Update: After you install the fix from KB 3145126 , and if you experience issues with DNS Service crashing, see the known issues section of KB 3145126 – There’s a sample script provided in the Knowledge Base article that resolves the issue.
My name is Ajay Sarkaria and I am a Supportability Program Manager at Microsoft. Recently, we have seen support volumes on an issue with DNS Zones not being loaded on Windows Server 2008 R2-based DNS Servers.
The scenario is:
- You are running Windows Server 2008 R2 Servers as Domain Controller and/or DNS Servers and
- You install MS15-127: Security update for Microsoft Windows DNS to address remote code execution: December 8, 2015 (https://support.microsoft.com/en-us/kb/3100465)
- You install the following hotfix:
3022780 DNS server does not respond with IP address to a CNAME query for a delegated zone in Windows Server 2008 R2
After you install any of the above updates, you may notice the following symptoms:
- The domain DNS Zones do not load
- DNS Server manager may display the message: “The Zone is being read into memory“
An event similar to the below may be logged:
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4019
The DNS server attempted to load the Active Directory-integrated zone contoso.com in the background but there was an error during load. This zone will now be shut down. Correct the error and restart the DNS server service. The event data contains the error.
We’ve released a hotfix to address this issue and the same can be downloaded from:
3145126 Loading DNS zones takes a long time on a Windows Server 2008 R2-based DNS server
Note: If you followed a workaround to mitigate the issue of DNS Zones not loading prior to installing the newly released hotfix by running the following command:
dnscmd /Config /DsMinimumBackgroundLoadThreads 0
It is highly recommended that you re-run the below command to set the value as 1 (System default)
dnscmd /Config /DsMinimumBackgroundLoadThreads 1
Supportability Program Manager – Windows