Similar to my earlier question regarding ISATAP and WPAD (here http://rdsrc.us/WZIRbe
), I am wondering if it is safe to allow teredo. and 6to4.ipv6.microsoft.com. I believe the latter enables ipv6 addresses to be encapsulated in an ipv4 for routing, but I am less clear on the teredo.ipv6.microsoft.com.
My situation and environment:
I have recently implemented OpenDNS web content filtering at all of my company's retail locations. I've chosen to use their Whitelist available with the Enterprise package to limit access. Choosing this method required us to compose a list not only of sites they will need to browse but sites necessary for all related technology to function and update.
In monitoring the blocked domains I constantly encounter teredo.ipv6.microsoft.com and 6to4.ipv6.microsoft.com entries. I have researched these but I have not yet found anything which can assure me that it will be safe to allow them. OpenDNS, naturally, uses their DNS servers to enforce the filtering so I need to be absolutely sure these will not allow users to bypass this.
I would like to be 100% sure allowing these will 1) not create any potential security risks and 2) not enable my users to bypass OpenDNS and access restricted sites.
Thank you for your help!