On Fri, Dec 4, 2009 at 10:27 AM, Eric Laganowski <e...@laganowski.net> wrote: > richardvo...@gmail.com wrote: >> >> On Thu, Dec 3, 2009 at 10:06 PM, Perette Barella <pere...@barella.org> >> wrote: >> >>> >>> I think there's a misunderstanding on how the WPAD DNS version operates. >>> The "wpad.domain.localnet" is used by the browser at startup to locate the >>> proxy configuration file which applies to all domains. You don't need a >>> separate wpad.google.com and wpad.amazon.com for every domain users are >>> trying to connect to. >>> >>> If for some reason your local hosts are configured with different domain >>> names (and therefore looking up wpad.google.com or wpad.amazon.com), I think >>> we need more explanation on just what strangeness you've got going on. >>> >> >> In general, I think we can say that users who have ignored the >> DHCP-provided domain and configured their own intend to opt-out of >> wpad. Browser proxy settings are at the discretion of the user >> anyway, if you want a mandatory proxy setup you'll need to use >> iptables to accomplish that, not DNS. >> >> There's no need to wildcard match wpad hostnames, which are subject to >> user-side DNS caching anyway (a user who has configured for >> domain=google.com probably already has wpad.google.com cached and >> won't get information from dnsmasq). >> >> Any solution to this which involves DNS is inherently broken. > > Guys, all I want to do is to be able to use my company-provided laptop at > home which has proxy in the network. It is configured with a different > domain than my local subnet for obvious reasons. > DHCP was tested and confirmed to work properly with MSIE. FF does not work > as it relies purely on DNS (wpad). The idea is to make this as transparent > as possible.
And when your laptop has the IP address of wpad.mycompany.com already in the local cache? dnsmasq cannot solve this, you need to use iptables to force traffic through a proxy. Santiago showed you how to configure that. > > -Eric >