One of the defenses against DNS cache poisoning is randomization of the IP address of the queried name server. We present a newly found vulnerability in BIND, the most widely used DNS software on the Internet, which enables an attacker to easily and deterministically control the queried name server chosen by BIND's resolver. The vulnerability lies in BIND's SRTT (Smoothed Round Trip Time) algorithm. The attack reduces the time and eort required to successfully poison BIND's cache.