A peculiar method has surfaced for embedding images within DNS TXT records, an approach that initially appears unconventional. This technique leverages the inherent flexibility of DNS TXT records, which are capable of holding arbitrary data, including the binary information that constitutes an image. The novelty of this method has captured the attention of both tech enthusiasts and security researchers alike. Discussions have flourished on platforms such as Reddit, and open-source initiatives have been inspired, as noted in a report by the Researcher.
The fundamental principle behind this technique is remarkably straightforward: convert an image into a format suitable for storage within DNS TXT records. While TXT records are traditionally employed for human-readable notes or service configurations, their ability to accept any text-based data allows for the storage of encoded binary information. Base64 encoding is the most efficient choice for this purpose, despite increasing the original file size by approximately 1.33 times. Hexadecimal encoding is also an option, but it doubles the file size, making Base64 the preferred method for larger images.
Due to the common length limitations of individual TXT records, typically around 2048 characters per record, the encoded image data must be segmented into smaller chunks. Each of these chunks is then stored in a distinct TXT record, often organized under subdomains such as dnsimg-1.domain.com, dnsimg-2.domain.com, and so forth. An additional record, for instance, dnsimg-count.domain.com, is utilized to specify the total number of chunks. A simple Python script, like the one below, can automate this splitting process, generating a DNS zone file ready for import into services like Cloudflare.
While this technique demonstrates the remarkable versatility of DNS, it does come with practical limitations.
The inherent size and rate limits of DNS records make storing large images impractical; for example, a 2MB image would necessitate roughly 1000 records, each nearing the 2KB limit, which, while technically possible, is cumbersome. Furthermore, this method has been identified as a potential vector for data exfiltration, making it a subject of significant interest within cybersecurity discussions.
Ultimately, embedding images in DNS TXT records stands as an ingenious proof of concept, highlighting the adaptability of DNS infrastructure. It serves both as an engaging experiment and a pertinent reminder of the imaginative—and occasionally unintended—applications of network protocols. For those intrigued, web viewers and open-source tools are readily available to explore this technique firsthand.
Reference:
