[devinl]

Do you have any more details around such an attack?

The only HSTS bypasses I am aware of that were possible with control over DNS were dependent on browser vulnerabilities that have been long since fixed or required the domain to not be cached or preloaded (which effectively means you'd only be able to attack first time visitors on sites that have not implemented preload who are clicking on an http link)

[superpatosainz]

There was once even an easy to use software that shipped with an attack. It was called Firesheep and it let anyone skillful enough to install a browser extension get into the Facebook and Twitter sessions of anyone who shares the same network.