Yes -- "DNS uses TCP when the size of the request or the response is greater than a single packet such as with responses that have many records or many IPv6 responses or most DNSSEC responses." [1]

1. https://serverfault.com/questions/404840/when-do-dns-queries...

Yes TCP DNS has been a thing since forever. All the main DNS providers support it. But as it’s unencrypted it’s still subject to MITM attacks.

Not really, since you need to guess a lot of things correctly to spoof a TCP handshake.

Address spoofing and a full MITM are two very different threat models.

You can't in the same way, right? It seems all DNS amplification attacks use UDP.