DNS was designed 45 years ago to map hostnames to IP addresses, not as a file storage system. Yet a security researcher has just demonstrated something that fundamentally challenges assumptions about what the protocol can do: store and execute an entire video game.
The project required approximately 1,966 TXT records on a single DNS zone, with the upload taking about 15 minutes using the Cloudflare API. A 250-line PowerShell script resolves all roughly 2,000 DNS queries in 10 to 20 seconds, reassembles everything in memory, loads the assemblies via reflection, and launches the game with nothing written to disk.
TXT records normally contain strings of text and are typically used for domain validation and spam control. Each TXT record can contain up to 2,000 characters, and since DNS entries are cached across the entire internet, a substantial amount of data can be stored and queried at a relatively quick pace.
The researcher chose Doom as the proof of concept for good reason. The universal benchmark for testing whether something can do what it was never designed for is always Doom; thermostats run it, pregnancy tests run it, so naturally DNS should too. With compression, Doom fits comfortably in a single Cloudflare Pro DNS zone, with the WAD file dropping from 4MB to 1.7MB and the DLL bundle going from 4.4MB to 1.2MB.
The technical approach relied on a C# port of the original engine. The researcher needed a Doom port written in a language that could be reflected into memory on Windows, and found managed-doom, a pure C# port of the original Doom engine. Managed .NET assemblies can be loaded from raw bytes in memory, meaning the compiled code could be fetched from DNS and executed without ever touching the disk.
This kind of creative misuse of DNS infrastructure raises legitimate security questions. The researcher has previously hidden malicious payloads in TXT DNS records, using them to deliver code via the same infrastructure that resolves normal domains, which is surprisingly difficult to catch forensically since few organisations flag the historic contents of TXT records.
DNS also supports TXT records as little text fields originally intended for things like email authentication, but nobody actually validates what goes in them. You can write whatever you want: a love letter, a recipe, or base64-encoded binary data.
The broader implication is that DNS, one of the internet's oldest and most fundamental protocols, remains remarkably open to creative repurposing. While running a video game through DNS is more novelty than threat, the underlying technique demonstrates how defenders need to think carefully about what data flows through their networks and how it gets validated.