The Domain Name System (DNS) is the “Internet’s address book;” the essential, trusted, rarely scrutinized protocol that keeps the internet running by mapping readable domain names to IP addresses. More than 2.2 trillion DNS queries are processed each day to guide web traffic where it needs to go. Unfortunately, these qualities also make DNS threats an appealing vector for cyberattacks. Moreover, internal DNS servers share their domain server names and IP addresses with anyone who asks. DNS queries are also capable of delivering small amounts of data between systems. Bad actors have long recognized this opportunity, and use techniques like DNS tunneling to execute malware commands on and exfiltrate data from victims’ hardware. This threat has only grown in severity and complexity with the onset of the coronavirus pandemic in 2020.