Gamer Successfully Runs DOOM Using Only DNS TXT Records

Running DOOM via DNS: A Technical Proof of Concept

In a novel demonstration of protocol abuse, a security researcher has successfully stored and executed the classic video game DOOM entirely within the Domain Name System (DNS). By leveraging TXT records—typically used for email authentication or arbitrary text data—the project transforms the global DNS infrastructure into a fileless delivery mechanism for a fully playable game.

How It Works

DNS TXT records are text fields attached to domain names that can hold up to roughly 2,000 characters each. While originally intended for verification purposes, they lack strict validation, allowing users to store arbitrary data. The researcher utilized this capability to Base64-encode the entire game engine and assets (specifically a C# port known as 'managed-doom') and split the data across approximately 1,966 TXT records hosted on a single Cloudflare domain.

To play the game, a user runs a 250-line PowerShell script. This script queries the domain to retrieve the records, decodes the data, and reassembles the game directly into the computer's Random Access Memory (RAM). By loading the .NET assemblies via reflection, the game launches without writing a single file to the hard drive, effectively creating a 'fileless' execution method.

Technical Hurdles and Modifications

Porting the game to run strictly from memory required significant modifications to the source code. The researcher utilized AI assistance to adapt the 'managed-doom' engine, removing dependencies on native file paths and windowing libraries that would typically require disk interaction. To reduce the data footprint and minimize the number of required DNS queries, the audio was stripped from the build. The final compressed payload required roughly 15 minutes to upload to the DNS server but loads on the client side in approximately 10 to 20 seconds.

Security Implications

While the project serves as a technical curiosity and a 'cursed computing' achievement, it highlights potential security risks. DNS is a ubiquitous protocol often allowed through firewalls without strict inspection. Threat actors have historically used TXT records to hide payloads, and this proof-of-concept demonstrates the theoretical upper limit of such techniques—storing entire executable programs within the DNS infrastructure itself.

The full source code for the project has been made publicly available on GitHub.