Jump to content

Recommended Posts

Posted (edited)

To begin with, my router is an AT&T issued Pace 5268ac router. This is basically an IPv4 router that AT&T modiified firmware wise to support IPv6. Appears this is done by creating a 6to4 tunnel at the router's boarder edge and reconverting the IP address back to an Ipv6 address on the LAN side of the router. I have been using this router with Eset IS for 4 years w/o issue until recently.

Next factor is for security reasons, I have always disabled NetBIOS in Windows.. As such, DHCP was being provided via Windows versus using the default setting which would use the router to resolve DHCP. I am also using the Eset Public profile.

I have spend a ungodly amount of diagnostic testing to try to determine why DHCPv6 recently was not working properly. Not only was the local network IPv6 DNS servers this router uses not being assigned properly, but Eset would show multiple DHCPv6 connections at system boot time, extended ekrn.exe monitoring of port 137, and like weird behavior. 

My strong suspicion is the above activity is being caused by Win 10's recent introduction of multi-homed DNS resolution. This is basically Windows searching for DNS servers on your local network and assigning the first one it finds. Unfortunately, there is no way to disable multi-homed DNS resolution in the Win 10 Home version as can be done via the Pro+ versions via Group Policy.

I have finally resolved the issue by reverting to the Windows default IPv4 NetBIOS setting to use the router to perform DHCP resolution. Not the most secure thing to do. The weird thing is this router must be using IPv4 NetBIOS resolution mechanisms in the assignment of its local IPv6 DNS servers.

 

Edited by itman
Posted (edited)

Some additional technical details. IPv6 addresses abbreviated in the following.

My IPv6 addresses assignments are 2400::/64 for Ethernet and 2400::/60 for the router/gateway. Note the distinction.

The router has a DHCPv6 server assigned in the 2401::ffff range and a IPv6 DNS server assigned to 2401::1. Appears the router is using ICMPv6 port 0 tunneling to send IPv6 DNS traffic to/from the 2401::1 DNS server to a DNS server at 2400::1. The tunnel to the 2400::1 DNS server is not immediately established at boot time. Appears LLMNR is being used to do so shortly after boot time. Whereas Win 10 recognizes the establishment of the 2400::1 DNS server, Eset does not. Finally it goes without saying that Eset is not monitoring any of this IPv6 DNS traffic. 

Edited by itman
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...