Solved

WPAD configured in trusted domain causing issues in our domain

Posted on 2013-01-22
2
1,027 Views
Last Modified: 2013-01-28
Hi All

We have a Windows 2008R2 domain, we do not have WPAD configured in our own domain, We are a healthcare organisation and we have a 2 way trust with another domain of a seperate healthcare org, we have conditonal forwarding configured for their internal domain name.

They have recently configured WPAD on their domain, this has led to people who use our DNS servers that do not have proxy servers configured being directed to our partners proxy server. This does not effect people who are members of our own domain as they have proxy settings configured by GPO, however we have a large number of doctors practices that are just workgroup members who use our DNS settings as the long term goal is to migrate them to our domain, however in the interim the WPAD setting is causing us some pain.

Is there a way we can stop the WPAD from the trusted domain taking effect, we have the globalqueryblocklist setting enabled and WPAD is in there however this doess not seem to stop it

Any help would be very much appreciated.

Thanks
0
Comment
Question by:ncomper
2 Comments
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 38808205
Do you have DHCP telling clients to use the additional domain as a dns suffix?  That's the only way they might be querying for wpad.otherdomain.com that springs to mind.  If so I would ask if that additional suffix is necessary.

I haven't tested this myself but I think you should be able to essentially set up a split DNS to work around this.  Just define a Forward Lookup Zone for wpad.otherdomain.com, but don't put any records in it, all other queries for otherdomain.com should be handled by your conditional forwarder.

The blocklist applies to all zones that the DNS server is authoritative for, but not to queries through forwarders, etc.
0
 
LVL 5

Author Closing Comment

by:ncomper
ID: 38827579
Excellent thanks, the dummy DNS zone worked for us
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now