I’ve searched and haven’t been able to find a reason this couldn’t happen. IPv6 is the preferred protocol for DNS or at least it seems that way running nslookup on a computer with both IPv6 and IPv4, the computer resolves DNS with the IPv6 protocol. Assume an organization has not configured IPv6 on their win7/vista clients and is using a 3rd party DHCP service for IPv4 such as a router. If an internal attacker on the network sets up an IPv6 infrastructure using stateless addressing and adds a configuration for a rogue DNS server, could he redirect internal traffic to establish a DoS or worse redirection to an internal malicious website? I understand he could do the same with IPv4 but it wouldn’t bring down clients who already have an IP address. I have absolutely no intention of doing this unless I need to confirm in a test enviroment and I am only asking to further my own understanding. Is this a real threat for organizations who are not utilizing an authorized DHCP server? If it doesnt work enable everything, blame software errors and rebuild

Hi, Thanks for posting here. This is a good assuming and so that we always suggest deploying active directory and authorizing DHCP servers to prevent this situation. Authorizing DHCP servers http://technet.microsoft.com/en-us/library/cc781697(WS.10).aspx Meanwhile, granting appropriate permissions for accounts and deploying network access protecting could also prevent it. Network Access Protection http://technet.microsoft.com/en-us/network/bb545879 Thanks. Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Tiger Li, Thanks for your response, I wasn't totally sure a client could have it's DNS hijacked like this. I was aware precautions could be taken to prevent this type of attack but I wasnt 100% sure if a client would use a rouge IPv6 DNS server instead of a domain IPv4 server based simply on protocol preference. I'm considering seting up a test enviroment to demonstrate countermeasures and the actual vulnerability. Thanks for your help. One further question regarding Authorized DHCP Servers as IPv6 doesnt get mention in the article you linked. If a client recieves a trusted IPv4 address will it prefer the trusted IPv4 address over an untrusted IPv6 address? If not than the remaining options would be NAP, Disable IPv6 or configure an IPv6 network... Correct?If it doesnt work enable everything, blame software errors and rebuild

Hi, Thanks for update. >One further question regarding Authorized DHCP Servers as IPv6 doesnt get mention in the article you linked. This authorization mechanism is included all DHCP protocol service in AD environment, also include IPv6 DHCP service. >If a client recieves a trusted IPv4 address will it prefer the trusted IPv4 address over an untrusted IPv6 address? IPv6 address will only be used for IPv6 commutation, so I belive there is no relate with IPv4. > If not than the remaining options would be NAP, Disable IPv6 or configure an IPv6 network... Correct? It is not recommended to disable IPv6, you could acquire the explanation form the link below http://blogs.technet.com/b/netro/archive/2010/11/24/arguments-against-disabling-ipv6.aspx Meanwhile, I ‘d also uggest reading the article below: DHCP Security http://technet.microsoft.com/en-us/library/dd296625(WS.10).aspx Thanks. Tiger Li Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.