[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 672
  • Last Modified:

IPv6 DNS queries not understood by Name Servers

When IPv6 capable machines (Mac OS X, Win Vista or Win 7) send DNS query request for a www A record in IPv6 format, Name Servers at Network Solution respond with generic entry (*, all others) rather than the correct www entry.

DNS servers of our company are Windows 2003 R2. Either they are sending out or forwarding the request in the wrong format or Network Solution's NS server don't understand IPv6 requests, resulting in non-specific wrong response. (We have analyzed the packets and no other DNS servers are involved.)

Has anyone encountered this? Who is the real culprit? What may be the solution?

IPv6 requests are sent out even when IPv6 is disabled (unchecked) on Mac OS X or Windows machines. Thanks.

Ajay
0
Akulsh
Asked:
Akulsh
  • 6
  • 5
  • 2
2 Solutions
 
Darius GhassemCommented:
How do you know that they are sending out in IPv6?

To truly disable IPv6 you must disable in the registry on the clients

http://www.home-network-help.com/disable-ipv6.html
0
 
AkulshAuthor Commented:
I know that the DNS requests from client are in IPv6 format since we capture the traffic with MS Network Monitor. Within DNS frame, the Question Type is "IPv6 Host Address". The problem occurs only after such a packet is sent to Network Solutions NS servers. They don't respond correctly and in their packets IPv6 is not mentioned.

About disabling IPv6 on clients, right now our main problem workstation is MAC OS X. Do you know how to disable IPv6 on those? (Of course, we want permanent solution on the server side.) Thanks.

Ajay
0
 
Darius GhassemCommented:
I don't know how to disable IPv6 on MAC OS.

The Windows 2003 Server should be Forwarding to IPv4.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
AkulshAuthor Commented:
What do you mean - "The Windows 2003 Server should be Forwarding to IPv4. "?

Captured packets clearly show it is IPv6 request from Win2K3 server to NS servers. Is there anything we can do on MS Win2K3 DNS server so it does not forward IPv6 DNS queries upstream? Thanks.
0
 
Darius GhassemCommented:
Does your Windows 2003 Server have IPv6 installed?
0
 
AkulshAuthor Commented:
No.
Mac and Win 7 have IPv6 preinstalled but it is disabled (unchecked) in both cases.
0
 
Darius GhassemCommented:
Unchecking does NOT disable IPv6 you must disable IPv6 through registry
0
 
AkulshAuthor Commented:
How do you do that in a Mac machine?
0
 
Darius GhassemCommented:
I'm not a Mac person at all that will be a question that needs to be opened in MAC zone. I guess and post links from google but I won't be able to help if something goes wrong.

http://serverfault.com/questions/70724/how-to-completely-disable-ipv6-on-mac-os-x-10-5

http://support.apple.com/kb/TS3802

http://wiki.answers.com/Q/How_do_you_turn_off_IPV6_on_a_mac
0
 
AkulshAuthor Commented:
Please give me a few more days before we can fully test and resolve this issue. Thanks.
0
 
PapertripCommented:
Aside from the good advice given by darius, I have some info to add.  I found the problem and presented the solution already in this thread.

FYI, these are requests are not over IPv6, but rather are AAAA requests over IPv4.  How to disable that on Windows and Mac's I do not know, but the solution I provided in the link above should resolve the issue.

The solution for this particular situation is adding a quad-A record so that it's not matched by the wildcard.

Darius if you see something else DNS related that I have overlooked, please let me know.  As I mentioned in the above link, I have not encountered this specific situation before.
0
 
PapertripCommented:
Well I'm glad Aklush asked that I check this question out, because I just realized a major flaw in my answer.

You will not be able to add a AAAA record unless you have an IPv6 address.  The correct solution to this is to disable AAAA queries from your clients.  

I apologize, this was something I had not ran into before and ended up focusing on the wrong part of the problem.  I feel a bit foolish in hindsight giving that answer, but at least I can learn from my short-sightedness.
0
 
AkulshAuthor Commented:
We had to get help from Mac Tech Support to disable IPv6 queries from the Mac machine.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 6
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now