Strangely unapproved queries

[furio ercolessi]

Hello all,

I run BIND 8.1.2 and I limited generic queries to hosts in my network:

allow-query { 127.0.0.1/32; 147.123.0.0/16; };

but of course with exceptions for all the zone I am authoritative for,
and in particular
zone "123.147.in-addr.arpa" { type master; file "[...]"; allow-query {
any; }; };
This is a standard setup and it works as expected.

However, I am puzzled by the observation that a few queries for
123.147.in-addr.arpa
are being refused:
Jul 10 00:26:02 up named[3075]: unapproved query from
[206.184.139.150].1024 for "132.25.123.147.in-addr.arpa"
Jul 10 00:56:52 up named[3075]: unapproved query from
[206.184.139.145].1024 for "111.1.123.147.in-addr.arpa"
Jul 10 01:19:10 up named[3075]: unapproved query from
[206.184.139.142].1024 for "18.8.123.147.in-addr.arpa"
Jul 10 01:36:04 up named[3075]: unapproved query from
[206.184.139.134].1024 for "18.8.123.147.in-addr.arpa"
Jul 10 01:55:25 up named[3075]: unapproved query from
[206.184.139.13].2693 for "111.1.123.147.in-addr.arpa"
Jul 10 01:55:25 up named[3075]: unapproved query from [206.86.0.21].4152
for "111.1.123.147.in-addr.arpa"
Jul 10 01:55:33 up named[3075]: unapproved query from
[206.184.139.12].2261 for "111.1.123.147.in-addr.arpa"
Jul 10 01:55:33 up named[3075]: unapproved query from
[206.184.139.14].1024 for "111.1.123.147.in-addr.arpa"
Jul 10 01:55:34 up named[3075]: unapproved query from
[206.184.139.14].1024 for "111.1.123.147.in-addr.arpa"
Jul 10 01:55:35 up named[3075]: unapproved query from [206.86.0.21].4152
for "111.1.123.147.in-addr.arpa"
I triggered myself the last bunch just by accessing http://www.best.com/
, and
147.123.1.111 is my proxy server that requested the pages.
So the question is: why are these queries refused, given that they refer
to a zone
with allow-query {any; } ?

Thanks

furio ercolessi
Spin - Trieste (Italy)