Apparently, in terms of a fixed query source port, dnsmasq seems to be vulnerable anyway. I
made some tests on my router - running kernel 188.8.131.52 - and the source port dnsmasq used to
forward requests to my ISP's name servers was all the same for several queries.
As I understand it, you can specify a source port via config or command line, or dnsmasq will
pick one randomly at startup. But once it is chosen, it apparently will use it for all queries
from this point on.
Since it doesn't recurse, dnsmasq won't be top priority I guess, as an attacker would have to
spoof one of the ISP's nameservers, which is much more unlikely than spoofing one of the
servers on a recursive resolution path. So I'd be interested in my ISP getting his servers
straight in the first place.
But it would still be nice if this got fixed some time, given the attention this issue draws.