Can I remove the ::1 IPv6 loopback address as the Preferred DNS IP on the IPv6 interface of my Domain Controllers?
Posted on 2011-02-24
I've noticed that on a number of my domain controllers (DCs) that live in sites with network hardware that cannot pass IPv6 traffic, that my DCs are having DNS lookup issues. For instance, you run nslookup and instantly see a 2 second or more delay. When attempting to resolve any names that require forwarding, the lookup fails.
The DCs are healthy insofar as their internal services are concerned and the forest in general is very healthy. I've found that if I simply remove the ::1 from the Preferred DNS of the IPv6 interface, my lookups work swimmingly, no issues.
Per my standards, and those sanctioned by Microsoft, all my DCs are set to look at another DC first (Preferred) and themselves second (Alternate). With the ::1 being specified on the IPv6 interface, that violates that standard and also causes lookup issues as my switches in certain locations won't pass the traffic so the packets are dropped.
So that said... I don't want to disable IPv6, I'm well aware of the side-effects that can cause for Server 2008 and later. But what I do want to do is remove the ::1 from the IPv6 interface DNS settings. Will I hurt anything when it comes to AD with this change? It seems that dcpromo puts the value here during promotion. None of my member servers have ::1 specified.
Any input is appreciated.