Use python script to get Hex Dump of a DNS query
$ python >>> import binascii >>> def dns_hex(hex): ... a = [binascii.hexlify(i) for i in hex.split(".")] ... print "06".join(a[0:-3])+"07".join(a[-3:-1])+"02"+a[-1] ... >>> dns_hex("attack.attack.attack") 61747461636b0761747461636b0261747461636b Here we are going to use the dump in the iptable rule Create the iptable rule $ sudo iptables -I INPUT 1 -p udp --dport 53 -m string --algo bm --from 30 --to 60 --hex-string "|61747461636b0761747461636b0261747461636b|" -j DROP