domain-name-system – 为什么我的域控制器导致我的路由器发送唯一本地地址的广告?

前端之家收集整理的这篇文章主要介绍了domain-name-system – 为什么我的域控制器导致我的路由器发送唯一本地地址的广告?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我目前正在评估Server 2012作为 Linux和Windows工作站和服务器的小型异构网络中的域控制器,所有这些都将最终加入域.这是一个100%的双栈网络;每个设备都具有IPv4和IPv6连接.路由器是运行radvd 1.9.1的Linux服务器和各种其他必需品.

我刚刚安装了第一个域控制器;它的域名是ad.businessname.com(其中businessname.com由外部DNS服务器处理;域名也有公共网站,电子邮件等,此时这些域名不会加入域名).它是安装了AD DS和DNS角色的服务器核心.一切似乎都很好,我准备建立第二个DC并开始加入计算机,但……

现在我的网络上有额外的IPv6路由器广告,广告Unique Local Addresses.它还宣传实际路由器正在宣传的本机IPv6前缀.起初我认为这些RA来自域控制器,因为当我关闭它时它们就消失了,但是在运行Wireshark后我看到它们来自我的实际IPv6路由器. Wireshark显示,这个版本的RA很快就跟随了来自DC的fd4a:e7ab:34a5 :: 1的邻居请求.

奇怪的是,当域控制器不在网络上时,路由器也发送它通常发送的原始路由通告.这个版本的RA匹配/etc/radvd.conf(下面是一个副本).与Wireshark的快速会话证实,两个版本的路由器广告都来自运行radvd的Linux路由器的MAC地址.

到目前为止,这些似乎无害,因为我的IPv6连接并未因额外RA的存在而中断.但由于我已经拥有全球IPv6连接,因此ULA似乎是不必要且不需要的.

我昨晚花了很多钱,今天在互联网上搜索,试图弄清楚发生了什么,但除了暗示它是might have something to do with the IP Helper Service(以及模糊警告不要关闭它)之外,几乎找不到任何解释.但据我所知,当本机IPv6可用时禁用此服务应该是安全的.

所以我的问题是:

>为什么Windows为ULA网络发送邻居请求?
>为什么要发送这些RA,显然是作为回应?
>为什么他们除了我的本地地址之外还宣传ULA?
>这不会导致以后的IPv6路由出现问题吗?
>我是否必须忍受这个,或者我如何使Windows和radvd行为?

各种配置信息如下:

这是一个被发送的捕获RA(如radvdump所示,IMO比wireshark的输出更容易阅读).你可以看到它正在宣传ULA和公共前缀(这里隐藏).当我关闭域控制器时,此版本的RA停止出现在网络上.

#
# radvd configuration generated by radvdump 1.9.1
# based on Router Advertisement from fe80::20c:29ff:fef4:66f1
# received by interface eth0
#

interface eth0
{
        AdvSendAdvert on;
        # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
        AdvManagedFlag off;
        AdvOtherConfigFlag on;
        AdvReachableTime 0;
        AdvRetransTimer 0;
        AdvCurHopLimit 0;
        AdvDefaultLifetime 1800;
        AdvHomeAgentFlag off;
        AdvDefaultPreference medium;
        AdvSourceLLAddress on;
        AdvLinkMTU 1500;

        prefix fd4a:e7ab:34a5::/64
        {
                AdvValidLifetime 86400;
                AdvPreferredLifetime 86400;
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        }; # End of prefix definition


        prefix 2001:db8:16:bf::/64
        {
                AdvValidLifetime 86400;
                AdvPreferredLifetime 86400;
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        }; # End of prefix definition


        RDNSS fd4a:e7ab:34a5::1
        {
                AdvRDNSSLifetime 86400;
        }; # End of RDNSS definition


        DNSSL businessname.com
        {
                AdvDNSSLLifetime 1800;
        }; # End of DNSSL definition

}; # End of interface definition

这是原始路由器广告,它与路由器的/etc/radvd.conf匹配,并且仍然被发送到网络上,与上面的路由器交替:

#
# radvd configuration generated by radvdump 1.9.1
# based on Router Advertisement from fe80::20c:29ff:fef4:66f1
# received by interface eth0
#

interface eth0
{
        AdvSendAdvert on;
        # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
        AdvManagedFlag off;
        AdvOtherConfigFlag off;
        AdvReachableTime 0;
        AdvRetransTimer 0;
        AdvCurHopLimit 64;
        AdvDefaultLifetime 1800;
        AdvHomeAgentFlag off;
        AdvDefaultPreference medium;
        AdvSourceLLAddress on;

        prefix 2001:db8:16:bf::/64
        {
                AdvValidLifetime 86400;
                AdvPreferredLifetime 14400;
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        }; # End of prefix definition


        RDNSS 2001:4860:4860::8888 2001:4860:4860::8844
        {
                AdvRDNSSLifetime 600;
        }; # End of RDNSS definition

}; # End of interface definition

域控制器上已安装的角色/功能列表:

[dc1]: PS C:\Users\Administrator\Documents> Get-WindowsFeature | where {$_.InstallState -eq "Installed"}

Display Name                                            Name                       Install State
------------                                            ----                       -------------
[X] Active Directory Domain Services                    AD-Domain-Services             Installed
[X] DNS Server                                          DNS                            Installed
[X] File And Storage Services                           FileAndStorage-Services        Installed
    [X] File and iSCSI Services                         File-Services                  Installed
        [X] File Server                                 FS-FileServer                  Installed
    [X] Storage Services                                Storage-Services               Installed
[X] .NET Framework 4.5 Features                         NET-Framework-45-Fea...        Installed
    [X] .NET Framework 4.5                              NET-Framework-45-Core          Installed
    [X] WCF Services                                    NET-WCF-Services45             Installed
        [X] TCP Port Sharing                            NET-WCF-TCP-PortShar...        Installed
[X] Group Policy Management                             GPMC                           Installed
[X] Remote Server Administration Tools                  RSAT                           Installed
    [X] Role Administration Tools                       RSAT-Role-Tools                Installed
        [X] AD DS and AD LDS Tools                      RSAT-AD-Tools                  Installed
            [X] Active Directory module for Windows ... RSAT-AD-PowerShell             Installed
[X] Windows PowerShell                                  PowerShellRoot                 Installed
    [X] Windows PowerShell 3.0                          PowerShell                     Installed
[X] WoW64 Support                                       WoW64-Support                  Installed

以太网接口的IPv6配置,如聊天中所要求的:

[dc1]: PS C:\Users\Administrator\Documents> netsh interface ipv6 show interface interface=Ethernet

Interface Ethernet Parameters
----------------------------------------------
IfLuid                             : ethernet_7
IfIndex                            : 12
State                              : connected
Metric                             : 10
Link MTU                           : 1500 bytes
Reachable Time                     : 33500 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms
DAD Transmits                      : 1
Site Prefix Length                 : 64
Site Id                            : 1
Forwarding                         : disabled
Advertising                        : disabled
Neighbor Discovery                 : enabled
Neighbor Unreachability Detection  : enabled
Router Discovery                   : enabled
Managed Address Configuration      : disabled
Other Stateful Configuration       : enabled
Weak Host Sends                    : disabled
Weak Host Receives                 : disabled
Use Automatic Metric               : enabled
Ignore Default Routes              : disabled
Advertised Router Lifetime         : 1800 seconds
Advertise Default Route            : disabled
Current Hop Limit                  : 64
Force ARPND Wake up patterns       : disabled
Directed MAC Wake up patterns      : disabled
ECN capability                     : application

解决方法

虽然我仍然不知道为什么会发生这种情况(并且欢迎解释!)现在似乎已经修复了.

我用精细的牙齿梳理了网络配置,发现我的懊恼是默认网关中有错字!

[dc1]: PS C:\Users\Administrator\Documents> Get-NetRoute -PolicyStore PersistentStore -AddressFamily IPv6

ifIndex DestinationPrefix                              NextHop                                  RouteMetric PolicyStore
------- -----------------                              -------                                  ----------- -----------
12      ::/0                                           2001:db8:116:bf::1                               256 Persiste...

嗯,哎呀! 116:bf应为16:bf.

所以我修正了拼写错误,并且很好地从以太网接口删除了ULA地址,瞧,没有额外的RA,我的网络再次开心.

[dc1]: PS C:\Users\Administrator\Documents> Remove-NetRoute -NextHop 2001:db8:116:bf::1

Confirm
Are you sure you want to perform this action?
Performing operation "Remove" on Target "NetRoute -DestinationPrefix ::/0 -InterfaceIndex 12 -NextHop 2001:db8:116:bf::1 -Store Active"
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing operation "Remove" on Target "NetRoute -DestinationPrefix ::/0 -InterfaceIndex 12 -NextHop 2001:db8:116:bf::1 -Store Persistent"
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y
[dc1]: PS C:\Users\Administrator\Documents> New-NetRoute -NextHop 2001:db8:16:bf::1 -DestinationPrefix ::/0 -InterfaceIndex 12

ifIndex DestinationPrefix                              NextHop                                  RouteMetric PolicyStore
------- -----------------                              -------                                  ----------- -----------
12      ::/0                                           2001:db8:16:bf::1                                256 ActiveStore
12      ::/0                                           2001:db8:16:bf::1                                256 Persiste...
[dc1]: PS C:\Users\Administrator\Documents> Remove-NetIPAddress -AddressFamily IPv6 -IPAddress fd4a:e7ab:34a5:0:807e:e44a:7ffc:ea90 -PrefixLength 64

Confirm
Are you sure you want to perform this action?
Performing operation "Remove" on Target "NetIPAddress -IPv6Address fd4a:e7ab:34a5:0:807e:e44a:7ffc:ea90 -InterfaceIndex 12 -Store Active"
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y

Wireshark说,在邻居请求,路由器广告或其他任何地方都没有ULA的进一步信号.

猜你在找的HTML相关文章