The CPU usage for the DNS Server service reaches 100 percent after you install hotfix 953419


Consider the following scenario:
  • You install and configure the Domain Name System (DNS) Server service on a computer that is running Windows Server 2003 Service Pack 2 (SP2).
  • You install hotfix 953419.
In this scenario, the CPU usage of the DNS Server service (Dns.exe) may reach 100 percent. At the same time, the DNS Server service stops responding.


This problem occurs because the DNS Server service enters an infinite loop.

When a DNS server receives a name resolution request, the request can be a forward lookup request or a reverse lookup request. For example, consider the following scenario:
  • The request is for the “” record.
  • The DNS server queries the root hints servers for the record because the DNS server cannot resolve the name resolution request.
  • The root hints server responds that it cannot resolve this query and provides the list of name servers that own the “” domain name records such as the “” record and the “” record.
  • The DNS server queries the list of name servers and then finds that there are no glue records. Therefore, the DNS server suspends the name resolution request for the “” record and constructs a new name resolution request for name servers in the list.
  • The DNS server finds that a conditional forwarder is configured that can resolve the query for name servers in the list.
In this scenario, the DNS server enters an infinite loop because of an issue introduced in the hotfix 953419. Therefore, the DNS server cannot send the query to the conditional forwarder.


Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.


To apply this hotfix, your computer must be running Windows Server 2003 Service Pack 2 (SP2). Additionally, the DNS Server service must be installed on the computer.

For more information about how to obtain a Windows Server 2003 service pack or a Windows XP Professional x64 Edition service pack, click the following article number to view the article in the Microsoft Knowledge Base:

889100 How to obtain the latest service pack for Windows Server 2003

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The English (United States) version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
Windows XP and Windows Server 2003 file information notes
  • In addition to the files that are listed in these tables, this hotfix also installs an associated security catalog file ( that is signed with a Microsoft digital signature.
For all supported x86-based versions of Windows Server 2003 SP2

File nameFile versionFile sizeDateTimePlatformSP requirement
Dnsperf.hNot Applicable6,64226-Apr-200804:54Not ApplicableSP2
Dnsperf.iniNot Applicable11,59726-Apr-200804:54Not ApplicableSP2
Tcpip6.sys5.2.3790.4573247,48815-Aug-200907:31Not ApplicableSP2
For all supported x64-based versions of Windows Server 2003 SP2

File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Afd.sys5.2.3790.4392292,35208-Jan-201010:07x64SP2Not Applicable
Dns.exe5.2.3790.4646780,80008-Jan-201010:07x64SP2Not Applicable
Dnsperf.dll5.2.3790.446014,33608-Jan-201010:08x64SP2Not Applicable
Dnsperf.hNot Applicable6,64208-Jan-201010:08Not ApplicableSP2Not Applicable
Dnsperf.iniNot Applicable11,59708-Jan-201010:08Not ApplicableSP2Not Applicable
Mswsock.dll5.2.3790.4318493,05608-Jan-201010:08x64SP2Not Applicable
Tcpip.sys5.2.3790.4573798,20808-Jan-201010:09x64SP2Not Applicable
Tcpip6.sys5.2.3790.4573394,49608-Jan-201010:09x64SP2Not Applicable
W03a3409.dll5.2.3790.459044,03208-Jan-201010:09x64SP2Not Applicable
For all supported IA-64-based versions of Windows Server 2003 SP2

File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Afd.sys5.2.3790.4392584,19208-Jan-201010:04IA-64SP2Not Applicable
Dns.exe5.2.3790.46461,150,97608-Jan-201010:04IA-64SP2Not Applicable
Dnsperf.dll5.2.3790.446026,62408-Jan-201010:05IA-64SP2Not Applicable
Dnsperf.hNot Applicable6,64208-Jan-201010:05Not ApplicableSP2Not Applicable
Dnsperf.iniNot Applicable11,59708-Jan-201010:05Not ApplicableSP2Not Applicable
Mswsock.dll5.2.3790.4318789,50408-Jan-201010:05IA-64SP2Not Applicable
Tcpip.sys5.2.3790.45731,336,32008-Jan-201010:06IA-64SP2Not Applicable
Tcpip6.sys5.2.3790.4573798,84808-Jan-201010:06Not ApplicableSP2Not Applicable
W03a3409.dll5.2.3790.459042,49608-Jan-201010:06IA-64SP2Not Applicable


To work around this issue, restart the DNS Server service on the DNS server, or roll back to an earlier version that existed before you installed 953419.

Note You may encounter this issue again if you restart the DNS Server service. Therefore, we recommend that you roll back the system to an earlier version to work around this issue.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

953419 A Windows Server 2003-based DNS server does not forward a request to a target forwarder after you configure a conditional forwarder to resolve a DNS domain

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates


Article ID: 978413 - Last Review: Oct 10, 2011 - Revision: 1