On 17 Oct 2016, at 9:04, Antony Stone wrote:

DNS runs over UDP, not TCP.


True AND false.

Most DNS queries can be answered in a single UDP packet and so most queries are tried over UDP first. Traditionally, DNS answers over UDP were limited to 512 bytes, although modern extensions typically allow responses that fill a traditional Ethernet frame (1500 bytes, possibly reduced by intermediary VLAN tags or other constraints). Some answers are too long for whatever limit is in effect and so are sent in truncated form with the DNS 'truncated' flag set. Usually a client will then retry the query via TCP to get a complete reliable answer. In addition, all zone transfers are done over TCP.

A DNS server that does not speak TCP is not a complete DNS server. It may be adequate for purpose (a DNSBL may never have any answer larger than 512 bytes, for example) but that's a different thing.

Reply via email to