How to disable IPv6 AAAA dynamic updates?
Danny Mayer
mayer at gis.net
Tue Mar 11 02:13:43 UTC 2008
Denis Laventure wrote:
> Mark Andrews a écrit :
>>> Chris Thompson a écrit :
>>>
>>>> On Mar 6 2008, Denis Laventure wrote:
>>>>
>>>>
>>>>> We have a DDNS setup with IPv4 only (Bind 9.4.2). With Vista and IPv6
>>>>> (activated by default) we always get AAAA entries on our DDNS tables.
>>>>> I tried to disable IPv6 with -4 on named command line, I added
>>>>> listen-on-v6 { none; }; to my config, I disabled IPv6 on my OS...
>>>>>
>>>> All those are to do with whether BIND will listen for requests on IPv6
>>>> connections, or talk to other nameservers over IPv6. They say nothing
>>>> about what sort of record types it will handle, and its a category
>>>> error to think that it might. It's like thinking that if a nameserver
>>>> doesn't use e-mail it would refuse to handle MX records.
>>>>
>>>>
>>> I know that was for 'listening' but I had to try since didn't know how
>>> to do it.
>>>
>>>>> Nothing works, I still get AAAA added to my forward table.
>>>>>
>>>>> Is there a way to disable IPv6 dynamic updates from IPv6 clients in
>>>>> bind?
>>>>>
>>>> Well, you might be able to use "update-policy" to forbid updates to type
>>>> AAAA records, but that assumes your update requests are signed. Are they?
>>>>
>>>>
>>> The updates are not signed on this DNS server. We're in the process of
>>> moving to another one that have updates from DHCP only, no client will
>>> be allowed to update directly. BUT, our domain servers (Windows Server
>>> 2003) will, and the updates are not signed (we're waiting for Bind 9.5
>>> GSS-TSIG for this). They seems to add AAAA records even if we disable
>>> IPv6 on the interface.
>>>
>>> I will check the update-policy clause.
>>>
>>> Denis Laventure
>>>
>> Well you should talk to Microsoft as this appears to be a
>> bug in Windows. If the interface has IPv6 disabled there
>> should be no AAAA records being added to the DNS.
>>
>> If the interface does have IPv6 enabled then it is perfectly
>> reasonable to add the AAAA addresses to the DNS.
>>
>> BIND is not the place to fix this issue.
>>
>> Mark
>>
> Our servers are Windows Server 2008 not 2003. I found an article on
> microsoft technet that explain how to disable ipv6 with a registry key.
> Disabling ipv6 on the interface is not enough on Vista and 2008... Now I
> don't have AAAA record in my DNS.
> Denis
netsh interface ipv6 uninstall
Danny
More information about the bind-users
mailing list