Hey,
well, this means that some application is trying to resolve the address bounce-thomas-krenn.xortex.at over and over again. I assume that 192.168.0.217 is the address of the machine you were running tcpdump on, right (the DC Mater or DC Backup)? So what happens is:
An application running on the host 192.168.0.120 sends a DNS request to the DNS server running on your DC Master querying bounce-thomas-krenn.xortex.at.
The DNS server on your DC Master doesn’t know the answer and forwards a DNS server on the internal host 192.168.0.246. That one then says “well, I don’t know…”.
As your DC Master doesn’t know the answer yet, it now contacts three external DNS servers and asks them.
Basically you’ll have to figure out which application on 192.168.0.120 triggers those queries in the first place. Everything else is just a result of 192.168.0.120 asking for that record.
Kind regards,
mosu