DNS resolving takes seconds, caching does not work

[zuse]

Hi,
I ran into a series of strange problems with the DNS resolver and the firewall. DNS queries take ~5 sec to resolve and it seems like the caching does not work since the same query issued immediately after takes 5 secs again. When querying 8.8.8.8 directly, the query only takes 53 msec.
Then I took a look in the firewall log and saw these very strange packets on my WAN interface:
pass - wan(OUT) - from: 79.221.XXX.XXX:31056 - to: 10.4.0.1:53 - UDP
Neither do I use the destination IP range 10.4.0.0/16 anywhere on my internal net, nor did I specify it anywhere to be used for DNS lookups. Furthermore have I enabled to block bogons on my WAN interface and I have in addition setup custom quick rules to block martian packets on WAN - including 10.0.0.0/8. When I clicked the pass button to find out what rule allowed the packet to pass it says:
@93 pass out log inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself"
Apart from that this rule is for inet6 and the packet in question was a IPv4 packet, I cannot find the location where this rule is defined.

Some additional information:
running 16.7.13 with the latest updates installed
using the DNS resolver from the Services tab (unbound 1.5.7)

Thanks

[bartjsmit]

Are you allowing both 53 TCP and UDP? Many queries require TCP due to maximum payload size, especially IPv6 related queries.

Bart...

[zuse]

yes I do. Doing lookups using drill and 8.8.8.8 as NS on the firewall resolves immediately.