How to selectively register some addresses, but not all addresses, in DNS


  • Hi All,

    We operate in a two-address model for our production ipv6 network -- we have an internal site-to-site vpn-connected ULA range in fd00::/8, we also have IPv6 external addressing in 2001::/16.  We route-advertise both address prefixes to our clients. 

    My problem is thus.  We don't want to necessarily add the external addresses into DNS, which would imply that internal traffic would skirt out the internet instead of routing over our encrypted VPN's.  To that end, I'm trying to find a way to configure the machines (hopefully via group policy) in such a way to avoid the 2001::/16 address being published in DNS for the machines.

    I tried setting the two route advertisements such that the 2001::/16 address has no preferred lifetime, but does have a valid lifetime.  This achieved what I want with DNS (it didn't register that address), but Windows won't use that address now as it considers it deprecated.

    So I'm looking for either:

    • A way to configure DNS auto-registration, via GPO, where I can tell the auto-register to not register certain addresses, or
    • A way to cause windows to utilize a deprecated address that still has a valid lifetime, also pushable via GPO.


    Any suggestions?

    19 พฤษภาคม 2554 17:13