[nikcub]

re: your first paragraph, there is a way to jack an entire DNS record and not miss anything. It involves writing a custom DNS server. Once you become the primary, as the queries come in, if you are queried for a record that you don't know, you simply forward the query to the old primary and then store it yourself. Works all the time.

Domains are jacked and proxied a lot more than people know. The hackers have custom tools (rather than Squid + BIND etc.) that perform these tasks and keep them hidden.

Even better, you could host spoofed DNS for a number of Linode's on a single small 128-256MB virtual machine. The infrastructure required is tiny. Definitely possible, definitely happens all the time.