LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is UDP, and why do DHCP and DNS build on it instead of TCP?

UDP (User Datagram Protocol) is the minimal Layer 4 transport: on top of IP it adds only source/destination ports, a length field, and a checksum — but still no handshake, no ordering, and no retransmission. DHCP and DNS use it because they need a quick, single-shot request/reply, not a reliable byte stream.

UDP datagram header showing source port, destination port, length and checksum fields.

* UDP's minimal header — ports, length and checksum. — DnaX, CC BY-SA 4.0, via Wikimedia Commons. *

What UDP adds over raw IP:

  • Source & destination ports — so multiple apps share one IP (same idea as TCP)
  • A length field — the size of the header plus payload
  • A checksum — an integrity check over the header, payload, and a pseudo-header of the IP addresses
  • That's essentially it. UDP is a thin wrapper: an 8-byte header (source port, dest port, length, checksum) and nothing more — no connection state, ordering, or retransmission

What UDP deliberately leaves out:

Missing feature Consequence
No handshake Just send — no connection setup round-trip
No sequence numbers Datagrams can arrive out of order
No acknowledgments Lost datagrams are simply lost (the app must retry if it cares)
No flow/congestion control Sender can overrun a slow receiver

Why DHCP and DNS pick UDP:

  • DHCP runs before the client even has an IP — a TCP handshake (which needs both sides addressable) is impossible at that point. A broadcast UDP datagram is the only option.
  • DNS queries are tiny and self-contained: one question, one answer. Setting up and tearing down a TCP connection for a single small lookup would cost more round-trips than the lookup itself.
  • Both protocols handle their own retransmission at the application level, so they don't need TCP's reliability machinery.

The trade-off: UDP's lack of connection state is also what makes DNS spoofing and DHCP rogue-server attacks easy — there's no handshake to prove the responder is legitimate.

Tip: Whenever you see a protocol that is "ask once, get one small answer" or "real-time, loss-tolerant" (DNS, DHCP, NTP, VoIP, online gaming), suspect UDP. Anything that needs an ordered, complete byte stream (HTTP, SSH, FTP, email) uses TCP.

Go deeper:

From Quiz: INTROL / Protocol Analysis | Updated: Jul 14, 2026