DNS tunneling tools like DNSCat2 avoid DNS caching by generating many unique subdomains. DNS caching works by storing the responses to queries for a specific amount of time, so if subsequent queries for the same domain name occur within that time, the cached response is used instead of querying the DNS server again. By creating numerous unique subdomains, each query appears to be different, thereby bypassing the cache and forcing the DNS query to be processed by the DNS server each time.