"Unrelated Additional Info" from Windows 2000 Active Directory servers

Adam Hooper adamhooper at videotron.ca
Wed Oct 3 02:30:58 UTC 2001 

Thanks for replying!

> -----Original Message-----
> From: bind-users-bounce at isc.org 
> [mailto:bind-users-bounce at isc.org] On Behalf Of Kevin Darcy
> Sent: Tuesday, October 02, 2001 5:47 PM
> To: bind-users at isc.org
> Subject: Re: "Unrelated Additional Info" from Windows 2000 
> Active Directory servers
> 
> 
> 
> Adam Hooper wrote:

> > The internal win2k server "resin" also handles reverse DNS 
> lookups for 
> > domainB. Here's the entry for that forward in named.conf:
> >
> > zone "1.168.192.in-addr.arpa" in {
> >         type forward;
> >         check-names ignore;
> >         forward first;
> >         forwarders { 192.168.1.202; };
> >         file "rev.1.168.192";
> > };
> 
> "Type forward" zones don't have a "file". What would you even 
> put into that file? You're forwarding all of the queries you 
> get for the domain, so there is no reason to have a file.

Heh, knew someone would pick up on that. I probably did the wrong thing
here, but it seems to work. When a computer queries carbon,
192.168.1.201, for any IP, carbon does an nslookup on itself (I think)
and for some reason doesn't check resin even though it's supposed to be
forwarded. The result: Every nslookup takes 2 seconds and while the
response comes through, there's a nice error message along with each
one.

Nobody here really knows what's going on since we're not that familiar
with DNS. However, this seems to work so we left it alone: we simply
made a zone file with only carbon, 192.168.1.201, in it. Is there a
better way to do this?

> Whatever nameserver is at 192.168.1.202 is apparently not 
> following standards. Like the message says, it's putting 
> unrelated information in the "Additional" section of its DNS 
> responses. That would be like saying "You should go see a 
> specialist about that skin condition, and, oh by the way, Pi 
> is approximately 3.14159". Actually, it's even worse than a 
> _non_sequitur_ like that, because unrelated Additional 
> information can sometimes be the result of malicious attempts 
> to "poison" your nameserver's cache with bogus data. That's 
> why BIND warns about it.

I'll check out the configuration on the Windows 2000 servers then.
Thanks! :)

> - Kevin

And thank you once again!

Adam Hooper
adamhooper at videotron.ca

More information about the bind-users mailing list