blocking DNS for one program

Is there anyway to allow all DNS queries?
I had no problems for a long time but all of the sudden the firewall started blocking dns for one of my programs, united devices.
I setup as a trusted network and have a network rule for any UDP in/out port 53 for good measure.
I have an application rule for services.exe to allow UDP in/out connections port 53, but I still get

Severity :Medium Reporter :Application Monitor Description: Application Access Denied (services.exe: :dns(53)) ... Protocol: UDP Out Destination:

If I go to Application Behaviour Analysis, and turn off “Monitor DNS Queries” then all DNS is blocked, and I can’t even use a browser.

for now, I’ve just been turning off application monitor temporarily to let it connect.
I guess I could just add an entry in my hosts file for, so it wouldn’t have to query DNS, but I’d like to know what the problem is.

Try dividing the rules: one for IN, other for OUT.
But are you sure it’s services.exe? Not the browser making the queries?