I was recently configuring an ISA server for a customer including automatic configuration using WPAD. The customer had a 2008 SBS server and a 2003 ISA server (running ISA 2006). I added a "wpad" alias (CNAME) to the DNS server on the SBS box to allow clients to automatically detect the new ISA server. However, when I tried to resolve the entry on the SBS server as well as other hosts on the network, it never would resolve. I tried other CNAME entries on the server, and they all worked fine. I tried removing the entry and reading it, but got the same behavior. I decided to let it sit overnight to see if it was a timing issue. The next day, I still couldn’t resolve "wpad" or "wpad.bofc.local". I started digging and found that the DNS service on Windows Server 2008 has a built-in "block list" for some potentially dangerous DNS names. The default list includes "wpad" and "isatap". Gotcha! Since I wasn’t concerned with blocking any DNS names, I decided to turn off the "block list". I used the following dnscmd command: Read More...