Applies ToWindows Server 2012 R2 Datacenter Windows Server 2012 R2 Essentials Windows Server 2012 R2 Foundation Windows Server 2012 R2 Standard

Symptoms

Consider the following scenario:

  • You have a domain name system (DNS) server that is running Windows Server 2012 R2.

  • The domain name system security extensions (DNSSEC) feature is enabled for root zones.

  • The A record exists in a domain within a delegated zone.

  • The DNS server processes a query and receives an A record response that requires validations to make sure that the domain is secure.

  • The included hashed authenticated denial of existence (NSEC3) record is expired in the DNS server cache, and a new secure validation query is made.

  • The DNS sends a query for the DS record to the delegated zone server.

  • The delegated zone server does not support the DNSSEC feature, and it responds with the NOT_IMPLEMENTED message.

In this scenario, the DNS server returns a SERVFAIL error to the client.

Resolution

To resolve this issue, install the November 2014 update rollup for Windows RT 8.1, Windows 8.1, or Windows Server 2012 R2.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

See the terminology that Microsoft uses to describe software updates.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.