The global query block list and Event ID 6268...

Discussion in 'DNS Server' started by Dave Onex, Nov 10, 2009.

  1. Dave Onex

    Dave Onex Guest

    Hi Folks;

    I run Windows 2000 and am running into the dreaded global query block list
    issue. Apparently it's some kind of security enhancement but it's giving me
    a hard time. I run ISA 2004 and so my DNS servers all have WPAD entries.
    Unfortunately, the enhancement seems to be messing with that.

    Looking on the Internet shows lots of people with the same issue and
    workarounds for Server 2008. How do I work around this enhancement with
    Windows 2000?

    The specific error in the event viewer is this;

    Event ID 6268

    The global query block list is a feature that prevents attacks on your
    network by blocking DNS queries for specific host names. This feature has
    caused the DNS server to fail a query with error code NAME ERROR for
    wpad.askmarvin.ca. even though data for this DNS name exists in the DNS
    database. Other queries in all locally authoritative zones for other names
    that begin with labels in the block list will also fail, but no event will
    be logged when further queries are blocked until the DNS server service on
    this computer is restarted. See product documentation for information about
    this feature and instructions on how to configure it.
    Below is the current global query block list (this list may be truncated in
    this event if it is too long):
    wpad
    isatap.

    Any help for my Windows 2000 servers would be much appreciated!

    Thanks;
    Dave
     
    Dave Onex, Nov 10, 2009
    #1
    1. Advertisements

  2. Dave Onex

    Dave Onex Guest

    Found it;

    To allow WPAD entries to be returned, remove the WPAD entry from the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList
    value by using these steps:
    1.. Open the Registry Editor and navigate to
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
    2.. Double-click on the GlobalQueryBlockList value to open the editor.
    3.. Highlight the wpad entry and press the delete key
    4.. Click 'OK' and 'OK' again to return to the main window
    5.. Restart the 'DNS Server' service
    Important: By default, a wpad and isatap value will be present. Do not
    delete the isatap value.

    While everyone says this is only for Windows Server 2008 the reigistry key
    is present in Windows 2000.....

    Apparently this was caused by a hotfix that created a more secure DNS.....
     
    Dave Onex, Nov 10, 2009
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.