First of all I hope the script you showed us wasn't the full script because you're missing some things. If it is, please check out the
LQ FAQ: Security references for pointers to Iptables scripts, especially the .*guru scripts.
I don't know if this will fix your problem or not, but when I was experimenting recently, I found that you need to allow both TCP and UDP for DNS to work..
True, but you're *making* the requests, so that means --state NEW outbound, and --state ESTABLISHED,RELATED inbound. You only need --state NEW inbound if you're hosting a DNS server (say a caching server for your LAN).
Returning to your original question. If something doesn't work the first thing to look for (goes for *everything*) is to check error and debug output. For that Iptables needs "-j LOG" rules before the "decision":
# First rule match, so INPUT will ACCEPT for debugging purposes
$iptables -P INPUT ACCEPT
# Not forwarding for other hosts, so DROP it
$iptables -P FORWARD DROP
# Stating the obvious
$iptables -P OUTPUT ACCEPT
# Not running servers, so DROP that
$iptables -A INPUT -m state --state NEW -j LOG --log-prefix="IN_DROP_SYN "
$iptables -A INPUT -m state --state NEW -j DROP
# Drop these too
$iptables -A INPUT -m state --state INVALID -j LOG --log-prefix="IN_DROP_INV "
$iptables -A INPUT -m state --state INVALID -j DROP
# Responses
$iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
# LOG everything else that doesn't match protocol and state
$iptables -A INPUT -j LOG --log-prefix="IN_DROP_REST "
# Now we got that logged, DROP it like its hot
$iptables -A INPUT -j DROP
Run it for a while and then check your logs for the DROP lines to see which hosts get traffic dropped that *seems* legitimate.