diff --git a/CHANGES b/CHANGES
index 916628976f..e2c1fb0fdb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+1339.	[func]		libbind: log attempts to exploit #1338.
+
 1338.	[bug]		libbind: Remote buffer overrun.
 
 1337.	[port]		libbind: TrueUNIX 5.1 does not like __align as a
diff --git a/lib/bind/irs/dns_ho.c b/lib/bind/irs/dns_ho.c
index 9f51df9cc8..bb7b512bcd 100644
--- a/lib/bind/irs/dns_ho.c
+++ b/lib/bind/irs/dns_ho.c
@@ -52,7 +52,7 @@
 /* BIND Id: gethnamaddr.c,v 8.15 1996/05/22 04:56:30 vixie Exp $ */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static const char rcsid[] = "$Id: dns_ho.c,v 1.10 2002/06/28 06:06:23 marka Exp $";
+static const char rcsid[] = "$Id: dns_ho.c,v 1.11 2002/06/28 06:12:42 marka Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 /* Imports. */
@@ -74,6 +74,7 @@ static const char rcsid[] = "$Id: dns_ho.c,v 1.10 2002/06/28 06:06:23 marka Exp
 #include <resolv.h>
 #include <stdio.h>
 #include <string.h>
+#include <syslog.h>
 
 #include <isc/memcluster.h>
 #include <irs.h>
@@ -1194,6 +1195,15 @@ gethostans(struct irs_ho *this,
 		eor = cp + n;
 		if ((qtype == T_A || qtype == T_AAAA || qtype == ns_t_a6 ||
 		     qtype == T_ANY) && type == T_CNAME) {
+			if (haveanswer) {
+				int level = LOG_CRIT;
+#ifdef LOG_SECURITY
+				level |= LOG_SECURITY;
+#endif
+				syslog(level,
+ "gethostans: possible attempt to exploit buffer overflow while looking up %s",
+					*qname ? qname : ".");
+			}
 			n = dn_expand(ansbuf, eor, cp, tbuf, sizeof tbuf);
 			if (n < 0 || !maybe_ok(pvt->res, tbuf, name_ok)) {
 				had_error++;