DNS needs fucking TCP.

Yes, really. RFC 5966, ยง1:

1. Introduction

 Most DNS [RFC1034] transactions take place over UDP [RFC0768].  TCP
 [RFC0793] is always used for zone transfers and is often used for
 messages whose sizes exceed the DNS protocol's original 512-byte
 limit.

 Section 6.1.3.2 of [RFC1123] states:

   DNS resolvers and recursive servers MUST support UDP, and SHOULD
   support TCP, for sending (non-zone-transfer) queries.

 However, some implementors have taken the text quoted above to mean
 that TCP support is an optional feature of the DNS protocol.

 The majority of DNS server operators already support TCP and the
 default configuration for most software implementations is to support
 TCP.  The primary audience for this document is those implementors
 whose failure to support TCP restricts interoperability and limits
 deployment of new DNS features.

 This document therefore updates the core DNS protocol specifications
 such that support for TCP is henceforth a REQUIRED part of a full DNS
 protocol implementation.

 Whilst this document makes no specific recommendations to operators
 of DNS servers, it should be noted that failure to support TCP (or
 the blocking of DNS over TCP at the network layer) may result in
 resolution failure and/or application-level timeouts.

Continue reading RFC 5966: DNS Transport over TCP - Implementation Requirements.

Copyright © 2013, James Raftery (yousweartoomuch@now.ie).