Tuesday 07 July 2026 00:11:46 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

DNS-based backdoor

A covert control channel that uses DNS traffic for remote communication.

A DNS-based backdoor is a covert control channel that hides attacker communication inside normal Domain Name System traffic. Instead of opening an obvious remote shell or using a visible web endpoint, malware sends DNS queries and receives instructions, status checks, or encoded data through lookups and responses. Because DNS is essential for everyday network operation, this traffic can blend into legitimate activity.

In cyber attacks, DNS backdoors are used for command-and-control, payload staging, and data exfiltration when other channels are blocked or monitored. They matter because many defenses focus on HTTP, email, or direct outbound connections and may overlook suspicious DNS patterns. Security teams look for unusual subdomain bursts, high query frequency, strange TXT record use, and hosts that resolve domains they should never contact. Monitoring DNS at developer machines, servers, and build systems can expose hidden control paths early.

← WIKICROOK index