Allow DNS on Orange?


I have one virtualisation host in my DMZ/Orange subnet.
I saw the default firewall policys in the Wiki and it says that machines in the DMZ do not have DHCP or DNS by default.

Now my question(s):

  • Is it a good idea to allow machines in Orange to use the IPFire as DNS?
    (Would this be bad for security? I guess not?)
    Would be good if I can mange my DNS server in one central place.
  • How would I do that? How would the rule look?
    Here my guess:
    From: default network orange
    To: Firewall orange
    Protocol: Service Group with TCP+UDP for port 53+853
    Is that correct?

Thank you very much!