Which of the following log sources would be most useful for detecting DNS tunneling?
DNS logs contain queries and responses needed to detect tunneling.
Why this answer
DNS tunneling exfiltrates data via DNS queries. Analyzing DNS logs for unusual query patterns or high volume is key.