The Samba-Bugzilla – Bug 13202
wpad and isatap dns field registration
Last modified: 2018-01-03 13:20:31 UTC
Since MS-AD 2k3, registration of wpad and isatap DNS entries is blocked by default through a registry setting.
It prevent a rogue workstation joined with the name WPAD or ISATAP to MITM the web traffic of application configured with automatic proxy connection discovery, like internet explorer for example. I guess it is more problem on MS-AD where an authenticated user could join 10 workstations to the domain.
On Samba4-AD there is no such protection.