I'm collecting countermeasures to the verisign wildcard DNS records
at http://www.imperialviolet.org/dnsfix.html. Currently there are
patches for BIND 9.2.2 and djbdns (not authored by myself) and a
Linux userland/netfilter program that rewrites DNS packets (which is).
If anyone has other patches/countermeasures I'm happy to maintain a list
of links at the above URL.