The global query block list and Event ID 6268...

Hi Folks;

I run Windows 2000 and am running into the dreaded global query block list
issue. Apparently it's some kind of security enhancement but it's giving me
a hard time. I run ISA 2004 and so my DNS servers all have WPAD entries.
Unfortunately, the enhancement seems to be messing with that.

Looking on the Internet shows lots of people with the same issue and
workarounds for Server 2008. How do I work around this enhancement with
Windows 2000?

The specific error in the event viewer is this;

Event ID 6268

The global query block list is a feature that prevents attacks on your
network by blocking DNS queries for specific host names. This feature has
caused the DNS server to fail a query with error code NAME ERROR for
wpad.askmarvin.ca. even though data for this DNS name exists in the DNS
database. Other queries in all locally authoritative zones for other names
that begin with labels in the block list will also fail, but no event will
be logged when further queries are blocked until the DNS server service on
this computer is restarted. See product documentation for information about
this feature and instructions on how to configure it.
Below is the current global query block list (this list may be truncated in
this event if it is too long):
wpad
isatap.

Any help for my Windows 2000 servers would be much appreciated!

Thanks;
Dave

Found it;

To allow WPAD entries to be returned, remove the WPAD entry from the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList
value by using these steps:
1.. Open the Registry Editor and navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
2.. Double-click on the GlobalQueryBlockList value to open the editor.
3.. Highlight the wpad entry and press the delete key
4.. Click 'OK' and 'OK' again to return to the main window
5.. Restart the 'DNS Server' service
Important: By default, a wpad and isatap value will be present. Do not
delete the isatap value.

While everyone says this is only for Windows Server 2008 the reigistry key
is present in Windows 2000.....

Apparently this was caused by a hotfix that created a more secure DNS.....



"Dave Onex" <dave@microsoft.com> wrote in message
news:ulr%23OijYKHA.4932@TK2MSFTNGP02.phx.gbl...
> Hi Folks;
>
> I run Windows 2000 and am running into the dreaded global query block list
> issue. Apparently it's some kind of security enhancement but it's giving
> me a hard time. I run ISA 2004 and so my DNS servers all have WPAD
> entries. Unfortunately, the enhancement seems to be messing with that.
>
> Looking on the Internet shows lots of people with the same issue and
> workarounds for Server 2008. How do I work around this enhancement with
> Windows 2000?
>
> The specific error in the event viewer is this;
>
> Event ID 6268
>
> The global query block list is a feature that prevents attacks on your
> network by blocking DNS queries for specific host names. This feature has
> caused the DNS server to fail a query with error code NAME ERROR for
> wpad.askmarvin.ca. even though data for this DNS name exists in the DNS
> database. Other queries in all locally authoritative zones for other names
> that begin with labels in the block list will also fail, but no event will
> be logged when further queries are blocked until the DNS server service on
> this computer is restarted. See product documentation for information
> about this feature and instructions on how to configure it.
> Below is the current global query block list (this list may be truncated
> in this event if it is too long):
> wpad
> isatap.
>
> Any help for my Windows 2000 servers would be much appreciated!
>
> Thanks;
> Dave
>

DO> Apparently this was caused by a hotfix that created a more secure
DNS.....

It's an odd definition of "more secure". If "more secure" means that
even more companies in the U.K. than before are forced to trust those
nice people in Brazil not to publish malicious JavaScript, then it's
more secure. (-: