Verisign, Inc. is an American company based in Reston, Virginia, United States that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the .com, .net, and .name generic top-level domains and the .cc and .tv country-code top-level domains, and the back-end systems for the .jobs, .gov, and .edu top-level domains. Verisign also offers a range of security services, including managed DNS, distributed denial-of-service (DDoS) attack mitigation[5] and cyber-threat reporting.- Source
The IP Address of the offender is 173.254.179.200 which relates to a ISP in Sacremento, CA. So does that mean the forwarders are eventually hitting this ISP's DNS and it is returning something invalid?