Why is UDP used for DNS instead of TCP? Isn't TCP supposed to be more reliable (<i>lossless</i>)? Reliability would appear to be of utmost importance in DNS, no?
Why are there so few DDOS attacks on DNS servers? From my understanding, it is trivial to forge a UDP packet with a false IP address. Wouldn't it be extremely effective for even a few thousand zombie machines to spam forged DNS requests to overload a DNS server? Given that the root DNS servers are such obvious targets, why are there so few attacks on them?