Question about bailiwicked_host.rb

[hdm at metasploit.com (H D Moore)]

You can't overwrite existing entries, you can however, wait until the 
cache entry expires then spoof it. The bailiwick_domain.rb exploit does 
not have this limitation.

On Thursday 24 July 2008, . wrote:
> I thought that long TTLs did not provide any protection against this
> attack as the random dns requests are not going to be cached, and if
> you win the XID race you can just overwrite whatever in bailiwick with
> regardless of whether it is cached or not. (I assume I am missing
> something?)
>
> Why does this exploit need to sleep until the hostname is purged out of
> the cache??