Re: DNS uses UDP
Not necessarily, a number of vendors default max UDP size is 1500, you have to explicitly bump it up to 4096 to take full advantage of EDNS0.
4 publicly visible posts • joined 29 Jul 2013
Not true, where possible DNS will attempt to respond using UDP, and it certainly wouldn't send a TCP response to a UDP query.
DNSSEC requires the use of EDNS0 which can expand the UDP packet size to 4096 bytes, and will negotiate the maximum packet size with the client (firewalls usually choke on these large packets so they have to work out what is the largest size that can be used). Only if the full response is too large to fit in the negotiated size will it set the TC flag indicating to the client to requery using TCP if they want the full response.