Questions[wpad](server)

I noticed that one computer (Windows 10) on our company network does some strange looking queries to our (internal) DNS server (dns.company.com).

I see the wpad-query every minute, and then every 10min or so a bunch or weird hostnames show up.

I searched for "wpad"... Web-Proxy Auto Discovery... I turned that Off in settings->network/internet->proxy on that computer.

Now the wpad entries are less, but still occur. Every 10min or so I still see these weird looking hostnames.

All these hostnames are the name of our DNS server, with something prepended to them. Does anyone know what this could be?

We don't have any Windows Server/controller here. DHCP and routing is Linux, and DNS too (dnsmasq).

(the AV scan came up empty...)

Feb 17 12:57:16 dns dnsmasq[18678]: query[A] wpad.dns.company.com from 10.10.2.42
Feb 17 13:01:40 dns dnsmasq[18678]: query[A] wpad.dns.company.com from 10.10.2.42
Feb 17 13:01:40 dns dnsmasq[18678]: query[A] wpad.dns.company.com from 10.10.2.42
Feb 17 13:01:42 dns dnsmasq[18678]: query[A] tauidkyonnprqc.dns.company.com from 10.10.2.42
Feb 17 13:01:42 dns dnsmasq[18678]: query[A] ukvdexscffer.dns.company.com from 10.10.2.42
Feb 17 13:01:42 dns dnsmasq[18678]: query[A] gspmcswgglvski.dns.company.com from 10.10.2.42
Feb 17 13:01:42 dns dnsmasq[18678]: query[A] gspmcswgglvski.dns.company.com from 10.10.2.42
Feb 17 13:01:42 dns dnsmasq[18678]: query[A] tauidkyonnprqc.dns.company.com from 10.10.2.42
Feb 17 13:01:42 dns dnsmasq[18678]: query[A] ukvdexscffer.dns.company.com from 10.10.2.42
Feb 17 13:01:42 dns dnsmasq[18678]: query[A] tauidkyonnprqc.dns.company.com from 10.10.2.42
Feb 17 13:01:48 dns dnsmasq[18678]: query[A] wpad.dns.company.com from 10.10.2.42
Feb 17 13:01:48 dns dnsmasq[18678]: query[A] wpad.dns.company.com from 10.10.2.42
Feb 17 13:01:55 dns dnsmasq[18678]: query[A] wpad.dns.company.com from 10.10.2.42
Feb 17 13:01:55 dns dnsmasq[18678]: query[A] wpad.dns.company.com from 10.10.2.42

We use the autodiscover option for IE. Our Outlook 2016 clients connecting to Office 365 are getting an chronic ssl name mismatch for autodiscover.ourdomain.onmicrosoft.com. My team has spent weeks playing with this, and it only happens when the proxy is set to use our wpad file.

Effectively what is happening is that the site above doesn't respond over https, but our proxy still builds a connection between the workstation and the firewall, which result in an error.

I've updated the wpad file with the following which helps with Office 2010. Is there some limitation in the Outlook 2016 implementation that I'm missing to result in this behavior?

function FindProxyForURL(url, host) {
    if (
        ....
        shExpMatch( url, "*/autodiscover.xml") ||
        shExpMatch(host, "*outlook.office365.com") ||
        shExpMatch(host, "*ourdomain.mail.onmicrosoft.com") ||
        shExpMatch(host, "autodiscover.ourdomain.mail.onmicrosoft.com") ||
         ....
         )
        return "DIRECT";

     return "PROXY firewall:8080;";  
}

EDIT: I also have tried importing the URLs created from the script from the technet blog Office 365 PAC file post without success.