Get the Whitepaper called DNS Poisoning Via Port Exhaustion. It covers everything from how DNS poisoning works to various methods of performing attacks. It discloses two vulnerabilities. One is in Java which enables remote DNS poisoning using Java applets. The other is in multiuser Windows environments that allows for a local DNS cache poisoning of arbitrary domains.
You can download it from the following link: https://packetstormsecurity.com/files/download/105964/dnsp_port_exhaustion.pdf
Source: https://packetstormsecurity.com/files/105964/DNS-Poisoning-Via-Port-Exhaustion.html