"One of the big issues that security researcher Dan Kaminsky
disclosed about DNS insecurity in 2008 was that DNS request
information isn't quite as random as it should be. The way DNS
works is that each DNS request is supposed to carry with it a
random number transaction ID. But it turns out that the random
number is only one out of 65,000. DNS is at risk when there isn't
enough randomization and a hacker can 'guess' the number.