[SLL] who is randomizing DNS source ports? deploying DNSSEC?

[Mark Foster]

I have not bothered with DNSSEC for three reasons.
1. Adoption is spotty. & has not reached any kind of critical mass 
tipping point (trust anchors)
2. Overly complex implementation (yes, subjective)
3. unavoidable data leakage (NXT records)  

Regarding 1, until critical mass is reached the effect is about on par 
with SPF - little to no practical impact.

-- 
Some days it's just not worth chewing through the restraints...
Mark D. Foster, CISSP <mark at foster.cc>  http://mark.foster.cc/