UDP or TCP?

Hello. In my infrastructure, all hosts always had most ports blocked by the firewall, and only the necessary ones open.
This always included my drilling a hole for UDP on port 53 to my on-premise DNS forwarding server.
Now, some hosts got upgraded to a newer Windows Server, and I can see them logging blocked access to that same DNS server but on TCP port 52. The EXE that tries is svchost.
Has Windows Server switched from UDP DNS to TCP DNS? Or does it use both?
Basically trying to figure out whether I should drill another hole in the firewall or safely ignore those failures.

Is that TCP port 52 a typo. When a DNS server response is greater in size than the maximum size for a UDP packet the client will have to repeat its query using TCP. Windows servers always uses TCP for LDAP and zone transfers

DNS has used both UDP and TCP 53 for well over a decade now.

More than three and a half decades.
https://www.ietf.org/rfc/rfc1035.txt

In reply to a post by guku:

Now, some hosts got upgraded to a newer Windows Server, and I can see them logging blocked access to that same DNS server but on TCP port 52. The EXE that tries is svchost.

Most system things are inside svchost, you can use this command to see what services are running irom svchost:
tasklist /svc /fi "imagename eq svchost.exe"

If you are using ActiveDirectory Domain Services then there are quite a few ports to open between your workstations and servers. “Drill a hole” may not be accurate, as any decent firewall device will let you select the originating IP range, so you can tie it down to the subnet of your workstations.

https://learn.microsoft.com/en-us/answers/questions/...