Verisign Countermeasures - BIND and djbdns patches

I'm collecting countermeasures to the verisign wildcard DNS records
at http://www.imperialviolet.org/dnsfix.html. Currently there are
patches for BIND 9.2.2 and djbdns (not authored by myself) and a
Linux userland/netfilter program that rewrites DNS packets (which is).

If anyone has other patches/countermeasures I'm happy to maintain a list
of links at the above URL.

Patch for Bind 8.4.1 - http://achurch.org/bind-verisign-patch.html
Quick and dirty.

Very early patch for pdns_recursor (GPL & everything) below. I'll work up
something more permanent, perhaps tonight.

Index: syncres.cc