> While this is true, anybody doing DNS queries over UDP using a static source > port is at risk. Indeed. To that end I am currently adding source port randomisation tests to the CPE DNSSEC/EDNS compatibility test project that I'm working on at the moment. Ray