If you have a captive audience, DNS, etc. can still be much more difficult. Think, malicious wifi hotspots where you can totally dominate everything about the victim's Internet access. But, generally, you are right, these tools require a certain level of access. I have never used one on an internal network assessment. I have done a small amount of arp poisoning on occasion, which you could then use a tool like ssl strip with, but my needs were different :)