At a high level: new AD forest (Forest A) with 3 child domains, all running AD DNS that has a forest trust to another forest (Forest B). DNS in Forest B has stub zones in AD DNS to the forward and IPv4 reverse lookup zones in Forest B. Everything
is working great, but one (and only one) of the domain controllers from each child domain in Forest A is caching not just its IPv4 IP, but the IPv6 Teredo IP in Forest B’s DNS cache. Forest A doesn’t have these IPs anywhere in DNS, and this doesn’t happen
with the forest root DCs, just the child domain DCs.
I have tried disabling Teredo on the DCs in question, to no avail. I can flush the DNS cache in Forest B and nslookup the suspect Forest A DCs and get both IPs.
Very odd – any ideas? It wouldn’t be that big of a deal save on occasion a client will get the Teredo IP from DNS, which will result in an inability to get to that DC.
Forest A – all servers are running Windows Server 2012 Core, forest and domain levels are Windows Server 2008 R2. Forest B – all servers running Windows Server 2008 R2, and forest and domain levels are Windows Server 2008 R2 as well. DNS is running on all DCs in both forests.
I have tried disabling Teredo on the DCs in question, to no avail. I can flush the DNS cache in Forest B and nslookup the suspect Forest A DCs and get both IPs.
Very odd – any ideas? It wouldn’t be that big of a deal save on occasion a client will get the Teredo IP from DNS, which will result in an inability to get to that DC.
Forest A – all servers are running Windows Server 2012 Core, forest and domain levels are Windows Server 2008 R2. Forest B – all servers running Windows Server 2008 R2, and forest and domain levels are Windows Server 2008 R2 as well. DNS is running on all DCs in both forests.