DNS propogation is not instant, it can take hours in some cases for the new ip's to propagate to all the DNS servers in the world, especially if the server is caching it can take up to 24hrs for the clients to get the new IP, so the DNS test you did doesn't really prove much.
Sorry, this is nonsense. slush said in his post he has a 5 minute timeout on his zone and this is easily verifiable:
$ dig mining.bitcoin.cz
; <<>> DiG 9.7.3 <<>> mining.bitcoin.cz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59770
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 4
;; QUESTION SECTION:
;mining.bitcoin.cz. IN A
;; ANSWER SECTION:
mining.bitcoin.cz. 300 IN A 178.79.183.97
See that 300? 300 seconds, 5 minutes.
No DNS server (unless deliberately misconfigured) will hold onto that value for more than 5 minutes.
It is conceivable that if a client is going through a long chain of DNS servers each with their own cache, that you will see old data for slightly more than 5 minutes, but I would guess this is rare. And it certainly wouldn't be 24 hours.
It is also conceivable that the botnet attacking software could have done one lookup when it started then kept the value until told to do otherwise, but then it would require babying by the operator to keep up with his previous DNS changes when trying to evade them. I doubt this is the case.
Everything slush said about DNS was correct. Yes, I am a sysadmin.