unrelated additional info 'host' type A from

[Barry Margolin]

In article <aa9ard$ars at pub3.rc.vix.com>,
Luis Manuel Cova <lcova at poz.unexpo.edu.ve> wrote:
>Isnt there another way to fix this....
>
>How can i eliminate this error message form the messages log. (Remember I
>can 't touch the Win2k box)
>
> * Can i include another sub-domain delegation for "bio.cib.DOMAIN.COM"????
> * Can i add a PTR record for the other name..

The problem is that when your slave server queries the master for the SOA
record (which it does whenever it's time to refresh the zone), the master
includes inappropriate information in the response, and BIND warns about
this malformed response.  It has nothing to do with whether the name is
valid or not, it's just extra information that shouldn't be in the response
in the first place.

I believe the reason Microsoft DNS does this is because Active Directory
makes heavy use of dynamic updates, and the clients query for the SOA
record to learn the master server that they should send the updates to.
The server includes the A record of the SOA MNAME field to save the clients
the need to perform a second query for that; it's the same reason that A
records are included whenever you respond to an MX query.  The only
difference is that the DNS RFC's say that the latter is required, but don't
say anything about including additional records when responding to SOA
queries.

I think the reason BIND warns about this is because bogus records in the
Additional Records field are often used in cache poisoning attacks.  BIND 9
is supposed to be immune to these; the log message warns you that someone
might have been *trying* to poison your cache.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.