none
Windows 2008 R2 with AD integerated DNS

    Question

  • Hello,

    We have Windows 2003 as PDC (holds all fsmo roles), one Windows 2003 additional DC and four Windows 2008R2 additional DC's spanned in a two site active directory domain. All DC's are GC's. Windows 2003 PDC and the other 2003 additional DC's are DHCP and DNS servers. We also have two Windows 2008R2 additional DC's at Site1 which has DNS running. All DC's point to itself as primary DNS and has other DC's IP as additional/ alternate DNS server. We don't have any conditional forwarders configured in DNS.

    At Site2 we have two Windows 2008R2 additional DC's. Both these DC's are DNS servers and DHCP servers. My problem is at Site2.

    Per Microsoft recommendation, I have NOT disabled IPV6. We are a pure IPV4 network.

    If I do a ipconfig /all from one/ all of these DC's at Site2 , I see my DNS has ::1, IP address of additional DC1 and IP address of additional DC2 at Site2. When I do a nslookup at this site, first I get an unknown server with request time out. Now I try aol.com I get request time out. I try aol.com again from same cmd window I get response back. What is causing this delay? Is it IPV6?

    I prefer to stick with MS recommendation of not disabling IPV6. I like to hear whether it's a safe approach to disable IPV6 on domain controller and have it running on Exchange 2010 boxes. To me it doesn't make sense, but I like to hear your thoughts.

    Thanks in advance

    Wednesday, October 13, 2010 11:35 PM

Answers

All replies

  • Disabling IPV6 is ok on a DC,  look at this question from last year where this was also discussed   http://social.technet.microsoft.com/Forums/en/winserverDS/thread/8fbc6ee3-7a71-4204-b89d-529254c88162

    The IPV6 should not affect the nslookup.  When you do the first nslookup run an ipconfig /displaydns  want to see if the site gets cached.

    Do you have an ISP or external DNS server that you can forward to (for testing)

     

    Thanks

    Mike


    http://adisfun.blogspot.com
    http://twitter.com/mekline
    Thursday, October 14, 2010 12:15 AM
  • I agree as well, Mike. I've seen issues with NPSI causing GC communication issues between Exchagne and a 2008 DC. After research and even contacting Microsoft PSS back in 2008, they suggested to disable IPv6. There are known issues with IPv6, and if not being used, pull it out! :-)

    I even published my notes on this, too. This may help TSAM as well:

    How to Disable RSS TCP Chimney Feature and Disable IPv6
    http://msmvps.com/blogs/acefekay/archive/2010/05/27/how-to-disable-rss-tcp-chimney-feature-and-ipv6.aspx

    Cheers!

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Thursday, October 14, 2010 3:53 AM
  • Thanks Mike , Ace.

    Miles forwarded this URL http://technet.microsoft.com/en-us/magazine/2009.07.cableguy.aspx to me a while ago which talks about disabling IPV6. This is the scariest paragraph:

    The Argument against Disabling IPv6
    It is unfortunate that some organizations disable IPv6 on their computers running Windows Vista or Windows Server 2008, where it is installed and enabled by default. Many disable IPv6-based on the assumption that they are not running any applications or services that use it. Others might disable it because of a misperception that having both IPv4 and IPv6 enabled effectively doubles their DNS and Web traffic. This is not true.
    From Microsoft's perspective, IPv6 is a mandatory part of the Windows operating system and it is enabled and included in standard Windows service and application testing during the operating system development process. Because Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6. If IPv6 is disabled on Windows Vista, Windows Server 2008, or later versions, some components will not function. Moreover, applications that you might not think are using IPv6—such as Remote Assistance, HomeGroup, DirectAccess, and Windows Mail—could be.
    Therefore, Microsoft recommends that you leave IPv6 enabled, even if you do not have an IPv6-enabled network, either native or tunneled. By leaving IPv6 enabled, you do not disable IPv6-only applications and services (for example, HomeGroup in Windows 7 and DirectAccess in Windows 7 and Windows Server 2008 R2 are IPv6-only) and your hosts can take advantage of IPv6-enhanced connectivity.

    So I focussed more on disabling IPv6 for DNS services. I got the IDX # of the NIC by running netsh interface ipv6 show interfaces and then deleted IPv6 for that interface by running   netsh interface ipv6 delete dnssserver name="IDX#" address=::1. Once I delete IPv6 interface from DNS, nslookup doesn't time out and websites load fast.

    While researching on disabling IPv6 I came across a KB from MS, http://support.microsoft.com/kb/929852.  I am confused with the Fix it as it has several options. Which one should I use to disable IPv6 and what is the difference between each?

    Thanks in advance
    Friday, October 15, 2010 11:25 AM
  • I have an article on disabling IPv6 that should walk you through step by step.  Ther are some apps that use it but the I can't think of any Business application that it would break.  IIRC, ipv6 and video conferencing might not work or something similar but all of our server class machines have all had this disabled for now.

    http://blogs.dirteam.com/blogs/paulbergson/archive/2009/03/19/disabling-ipv6-on-windows-2008.aspx

     

    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, October 15, 2010 12:00 PM
  • Hello,

    as you realize some problems i would follow the articles about disabling IPv6 as already posted. If this doesn't resolve the issue i would enable it again. If it helps leave it disabled until you have applications/services that require it enabled. Then you have to do some more testing.

    I always try to work with it enabled until problems occur, then i disable it for testing.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Sunday, October 17, 2010 9:51 AM
  • Monday, October 18, 2010 9:48 AM
  • Hi,

    How's everything going? I want to check if the suggestions have helped or if you need further assistance.

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, October 20, 2010 6:14 AM
  • Most interesting thread.

    Since IPv4 space has run out and we need to continue providing for smartphones, iPads and so on in the short term, does anyone really think that disabling IPv6 is good option now?

    I have to agree with TSAM, if you want your apps and site available to generation-Y and China and smartphones you can't disable IPv6.


    CarolChi
    Saturday, February 05, 2011 7:39 PM
  • Carol,

    What you're saying makes sense, however, IPv6 has not been widely adopted yet. I imagine that once the need really kicks in place, such as what you're suggesting with China's Gen-y population becoming more and more adept into the information age with additional smartphones, etc, it will spark an IPv6 revolution. We just haven't seen it yet, but I'm sure all future devices will have IPv6 technology in place to handle the additional requirements. But of course, it depends on all the ISPs to provide IPv6 connectivity, which not all have yet adopted.

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Sunday, February 06, 2011 1:27 AM