Why Do Root DNS Servers Return Only 13 IP Addresses? Understanding DNS Packet Limits

DNS Recursive Query Overview

A recursive DNS query first contacts the root name servers, then proceeds to top‑level domains such as .com and .edu. Although root servers store many IPv4 addresses, a single query to a root server returns only 13 IP addresses. To understand why, we need to look at the DNS packet structure and transmission limits.

1. DNS Packet Transmission Limits

The Ethernet maximum transmission unit (MTU) is 1500 bytes. Subtracting the IP header (20 bytes) and the UDP header (8 bytes) leaves 1472 bytes for the DNS payload, but DNS imposes a stricter limit.

DNS primarily uses UDP, which is an unreliable protocol without the timeout and retransmission mechanisms of TCP. To avoid IP fragmentation, UDP services enforce a maximum packet length.

In practice, DNS limits the message size to 512 bytes . This limit originates from the original IP specification, which requires hosts to handle at least 576 bytes; DNS applications therefore cap their payload to 512 bytes to stay safely within that bound.

2. TCP MSS Negotiation (Illustration)

During the TCP three‑way handshake, the MSS (Maximum Segment Size) field in the SYN packet indicates the largest segment the sender can accept. Typically, MSS = MTU - 20 (IP header) - 20 (TCP header). Both ends announce their MSS, and the smaller value is used for the connection, preventing fragmentation.

3. DNS UDP and TCP Transport

DNS can operate over both UDP and TCP. In most captures (e.g., with Wireshark), DNS queries are sent via UDP. An example packet is shown below.

4. DNS Response Fields and Truncation

The Truncated flag in a DNS response indicates whether the reply exceeded the 512‑byte limit. If the flag is set (value 1), only the first 512 bytes are returned, and the client must retry the request over TCP, which adds latency.

When querying root NS records, the 512‑byte limit is only sufficient to include the NS and A records of the 13 root name servers. Therefore, even though more root server addresses exist, a single response can contain at most those 13 IP addresses.

In summary, DNS packet size limits—driven by MTU, UDP constraints, and the historic 512‑byte restriction—explain why a root DNS server returns only 13 IP addresses in a single query.