When Internet Explorer's "Automatically detect settings" option is enabled, it follows a specific discovery sequence:
1. DHCP Option 252 (Not recommended in multi-vendor environments)
2. DNS resolution path:
- http://wpad.[current-domain]/wpad.dat
- http://wpad.[parent-domain]/wpad.dat
- ...up to TLD
3. NetBIOS name resolution (legacy)Based on your description, let's verify these technical requirements:
- DNS Configuration: CNAME record for
wpadpointing to your web server - MIME Type:
application/x-ns-proxy-autoconfigfor .dat files - File Accessibility:
http://wpad/wpad.datreturns HTTP 200
Here's how to test each component programmatically:
1. Verify DNS Resolution:
nslookup wpad.yourdomain.com
# Should return your web server's IP
dig wpad.yourdomain.com CNAME
# Should show proper alias2. Check HTTP Response Headers:
curl -I http://wpad/wpad.dat
# Expected output:
# HTTP/1.1 200 OK
# Content-Type: application/x-ns-proxy-autoconfig
# Content-Length: [size]From my consulting experience, these issues frequently break WPAD:
DNS Suffix Search Order:
# Check client configuration:
ipconfig /all | find "DNS Suffix"
# The discovered domains must match your DNS structureGroup Policy Conflicts:
# Check effective IE settings:
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigURLWhen standard debugging fails, use Wireshark with this filter:
dns.qry.name contains "wpad" || http.host contains "wpad"Look for these patterns:
- DNS queries for wpad.* domains
- HTTP GET requests to /wpad.dat
- 302 redirects (shouldn't occur)
For reference, here's a minimal valid configuration:
function FindProxyForURL(url, host) {
// Bypass proxy for local addresses
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(host, "10.0.0.0", "255.0.0.0"))
return "DIRECT";
// Route all other traffic through proxy
return "PROXY proxy.example.com:8080";
}For multi-site organizations, consider these architectural patterns:
- Deploy wpad.dat on geographically distributed web servers
- Use Anycast DNS for global availability
- Implement caching with proper Cache-Control headers
When Internet Explorer's "Automatically detect settings" fails to retrieve http://wpad/wpad.dat, we're typically dealing with one of these core components:
// Typical WPAD resolution sequence
1. Query DNS for wpad.[current-domain]
2. Fallback to wpad (no domain suffix)
3. Attempt DHCP option 252 (if configured)
4. Check local hosts file entries
Your CNAME setup should work, but let's verify with these technical checks:
nslookup wpad.yourdomain.com
dig wpad A +traceCommon DNS pitfalls include:
- Missing reverse DNS (PTR) records
- TTL values causing stale cache
- Split-horizon DNS inconsistencies
For IIS, ensure your web.config includes:
<configuration>
<system.webServer>
<staticContent>
<mimeMap fileExtension=".dat" mimeType="application/x-ns-proxy-autoconfig" />
</staticContent>
</system.webServer>
</configuration>Use Wireshark to monitor the discovery flow:
filter: dns.qry.name contains "wpad" || http.host contains "wpad"Expected traffic pattern should show:
- DNS query for wpad.domain
- HTTP GET request to /wpad.dat
- 200 OK response with proper headers
Check these critical IE registry keys:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"=""
"ProxyEnable"=dword:00000000
"AutoDetect"=dword:00000001Here's a validated template that works with auto-discovery:
function FindProxyForURL(url, host) {
// Local addresses bypass proxy
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(host, "10.0.0.0", "255.0.0.0") ||
isInNet(host, "192.168.0.0", "255.255.0.0"))
return "DIRECT";
// All other traffic goes through proxy
return "PROXY proxy.example.com:8080; DIRECT";
}When DNS-based discovery fails, consider these fallbacks:
// Group Policy deployment for proxy settings
Computer Configuration > Policies > Administrative Templates >
Windows Components > Internet Explorer >
"Automatically detect configuration settings" = Enabled