>DNS primarily goes over UDP. You need to open up udp/53. Again, I opened up both TCP and UDP ports, but the effect was the same.
In any case, refer back to the original posting - the blocked packet from the tcpdump shown is clearly of a TCP packet (it would say "UDP" at the end otherwise). the first question still stands...
