I've seen that before.  ns1.crescentcap.com had a bogus SOA and NS
records for the COM top-level-domain, and, worse, had a wildcard MX
record for the COM domain.  That's probably how your cache got
poisoned; the bogus SOA record might have gotten returned as an
additional record in the query for the MX for crescentcap.com, and
your named probably didn't reject it.  I think more recent versions of
BIND actually reject such things by checking them against the
configured root servers.

In any case, I believe the problem has since gone away.

---Tom