Let's see, you have a RH6.2 machine hooked up on the internet, stock
install, no updates. Running off a @home cable modem in Tucson, AZ. (Why
are you asking the Twin Cities Linux User Group? :)

First off, bad bad bad bad! I want the Junkyard Wars 4th of July special
car crushing machine as a lart! :)

Your worst case scenerio is that you got hit by the bind worm and your
computer is now looking for other vunerable bind installs. Since you're
unpached you should take the box in question offline YESTERDAY and
downloaded the updates for RedHat 6.2.

Check the RedHat site for info on the worm (what was it? lion? ramen?)

If it turns out you're infected with the worm, you may as well nuke
everything but /home and install the latest Red Hat (or use the
oppertunity to be converted to Debian or <insert distro here>) and play
with stuff like XFS/ReiserFS.

If you've ruled out worms and the like, are you actually running bind on
your box? If so, what does your /etc/resolve.conf look like? Using you're
isp's nameservers or just localhost? Check named.conf, using any
forwarders?

If you're just using localhost AND the machine in question is listed as a
DNS server for a domain, the admin of the other machine needs to get his
head outta his ass. :)

If on the other hand your machine has no business going to his box for DNS
info, then yeah, could be a problem there.

The Institute for Security Technology Studies and SANA came up with a
lionfind tool:
http://www.ists.dartmouth.edu/IRIA/knowledge_base/tools/lionfind.htm
http://www.sans.org/y2k/lion.htm

Grab it and run.

All I can think of for now, hope you found something helpful in all that.

Andrew S. Zbikowski | http://www.ringworld.org
"We can learn much more from wise words, little
from wisecracks and less from wise guys."
--William Arthur Ward