The CERT release document also mentioned that some of the vulnerable
DNS cache servers would issue a new request for every query they
received whilst waiting for an answer to fill their cache (rather than
just sending a single request to the next DNS server and taking note of
all the clients that require a response).
Hence an attacker could issue X simultaneous queries for the same
record to a DNS cache (each with a unique transaction ID), and
then send back X simultaneous spoofed responses shortly there after
in the time window between the DNS cache sending a request to the next
DNS server and the DNS cache receiving the reply.
This would increase the chance of the cache poisoining attack succeeding
from 1/2^16 (as transaction IDs are 16 bit) to X/2^16.