DNS tunneling is primarily used to transmit data covertly within what kind of traffic?

DNS tunneling relies on using the DNS protocol itself as a covert channel. Data is encoded into DNS queries and their corresponding responses (often placed in subdomain labels or other DNS record payloads), allowing an attacker to transfer information over normal DNS traffic. Because many networks allow DNS lookups to reach their resolvers, this technique can blend in with ordinary traffic and slip past basic traffic controls, making it a useful method for data exfiltration or command-and-control. It isn’t primarily about bypassing proxies, encrypting DNS traffic, or hiding data in ARP—the latter two concepts don’t align with how DNS tunneling operates or where it functions.