Incorrect response when DNS server uses wildcard CNAME and DNSSEC validation failures in Windows Server 2012 R2

Se aplica a: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials

This article describes an issue in which incorrect responses are received when an DNS server uses wildcard CNAME and Domain Name System Security Extensions (DNSSEC) validation failures in Windows Server 2012 R2. An update is available to fix this issue. Before you install this update, see the Prerequisites section.

Issues that are fixed in this update

Issue 1

When DNSSEC validation is enabled on a Windows Server 2012 R2-based DNS server, the DNS server incorrectly reports the failed name validation when it receives a NODATA response and returns a SERVFAIL error to the client.

Issue 2

Windows Server 2012 R2-based DNS server doesn't return all the Resource record signature (RRSIG) records that should be returned with the Next Secure (NSEC) records if the query passes through a BIND forwarder during resolution. This causes DNSSEC validation to fail for any servers that are using Windows Server 2012 R2-based server as a forwarder.

Issue 3

Incorrect response to AAAA queries from Windows Server 2012 R2-based DNS server when a wildcard CNAME is used. 

How to get this update

Important If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Method 1: Windows Update

This update is provided as a Recommended update on Windows Update. For more information on how to run Windows Update, see How to get an update through Windows Update.

Method 2: Microsoft Download Center

The following files are available for download from the Microsoft Download Center:

Operating systemUpdate
All supported x64-based versions of Windows Server 2012 R2Download Download the package now.
For more information about how to download Microsoft support files, select the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Update detail information


To install this update, install April 2014, update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) in Windows Server 2012 R2.

Registry information

To apply this update, you don't have to make any changes to the registry.

Restart requirement

You may have to restart the computer after you apply this update.

Update replacement information

This update doesn't replace a previously released update.


Microsoft has confirmed that this's a problem in the Microsoft products that are listed in the "Applies to" section.


Learn about the terminology that Microsoft uses to describe software updates.

File Information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.