> My opinion is that, yes, it is a real and practical attack, and it > could be prevented by full deployment of DNSSEC. (Deploying IPv6 would > help, too, for the reasons explained here.) you may want to defend against it this decade randy