Today ,I see on the csdn.net ,a new article about the 'dns inject code ' abstract me.I follow it ,and I find the injection code in http://metasploit.com/dev/trac/browser/framework3/trunk/modules/auxiliary/spoof/dns/baliwicked_host.rb?rev=5579
So I think our network information center must have some solution to this hole , otherwise our website's username and password is oberviously become useless ,the hack will use this code to poison the dns server ,then direct we to an fake website have the same UI ,then we input the username and password ,the hacker will cat it .Although the code line is just for 332,bu the nic department must very recognition this event.