Configuring CNAME for

Lyle Giese lyle at
Mon Apr 16 12:49:51 UTC 2012

On 4/16/2012 3:30 AM, Phil Mayers wrote:
> On 04/15/2012 11:40 PM, Tobias Krais wrote:
>> Hi Ben,
>> hmm. How can I manage what google suggests:
>> "Information for school network administrators about the No-SSL option
>> To utilize the no SSL option for your network, configure the DNS entry
>> for to be a CNAME for"
>> Source:
>> You can find this quite at the end of the document.
>> How can I realize such a configuration in bind?
> As you've been told, you can't. CNAMEs can't live at zone apex, so you
> can't a CNAME at the zone apex of "". And if you create
> "" as a zone, all other hostnames will be blackholed,
> including "".
> I don't know why Google have made that suggestion; it's a bad
> suggestion, that's not supported by many nameservers.
> I personally think it's a bad idea to try and disable SSL search for
> your users too, but that's your decision.
> "unbound" might be able to to this, with a transparent local-zone and
> local-data override for "".
> _______________________________________________

Or did they really mean, create a hosts file on the local machine that 

Or in your proxy server redirect to

DNS server software is not very supportive of doing this for good reasons.

Lyle Giese
LCR Computer Services, Inc.

More information about the bind-users mailing list