I noticed in many of the videos which show DNS firewall rules, that the Allow rule Destination is set to LAN net and that both the Allow and Deny rule are UDP only. For example, see “How To Setup VLANS With pfsense & UniFI. Also how to build for firewall rules for VLANS in pfsense” around timestamp 7:00
I’ve also seen the DNS firewall rules with Allow Destination → LAN Address and both on TCP/UDP:
In what situations is it best to use the first set over the second set and vice versa?