RtoDto.net
Network/Security/Programming

DNS uses UDP or TCP?

rtoodtoo dns March 23, 2012

As you know DNS uses UDP primarily as its transport layer protocol to communicate but for zone transfers (opcode AXFR,IXFR) it also uses TCP. There is one more indeed! DNS messages are restricted to 512 bytes and according to RFC 1035 (one of my favorites by the way), longer messages are truncated and TC bit is set in the header. In order to see this in real life, I just set more than 700 A type resource records in my zone and sent a standard query via dig command:

;; Truncated, retrying in TCP mode.

the message above is immediate reaction of dig but I also captured what happens at packet level. Here is the DNS message I received from the authoritative server:

Authoritative server informs the resolver that message is going to be truncated and look what the resolver does in wireshark:

Message number 52 is the truncate message. As soon as it is received by the resolver, it switches to TCP. Isn’t it cool? 🙂 I think with the upcoming EDNS, there will be more cool stuff waiting for us.

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE

You have a feedback?

Discover more from RtoDto.net

Subscribe now to keep reading and get access to the full archive.

Continue reading