When a client wants to resolve a hostname into an IP address, it sends a DNS query to a DNS server. This is typically done over UDP using port
53. The DNS server then performs the lookup, if possible, and returns an answer. The following diagram illustrates this transaction:
If the query (or, more commonly, the answer) is too large to fit into one UDP packet, then the query can be performed over TCP instead of UDP. In this case, the size of the query is sent over TCP as a 16-bit value, and then the query itself is sent. This is called TCP fallback or DNS transport over TCP. However, UDP works for most cases, and UDP is how DNS is used the vast majority of the time.
It's also important to note that the client must know the IP address of at least one DNS server. If the client doesn't know of any DNS servers, then it has a sort of chicken-and-egg problem. DNS servers are usually provided by your ISP.
The actual UDP data format is simple and follows the same basic format for both...