Is this a safe ipfilter rule?

[Luke]

I'm using some rules like the following to allow unrestricted udp traffic 
across my firewall between my system and a set of specific ports on 
specific domain name servers.  This is the scariest of these rules:

pass in quick proto udp from ip.of.remote.DNS/32 port = 53 to any

Is this safe?

According to everything I've read, it's best to have a stateful firewall. 
The examples I've seen do something like:

pass out quick proto udp from my.internal.address.range to any keep state

DNS queries match this rule and add an entry to the state table so that 
the local machine can get the reply back from the DNS without requiring 
any "pass in" rules.

However, I have a problem with that.  I believe (and I'm gathering proof 
right now) that I'm running some heavy-duty filesharing applications that 
are causing ipfilter's state table to fill up.  When this happens, I 
believe DNS queries choke if stateful rules are used.  "named" goes into a 
frenzy of logging "sysquery: no addrs found for root NS 
(H.ROOT-SERVERS.NET)" and proceeds to run the alphabet on the 
ROOT-SERVERS-NET failing on all of them several times per second, 
presumably because the state table is full.  /var/log/messages quickly 
grows to huge sizes, and a denial-of-service situation occurs.

I may be wrong about some of this.  It's a theory I'm trying to prove to 
explain why named goes crazy when my system is under the stress of heavy 
filesharing.

So, to keep named happy and prove my theory one way or the other, I'd like 
to pass all DNS traffic through the firewall without making entries in the 
state table.  I'm trying to accomplish this by setting up rules that are 
as specific as I can be about exactly which IP addresses and ports I want 
to allow free udp communication with, but is this safe?  How difficult 
would it be for someone to forge packets that could get past this rule, 
and if they did, what damage could they do with udp?