some interesting ideas, thanks. the destination host is my home firewall and destination port 53, so it's not simply bad state on my firewall accidentally blocking normal DNS where the dest port would be some random high udp port, or a resent packet from a nameserver on the internet.
I'll have to look back through old logs and see how long its been going on for, it's a slow occasional packet, no more than every five minutes or so. A long time ago I did run openvpn on port53, as it was an interesting way of getting through some firewalls and wifi hotspots ;-)
