It seems likely to me that the issue you’re experiencing may be related to the VoIP system needing to access a specific DNS server. The current port forwarding rule for port 53 could be causing resolution failures, which in turn lead to intermittent communication issues with your VoIP system.
One way to address this problem is to determine the specific address resolution that is failing and then set up a DNS forwarding rule in IPFire. This rule I think would direct requests for that specific domain to the correct DNS server, bypassing the general rule that forwards all DNS requests to the firewall.
This approach would allow your VoIP system to correctly resolve the necessary addresses and at the same time maintain the DNS redirection rule.
[edit] The post here is wrong. See the following answers as to why that is.[/edit]There seems to be another oddity - at least for me. Your rule has the firewall as the destination. So traffic ends there. If that is correct I wonder what NAT is doing there? Since technically you‘re not leaving your subnet there is no reason to NAT the traffic. If you intend to allow DNS to go outside RED you need to set the destination to ZONE:RED not the firewall interface. But maybe I just misread your config from your description.
@dal8moc That rule is designed to redirect DNS traffic. Any requests intended for a DNS server (via port 53) are redirected to the Unbound DNS resolver. Unbound then processes these requests and returns the requested information.
Ah thanks. I wrongly assumed that NAT isn‘t needed there. And of course I‘ve got the same rule here….without problems with a telekom magenta SIP system (yealink w70b)