Re: resolvers using non-ephemeral ports

[D. J. Bernstein]

130.235.188.122, for example, is a BIND 8.2.2-P3 cache configured to
send queries to servers from port 54.

On the other hand, my cache refuses to answer packets from clients on
low ports other than 53. There haven't been any reports of problems.

I use a random port number between 1025 and 65535 for each outgoing
query. I recommend the same strategy for all clients and caches: it
makes DNS packet forgeries much more difficult.

---Dan