Prevent automatic Windows DNS from registering global IPv6 addresses

dav20011

6/12/23, 7:40 PM

When having IPv6 enabled the automatic Windows DNS registration adds AAAA records for both the ULA and the global unicast address. This is not a problem for most networks, but causes issues when using a VPN without routing the global addresses through it (which is not always viable). Thus I would like to prevent it from registering the global address, but haven't found an option for that so far.

I know that I could solve the issue by disabling IPv6 or the automatic DNS, but I look for a better option. My only other idea was to use some DNS forwarder to filter out these records, but obviously this is not a feature of any common forwarder.

0 + 0

domain-name-system

windows

active-directory

ipv6

John Mahowald

6/12/23, 11:52 PM

Please describe your network, and why the private nets cannot be routed through a VPN.

dav20011

6/13/23, 12:46 AM

Routing an entire subnet through the VPN is simply not wanted as the VPN has limited bandwidth. The entire network consists of multiple subnets at different locations which are connected via WireGuard routers without any NAT. Thus the ULAs and local IPv4 addresses can be routed through the VPN and all global addresses are sent over the internet without VPN.

Zoredache

6/13/23, 7:28 AM

You know you can disable the DNS registration **per-interface**? IE you could disable registration on your VPN interface, but leave it enabled on your other interfaces.

LeeM

6/14/23, 9:03 AM

Yes, per the previous suggestion, the main option is to disable DNS registration on the on the *client's* VPN/RemoteAccess adapter. If DHCP is handing out IPv6 addresses, you may need to check it doesn't also do the registration on behalf of the client.

dav20011

6/14/23, 10:31 AM

This does not work. As stated above the VPN connection is provided by a single WireGuard router per subnet. Every other device only has a physical interface. I also don't want to remove the records for the VPN subnet IPs as they are reachable from everywhere. I want to selectively remove a single IPv6 (global unicast from every physical interface) from the records.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Prevent automatic Windows DNS from registering global IPv6 addresses

TH: ป้องกันไม่ให้ Windows DNS อัตโนมัติลงทะเบียนที่อยู่ IPv6 ส่วนกลาง

RO: Împiedicați DNS automat Windows să înregistreze adrese IPv6 globale

RU: Запретить автоматическому DNS Windows регистрировать глобальные адреса IPv6

VI: Ngăn DNS Windows tự động đăng ký địa chỉ IPv6 toàn cầu

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.