There are many hacks for DNS servers, especially from Microsoft and most firewall vendors, even the pure appliance guys are adding inbound application proxies for DNS to clean things up a big.
Look at NetScreen, Secure computing, SonicWall, even new Cisco firewalls have added this feature.