The paper shows that Microsoft Windows DNS Server outgoing queries are predictable, allowing for cache poisoning attacks.
You can download it from the following link: https://packetstormsecurity.com/files/download/60883/Windows_DNS_Cache_Poisoning.pdf
Source: https://packetstormsecurity.com/files/60883/Windows-DNS-Cache-Poisoning-Whitepaper.html