The short TTL is very sketchy and most NIDS(s) have contextual rules to detect DNS rebinding attacks. One may additionally filter private ranges from responses and HTTP requests by host headers. Not to mention TLS.

It's useful against vulnerable IoT devices or home routers, but is it still effective to breach enterprise perimeters?