I know that many clients in the same network has a same DNS (Most of time but it can be changed.)
But is there anyway to understand what DNS Server that an specific IP (Over Internet) uses through the weaknesses in UDP ?
Update 1 : It's clear that it is possible to see DNS Packets with MITM attacks. Lets assume that example.com's IP Address is 1.2.3.4 so I mean what DNS Server this IP uses when wants to ask for someone's IP.
I ask it because I saw that Michael Howard in "25 deadly programming sins" explains that its possible to find someone's DNS Server over Internet .
But I can't find anything about it with googling.
By weaknesses, I mean that every time you ask a DNS Server for an IP the replay can be from different source (and it's normal in DNS Servers and most of Operating System will accept it ! ) and you know that UDP source IP's can be spoofed easier than TCP (as DNS uses UDP).