http://en.wikipedia.org/wiki/DNS_cache_poisoning has definitely been exploited in the wild. A friend of mine in AWS had to investigate cache poisoning attacks happening on certain ISPs a few years back that were hijacking images.
Edit: Are any affiliate params or headers being passed to the forward page?
Who is your ISP?
http://en.wikipedia.org/wiki/DNS_cache_poisoning has definitely been exploited in the wild. A friend of mine in AWS had to investigate cache poisoning attacks happening on certain ISPs a few years back that were hijacking images.
Edit: Are any affiliate params or headers being passed to the forward page?