dns and iptables

I recently fall again over the following statement:
$$code(lang=shell)
iptables -I INPUT -p udp –sport 53 -j ACCEPT
$$/code
We all know that this is a compromise. Also working and much better is to get dns with a state match through your firewall:
$$code(lang=shell)
iptables -I INPUT -p udp -m state –state ESTABLISHED –sport 53 -j ACCEPT
$$/code
whith this little trick UDP is not so wide open as before. I would guess that you can still pass through many firewalls on UDP just by setting your source port to 53.