© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I don't know why the behaviour changed.
To randomize the port, glibc would have to ask the OS to allocate a port for each DNS query (and, actually, two in the case we are talking about because it is actually two queries). And free the port afterwards. Port allocation is done by the kernel, on a per-interface basis. So this would multiply the number of system calls (modestly). I don't know enough about how expensive these system calls are (they should be cheap).
The way to secure DNS is through DNSSec. I've been interested in that for a decade. Looks like it might happen soon. I cannot understand why, for all the crap that 911 justified, it didn't spur the deployment DNSSec.