Use python script to get Hex Dump of a DNS query
$ python
>>> import binascii
>>> def dns_hex(hex):
... a = [binascii.hexlify(i) for i in hex.split(".")]
... print "06".join(a[0:-3])+"07".join(a[-3:-1])+"02"+a[-1]
...
>>> dns_hex("attack.attack.attack")
61747461636b0761747461636b0261747461636b
Here we are going to use the dump in the iptable rule
Create the iptable rule
$ sudo iptables -I INPUT 1 -p udp --dport 53 -m string --algo bm --from 30 --to 60 --hex-string "|61747461636b0761747461636b0261747461636b|" -j DROP