Well...I am not necessarily concerned by fact of DNS tunnel usage. Users without permission for network traffic are successfully blocked. Examples that i observe are rather experiments, not attempts of stealing transfer (since they are allowed to make regular transfer). What makes me worried: the transfer made through the tunnels is in fact fully saved in cache... that's risky in terms of resources (mainly memory). that's why forwarding TXT & NULL without saving initially sounded like elegant solution for me.
> Thanks for the elaboration. It would be cool indeed if the resolver would be > able to detect anomalies in DNS traffic (and deploy counter measures) I like its simplicity, and intelligence around:)
