Hi,
I have a strange issue. Recently we have noticed dynamically registered IPv4 addresses disappearing from our internal Windows DNS forward lookup zones.
I don't run our very large DNS environment, so unfortunately, I can't examine the configuration. The problem seems to be tied to Windows servers with IPv6 enabled (windows 2008 and Windows 2008 R2 servers).
In our Windows server configuration, we allow the check mark for "Allow this connection to be registered in DNS" to be selected in the TCP/IP settings of the production IP address for the server.
Periodically, we have noticed that the IPv4 A records disappears from DNS while the AAAA IPv6 address for the server remains in tact.
I have been troubleshooting this problem from the server side (DNS client side). It appears that if I disable 6TO4 IPv6 addresses from the server and then restart the server, the problem goes away (IPv4 address comes back in DNS after the reboot). To disable IPv6 transition technologies, we implement DISABLECOMPONENTS = 1.
Although, this work around seems to solve all of our problems, I don't understand why the IPv4 address gets removed in the first place? I suspect a misconfiguration on the DNS server.
More information:
Overall IPv6 Problem: By default, the 6to4 tunneling protocol is enabled in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008 when an interface is assigned a public IPv4 address (that is, an IPv4 address that is not in the ranges
10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16). 6to4 will automatically assign an IPv6 address to the 6to4 tunneling interface for each such address that is assigned, and 6to4 will dynamically register these IPv6 addresses on the assigned DNS server. If this
behavior is not desired, we recommend disabling IPv6 tunnel interfaces on the affected hosts. In the company network, it also appears that IPv6 registration sometimes causes IPv4 A records to be removed in DNS. Microsoft has informed us that this http://support.microsoft.com/kb/2782438
might be the reason for the behavior. But I am still pressing to root cause because we are not using DHCP in our server vlans.
Using the options to disable IPv6 described in article 929852 is fully supported by Microsoft: Microsoft Answer: "Disabling IPv6 is not recommended but it's completely supported, but you might have to enable it back in future if you are going to implement
new technologies like DirectAccess etc, which needs IPv6."
Microsoft recommends that we use DisabledComponents = 1 for all Windows 2008 and Windows 2008 R2 servers that are problematic: This will disable IPv6 transition technologies and Servers will not get IPv6 address
It has also been asked that instead of disabling IPv6 on all of our Windows servers can we just disable IPv6 on the DNS servers: Microsoft Answer: disabling IPv6 only on DNS Servers will not help, as it will not stop clients from registering their IPv6 address.
Disabling IPv6 will impact applications that require IPv6. The known application services are: HomeGroup and DirectAccess -- we do not believe our company is currently using these technologies.