Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. SERVFAIL error from a Windows Server 2012 R2-based DNS server that has DNSSEC enabled

SERVFAIL error from a Windows Server 2012 R2-based DNS server that has DNSSEC enabled

View products that this article applies to.

Symptoms

Consider the following scenario:
  • You have a domain name system (DNS) server that is running Windows Server 2012 R2.
  • The domain name system security extensions (DNSSEC) feature is enabled for root zones.
  • The A record exists in a domain within a delegated zone.
  • The DNS server processes a query and receives an A record response that requires validations to make sure that the domain is secure.
  • The included hashed authenticated denial of existence (NSEC3) record is expired in the DNS server cache, and a new secure validation query is made.
  • The DNS sends a query for the DS record to the delegated zone server.
  • The delegated zone server does not support the DNSSEC feature, and it responds with the NOT_IMPLEMENTED message.
In this scenario, the DNS server returns a SERVFAIL error to the client.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

References

See the terminology that Microsoft uses to describe software updates.

↑ Back to the top

Keywords: kbqfe, kbfix, kbsurveynew, kbexpertiseadvanced, kb

↑ Back to the top

Article Info
Article ID : 3004539
Revision : 1
Created on : 1/7/2017
Published on : 11/18/2014
Exists online : False
Views : 176