Is my BIND Server's Cache Poisioned ?

Hi,

I met a strange problem with my cache server, which
runs BIND9.3.1.

In past days, our customers complaint that three
domain names (www.hangzhou.gov.cn, www.zpepc.com.cn)
could not be resolved frequently. I checked on the
cache server and found, when the cache server could
not resolve www.hangzhou.gov.cn (www.zpepc.com.cn) I
can solve the problem by running "rndc flush".

The debugging output of named process has the
following output when it could not resolve
www.hangzhou.gov.cn.

Do that mean my cache server is poisioned for these
two domain name?

  No. These are just a mis-configured zones.

  hangzhou.gov.cn only has glue records for the nameservers.
  zpepc.com.cn has CNAMEs for the nameservers.

  Both of these misconfigurations are visible to nameservers
  that are IPv6 aware. Nameservers that are not IPv6 aware
  are not likely to make the queries that make these
  misconfigurations visible.

  Flushing the cache temporarily hides the misconfiguration.

  Mark

% dig dns2.hangzhou.gov.cn @sld-ns1.cnnic.net.cn

; <<>> DiG 8.3 <<>> dns2.hangzhou.gov.cn @sld-ns1.cnnic.net.cn
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 110
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; dns2.hangzhou.gov.cn, type = A, class = IN

;; AUTHORITY SECTION:
hangzhou.gov.cn. 12H IN NS dns.hangzhou.gov.cn.
hangzhou.gov.cn. 12H IN NS dns2.hangzhou.gov.cn.

;; ADDITIONAL SECTION:
dns.hangzhou.gov.cn. 12H IN A 218.108.246.45
dns2.hangzhou.gov.cn. 12H IN A 60.191.40.77

;; Total query time: 338 msec
;; FROM: drugs.dv.isc.org to SERVER: 159.226.1.3
;; WHEN: Thu Jun 30 13:30:32 2005
;; MSG SIZE sent: 38 rcvd: 102

% dig dns2.hangzhou.gov.cn @60.191.40.77

; <<>> DiG 8.3 <<>> dns2.hangzhou.gov.cn @60.191.40.77
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38698
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; dns2.hangzhou.gov.cn, type = A, class = IN

;; AUTHORITY SECTION:
hangzhou.gov.cn. 1H IN SOA dns.hangzhou.gov.cn. mail.hz.gov.cn. (
                                        2005062401 ; serial
                                        1H ; refresh
                                        30M ; retry
                                        1w3d ; expiry
                                        1H ) ; minimum

;; Total query time: 6365 msec
;; FROM: drugs.dv.isc.org to SERVER: 60.191.40.77
;; WHEN: Thu Jun 30 13:30:52 2005
;; MSG SIZE sent: 38 rcvd: 86

%

% dig ns1.zpepc.com.cn @202.107.201.1

; <<>> DiG 8.3 <<>> ns1.zpepc.com.cn @202.107.201.1
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23703
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; ns1.zpepc.com.cn, type = A, class = IN

;; ANSWER SECTION:
ns1.zpepc.com.cn. 1D IN CNAME 202-107-201-1.zpepc.com.cn.
202-107-201-1.zpepc.com.cn. 1D IN A 202.107.201.1

;; AUTHORITY SECTION:
zpepc.com.cn. 1D IN NS ns1.zpepc.com.cn.

;; Total query time: 5593 msec
;; FROM: drugs.dv.isc.org to SERVER: 202.107.201.1
;; WHEN: Thu Jun 30 13:35:12 2005
;; MSG SIZE sent: 34 rcvd: 92

%

i