nDNS data can be spoofed and
corrupted on its way between
server and resolver or forwarder
nThe DNS protocol does not allow
you to check the validity of
DNS data
FExploited by bugs in resolver
implementation (predictable transaction
ID)
FPolluted caching forwarders can
cause harm for quite some time
(TTL)
FCorrupted DNS data might end up in
caches and stay there for a
long time
nHow does a slave (secondary) knows
it is talking to the proper
master (primary)?