DNS queries

DNS queries consist of a single UDP request from the client followed by a single UDP reply from the server. The Transmission Control Protocol (TCP) is used when the response data size exceeds 512 bytes, or for tasks such as zone transfers. Some resolver implementations use TCP for all queries.

 

By default DNS server will serve all client queries with UDP protocol on 53 port. One reason for this selection of protocol is to get faster answers from DNS Server to the client. The UDP protocol do not require any handshake like TCP before the connection establishment.

 

DNS goes over TCP when the size of the request or the response is greater than a single packet such as with responses that have many records or many IPv6 responses or most DNSSEC responses.

The maximum size was originally 512 bytes but there is an extension to the DNS protocol that allows clients to indicate that they can handle UDP responses of up to 4096 bytes.

DNSSEC responses are usually larger than the maximum UDP size.

Transfer requests are usually larger than the maximum UDP size and hence will also be done over TCP.