[anyfoo]

Great idea, and pretty much exactly how DNS tunnels work (only there you want the TTL to avoid caching--through an explicit 0 TTL or changing names--because you want to exchange every packet only once except for retransmits).

However, I'm not sure it's fair to talk about "limiting ourselves to ping", as I'd argue that there are vastly more generic hosts replying to ICMP echo than there are open DNS resolvers (which I know includes all openly available nameservers). I believe the video also has shown that the number of pingable hosts pretty much approaches the number of hosts with an external IPv4 in the first place, at least the map he's shown looked lighter than dark to me.