"Unrelated Additional Info" from Windows 2000 Active Directory servers

Adam Hooper adamhooper at videotron.ca
Wed Oct 3 02:30:58 UTC 2001

Thanks for replying!

> -----Original Message-----
> From: bind-users-bounce at isc.org 
> [mailto:bind-users-bounce at isc.org] On Behalf Of Kevin Darcy
> Sent: Tuesday, October 02, 2001 5:47 PM
> To: bind-users at isc.org
> Subject: Re: "Unrelated Additional Info" from Windows 2000 
> Active Directory servers
> Adam Hooper wrote:

> > The internal win2k server "resin" also handles reverse DNS 
> lookups for 
> > domainB. Here's the entry for that forward in named.conf:
> >
> > zone "1.168.192.in-addr.arpa" in {
> >         type forward;
> >         check-names ignore;
> >         forward first;
> >         forwarders {; };
> >         file "rev.1.168.192";
> > };
> "Type forward" zones don't have a "file". What would you even 
> put into that file? You're forwarding all of the queries you 
> get for the domain, so there is no reason to have a file.

Heh, knew someone would pick up on that. I probably did the wrong thing
here, but it seems to work. When a computer queries carbon,, for any IP, carbon does an nslookup on itself (I think)
and for some reason doesn't check resin even though it's supposed to be
forwarded. The result: Every nslookup takes 2 seconds and while the
response comes through, there's a nice error message along with each

Nobody here really knows what's going on since we're not that familiar
with DNS. However, this seems to work so we left it alone: we simply
made a zone file with only carbon,, in it. Is there a
better way to do this?

> Whatever nameserver is at is apparently not 
> following standards. Like the message says, it's putting 
> unrelated information in the "Additional" section of its DNS 
> responses. That would be like saying "You should go see a 
> specialist about that skin condition, and, oh by the way, Pi 
> is approximately 3.14159". Actually, it's even worse than a 
> _non_sequitur_ like that, because unrelated Additional 
> information can sometimes be the result of malicious attempts 
> to "poison" your nameserver's cache with bogus data. That's 
> why BIND warns about it.

I'll check out the configuration on the Windows 2000 servers then.
Thanks! :)

> - Kevin

And thank you once again!

Adam Hooper
adamhooper at videotron.ca 

More information about the bind-users mailing list