Obscure tidbit comes in handy

AvgITGeekAvgITGeek Member Posts: 342 ■■■■□□□□□□
So the other day on the job I overheard some talk about a security issue involving WPAD and how there needs to be a GPO and a DNS entry and that should be that. It comes up that the DNS entry for WPAD isn't resolving. Yeah, starting in Server 2008, globalqueryblocklist was introduced and by default, WPAD and ISATAP are on that list. Removed WPAD from the blocklist and all is well.

Love to actually see some of this obscure stuff live in production.


  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Yeah, those are always fun.

    "How the *&&%$ did you know that, blargoe?"
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • drakerdraker Member Posts: 54 ■■□□□□□□□□
    We had an issue with WPAD.

    Domain joined Windows 7 clients connecting over VPN were failing to connect or would be really slow.
    Turns out they were trying to resolve wpad before connecting to the VPN but couldn't because they weren't connected to the network were wpad was resolvable. I believe the fix was a host file entry or something. Took several hours with MS support to ultimately figure it out ourselves with wireshark.

    Win 10 didn't have this issue.
    Break time..!
Sign In or Register to comment.