Domain Name System (DNS) is a fundamental service of the Internet. DNS tunnel is one of the most threatening abuses of DNS that has posed a huge threat to user privacy and internet security. Attackers conceal the information into DNS packets to evade detection by firewalls and intrusion detection systems. And the newly developed DNS tunnels, which have been used by Advanced Persist Threat groups, tend to use A and AAAA resource records (RRs) for transmission, making them stealthier and more threatening. Prior DNS tunnels detection approaches mainly focus on subdomains and TXT RRs. Less attention is currently being paid to newly developed A and AAAA RRs based DNS tunnels. In this paper, we propose a novel approach to detect DNS tunnels, including those newly developed ones that use A and AAAA RRs for transmission. We first investigate RR types used by different DNS tunnel tools. Novel features are extracted from the domains and 4 types of RRs that are most commonly used for tunneling to measure the amount and content of information exchanged between authoritative nameservers and clients. We also analyze the detection capabilities of different features. The anomaly detection algorithm is employed on domains related features and 4 types of RRs related features separately. The overlaps of outliers will be flagged as DNS tunnels. Our approach has been evaluated on real-world traffic. The experimental results show that our approach can detect all the DNS tunnels with extremely low false positive rate.