After the initial publication of this blog post, Asaf Nadler and Avi Aminov wrote a paper on the detection of malicious and low-throughput data exfiltration over the Domain Name System (DNS) protocol. The DNS protocol is a naming system for host machines and an essential component in the functionality of the internet. The vast number of domains and subdomains on the internet today exceeds the storage capabilities of a small, simple database. This was foreseen by the designers of the DNS, and the system was designed as a hierarchical distributed database . The resolution of a domain name to the IP address of its host machine starts by querying the root DNS servers (i.e., the head of the hierarchy) in a top-down manner until reaching a designated server called an authoritative name server (AuthNS). With so much information to share, the authors ended up being published in Elsevier .…