[dns-operations] Web Proxy Auto-Discovery (WPAD) Information Disclosure

Peter Koch pk at DENIC.DE
Tue Dec 4 00:06:50 UTC 2007

> http://www.microsoft.com/technet/security/advisory/945713.mspx

> try, via DNS devolution, to resolve wpad.contoso.co.us. If that is not 
> found, it will try to resolve wpad.co.us, which is outside of the 
> contoso.co.us domain.

congratulations for only 14 years after publication of RFC 1535 finding out
that DNS tree climbing is a bad idea.


More information about the dns-operations mailing list