As a system that converts IP addresses and domain names to each other， Domain Name System （DNS） is one of the important basic protocols in Internet. Due to the importance of DNS in Internet， the security policies of some security facilities such as firewalls and Intrusion Detection Systems （IDSs） allow DNS traffic to pass by default， giving attackers the opportunity to use DNS tunneling for communication. Currently， there are many malware that support DNS communication or even use DNS communication by default， which brings great challenges to network security tools and security operations centers. However， the existing research mainly focuses on specific detection methods and rarely explores the tunneling tools themselves， even though the majority of researchers rely on tunneling tools to generate samples. Therefore， the research on DNS tunnel detection technology was reviewed. Firstly， the development history and research status and the existing detection schemes of DNS tunneling were elaborated systematically， and the advantages and disadvantages of detection methods in the past 10 years were discussed. Subsequently， 6 commonly used tools in these detection schemes such as dnscat2， Iodine， and dns2tcp were evaluated and tested， and the experimental data was published. Experimental results show that most detection schemes do not disclose their tunneling sample datasets or the set parameters when using tunneling tools to generate traffic， making these schemes almost impossible to reproduce. Besides， some detection solutions use DNS tunneling tools with distinctive signature characteristics. Using samples with signature features to train model-based detection schemes will lead to doubts about the generalization ability of the model， that is， it is impossible to know whether this type of model will perform well in the real world. Finally， related future work development directions were prospected.