WPAD null entry


Environment: 2012 AD.  No Proxy is being used.

I'd like to create a null entry for WPAD to prevent WPAD spoofing.
I'd rather do this in DNS so it's global rather then disabling auto-detect proxy settings in IE since there are other browsers being used besides IE.

What are the steps in accomplishing this?
Do I just create an A record in DNS with name WPAD in the DNS zone with
Is there anything I should be cautious of when implementing this?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Not needed. There's a built-in blockage already, if I'm not mistaken. https://technet.microsoft.com/en-us/library/cc995158.aspx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LindowsAuthor Commented:
Thanks.  I didn't know about the global query block list.  It was enabled and thus, the querying for wpad was not allowed.  However, if a malicious user sets up a WPAD system on the local network, the clients are still susceptible since the clients will query the DNS then WINS then local broadcast.
I've setup a WPAD system and the clients were trying to use this system as a proxy on the local  network.

So I've added an A record of WPAD pointing to and deleted WPAD from the global query list and this worked.

If you hadn't mentioned about the global query block, it would've taken me longer to get this to work since without removing the WPAD from the global query block list, the DNS entry of WPAD would not of resolved for the clients.
LindowsAuthor Commented:
Even with the global query block list, the clients are still susceptible to wpad spoofing on the local network.  Had to add an entry in DNS to prevent wpad spoofing.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.