Domain-Name-System

為什麼我的域控制器導致我的路由器發送唯一本地地址的廣告?

  • February 8, 2013

我目前正在評估 Server 2012 以作為 Linux 和 Windows 工作站和伺服器的小型異構網路中的域控制器,所有這些最終都將加入到域中。這是一個 100% 雙棧網路;每個設備都有 IPv4 和 IPv6 連接。路由器是執行 radvd 1.9.1 和其他各種必需品的 Linux 伺服器。

我剛剛安裝了第一個域控制器;它的域名是ad.businessname.com(其中businessname.com由外部 DNS 伺服器處理;該域還有公共網站、電子郵件等,目前這些不會加入該域)。它是安裝了 AD DS 和 DNS 角色的伺服器核心。一切似乎都很好,我正準備設置第二個 DC 並開始加入電腦,但是……

現在我的網路上有額外的 IPv6 路由器廣告,廣告Unique Local Addresses。它還通告實際路由器正在通告的本機 IPv6 前綴。起初我以為這些 RA 來自域控制器,因為當我關閉它時它們消失了,但在執行 Wireshark 之後我發現它們來自我實際的 IPv6 路由器。Wireshark 顯示此版本的 RA 很快就在來自 DC 的 fd4a:e7ab:34a5::1 的鄰居請求之後。

奇怪的是,當域控制器不在網路上時,路由器*也會發送它通常發送的原始路由通告。*此版本的 RA 匹配/etc/radvd.conf(副本如下)。與 Wireshark 的快速會話證實,這兩個版本的路由器廣告都來自正在執行的 Linux 路由器的 MAC 地址radvd

到目前為止,這些似乎是無害的,因為我的 IPv6 連接並沒有因額外 RA 的存在而中斷。但由於我已經擁有全球 IPv6 連接,因此 ULA 似乎是不必要和不需要的。

我昨晚和今天花了很多時間在網際網路上搜尋以試圖弄清楚發生了什麼,但除了暗示它可能與 IP 助手服務有關(以及模糊的警告不要把它關掉)。但據我所知,當本地 IPv6 可用時禁用此服務應該是安全的。

所以我的問題是:

  • 為什麼 Windows 為 ULA 網路發送鄰居請求?
  • 為什麼要發送這些 RA,顯然是為了響應?
  • 為什麼除了我的本地地址之外,他們還宣傳 ULA?
  • 這不會在以後導致 IPv6 路由出現問題嗎?
  • 我是否必須忍受這個,或者我怎樣才能讓 Windows 和 radvd 正常執行?

各種配置資訊如下:

這是發送的擷取的 RA(如圖所示,radvdumpIMO 比wireshark 的輸出更容易閱讀)。您可以看到它同時在宣傳 ULA 和公共前綴(此處被遮蔽)。當我關閉域控制器時,這個版本的 RA 就不再出現在網路上。

#
# radvd configuration generated by radvdump 1.9.1
# based on Router Advertisement from fe80::20c:29ff:fef4:66f1
# received by interface eth0
#

interface eth0
{
       AdvSendAdvert on;
       # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
       AdvManagedFlag off;
       AdvOtherConfigFlag on;
       AdvReachableTime 0;
       AdvRetransTimer 0;
       AdvCurHopLimit 0;
       AdvDefaultLifetime 1800;
       AdvHomeAgentFlag off;
       AdvDefaultPreference medium;
       AdvSourceLLAddress on;
       AdvLinkMTU 1500;

       prefix fd4a:e7ab:34a5::/64
       {
               AdvValidLifetime 86400;
               AdvPreferredLifetime 86400;
               AdvOnLink on;
               AdvAutonomous on;
               AdvRouterAddr off;
       }; # End of prefix definition


       prefix 2001:db8:16:bf::/64
       {
               AdvValidLifetime 86400;
               AdvPreferredLifetime 86400;
               AdvOnLink on;
               AdvAutonomous on;
               AdvRouterAddr off;
       }; # End of prefix definition


       RDNSS fd4a:e7ab:34a5::1
       {
               AdvRDNSSLifetime 86400;
       }; # End of RDNSS definition


       DNSSL businessname.com
       {
               AdvDNSSLLifetime 1800;
       }; # End of DNSSL definition

}; # End of interface definition

這是原始路由器廣告,它與路由器匹配,/etc/radvd.conf並且仍在發送到網路上,與上面的交替:

#
# radvd configuration generated by radvdump 1.9.1
# based on Router Advertisement from fe80::20c:29ff:fef4:66f1
# received by interface eth0
#

interface eth0
{
       AdvSendAdvert on;
       # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
       AdvManagedFlag off;
       AdvOtherConfigFlag off;
       AdvReachableTime 0;
       AdvRetransTimer 0;
       AdvCurHopLimit 64;
       AdvDefaultLifetime 1800;
       AdvHomeAgentFlag off;
       AdvDefaultPreference medium;
       AdvSourceLLAddress on;

       prefix 2001:db8:16:bf::/64
       {
               AdvValidLifetime 86400;
               AdvPreferredLifetime 14400;
               AdvOnLink on;
               AdvAutonomous on;
               AdvRouterAddr off;
       }; # End of prefix definition


       RDNSS 2001:4860:4860::8888 2001:4860:4860::8844
       {
               AdvRDNSSLifetime 600;
       }; # End of RDNSS definition

}; # End of interface definition

域控制器上安裝的角色/功能列表:

[dc1]: PS C:\Users\Administrator\Documents> Get-WindowsFeature | where {$_.InstallState -eq "Installed"}

Display Name                                            Name                       Install State
------------                                            ----                       -------------
[X] Active Directory Domain Services                    AD-Domain-Services             Installed
[X] DNS Server                                          DNS                            Installed
[X] File And Storage Services                           FileAndStorage-Services        Installed
   [X] File and iSCSI Services                         File-Services                  Installed
       [X] File Server                                 FS-FileServer                  Installed
   [X] Storage Services                                Storage-Services               Installed
[X] .NET Framework 4.5 Features                         NET-Framework-45-Fea...        Installed
   [X] .NET Framework 4.5                              NET-Framework-45-Core          Installed
   [X] WCF Services                                    NET-WCF-Services45             Installed
       [X] TCP Port Sharing                            NET-WCF-TCP-PortShar...        Installed
[X] Group Policy Management                             GPMC                           Installed
[X] Remote Server Administration Tools                  RSAT                           Installed
   [X] Role Administration Tools                       RSAT-Role-Tools                Installed
       [X] AD DS and AD LDS Tools                      RSAT-AD-Tools                  Installed
           [X] Active Directory module for Windows ... RSAT-AD-PowerShell             Installed
[X] Windows PowerShell                                  PowerShellRoot                 Installed
   [X] Windows PowerShell 3.0                          PowerShell                     Installed
[X] WoW64 Support                                       WoW64-Support                  Installed

乙太網介面的 IPv6 配置,按照聊天中的要求:

[dc1]: PS C:\Users\Administrator\Documents> netsh interface ipv6 show interface interface=Ethernet

Interface Ethernet Parameters
----------------------------------------------
IfLuid                             : ethernet_7
IfIndex                            : 12
State                              : connected
Metric                             : 10
Link MTU                           : 1500 bytes
Reachable Time                     : 33500 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms
DAD Transmits                      : 1
Site Prefix Length                 : 64
Site Id                            : 1
Forwarding                         : disabled
Advertising                        : disabled
Neighbor Discovery                 : enabled
Neighbor Unreachability Detection  : enabled
Router Discovery                   : enabled
Managed Address Configuration      : disabled
Other Stateful Configuration       : enabled
Weak Host Sends                    : disabled
Weak Host Receives                 : disabled
Use Automatic Metric               : enabled
Ignore Default Routes              : disabled
Advertised Router Lifetime         : 1800 seconds
Advertise Default Route            : disabled
Current Hop Limit                  : 64
Force ARPND Wake up patterns       : disabled
Directed MAC Wake up patterns      : disabled
ECN capability                     : application

雖然我仍然不知道為什麼會發生這種情況(並且歡迎解釋!)它現在似乎已修復。


我用細齒梳檢查了網路配置,令我懊惱的是,預設網關有一個錯字!

[dc1]: PS C:\Users\Administrator\Documents> Get-NetRoute -PolicyStore PersistentStore -AddressFamily IPv6

ifIndex DestinationPrefix                              NextHop                                  RouteMetric PolicyStore
------- -----------------                              -------                                  ----------- -----------
12      ::/0                                           2001:db8:116:bf::1                               256 Persiste...

嗯,哎呀!116:bf應該是16:bf

所以我修正了錯字,並從乙太網介面中刪除了 ULA 地址,瞧,不再有額外的 RA,我的網路又恢復了。

[dc1]: PS C:\Users\Administrator\Documents> Remove-NetRoute -NextHop 2001:db8:116:bf::1

Confirm
Are you sure you want to perform this action?
Performing operation "Remove" on Target "NetRoute -DestinationPrefix ::/0 -InterfaceIndex 12 -NextHop 2001:db8:116:bf::1 -Store Active"
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y

Confirm
Are you sure you want to perform this action?
Performing operation "Remove" on Target "NetRoute -DestinationPrefix ::/0 -InterfaceIndex 12 -NextHop 2001:db8:116:bf::1 -Store Persistent"
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y
[dc1]: PS C:\Users\Administrator\Documents> New-NetRoute -NextHop 2001:db8:16:bf::1 -DestinationPrefix ::/0 -InterfaceIndex 12

ifIndex DestinationPrefix                              NextHop                                  RouteMetric PolicyStore
------- -----------------                              -------                                  ----------- -----------
12      ::/0                                           2001:db8:16:bf::1                                256 ActiveStore
12      ::/0                                           2001:db8:16:bf::1                                256 Persiste...
[dc1]: PS C:\Users\Administrator\Documents> Remove-NetIPAddress -AddressFamily IPv6 -IPAddress fd4a:e7ab:34a5:0:807e:e44a:7ffc:ea90 -PrefixLength 64

Confirm
Are you sure you want to perform this action?
Performing operation "Remove" on Target "NetIPAddress -IPv6Address fd4a:e7ab:34a5:0:807e:e44a:7ffc:ea90 -InterfaceIndex 12 -Store Active"
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y

Wireshark 說,在鄰居請求、路由器廣告或其他任何地方都沒有進一步的 ULA 跡象。

引用自:https://serverfault.com/questions/476678