DNS Transport over TCP - Implementation Requirements
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/entity//" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/entity//Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/entity//)Use the native HTML custom element.
R. Bellis · 2010-08
Abstract
RFC 5966 updates RFC 1123 to mandate that DNS implementations MUST support TCP as a transport for DNS queries and responses, not merely as an optional fallback for responses exceeding 512 bytes. It documents operational scenarios where TCP is required and recommends that firewalls and middleboxes not block DNS over TCP.
Why This RFC Matters
The historical assumption that DNS was UDP-only caused many firewalls and operators to block TCP port 53, breaking large DNS responses (DNSSEC, IPv6 AAAA records, SPF records) that exceed the 512-byte UDP limit. RFC 5966 made TCP support mandatory, paving the way for EDNS(0) buffer sizes, DNS over TLS (RFC 7858), and the larger DNSSEC-signed responses that are now common. Its successor, RFC 7766, further strengthened TCP DNS requirements.