Firewall/Filter/PSD recognize DNS answers as UDP scan?

When I set a filter rule with psd=20,3s,3,1 my DNS servers soon get blocked. When I enable psd only for TCP traffic all is ok.

Any ideas?

DNS primarily uses UDP… so, when you change it to TCP only, then it won’t catch DNS. What is your question exactly?