Compromised BIND?

[Supersonic]

I have a BIND 9.8.0-P2 server instance running on a production server. My
firewall is showing repeated attempts by named.exe to connect to IP
addresses in foreign countries on ports 6666, 6667 and 6669 - common IRC
ports used by worms/trojans/zombies. Checking my named.exe file, it shows
that it is unchanged from the installation source. Is this connection
normal? Should I be allowing it?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110531/48039f41/attachment.html>