As it turns out, Deadwood is immune to this attack because it uses a different method to resolve domains than what most other DNS servers use. While more complicated, Deadwood is immune to some attacks which other DNS servers are vulnerable to.
I describe how Deadwood resolves domains in great depth in the following paper:
Since the above document does not clarify this: Deadwood, like any other modern DNS server, does DNS ID and source port randomization. Indeed, Deadwood was doing this well before Kaminsky's attack came to surface in mid-2008.
To post a comment about an entry, send me an email and I may or may not post your comment (with or without editing)