Corollary is, spyware can use DNS to exfiltrate data [0]. Or, send out client-side metrics with cleverly drafted DNS requests [1], or use it as a 3p-cookie replacement [2].
[0] https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-ca...
[1] https://github.com/Jigsaw-Code/choir (disclosure: I co-develop hard-forks of two other related Jigsaw-Code projects)
You can even set up a VPN over DNS if you really wanted. https://github.com/yarrick/iodine