cswiger at mac.com
Fri Mar 1 18:36:24 UTC 2013
On Mar 1, 2013, at 10:29 AM, Dwayne Hottinger wrote:
> I would like for users inside my network to not be able to do ssl searches with google, because of cipa compliance issues.
OK, so you should block port tcp/443 to Google's network addresses (approximately 18.104.22.168/24) on your firewall.
> I added a cname record to my zone file:
> www.google.com CNAME nosslsearch.google.com
> To try and get it to redirect. Since Im not authoritive for google, I dont think this will work no matter how I tweak it. Am I right in this assumption?
You can use RPZ capabilities in BIND to override their records:
...but that won't do anything to prevent a knowledgeable user from hitting something like https://22.214.171.124/ directly.
More information about the bind-users