[cesarb]

> Is there a sequence number or unique request ID that gets used in UDP dns requests that is required in the response to be accepted as a response?

Yes, there is, but it's only 16 bits, so it can be guessed, as was shown a decade ago with the "Kaminsky vulnerability" (giving names to vulnerabilities is not a new thing). A workaround is to also randomize the source port, so the attacker has to guess both the query ID and the source port used for the request. The true fix for the "Kaminsky vulnerability" would be to use DNSSEC, since even if the attacker spoofs the DNS response, they can't spoof the DNSSEC signature.

Yes, this buffer overflow is in code added precisely to protect against an attacker forging DNS responses. Ironic, isn't it?