Jump to content


  • Posts

  • Joined

  • Last visited


  1. Upvote
    Patch gave kudos to itman in Eset Not Monitoring IPv6 DNS Connections   
    Well, disabling Smart multi-homed name resolution lasted for a few hours and the prior dropping of IPv6 monitoring by ekrn.exe upon resume from sleep mode continued. So I reset everything back to initial settings; LLMNR and Smart multi-homed name resolution enabled.
    First, note I use Eset Public firewall profile on a local Ethernet connection. As such, nothing local subnet-wise is trusted by the Eset firewall.
    I then happened upon a great series of articles on the web in regards to IPv6 and LLMNR. The first thing noted by the author is LLMNR is N/A in Win 10 as long as Win 10 network discovery is disabled which it is by default. So my security concerns about LLMNR were unfounded. Then the author got into LLMNR IPv6 address assignment; namely ff02::1:3. In a second article, he referred to LLMNR IPv6 address assignment via global reference; namely ff00::/8. Whoa, I had seen that reference in an Eset firewall default rule; the rule for IGMP. Now I had previously disabled that Eset service since I did not do any external multi-casting activities. So I re-enable the IGMP service which in turn activated the Eset default firewall rule for IGMP. Again and very important is these default IGMP rules allow unrestricted inbound LLMNR activity via its ff00::/8 IP address specification. I rebooted and everything is back to normal Eset-wise.
    Bottom line here is my ISP provided router does not have IPv6 circuitry to support a IPV6 DNS server. Rather the router assigns a pre-allocated IPv6 DNS server from its poll of reserved servers. All this is done via LLMNR IP addresses via the router at system startup time.
    -EDIT- Well in spite of the above statements, resume from sleep mode after prior Win 10 sign-off still dropped ekrn.exe IPv6 connection monitoring. So I did a full Win 10 based network reset. After scheduled system shutdown and restart, I got an Eset new connection detected alert. Reviewing what Eset set up for that connection, it created an IPv6 DNS server entry for the local network IP address the router forwards its external DNS server DNS traffic to. Also my IPv6 gateway address was created in the gateway section. I then proceeded to add those two entries to my prior Eset created network connection. I then deleted the new network connection Eset created. Finally ..... now Eset is not dropping the ekrn.exe IPv6 monitoring upon resume from sleep mode.
    I previously never had to be this specific when setting up an Eset firewall network connection. So Eset has modified something in regards to IPv6 DNS in this latest version. I also pity the poor Eset user that may have a router similar in configuration to mine and probably is oblivious to this activity occurring.
  • Create New...