[richthegeek]

So I split my packets up into smaller chunks. Now you need to rate limit DNS. But you still need to allow regular DNS traffic somehow, or you break the internet.

[k4ch0w]

Well, allowlist to a known DNS server and block anything on DNS that isn't allowlisted.

[ignoramous]

The exfiltrated data isn't for DNS resolvers but is leaked to Nameservers through them.

A similar technique forms the basis of how services like dnsleaktest.com and which.nameserve.rs identify DNS resolvers in-use by a particular client.