Yes, but an internal resolver has filtering and must be heavy monitored. If the DNS logs are sent to a SIEM you will be detected quickly

I mean most of the time said company resolvers have a service that block either suspicious requests, or only allow whitelisted domains.