Getty Images/iStockphoto
Why does DNS use TCP Port 53 and UDP Port 53?
DNS uses both TCP and UDP ports to maintain consistent and reliable network performance. TCP provides zone transfers, while UDP handles name resolution queries and responses.
When managing network ports, most network pros assume communications use specific transport layer protocols: TCP or User Datagram Protocol. However, DNS is a relatively complex service with many levels of interaction, using both TCP and UDP for different tasks.
Many sources refer to both TCP and UDP Ports 53, such as DNS documentation or DNS services configuration for networks. Why does DNS use these two different transport layer protocols?
To understand how DNS uses TCP Port 53 and UDP Port 53, pros must review the differences between the two transport layer protocols and examine how ports work.
Review transport layer protocols
Transport layer protocols deal with reliable communications. TCP and UDP exist at the transport layer of the TCP/IP stack. Their role is to govern network communications, both connection and connectionless.
The application layer resides above the transport layer and is associated with specific application protocols. It identifies these applications by port number.
TCP
TCP is connection-oriented, also known as stateful. It establishes a relationship between the source and destination nodes to manage packet exchanges. TCP is reliable because this relationship enables it to detect lost or otherwise missing packets and request a retransmission.
TCP guarantees that everything sent is received. If a packet isn't received, TCP requests a resend of the missing content. However, this reliability comes at a cost. TCP packets have larger headers, which generate overhead when establishing the connection and ensuring all content arrives. This level of reliability is critical for many kinds of network communications.
The following three terms describe TCP:
- Connective.
- Stateful.
- Reliable.
Protocols that rely on connection-oriented TCP communications are SMTP and HTTP.
UDP
UDP is a best-effort protocol. It sends data on the network without maintaining a connection that ensures total delivery of information.
Modern networks and protocols are relatively reliable, so most data arrives at its destination. UDP is significantly faster than TCP, making it useful for network programs that require quick communication.
The following three terms describe UDP:
- Connectionless.
- Stateless.
- Unreliable.
The Trivial File Transfer Protocol uses UDP's connectionless communications.
Port review
People rely on easy-to-remember names, but computers need difficult-to-remember numbers. Various numbers represent common application layer protocols. For example, HTTP uses Port 80 while HTTPS uses Port 443.
These port numbers are often useful for troubleshooting, configuring packet filters or firewalls. They might even appear in log files for network services.
The following are some common ports, their related transport layer protocol and their service name:
- 22/TCP. Secure Shell.
- 67/UDP and 68/UDP. Dynamic Host Configuration Protocol (DHCP).
- 69/UDP. Trivial File Transfer Protocol.
- 80/TCP. HTTP.
- 443/TCP. HTTPS.
- 123/UDP. Network Time Protocol.
- 445/TCP. Server Message Block.
- 3389/TCP. Remote Desktop Protocol.
DNS uses Port 53 and stands out because it uses both Ports 53/TCP and 53/UDP. DHCP is another unique case that also uses TCP and UDP ports.
When does DNS use UDP and TCP?
DNS uses UDP for name resolution queries and responses. DNS zone transfers use the more reliable TCP connections. However, there are some exceptions to these two practices.
DNS and UDP
DNS servers retain a database of names and IP addresses. DNS receives queries from client devices when a user specifies a network resource by name. However, the system requires an IP address for the packet header.
For example, if you type ping server42, the system must query DNS for the IP of server42.
These queries are typically small and fast. If the client doesn't receive a response, it resends the query, so reliability isn't an issue. UDP is great for this sort of communication.
DNS and TCP
DNS service is unreliable if only one server houses a copy of the name resolution database. Most networks have a minimum of two DNS servers for this exact reason. But sometimes, a client updates its name and IP address information. If this new information is on one of these servers, the other server receives it via a zone transfer.
Zone transfers replicate changes to DNS information between two or more DNS servers. These changes are usually quite small, but it's possible larger full-zone transfers might be necessary. Using TCP is necessary for these large transfers. TCP's reliability is also crucial to these transfers, so keeping the zones current is critical.
Query sizes might force TCP use
UDP has one other constraint that affects its use with DNS: It is limited to 512 bytes. That's not a problem for most queries or responses, but some might exceed the cap. DNS uses TCP to communicate in those cases.
Various modern technologies also require TCP. Examples include the following:
- DNS security extensions (DNSSEC).
- DNS over TLS.
- IPv6.
- Antispam methods.
Watch for TCP Port 53 use to grow
With the advantages of both protocols, it's clear why network documentation calls for both 53/TCP and 53/UDP management when dealing with DNS. Standard queries rely on UDP communication, while zone transfers or more complex queries use TCP. As such, configure packet filters and firewalls to permit traffic on both protocols for full DNS functionality.
Watch for TCP Port 53 to become a more common way of carrying name resolution queries and responses, however, as security measures like DNSSEC and DNS over TLS become more popular.
Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to TechTarget Editorial, The New Stack and CompTIA Blogs.
