Since January 2025, several domains have been observed engaging in scanning activity leveraging DNS tunneling techniques. These domains target DNS resolvers hosted on public IPv4 and IPv6 addresses. To evade source IP-based access controls, the attacker spoofs the source IP to appear as an adjacent destination address....