If DNS queries carry hidden data, which technique is in use?

Carrying hidden data in DNS queries is DNS tunneling. This technique treats the DNS protocol as a covert channel by encoding data into the domain names in queries (often as long, unusual subdomains) and sending them to a server under the attacker’s control. The resolver or authoritative server then decodes the data on the other end. Because DNS is widely allowed through networks and many environments don’t inspect every DNS request deeply, this can enable data exfiltration or even a hidden communication path without raising obvious alarms. In contrast, DNS over HTTPS simply hides the content of DNS traffic by transporting it inside HTTPS, but it isn’t designed to channel arbitrary data through DNS queries themselves. DNSSEC focuses on authenticating DNS data to prevent tampering, not on hiding data within the queries. IP spoofing involves forging IP addresses at the network layer, not using DNS queries to conceal data.