This is not "always dns", sorry!

[thau0x01]

This tool works by opening a socket directly to the IP of the "DNS" server. In most networks, openning an UDP socket and connecting directly to a random IP address is not allowed. That's why we use DNS queries to perform exfiltration, because you don't need to connect directly to your server.

Always DNS means that data is transfered by the query resolution, don't matter what server perform this such query.

[c3l3si4n]

I agree, Caralho.

[scall0p]

I agree. fix this bro, what a shame!

[cpl]

I see, fair enough. This was more of a PoC/toy project. But I'll consider adding more stuff to it. Even had more ideas integrating with DNS services that offer APIs to do some things.