As of today, nethesis is doing fine, but we feel surrounded by the corona virus, every day we discover that at least one more person we know is sick (and many hospitalized).
Never tried, but I think that you may need a single line in `/etc/shorewall/rules:
DNAT loc loc:x.y.z.w:53 udp 53
where x.y.z.w is the IP of the pihole.