We recently ran into a problem where a DNS query was failing because the response was too large. The maximum size of a DNS response that can be sent over UDP (User Datagram Protocol) is 512 bytes. This is because the original DNS protocol was designed to fit within a single UDP datagram of this size. However, modern DNS implementations often support an extension called EDNS0 (Extension Mechanisms for DNS 0) that allows for larger DNS messages. The problem that we ran into was that our platform didn’t support DNS over TCP!

If a DNS response exceeds the 512-byte limit, the DNS server will set the “truncated” (TC) bit in the response message header and indicate that the client should retry the request using TCP (Transmission Control Protocol). TCP is a reliable, connection-oriented protocol that can handle larger data payloads than UDP.

In practice, most DNS queries and responses fit within the 512-byte limit, and TCP is rarely used for DNS traffic. However, certain DNS applications, such as DNSSEC (DNS Security Extensions) and large DNS zone transfers, may require the use of TCP due to the size of the response data.