Any remote host is free to communicate with you using whichever local port it desires. That being said you could normally consider it awkward for anyone to initiate communications using a local port <= 1024.
However - when receiving UDP traffic, such as DNS, you do not know if this is someone initiating communications or, for instance, just replying to a request from you. A DNS server will respond to your request with a local port number of 53.
Blocking traffic based on source port would not provide you with any kind of security as far as I can see, so I wouldn't bother looking any more into that if I where you.
To answer your DNS question I'd like you to consider an example:
- I want to look at
www.linuxquestions.org, type that in my browser's location bar, push enter and sit back and wait
- My computer asks the DNS server I have configured, say 10.10.10.10: "What IP does
www.linuxquestions.org" have?
- The DNS server 10.10.10.10 then asks one of the root DNS servers (they are preconfigured on the DNS server, as you know, having set up a DNS server): "Who administers the .org domain?"
- The root DNS server says to 10.10.10.10: ".org is administered by 192.5.6.30"
- 10.10.10.10 asks 192.5.6.30: "Who administers the .linuxquestions.org domain?"
- 192.5.6.30 answers to 10.10.10.10: ".linuxquestions.org is administered by 64.65.208.2"
- 10.10.10.10 asks 64.65.208.2: "What IP does
www.linuxquestions.org have?"
- 64.65.208.2 answers to 10.10.10.10: "www.linuxquestions.org is 208.247.106.177"
- 10.10.10.10 answers my computer: "www.linuxquestions.org is 208.247.106.177"
- My computer initiates communications with 208.247.106.177, and so on...
(some parts of this explanation are simplifications, but most of it is accurate). The point is - neither your, nor the root nameservers need to keep data stored in the other partys repository.
And yes, you need to keep udp port 53 open if you want people to be able to ask you for dns information.