DNS security and the way to spoof and poison DNS is a pretty complicated area. Luckily we have DNSSEC which can help to resolve the issues quite simply. It’s an area that I needed to understand a bit more about and as I happened to be doing so I found this video with Mark Minasi. Oh and yes, it’s another reason to move to Windows 7, as XP and Vista don’t support all the DNSSEC flags. He’s got some other great background on why you should choose to go 64bit over 32 in your Windows 7 deployment.