12 Aug: UDP or TCP DNS
DNS servers accept requests on both UDP and TCP port 53. UDP is ideal since its faster (lower overhead). This also means lower load on the DNS server. TCP is required where the data payload is going to exceed the UDP maximum of 512 bytes. The 512 byte limit is to ensure the packet fits within the maximum size that IPv4 guarentees can be reassembled after fragmentation.
- TCP is used for zone transfers since there are almost always bigger than 512 bytes
- TCP is used for name queries of any size if there no response from a UDP request for 3-5 seconds
- If the request or response exceeds 512 bytes (e.g. DNSSEC responses), it'll use TCP. If the UDP response is bigger than 512 bytes it'll be truncated and the client will try again over TCP
- You can also force a client to always make TCP name queries
There is an extension to the protocol which amongst other things, allows 4096 byte UDP packets - Extension Mechanisms for DNS (EDNS0). The server and client would both need to specifically support this.
You can check whether EDNS is supported by the name server in the dig output:
$ dig google.com
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1500
This says EDNS version 0 (EDNS0) is supported, and that the maximum supported length of a UDP query is 1500 bytes. You can force dig to send a request over TCP with the +tcp flag no matter what the size.
Use [do not use] TCP when querying name servers. The default behavior is to use UDP
unless an ixfr=N query is requested, in which case the default is TCP. AXFR queries
always use TCP.
- ixfr: incremental zone transfer
- axfr: full zone transfer