Configuring CNAME for

Phil Mayers p.mayers at
Mon Apr 16 08:30:57 UTC 2012

On 04/15/2012 11:40 PM, Tobias Krais wrote:
> Hi Ben,
> hmm. How can I manage what google suggests:
> "Information for school network administrators about the No-SSL option
> To utilize the no SSL option for your network, configure the DNS entry
> for to be a CNAME for"
> Source:
> You can find this quite at the end of the document.
> How can I realize such a configuration in bind?

As you've been told, you can't. CNAMEs can't live at zone apex, so you 
can't a CNAME at the zone apex of "". And if you create 
"" as a zone, all other hostnames will be blackholed, 
including "".

I don't know why Google have made that suggestion; it's a bad 
suggestion, that's not supported by many nameservers.

I personally think it's a bad idea to try and disable SSL search for 
your users too, but that's your decision.

"unbound" might be able to to this, with a transparent local-zone and 
local-data override for "".

More information about the bind-users mailing list