“DNS 也使用 TCP 端口 53 吗?如果是,那么在什么情况下”
答案1
当响应超过最大大小时,它被用作重试 - 如果不支持 EDNS,则尤其相关。
答案2
DNS 查询由来自客户端的单个 UDP 请求和来自服务器的单个 UDP 回复组成。当响应数据大小超过 512 字节或用于区域传输等任务时,使用传输控制协议 (TCP)。
Most DNS [RFC1034] transactions take place over UDP [RFC768]. TCP
[RFC793] is always used for full zone transfers (using AXFR) and is
often used for messages whose sizes exceed the DNS protocol's
original 512-byte limit. The growing deployment of DNS Security
(DNSSEC) and IPv6 has increased response sizes and therefore the use
of TCP. The need for increased TCP use has also been driven by the
protection it provides against address spoofing and therefore
exploitation of DNS in reflection/amplification attacks. It is now
widely used in Response Rate Limiting [RRL1] [RRL2]. Additionally,
recent work on DNS privacy solutions such as [DNS-over-TLS] is
another motivation to revisit DNS-over-TCP requirements.
参考:DNS RFC