We recently had a security audit in our environment. One of the findings was that we do not have IPV6 configured on our dhcp server but ipv6 is still enabled. This could be an issue with the MITM6 exploit. It was recommended to either disable IPV6 all together OR to configure DHCP and DNS servers to be able to handle IPv6 so that a rogue DNS server couldn't take over endpoint settings. Im finding alot of conflicting articles about disabling it or not. Does anyone have any experience good or bad for either option? I know Microsoft is strongly against disabling it.
But, it is not a requirement for any MS software except DirectAccess.
When configuring AD and Exchange, I have seen many problems corrected by disabling IPv6, and very rarely some repaired by activating IPv6.
The rule should be: if IPv6 is disabled on Domain controllers, you should disable it on other servers.
If IPv6 is enabled on Domain controllers, you CAN let it and use it on servers.
Now, configuring DHCPv6 does not help. IPv6 works well without DHCP.
If you configure DHCPv6, Dhcp clients will have a IPv6 given by DHCP and another IPv6 obtained by default. It is simply a little more complicated to manage. So, I don't advice to do so.