This article describes an issue in which incorrect responses are received when an DNS server uses wildcard CNAME and Domain Name System Security Extensions (DNSSEC) validation failures in Windows Server 2012 R2. An update is available to fix this issue. Before you install this update, see the Prerequisites section.
Issue 1When DNSSEC validation is enabled on a Windows Server 2012 R2-based DNS server, the DNS server incorrectly reports the failed name validation when it receives a NODATA response and returns a SERVFAIL error to the client.
Issue 2Windows Server 2012 R2-based DNS server doesn't return all the Resource record signature (RRSIG) records that should be returned with the Next Secure (NSEC) records if the query passes through a BIND forwarder during resolution. This causes DNSSEC validation to fail for any servers that are using Windows Server 2012 R2-based server as a forwarder.
Issue 3Incorrect response to AAAA queries from Windows Server 2012 R2-based DNS server when a wildcard CNAME is used.
Important If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.
Method 1: Windows UpdateThis update is provided as a Recommended update on Windows Update. For more information on how to run Windows Update, see How to get an update through Windows Update.
Method 2: Microsoft Download CenterThe following files are available for download from the Microsoft Download Center:
For more information about how to download Microsoft support files, select the following article number to view the article in the Microsoft Knowledge Base:
|All supported x64-based versions of Windows Server 2012 R2||Download the package now.|
119591 How to obtain Microsoft support files from online servicesMicrosoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
PrerequisitesTo install this update, install April 2014, update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) in Windows Server 2012 R2.
Registry informationTo apply this update, you don't have to make any changes to the registry.
Restart requirementYou may have to restart the computer after you apply this update.
Update replacement informationThis update doesn't replace a previously released update.
Microsoft has confirmed that this's a problem in the Microsoft products that are listed in the "Applies to" section.
Article ID: 3133717 - Last Review: Mar 8, 2016 - Revision: 1
Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation