In a corporate environment you must use only the company DNS internal resolver and they are the only one that should go outside on port 53. This is a basic security measure to detect and block every attempt of DNS tunnelling or exfiltration

▲

tuwtuwtuwtuw 3 days ago | parent [-]

Even if you use the internal resolver you could exfiltrate the data.

	▲	lormayna 3 days ago \| parent \| next [-]
		Yes, but an internal resolver has filtering and must be heavy monitored. If the DNS logs are sent to a SIEM you will be detected quickly
	▲	pixl97 3 days ago \| parent \| prev [-]
		I mean most of the time said company resolvers have a service that block either suspicious requests, or only allow whitelisted domains.