Mailinglist Archive: opensuse (1420 mails)

< Previous Next >
Re: [opensuse] apache log full of wpad.dat
  • From: Aneurin Price <aneurin.price@xxxxxxxxx>
  • Date: Tue, 21 Jan 2014 19:59:23 +0000
  • Message-id: <CAHb+SPC5m=Xz6WJpURNr=oLQsn67MRQzEkhpNF78Yn-AJdeKkQ@mail.gmail.com>
On 20 January 2014 00:24, Patrick Shanahan <paka@xxxxxxxxxxxx> wrote:
* Bernhard Voelker <mail@xxxxxxxxxxxxxxxxxxx> [01-19-14 18:41]:
On 01/19/2014 10:42 PM, Patrick Shanahan wrote:
* Patrick Shanahan <paka@xxxxxxxxxxxx> [01-19-14 16:23]:

ps: from the win machines, ping wpad
resolves to my wpad.<my-ip>

which is undoubtedly why I see wpad.dat in my web server logs.

This is really strange.
Anyway, you can tell your browser to not use the "wpad" mechanism:
e.g. in the connection settings in Firefox, choose "No proxy".

I have had this set for a long time :^)

.. but it would be interesting why these hosts get your web server's
IP when resolving "wpad". Do you have an unusual DNS server (or cache)?
If "nslookup wpad" returns your IP, then it's the DNS. Else it's an
issue on the Win7 & Win8 box. I'd guess the former.

from the openSUSE boxes:

wahoo:~/mail > nslookup wpad
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
*** Can't find wpad: No answer

from the win boxes:

$ nslookup wpad
Non-authoritative answer:
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: wpad.wahoo.no-ip.org
Address: 50.90.199.127


On your openSUSE machine you do not have 'domain wahoo.no-ip.org' or
'search wahoo.no-ip.org' in /etc/resolv.conf, so a DNS lookup for
'wpad' simply returns NXDOMAIN.

Your Windows machine has the functional equivalent of 'domain
wahoo.no-ip.org', probably configured by your DHCP server, unless
you've configured the network interface manually. It therefore appends
'wahoo.no-ip.org' to 'wpad' to get a fully qualified domain name, and
looks up 'wpad.wahoo.no-ip.org'. You have a wildcard domain record set
up such that 'practicallyanythinggoeshere.wahoo.no-ip.org' resolves to
50.90.199.127.

In short, everything is behaving correctly and as expected.

Your options are:
1) Add an entry to Windows' hosts file, as you've discovered.
2) Remove the wildcard DNS record and replace it with explicit records
for those names that you actually want to resolve.
3) Configure Windows not to append the primary DNS suffix when looking
up an unqualified name. I'm not entirely certain it's possible to do
this, although you could probably set it to something intentionally
invalid so that all unqualified lookups fail.
3a) (In the same vein as setting it to something intentionally
invalid) Configure your DHCP server not to inform the client what its
DNS suffix should be. Probably not what you want.
4) Take a look here:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/a97604d6-b6d1-41e5-b6fc-dbbccebf570d/disable-wpad-dns-querys-completly
- in particular I'd suggest trying one-by-one the steps listed by
Arthur_Li in that thread.

Personally I'd probably go with option 2, as wildcard DNS records can
cause any number of surprises like this.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >