KB5006672 - No external websites available after install / reboot

Tim Graber 1 Reputation point
2021-10-19T20:01:32.103+00:00

Immediately after we applied this security update to our server (two domain controllers), DNS began failing to resolve any external web resources. We could ping external IP addresses, but no resolution of name FQDN based queries at all.

The only workaround we had any luck implementing was to populate the DNS scope with an external DNS address and add internal resource servers to the hosts file under Windows\System32\drivers\etc folder on all our clients.

This cannot be a long term patch.

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,023 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gary Reynolds 9,391 Reputation points
    2021-10-20T07:46:42.397+00:00

    Hi @Tim Graber

    A few things to check:

    Is the DNS Service on the DCs started
    If you use nslookup on one of PC pointing at each DC can you resolve local domain names and external names
    If you use nslookup on the DCs pointing at the 8.8.8.8 are you able to resolve external names
    If you check in the DNS console, on the server properties are the root hints populated and if you have a Forwarder configured.
    Using nslookup on the DC can you resolve external names pointing at one of the root hints and one of the forwards

    Gary. 

    nslookup  
server <ip address of DC>  
<dc_name>  
server 8.8.8.8  
google.com  
server <ip address of root hint server>  
microsoft.com  
server <ip address of forwarder>  
amazon.com
    0 comments
  2. Limitless Technology 39,376 Reputation points
    2021-10-21T09:56:33.99+00:00

    Hi there,

    This has been identified by Microsoft. Microsoft is working on a resolution and targeting its release in a future update. The only resolution now would be to uninstall the update.

    Known issues in this update (KB5006672)
    https://support.microsoft.com/en-au/topic/october-12-2021-kb5006672-os-build-17763-2237-f5f567fd-950d-4db0-9d17-09435322578a

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments