Kaminsky's attack are supposed to affect recursive resolvers and caching resolvers worst, and evdns.c is neither. Nevertheless, we should do what we can, by:
1) making sure that our code double-checks replies against request properly, and
2) warning if the prng is not sent to something secure, and maybe
3) adding support for randomized source-ports
For #2, we could add a secure prng to libevent. That might be a bit crazy though.
We've done all of this except for randomized source-ports. Moving to feature-requests