none
When does Windows request AAAA records?

    Question

  • Situation:
    I have a Windows 7 workstation connecting to an IPv6/IPv4 dual-stack network via Openvpn.

    The tunnel comes up OK and can route v4 and v6 packets as expected.

    Windows can resolve the AAAA records for an IPV6 only host (ie nslookup ipv6.examplehostname.com), and I can ping -6 that host. (ie ping -6 ipv6.examplehostname.com)

    The problem:
    No program on the windows client will connect to the hostname of that host (ie one with only a AAAA record); Windows does not seem to be returning AAAA records to the programs. I have tried putty, firefox, internet explorer, and chrome. Each of those applications will connect fine when presented with an IPv6 literal.

    What I am seeing is very much like the problem described here:
    http://superuser.com/questions/259188/how-can-i-get-firefox-chrome-to-reach-ipv6-websites

    But the answer to that seems to be Teredo specific.

    My understanding is that Windows should prefer IPv6 over IPv4, but on my system IPv6 is never used unless explicitly requested.  Where a host as A and AAAA records Windows uses the A record.  Where a host only has an AAAA record, I get a "host not found" type error.

    What about using openvpn is causing Windows to change from this documented behaviour?

    Thanks,

    Tom.


    • Edited by TSeeley Thursday, May 16, 2013 8:10 AM
    Thursday, May 16, 2013 8:03 AM

All replies

  • I just discovered this page:

    http://technet.microsoft.com/library/bb727035.aspx:

    • If the host has only link-local or Teredo IPv6 addresses assigned, the DNS Client service sends a single query for A records.

    • If the host has at least one IPv6 address assigned that is not a link-local or Teredo address, the DNS Client service sends a DNS query for A records and then a separate DNS query to the same DNS server for AAAA records. If an A record query times out or has an error (other than name not found), the corresponding AAAA record query is not sent.

    I definitely have a non-link-local, non-teredo address live on the machine:

    C:\Users\Administrator>ipconfig

    Windows IP Configuration


    Ethernet adapter Local Area Connection 2:

       Connection-specific DNS Suffix  . :
       IPv6 Address. . . . . . . . . . . : 2001:67c:1520:5::1:1000
       Link-local IPv6 Address . . . . . : fe80::556e:315d:d6fc:8d9e%14
       IPv4 Address. . . . . . . . . . . : 10.162.93.6
       Subnet Mask . . . . . . . . . . . : 255.255.255.252
       Default Gateway . . . . . . . . . :

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Link-local IPv6 Address . . . . . : fe80::b430:4d2c:842:bb31%11
       IPv4 Address. . . . . . . . . . . : 10.0.2.15
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.0.2.2

    Tunnel adapter isatap.{E2F26DA9-80E5-495D-ACFF-9BECB1BF549F}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :

    Tunnel adapter Local Area Connection* 11:

       Connection-specific DNS Suffix  . :
       IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1cfe:2d51:f5ff:fdf0
       Link-local IPv6 Address . . . . . : fe80::1cfe:2d51:f5ff:fdf0%13
       Default Gateway . . . . . . . . . :

    Tunnel adapter isatap.{6170F8C3-B590-4FA2-939C-78773D32C8F4}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :

    C:\Users\Administrator>

    Thursday, May 16, 2013 8:31 AM
  • So I turned on DNS Client Events in the event viewer and I see this really unhelpful log:

    "The DNS server's response to a query for name ipv6.examplehostname.com indicates that no records of the type queried are available, but could indicate that other records for the same name are present. "

    Which of course is true (assuming the initial query was for an A record), but that really doesn't help.  The important question is why the dns client service didn't request the other records for the same name which it has just established might exist.


    • Edited by TSeeley Thursday, May 16, 2013 9:08 AM
    Thursday, May 16, 2013 9:06 AM