DNS(domain name system) covert channel is a kind of cyberattacks to achieve data leakage, which is favored by many APT organizations and poses a serious threat to cyberspace security. Aiming at the problem that traditional machine learning methods rely on selected features and are easy to over-fit, a DNS covert channel detection method fusing multi-scale convolution neural network and attention mechanism is proposed. This method focuses on the bidirectional flow of DNS request and response. Firstly, multi-scale convolutional kernels are used to extract the spatial features of DNS flow in parallel. It can extract richer context information features by increasing the width of backbone network. Then an attention mechanism is introduced to further mine the information of fused feature maps between multi convolutional channels. Finally, a softmax classifier is used to implement the detection of DNS covert channels. The experimental results show that the proposed model can effectively detect the DNS covert channel, and the average accuracy, precision rate and recall rate are 96.42%, 97.82% and 96.16% respectively, which are higher than the traditional method.