There is no excuse to run 12.09 (which has been EOL for almost a decade) on a Netgear WNDR3800 (680 MHz AR7161 (ath79), 16/128), which can easily run the currently supported version (21.02.x/ 22.03~).
It is a reasonable assumption that those connections are malicious and are utilizing the numerous significant vulnerabilities in your router. The only way to fix this is to upgrade. Attitude Adjustment (12.09) is very old (10 years), and it is completely unsupported (and has been for many years, too). You need to upgrade, or deal with the consequences of using a highly vulnerable router firmware.
Port 53 looks like DNS requests indeed, but I second the advice given by others: you are a vulnerability on the internet with 12.09. Not just to yourself, but also to others since by now you might be part of a botnet.
If you're worried about security and exposure - and you wouldn't be opening this topic if you weren't - you really should update your firmware.
The easiest and fastest way to check for bots is a power off 30seconds reboot and there are gone.
But if there are bots that has nested themself in that device because of known exploit they will come back within minutes since they just assumed you got afraid and flushed their pals with a power cycle and they will wait a couple of minutes before returning so you will calm down.
That DNS traffic you see is likely the LuCI page itself doing reverse lookups for all shown IPs. It should level off after at most 15-30s when all (most) PTR records are cached.
So, if these are indeed DNS lookups, and I don't click on Enable DNS Lookups, should I expect to see them all disappear after a while?
Yes.
I guess I'm unclear on how the Source can be an address that's not on my LAN.
I would guess the source is your current WAN IP (dnsmasq initiates a connection from your routers wan towards your ISP DNS server after all). The DNS queries triggered by LuCI are not coming from the LAN because they're initiated from OpenWrt itself.
I checked and it's just as you say. The source address is the WAN IP of the router, as assigned by the ISP, and the destination addresses are always port 53 on DNS 1 and DNS 2.
After 8 hours, I checked again without enabling DNS lookup on the connection activity page. I still see a fair number of DNS requests being sent.
Is there some way to see the details of these requests?
you can try wireshark and check those dns queries (the misterious conections are conecting to a port 53 port 53 is used for dns traffic and dns traffic is unencrypted an you can check with wireshark since :53 port is plain text dns