Configuring CNAME for nosslsearch.google.com

Ben Croswell ben.croswell at gmail.com
Mon Apr 16 13:55:19 UTC 2012


This is incorrect. It is illegal to have a cname and any other record on
the same name in dns. The ns and soa count as records.
 On Apr 16, 2012 9:41 AM, "Matthew Huff" <mhuff at ox.com> wrote:

> Actually, this can be done.
>
> Create a zone file for "www.google.com", not "google.com". The zone file
> should like this (replace THIS_HOSTNAME with the name of your nameserver:
>
>
> @               IN      SOA     localhost       root at localhost. (
>                                                2012041100
>                                                7200
>                                                1800
>                                                1209600
>                                                300 )
>
>                IN NS THIS_HOSTNAME
>
>                IN CNAME nosslsearch.google.com.
>
>
>
>
> ----
> Matthew Huff             | 1 Manhattanville Rd
> Director of Operations   | Purchase, NY 10577
> OTA Management LLC       | Phone: 914-460-4039
> aim: matthewbhuff        | Fax:   914-460-4139
>
> > -----Original Message-----
> > From: bind-users-bounces+mhuff=ox.com at lists.isc.org [mailto:bind-users-
> > bounces+mhuff=ox.com at lists.isc.org] On Behalf Of Lyle Giese
> > Sent: Monday, April 16, 2012 8:50 AM
> > To: bind-users at lists.isc.org
> > Subject: Re: Configuring CNAME for nosslsearch.google.com
> >
> > On 4/16/2012 3:30 AM, Phil Mayers wrote:
> > > On 04/15/2012 11:40 PM, Tobias Krais wrote:
> > >> Hi Ben,
> > >>
> > >> hmm. How can I manage what google suggests:
> > >> "Information for school network administrators about the No-SSL
> > >> option
> > >>
> > >> To utilize the no SSL option for your network, configure the DNS
> > >> entry for www.google.com to be a CNAME for nosslsearch.google.com."
> > >> Source:
> > >>
> > http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer=
> > 186669.
> > >>
> > >> You can find this quite at the end of the document.
> > >>
> > >> How can I realize such a configuration in bind?
> > >
> > > As you've been told, you can't. CNAMEs can't live at zone apex, so
> > you
> > > can't a CNAME at the zone apex of "www.google.com". And if you create
> > > "google.com" as a zone, all other hostnames will be blackholed,
> > > including "nosslsearch.google.com".
> > >
> > > I don't know why Google have made that suggestion; it's a bad
> > > suggestion, that's not supported by many nameservers.
> > >
> > > I personally think it's a bad idea to try and disable SSL search for
> > > your users too, but that's your decision.
> > >
> > > "unbound" might be able to to this, with a transparent local-zone and
> > > local-data override for "www.google.com".
> > > _______________________________________________
> >
> > Or did they really mean, create a hosts file on the local machine that
> > contains...
> >
> > Or in your proxy server redirect www.google.com to
> > nosslsearch.google.com
> >
> > DNS server software is not very supportive of doing this for good
> > reasons.
> >
> > Lyle Giese
> > LCR Computer Services, Inc.
> >
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120416/31d5fe1b/attachment.html>


More information about the bind-users mailing list