?
Solved

WPAD configured in trusted domain causing issues in our domain

Posted on 2013-01-22
2
Medium Priority
?
1,121 Views
Last Modified: 2013-01-28
Hi All

We have a Windows 2008R2 domain, we do not have WPAD configured in our own domain, We are a healthcare organisation and we have a 2 way trust with another domain of a seperate healthcare org, we have conditonal forwarding configured for their internal domain name.

They have recently configured WPAD on their domain, this has led to people who use our DNS servers that do not have proxy servers configured being directed to our partners proxy server. This does not effect people who are members of our own domain as they have proxy settings configured by GPO, however we have a large number of doctors practices that are just workgroup members who use our DNS settings as the long term goal is to migrate them to our domain, however in the interim the WPAD setting is causing us some pain.

Is there a way we can stop the WPAD from the trusted domain taking effect, we have the globalqueryblocklist setting enabled and WPAD is in there however this doess not seem to stop it

Any help would be very much appreciated.

Thanks
0
Comment
Question by:ncomper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 40

Accepted Solution

by:
footech earned 2000 total points
ID: 38808205
Do you have DHCP telling clients to use the additional domain as a dns suffix?  That's the only way they might be querying for wpad.otherdomain.com that springs to mind.  If so I would ask if that additional suffix is necessary.

I haven't tested this myself but I think you should be able to essentially set up a split DNS to work around this.  Just define a Forward Lookup Zone for wpad.otherdomain.com, but don't put any records in it, all other queries for otherdomain.com should be handled by your conditional forwarder.

The blocklist applies to all zones that the DNS server is authoritative for, but not to queries through forwarders, etc.
0
 
LVL 5

Author Closing Comment

by:ncomper
ID: 38827579
Excellent thanks, the dummy DNS zone worked for us
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses
Course of the Month10 days, 21 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question