Incorrect response when DNS server uses wildcard CNAME and DNSSEC validation failures in Windows Server 2012 R2

This article describes an issue in which incorrect responses are received when an DNS server uses wildcard CNAME and Domain Name System Security Extensions (DNSSEC) validation failures in Windows Server 2012 R2. An update is available to fix this issue. Before you install this update, see the Prerequisites section.
Issues that are fixed in this update

Issue 1

When DNSSEC validation is enabled on a Windows Server 2012 R2-based DNS server, the DNS server incorrectly reports the failed name validation when it receives a NODATA response and returns a SERVFAIL error to the client.

Issue 2

Windows Server 2012 R2-based DNS server doesn't return all the Resource record signature (RRSIG) records that should be returned with the Next Secure (NSEC) records if the query passes through a BIND forwarder during resolution. This causes DNSSEC validation to fail for any servers that are using Windows Server 2012 R2-based server as a forwarder.

Issue 3

Incorrect response to AAAA queries from Windows Server 2012 R2-based DNS server when a wildcard CNAME is used. 
How to get this update
Important If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Method 1: Windows Update

This update is provided as a Recommended update on Windows Update. For more information on how to run Windows Update, see How to get an update through Windows Update.

Method 2: Microsoft Download Center

The following files are available for download from the Microsoft Download Center:
Operating systemUpdate
All supported x64-based versions of Windows Server 2012 R2DownloadDownload the package now.
For more information about how to download Microsoft support files, select the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Update detail information

Prerequisites

To install this update, install April 2014, update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2919355) in Windows Server 2012 R2.

Registry information

To apply this update, you don't have to make any changes to the registry.

Restart requirement

You may have to restart the computer after you apply this update.

Update replacement information

This update doesn't replace a previously released update.
Status
Microsoft has confirmed that this's a problem in the Microsoft products that are listed in the "Applies to" section.
References
Learn about the terminology that Microsoft uses to describe software updates.
File Information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows Server 2012 R2

Notes
  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.3.960 0.18 xxxWindows Server 2012 R2RTMGDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed in the "Additional file information" section. MUM, MANIFEST, and the associated security catalog (.cat) files, are very important to maintain the state of the updated components. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
x64 Windows Server 2012 R2
File nameFile versionFile sizeDateTimePlatform
Cache.dnsNot applicable3,19818-Jun-201314:43Not applicable
Dns.exe6.3.9600.181911,735,68008-Jan-201617:07x64
Dnsserver.events.xmlNot applicable60918-Jun-201314:43Not applicable

Additional file information

x64 Windows Server 2012 R2
File propertyValue
File nameAmd64_19ddbbef69e81cca95581594d71d5066_31bf3856ad364e35_6.3.9600.18191_none_bcd6b7bed7307ddf.manifest
File versionNot applicable
File size718
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_2f319a326c4bf2082cf9fee1554c675c_31bf3856ad364e35_6.3.9600.18191_none_c7bc64eadb653c44.manifest
File versionNot applicable
File size718
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_4a992388299c62fb644b83e2c8412597_31bf3856ad364e35_6.3.9600.18191_none_f7fd7d601beec6cd.manifest
File versionNot applicable
File size718
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_5702fcd85502d4bb691fc416cbe7783a_31bf3856ad364e35_6.3.9600.18191_none_82fa1232c14b2e0e.manifest
File versionNot applicable
File size718
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_8c3a5dce6e81ca0c1ad1571a6c7d83ad_31bf3856ad364e35_6.3.9600.18191_none_227814fc050ef081.manifest
File versionNot applicable
File size718
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_b6adb59e7cc3ced5527cb6fbe78d8782_31bf3856ad364e35_6.3.9600.18191_none_cd4222bf64033900.manifest
File versionNot applicable
File size718
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_b897e4f4eb48dc1eb86092ed84650fc7_31bf3856ad364e35_6.3.9600.18191_none_f13488b4559fbac9.manifest
File versionNot applicable
File size718
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_bf2df38076d6a8184eb9ac8f4c9cc28e_31bf3856ad364e35_6.3.9600.18191_none_35042116c42443e6.manifest
File versionNot applicable
File size710
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_c4f4878f3c6746219404c8dc3b4889e8_31bf3856ad364e35_6.3.9600.18191_none_d15da2c009077663.manifest
File versionNot applicable
File size718
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_d8ca974e0cc6cec7e1289eba2b4242e0_31bf3856ad364e35_6.3.9600.18191_none_7ce7d3a925ddc200.manifest
File versionNot applicable
File size718
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_dcc7990e68bd8e3417586fc69accf384_31bf3856ad364e35_6.3.9600.18191_none_dc5fd486c125d5b6.manifest
File versionNot applicable
File size718
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_eae028a28205c0da5f0beee963213368_31bf3856ad364e35_6.3.9600.18191_none_65d162e1db6743a1.manifest
File versionNot applicable
File size718
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_f4748f2f40d8018076021e218b7c8389_31bf3856ad364e35_6.3.9600.18191_none_0b50ac3fbdc117c7.manifest
File versionNot applicable
File size718
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_microsoft-windows-d..r-service.resources_31bf3856ad364e35_6.3.9600.18191_de-de_a3c973fe4f5f0fd3.manifest
File versionNot applicable
File size2,476
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_microsoft-windows-d..r-service.resources_31bf3856ad364e35_6.3.9600.18191_en-us_4cba49f73e3d1b98.manifest
File versionNot applicable
File size2,476
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_microsoft-windows-d..r-service.resources_31bf3856ad364e35_6.3.9600.18191_es-es_4c85a6db3e640d3d.manifest
File versionNot applicable
File size2,476
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_microsoft-windows-d..r-service.resources_31bf3856ad364e35_6.3.9600.18191_fr-fr_ef3d1cda3136239f.manifest
File versionNot applicable
File size2,476
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_microsoft-windows-d..r-service.resources_31bf3856ad364e35_6.3.9600.18191_it-it_d96513210868091d.manifest
File versionNot applicable
File size2,476
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_microsoft-windows-d..r-service.resources_31bf3856ad364e35_6.3.9600.18191_ja-jp_7b8a922dfb831af8.manifest
File versionNot applicable
File size2,476
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_microsoft-windows-d..r-service.resources_31bf3856ad364e35_6.3.9600.18191_ko-kr_1ef46ee2edf3e20e.manifest
File versionNot applicable
File size2,476
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_microsoft-windows-d..r-service.resources_31bf3856ad364e35_6.3.9600.18191_pt-br_4e56807baaf11937.manifest
File versionNot applicable
File size2,476
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_microsoft-windows-d..r-service.resources_31bf3856ad364e35_6.3.9600.18191_ru-ru_95db61ab8f42173f.manifest
File versionNot applicable
File size2,476
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_microsoft-windows-d..r-service.resources_31bf3856ad364e35_6.3.9600.18191_zh-cn_ac40b465255ef5aa.manifest
File versionNot applicable
File size2,476
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_microsoft-windows-d..r-service.resources_31bf3856ad364e35_6.3.9600.18191_zh-hk_aaebacf3263a683a.manifest
File versionNot applicable
File size2,476
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_microsoft-windows-d..r-service.resources_31bf3856ad364e35_6.3.9600.18191_zh-tw_b03cf1bb22cfd21a.manifest
File versionNot applicable
File size2,476
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
File nameAmd64_microsoft-windows-dns-server-service_31bf3856ad364e35_6.3.9600.18191_none_3eb6435aaa96a85f.manifest
File versionNot applicable
File size287,181
Date (UTC)08-Jan-2016
Time (UTC)19:37
PlatformNot applicable
File nameUpdate.mum
File versionNot applicable
File size16,888
Date (UTC)09-Jan-2016
Time (UTC)01:32
PlatformNot applicable
Properties

Article ID: 3133717 - Last Review: 03/08/2016 19:09:00 - Revision: 2.0

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation

  • kbsurveynew atdownload kbexpertiseadvanced kbfix KB3133717
Feedback