Just because port 53 doesn't report as open, it doesn't mean that DNS requests to your IP address are rejected. I previously did a port scan across all common ports against my router. Nothing showed as open.
If you can, get someone to run a terminal command nslookup using the format
nslookup URL (eg bbc.co.uk) your_IP_address
If you get any response, your router is still processing DNS requests on port 53. You can do it from your own network, but, that may not be conclusive. If you do get a response, turn off every device on your network so only the router is running and redo the nslookup. That will prove you don't have any internal devices running a DNS service. I also logged into my router using SSH and showed that the linux OS was listening to port 53 on my WAN IP address. dnsmasq is the process that runs DNS on may systems. That had a major vulnerability problem in 2021. In theory, that has been fixed on the version of firmware I have, but, two other major vulnerabilities still exist. The vendor has been somewhat less than interested in either accepting the problem or doing something about it. I have passed the information onto a personal contact at GCHQ. Having vendors put product out that can be compromised on a large scale is something I think they may take an interest in. I also expect that VM are passing on the details of their testing although they would never admit it.