DNS uses UDP or TCP?

As you know DNS uses UDP primarily as its transport layer protocol to communicate but for zone transfers (opcode AXFR,IXFR) it also uses TCP. There is one more indeed! DNS messages are restricted to 512 bytes and according to RFC 1035 (one of my favorites by the way), longer messages are truncated and TC bit is set in the header. In order to see this in real life, I just set more than 700 A type resource records in my zone and sent a standard query via dig command:

the message above is immediate reaction of dig but I also captured what happens at packet level. Here is the DNS message I received from the authoritative server:

Authoritative server informs the resolver that message is going to be truncated and look what the resolver does in wireshark:

Message number 52 is the truncate message. As soon as it is received by the resolver, it switches to TCP. Isn’t it cool? 🙂 I think with the upcoming EDNS, there will be more cool stuff waiting for us.

You have a feedback?