DNS servers are constantly sending out questions ("What's the IP address of www.hot-chicks-with-jello.com?") and receiving answers ("www.hot-chicks-with-jello.com is at 209.237.229.14").
They don't actually authenticate the source of the answers -- there's no way for your DNS server to be sure that the answer actually came from the REAL hot-chicks-with-jello.com. Some DNS servers don't even check that they asked a question that corresponds to an answer they received, and just believe any answer someone sends them.
The simplest form of cache poisoning is simply sending fake answers to someone's DNS server; for each safeguard a DNS server might apply to prevent cache poisoning there's usually a workaround that goes one step further. This is why SSH has all that stuff with strict checking of host keys.
Next time you ask him for gas company ID. He shows you a fake one. Beer stolen.
Next time you call the gas company phone number printed on his ID. It's his buddy's phone number; the buddy tells you the guy's legit. Beer stolen.
Next time you call the gas company's number as shown on your latest gas bill. It's his buddy's other line; they sent you a forged gas bill. Beer stolen again.
Next time you call the gas company as shown in the phone book. Oops, they sent you a forged phone book. You talk to the people at the gas company building downtown and get their phone number. You dial it but his buddy has broken into the phone company's switch and forwarded the call to his other line. Or the beer thieves rented office space and set up a whole fake gas company office, a tactic seen in "Sneakers". Again, beer stolen.
Indeed, perhaps they simply bribe a real gas company employee to steal your beer. It's a never-ending arms race.