DNS behind NAT?

[Al Iverson]

Boy, I bet this is a stupid question. Don't know where else to turn
though, would certainly appreciate a point towards the right direction.

I run my DNS off of my DSL connection, a newish version of bind 8 on
Linux. My DSL configuration is set up with NAT being performed by the
router, so I can split off various ports to various machines without
paying for extra routable IPs. My internal network is on 10.0.0.x. I've
got port 53 routed to the appropriate box so people can reach my named
daemon.

Works great. But, sometimes people tell me they see, once in a while, the
following messages in their syslog when they query something for
radparker.com.

Mar 10 17:21:20 clifto named[109]: dropping source port zero packet from
[209.98.250.78].0

209.98.250.78 is me. One guy was certain that I was trying to hack him,
but that's unlikely. ;)

Theoretically it's possible that somebody's exploited something on my box,
but it seems unlikely, because I don't see any other questionable
activity, and the load on the box is always really low. It's also a recent
installation and there's very few user accounts.

Anyone got any ideas as to why I'm sometimes causing folks to end up with
these messages in their logs?

Thanks a bunch,
Al Iverson

-- 
Al Iverson - http://www.mnjazz.com/ - Minneapolis, Minnesota, USA
My often outspoken and obnoxious opinions are my own. They are not
the opinions or official policy of my employer or anyone else.