The DNS Server role in Windows Server 2008 introduces a global query block list to reduce vulnerability associated with dynamic DNS updates.

If you want to use WPAD with DNS, note the following:

Updating the block list

Use the dnscmd command-line tool to manage the global query block list. Open a command line prompt, and then do the following:

  1. To check whether the global query block is enabled, type the following:

    dnscmd /info /enableglobalqueryblocklist

  2. To display the host names in the current block list, type the following:

    dnscmd /info /globalqueryblocklist

  3. To disable the block list and ensure that the DNS Server service does not ignore queries for names in the block list, type the following:

    dnscmd /config /enableglobalqueryblocklist 0

  4. To enable the block list and ensure that the DNS Server service ignores queries for names in the block list, type the following:

    dnscmd /config /enableglobalqueryblocklist 0

  5. To remove all names from the block list, type the following:

    dnscmd /config /globalqueryblocklist

  6. To replace the current block list with a list of the names that you specify, type the following:

    dnscmd /config /globalqueryblocklist name [name]…

For more information and instructions, see the document "DNS Server Global Query Block List", available for download from Domain Name System at Microsoft TechNet.

[an error occurred while processing this directive]