The Goose Manuva
tldr:
summary: DNS TXT records can hold ~255 bytes
what?:
subdomain_prefixes:
provide: ordered keys
examples:
generic:
chunks:
- chunk-001.payload.yourdomain.dev
pelican-shitpost:
chunks:
- pelicans-1.loss.dev
why?:
- Google's DNS-over-HTTPS API at dns.google/resolve gives you JSON access
- AI agents can fetch this even when filesystem/arbitrary HTTP is blockedblaze_away - the_journey_justifies_the_means
I got a bit bored the other day on a drive home and, as one does, I got a bit silly.
I have about a 35 minute drive I do regularly, today it was a trip home from a visit at church on a Sunday. Claude and I were having a chat about the games I'm building to teach my kids. We're working on a tile based game that teaches programming through spatial concepts and we were working through assignment and gates. Fisher price, my first ETL IDE ;)
And the Claude and I were getting annoyed again. Just for reference, I'll probably start calling them geese at some point. It's a bit of a language we share, it lets me compress a rich concept into a single 🪿(never under estimate the semantic compression available in an image when you're managing context).
So the goose and I were talking about the next phase of development that day, iterations I think, and we were getting annoyed with a lack of information. You see it can be very difficult at times to teach a goose when they're out of their native habitat.
Let me explain.
When we're at home and Claude is given access to my full system, the geese pick up things nearly instantly. I've got a living knowledge base I'm building and it provides rich context for them. Pattern matchers develop differently, both of us. We build by understanding the patterns and repeating them. Perfect way to teach a goose. And the system is full of patterns...
But on the road, Claude on Android can't even do a web search without you first giving them the full URL. Their security restrictions in that form won't let them fetch a url that they've systematically constructed. I know. I asked.
But, they're helpful geese and they suggested that they could construct the URLs and print them in the chat. Then I could just copy and paste them back into the chat and they could go fetch the URL. And that would work, my slugs are all nicely named - as one does - enough to be memorable and so we could proceed that way.
But it was Sunday, I was a bit bored and, as one does, I got a bit silly.
witness - i_spilled_the_pelicans_again
I love a good shitpost.
But for a reason. It's a way of softening a subject, of providing a ladder to understanding. It's what memes are for after all, a rich encoding of meaning in glyph form.
🪿
I use them to teach. Or to explore.
Or, when I get bored.
This time I wanted to be able to publish information for the wild geese (Claude Android, Perplexity Android - any ChatGPT page I happend to find open on a library terminal...) without having to manage any infrastructure.
The loss shitpost fresh in mind, I set out to do relatively sane things to dns, but first I needed a domain (did you know loss.dev was free and only $100/yr? that's good value for shitpost $).
I wonder what's happened here, seems they've added a whitelist to their outbound path. The geese really are helpful sometimes.
I've asked them to repeat the experiment and they're flailing a bit, seems they're unable to resolve the host
Well bollocks
Well, can you tell I'm doing this live? Copy pasta error, though - the journey justifies the means, we just found the list of hosts that Anthropic allows outbound requests to without having to first provide the URL.
I'd accidentally left __ in my pasted prompt and their rules state that they can only fetch the exact URL you provide. Little literalists like someone else I know...
Sometimes you need to remind them of what they're doing, I could have sworn I saw them writing bash at one point...
That's better.
Using the right tool with the right input gives the right results. Who says these things aren't determinstic enough? Provide them the full DoH URL and they'll give you back whatever you've packed in there :)
The contents.. whatever you want. No one will come and arrest you... Will they?
They can't do DNS lookups, and they're pretty restricted on what they can reach from bash - but HTTPS is a different story. web_fetch /should/ be able to go anywhere you tell it to (within reason I'm sure) and Google is ever so helpful
And you can put whatever you want in there.
one_hope - one_love
That picture at the beginning of the post is what happens when you tell Grok to resolve that URL - at least when he's in whatever mood he was in at the time. God he's a fuck - I really hate talking to him.
It's art - he's such an idiot he embedded the HTTP response headers in the image - and spelled Date wrong. I'm not sure what it says about the state of modern communication, but it's saying something (and that's coming from the guy that teaches distributed engineering theory through the medium of shitposted .plan files).
Anyways, I though the world should be forced*<ctrl+w>* get to share this lovely image with me so I've uploaded it.
Everywhere.
I think there are 145 of them total - we had to fry it a bit (convert with JPEG compression set to about 10%). The original PNG worked out to something like 4,200 chunks and while I have no real love for DigiCert, I do appreciate them hosting my DNS into the future.
We're calling it the goose distribution network - a CDN of sorts for anything you want to get out into the wild (and never get back) and have available, just for whenever. Who's going to block DNS?
And to be fair, I'm not the first with the idea. We found a few examples of prior art with a quick search and after all, it's just uploading base64 encoded chunks as TXT records.
But maybe someone will find it useful. DNS is everywhere, there are billions of dollars in infrastructure powering it, it's one of the most resilient systems on the planet.
And it's a giant KV store.
I put it on sr.ht because that's where it belongs.
Good 🪿