Configuring CNAME for nosslsearch.google.com

Tobias Krais tux-spam at design-to-use.de
Tue Apr 17 13:50:22 UTC 2012


Hi Phil,

>> 1. Don't use bind but e.g. unbound instead.

First: here the link to follow on the unbound mailing list:
http://unbound.nlnetlabs.nl/pipermail/unbound-users/2012-April/002329.html

>> Any other ideas I missed?
> 
> 3. Use RPZ, as per Chris' suggestion
> 
> 4. Create a zone for "www.google.com" and instead of CNAME, put an A
> record at the apex with the same IP as "nosslsearch.google.com". Run a
> script FREQUENTLY to re-resolve the host, as Google do short-TTL
> DNS-based loadbalancing.
> 
> 5. Don't do this at all, since interfering with SSL is bad.

Thanks for that hint. I'll give it a try if the unbound solution won't work.

Greetings,

Tobias



More information about the bind-users mailing list