As @franksmcb mentioned, the dns diagnostic tool is nslookup:
- What is your configured dns server?
$ nslookup
> server
Default server: 8.8.8.8
Address: 8.8.8.8#53
Default server: 8.8.4.4
Address: 8.8.4.4#53
>
- Does it resolve ip addresses to domain names and vice versa?
$nslookup 8.8.8.8
8.8.8.8.in-addr.arpa name = dns.google.
$ nslookup dns.google
Server: 8.8.8.8
Address: 8.8.8.8#53
3. Verify another dns server:
$ nslookup
> server 9.9.9.9
Default server: 9.9.9.9
Address: 9.9.9.9#53
> dns.google.com
Server: 9.9.9.9
Address: 9.9.9.9#53
Non-authoritative answer:
Name: dns.google.com
Address: 216.58.208.46
Name: dns.google.com
Address: 2a00:1450:4001:817::200e
>
Please note, that dns servers are referred to by their ip addresses and not by their domain names.
Next, your firewall has to be configured to allow dns traffic to your preferred dns server, namely: UDP protocol, port 53, ip address of the dns server.
This configuration definitely does not belong to 'Web filtering' section. I am unfamiliar with your firewall and its GUI, but 'Filtering options' and/or 'Network services' look much more appropriate candidates.
Hopefully this will help.