Actually, there's a 3rd question: WTF if the secondary dns doing when it attempts to contact my firewall box on a high port, 32,711 or such as I posted last night? I sent a nastygram to both postmaster and abuse at the secondary dns's name, specifically requesting a reply, but in 18 hours none has been forthcoming. Should I just keep beating on them till they get tired of me and disconnect me, or what?
What was the source port? If it's UDP 53, then that's a reply to one of your queries. Sometimes the connection tracking loses the outbound entry so the reply looks like an orphan. Make sure your evidence is very good before accusing someone of shenanigans. Maybe you could post a couple firewall log entries showing what you're seeing? (I haven't seen your other post, maybe you already did that.)
