Promiscuous W2K DNS client? = Security hole?

[Ianice Berg]

In the course of debugging my Vigor2600 DNS proxy I discovered that my
W2K sp4 machine isnt checking the source address of the DNS responses.

This makes one wonder whether W2K checks *anything* in the DNS
response.

This make me wonder if someone with a spoof www.ebay.com could squirt
their own DNS reponses around a bit and have a good chance of picking
up a surfer happy to hand over their ebay and paypal passwords! :)

Can anyone else confirm this?

Is this "feature" already known?

Does XP fix this?

Does anyone care about this sort of thing (e.g. anyone at Microsoft
watching)?

ho hum.