The DOOM Over DNS project, a groundbreaking achievement by security engineer Adam Rice, has successfully demonstrated running the classic video game DOOM entirely through DNS records. This innovative feat, reported on Hackaday on March 31, 2026, not only satisfies the long-standing ‘can it run DOOM?’ meme but also unveils profound implications for cybersecurity and data exfiltration.
Rice’s ingenious method leverages DNS TXT records, typically reserved for email authentication and other arbitrary text data. Despite their seemingly innocuous nature, these records have no strict payload limitations beyond a 2,000-character per record constraint. The core of his project involved compressing the shareware version of DOOM, including its C# game engine port (`managed-doom`) and the WAD file containing game resources. This data was then meticulously split into numerous Base64-encoded chunks.
The compression was significant: the WAD file was reduced from 4MB to 1.7MB, and the game engine’s DLL bundle shrank from 4.4MB to 1.2MB. This optimized data required approximately 1,966 TXT records, all stored on a single Cloudflare Pro DNS zone. For organizations utilizing free Cloudflare accounts, the data would necessitate distribution across multiple zones, highlighting a potential scalability challenge for such covert operations.
Executing DOOM Over DNS Project: A Technical Deep Dive
To bring the game to life, Rice developed a compact PowerShell script, roughly 250 lines long, designed to query these specific DNS TXT records. The script efficiently fetches all the necessary game data within 10 to 20 seconds, reassembles it in memory, and then dynamically loads the required .NET assemblies via reflection. Crucially, the game launches without writing any files to disk, a characteristic that makes it particularly challenging to detect using traditional endpoint security measures. Notably, Rice even enlisted the assistance of the Claude chatbot to refine elements of his code, showcasing the growing integration of AI in complex development tasks.
This project extends far beyond a mere technical curiosity. It serves as a stark reminder of the often-overlooked vulnerabilities within fundamental internet protocols. DNS, a backbone of internet communication, can be repurposed as a covert, globally distributed data store. TXT records, with their lack of inherent validation and public queryability, offer an ideal conduit for payloads, commands, or sensitive data exfiltration, cached and accessible worldwide.
“Rice’s work underscores the need for organizations to implement more robust DNS security measures beyond basic logging, such as scrutinizing unusual TXT record query patterns and employing memory forensics to detect fileless malware.”
The implications for related Industries news and corporate security are significant. As cyber threats evolve, understanding these novel attack vectors becomes paramount. Organizations must move beyond superficial DNS monitoring and adopt advanced analytical techniques to detect anomalous activity, particularly unusual TXT record queries or large-scale data retrieval attempts. The project’s source code is publicly available on GitHub, providing a valuable resource for security researchers and defenders alike to study and develop countermeasures.
In conclusion, the DOOM Over DNS project is a powerful demonstration of both technical ingenuity and a critical wake-up call for cybersecurity professionals. It highlights that even the most fundamental internet services can be exploited in sophisticated ways, demanding a continuous evolution of security strategies to protect against fileless malware and covert data channels. Proactive monitoring and advanced forensic capabilities are no longer optional but essential in safeguarding digital assets.



