> > You're sending queries, not replies.  That's why DPI is needed to
> > do the blocking, rather than just by port.
> What queries are sourced from port 53 nowadays?

I would expect from stubs this will be close enough to zero to be
effectively zero.  At least I would hope so.  I don't have a great
source of insight for a resolver of this type of source data that I
can easily look at the moment, but if someone does I'd be interested
to hear otherwise.

On the authoritative side, which is easier for me to examine however,
when I've looked at this before, and the last time was a year ago it
was about 1% of all queries came from resolvers using source port 53.  I
just now checked another server and the percentage is practically the
same.  Before anyone dismisses 1% of queries as insignificant, keep in
mind that if all remaining queries from all other possible source port
values were equally distributed, that 1% (1 out of 100) is easily more
common than any other.