DNS threat model draft (by Rob Austein and Derek Atkins):
very readable, not very controversial, mostly "a piece that was previously missing".
an important comment (from Bill Manning?) is that DNS through DNSSEC and TSIG is becoming dependent on "time" and that is an additional threat vector.