DNS: Event: DNS Event 6268: caused the DNS server to fail a query


The Windows Server 2003 and Windows Server 2008 DNS Server may be unable to resolve queries for WPAD 'A' records in zones it hosts (for example, wpad.contoso.com).  The following error will be logged in the Application Log:

Source:  DNS
Category: None
Type: Error
Event ID: 6268
The global query block list is a feature that prevents attacks on your network by blocking DNS queries for specific host names.  This feature has caused the DNS server to fail a query with error code NAME ERROR for wpad.contoso.com. even though data for this DNS name exisits in the DNS database.  Other queries in all locally authoritative zones for other names that begin with labels in the block list will also fail, but no event will be logged when further queries are blocked until the DNS server service on this computer is restarted.  See product documentation about this feature and instructions on how to configure it.


This behavior is by design.  The error indicates that a wpad entry exists in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList value.  The presence of a name in this key prevents any corresponding 'A' records from being returned by the DNS Server.


To allow WPAD entries to be returned, remove the WPAD entry from the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList value by using these steps:

  1. Open the Registry Editor and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
  2. Double-click on the GlobalQueryBlockList value to open the editor.
  3. Highlight the wpad entry and press the delete key
  4. Click 'OK' and 'OK' again to return to the main window
  5. Restart the 'DNS Server' service

Important:  By default, a wpad and isatap value will be present.  Do not delete the isatap value.

More Information

For more information about configuring WPAD, please see these documents: