Indented!

The Global Query Block List is a feature of the DNS Service in Windows 2008 discussed on TechNet.

However, although it is advertised of as a feature of Windows 2008 DNS it is present in Windows 2003 from DNS version 5.2.3790.4460 and above, released with KB 961063.

To enable, disable, or configure the list requires modifications in the Registry for Windows 2003.

Enabling or Disabling the Global Query Block List

The default is disabled.

Managing the Global Query Block List

Note that wpad and isatap are default values when enabling the block list on Windows 2008, they are included here as an example.

As this is a registry change it should be applied to all other DNS servers for consistent behaviour, it will not replicate automatically.

When a name is blocked

If a name is blocked by the Global Query Block List the DNS request for the name will Time Out and Event ID 6268 (see below) will be logged in the DNS Server Event Log.

Type:     Error
Source:   DNS
Event ID: 6268

The global query block list is a feature that prevents attacks on your
network by blocking DNS queries for specific host names. This feature
has caused the DNS server to fail a query with error code NAME ERROR
for wpad.somedomain.example. even though data for  this DNS name exists
in the DNS database. Other queries in all locally authoritative zones
for other names that begin with labels in the block list will also fail,
but no event will be logged when further queries are blocked until the
DNS server service on this computer is restarted. See product documentation
for information about this feature and instructions on how to configure it.

Below is the current global query block list  (this list may be truncated
in this event if it is too long):
wpad
isatap

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.