GODEBUG=netdns=go should be enough as a mitigation for Go binaries: https://golang.org/pkg/net/#hdr-Name_Resolution
Unless you actually need to use the system resolver, presumably.
This could mean that musl libc is full of bug. This could also mean that it is easy to spot bugs if they exist, and that people actively audit for finding some.
I have some bad news for you, nearly all software is full of bug.
Computer science is hard! :)
So, could you say that affected releases are toxic?