I. DNS packets
It is mainly used to view the Flag Fields in the DNS packet header.
[QR] [opcode] [AA] [TC] [RD] [RA] [(zone)] [rcode]
When the client sends a DNS query request, when the TC (delete flag) bit in the response packet received from the server is set to 1, the total response length exceeds 512 bytes, only the first 512 bytes are returned. In this case, DNS needs to resend the original query request using TCP. Because in UDP applications, the application is limited to 512 bytes or smaller, so the DNS packet passing through the data stream can only be 512 bytes, TCP can divide user data streams into some packet segments, so TCP can use multiple packet segments to transmit data streams that exceed 512 bytes or data streams of any length.
II. Application Perspective
The primary and secondary DNS name servers use the TCP protocol in the same step. The secondary name server generally initiates a query to the primary name server every three hours to check whether there are any new record changes on the primary server. If there are any changes, a regional transfer will be executed, and the regional transfer will use the TCP protocol. TCP is used for regional transmission, and UDP is used for others.
What is regional transmission?
The dns specification specifies two types of dns servers, one is the primary dns server and the other is the secondary dns server. In a zone, the primary dns server reads the dns data from the local data file, while the secondary dns server reads the dns data from the authoritative dns server. When a secondary dns server is started, it needs to communicate with the primary dns server and load data information, which is called zone transfer ).
Generally speaking, TCP is used for transmission between DNS servers, while UDP is used for transmission between the client and DNS server.
From BLOG 19001989