DNS communication basically happens over both main Internet transport layers: UDP and TCP. DNS communication over both TCP and UDP uses port 53.

UDP is used for normal DNS operation (as outlined in the DNS overview): clients sending queries to caching DNS servers, and caching DNS servers sending queries to authoritative DNS servers. UDP messages have a size limit of 512 bytes, so when a message doesn’t fit in an UDP message, it is sent over TCP.

TCP is also used for control messages between DNS servers, as outlined in Authoritative DNS: both zone transfers and DNS update messages are commonly sent over TCP because it is more reliable.

There is a separate document with details about the different kinds of DNS messages.

In practice, this means both authoritative and caching DNS servers should listen to both TCP and UDP interfaces. Since normal DNS messages being too large to fit in a single UDP packet is a pretty rare event, you can probably get away with listening to UDP only if you run a caching DNS server, or if your DNS server doesn’t use zone transfers or DNS update to communicate with other servers.

It is always important though that if you run a DNS server behind a firewall, you should forward both UDP and TCP port 53 to the DNS server.