Fun with DNS TXT Records

It is a common misconception that a DNS TXT record can only contain 255 bytes. This is not true, a TXT record can actually contain much more than 255 bytes.<p>rfc1035 defines the &lt;character-string&gt; string object, which consists of a length octet (byte), followed by n bytes of text. There is no null terminator. So, the maximum length of the &lt;character-string&gt; is 255 bytes of usable text.<p>However, a TXT record can contain one <i>or more</i> &lt;character-string&gt; objects, which the DNS client will stitch together into one long string. For a standard DNS record, the length is ultimately limited by the rdlength property of the resource record format (rfc1035, sect 4.1.3). The rdlength is 16 bit unsigned, so the maximum payload length of a resource record is 65,536 octets (64kb). Keeping in mind the overhead of the length octet in each &lt;character-string&gt; object, you&#x27;ll end up with a maximum of 65,280 octets of usable characters in the TXT record.<p>This will work, but requires the DNS server to respond to TCP requests. UDP connections that are more typically used for DNS have a limit of about 1500 bytes in length.

Waaay back in 2012, I wrote a TCP tunnel-over-DNS-TXT as a mental exercise for myself, as DNS traffic was (is still?) allowed through the Captive Portals that corp&#x2F;academia&#x2F;soulless-hospitality throw up on their Wi-Fi networks - I had it preconfigured as a tunnel for RDP traffic into my home box (WS2003) - the bandwidth was appalling (only slightly better than 56K) but the feeling of stickin&#x27; it to the man is unbeatable.<p>It&#x27;s just unfortunate now that there&#x27;s no way you&#x27;ll squeeze a semi-usable desktop experience through dial-up-tier RDP anymore. IIRC, I had to use 16-color mode on a 640x480-sized desktop (good enough for e-mail!).<p>Of course, today, people just whip-out their phone&#x27;s tether&#x2F;hotspot.

DNS as a password manager is kind of an own-goal, as you give the attacker the means to mount an offline attack against your encrypted passwords at the outset. They can simply retrieve the encrypted blobs over the network, and begin.<p>Putting that aside, as instantiated by the author, there are some problems with the encryption methodology:<p>1. CBC doesn&#x27;t provide integrity<p>There&#x27;s no guarantee given to you by the construction that the password you (successfully!) decrypted is the same password you encrypted. If you&#x27;re symmetrically encrypting anything nowadays, you should be using some form of authenticated encryption.<p>2. `openssl enc`&#x27;s -pbkdf2 flag defaults to 10k iterations, which is off by more than an order of magnitude by today&#x27;s standards for a comparable use case(protecting password vaults).<p>3. using PBKDF2 in the first place.<p>There are more modern KDFs nowadays(scrypt, argon2) that are resistant to more kinds of attacks[0] that should probably be used instead.<p>4. using `openssl enc` in the first place.<p>OpenSSL has always cautioned against using the `enc` command for anything serious, so I feel obligated to mention it.<p>Sorry if this seems like I&#x27;m talking out of school, but in case any one reading was inspired to use this methodology for encrypting their own passwords, I wanted to give a proper accounting of what I think the limitations are.<p>Off topic: is this guy a Drake fan?<p>[0]: <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Custom_hardware_attack" rel="nofollow noreferrer">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Custom_hardware_attack</a>

The most fun I had with TXT records was that putting an an XSS payload and chuckle at those &quot;online DNS lookup&quot; tools popping up my alert() calls.

Semi-compulsory link whenever this sort of thing comes up:<p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Hesiod_(name_service)" rel="nofollow noreferrer">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Hesiod_(name_service)</a>

Spotify uses (used?) DNS TXT records as well. See e.g. the following article: <a href="https:&#x2F;&#x2F;engineering.atspotify.com&#x2F;2017&#x2F;03&#x2F;spotifys-love-hate-relationship-with-dns&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;engineering.atspotify.com&#x2F;2017&#x2F;03&#x2F;spotifys-love-hate...</a><p>I thought they also used it in their client but cannot find a article about that.

Also, every &quot;class&quot; has TXT records, not just the &quot;IN&quot; (internet class):<p><pre><code> $ host -c ch -t txt version.bind glass.its.utexas.edu version.bind descriptive text &quot;9.11.36-RedHat-9.11.36-11.el8&quot; $ host -c ch -t txt version.bind ns1.yahoo.com version.bind descriptive text &quot;Yahoo&quot;</code></pre>

&gt; With only four TXT recrods that’s ~1KB of compressed data. Some demoscene intros can be stored in TXT records.<p>A somewhat useful thing what can be stored in TXT is some some self contained script with the encoded payload eg to bypass firewall&#x2F;proxy. You can even bootstrap it from one record and it can read the rest of payload itself from the other records.<p>Edit: yep, good old iex:<p><pre><code> (Resolve-DnsName -Type TXT yourdnsname).Strings|iex</code></pre>

I used to do things like this. Then my DNS host was bought by another company (after 18 years with them) and their new system started detecting my youtube iframe rickrolls for blindly copying&#x2F;embeding whois http sites as &quot;hacking attempts&quot;. I had to remove them or else I couldn&#x27;t change my records.

I did some research on TXT records a little while back, that might be of interest: <a href="https:&#x2F;&#x2F;labs.ripe.net&#x2F;author&#x2F;pgl&#x2F;the-joy-of-txt&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;labs.ripe.net&#x2F;author&#x2F;pgl&#x2F;the-joy-of-txt&#x2F;</a>

&gt; DNS as a Password Manager?<p>Shades of the old NIS+&#x2F;AUTH_DH&#x2F;mech_dh scheme. That&#x27;s a scheme that Sun used in 1987 for NFS security and for authentication. It goes like this:<p><pre><code> - there is a name service called &#x27;publickey&#x27; (i.e., with a getent style API, a &#x27;files&#x27; backend, so &#x2F;etc&#x2F;publickey, and a NIS+ backend for domain-based authen.) - each publickey(5) entry has: - the name (&quot;netname&quot;) of the entity - a DH group identifier - a DH public key and - the corresponding DH private key encrypted in the entity&#x27;s password </code></pre> To login you in the system would prompt you for a username and password, lookup your entry in the publickey(5) name service, if found then it would decrypt the private key and confirm that the public key matches.<p>To authenticate to a remote service the system would find that service&#x27;s publickey(5) entry, compute the shared DH secret, and send a message with the local and remote names, a nonce, and a proof of knowledge of the shared secret.<p>Anyways, you could store publickey(5) in DNS, naturally, if you wanted, though that was never implemented because mech_dh simply died of disuse.<p>It&#x27;s worth noting that the DNS is mostly public. Yes, you can make zone iteration hard, but not impossible. So if you publish secrets encrypted in low-entropy keys (like typical passwords) then those will be subject to cracking.<p>I do think mech_dh, modernized with ECDH and PQ key agreement, could make a lot of sense to revive. I could totally see a new scheme that&#x27;s a cross between mech_dh, Kerberos, and JWT.

Someone should make another one of these &quot;unlimited data storage with youtube, discord, etc&quot; videos, just with DNS TXT records. Globally distributed, unlimited data storage for (almost) free!

Related: <a href="https:&#x2F;&#x2F;dns.toys" rel="nofollow noreferrer">https:&#x2F;&#x2F;dns.toys</a>

Idea for a password manager: alternative DoH server (with own root, it solves DNSSEC issues) with proper authentication that returns the username and password for each site as TXT records.<p>So you can `dig` to retrieve passwords:<p>` dig example.com @my.crazy.password.manager.tld `<p>` example.com. TXT &quot;username=myuser;password=hunter2&quot;<p>You can now use tools like rsync, ssh, irc, browsers,next to piggy back in DNS to resolve passwords and private keys, even TOTPs

I cannot believe it:<p>I was just asking <a href="https:&#x2F;&#x2F;www.perplexity.ai" rel="nofollow noreferrer">https:&#x2F;&#x2F;www.perplexity.ai</a> for some geek examples of what I can do with TXT Records, and as an answer I&#x27;ve got the summary of <i>this</i> HN page and link<p>(adding content to HN carry on some big responsibilities nowadays ... )

About 25 years ago I played an adventure game someone had written entirely in DNS TXT records. You may each move with nslookup (which shows how long ago this way)<p>&gt; With an API, one could programatically update TXT records.<p>Just run bind yourself and you can update your records with very simply programming!

Create your own adventure, all you need is python + dnspython + dns redis, and a Redis DB: <a href="https:&#x2F;&#x2F;github.com&#x2F;m3047&#x2F;rkvdns">https:&#x2F;&#x2F;github.com&#x2F;m3047&#x2F;rkvdns</a><p>When you start using DNS as a generalized key&#x2F;value store, there are some tuning &#x2F; optimizations to be aware of:<p>* Production grade caching &#x2F; recursing servers retry aggressively. There is debouncing in this implementation.<p>* Tune your EDNS packet size (in your caching server) to make sure you aren&#x27;t triggering retries unnecessarily. (And frags are bad and Francisco Franco is still dead.)<p>* Empty non-terminals are rare enough in &quot;happy eyeballs&quot; use that (de) optimizations in the name of things like privacy are known to happen. You should contemplate disabling qname minimization if that&#x27;s something the caching server does.

I guess it would be a very solid way to present shasums for binaries. Nowadays software often puts them on the same webpage that links to the binary. While that&#x27;s better than nothing, having them in a TXT record makes it more secure.

Nice. I will probably post some TXT poetry for jest.<p>Just wanted to add that the first line in the first snippet should be:<p><pre><code> &gt;&gt;&gt; lorem_ipsum = b&quot;Lorem...&quot; </code></pre> Else zlib.compress() will throw a TypeError.

<a href="https:&#x2F;&#x2F;dyna53.io&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;dyna53.io&#x2F;</a> is an amusing example of (mis)using AWS&#x27;s Route 53 DNS service as a database.

Messing with DNS is so fun. I did a lightning talk on storing secrets in DNS [1] for my vpn tokens and also have a URL shortener that uses DNS as its storage mechanism [2]<p>[1]: <a href="https:&#x2F;&#x2F;youtu.be&#x2F;CpWM_eVfRBM?si=uj3qVLcW_56FdQ8Y" rel="nofollow noreferrer">https:&#x2F;&#x2F;youtu.be&#x2F;CpWM_eVfRBM?si=uj3qVLcW_56FdQ8Y</a><p>[2]: <a href="https:&#x2F;&#x2F;ols.wtf&#x2F;url-shortener.html" rel="nofollow noreferrer">https:&#x2F;&#x2F;ols.wtf&#x2F;url-shortener.html</a>

mDNS uses the TXT record as a key-value store, and it’s used quite a lot: for AirPlay or for IoT with Matter devices (and many others).

Pretty Cool!