[SOLVED] IPv6 still seems to work despite atempting to disable it.

IceQueen0607

Commendable
Nov 27, 2019
197
29
1,640
7
I have set the TCPIP6 parameters disabled components to ff (255)
I have disabled ipv6 (prot 41) in firewall inbound and outbound.
I have unticked the IPv6 prot on all network adapters.
IPHelper service is disabled
Teredo is disabled (v6transition registry teredo_state set to disabled)

So someone tells me they can't login to hotmail. That requires access to login.live.com, which I thought I hadn't blocked via hosts, then I found ::1 login.kive.com
Removed it and they could then log on.
So, access to this website appears to require IPv6 which I thought I had disabled.

Clearly I can't disable IPv6 for people that use hotmail/outlook, but I'd like to figure out what I missed
 
The host file is always checked for a entry. If it finds anything it will attempt to use it and never use the DNS. So if it finds a IPv6 IP and you blocked IPv6 it will fail. If you put in both a IPv4 and a IPv6 addresses I am not sure which it uses, likely is some rules. It has been a long time but my guess is it works the same as when you try to put in multiple IPv4 addresses. It will only use the first one it finds. If that one is bad it never tries the second one.

This is kinda why you can't use host files to do load balancing and have to use fancy software. Actual DNS servers do have the ability to send out different results.

When I use NSLOOKUP on login.live.com I only get IPv4 addresses but this can actually vary depending on where you live just like the IP addresses can change. If you do microsoft.com you will get both IPv6 and IPv4 addresses. I know I have IPv6 disabled and it always selects one of the IPv4 addresses.

If you really think that IPv6 is sneaking out of your network the method that should always work is to put in a static route in your router pointing the ipv6 summary/default to the blackhole address. Not all routers have this ability and it likely will cause large issues because the pc if it has ipv6 enable and it gets a IPv6 dns entry it will try to use and not try the IPv4...again it depends on the order the DNS server presents it.
 

Ralston18

Titan
Moderator
Question:

"So, access to this website appears to require IPv6 which I thought I had disabled. "

If access appears to require IPv6 then why is it [IPv6] being disabled?

I am missing something here.....

What is your working network environment?
 
It really should be as easy as disabling ipv6 in the nic setting.

When you look at the ipconfig you will no longer see any IPv6 addresses.

The host file should be blank unless you have loaded some kind of software to block things that made settings.

login.live.com will resolve to ipv4 addresses so I don't think it requires IPv6. The only thing I have seen that uses IPv6 are some game consoles and those seem to always used teredo tunnels.
 

IceQueen0607

Commendable
Nov 27, 2019
197
29
1,640
7
I don't use any of hotmail/outlook/live.com

My sons girlfriend does. I built her PC so I had thought I had disabled IPv6. I asked what she used for email and she told me she doesn't use email.

login.live.com is used for hotmail and outlook and live.com.

In the host file was ::1 login.live.com, which if IPv6 was disabled, then I should not have even needed that. It was part of a bigger block list I got from github.

Removing it enabled access to login.live.com.

So maybe I am the one missing something here..

If the IPv4 equivalent 127.0.0.1 login.live.com is not present and ::1 login.live.com is present and access is blocked, then that suggests to me the site uses IPv6. That further suggests to me that IPv6 is not disabled on the PCs. Since IPv4 was not blocked, if the site used ipv4 exclusively then shouldn't she have had access to the site?

If I add ::1 login.live.com to my hosts file then I cannot access the site either.

At my sons home I assume the ISP supplied router is the DHCP server, which I do not have access to.

Correct, I do not see IPv6 addresses on ipconfig /all

His network environment is basic; 3 PCs, a PS3, a couple of cell phones. 1Gbe all round wired. Only phones use WiFi. PCs are all Windows 10 built by me from a base image I created some time ago and configured with a post installation script that installs applications and make tweaks, such as [attempting to] disable ipv6.

The hosts files have 28,413 entries.

Looking at wireshark I see some ipv6 packets. Not a lot, but the outgoing packets are getting responses.
 
Last edited:
The host file is always checked for a entry. If it finds anything it will attempt to use it and never use the DNS. So if it finds a IPv6 IP and you blocked IPv6 it will fail. If you put in both a IPv4 and a IPv6 addresses I am not sure which it uses, likely is some rules. It has been a long time but my guess is it works the same as when you try to put in multiple IPv4 addresses. It will only use the first one it finds. If that one is bad it never tries the second one.

This is kinda why you can't use host files to do load balancing and have to use fancy software. Actual DNS servers do have the ability to send out different results.

When I use NSLOOKUP on login.live.com I only get IPv4 addresses but this can actually vary depending on where you live just like the IP addresses can change. If you do microsoft.com you will get both IPv6 and IPv4 addresses. I know I have IPv6 disabled and it always selects one of the IPv4 addresses.

If you really think that IPv6 is sneaking out of your network the method that should always work is to put in a static route in your router pointing the ipv6 summary/default to the blackhole address. Not all routers have this ability and it likely will cause large issues because the pc if it has ipv6 enable and it gets a IPv6 dns entry it will try to use and not try the IPv4...again it depends on the order the DNS server presents it.
 

ASK THE COMMUNITY

TRENDING THREADS