Indeed, the study of PRNGs splits into two parts: scientific PRNGs, where the emphasis is on
provable uniformity, provably large period, and speed, versus cryptographic PRNGs, where the
emphasis is on resistance to prediction, judicious incorporation of true entropy, and speed.
As you suggest, since DNS port randomization is effectively using the source port as part of a
secret key, it's important that the the source ports be generated by a cryptographic PRNG.
Fortunately, these days we can build very good PRNGs of both types. For cPRNGs, the
constructions usually involve using some other crypto algorithm as part of the generation
process (e.g., a strong hash or cipher like SHA-256 or AES). This is exactly what /dev/random
and /dev/urandom do, and it's what good-quality DNS server implementations will do too. In
practice, attacking such a PRNG is about as easy as inverting SHA or AES -- not gonna happen.
(And yes, I know that SHA-1 has been recently weakened.)
If you want to know more about these issues, then I can recommend Schneier's paper on
yarrow for a great discussion of the issues faced by such a design, and  for a fun and
famous discussion of exploiting such flaws in TCP sequence numbers (with pretty pictures!).