pydns does not use the transaction id field of DNS requests and responses. This is perfectly legal, however, some firewalls (at least one that we nailed down with extensive packet tracing) drop duplicate DNS packets in stateful inspection mode. This is clearly wrong, but what can you do? So we "fixed" it by having pydns put a random number in the transaction id field (and then ignore it). It would be good if we actually checked the transaction id in response packets for a match.