Haven't solved your DNS problems yet? It is OK, I have a few suggestions-
If you have mainstream systems with patches already released- just patch them. Don't take my word for it, ask Google or your favorite info sources for known issues with these patches and deal with it.
Maybe you have some older or specialty systems, and patches aren't available yet (or maybe won't ever be available). In this case, do not rush to come up with permanent solutions or move your DNS to a new platform; rush to mitigate the problem, then when the immediate exposure is addressed you can take your time and either wait for a patch or deploy your own long-term solution. Rolling out a new DNS infrastructure in a hurry could make you do something stupid. Remember, you are trying to solve a problem, not create a new one.
Jack
