Vulnerability scanners may flag this behavior as an issue

Example vulnerability scanner output:

Your firewall policy seems to allow UDP packets with a specific source port (for example, port 53) to pass through while it blocks UDP packets to the same destination ports but with a random source port.

VMware vSphere ESXi 5.5
VMware vSphere ESXi 6.0
VMware vSphere ESXi 7.0
VMware vSphere ESXi 8.0

This is working as designed, as the ESXi hypervisor utilizes  a stateless rather than a stateful firewall, and behavior expected as per ESXi's DNS client implementation.

The ESXi DNS client uses 'high' ephemeral ports (greater than port 49152) for DNS queries; however, some vulnerability scanners may still flag this behavior as a potential security issue.
To better protect your vSphere environment, you may wish to configure an external firewall to block incoming DNS traffic from ports lower than 49152.
DNS queries may also be further restricted by configuring the allowed IP addresses for DNS communication within the ESXi host firewall. 
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/vsphere-security-8-0.html