DNS Access
Here we give the Internet DNS access (strictly 53/UDP) to our Nameserver.
Notice how the source is everything but the internal network
(use of negation). We do not want our internal network using this
DNS server, as they will be using the internal DNS server. Notice
how this rule goes before the Internal
Outbound rule. Also, notice how we chose not to log this traffic.
Logging these sessions will quickly fill up your firewall logs, while
providing little information (in my opinion). You may or may not want to log
these sessions, that is up to you.