By default, Domain Name System (DNS)[1] uses UDP on port 53 because it's stateless and super fast, good for a tiny request asking for an IP address. However, UDP has a packet size limit (512 bytes).
If a DNS server needs to send a response larger than that (IPv6 addresses and DNSSEC security signatures), it will send a truncated UDP packet with a special TC[2] (Truncated) flag set. The client sees TC flag and immediately opens a TCP connection on port 53 to download the full, larger payload.
TCP is also used for zone transfers when DNS servers sync their databases with each other.
More reading: