Remind me not to let a guy with a russian accent attach a gigabit cable to my nameserver for 10 hours.
In that 10 hours he'd have to saturate the link... *someone* would notice and shut him down long before that. It's a very difficult attack to make outside the local LAN - ISPs routinely filter the source addresses of packets to stop exactly this kind of shenanigans, and have done for years.. not to mention getting gigabit bandwidth over a WAN requires the kind of access to hardware that most people simply don't have access to.
*any* protocol is vulnerable to brute forcing on that scale - it's not a vulnerability even more than my house is 'vulnerable' because someone with a tank could drive through the front to get in. Hell, by brute forcing NAT/State replies you could gain access to machines behind the firewall easily enough. Why stop at the nameserver?
OTOH just ARP spoof. Simpler, much easier and can be done in minutes on a 10mb LAN let alone a gigabit. This is why physical security is the #1 layer and always will be. If someone can plug into your LAN you're hosed.