Images over DNS Overview This post explores the limits and possibilities of storing large data in DNS TXT records, demonstrating that while individual character strings are limited to 255 bytes, a TXT record can contain multiple such strings. The real limitation comes from the total DNS payload size. TXT record string length: 255 bytes max per string Multiple strings allowed: true, enabling larger total TXT data UDP DNS payload size (current): ~1232 bytes (per APNIC blog) TCP DNS payload size: up to 64 KB, allowing large TXT records Demonstration and Implementation The author built a demonstration using: Google Public DNS's JSON API to query TXT records. A custom server serving large TXT responses over TCP. Handling binary data in TXT records required special JSON parsing since JSON is not designed for raw binary data, so raw binary is used to avoid Base64-like overhead. See the demo in action: images-over-dns-demo#cat The source for the client HTML is available in the repository. Using Non-Browser Tools You can retrieve these records via command-line tools like dig: This extracts and converts the TXT record back into binary form. To ensure queries succeed for large TXT records, use Google Public DNS or other open resolvers: or Why Do This? Novelty: The author found this a “cute hack”. Security considerations: Attackers have historically tunneled data over DNS, but streaming large payloads to browsers via DNS over TCP may introduce new attack surfaces. Bypassing filters: Google Public DNS supports HTTPS over IP addresses (due to their certificate coverage), allowing DNS-based content to be fetched without traditional DNS lookups, potentially bypassing DNS filters. Low TTL use: The records use a TTL of 10 seconds to avoid cache pollution. Longer TTLs could mimic a CDN by caching large data on DNS resolvers. Server-Side Details The DNS server serving large TXT records is implemented in Go. It was initially generated by ChatGPT but was modified by the author for correctness. The server code is open source and available here: git.sr.ht/~dgl/images-over-dns The blog post and client-side code are original author's work, AI used only to generate the server code. Miscellaneous The post was published on 20th September 2025. The author is David Leadbeater, reachable via GitHub, Mastodon, and Atom feed on the site. --- This work illustrates the technical boundaries of DNS TXT record size, repurposing the protocol for unusual data delivery, highlighting protocol internals, and potential security implications.