Dan Kaminsky didn't discover the basic problem with the design of DNS or implementations of
it. This was known about years ago, to the extent DJB was aware of it and worked around it to
make DJBDNS not vulnerable to the same extent other unpatched DNS implementations are.
Kaminsky appears to have discovered an attack which exploits the problem in a more devastating
manner than previously known possible.
The basic defect in DNS isn't solved by the current set of patches. DNS without DNSSEC, even
if further third party cache-poisoning exploits are not discovered, still depends upon trust
in a chain of middlemen DNS caching servers in order to communicate authoritative DNS
information from DNS content servers to clients. So the wider issue of insecurity inherent
within the design of DNS itself remains. The additional entropy provided by these patches
makes a class of technical attacks by outsiders more difficult, but this simply delays the
inevitable need to transition to DNSSEC at some point in the future.