I suspect that the glibc stub resolver justs bind its socket to an unspecified port, which is
fairly random after the system has been running for a while (whereas BIND typically starts
shortly after the machine is booted). But an attacker can find out which source port you're
using if you ever send a query to a DNS server they control. If I understand correctly, the
source port needs to be randomised for each query (i.e. the resolver keeps re-binding to
specified random ports).