This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 55.00000000000001%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
After I retired from state IT work, I have a domain I support for a friend's company. It has been running just fine for 5 years on 2012 R2. 2 domain controllers that have DNS and DHCP on them. There is no IPV6 DNS server on either nor is there a IPV6 DNS server listed in DHCP. The router does not have DHCP IPV4 or IPV6 on it. Suddenly all the computers are showing an IPV6 DNS server at the top of their list in the 206.x.x.x range and all sorts of things are failing. I turned off IPV6 on all the servers thru adding DisabledComponents in the registry of the servers so they are working on IPV4 again, but I have discovered that the W10 domain computers have added a IPV6 DNS server at the top of the list. Does anyone have any idea where how this entry is getting into the domain? What is happening is if I ping a server name, the query is resolving to a 206.x.x.x address on the affected computers instead of the local 192.x.x.x address. I've done the usual and flushed dns caches on the servers and workstations, rebooted etc..
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Simplest solution may be to put a personal NAT box in between the ISP equipment and your domain equipment. Shouldn't be an reason to make changes to IPv6 from defaults.
--please don't forget to upvote and Accept as answer if the reply is helpful--
In answer to your suggestion, we have a router with NAT configured on it between the ISP modem and the domain. Further investigation reveals there were two problems.
The first was that the severs except the DC1 all decided to start using IPV6 to the non-authoritative DNS as the primary means of resolving queries. I resolved that by turning off IPV6 on the domain servers, flushed the DNS resolver cache on all the servers, and deleted all the IPV6 cnames that had built up. They answer first properly now on all queries from the servers.
The second issue is that the workstations are now listing an IPV6 DNS server in the 1st position and the local domain servers in the 2nd and 3rd position. DHCP is turned off on the router, and no IPV6 address or scope is listed in the domain DHCP servers. I have no idea where it came, or is coming from. The DNS server IP that answers is registered to Network Solutions, which is where the mail server is for the domain, and where the company webpage is hosted.
The way it worked for years was the local computers queried the local controller 1. If it failed they queried the backup controller 2. If neither could resolve a name when asked they used a forwarder. I have no idea how an IVP6 DNS entry could put itself in first position when DHCP is configured otherwise.
The second issue is that the workstations are now listing an IPV6 DNS server in the 1st position and the local domain servers in the 2nd and 3rd position. DHCP is turned off on the router, and no IPV6 address or scope is listed in the domain DHCP servers. I have no idea where it came, or is coming from. The DNS server IP that answers is registered to Network Solutions, which is where the mail server is for the domain, and where the company webpage is hosted.