GIAC Certified Incident Handler (GCIH) — Question 125

How do DNS tunneling tools like DNSCat2 avoid DNS caching?

Answer options

• A. Use a different UDP port than 53
• B. Send packets at regular intervals
• C. Generate many unique subdomains
• D. Encrypt the DNS queries

Correct answer: C

Explanation

The correct answer is C because generating many unique subdomains prevents DNS servers from caching responses, as each request looks different. Options A and B do not address the DNS caching issue directly, while D, although useful for privacy, does not affect the caching mechanism itself.