<

Windows 2008 IPV6 DNS PublishAddresses Connectivity Issues

Published on
10,313 Points
4,313 Views
Last Modified:
Approved
If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs (both IPv4 AND IPv6) into the DNS Domain record for DNS server resolution (NS records) and in turn end up having clients resolve to what could be an unwanted or unreachable subnet (especially with IPv6 enabled since clients will often try to resolve IPv6 first) - this woudl happen in cases where you don't do routing between the networks for the clients or this same server is not a gateway for the clients, thus users cannot resolve domain hosts and records.

This is ALSO the case per microsoft;

"When DNS queries for the domain name or the domain controller's fully qualified domain name (FQDN) are sent to a Windows 2000 domain controller that is running Routing and Remote Access, the domain name or FQDN for the domain controller is resolved to an Internet protocol (IP) address that is used by Routing and Remote Access. DNS Manager displays HOST (A) records for the Routing and Remote Access server IP addresses and Routing and Remote Access client IP addresses with the name of the domain controller and the name of the domain that is used for Active Directory."

In Microsoft Article http://support.microsoft.com/kb/289735, it states;

Start Registry Editor (Regedt32.exe).
Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
On the Edit menu, click Add Value, and then add the following registry value:
Value name: PublishAddresses
Data type: REG_SZ
Range: IP address
Default value: blank
Quit Registry Editor.
(then restart DNS server)

This article, while written for windows 2000, will work on 2008.

One additional problem is that this procedure will not work for IPV6 addresses.

I figured out the way to fix this (by chance ->)  in looking at the other registry values in the same container I noticed 'ListenAddresses' for example used REG_MULTI_SZ, not REG_SZ (as referenced in the MS article). If you use REG_MULTI_SZ for the PublishAddresses in reference to the Microsoft article/fix, it wil accept and function for both IPV6 addresses and IPV4 addresses.

I have tested this only on Windows 2008 (which supports IPV6). Windows 2003 has some support for IPv6, but I have not taken time to test it on 2003 DNS.
0
Comment
Author:nexusds
0 Comments

Featured Post

How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Join & Write a Comment

In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Check How effective MS Exchange Expert thinks Exchange Mailbox Recovery by SysTools IS. Visit the Official site to get detailed information:- https://www.systoolsgroup.com/exchange-recovery.html (https://www.systoolsgroup.com/exchange-recovery.h…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month