Recent Windows Server Updates Cause DNS Issues
Microsoft has addressed a new known issue causing DNS stub zone load failures that can lead to DNS resolution issues on Windows Server 2019 systems.
DNS stub zones are copies of DNS zones containing resource records needed to determine authoritative DNS servers for a specific zone and resolve names between separate DNS namespaces.
According to details posted on the Windows Health Dashboard, customers will only experience this known issue after installing updates released on January 25th and later.
“After installing the updates released January 25, 2022 (KB5009616) and later affected versions of Windows Server running DNS Server role, DNS stub zones may not load correctly, which may cause DNS name resolution to fail,” Microsoft explained.
The other two Windows updates that may trigger these DNS resolution issues are KB5010427 (released February 15) and KB5011551 (released two days ago, March 22).
Microsoft has resolved this issue through the Known Issues Rollback (KIR) feature. However, it will not automatically spread to affected devices.
Group policies for KIR patch deployment
To resolve DNS issues on company-managed devices that have buggy Windows Server updates installed, administrators will need to install and configure two group policies.
For more information on deploying and configuring these special group policies, please see How to use Group Policy to deploy a known issue restore,” Microsoft added.
The two Group Policies that administrators need to install and configure to resolve this known issue can be downloaded using the links below:
Microsoft previously fixed several issues with Windows January Updates, including a Bluetooth issue causing Windows blue screens, Windows domain controller reboots caused by LSASS crashes, Netlogon issues, and a Windows Active Directory bug.
Redmond has also released emergency out-of-band (OOB) updates to address issues caused by the January 2022 Patch Tuesday updates.
The issues they fixed were related to restarting Windows Server domain controllers, virtual machine startup failures, VPN connectivity, and ReFS-formatted removable media mount failures.