@tykling

> The attackers likely had to try issuing multiple times to get lucky and have all the lookups hit the "bad" server.

They can't be checking every NS then; they check a random one and I'm not sure why they'd need to do it from multiple regions (other than working around networking issues).

So that's the whole attack scenario. Pwn a single NS and then try a couple times until it picks the NS you control.

Very disappointing.