Strange error in logs

[Antonio de Jager]

"Chris Hanlon" <chanlon at mergetel.com> wrote in
news:cf0h44$1ggo$1 at sf1.isc.org: 

> For the last couple of weeks I've been getting messages like these in
> my message log:
> 
> Aug  6 13:02:49 mergex named[26439]: [ID 295310 daemon.notice] refused
> query on non-query socket from [216.52.184.230].53
> Aug  6 13:02:53 mergex named[26439]: [ID 295310 daemon.notice] refused
> query on non-query socket from [63.251.163.102].53
> Aug  6 13:02:53 mergex named[26439]: [ID 295310 daemon.notice] refused
> query on non-query socket from [216.52.184.230].53
> Aug  6 13:02:57 mergex named[26439]: [ID 295310 daemon.notice] refused

I've also been seeing these messages with the same ip numbers (nameservers 
of name-services.com) appearing on mine DNS servers.
sniffing the packets lead to the following info: my dns server is sending a 
PTR request to one of the dns server for a domain (forgat the name, looked 
like a spam domain) . The dns servers of name-services.com replies with an 
empty answer (again forgot the excact packet, i'm at home right now) which 
resulted in the "refused query on..." messages
what i couldn't find was why my dns servers were sending a PTR request for 
a domain, but that is something for a later moment

Have you sniffed the traffic, and if so are the results the same?

greetings,

Antonio