Have you
looked at this log you posted?
- There are no pass rules logged, only match and block rules logged.
- All of the block rules logged are for bge1, your external interface, blocked by rule number 14.
As I've posted twice above in this thread, pfctl(8) can show you this rule. I will guess it is a general block.
Also as I've posted above, be very careful with in, out, and on. Your most recent fragment shows DNS traffic is still not permitted to transit your external interface.