I self-host multiple external services behind my Deco with NAT Port Forwarding, but I recently tried to set up a DNS subdomain and it appears that the Deco is blocking port 53/DNS. I've never had any problem with any other service I've hosted on any other port (80, 443, etc.)

Specifically I'm running a Pi-Hole that I want to add custom local records to. I am able to query these records from a remote host if I forward it from an alternate port (52). But if the forwarding rule is set to forward from external port 53, it's met with timeouts and doesn't respond. Can't even see the packets hitting the DNS server so they're not getting through the router.

I've confirmed with my ISP that they do not block incoming port 53 on my connection.

Is there some settings interfering with this, or how do I make it work?

It looks like there's an internal port 52 DNS running on the Deco that provides LAN/WiFi host lookups on the LAN, and I've confirmed that port 53 (and alternate 52) are open on the external interface per the forwarding config, but the requests just aren't getting forwarded.