Using Windows DNS dynamic update functionality to hijack automatic configuration records, wpad. and isatap. is a pretty straightforward process and will allow the culprit to intercept proxy credentials or redirect/intercept traffic requests. ISATAP is probably less of a concern today as it role is to facilitate transition from pure IPv4 to IPv6 networks but if you’re using Automatic Proxy Configuration in your client system browser settings the GQBL feature in Windows DNS will render automatic configuration useless (not that you should be using anything “automatic” in a managed network environment) by rejecting wpad host record lookups. If you find yourself stuck and need a quick fix to get automatic configuration back up and running you can disable the global query block list feature in Windows DNS using the following command from a Windows command prompt on your DNS server:
dnscmd /config /enableglobalqueryblocklist 0
Once you’ve fixed things up and stopped using automatic configuration options in your environment just change the “0″ to a “1″ to re-enable this Windows DNS security feature.