DOOM Over DNS

Domain Name System (DNS) was invented to translate human‑readable names into IP addresses, not to act as a general‑purpose storage medium. Yet the protocol’s TXT record type accepts arbitrary strings, and major providers such as Cloudflare cache those records at the edge for free. This unintended flexibility has sparked a wave of experiments that repurpose DNS as a thin, globally‑distributed key‑value store. By leveraging Cloudflare’s worldwide edge network, developers can retrieve data with a single DNS query, sidestepping traditional HTTP servers and storage costs.

The Doom‑Over‑DNS project demonstrates the concept at scale. WAD, roughly 1 MB, is compressed and sliced into 1,964 TXT records, each stored under a unique sub‑domain of a Cloudflare zone. NET‑based Managed‑Doom engine without ever touching disk. Free Cloudflare zones accommodate only 185 records, so the tool automatically distributes the payload across multiple domains, while a single Pro tier zone can hold the entire game in one place.

Beyond a novelty demo, serving binary payloads via DNS raises practical and security questions. Because DNS traffic is typically allowed through firewalls, malicious actors could embed ransomware, exfiltrate data, or launch covert command‑and‑control channels using the same technique. Conversely, legitimate developers might exploit edge‑cached TXT records for ultra‑lightweight distribution of configuration files, patches, or small binaries in environments where HTTP is restricted. The Doom‑Over‑DNS experiment thus underscores the need for tighter DNS inspection and illustrates how creative reuse of existing protocols can unlock unexpected capabilities in edge computing.