This talk demonstrates a large hole in internal security, based on tests performed on a wide variety of clients. Too often, DNS is overlooked, and improper logging and monitoring leads to a plethora of attack vectors. This talk will also demo a new tool, which abuses DNS lookups of arbitrary (none attacker controlled) domains to prove dangerous exfiltration attacks are possible against even the most secure of networks. Better, it also shows some novel ways of fixing this issue on large scale networks. Hopefully usefully for red and blue alike.