I've set up a test domain to experiment with windows server 2012.
Initially I kept my test machines on a isolated network, but today I installed a pfsense machine to route some traffic to the internet.
Upon establishing the internet connection I realized that recursive DNS lookups did not work in my brand new domain, even though 'Use root hints if no forwarders are available' was checked and I could use nslookup to connect to (one of) the root hints.
I tried adding google's resolvers (8.8.8.8 and 8.8.4.4) as forwarders and that got DNS working for non-local records.
http://i.imgur.com/NlXpM4h.png
I removed the forwarders to google. I then removed the three default forwarders (fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3) and the server was able to use the root hints properly.
My router/internet access is only ipv4, so the only ipv6 traffic I'd expect is domain local.
Is it supposed to be necessary to remove the ipv6 forwarders for the server to do recursive lookups, or is there some configuration I am missing?
Best Answer
Ouch! Use of the
fec0::/10IPv6 address block (which used to be the site-local addresses) has been deprecated in September 2004. Those addresses should never be used anymore, and certainly not as a default.This is a bug in Windows Server 2012. Yes, you should definitely remove them.