Snoop and Spoof

e.g. snoop/intercept a query, return forged response before the legitimate server

Not always possible
depend on the location of the attacker
the attacker need to be able to snoop packets, and
can send forged response faster than the valid server

Still can happen...
at some places like "Internet cafe"