I think DNSSec solves a different problem, one where someone is maliciously tampering with DNS requests.
This is a discussion of what you can do with an ordinary DNS client and server.
More interestingly, there doesn't seem to be much software out there for monitoring DNS requests and spotting anomalies, is anyone aware of software that does this (preferably FOSS)?
You're absolutely right - as I replied to the parent, this talk has nothing to do with DNSSec, it wouldn't affect this one way or the other.
I also didn't find any great tools for finding anomalous DNS activity, but I didn't look that hard either - I wanted to get the basic functionality written before I started looking at evasion.
The traffic is definitely unusual as-is (I could make it much more discreet, but WAY slower - dnscat1 had those options), and there are definitely techniques to detect it, but I'm not sure what tools could be used.
This is a discussion of what you can do with an ordinary DNS client and server.
More interestingly, there doesn't seem to be much software out there for monitoring DNS requests and spotting anomalies, is anyone aware of software that does this (preferably FOSS)?
Edit: A quick search turns up this, I'll have to try this out. https://isc.sans.edu/diary/A+Poor+Man%27s+DNS+Anomaly+Detect...