DNS requests from the WAN interface

I would like to operate a DNS server privately.
I have prepared the correct NAT rule for this. When I do an “nslookup” with “server: x.x.x.x” my public static IP address This test are starts from a other public IP, I always get a timeout and I don’t see any request on the router.
With an NMAP scan, the port UDP 53 is open. What am I doing wrong? When i created a drop rule for destination port 53, the reult from the NMAP scan is the same.
From the LAN network the requests works fine.

THKS

I don’t know what you possibly did wrong with router, but I know what you’re doing wrong now. So far you told us that you added supposedly correct rule, but something doesn’t work. That’s not much to work with. You can try to export your config:

/export file=somename hide-sensitive

and post content of somename.rsc in code tags, then someone will be able to at least check how much correct your rule and other stuff is.