Alright, after read the link content several times, I think I understood the point.
In the presented case, he base the iptable rule on DNS Transaction ID, DNS Type, Domain Name and the Flag. In my case, the DNS transaction ID is always different.
Do you think I can build the iptable rule...