After applying a series of patches I found our DNS server failing to resolve names. Research lead me to discover an issue with named/bind and the underscore character. Reviewing the patches that were applied that are relative to bind I find patch-11717 and patch-12060.

Could someone tell me which patch implemented this new security "feature?" Also, is there a valid workaround? I've read briefly about being able to curcumvent the checking that looks for the underscore and causes the zone to not load, but I've also read bits about the workaround not working long term.

Any thoughts?

Thank you.