Although this has already been all over the net, there are still some interesting updates worth mentioning. The first one is, besides the excellent DJBDNS server, PowerDNS is also not vulnerable. Which just goes to show that a little diversity is good for your (network) security!

What’s more interesting is an article about the actual probability of a spoofing attack taking place. According to some calculations, the chance of successfully spoofing a DNS record within 24 hours of attacking are still over 50%, even with a fully updated BIND or Microsoft DNS server. 

To overcome this, PowerDNS has a built-in facility called “near miss detection” that will lower the chance of succeeding to a much more acceptable level; I bet even Bernstein didn’t think of this option! Anyway, if you’re interested, this page is an excellent read.