You're correct, as I read it: this was a simple redirection (as almost all DNS attacks are), rather than an assault on the original MSN infrastructure. This is what makes DNS attacks so pernicious, of course: you can do all the good work, to secure your systems, yourself, but if your customers are misdirected elsewhere, thinking they are coming to you... well.
DNSSEC would have been able to secure against this, because the client would have been able to use the DNSKEY with the Authoratitive Name Server, and determine whether the answers coming back from the website matched those that should be coming back from the domain owner. Only the domain owner holds the private key, with which to generate such correct responses.
And that's the problem. Not only does this increase the size of the data going over the network, but it all calls for a greater degree of cooperation - particularly at the root or TLD. It isn't impossible, however: Sweden's .se TLD was the first to have a signatures stored at root.
Since I've managed to get this far without making any anti Microsoft comments, I'll ask this: why do MSN have their DNS servers run by a company with a warez skript-kiddie name, who couldn't protect their systems against SQL injection attacks? There's no point building a gated community, and then hiring incompetant security guards, to man the gate, is there?