A reminder to readers, most of these blog posts are to remind me what I have done or fixed some problems. What works for me may not work for you. Most of the time, they aren’t even the best practice.
Here’s a snippet of the PF firewall rule on my FreeBSD box which acts as a DNS server. Basically, the firewall opens up UDP port 53 to allow LAN access it.
ext_if = "ue0" ... pass in on $ext_if proto udp from 192.168.1.0/24 to any port 53 keep state
Reference: IPFW rules for DNS Resolvers