Yes, it was a problem with the Asus router.
There's nothing to configure in the Asus web interface, but telnetting into it gave an option to shut it off.
nvram show | grep dns_probe
Shows the offending addresses. I set them to null, saved, then rebooted.
nvram set dns_probe_content=0.0.0.0
nvram set dns_probe_host=""
nvram commit
reboot
I flushed the logs, and now dns.msftncsi.com doesn't show up every few seconds.
There's some information about it here: Constant unwanted traffic to dns.msftncsi.com from RT-AC66U | SNBForums