When does DNS use TCP / UDP?
This is an age-old interview question. A general answer is DNS uses TCP for Zone transfer and UDP for name queries.
But letʼs try to answer why is that? TCP is a connection-oriented protocol whereas UDP is a connection-less protocol. TCP requires the data to be consistent at the destination and UDP does not require the data to be consistent or does not need to establish the connection with the host for data accuracy. But it doesnʼt end there.
UDP packets are smaller in size. So any application needs data to be transferred greater than 512 bytes uses TCP. It leaves a question, what about TXT record queries where it could be longer than 512 bytes?
That leaves to rethink and go to the details of UDP protocols. Are there any restrictions in UDP protocols whether it can receive only 512 bytes? No, I donʼt know of one. In fact, it is restricted by the underlying IP protocol and IPv4 allows a maximum of 65536 bytes. So where did that 512 bytes limit come from then?
It is not a restriction of UDP protocol,. instead imposed limits of DNS RFC. RFC says
“Messages sent using UDP user server port 53 (decimal). Messages carried by UDP are restricted to 512 bytes (not counting the IP or UDP headers). Longer messages are truncated and the TC bit is set in the header. UDP is not acceptable for zone transfers but is the recommended method for standard queries on the Internet. Queries sent using UDP may be lost, and hence a retransmission strategy is required. Queries or their responses may be reordered by the network, or by processing in name servers, so resolvers should not depend on them being returned in order.”
So, the DNS messages cannot exceed 512 bytes and when that happens, the DNS server truncates the data and only send 512 bytes with a TRUNCATED BIT set in the header.
When the DNS client sees this TRUNCATED BIT, it comes to know that the data is more than 512 bytes which can not be received using UDP. Then, it switches over to TCP and sends the same request on TCP.