This is a misconfiguration issue in the customers customer's environment, where valid DNS queries and traffic is overwhelming the reporting/logging system, resulting in a lot of noise.overloading the reporting functionality of the system.
In particular, this condition exists for queries where WPAD is included in the DNS query, for example, WPAD.domainname.com. WPAD , or Web Proxy Automatic Detection for Windows , is a probe. Leaving WPAD open is a security vulnerability.
in a situation where this is occurring, customers should disable their group policy. The group policy can be disabled by navigating to the following location on your Windows-based server, and disabling automatic detection of configuration settings (User Configuration -> Policies -> Windows Settings -> Connection/Automatic Browser Configuration -> Automatically detect configuration settings -> DISABLE).
For more information on the security risk posed by WPAD, see the following article:
|Open Links in New Window|
Disable WPAD now or have your accounts and private data compromised. and Microsoft's online documentation on Automatic Proxy Detection.