TCP vs. UDP in query responses?

Richard Maynard ephur at corp.earthlink.net
Tue Jun 15 00:50:20 UTC 2004


> My understanding is that DNS queries and responses by default use UDP,
> but will switch to TCP if the response record set is large (and TCP is
> used for zone transfers).  Am I correct?

I don't think there is an internal 'switch'. Some programs may be designed
to work that way, but according to the RFC the data size of the UDP packet
can only hit 512bytes. Bind truncates anything over than when responding.
That's why looking at UDP packets coming back, the maximum size is usually
around 517-520bytes, data + overhead. It may also be smaller than the 512
byte limit, but partial records will not be returned. 
 
> If so, what determines when TCP is used vs. UDP?  I have some
> recollection that TCP will be used if the response record set 
> is larger
> than 512 bytes, but I don't remember where I got that from so I don't
> have any confidence that it's right.  :-)

I'm pretty sure each application determines for itself. Most common
unix/windows resolver libraries just use UDP for DNS queries, and retry on
failures. Some libraries will try UDP then TCP. You can force your name
server to always do it's recursive lookups one way over the other, but
that's irrelevant to what the client sees. 
 
> Is this threshold fixed, or will it depend on other factors?

512 bytes is fixed, based on the RFC. There may be software out there that
doesn't behave in accordance with the RFC but in this case bind does exactly
what it needs to. This is, and should be considered a hard limit. Even if
the server was to answer with a larger data set there is no telling what the
client will do with the extra data. 

> I have a remote user (in Norway, I think) having intermittent problems
> resolving a particular name (www.math.arizona.edu, not a large RR
> set), and it *seems* tentatively to be the result of firewall rules
> that permit DNS over UDP but not TCP -- but I can't prove it yet, and
> it doesn't seem intuitive unless there are other factors that I don't
> know about determining the use of TCP vs. UDP.

Again, this really depends on what is doing the lookup. It's possible that
this application first tries a UDP lookup, and on failure will try a slower,
larger, but more reliable TCP query. That could cause failures like you
describe. It could just be an issue of packet loss from point a to point b
given the international connection that the UDP packets may get dropped on a
more than ideal basis. I'm not sure what your situation is, but the remote
user could go with a local caching server that could be forced into UDP
queries only and may be more successful, and aggressive, retrying the
original query before failing.

-- Richard Maynard



More information about the bind-users mailing list