Thursday, February 17, 2011

XP IPv6 Weirdness

This article is about a computer that has IPv6 installed on Windows XP SP3.

I was using Wireshark today checking on the operation of the NetScanTools Pro v11 port scanner when I noticed something weird. Every 10 seconds a set of regularly spaced AAAA record queries were going to my ISPs DNS (default DNS for this system). The AAAA queries were all for 'mycomputername.domain.actdsltmp' and each time the DNS would respond back with 'no such name'. So I started closing down the browser and all the open programs - no change, the queries continued. Since this amounts to DNS harassment and a waste of bandwidth, I decided to find the cause. The 'domain.actdsltmp' part of the request is there because we have an Actiontec GT701 that provides that to my computer as a default domain name.

I could not find a way to shut it off short of uninstalling IPv6, so I did a nice workaround that works well. I added these two records to my hosts file using NetScanTools Pro - you can use something else if you want, it's just a text file. The first record is for IPv4 and the second for IPv6:

127.0.0.1 mycomputername.domain.actdsltmp
::1 mycomputername.domain.actdsltmp

The purpose of those records is to intercept outgoing DNS queries before they happen. This is because Windows DNS queries start with the hosts file, then failing to find the mapping in there, the actual outgoing DNS query is made to the default system DNSs.

Those two records tell whatever is asking for those hostnames that the loopback addresses (IPv4 and IPv6) are the addresses to use. This makes sense anyway because it's asking for a translation of your own computer name.

No comments: