Configuring CNAME for nosslsearch.google.com
p.mayers at imperial.ac.uk
Mon Apr 16 08:30:57 UTC 2012
On 04/15/2012 11:40 PM, Tobias Krais wrote:
> Hi Ben,
> hmm. How can I manage what google suggests:
> "Information for school network administrators about the No-SSL option
> To utilize the no SSL option for your network, configure the DNS entry
> for www.google.com to be a CNAME for nosslsearch.google.com."
> You can find this quite at the end of the document.
> How can I realize such a configuration in bind?
As you've been told, you can't. CNAMEs can't live at zone apex, so you
can't a CNAME at the zone apex of "www.google.com". And if you create
"google.com" as a zone, all other hostnames will be blackholed,
I don't know why Google have made that suggestion; it's a bad
suggestion, that's not supported by many nameservers.
I personally think it's a bad idea to try and disable SSL search for
your users too, but that's your decision.
"unbound" might be able to to this, with a transparent local-zone and
local-data override for "www.google.com".
More information about the bind-users