DNS Access  

---

 
Here we give the Internet DNS access (strictly 53/UDP) to our Nameserver.  Notice how the source is everything but the internal network (use of negation).  We do not want our internal network using this DNS server, as they will be using the internal DNS server.  Notice how this rule goes before the Internal Outbound rule.  Also, notice how we chose not to log this traffic.  Logging these sessions will quickly fill up your firewall logs, while providing little information (in my opinion). You may or may not want to log these sessions, that is up to you.