Posts

Showing posts from February, 2010

WPAD does not resolve in DNS

At work, we're doing a POC (proof of concept) with a web-proxy, specifically Ironport Websecurity Appliance. Like most all proxies, you have to get the traffic from the client to the proxy. It supports transparent traffic redirection, but we're looking at using WPAD instead. However, when I created the WPAD DNS entry, it didn't resolve. C:\>ping wpad Ping request could not find host wpad. Please check the name and try again. C:\>nslookup wpad <DNSServer1> Server: <DNSServer1>.domain.net Address: <IPofDNSServer1> *** <DNSServer1>.domain.net can't find wpad: Non-existent domain This of course, is a big problem. It took a little investigating, but I found the cause. Windows Server 2008 introduced a new feature, called "Global Query Block list", which prevents some arbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himsel