DNS has been used for exfiltration of data, command and control and malware distribution for some time. It's popular because DNS is rarely blocked even when a network is locked down and forces everyone through a corporate monster-in-the-middle proxy.
DNS would also have to be forced through recursive servers that put size and rate limits breaking RFC's in place or at least alert on suspicious behavior which some over-priced corporate firewalls do. The alerts then have to be aggregated where a SOC will detect them and send someone to inspect that persons laptop.
Home users are at the mercy of their DNS provider or setting up their own recursive DNS and putting rate limits in place and their own monitoring. If a home user had no need to fetch TXT records they could censor some or possibly all of them using Unbound.
Example from one of my formerly public recursive DNS servers for their pro-DDOS massive TXT records. I believe this could be done for all domains but have not tested it. The examples below are commonly used in DDoS-Amplification attacks among many other domains with large TXT replies.
Bender•14h ago
DNS would also have to be forced through recursive servers that put size and rate limits breaking RFC's in place or at least alert on suspicious behavior which some over-priced corporate firewalls do. The alerts then have to be aggregated where a SOC will detect them and send someone to inspect that persons laptop.
Home users are at the mercy of their DNS provider or setting up their own recursive DNS and putting rate limits in place and their own monitoring. If a home user had no need to fetch TXT records they could censor some or possibly all of them using Unbound.
Example from one of my formerly public recursive DNS servers for their pro-DDOS massive TXT records. I believe this could be done for all domains but have not tested it. The examples below are commonly used in DDoS-Amplification attacks among many other domains with large TXT replies.