From your blocked domain stats it looks someone indeed tried to visit porn sites, or at least visited web pages where these blocked porn domains were referenced.  Pretty clear that nobody else can guess more details, because it's your network, and you should know your network at best.

Also, DNS lookups and visiting websites are loosely related.  E.g the times can significantly differ due to local caching techniques, resolver cache and browser cache and also router caches.  It could also be that VPNs or proxies are being used by users in your network.  All this may be the reason why your Untangle logs and OpenDNS stats hardly match.  Also the above mentioned DNS prefetching would cause to appear in the OpenDNS stats, but not in your Untangle log.  Exactly "that would once per day do an NSLookup on a long list of pornography sites, but not attempt to connect to them" to say it with your words.  You may want to disable DNS prefetching in your browsers to see if this changes the situation.

I am having the same issue of the same random porn sites showing in my logs and  am 100% positive those sites have not been visited.  I have disabled DNS prefetching on the browsers and the caches on the devices.  I have turned of all devices but one and the site still show up. Is there something that we could be missing?

You're saying that there are still DNS lookups against these domain names out of your network.  You may want find out what raises these DNS queries, e.g. by installing network sniffers or by enabling router logging or by investigating browser histories.

Chris, yes we are.  We have used it for quite some time and didn't notice any issues until a few months back.  

I'm seeing the same blocked porn sites, same scenario, twice a day the blocked sites show up, no way is anyone visiting these sites.  This cannot be a coincidence.  

See rotblitz initial reply (and later) where he talk where he refers to browser prefetching, not having your address properly registered with OpenDNS, or even "sharing" your public IP address with others. He also talks about ways that you can track down exactly what is doing these DNS lookups. And again, without knowing what domains you are referring to, it's even more difficult to offer any substantial input.

Plus, be aware that OpenDNS does not deal with sites, it only deals with domain names. It entirely possible that someone is visiting a site, or perhaps a service is doing some sort of internet connection, that in addition to the primary information on that site, has ads or other links that trigger a DNS lookup without anyone actually clicking the link or visting that that.

It's also possible that something is infected with some form of malware which is causing these DNS lookups.

The important thing is that OpenDNS is BLOCKING the DNS lookups to the types of domains that you don't want people interacting with. That means that if someone or something is trying to access some website or service that you don't want on your network it is being blocked. That is exactly what OpenDNS is supposed to do. It then remains to you to track down who or what is causing these DNS lookups in the first place, since unless you are sharing your IP address with others the traffic is originating in your network.

Also, are you using Avast Security? I have seen references in here and other locations about some versions of their software generating a lot of DNS lookup traffic as part of their background functioning that have nothing to do what anyone on the network is doing.

Thank you for reply.  Yes I had Avast.  I've uninstalled and will let you know in a few days if the blocked sites do not come across again.   Thanks for your help.  

@sysadmin3 Can you comment on whether removing Avast resolved your issues? Thank you.

yes it did correct the issue.  Thank you very much for your help.