Raw Record Source

{
  "$type": "site.standard.document",
  "canonicalUrl": "https://rednafi.com/misc/dns-record-to-share-text/",
  "description": "Share data via DNS TXT records using dig and base64 encoding. Learn limitations, security concerns, and practical use cases for DNS tunneling.",
  "path": "/misc/dns-record-to-share-text/",
  "publishedAt": "2023-07-17T00:00:00.000Z",
  "site": "at://did:plc:fgtm2c26vfcj74rfmeggbyqj/site.standard.publication/3mnl6f7ob462z",
  "tags": [
    "Shell",
    "Unix",
    "TIL",
    "Networking"
  ],
  "textContent": "This morning, while browsing Hacker News, I came across a neat trick for [sharing data via\nDNS TXT records]. It can be useful for propagating a small amount of data in environments\nthat restrict IP but allow DNS queries, or to bypass censorship.\n\nTo test this out, I opened my domain registrar's panel and created a new TXT type DNS entry\nwith a base64 encoded message containing the poem A Poison Tree by William Blake. The\nmessage can now be queried and decoded with the following shell command:\n\nThe command uses dig to query a TXT DNS record for _poem.rednafi.com, removes any double\nquotes and spaces from the record value via sed, and then decodes the base64-encoded value\nvia base64 to retrieve the original plaintext message that was stored in the TXT record.\nRunning this will return the decoded content of the record:\n\nYou can also encode image data and retrieve it in a similar manner. If your data is too\nlarge to fit in a single record, you can split it into multiple records and concatenate them\non the receiving end.\n\nHowever, there are some limitations to this approach. [RFC 1035] says that the total size of\na DNS resource record cannot exceed 65535 bytes. Also, the maximum length of the actual text\nvalue in a single TXT record is 255 bytes or characters. This doesn't give us much room to\ntunnel large amounts of data. Plus, DNS has well-known vulnerabilities like MITM attacks,\ninjection issues, cache poisoning, and DoS. So I'd refrain from transferring any data in\nthis manner that requires a layer of security. Protocols like DANE and DNSSEC aim to address\nsome of these concerns but their adoption is spotty at best. Still, I found the idea of\nusing DNS records as a simple database quite clever!\n\n\n\n\n[sharing data via DNS TXT records]:\n    https://news.ycombinator.com/item?id=36754366\n\n[rfc 1035]:\n    https://www.rfc-editor.org/rfc/rfc1035",
  "title": "Using DNS record to share text data"
}