The Windows Server 2003 and Windows Server 2008 DNS Server may be unable to resolve queries for WPAD 'A' records in zones it hosts (for example, wpad.contoso.com). The following error will be logged in the Application Log:
- Source: DNS
- Category: None
- Type: Error
- Event ID: 6268
- The global query block list is a feature that prevents attacks on your network by blocking DNS queries for specific host names. This feature has caused the DNS server to fail a query with error code NAME ERROR for wpad.contoso.com. even though data for this DNS name exisits in the DNS database. Other queries in all locally authoritative zones for other names that begin with labels in the block list will also fail, but no event will be logged when further queries are blocked until the DNS server service on this computer is restarted. See product documentation about this feature and instructions on how to configure it.
To allow WPAD entries to be returned, remove the WPAD entry from the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList value by using these steps:
- Open the Registry Editor and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
- Double-click on the GlobalQueryBlockList value to open the editor.
- Highlight the wpad entry and press the delete key
- Click 'OK' and 'OK' again to return to the main window
- Restart the 'DNS Server' service
Important: By default, a wpad and isatap value will be present. Do not delete the isatap value.
for other considerations.