diff -Nurp djbdns-1.05-epoll-20070222T160840Z/FILES djbdns-1.05-epoll-20070304T144118Z/FILES
--- djbdns-1.05-epoll-20070222T160840Z/FILES	2007-02-22 12:48:35.258821000 +0200
+++ djbdns-1.05-epoll-20070304T144118Z/FILES	2007-03-04 18:02:05.178006000 +0200
@@ -87,7 +87,6 @@ dns_random.c
 dns_rcip.c
 dns_rcrw.c
 dns_resolve.c
-dns_sortip.c
 dns_transmit.c
 dns_txt.c
 choose.sh
diff -Nurp djbdns-1.05-epoll-20070222T160840Z/Makefile djbdns-1.05-epoll-20070304T144118Z/Makefile
--- djbdns-1.05-epoll-20070222T160840Z/Makefile	2007-02-22 17:23:04.585562000 +0200
+++ djbdns-1.05-epoll-20070304T144118Z/Makefile	2007-03-04 17:10:00.757459000 +0200
@@ -222,11 +222,11 @@ choose compile trydrent.c direntry.h1 di
 dns.a: \
 makelib dns_dfd.o dns_domain.o dns_dtda.o dns_ip.o dns_ipq.o dns_mx.o \
 dns_name.o dns_nd.o dns_packet.o dns_random.o dns_rcip.o dns_rcrw.o \
-dns_resolve.o dns_sortip.o dns_transmit.o dns_txt.o
+dns_resolve.o dns_transmit.o dns_txt.o
 	./makelib dns.a dns_dfd.o dns_domain.o dns_dtda.o dns_ip.o \
 	dns_ipq.o dns_mx.o dns_name.o dns_nd.o dns_packet.o \
 	dns_random.o dns_rcip.o dns_rcrw.o dns_resolve.o \
-	dns_sortip.o dns_transmit.o dns_txt.o
+	dns_transmit.o dns_txt.o
 
 dns_dfd.o: \
 compile dns_dfd.c error.h alloc.h byte.h dns.h stralloc.h gen_alloc.h \
@@ -274,8 +274,8 @@ taia.h tai.h uint64.h taia.h
 	./compile dns_packet.c
 
 dns_random.o: \
-compile dns_random.c dns.h stralloc.h gen_alloc.h iopause.h taia.h \
-tai.h uint64.h taia.h taia.h uint32.h
+compile dns_random.c dns.h stralloc.h gen_alloc.h iopause.h \
+uint16.h uint32.h byte.h
 	./compile dns_random.c
 
 dns_rcip.o: \
@@ -295,11 +295,6 @@ compile dns_resolve.c iopause.h taia.h t
 dns.h stralloc.h gen_alloc.h iopause.h taia.h builtinhacks.h
 	./compile dns_resolve.c
 
-dns_sortip.o: \
-compile dns_sortip.c byte.h dns.h stralloc.h gen_alloc.h iopause.h \
-taia.h tai.h uint64.h taia.h builtinhacks.h
-	./compile dns_sortip.c
-
 dns_transmit.o: \
 compile dns_transmit.c socket.h uint16.h alloc.h error.h byte.h \
 uint16.h dns.h stralloc.h gen_alloc.h iopause.h taia.h tai.h uint64.h \
@@ -694,7 +689,7 @@ load random-ip.o dns.a libtai.a buffer.a
 
 random-ip.o: \
 compile random-ip.c buffer.h exit.h fmt.h scan.h dns.h stralloc.h \
-gen_alloc.h iopause.h taia.h tai.h uint64.h taia.h
+gen_alloc.h iopause.h taia.h tai.h uint64.h taia.h open.h strerr.h
 	./compile random-ip.c
 
 rbldns: \
diff -Nurp djbdns-1.05-epoll-20070222T160840Z/TARGETS djbdns-1.05-epoll-20070304T144118Z/TARGETS
--- djbdns-1.05-epoll-20070222T160840Z/TARGETS	2007-02-22 12:48:30.891009000 +0200
+++ djbdns-1.05-epoll-20070304T144118Z/TARGETS	2007-03-04 18:02:08.362873000 +0200
@@ -106,7 +106,6 @@ dns_random.o
 dns_rcip.o
 dns_rcrw.o
 dns_resolve.o
-dns_sortip.o
 dns_transmit.o
 dns_txt.o
 dns.a
diff -Nurp djbdns-1.05-epoll-20070222T160840Z/builtinhacks.h djbdns-1.05-epoll-20070304T144118Z/builtinhacks.h
--- djbdns-1.05-epoll-20070222T160840Z/builtinhacks.h	2007-02-22 17:44:03.705332000 +0200
+++ djbdns-1.05-epoll-20070304T144118Z/builtinhacks.h	2007-02-23 15:05:43.058286000 +0200
@@ -429,6 +429,7 @@ static inline void __constant_byte_zero(
 static inline void __constant_byte_zero(void *__to, unsigned long int n)
 {
   char *to = __to;
+  uint64 *to64;
 
   switch(n) {
     case 0:
@@ -601,6 +602,18 @@ static inline void __constant_byte_zero(
       to[14] = 0;
       to[15] = 0;
       return;
+    case 64:
+      to64 = (uint64*)to;
+
+      to64[0] = 0;
+      to64[1] = 0;
+      to64[2] = 0;
+      to64[3] = 0;
+      to64[4] = 0;
+      to64[5] = 0;
+      to64[6] = 0;
+      to64[7] = 0;
+      return;
     default:
       return __real_byte_zero(to, n);
   }
diff -Nurp djbdns-1.05-epoll-20070222T160840Z/dns.h djbdns-1.05-epoll-20070304T144118Z/dns.h
--- djbdns-1.05-epoll-20070222T160840Z/dns.h	2007-02-22 13:06:28.057891000 +0200
+++ djbdns-1.05-epoll-20070304T144118Z/dns.h	2007-03-04 17:52:37.586678000 +0200
@@ -6,7 +6,9 @@
 #include "taia.h"
 #include "error.h"
 #include "case.h"
+#include "uint16.h"
 #include "uint32.h"
+#include "byte.h"
 
 #define DNS_C_IN "\0\1"
 #define DNS_C_ANY "\0\377"
@@ -61,9 +63,7 @@ extern int delete_deadline(struct dns_tr
 extern int add_deadline(struct dns_transmit*);
 extern void dns_random_init(const char *);
 extern int dns_epoll_init(int);
-extern unsigned int dns_random(unsigned int);
-
-extern void dns_sortip(char *,unsigned int);
+extern uint16 dns_random(void);
 
 extern void dns_domain_free(char **);
 extern int dns_domain_copy(char **,const char *);
@@ -136,5 +136,22 @@ static inline int dns_domain_equal(const
   return 1;
 }
 
+/* XXX: sort servers by configurable notion of closeness? */
+/* XXX: pay attention to competence of each server? */
+
+static inline void dns_sortip(char *s,unsigned int n)
+{
+  int i;
+  unsigned int rnd;
+  char tmp[4];
+
+  n >>= 2;
+  for (i = n - 1; i > 0; i--) {
+    rnd = dns_random() % n;
+    byte_copy(tmp,4,s + (i << 2));
+    byte_copy(s + (i << 2),4,s + (rnd << 2));
+    byte_copy(s + (rnd << 2),4,tmp);
+  }
+}
 
 #endif
diff -Nurp djbdns-1.05-epoll-20070222T160840Z/dns_random.c djbdns-1.05-epoll-20070304T144118Z/dns_random.c
--- djbdns-1.05-epoll-20070222T160840Z/dns_random.c	2007-02-22 18:06:32.690266000 +0200
+++ djbdns-1.05-epoll-20070304T144118Z/dns_random.c	2007-03-04 16:38:36.994962000 +0200
@@ -1,62 +1,78 @@
 #include <unistd.h>
 #include "dns.h"
-#include "taia.h"
+#include "uint16.h"
 #include "uint32.h"
+#include "byte.h"
 
-static uint32 seed[32];
-static uint32 in[12];
-static uint32 out[8];
-static int outleft = 0;
+#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
 
-#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b))))
-#define MUSH(i,b) x = t[i] += (((x ^ seed[i])) ^ ROTATE(x,b));
+/* suggestion: use 8, 12 or 20. below 8 is not very secure. */
+#define LOOPS 8
 
-static void surf(void)
+void salsa20(uint32 out[16], uint32 in[16])
 {
-  uint32 t[12]; uint32 x;
-  int r; int i; int loop;
+  int i;
+  uint32 x[16];
+
+  for (i = 0; i < 16; ++i) x[i] = in[i];
 
-  for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i];
-  for (i = 0;i < 8;++i) out[i] = seed[24 + i];
-  x = t[11];
-  for (loop = 0;loop < 2;++loop) {
-    for (r = 0;r < 8;++r) {
-      MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13)
-      MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13)
-      MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13)
-    }
-    for (i = 0;i < 8;++i) out[i] ^= t[i + 4];
+  for (i = LOOPS;i > 0;i -= 2) {
+    x[ 4] ^= R(x[ 0]+x[12], 7);
+    x[ 8] ^= R(x[ 4]+x[ 0], 9);
+    x[12] ^= R(x[ 8]+x[ 4],13);
+    x[ 0] ^= R(x[12]+x[ 8],18);
+    x[ 9] ^= R(x[ 5]+x[ 1], 7);
+    x[13] ^= R(x[ 9]+x[ 5], 9);
+    x[ 1] ^= R(x[13]+x[ 9],13);
+    x[ 5] ^= R(x[ 1]+x[13],18);
+    x[14] ^= R(x[10]+x[ 6], 7);
+    x[ 2] ^= R(x[14]+x[10], 9);
+    x[ 6] ^= R(x[ 2]+x[14],13);
+    x[10] ^= R(x[ 6]+x[ 2],18);
+    x[ 3] ^= R(x[15]+x[11], 7);
+    x[ 7] ^= R(x[ 3]+x[15], 9);
+    x[11] ^= R(x[ 7]+x[ 3],13);
+    x[15] ^= R(x[11]+x[ 7],18);
+    x[ 1] ^= R(x[ 0]+x[ 3], 7);
+    x[ 2] ^= R(x[ 1]+x[ 0], 9);
+    x[ 3] ^= R(x[ 2]+x[ 1],13);
+    x[ 0] ^= R(x[ 3]+x[ 2],18);
+    x[ 6] ^= R(x[ 5]+x[ 4], 7);
+    x[ 7] ^= R(x[ 6]+x[ 5], 9);
+    x[ 4] ^= R(x[ 7]+x[ 6],13);
+    x[ 5] ^= R(x[ 4]+x[ 7],18);
+    x[11] ^= R(x[10]+x[ 9], 7);
+    x[ 8] ^= R(x[11]+x[10], 9);
+    x[ 9] ^= R(x[ 8]+x[11],13);
+    x[10] ^= R(x[ 9]+x[ 8],18);
+    x[12] ^= R(x[15]+x[14], 7);
+    x[13] ^= R(x[12]+x[15], 9);
+    x[14] ^= R(x[13]+x[12],13);
+    x[15] ^= R(x[14]+x[13],18);
   }
+  for (i = 0;i < 16;++i) out[i] = x[i] + in[i];
 }
 
-void dns_random_init(const char data[128])
-{
-  int i;
-  struct taia t;
-  char tpack[16];
-
-  for (i = 0;i < 32;++i)
-    uint32_unpack(data + 4 * i,seed + i);
+static uint32 salsa20_in[16];
 
-  taia_now(&t);
-  taia_pack(tpack,&t);
-  for (i = 0;i < 4;++i)
-    uint32_unpack(tpack + 4 * i,in + 4 + i);
-
-  in[8] = getpid();
-  in[9] = getppid();
-  /* more space in 10 and 11, but this is probably enough */
+void dns_random_init(const char data[64])
+{
+  byte_copy(salsa20_in, 64, data);
 }
 
-unsigned int dns_random(unsigned int n)
+uint16 dns_random(void)
 {
-  if (!n) return 0;
+  static uint16 salsa20_out[32] __attribute__((aligned(8)));
+  static uint32 outleft;
 
-  if (!outleft) {
-    if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3];
-    surf();
-    outleft = 8;
+  if (outleft == 0) {
+    if (!++salsa20_in[0]) if (!++salsa20_in[1]) if (!++salsa20_in[2]) if (!++salsa20_in[3])
+      if (!++salsa20_in[4]) if (!++salsa20_in[5]) if (!++salsa20_in[6]) if (!++salsa20_in[7])
+        if (!++salsa20_in[8]) if (!++salsa20_in[9]) if (!++salsa20_in[10]) if (!++salsa20_in[11])
+          if (!++salsa20_in[12]) if (!++salsa20_in[13]) if (!++salsa20_in[14])   ++salsa20_in[15];
+    outleft = 32;
+    salsa20(salsa20_out, salsa20_in);
   }
-
-  return out[--outleft] % n;
+  return salsa20_out[--outleft];
 }
+
diff -Nurp djbdns-1.05-epoll-20070222T160840Z/dns_sortip.c djbdns-1.05-epoll-20070304T144118Z/dns_sortip.c
--- djbdns-1.05-epoll-20070222T160840Z/dns_sortip.c	2001-02-11 23:11:45.000000000 +0200
+++ djbdns-1.05-epoll-20070304T144118Z/dns_sortip.c	1970-01-01 02:00:00.000000000 +0200
@@ -1,20 +0,0 @@
-#include "byte.h"
-#include "dns.h"
-
-/* XXX: sort servers by configurable notion of closeness? */
-/* XXX: pay attention to competence of each server? */
-
-void dns_sortip(char *s,unsigned int n)
-{
-  unsigned int i;
-  char tmp[4];
-
-  n >>= 2;
-  while (n > 1) {
-    i = dns_random(n);
-    --n;
-    byte_copy(tmp,4,s + (i << 2));
-    byte_copy(s + (i << 2),4,s + (n << 2));
-    byte_copy(s + (n << 2),4,tmp);
-  }
-}
diff -Nurp djbdns-1.05-epoll-20070222T160840Z/dns_transmit.c djbdns-1.05-epoll-20070304T144118Z/dns_transmit.c
--- djbdns-1.05-epoll-20070222T160840Z/dns_transmit.c	2006-04-25 21:14:14.202581000 +0300
+++ djbdns-1.05-epoll-20070304T144118Z/dns_transmit.c	2007-03-04 16:09:11.901996000 +0200
@@ -131,7 +131,7 @@ static int randombind(struct dns_transmi
   int j;
 
   for (j = 0;j < 10;++j)
-    if (socket_bind4(d->s1 - 1,d->localip,1025 + dns_random(64510)) == 0)
+    if (socket_bind4(d->s1 - 1,d->localip,1025 + (dns_random()%64510)) == 0)
       return 0;
   if (socket_bind4(d->s1 - 1,d->localip,0) == 0)
     return 0;
@@ -151,7 +151,7 @@ static int thisudp(struct dns_transmit *
     for (;d->curserver < 16;++d->curserver) {
       ip = d->servers + 4 * d->curserver;
       if (byte_diff(ip,4,"\0\0\0\0")) {
-        uint16 uid16 = dns_random(65536);
+        uint16 uid16 = dns_random();
         d->query[2] = uid16 >> 8;
         d->query[3] = uid16;
 
@@ -212,7 +212,7 @@ static int thistcp(struct dns_transmit *
   for (;d->curserver < 16;++d->curserver) {
     ip = d->servers + 4 * d->curserver;
     if (byte_diff(ip,4,"\0\0\0\0")) {
-      uint16 uid16 = dns_random(65536);
+      uint16 uid16 = dns_random();
       d->query[2] = uid16 >> 8;
       d->query[3] = uid16; 
 
diff -Nurp djbdns-1.05-epoll-20070222T160840Z/dnscache.c djbdns-1.05-epoll-20070304T144118Z/dnscache.c
--- djbdns-1.05-epoll-20070222T160840Z/dnscache.c	2007-02-22 18:06:42.863828000 +0200
+++ djbdns-1.05-epoll-20070304T144118Z/dnscache.c	2007-03-04 16:29:07.195185000 +0200
@@ -902,7 +902,7 @@ int main()
   char *x;
   unsigned long cachesize;
   int defer = 10;
-  char seed[128]={0};
+  char seed[64]={0};
 
   x = env_get("IP");
   if (!x)
@@ -930,7 +930,7 @@ int main()
   dns_random_init(seed);
   byte_zero(seed, sizeof seed);
   close(0);
-  hash_seed = (dns_random(65536) << 16) + dns_random(65536);
+  hash_seed = (dns_random() << 16) + dns_random();
 
   x = env_get("IPSEND");
   if (!x)
diff -Nurp djbdns-1.05-epoll-20070222T160840Z/query.h djbdns-1.05-epoll-20070304T144118Z/query.h
--- djbdns-1.05-epoll-20070222T160840Z/query.h	2007-02-22 13:55:17.796286000 +0200
+++ djbdns-1.05-epoll-20070304T144118Z/query.h	2007-02-23 14:16:21.224000000 +0200
@@ -14,7 +14,7 @@ struct query {
   char *name[QUERY_MAXLEVEL];
   char *control[QUERY_MAXLEVEL]; /* pointing inside name */
   char *ns[QUERY_MAXLEVEL][QUERY_MAXNS];
-  char servers[QUERY_MAXLEVEL][64];
+  char servers[QUERY_MAXLEVEL][64] __attribute__((aligned((8))));
   char *alias[QUERY_MAXALIAS];
   uint32 aliasttl[QUERY_MAXALIAS];
   char localip[4];
diff -Nurp djbdns-1.05-epoll-20070222T160840Z/random-ip.c djbdns-1.05-epoll-20070304T144118Z/random-ip.c
--- djbdns-1.05-epoll-20070222T160840Z/random-ip.c	2001-02-11 23:11:45.000000000 +0200
+++ djbdns-1.05-epoll-20070304T144118Z/random-ip.c	2007-03-04 16:17:46.078140000 +0200
@@ -1,8 +1,15 @@
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
 #include "buffer.h"
 #include "exit.h"
 #include "fmt.h"
 #include "scan.h"
 #include "dns.h"
+#include "open.h"
+#include "strerr.h"
 
 char ip[4];
 int ipfixed = 0;
@@ -11,7 +18,9 @@ unsigned char tab[256];
 
 char strnum[FMT_ULONG];
 
-char seed[128];
+char seed[64];
+
+#define FATAL "random-ip: fatal: "
 
 int main(int argc,char **argv)
 {
@@ -19,12 +28,20 @@ int main(int argc,char **argv)
   int i;
   int j;
   unsigned char c;
+  int fd;
+
+  fd = open_read("/dev/urandom");
+  if (fd == -1)
+    strerr_die2sys(111,FATAL,"unable to open /dev/urandom: ");
+  if (read(fd, seed, sizeof(seed)) != sizeof(seed))
+    strerr_die2sys(111,FATAL,"unable to read /dev/urandom: ");
+  close(fd);
 
   dns_random_init(seed);
 
   for (i = 0;i < 256;++i) tab[i] = i;
   for (j = 256;j > 0;--j) {
-    i = dns_random(j);
+    i = dns_random() % j;
     c = tab[j - 1];
     tab[j - 1] = tab[i];
     tab[i] = c;