Attackers have been using Domain Name System (DNS) tunneling, which exploits the DNS, as a covert communication to leak confidential information and establish command and control (C2). Against this background, a number of studies have been conducted to detect DNS tunneling, but countermeasures also effective for general Internet users have not been fully examined. We focused on DNS-tunneling countermeasures on the basis of current DNS subdomain lengths from the viewpoint of making DNS-tunneling countermeasures easily available to general Internet users. First, we verified that DNS-tunneling countermeasures by monitoring current DNS subdomain lengths are effective for general Internet users by analyzing the traffic generated by such users. On the basis of the validation results, we propose a DNS-tunneling-detection method that is based on the explicitly different distribution of DNS subdomain length and DNS-tunneling length due to general use, and clarified its effectiveness through qualitative evaluation.