This is added to not VPN the DNS service on 131.174.117.20. From the DHCP lease
of tap0 we can see that this VPN service does not provide a DNS server. So, if
we don't allow the other name server (if this rule were not there), we cannot
resolve any hostnames. However, there are VPNs that do have a DNS service (see 
http://security.stackexchange.com/a/13907/21287)