This podcast describes how an attacker can poison you DNS cache.
Having your router only connect to an authoritative DNS server with HTTPS and implementing DNSSEC validation will mitigate this. I cannot remember where I had this discussion about what these things were good and this is an excellent example.