Threat actors are using DNS tunneling as a means to scan for network vulnerabilities and check the success of phishing campaigns, according to new research from Palo Alto Networks.