IPV6 in DNS Record

Posted on 2011-04-19
Last Modified: 2012-05-11
I do not use ipv6. In my DNS forward lookup zones on all of my 6 domain controllers for every HOST(A) record, I have a IPV6 Host (AAAA) record....I tried deleting a few of these but they come right back. Do I need to go to each client & disable IPv^ in the registry before I can keep these records from populating into DNS again?

If so can I disable ipv6 with a GPO?
Question by:wantabe2
    LVL 57

    Assisted Solution

    by:Mike Kline
    You have to disable IPv6 via the registry and network properties,

    ACE has the steps here

    Not a GPO specifically that does it, you could use GPP to modify the registry.  We disable it in our image....and before everyone gets upset I know there is a lot of debate about enabling or disabling IPv6.  That network with the image was a classified network that will never use IPv6.


    LVL 37

    Expert Comment

    by:Adam Brown
    The only other option available besides disabling IPv6 is to remove the option to Register this connections address in DNS in the DNS tab under advanced properties for the network card. You can push out a script that will do this through netsh in the command prompt. I'm working out the syntax right now.
    LVL 3

    Accepted Solution

    I'd be willing to bet that you have a publicly routable IPv4 address assigned to the DCs, don't you? (In other words, an IP address that does not begin with 10.X, 192.168.X, or 172.16.X) If that is the case, the behavior you are seeing is being caused by the 6to4 protocol. Since most organizations do not use publicly routable IPv4 addressing inside their corporate network, this isn't an issue.

    Unless your organization has configured your routers to route ipv6 (by enabling Router Advertisements), AAAA records will never be registered in DNS. When someone sees random AAAA records start appearing, 99%+ of the time, it is caused by 6to4.

    If this *is* an issue for you, the way to change the behavior is to follow the instructions at and setting the registry key to 0x01, which will disable all tunnel interfaces (which includes 6to4). You could completely disable IPv6 through this registry key, but note that Microsoft does not recommend disabling IPv6 completely. There is no Group Policy to modify this key, but you can use Group Policy Preferences to set this key across all of your Domain Controllers.


    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
    This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now