DNSR-734 — Irrelevant additional record found
Resource record (RR) of printed type and order (additional record) has name that does not appear at the right side of any previous RR. This inconsistency can be an exposure of a cache poisoning attack. By default, the whole answer is ignored and next server is tried. This is the case of an A-level message.
This behavior can be changed for particular domains by the IGNORE-VOID-RR item in proper REQUEST-ACLs. However, select carefully the domains that really needed this feature (i.e. because servers of some domain send more nameserver records in additional section than in authority one). When this function is switched on, the D-level message reports occurence of the inconsistency.