How to disable IPv6 AAAA dynamic updates?
Denis Laventure
Denis_Laventure at uqac.ca
Thu Mar 6 17:01:32 UTC 2008
Chris Thompson a écrit :
> On Mar 6 2008, Denis Laventure wrote:
>
>> We have a DDNS setup with IPv4 only (Bind 9.4.2). With Vista and IPv6
>> (activated by default) we always get AAAA entries on our DDNS tables.
>> I tried to disable IPv6 with -4 on named command line, I added
>> listen-on-v6 { none; }; to my config, I disabled IPv6 on my OS...
>
> All those are to do with whether BIND will listen for requests on IPv6
> connections, or talk to other nameservers over IPv6. They say nothing
> about what sort of record types it will handle, and its a category
> error to think that it might. It's like thinking that if a nameserver
> doesn't use e-mail it would refuse to handle MX records.
>
I know that was for 'listening' but I had to try since didn't know how
to do it.
>> Nothing works, I still get AAAA added to my forward table.
>>
>> Is there a way to disable IPv6 dynamic updates from IPv6 clients in
>> bind?
>
> Well, you might be able to use "update-policy" to forbid updates to type
> AAAA records, but that assumes your update requests are signed. Are they?
>
The updates are not signed on this DNS server. We're in the process of
moving to another one that have updates from DHCP only, no client will
be allowed to update directly. BUT, our domain servers (Windows Server
2003) will, and the updates are not signed (we're waiting for Bind 9.5
GSS-TSIG for this). They seems to add AAAA records even if we disable
IPv6 on the interface.
I will check the update-policy clause.
Denis Laventure
More information about the bind-users
mailing list