diff --git a/CHANGES b/CHANGES
index 33178b1432..894647d993 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+1607.	[bug]		dig, host and nslookup were still using random()
+			to generate query ids. [RT# 11013]
+
 1606.	[placeholder]	rt10440a
 
 1605.	[placeholder]	rt10440a
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 3f7e799cbf..be3d2d7062 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.259 2004/03/05 04:57:30 marka Exp $ */
+/* $Id: dighost.c,v 1.260 2004/04/08 01:21:16 marka Exp $ */
 
 /*
  * Notice to programmers:  Do not use this code as an example of how to
@@ -53,6 +53,7 @@
 #include <isc/lang.h>
 #include <isc/netaddr.h>
 #include <isc/print.h>
+#include <isc/random.h>
 #include <isc/result.h>
 #include <isc/string.h>
 #include <isc/task.h>
@@ -806,13 +807,6 @@ setup_libs(void) {
 
 	debug("setup_libs()");
 
-	/*
-	 * Warning: This is not particularly good randomness.  We'll
-	 * just use random() now for getting id values, but doing so
-	 * does NOT ensure that id's can't be guessed.
-	 */
-	srandom(getpid());
-
 	result = isc_net_probeipv4();
 	if (result == ISC_R_SUCCESS)
 		have_ipv4 = ISC_TRUE;
@@ -1284,6 +1278,7 @@ insert_soa(dig_lookup_t *lookup) {
 void
 setup_lookup(dig_lookup_t *lookup) {
 	isc_result_t result;
+	isc_uint32_t id;
 	int len;
 	dig_server_t *serv;
 	dig_query_t *query;
@@ -1397,7 +1392,8 @@ setup_lookup(dig_lookup_t *lookup) {
 	trying(store, lookup);
 	INSIST(dns_name_isabsolute(lookup->name));
 
-	lookup->sendmsg->id = (unsigned short)(random() & 0xFFFF);
+	isc_random_get(&id);
+	lookup->sendmsg->id = (unsigned short)id & 0xFFFF;
 	lookup->sendmsg->opcode = dns_opcode_query;
 	lookup->msgcounter = 0;
 	/*