Came across this page about WindowsXP DNS resolver and its own caching/security policies
It seems that Microsoft is admitting that out of the box, WindowsXP can be cached-poisoned :). Ohh, and in order to secure the box, you need to hack the registry which may require you to reinstall your OS. Hmm, and they say Unix is difficult to use and inflexible :)
Now, I am not sure if that is still the case if the resolver points to secure caches such as dnscache. If that is so, its a disaster waiting to happen