Can I get an explanation as to where the information after "query from", such as an IPv4 or IPv6 address, when the dns topic under logging is configured and on, and if it is potentially different with a UDP query versus a TCP query?

An example from a log entry where "DNS" was added as a prefix is "DNS: query from 192.168.88.197: #5194 edge.microsoft.com. A".

I ask because it does not appear necessarily to be the same as the "Src. Address" in either /ip firewall raw or /ip firewall filter rules because right now on one of my routers when I am only allowing TCP port 53 and UDP port 53 input from the LAN side, and I have also matched that the "Src. Address" must be within 192.168.88.0/24 so what I am observing doesn't appear to be a situation where a client if spoofing the souce IP address but perhaps sending a packet that includes information about an alleged source IP that might be where this "query from" information is coming from.