View this page in English

Censornet - internet filtering on your terms

BECTA Accredited products VMWare Certified Virtual Appliance Members of the Internet Watch Foundation Shortlisted for the BETT 2008 Awards Computer Security Awards finalist
Chat online now or call +44 (0) 845 230 9590 for help & advice

Search knowledge base

Product specific

Home » Knowledge base » WPAD issues

Wpad issues

July 19, 2011 • Customer Services       
Synopsis

You have configured your DNS server to give out an A record for wpad but it is not working. This may be the reason.

Article

We discovered a security feature in the Microsoft implementation of DNS that can lead to clients being unable to look up the IP address of the A record for wpad in their local domain, even after their administrator had created the record on the server. It is there for a reason. A malicious user can connect a computer called wpad to a domain and because a Microsoft client can register itself to a DNS domain on connection, such a malicious user could then send all the browsers on the domain to a false proxy.

The problem then comes when you are setting up a legitimate proxy server such as the CensorNet on your network and configure it as a wpad server so that your users need not enter the proxy details into their browser. The feature causes the DNS server to refuse to supply the answer to a look up for wpad. You have to disable the global query block list, or configure it so that it does not block a look up for wpad on the domain. After this things should work as defined. You can find instructions for configuring Active Directory Server 2008 here and Active Directory Server 2003 here.

Related articles


Last modified on Tue, July 19, 2011 « Back