Secrecy and the DNS flaw

The solution is apparently to start used random selected UDP source 
ports on the nameserver when answering to DNS requests. Well the new 
problem has with this solution already been created : "Vulnerability in 
IANA root servers, servers go down after UDP port storm." 
 
The only sensible solution is to create a hierarchical slaves.conf 
access list. WHO are allowed recursive access to higher up bind 
servers?  Besides selection using ip-numbers, one can also be awarded 
with a valid DNS SEC hmac-md5 key. Ok I know this is Big Brother style 
stuff. But i don't know of any DNS hackers who like to leave their 
identity inside nameserver logs.