A. The four hosts are 216.73.81.10, 216.73.85.10, 216.73.86.10 and 216.73.87.10, which are the name servers for doubleclick.net, although you might see other addresses. The event description is:
The DNS server encountered an invalid domain name in a packet from <IP address>. The packet is rejected.
You might find the clients trying to contact various other servers, such as buy.rpts.net, ad.doubleclick.net, and ebay.doubleclick.net. The error is caused by the DNS cache-pollution protection not accepting resolutions from nonauthoritative servers. (See the Microsoft article "Description of the DNS Server Secure Cache Against Pollution setting," http://support.microsoft.com/?kbid=316786 for more information). You could consider blocking doubleclick.net at the firewall or monitor the traffic at a firewall level to ascertain which machines on your network are originating the requests.
