Here's a preview from my zine, How DNS Works! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!
read the transcript!
If you manage servers, sometimes DNS just breaks for no obvious reason
Illustration of a smiling stick figure with curly hair.
person: TCP DNS is an uncommon but VERY annoying cause of DNS problems! Let’s learn about it!
DNS queries can use either UDP or TCP
A UDP DNS response has to be less than 4096 bytes. UDP is the default.
TCP can send an unlimited amount of data. It’s only used when UDP wouldn’t work.
large DNS responses automatically use TCP
speech bubble 1: here’s a UDP DNS query!
speech bubble 2: sorry, my response is too big to fit in a UDP packet! get the rest with TCP!
what’s in a giant DNS response?
person: I’ve seen responses with hundreds of internal server IP addresses (for example when using Consul)
how not supporting TCP DNS can ruin your day
- your server is happily making UDP DNS queries
- one day, the responses get bigger and switch to TCP
- oh no! the queries fail!
2 reasons TCP DNS might not work
- some DNS libraries (like musl’s getaddrinfo) don’t support TCP. This is why DNS sometimes breaks in Alpine Linux.
- it could be blocked by your firewall. You should open both UDP port 53 and TCP port 53.
Saturday Morning Comics!
Want another comic like this in your email every Saturday? Sign up here!
