Setting option 252

Glenn Satchell glenn.satchell at
Fri Sep 6 13:11:56 UTC 2013

This is what I've had in dhcpd.conf for years. Works well on Windows, less
well on other operating systems. Note the second bit regarding DHCPINFORM.
The dhcp client has to support it and stash the setting, second the
browser has to take notice of it.

# Windows systems accept the WPAD option for setting up their proxy server
# (Autodetect proxy settings):
# (According to Ted Lemon, "text" will get the Microsoft
# NUL termination bug heuristic applied, and "string" won't!
option wpad code 252 = text;
option wpad "http://proxy/proxy.pac\000";

# Special config for Windows ("MSFT 5.0") systems.
# Note this does not catch Windows CE.
class "MSFT" {
  match if substring(option vendor-class-identifier, 0, 4) = "MSFT";
  # They put 252 on the DHCPINFORM's, but not on the DHCPREQUEST's
  # PRL.  So we over-ride the PRL to include 252 = 0xFC, which will
  # send the option at DHCPDISCOVER/DHCPREQUEST time, and wil also
  # suppress the DHCPINFORMS!  They seem to cache it.
  option dhcp-parameter-request-list = concat(option
dhcp-parameter-request-list, fc);

Have you checked your web server access log to see if clients are trying
to download the pac file?

Second is to use something like wget or telnet to verify the content when
you download the pac file.

No idea regarding the IETF, but I agree with you.


On Fri, September 6, 2013 10:44 pm, Andrew Wood wrote:
> Is it possible with ISC DHCPD to set option 252 to give a PAC file to a
> client to set a web proxy server? I can find some examples of it online
> yet I cannot get it to work with version 4.2 by setting this in the
> global section of dhcpd.conf:
> option web-proxy code 252 = text;
> and this in the subnet section:
> option web-proxy "\000";
> Why has an official option to do this never been added to the DHCP
> standard. There are loads of offical options defined in the RFCs for
> setting all manner of things, a lot of which Im sure 99% of people are
> never going to use these days yet something like setting an HTTP/HTTPS
> proxy cant be done exept for an unofficial Microsoft kludge which is not
> supported by all clients or servers. Surely these days this has got to
> be one of the more common requirements. For example we run a public Wifi
> network behind a proxy and need to be able to set HTTPS traffic to be
> CONNECT tunnelled through it as interception can only be done for
> ordinary HTTP. As its BYOD we cannot be manually configuring everyones
> phone/tablet/laptop!
> Has this ever been proposed to the IETF does anyone know?
> _______________________________________________

More information about the dhcp-users mailing list