@iptvcld what? Just set your rule to only allow access to lan address 53 tcp/udp.. Now anything on the lan can use this pfsense for dns. Or set it to allow any for dns.. But if nvidia wasn't using pfsense for dns then your rule would of worked allowing it out the pppoe.
Dns server doesn't block anything... So nvidia asks dns hey whats the IP for www.something.com, oh its 1.2.3.4 makes a connection to 1.2.3.4 on whatever port it was wanting to make a connection on.
Pfsense say oh nvidia IP your trying to go to something.. Here go out this gateway to get there..
If your pppoe is down, that rule wouldn't be there.. See the post about checking that box when your gateway is down.
This next rules say oh hey nvidia your trying to go to 1.2.3.4, sorry this rule says to block you.
Dns only part was letting nvidia know the IP address for www.something.com
Remember rules are evaluated top down, first rule to trigger wins, no other rules are evaluated.