Windows – My dns server default to link-local IPv6 address and it returns 1.1.1.1

domain-name-systemipv6windows

I'm having this weird problem in my network after a power loss (few seconds) but all my network equipment has UPS and it was working fine when the power was out.

Soon after the power was back I couldn't access my internet and when I tried to do the nslookup it returns something like this

C:\Users\Administrator>nslookup
Default Server:  UnKnown
Address:  fe80::1

> google.com
Server:  UnKnown
Address:  fe80::1

Name:    google.com
Address:  10.9.100.100

> google
Server:  UnKnown
Address:  fe80::1

Name:    google
Address:  1.1.1.1

Wireshark packet captured for that event. – (http://i.imgur.com/RLC6YE6.png)

I really don't know how my computer know 10.9.100.100 and 1.1.1.1 (It's nothing there)

I have multiples vlans on my core switch (SG500)

  1. Client – VLAN X – 10.1.1.x/24
  2. IP Phone – VLAN Y – 192.168.x.x/16
  3. Public Client – VLAN Z – 10.9.100.x/24

The port that i'm using has VLAN X and VLAN Y in the same port (Hybrid mode on 3com switch – access switch)

Current resolution is disable IPv6 from my local area connection.

This is my Local area connection (I have vmware/virtualbox installed) and IP address/Gw/DNS are static.

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::7890:2a9f:b81c:2a1f%11
   IPv4 Address. . . . . . . . . . . : 10.1.1.207
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.1.1.1

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::a818:fbb5:f940:bb96%14
   IPv4 Address. . . . . . . . . . . : 192.168.56.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::20f6:6352:de0b:fa24%19
   IPv4 Address. . . . . . . . . . . : 192.168.152.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter VMware Network Adapter VMnet8:

       Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::810c:4a64:b675:1e63%20
   IPv4 Address. . . . . . . . . . . : 192.168.172.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Does my computer has malware ? this event also effect some others windows7/windows8 (now around 5-10 from 100s) computer on my network as well.

Best Answer

I have found what's causing the problem.

There's one ADSL router connected to my VLAN X and it has IP address of 10.9.100.100 and IPv6 of fe80::1. This router is also response to IPv6 DHCP request and windows 7 is default to IPv6 so that's why i'm having this weird event.

Related Topic