Lack of detail in the announcement
I saw the announcement last week and still don't know if there are other ways to trigger this.
e.g. most mail servers do a lookup on the connecting IP to get the hostname from RDNS and sometimes the envelope and header to/from/cc/etc lines to do canonicalisation.
It is unclear to me if it is possible to use that to trigger the crash or if it needs something more from the query.
If it *is* possible to crash it via mail servers (or other services that do DNS lookups) then the potential exposure just skyrocketed.