Kaminsky notes that he wrote the entry, at least in part, as a document to be shared with management, the sort of thing to pass along to those whom you want (or wish) to know more about what it is you're up against in keeping systems safe and effective and functional.
As Kaminsky points out, as everybody has been pointing out (bMighty included), the industry's patch response to the problem has put the tools out there to begin dealing with the potential attacks, if not, alas, to thoroughly address the fundamental weaknesses in the naming system.
The problem, and the reason I'm arguing that the DNS situation is a cause for real and ongoing worry, is that we've seen again and again that a large percentage of businesses and a far larger percentage of users take a laissez faire (at best!) approach to patch management, even for well-known and already under-attack vulnerabilities.
Never was any excuse for such laxness and there is a lot less excuse now. If you're running DNS servers, patch them; make sure that your Windows machines have the Windows DNS patch installed.
And once you've done that -- and run a DNS test; there's a DNS tester on Kaminsky's page -- keep worrying.
Because you don't have any guarantee that the DNS server next door or down the block or halfway around the world has patched its holes. You can, in fact, be pretty confident (if that's the word) that plenty of them haven't.
Check out, for instance, this story about the slow ISP response to patching the DNS flaw.
And if some of the biggest businesses are dragging their patch management feet, think about how things are going at smaller, underfunded and overworked companies.
DNS flaws and available but uninstalled patches: What, me worry?
You bet.