This post explores how the DNS protocol can be abused to exfiltrate data by adding bytes of data onto DNS queries or making repeated queries that contain data encoded into the fields of the query.
Article Link: Security Analytics: Using SiLK and Mothra to Identify Data Exfiltration via the Domain Name Service