Important If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see
Add language packs to Windows.
Method 1: Windows Update
This update is provided as a
Recommended update on Windows Update. For more information on how to run Windows Update, see
How to get an update through Windows Update.
Method 2: Microsoft Update Catalog
To get the stand-alone package for this update, go to the
Microsoft Update Catalog website.
Known issue 1
After you install update KB3145126, you may experience crashes of the DNS service. In this scenario, an event that resembles the following is logged in the Application log:
Log Name: <Application>
Source: <Application Error>
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Description:
Faulting application name: dns.exe, version: 6.1.7601.23375
Faulting module name: dns.exe, version: 6.1.7601.23375
Exception code: 0xc0000005
Faulting application path: C:\Windows\system32\dns.exe
Faulting module path: C:\Windows\system32\dns.exe
Cause
This DNS service crash may occur if DNS is configured to have a CNAME and an SOA record that both exist for the "@" record. The "@" record identifies the root of a DNS zone. This can frequently be identified in the DNS Manager as a record with the <
same as parent folder> name. The SOA and NS records are allowed in this folder. RFC 2181 describes name uniqueness checks for CNAME records. According to RFC 2181, the CNAME may not exist in the <
same as parent name> folder ("@") of a zone.
Resolution
To avoid this issue, identify and remove the "@" CNAME record that's causing the issue from the misconfigured zone before you install update KB3145126.
To help identify problematic zones, run the following sample PowerShell script. PowerShell is installed by default in Windows Server 2008 R2.
$count = 0
$var = get-wmiobject -query "select * from win32_service where name = 'dns'"
if ($var -ne $null)
{
if ($var.state.tolower() -eq "running")
{
[array] $global:badcnamedomains = $null
$var = get-wmiobject -namespace "root\microsoftdns" -query "select * from microsoftdns_zone"
if ($var -ne $null)
{
foreach ($var2 in $var)
{
$query = "select * from microsoftdns_cnametype where containername = '" + $var2.name + "'"
$var3 = get-wmiobject -namespace "root\microsoftdns" -query $query | where {$_.ownername -eq $var2.name}
if ($var3 -ne $null)
{
$count += 1
$global:badcnamedomains += $var3.domainname
}
}
}
else
{
write-host "No zones returned"
}
}
else
{
Write-Host "DNS Service is not running"
break;
}
}
if ($count -gt 0)
{
write-host "Total number of zones found: $count"
write-host "The zones are:"
write-host $global:badcnamedomains
}
elseif ($count -eq 0)
{
write-host "No zones found with the issue"
}
$count = $null
$global:badcnamedomains = $null
This script will identify CNAME records that conflict with SOA records in locally held DNS zones. If you see a “DNS Service is not running” message when you run the PowerShell script, make sure that the DNS service is started before you run the script. You may have to uninstall the KB3145126 update first to make the DNS service stable.
To delete the CNAME records that do not comply with RFC 2181 based on the output that's returned from the PowerShell script, type the following command at command prompt, and then press Enter:
DNSCMD /recorddelete DNS zone name @ cname