The impact of the DNS global query block list on WPAD deployments in TMG

The DNS server role in Windows Server 2008 introduces a global query block list to reduce vulnerabilities associated with the DNS dynamic update protocol. This may affect WPAD deployment?

Before testing TMG in single NIC mode, When using the automatic detection feature, it was found that the wpad.testdomain.com could not be ping, and the client automatically detected that it could not query the alias record, but in fact the configuration has been in effect, thought for a long time did not find the cause of the problem, and then queried for the DNS global query block list of ghosts,

How do I cancel the DNS global query block list? It's not too hard, just run dnscmd testdc.testdomain.com/config/enableglobalqueryblocklist 0 on the DNS server Unblock list can be normal parsing wpad.vancltestdomain.com, but the client does not take effect immediately, need to wait a while to detect, the global Query block list function is good, but also harm to me at night can not sleep early, climbed up to study for a long time to find that the original TMG there is such a place and ISA different, But finally understand, the mood is very happy or.

dnscmd Testdc.testdomain.com/config/enableglobalqueryblocklist 0 What is the main use of this paragraph? I sorted it out:

dnscmd [<servername>]/config/enableglobalqueryblocklist 0|1 This is the format template for this command above, the specific parameters are as follows:

dnscmd: command-line tools for managing DNS servers

<SERVERNAME>: Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify a DNS server on the local computer, you can also type a period (.) or omit the host name

/config: Required Entries To modify the configuration of the DNS server

/enableglobalqueryblocklist: Required entry for the command to enable or disable the global query block list

More Wonderful content: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/DNS/

0|1: Specifies whether the global query block list is enabled or disabled. If the DNS Server service is required to ignore names in the query block list, the value of the command is set to 1. If you need to disable the global query block list, set the value to 0

To determine whether the global Query block list is enabled, type the following command at a command prompt:

dnscmd <ServerName>/info/enableglobalqueryblocklist

The result command returns a value of 1, which means that the global Query block list is enabled. If the command returns a value of 0, the global query block list is not enabled.

have been busy before, there is no time to take these learned to share out, this evening to tidy up a bit, share, Hee ~winking smile

This article is from the "Clumsy birds have" blog, please be sure to keep this source http://tingdongwang.blog.51cto.com/1056852/676432