Posts

Showing posts from 2010

WPAD does not resolve in DNS

At work, we're doing a POC (proof of concept) with a web-proxy, specifically Ironport Websecurity Appliance. Like most all proxies, you have to get the traffic from the client to the proxy. It supports transparent traffic redirection, but we're looking at using WPAD instead.

However, when I created the WPAD DNS entry, it didn't resolve.

C:\>ping wpad
Ping request could not find host wpad. Please check the name and try again.


C:\>nslookup wpad <DNSServer1>
Server: <DNSServer1>.domain.net
Address: <IPofDNSServer1>
*** <DNSServer1>.domain.net can't find wpad: Non-existent domain

This of course, is a big problem. It took a little investigating, but I found the cause. Windows Server 2008 introduced a new feature, called "Global Query Block list", which prevents some arbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himself up as a prox…