Why Some of the DNS Query from the Edge SWG is over the TCP ?  whereas most of the query is over the UDP

There is no configuration in which we can force the DNS to query over the TCP as mentioned in this article but when the message size exceeds 512 bytes, it will trigger the ‘TC’ bit (Truncation) in DNS to be set, informing the client that the message length has exceeded the allowed size. In these situations, the client needs to re-transmit over TCP for which the size limit is 64000 bytes and usually the DNS query is over the UDP as its always less than 512 bytes.

If the DNS TCP is blocked in network we must allow the TCP DNS port 53. UDP and TCP both uses the same port number.