When does DNS use TCP instead of UDP?
Most of the time, DNS happens over UDP. It's lightweight and faster than TCP. There have been trade-offs as a result of the design decision. It's easier to spoof UDP packets, so you have to worry about things like cache poisoning or DDoS attacks involving forged packet headers.
But nameservers still need to be available on TCP as well as UDP. The following will explain why.
Zone transfers happen over TCP
The AXFR and IXFR methods of transferring updated zone data from the master to its secondaries occur over TCP.
In some cases, when a slave queries the master to check whether an update is required, it may happen over TCP (for example, NSD nameservers do this).
EDNS and large responses
EDNS stands for "extension mechanisms" for DNS, and it specifies methods to enable additional capabilities that were not present in the original DNS specification.
Originally, nameservers expected responses to fit within a 512-byte message, but, as DNS evolved, there became situations...
