DNS Server service randomly cannot resolve external names and returns a "Server Failure" error if IPv6 is disabled in Windows Server 2008 and Windows Server 2008 R2

Symptoms

Consider the following scenario:
  • You install the DNS Server role on a computer that is running Windows Server 2008 or Windows Server 2008 R2.
  • You disable IP version 6 (IPv6) on the computer.
  • You configure the DNS server to use root hints to resolve external name resolution.
  • The DNS Server service receives some external name resolution requests.
In this scenario, the DNS Server service randomly returns the following error message:
Server Failure
Additionally, users cannot access some Internet network resource if they use the DNS server to resolve external names.

For example, users cannot access some websites.

Note If you collect a network trace when this issue occurs, the trace contains the following network packets:
<IP> <IP> DNS DNS:QueryId = 0x1C, QUERY (Standard query), Query for <name> of type Host Addr on class Internet
...
<IP> <IP> DNS DNS:QueryId = 0x1C, QUERY (Standard query), Response - Server failure

Cause

This issue occurs because the DNS Server service does not check whether IPv6 is disabled when the service selects an IP address to send the next DNS query.

When the DNS Server service queries the name server for an external name resolution request, the Internet DNS server returns an IP address list that contains IP version 4 (IPv4) and IPv6 addresses. However, the DNS Server service does not check whether IPv6 is disabled when the service selects an IP address to send the next DNS query. The service may select an IPv6 address when IPv6 is disabled. Therefore, the DNS Server service does not send the next DNS query, and this issue occurs.

Resolution

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must be running one of the following operating systems:
  • Windows Server 2008 R2
  • Windows Server 2008 R2 Service Pack 1 (SP1)
  • Windows Server 2008 SP2
Additionally, the DNS Server role must be installed.

For more information about how to obtain a Windows Server 2008 service pack, click the following article number to view the article in the Microsoft Knowledge Base:

968849 How to obtain the latest service pack for Windows Server 2008

For more information about how to obtain a Windows Server 2008 R2 service pack, click the following article number to view the article in the Microsoft Knowledge Base:

976932 Information about Service Pack 1 for Windows 7 and for Windows Server 2008 R2

Registry information

To use the hotfix in this package, you do not have to make any changes to the registry.

Restart requirement

You do not have to restart the computer after you apply this hotfix.

You must stop the DNS Server service before you apply this hotfix to avoid restarting.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.
File information

Workaround

To work around this issue, enable IPv6 on the DNS Server service.

For more information about how to enable IPv6, click the following article number to view the article in the Microsoft Knowledge Base:
929852 How to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista, Windows 7, and Windows Server 2008

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
929852 How to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista, Windows 7, and Windows Server 2008
Additional file information
Eigenschappen

Artikel-id: 2549656 - Laatst bijgewerkt: 10 jul. 2013 - Revisie: 1

Feedback