This post is also available in: Slovenian
DNS entry for WPAD throwing error and there’s no possible redirection of Internet traffic through the desired proxy server.
The enterprise network is commonly using web proxy for secure user access to the Internet. Of course, it is necessary to regulate this that all internet traffic is routed through a proxy server as transparent traffic redirection, or, as is more usual, by usin the WPAD file.
On the IIS server deploy http://wpad.domena/wpad.dat with which users receive information on where to redirect Internet traffic.
Till recently it worked all this without any problems, at the end of last year, the trouble began with DNS erver on Windows Server 2003 installed. In Windows Server 2008 R2, and from the end of last year, the correction kb961063 on Windows Server 2003, is a new feature introduced Global Query Block List, which provides the security that someone can not take over the WPAD and announce on its computer that is the WPAD server. At the same time this feature can be a problem with the right WPAD file.
When looking for the nslookup and it throws out error: can not find WPAD: non-existent domain
Even the ping does not work: ping reguest could not find WPAD host. Please check the name and try again
There are two solutions:
- varnostno riskier to turn off the function Global Query Block List
- varnosto well utilized new functionality by allowing wpad.domena eliminated from the Global Query Block List
Deactivating the Global Query Block List
deactivate the command:dnscmd /config /enableglobalqueryblocklist 0
If you want to later turn back this functionality, just change the value from 0 to 1
WPAD is eliminated from the Global Query Block List
The list is stored in the
HKLM \SYSTEM \CurrentControlSet \Services \DNS \Parameters \GlobalQueryBlockList.
Delete the WPAD entry and make a restart of DNS services to the global list to be reloaded.
This has to be done on each DNS server manually because this can not be replicated to other DNS servers.
Solution source: Michael King
Manage Global Query Block list
• info or sheet is enabled or not: dnscmd /info /enableglobalqueryblocklist
• show hosts: dnscmd /info /globalqueryblocklist
• removal of all hosts: dnscmd /config /globalqueryblocklist
In order to accelerate change I recommended temporary change in group policy for users:
User Configuration – Policies – internet-explorer maintenance – connection – automatic browser configuration temporarily tick enable automatic configuration and add the URL where the WPAD file is. Later, it withdraws and re-ticked automatically detect configuration.
Otherwise, users will had problems getting to internet in others networks on their notebooks.