Hello again, I spent a lot of time recently troubleshooting WPAD detection using DHCP 252 option. In doing so, the information I collected may be useful to those deciding how to implement proxy auto-discovery in corporate networks. Proxy Auto-Disover configuration files , wpad.dat files, provide central administration for proxy connections to the Internet.
What I would like to talk about today is the order in which IE will search out a proxy auto-configuration file when using Automatically Detect setting (default) setting in IE. Internet Explorer goes down a list of predefined detection methods:
1. DHCP (252 option)
2. DNS A record query/queries
NOTE: Only applies when ‘Automatically detect settings’ in Internet Options -> connections -> Lan Connections is the only option checked. Other options for configuring IE connection settings include Automatic Configuration Scripts and manually specifying a proxy server.
Now, if DHCP is configured to provide the WPAD location, IE stops the detection and will make a GET request for the wpad.dat file and no further searching is done. This is true even if the DHCP 252 option is incorrect and a correct entry is configured as a DNS record.
If DHCP 252 is not configured, IE will continue until it either exhausts the search or gets a response:
1. BootP request to DHCP for the 252 option containing the path to the wpad.dat file
if DHCP 252 is not configured:
2. DNS A query for “wpad.<dns suffix>” ex. wpad.domainname.com
if the DNS query fails:
3. A Netbios query for a machine named WPAD occurs
If Netbios fails:
4. A direct connection is attempted
If this attempt fails, the user is presented with the Cannot display the webpage or similar message.
The wpad.dat detection (steps 1 thru 3) occur when “Detecting proxy settings…” is displayed in the status bar in the lower left corner of the Internet Explorer window.
Example of a detection order:
– If a domain suffix is north.corp.contoso.com
IE will perform the following queries:
NOTE: If a domain suffix search order has been specified, the first domain in the list will be used instead.
As you can see, there is overhead associated with the detection method. If you do not have a wpad solution, there is no reason to have this option enabled. Disabling it can reduce network traffic as well as the initial page load times for Internet Explorer. Disabling this option forces IE to attempt a direct connection to the internet immediately, which it would eventually get to if no wpad files were found.
Another great Blog brought to you by Aurthur Anderson, an IE Senior Escalation Engineer.
The IE Support Team