Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This is a misconfiguration issue in the customers customer's environment, where valid DNS queries and traffic is overwhelming the reporting/logging system, resulting in a lot of noise.overloading the reporting functionality of the system. 

In particular, this condition exists for queries where WPAD is included in the DNS query, for example, WPAD.domainname.com. WPAD , or Web Proxy Automatic Detection for Windows , is a probe. Leaving WPAD open is a security vulnerability.

in a situation where this is occurring, customers should disable their group policy. The group policy can be disabled by navigating to the following location on your Windows-based server, and disabling automatic detection of configuration settings (User Configuration -> Policies -> Windows Settings -> Connection/Automatic Browser Configuration -> Automatically detect configuration settings -> DISABLE).

For more information on the security risk posed by WPAD, see the following article: 

Open Links in New Window

Disable WPAD now or have your accounts and private data compromised. and Microsoft's online documentation on Automatic Proxy Detection.