DNS over UDP and TCP

UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) are two common protocols for sending data across the Internet. Conforming DNS servers will respond to both TCP and UDP requests on port 53, which has been explicitly allocated for DNS traffic.

The same responses should be returned, regardless of the transport being used.

Sending queries over UDP #

Using the UDP transport is the default behaviour.

Sending queries over TCP #

To send packets over TCP, instead of UDP, pass the -T or --tcp command-line options.

Automatic protocol switching #

One downside of using UDP is that its packets are limited to 4,096 bytes. This is not usually a problem, as a normal response will be hundreds of bytes at most. However, large responses, such as those containing multiple DNSSEC keys, will reach the limit and will not be able to be sent over UDP.

By default, dog will detect if this is happening — a DNS server will send an error response indicating the payload is too large — and will automatically re-send the query using TCP if it’s too big for UDP.

To disable this behaviour, explicitly pass the -U or --udp command-line options. This will treat the error response like any other error, and will not re-send the query using TCP.