I'm also seriously tempted to write a program to send back a nice, custom response to these, in the hopes that the program actually cares about the response.
“An annoying attack - The Boston Diaries - Captain Napalm [1]”
Yeah, about that …
I've done a bit more research and apparently my server is part of a DNS (Domain Name Service) amplification attack [2], where some machine (or machines) somewhere on the Inernet is sending my server (along with possibly other DNS servers) a forged DNS request, in the hopes that my DNS server will do the requested DNS lookup and return the result (in this case, any DNS record for isc.org, which is known for returning rather large DNS resonses) in the hopes of denying service to the forged IP (Internet Protocol) address.
And even though my server won't do the actual DNS request, it still returns a packet saying as much, so even though my server is not sending a large packet, it is returning a packet, and thus participating the the DDoS (Distributed Denial of Service) attack, however little.
So even if I did send back a bogus response, it wouldn't be directed at the guilty party.
Sigh.
So I guess the thing to do is just filter those requests at the firewall.
[1] http://boston.conman.org/2012/01/04.1
[2] http://www.securiteam.com/securityreviews/5GP0L00I0W.html