Just an informal survey ... Any of you choosing not to randomize DNS source ports for your caching recursive servers? (Why?) Using iptables or other PAT to randomize for you? Already used a DNS server that did it? Don't care? Anyone deployed DNSSEC? Or plan to within next 30 days? (Let me know if you need help.)