There is one important question here, is your Virtualmin server being used as DNS server for your domains?
If so, you will need to have BIND exposed on port 53. The good thing is that Virtualmin automatically sets it up so that it only serves as authorative and not recursive, meaning others can’t use your server for recursion. This is a good thing.
The log entries you see just confirm that your system can’t be exploited in a DNS amplification attack f.ex.
If you are NOT using the system as DNS server for your domains you can just firewall it off and be done with it.