none
How to resolve wpad.domain.com DNS Queries? RRS feed

  • Question

  • Hi All,

    We don't have a WPAD configuration inside our network.

    We are trying to stop the wpad queries from our machines(Windows OS) and we did the following.

    1) WinHTTP Web Proxy Auto-Discovery Service and WebClient service were set to Manual and not started.

    2) We unchecked the IPv6 on NIC Properties.

    3) We unchecked the automatic detect network settings, use automatic configuration script and proxy server settings on LAN connections  ( Inetcpl.cpl)  through GPO.

    After performing above, we still have wpad.domain.com queries. 

    Would like to ask for your help. Thank you in advance.


    • Edited by Thezzza Friday, April 8, 2016 3:24 PM
    Friday, April 8, 2016 3:23 PM

Answers

  • so then it boils down to tracking down which machines are doing the wpad queries, and ensuring that the reg-hacks were accomplished on those specific machines.  

    there is another way, and I don't necessarily recommend it.  but you could put a hosts file entry in all the machines.    the entry would read as follows:

    127.0.0.1     wpad.domain.com

    you will of course, replace the text, domain.com, with your domain

    I can guarantee that for every machine that has this hosts file entry, will no longer query DNS for WPAD.  If it does, you have OS level problems and possibly a virus.  Format and reinstall every machine that continues to query DNS for WPAD where you've made the hosts file entry.

    Friday, April 15, 2016 3:47 PM

All replies

  • Is there a 252 option configured in your DHCP Scope options?  If so, remove it

    Is there a WPAD record in DNS?  if so, remove it

    as a last resort, accomplish this reg hack on the client computers


    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad

    create a new DWORD value named, WpadOverride

    Assign it a value of 1


    Friday, April 8, 2016 6:27 PM
  • This is has been previously answered here: 

    https://social.technet.microsoft.com/Forums/office/en-US/a97604d6-b6d1-41e5-b6fc-dbbccebf570d/disable-wpad-dns-querys-completly?forum=winservergen

    http://stackoverflow.com/questions/15029615/how-to-turn-off-disable-web-proxy-auto-discovery-wpad-in-windows-server-2008


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Sunday, April 10, 2016 10:01 PM
  • Hi Thezza,

    In addition,please disable devolution by setting UseDomainNameDevolution value under the following registry entry to 0 (FALSE):

    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters

    Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, April 11, 2016 1:30 AM
  • Hi All,

    Thank you for all your reply.

    I tried all your recommendations but we still have wpad queries.

    - We don't have wpad entry in DNS and 252 option in DHCP server.

    - Also tried to add entry in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad to override WPAD.

    - Also tried to disable UseDomainNameDevolution  HKLM\System\CurrentControlSet\Services\Tcpip\Parameters.

     

    Friday, April 15, 2016 11:39 AM
  • so then it boils down to tracking down which machines are doing the wpad queries, and ensuring that the reg-hacks were accomplished on those specific machines.  

    there is another way, and I don't necessarily recommend it.  but you could put a hosts file entry in all the machines.    the entry would read as follows:

    127.0.0.1     wpad.domain.com

    you will of course, replace the text, domain.com, with your domain

    I can guarantee that for every machine that has this hosts file entry, will no longer query DNS for WPAD.  If it does, you have OS level problems and possibly a virus.  Format and reinstall every machine that continues to query DNS for WPAD where you've made the hosts file entry.

    Friday, April 15, 2016 3:47 PM
  • Thanks Xecros

    It seems that our last option for now is to add the wpad.domain.com to machines hosts file.

    I did the following with no luck. We still have wpad queries.

    - Unchecked automatic detect network settings, use automatic configuration script and proxy server settings on LAN connections ( Inetcpl.cpl) through GPO. 
    - Double- checked WinHTTP Web Proxy Auto-Discovery Service and WebClient service if started. (Current Settings: Set to Manual)
    - Also checked DNS and VDI DHCP entries. No wpad entry on DNS and no 252 option configured on DHCP Scope options.
    - Added wpadoverride in registry
    - Disabled UseDomainNameDevolution(Unchecked "Append parent suffixes of the primary DNS suffix".)
    - Selected "Disable NeBIOS over TCP/IP.
    - Disabled Windows Update Service.
    - Unchecked the IPv6 on NIC Properties. 

    Friday, April 22, 2016 5:39 PM
  • I know this is two years old but ... does anyone know if this has a solution?

    I tried everything mentioned above.

    Thanks in advance.


    Luis Olías.


    • Edited by Luis O.J Thursday, July 5, 2018 3:24 PM
    Thursday, July 5, 2018 3:24 PM