This whitepaper details a way of making DNS cache poisoning / response spoofing attacks more reliable. A caching server will store any NS delegation RRs if it receives a delegation which is “closer” to the answer than the nameservers it already knows. By spoofing replies that contain a delegation for a single node, the nameserver will eventually cache the delegation when we hit the right transfer id.
You can download it from the following link: https://packetstormsecurity.com/files/download/68920/Whitepaper-DNS-node-redelegation.pdf
Source: https://packetstormsecurity.com/files/68920/Whitepaper-DNS-node-redelegation.pdf.html