My understanding after reading other questions here is that an attacker would need control of the nameserver or the ability to forge responses from it to exploit this. Could it be abused in other ways?
For context, we have an application that connects to an LDAP server, optionally over SSL, to retrieve info about a domain. Customers configure the connection with a hostname or IP address, port, credentials, etc. Most of these servers are on internal networks, but some are public.
The current certificate verification code doesn't correctly verify the hostname in the server cert, which we're now fixing. The problem is that many customers have set the host to an IP address. To avoid breaking their setups on upgrade, we're thinking of using FCrDNS to get the hostname if the IP address isn't in the cert's subject alt names.