Source port randomization is a feature which clients use when querying DNS resolvers and which DNS resolvers use when querying DNS authorities. It is indeed a standard mitigation for cache poisoning. The Route 53 Resolver in your VPC, in common with pretty much all modern resolvers, does use source port randomization when querying authorities.
If you are very concerned about cache poisoning, you might also be interested in enabling DNSSEC validation in your VPC, which allows cryptographic validation of responses, if the domain you're querying is DNSSEC signed. See the Route 53 Resolver documentation:
I would suggest being a little careful enabling DNSSEC validation. Occasionally third party public domains may have broken signatures. If that is the case, enabling DNSSEC validation will (by design) cause DNS resolution to fail for those domains.
Thanks for your help.
AWS S3 port 444 is open to the public internetasked 2 months ago
The EC2 public address is not accessible from everywhereAccepted Answerasked 8 months ago
Unable to resolve the private dns name of a Sagemaker runtime VPC interface endpointasked 3 months ago
Retrieving DNS Name and Port Before the onGameSessionStart CallbackAccepted Answerasked a year ago
ALB Queries, Route53Accepted Answerasked 2 years ago
In the midst of transferring all my domains to Route53 I have an important .UK.NET domain that I find I cant transfer to ROUTE53Accepted Answerasked 6 months ago
ec2 disconnects from the internet every monthasked 6 months ago
Health check in route53 by portasked 8 months ago
Is Source Port Randomization Enabled on AWS Route53?Accepted Answerasked a year ago
Can I Get the Port 25 Restriction Removed Without Using EC2 or Lightsail?asked 15 days ago