DNS Behavior - Puzzle

I need your help!

I am looking through an old log file of a server with IP address 195.141.69.45 that I operated in 2002. The machine was running SuSE linux 6.0 (i386). It ran bind (9.1.0), sendmail (8.11.2), and was mainly used as a SMTP server to send mails for a number of users. I found these logs from my pf firewall that was in front of the box:

Oct 21 06:06:58.096785 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 61.215.160.253.53: 2520 [1au][|domain] (DF)
Oct 21 06:06:58.401472 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 210.175.50.163.53: 16979 [1au][|domain] (DF)
Oct 21 06:07:00.407500 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 210.175.50.162.53: 47817 [1au][|domain] (DF)
Oct 21 06:07:02.417637 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 61.215.160.254.53: 34849[|domain] (DF)
Oct 21 06:07:11.298946 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 204.123.2.19.53: 20792 [1au] MX? www.com.ar. (39) (DF)
Oct 21 06:07:11.477536 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 200.10.202.3.53: 21611 [1au] MX? www.com.ar. (39) (DF)
Oct 21 06:07:11.804894 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 200.68.93.195.53: 21263 [1au] MX? www.com.ar. (39) (DF)
Oct 21 06:15:19.667120 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 194.83.244.131.53: 60127 [1au] MX? sticksandstones.co.uk. (50) (DF)
Oct 21 06:15:19.691967 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 212.62.7.30.53: 58792 [1au] MX? sticksandstones.co.uk. (50) (DF)
Oct 21 06:20:00.844472 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 192.12.94.30.53: 29396 MX? about.com. (27) (DF)
Oct 21 06:20:00.859900 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 205.151.222.254.53: 14698[|domain] (DF)
Oct 21 06:20:01.021076 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 207.126.123.236.53: 13317 [1au] MX? about.com. (38) (DF)
Oct 21 06:20:01.070317 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 65.214.161.5.53: 14337 [1au] MX? mx13.crazed.com. (48) (DF)
Oct 21 06:21:02.121813 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 192.33.14.30.53: 34672 MX? poetic.com. (28) (DF)
Oct 21 06:21:02.297033 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 216.21.234.76.53: 25081 [1au] MX? poetic.com. (39) (DF)

As you can see, there are a number of DNS lookups. They span a total of about two weeks and ALL of them are using a source port of 1030. Why 1030? Why is it fixed all the time? Shouldn't the source port change?

There are other logs intermixed, where DNS lookups happen from other source ports:

Oct 13 20:46:03.915405 rule 184/0(match): pass in on xl1: 195.141.69.42.63994 > 193.192.227.3.53: 60676+[|domain]

Those are normal and I completely understand those. Any ideas why all these others have 1030 as a source port?

Thanks to everyone who

Thanks to everyone who responded via Twitter and email. Dan Kaminski and Johannes Ullrich contributed the fact that:

back in that day, DNS servers didn't change source ports. I think what he is
seeing is a mix of queries from different applications, maybe one of which
is a recursive name server, that doesn't happen to change source ports.

And in fact, it was a recursive DNS server running there. The fact that they didn't change the ports wasn't known to me. How crazy. Well, that solved this mystery.