Proliferation of NBT queries

[Dennis Bohn <BOHN () ADELPHI EDU>]

We have been seeing some odd traffic on the network, and wanted to see if anyone else has noticed this.  About three 
weeks ago, we started seeing a large volume of NBT queries (udp port 137) to our DHCP servers.  Certain machines do 
this repeatedly, 30-60 times a minute.  Oddly, our DHCP servers are Linux.  

As things evolved, we discovered that the machines doing the queries had autoconfigured printers that had been shared 
(inadvertently) on other Windows boxen.  We have not proved, but have a high index of suspicion that it is 
Itunes/Bonjour that is discovering and autoconfiguring the printers.  We can't be certain that machines weren't 
previously using the DHCP servers for NBT queries; it may have been at a low level and gone unnoticed.  

So, there are two issues: 1) Has anyone else seen PC-shared printers become autoconfigured on another PC?

2) We still have no idea why the machines are querying the DHCP servers, the Windows boxes still show no WINS server.  
Have googled, and the DHCP server is not the documented search order for Microsoft machines.  

Best,
dennis

Dennis Bohn
network manager
5168773327