Solved

WPAD configured in trusted domain causing issues in our domain

Posted on 2013-01-22
2
1,095 Views
Last Modified: 2013-01-28
Hi All

We have a Windows 2008R2 domain, we do not have WPAD configured in our own domain, We are a healthcare organisation and we have a 2 way trust with another domain of a seperate healthcare org, we have conditonal forwarding configured for their internal domain name.

They have recently configured WPAD on their domain, this has led to people who use our DNS servers that do not have proxy servers configured being directed to our partners proxy server. This does not effect people who are members of our own domain as they have proxy settings configured by GPO, however we have a large number of doctors practices that are just workgroup members who use our DNS settings as the long term goal is to migrate them to our domain, however in the interim the WPAD setting is causing us some pain.

Is there a way we can stop the WPAD from the trusted domain taking effect, we have the globalqueryblocklist setting enabled and WPAD is in there however this doess not seem to stop it

Any help would be very much appreciated.

Thanks
0
Comment
Question by:ncomper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 38808205
Do you have DHCP telling clients to use the additional domain as a dns suffix?  That's the only way they might be querying for wpad.otherdomain.com that springs to mind.  If so I would ask if that additional suffix is necessary.

I haven't tested this myself but I think you should be able to essentially set up a split DNS to work around this.  Just define a Forward Lookup Zone for wpad.otherdomain.com, but don't put any records in it, all other queries for otherdomain.com should be handled by your conditional forwarder.

The blocklist applies to all zones that the DNS server is authoritative for, but not to queries through forwarders, etc.
0
 
LVL 5

Author Closing Comment

by:ncomper
ID: 38827579
Excellent thanks, the dummy DNS zone worked for us
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question