The AAAA record for this DC was not found

A new Windows Server 2008 DC was added to the domain. When compared [in DNS]
to other Windows Server 2008 [member] nodes, this DC's IPv6 Host (AAAA)
record is missing in DNS. The IPv6 Host (AAAA) record with name "(same as
parent folder)" is present though. All IPv4 records are present including
the host Host (A) record. The DC is configured with static IPv4 addresses,
IPv6 with automatic configuration only [like member servers].

When running "dcdiag /test:dns" on the DC, the output lists several
warnings:

"Warning:
Missing AAAA record at DNS server <IPv4 address>:
<FQDN>"

This is also the only [W2K8] node replying with IPv4 address when pinging at
it.

We plan to introduce the first Exchange 2007/SP1 into the org [on W2K8], and
was worried about DC's IPv6 name resolution.

Has anybody else seeing this?

/Rune Flo.

Are all your machines in your infrastructure set to use IPv6? Since all of
my customer networks are not using IPv6, that is including on their routers,
whether using Win2008 or not, I've simply disabled IPv6.

Does your design require it's use?

All machines will eventually be IPv6 ready in not too distant future 1Q 2009
(Vista,W2K8), so I would let the default config remain using IPv6 as the
default protocol on the intranet. I was looking for the reason why a [W2K8]
DC register different in DNS [regarding IPv6 Host (AAAA) record] than other
[W2K8]member servers with identical (IPv4, IPv6) settings.

Thanks for replying.

Hello Rune,

Ok, so you are moving towards IP6, no problem.

What is DNS running on, 2003 or 2008? Do all the respective machines in play
(DCs, DNS - assuming the same) have IPv6 installed?

The "(same as parent)" name was registered by the Netlogon service, not by
the adapter. Therefore we need to take a look at the adapter's settings.
Assuming that IP6 is on all machines, as well as the IPv6 IP address
configuration was also set in IPv6 properties, and 'register this
connection' (which is independent of the netlogon service regsitering the
'same as parent' hostname), is set in the IPv6 properties, I would assume
the machine will register.

The following link gives a little overview of resolution with IP4 vs IP6:

Configuring DNS for IPv6/IPv4 Coexistence
http://technet.microsoft.com/en-us/l.../cc738372.aspx

http://blogs.techrepublic.com.com/networking/?p=530

Also, keep in mind, Windows does not update the reverse zone (look under
"How do I configure IPv6 reverse lookups for the DNS Server service in
Windows Server 2003?"). However, they should for forward zones.
http://www.microsoft.com/technet/net...6/ipv6faq.mspx

Hi Ace,
Thanks for replying back. Didn't notice your reply right away. Sorry!

Config:
Small environment, single site (15 servers, 2 DC, 50 clients (XP,Vista))
Both DC run DNS (AD Integrated zones), One with Windows Server 2008/SP1, the
other with Windows Server 2003/SP2 (upgrade pending). It is the W2K8 DC that
differs from other W2K8 servers (and clients) with regard to "IPv6 Host
(AAAA) record" DNS registration.
All IPv6 settings on all IPv6 nodes are out of the box defaults [Automatic
configuration only]. The record registered in DNS by all other IPv6 capable
clients is the "6TO4 Adapter" IPv6 address. The W2K8 DC "6TO4 Adapter" IPv6
address is: 2002:d5ec:c903::d5ec:c903(Preferred)

One strange thing noticed when monitoring (Netmon,debug logs) DNS
registrations from this DC. Both DNS servers receive correct registration
queries, the W2k3 dns server accept and register the IPv6 Host (AAAA) =
2002:d5ec:c903::d5ec:c903 record, then after about 2 minutes it suddently
disappears from DNS! The W2K8 dns server (itself) seems not to accept
registering this record, the dns debug log (update respons) : R U [05a8
REFUSED]

What actually means [05a8 REFUSED]?

I apologize as well, for the late response.

.. 6to4 address
The 6to4 address is used for communicating between two nodes running both
IPv4 and IPv6 over an IPv4 routing infrastructure. The 6to4 address is
formed by combining the prefix 2002::/16 with the 32 bits of a public IPv4
address, forming a 48-bit prefix. 6to4 is a tunneling technique described in
RFC 3056.

From the above description that I found in the IPv6 Whitepaper at
Microsoft's site
(http://download.microsoft.com/downlo...b2e9/IPv6.doc),
it is related to IP4 to IPv6 transition. (6TO4 means IPv6 to IPv4).

This link is a white paper that explains the 6TO4 transition, but nothing on
errors
(http://download.microsoft.com/downlo...IPv6Trans.doc).

Please keep in mind, I am not an expert with IPv6, but I've seen numeros
posts regarding driver issues with this adapter. Is the server multihomed?

Check Device Manager to see if shows an error with the 6TO4 driver. I've
seen some postings with issues with this interface on Vista, but not with
2008, but may be similar.

Hi Ace,

Not an IPv6 expert me either. Just about to complete my first read of
"Understanding IPv6, Second Edition (by Joseph Davies)".

No, the DC servers is not multihomed.
A little progress still. On IPv6/IPv4 DC's, the IPv6 stack needed to have
configured a IPv6 DNS server. I used ::1 (localhost), then the "6TO4
Adapter" IPv6 address registered succesfully in DNS on both DC's, but after
a couple of minutes it disappered from both. First from the W2K8 DC, then a
bit later from the W2K3 DC.

Can it be that the AD DS service is dissatisfied with the AAAA record and
have it deleted?

Thanks anyway

Hmm, not sure at this point. As mentioned, I've seen others have this
problem while I searched for it last week, but I never did see a resolve. I
remember reading one poster's comment about trying to fix it by unchecking
and re-checking the IPV6 adapter. I never heard a response back if it
worked. Maybe there is a bug here? Not sure.

Another thought came to mind: Is EDNS0 support enabled on the DNS server?

No. Not as I'm aware of. No EDNS0 related parameter present in the registry
either.
The transistion to Exchange 2007 SP1 went well, so I likely have to ponder
on this in spare times :)

Thanks for your contribution Ace!

Hi Rune,

No problem for the attempt to help. Good to hear the transition went well.

FYI, EDNS0 is enabled by default but can be disabled. The registry entry is
found here under the key EnableEDNSProbes (0 to diable, 1 to enable):
http://technet.microsoft.com/en-us/l.../dd197418.aspx

EDNS0 allows query responses using UDP greater than 512, where formerly that
was the limit, and the response would revert to TCP. This feature actually
makes resolution more efficient. Some older firewalls do not support it, and
many firewalls out of the box block the traffic unless it's specifically
allowed. Mostly the thought is to leave it enabled with DNS and allow it in
the firewall.

For Cisco, the command to allow EDNS0 is:
fixup protocol dns

To disable/enable it, you can also use the dnscmd command as a toggle
(dnscmd is found in the reskit):
dnscmd /config /enableednsprobes

Hi... is AAAA record only associated with IPv6 address? i'm getting the same error but i only have IPv4 address... you said one needs disable IPv6 but i haven't done, how can i do this?

Yes, that is an IPv6 record.

Uncheck IPv6 in IP properties. Also set this registry entry (good for Vista
and 2008). If XP or 2003, it has to be uninstalled.

Disabling IPv6 on Windows 2008 or Vista

Ace