If you have ever wondered why DNS primarily relies on UDP (User Datagram Protocol) instead of other transport protocols like TCP (Transmission Control Protocol), we will explain everything in detail in today’s blog post. So, without any further ado, let’s begin!
The Domain Name System, or shortly DNS, is the internet’s address book, responsible for translating human-friendly domain names (like www.domain.net) into the numerical IP addresses (like 184.108.40.206) that computers use to communicate with each other. It acts as a distributed database, allowing quick and efficient DNS resolution of domain names to IP addresses (IPv4 and IPv6).
Additionally, DNS is a part of the application layer. As you probably know, all application layer protocols require the use of a transport layer protocol like UDP (User Datagram Protocol) and TCP (Transmission Control Protocol). In the case of DNS, it prefers to utilize the not-so-reliable UDP protocol in most cases. Yet, occasionally it uses the more reliable TCP protocol.
Let’s dive deep and explain more about these protocols and when and why the Domain Name System puts them in use.
DNS using UDP and TCP
Both UDP and TCP are protocols used to send packets of data over the internet. They do that on top of the IP protocol, which means that they direct the packets to IP addresses. They are treated very similar on their way from the users’ computers, through the routers and all the way to the end destination.
DNS and TCP
TCP, also known as Transmission Control Protocol, is a widely used transport layer protocol. When you make a request for a website from your browser, it will most probably use exactly TCP protocol to send the data packets to the server. For every request you send (every action you take on the web page like click, sign in, etc.) you will receive TCP packets back.
TCP is orientated to the reliability. All the data sent over TCP is tracked, and no data gets corrupted or lost on the way. The protocol numbers the packets and does error checking by pushing the receiver to confirm that it got the data.
Here are some cases in which DNS utilizes TCP (Transmission Control Protocol):
- Zone Transfer: When a DNS server needs to transfer a complete DNS zone to another server, it typically uses TCP. This ensures the reliable delivery of larger data.
- Large DNS Responses: TCP is used when DNS responses exceed the maximum size supported by UDP, which is 65,535 bytes. This can happen with DNSSEC or large resource records.
- DNS over TCP (DoT) and DNS over TLS (DoT): For enhanced security, DNS can be encrypted using TCP-based protocols like DoT and DoT, protecting against malicious attempts.
- Firewall and Network Restrictions: When firewalls or network policies block UDP, DNS queries and responses are transmitted over TCP.
DNS and UDP
The UDP protocol is all about speed. All those checking of the packets slow down the communication and create latency. By using UDP, the receivers don’t need to confirm the packets; the sender just continues sending without wasting extra time to receive feedback. In this communication, the receivers lose some of the packets, but it doesn’t stop the communication. This makes it perfect for live streaming or online games, even if the connection stops for a bit and the screens of the receivers freeze, in a moment they will receive the next packet, and everything will continue.
DNS primarily uses UDP (User Datagram Protocol) for most of its operations. UDP is chosen for its speed, efficiency, and suitability for small, time-sensitive DNS queries and responses. UDP is used in the following cases:
- Regular DNS queries: When you enter a web address, UDP is used to send the query from your device to a DNS server.
- DNS responses: The DNS server sends the response, including the IP address, back to your device using UDP packets.
- Caching: DNS servers often cache previously resolved queries, allowing for faster responses using UDP without querying authoritative servers again.
- Small data transfers: DNS queries and responses are typically small, fitting well within UDP’s maximum packet size of 65,535 bytes.
- Stateless communication: DNS operates on a stateless model, and UDP’s stateless nature enables the efficient processing of multiple requests together.
Why does DNS prefer UDP?
As you just read, the UDP is unreliable but a lot faster than TCP, but don’t panic just yet. DNS requests are very tiny, so they have no problems fitting into the UDP segments.
It doesn’t use a time-consuming three-way hand-shake procedure to start the data transfer like TCP does. The UDP just transmits the data and saves plenty of time.
UDP can support many more clients at the same time thanks to the lack of connection state. The TCP has Receive and Send buffers, Sequence and Acknowledge Number Parameters and congestion-control parameters.
Don’t think it is so dangerous using UDP, you can add extra protection on the application layer. An application can use it and it can be reliable by using timeouts and resend at the application layer.
In the DNS world, we are trying to cut the resolving time as much as possible. Seconds is an eternity, we want to reduce the time to just a few milliseconds. TCP is more secure, but it just can’t keep up with the UDP, and about protection, there are extra ways of adding it. So, in the end, you get them both – speed and protection.
In conclusion, DNS uses UDP due to its speed, efficiency, and suitability for most DNS operations. UDP allows fast DNS resolution of domain names, quick delivery of DNS queries and responses, and efficient processing of small, time-sensitive data transfers. While TCP is employed in specific cases such as zone transfers, larger responses, and encrypted communication, UDP remains the preferred choice for its lightweight nature and low resource usage. The utilization of UDP in DNS ensures the smooth functioning of the internet, connecting users to their desired websites and services with speed and efficiency.
Hi, I’m Martin Pramatarov. I have two degrees, a Technician of Computer Networks and an MBA (Master of Business Administration). My passion is storytelling, but I can’t hide my nerdish side too. I never forgot my interest in the Hi-tech world. I have 10 years and thousands of articles written about DNS, cloud services, hosting, domain names, cryptocurrencies, hardware, software, AI, and everything in between. I have seen the Digital revolution, the Big migration to the cloud, and I am eager to write about all the exciting new tech trends in the following years. AI and Big Data are here already, and they will completely change the world!
I hope you enjoy my articles and the excellent services of ClouDNS!