• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3586
  • Last Modified:

IPV6 in DNS Record

I do not use ipv6. In my DNS forward lookup zones on all of my 6 domain controllers for every HOST(A) record, I have a IPV6 Host (AAAA) record....I tried deleting a few of these but they come right back. Do I need to go to each client & disable IPv^ in the registry before I can keep these records from populating into DNS again?

If so can I disable ipv6 with a GPO?
2 Solutions
Mike KlineCommented:
You have to disable IPv6 via the registry and network properties,

ACE has the steps here   http://msmvps.com/blogs/acefekay/archive/2010/05/27/how-to-disable-rss-tcp-chimney-feature-and-ipv6.aspx

Not a GPO specifically that does it, you could use GPP to modify the registry.  We disable it in our image....and before everyone gets upset I know there is a lot of debate about enabling or disabling IPv6.  That network with the image was a classified network that will never use IPv6.


Adam BrownSr Solutions ArchitectCommented:
The only other option available besides disabling IPv6 is to remove the option to Register this connections address in DNS in the DNS tab under advanced properties for the network card. You can push out a script that will do this through netsh in the command prompt. I'm working out the syntax right now.
I'd be willing to bet that you have a publicly routable IPv4 address assigned to the DCs, don't you? (In other words, an IP address that does not begin with 10.X, 192.168.X, or 172.16.X) If that is the case, the behavior you are seeing is being caused by the 6to4 protocol. Since most organizations do not use publicly routable IPv4 addressing inside their corporate network, this isn't an issue.

Unless your organization has configured your routers to route ipv6 (by enabling Router Advertisements), AAAA records will never be registered in DNS. When someone sees random AAAA records start appearing, 99%+ of the time, it is caused by 6to4.

If this *is* an issue for you, the way to change the behavior is to follow the instructions at http://support.microsoft.com/kb/929852 and setting the registry key to 0x01, which will disable all tunnel interfaces (which includes 6to4). You could completely disable IPv6 through this registry key, but note that Microsoft does not recommend disabling IPv6 completely. There is no Group Policy to modify this key, but you can use Group Policy Preferences to set this key across all of your Domain Controllers.


Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now