Prevent Public DNS?

[GhostNetwork]

I ran a shodan.io search on my public ip and found that it shows ports 53 for TCP and UDP are open or showing. I am using DOT, and have 2 firewall rules blocking in and out traffic for unencrypted DNS on 53. I wanted to be able to not have that showing on shodan.io. When i tried to choose specific interfaces like LAN on my GUI for unbound, unbound would not start back up once it restarted. It just crashed and I lost DNS for my network. the same would happen if i chose any other options. the only way to get DNS working again is if i unchecked all the options so it said All (Recommended). How can i make it to where I don't show up on shodan.io or other sites like this. I didn't notice it until recently and idk how long it has been like that because i checked shodan.io around a month and a half ago. Thank you guys in advance. P.S., I sincerely love OPNsense. My bestfriend told me about it because i was complaining about my last router from century link (have changed isp and from DSL to fiber since then) and also started a decent home lab with a Proxmox cluster of 3, a standalone DellR630 Proxmox node, TrueNAS Scale server and a bunch of vms and lxc like pihole. Pihole is using unbound as its dns and has been working great. This issue with shodan.io showing my DNS ports is the only thing i have come across i didn't like. You guys are awesome! also so is mimugmail is doing some awesome and amazing things! Huge Props!!

[Patrick M. Hausen]

Please show the firewall rules for WAN and Floating.

[verfluchten]

Can you resolve names if you set your external IP as nameserver? If you can, you have a problem to solve. If you cannot then you do not. You have to be o/s of your LAN for this.
idk how shodan.io makes its determination, but they could be simply detecting that you do not drop their packets.