Useful information: When does DNS use the TCP protocol and when does it use the UDP protocol?

It is generally acknowledged that DNS occupies both UDP and TCP port 53. This situation where a single application protocol uses two transport protocols at the same time is also an exception in the TCP/IP stack. However, few people know under what circumstances DNS uses these two protocols.

TCP vs UDP

TCP: A connection-oriented protocol that provides reliable data transmission. This protocol is generally used when high quality of service requirements are required.

UDP: User Datagram Protocol is a connectionless transport layer protocol that provides simple, transaction-oriented, unreliable information transmission services.

[[284051]]

Differences between TCP and UDP

The main difference between UDP and TCP protocols is how they achieve reliable delivery of information.

The TCP protocol includes a special delivery guarantee mechanism. When the data receiver receives information from the sender, it will automatically send a confirmation message to the sender. The sender will continue to transmit other information only after receiving the confirmation message, otherwise it will wait until the confirmation message is received.

Unlike TCP, the UDP protocol does not provide a mechanism to guarantee data transmission. If a datagram is lost during the transmission from the sender to the receiver, the protocol itself cannot make any detection or prompt. Therefore, people usually call the UDP protocol an unreliable transmission protocol.

Another difference between UDP and TCP is how to receive multiple bursts of datagrams. Unlike TCP, UDP does not ensure the order in which data is sent and received. In fact, this disorder of UDP rarely occurs, and usually only occurs when the network is very congested.

Since UDP is an unreliable network protocol, what is the value or necessity of using it? Actually, in some cases, the UDP protocol may become very useful because UDP has a speed advantage that TCP cannot match.

Although various security features are built into the TCP protocol, it will take up a lot of system overhead during actual execution, which will undoubtedly seriously affect the speed.

In contrast, UDP eliminates the reliable information delivery mechanism and transfers functions such as security and sorting to upper-layer applications, which greatly reduces the execution time and ensures speed.

DNS uses TCP protocol when performing zone transfers and UDP protocol at other times.

The DNS specification stipulates two types of DNS servers, one is called the primary DNS server and the other is called the secondary DNS server.

In a zone, the primary DNS server reads the DNS data information of the zone from its own local data file, while the secondary DNS server reads the DNS data information of the zone from the primary DNS server of the zone. When a secondary DNS server starts, it needs to communicate with the primary DNS server and load the data information, which is called zone transfer.

Why use both TCP and UDP?

First, let's understand the length limit of TCP and UDP transmission bytes:

The maximum length of a UDP message is 512 bytes, while TCP allows messages to be longer than 512 bytes. When a DNS query exceeds 512 bytes, the TC flag of the protocol will be deleted, and TCP will be used to send it. Usually, traditional UDP messages are not larger than 512 bytes.

When using TCP for zone transfers, there are two main considerations:

• The secondary domain name server will query the primary domain name server regularly (usually every 3 hours) to find out if the data has changed. If there is a change, a zone transfer will be performed to synchronize the data. Zone transfer will use TCP instead of UDP because the amount of data transmitted by data synchronization is much larger than the amount of data in a request and response.
• TCP is a reliable connection that guarantees the accuracy of data.

Use UDP protocol when resolving domain names

When a client queries a DNS server for a domain name, the returned content generally does not exceed 512 bytes and can be transmitted using UDP. This eliminates the need for a TCP three-way handshake, which reduces the load on the DNS server and allows for faster responses.

Although in theory, the client can also specify to use TCP when querying the DNS server, in fact, many DNS servers only support UDP query packets when configured.