Nobody uses DNSSEC, so it's still easy to poison DNS caches
I'm not sure if that's accurate - I believe source port randomization has made it extremely difficult to poison recursive DNS servers. I think a recent "successful" attack on source port randomizing showed it took them 7 hours on a 10Gb/s link to poison one A entry.
Think about how much bandwidth is used every day for downloading porn. Use 1% of that for poisoning DNS, and DNS points wherever the poisoners want it to.
I'm not sure if that's accurate - I believe source port randomization has made it extremely difficult to poison recursive DNS servers. I think a recent "successful" attack on source port randomizing showed it took them 7 hours on a 10Gb/s link to poison one A entry.