Basically, the UNIX-based stuff has been secure against cache poisoning for quite some time, but there may always be a bug or design flaw that is discovered. We are not quite sure why Microsoft left a default configuration to be unsecure in NT4 and 2000. (Exercise to reader: insert Microsoft security comment/opinion/joke here, but keep it to yourself). Kyle Haugsness in 'March 2005 DNS Poisoning Summary' (http://isc.sans.org/presentations/dnspoisoning.php)