• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Windows DNS AAAA problems

Started by cholzhauer, February 16, 2010, 08:41:51 AM

Previous topic - Next topic

cholzhauer

Here's the deal.

I'm running DNS on Server 2008 x64 via the MS "feature".  

There are a couple of root servers that are IPv6 enabled, so I would like to add their AAAA records so I can use them to do lookups. So, I went through and added the records by hand, verified that the DNS server was able to resolve them, copied those settings to my backup DNS servers, and life was good.

A couple of weeks/months later, I went back to check on things and found that the AAAA records had disappeared.  That time I noticed that there was an option called "Resolve" that would make Windows lookup the addresses (both A and AAAA) and insert them.  I did that, copied the settings to my backup DNS servers, and everything was working.

Well today I went back in to check on things and found that the AAAA records were again missing.  I don't know how to make them stick.

I know most of the users are are open source fans, but we're an MS shop and there's no changing that.  With that being said, has anyone had this problem before?

My setup is pretty simple.  I have two DNS servers here at our main location (both have IPv6 access to the Internet) and a third DNS server out west. (that one does not have IPv6 access to the Internet.)

cholzhauer


jimb


cholzhauer


cholzhauer

Oh, and to make this question a little clearer, here is a link

http://mars.sscorp.com/AAAA.htm

jimb

#5
Really don't know why your root servers are being overwritten.

My best guess is that the default on the MS DNS server is to go periodically fetch a named.ca file from some server somewhere, probably at Microsoft.  That file probably omits the IPv6 roots.

Probably some option buried deep in the DNS server advanced options or registry or something.  :P

EDIT: it could also be overwriting it w/ the contents of the %SystemRoot%\System32\Dns\Cache.dns file.

broquea


cholzhauer

QuoteEDIT: it could also be overwriting it w/ the contents of the %SystemRoot%\System32\Dns\Cache.dns file.

I just went and looked at that file and sure enough, all that's in there are IPv4 addresses



;
;  Root Name Server Hints File:
;
; These entries enable the DNS server to locate the root name servers
; (the DNS servers authoritative for the root zone).
; For historical reasons this is known often referred to as the
; "Cache File"
;

@                       NS f.root-servers.net.
f.root-servers.net      A 192.5.5.241
@                       NS g.root-servers.net.
g.root-servers.net      A 192.112.36.4
@                       NS h.root-servers.net.
h.root-servers.net      A 128.63.2.53
@                       NS i.root-servers.net.
i.root-servers.net      A 192.36.148.17
@                       NS j.root-servers.net.
j.root-servers.net      A 192.58.128.30
@                       NS a.root-servers.net.
a.root-servers.net      A 198.41.0.4
@                       NS b.root-servers.net.
b.root-servers.net      A 192.228.79.201
@                       NS c.root-servers.net.
c.root-servers.net      A 192.33.4.12
@                       NS d.root-servers.net.
d.root-servers.net      A 128.8.10.90
@                       NS e.root-servers.net.
e.root-servers.net      A 192.203.230.10


Is it possible to edit this file to display the IPv6 addresses?  I just checked the root server listing in the GUI and it still has one of the servers showing an AAAA address, which is what I entered yesterday.

jimb

#8
You should be able to replace it w/ the named.cache file from the internic (which has all the IPv6 roots in it).

ftp://ftp.internic.net/domain/named.cache

NOTE: I'm not sure if this file is your real problem though.  Based on a brief glance at Technet, it appeared to me that the cache file is merely a backup if it can't get the root zone out of the AD.

cholzhauer

Quote
NOTE: I'm not sure if this file is your real problem though.  Based on a brief glance at Technet, it appeared to me that the cache file is merely a backup if it can't get the root zone out of the AD.

that was my impression too; my cache.dns file doesn't even include all of the IPv4 addresses that are in my DNS servers, so I'm thinking you might be correct.

I don't see any harm in changing it...I'll backup the old file and copy the new one.