How to disable IPv6 AAAA dynamic updates?

Mark Andrews Mark_Andrews at isc.org
Thu Mar 6 22:41:06 UTC 2008


> Chris Thompson a écrit :
> > On Mar 6 2008, Denis Laventure wrote:
> >
> >> We have a DDNS setup with IPv4 only (Bind 9.4.2). With Vista and IPv6 
> >> (activated by default) we always get AAAA entries on our DDNS tables. 
> >> I tried to disable IPv6 with -4 on named command line, I added 
> >> listen-on-v6 { none; }; to my config, I disabled IPv6 on my OS... 
> >
> > All those are to do with whether BIND will listen for requests on IPv6
> > connections, or talk to other nameservers over IPv6. They say nothing
> > about what sort of record types it will handle, and its a category 
> > error to think that it might. It's like thinking that if a nameserver
> > doesn't use e-mail it would refuse to handle MX records.
> >
> I know that was for 'listening' but I had to try since didn't know how 
> to do it.
> >> Nothing works, I still get AAAA added to my forward table.
> >>
> >> Is there a way to disable IPv6 dynamic updates from IPv6 clients in 
> >> bind?
> >
> > Well, you might be able to use "update-policy" to forbid updates to type
> > AAAA records, but that assumes your update requests are signed. Are they?
> >
> The updates are not signed on this DNS server. We're in the process of 
> moving to another one that have updates from DHCP only, no client will 
> be allowed to update directly. BUT, our domain servers (Windows Server 
> 2003) will, and the updates are not signed (we're waiting for Bind 9.5 
> GSS-TSIG for this). They seems to add AAAA records even if we disable 
> IPv6 on the interface.
> 
> I will check the update-policy clause.
> 
> Denis Laventure

	Well you should talk to Microsoft as this appears to be a
	bug in Windows.  If the interface has IPv6 disabled there
	should be no AAAA records being added to the DNS.

	If the interface does have IPv6 enabled then it is perfectly
	reasonable to add the AAAA addresses to the DNS.

	BIND is not the place to fix this issue.

	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-users mailing list