You should read serpent’s suggestions more carefully:
To assign PIDs to IP-packets is one thing. Modifying DNS request is another.
To modify DNS requests you don’t need his TDI filter. This for keeping track of connections/PIDs only.
If you want to develop a “Personal Firewall” you need two drivers:
1. NDIS filter doing the main tasks: Block/Allow ether-packets…Reading/modifying the packets by parsing the underlaying services (e.g. http, dns)
2. TDI filter for keeping track of local connections and processes.