"Unrelated Additional Info" from Windows 2000 Active Directory servers

Tue Oct 2 21:47:27 UTC 2001

Adam Hooper wrote:

> Hello :)
>
> At our company we have a Linux box, "carbon", running BIND 8.2.4 and serving
> the world with lovely DNS information about "domainA" for all to behold. We
> also have two Windows 2000 Active Directory servers, both serving out
> internal network with lovely DNS information about "domainB". domainA only
> includes DNS entries for servers which are visible to the entire world;
> domainB includes all the internal computers here (except a few Linux boxes
> and the computers we haven't migrated to Windows 2000).
>
> DomainB's computers use "carbon" as their primary DNS server, and so
> "carbon" transfers all internal domainB queries/updates to "resin", one of
> the Win2k servers. Here's the entry in named.conf:
>
> zone "domainB" {
>         type forward;
>         check-names ignore;
>         forward only;
>         forwarders { 192.168.1.202; };
> };
>
> The internal win2k server "resin" also handles reverse DNS lookups for
> domainB. Here's the entry for that forward in named.conf:
>
> zone "1.168.192.in-addr.arpa" in {
>         type forward;
>         check-names ignore;
>         forward first;
>         forwarders { 192.168.1.202; };
>         file "rev.1.168.192";
> };

"Type forward" zones don't have a "file". What would you even put into that
file? You're forwarding all of the queries you get for the domain, so there is
no reason to have a file.

> All is running well. But when checking out our named log, there is something
> slightly odd:
>
> Oct  2 08:54:09 carbon named[595]: unrelated additional info 'resin.domainB'
> type A from [192.168.1.202].53
> Oct  2 08:55:48 carbon last message repeated 2 times
> Oct  2 08:56:57 carbon last message repeated 2 times
> Oct  2 09:03:26 carbon last message repeated 2 times
> Oct  2 09:09:03 carbon last message repeated 2 times
> Oct  2 09:09:03 carbon last message repeated 3 times
> Oct  2 09:09:03 carbon named[595]: unrelated additional info 'fca.domainB'
> type A from [192.168.1.202].53
> Oct  2 09:09:03 carbon named[595]: unrelated additional info 'resin.domainB'
> type A from [192.168.1.202].53
> Oct  2 09:09:38 carbon last message repeated 24 times
> Oct  2 09:21:26 carbon last message repeated 2 times
> Oct  2 09:23:19 carbon last message repeated 2 times
> Oct  2 09:28:57 carbon last message repeated 2 times
> Oct  2 09:31:14 carbon last message repeated 2 times

Whatever nameserver is at 192.168.1.202 is apparently not following standards.
Like the message says, it's putting unrelated information in the
"Additional" section of its DNS responses. That would be like saying "You
should go see a specialist about that skin condition, and, oh by the way, Pi is
approximately 3.14159". Actually, it's even worse than a _non_sequitur_ like
that, because unrelated Additional information can sometimes be the result of
malicious attempts to "poison" your nameserver's cache with bogus data. That's
why BIND warns about it.

- Kevin