This is admittedly not a bind question, but it has
become a major nag factor and I am not sure what to recommend.
We delegate our Microsoft Active Directory zone to
Microsoft domain controllers and they have stuffed their zone
with about 750 AAA records and all are publicly visible if one
does a lookup. even the top level of the AD domain has 10 IPv6
responses, one for each controller. The AD admins say that IPv6
is turned off and that the work stations register IPv6 addresses
automatically and so forth, but the final truth is that they are
there, however they got there, and other systems will get the
records when they try to resolve the host name.
Recently, there was a Microsoft update which appears to
cause the resolvers on these Windows7 systems to favor
IPv6 records first and now I am getting reports of timeouts from
Windows boxes looking up other Windows boxes.
What I am asking the list is whether or not anybody
knows of a way to get the Microsoft controllers to ignore the
IPv6 registrations. Having 0 IPv6 records would probably solve
the problem until the day we get a IPv6 allocation and make our
nework IPv6 capable. As of now, it is a down right nuisance. I
am running bind in its default mode where it could handle both
IPv4 and IPv6 addresses, but we have no IPv6 addresses at all in
the zones that we do not delegate. I believe that if I ran bind
in IPv4-only mode, it would make no difference because the
problem zone is delegated. If I am wrong about that, please let
me know.
In best IT tradition, I am hearing "Do something!" and
it seems to me that there is nothing I can do as the zone is
delegated.
Thanks for any constructive ideas or references which
will help the AD folks get rid of those IPv6 records for now.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
