In the firewall configuration I inherited, I see the firewall allows inbound DNS packets when coming from a designated external DNS server, for example:
access-list 101 permit udp host 220.127.116.11 eq domain host <myNetOutsideAddress>
Is it necessary or desirable to do this? If this were TCP I think the answer would be "no" since DNS is a connectionless protocol, but for udp I am unsure.
My network has an internal DNS server for internal name lookup, but the internal names are not usable nor intended to be used from outside.
No - this will allow any "un-triggered/un-requested" DNS updates to be sent to your DNS server.
If any clients on your "inside" need to resolve, as long as you are not blocking inside<>outside then the DNS reply that was initiated from the inside will be dynamically allowed thru.