If a mobile app pins the Root Authority Certificate of a server and verifies its hostname, is it possible an attack via DNS-poisoning?

If a mobile app pins the Root Authority Certificate of a server and verifies its hostname, is it possible an attack via DNS-poisoning?

I have some questions about certificate pinning.

Supposing that a mobile application has pinned only the root CA, it should be possible to an attacker to redirect in some way the victim to a malicious website with the same Root CA. Am I wrong?

• What happens, instead, if an app pins the Root CA but verifies the hostname of the server which the app is connecting to?
• If the attacker owns a website under the same Root CA, can he poison DNS-cache and let the app connect to his website or there are security mechanisms which prevent such behaviour?