error -- unrelated additional info

Mathias Körber mathias at koerber.org
Thu Nov 9 17:36:50 UTC 2000 

> Could I please get additional explanation of the meaning of these
> errors. Please expand upon the answer from acmebw with a short =
play-by-
> play.
> thanks,
> Michael Mulligan
> Commonwealth of Kentucky/GOT

Hmm. The acmebw answer says it quite well, but let's try:

Say the remote nameserver is sending you this reply to a query of yours:
(I'm using dig output notation here for clarity. In real life all this
would be in a DNS packet..):

	# dig somedomain.com mx

	; <<>> DiG 8.2 <<>> somedomain.com mx=20
	;; res options: init recurs defnam dnsrch
	;; got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
	;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
	;; QUERY SECTION:
	;;      somedomain.com, type =3D MX, class =3D IN

	;; ANSWER SECTION:
	somedomain.com.          2H IN MX        10 mail1.somedomain.com.
	somedomain.com.          2H IN MX        20 mail2.otherdomain.com.

	;; ADDITIONAL SECTION:
	mail1.somedomain.com.    2H IN A         1.2.3.4
	mail2.otherdomain.com.   2H IN A         2.3.4.5
	socal.aprs.net.          2H IN A         15.3.2.1

	;; Total query time: 343 msec
	;; FROM: myhost to SERVER: default -- 0.0.0.0
	;; WHEN: Fri Nov 10 01:28:14 2000
	;; MSG SIZE  sent: 31  rcvd: 221

As you can see, the server sends you the answer to the MX query in the
ANSWER SECTION. As a hint, it also tells you (in the ADDITIONAL SECTION)
what it knows about the hosts mentioned in the ANSWER SECTION. Your =
nameserver
would use this data to faster find these hosts, but would not trust the
data as much as if it got it from their own authoritative nameserver (in =
this case,
mail2.otherdomain.com is from a different domain and any record in that =
domain
should be learned from that domain's auth. nameservers to be considered =
valid).

However, as you can see the ADDITIONAL SECTION also contains an entry =
for
socal.aprs.net, which was not even mentioned in the ANSWER SECTION.
So your nameserver is telling you that it will ignore this entry, as
it has no reason to use it. It might even be an attempt at poisoning =
your
cache with bogus data.

> -------------
> unrelated additional info 'socal.aprs.net' type A from
> [199.227.86.221].53
> CATEGORY: response-checks
> SEVERITY: info
> PAGE:
> LINKS:
>=20
> Indicates that your name server received a response from the name
> server at the IP address 199.227.86.221 that contained an address
> record for the domain name socal.aprs.net that was unrelated to any
> previous record in the message, and hence ignored.
>=20

HTH
mathias

More information about the bind-users mailing list