the typed address, it alters the IP setting and points to an unauthorised DNS server thereby altering the user DNS settings. In simple words the attacker now takes control of the DNS server and can now redirect you to any site he wants irrespective of the domain name or the IP address this is why DNS Tunnelling is sometimes referred to as DNS redirection.
Problems regarding DNS hacking were quite common at the start of internet and though today the DNS are quite robust and secured, chances are still there of an attackers can getting a fix which can cause the user great problems.
Apart from the above mentioned dangers sometime DNS tunnelling is also used by the service providers for branding and also to collect statistical data. This may not pose any threat to the user but is still a violation of user privacy and internet policies.
Today a lot of care is taken in making the DNS more secured and robust, Companies are ready to spend millions of dollars so that their data is secured and the customers don’t have to face any inconveniences. But still chances are always there that someone can get a fix, so here are a few things that can be done to avoid DNS tunnelling:
Above discussed methods are just a few of the many techniques that can be used to avoid DNS Tunnelling, user should also keep a check on the DNS setting and make sure that the domain names which are blacklisted are not being used by the server.