Configuring CNAME for nosslsearch.google.com
lyle at lcrcomputer.net
Mon Apr 16 12:49:51 UTC 2012
On 4/16/2012 3:30 AM, Phil Mayers wrote:
> On 04/15/2012 11:40 PM, Tobias Krais wrote:
>> Hi Ben,
>> hmm. How can I manage what google suggests:
>> "Information for school network administrators about the No-SSL option
>> To utilize the no SSL option for your network, configure the DNS entry
>> for www.google.com to be a CNAME for nosslsearch.google.com."
>> You can find this quite at the end of the document.
>> How can I realize such a configuration in bind?
> As you've been told, you can't. CNAMEs can't live at zone apex, so you
> can't a CNAME at the zone apex of "www.google.com". And if you create
> "google.com" as a zone, all other hostnames will be blackholed,
> including "nosslsearch.google.com".
> I don't know why Google have made that suggestion; it's a bad
> suggestion, that's not supported by many nameservers.
> I personally think it's a bad idea to try and disable SSL search for
> your users too, but that's your decision.
> "unbound" might be able to to this, with a transparent local-zone and
> local-data override for "www.google.com".
Or did they really mean, create a hosts file on the local machine that
Or in your proxy server redirect www.google.com to nosslsearch.google.com
DNS server software is not very supportive of doing this for good reasons.
LCR Computer Services, Inc.
More information about the bind-users