IDS Alert to unauthorized DNS Server

[andrewoliv]

I keep getting this alert in my IDS:

Dest IP.             Port  Rule Message     
156.154.67.196   53   ET INFO Observed DNS Query to .biz TLD

I have rules in my firewall preventing external DNS queries yet this keeps getting through.  The rules are applied on all 3 LAN Ports and not on the WAN port.

I checked the IP address its a DNS server with no indications of having a bad reputation.  Is it possible the OPNSense firewall is sending random DNS Requests? I have no other explanation for this. I have watched the live firewall logs and may rules appear to be working.

Any information on this would be helpful