Detects if a tripe A DNS response contains or not an IP announced. In case the response contains a non-announced IPv6 we can think there is a kind of cover-channel communication attempt.
Source table → network.dns
SecOpsTooLongDNSResponse
Monitor TXT and ANY responses to detect infiltrations or possible reflection attacks.
