As discussed in 31459:

> 1) when built with --enable-crypto-rand, "crypto" is used instead of
>    "openssl" or "pkcs11" to indicate use of the crypto library random
>    number generator
> 2) when built with --enable-crypto-rand, random-device defaults to "crypto"
> 3) when overridden with -r or the random-device option, crypto-rand is
>    fully disabled, and a file source is used in its place.
> 4) the uses of isc_random_get() that you noted as BAD should be updated
>    to isc_rng_random(), OR, isc_random_get() should be altered to be a
>    front-end for isc_rng_random().
> 5) improve comments and write some developer doc that does a better
>    job explaining how the RNG/PRNG functions interrelate

The "BAD" uses of isc_random_get() were:

  - to initialize FNV hash name (BTW this is BAD)
  - client cookie nonce (BAD)
  - nsec3param salt (BAD)
  - rndc initial serial number of messages (BAD)