cname record

Chuck Swiger cswiger at
Fri Mar 1 18:36:24 UTC 2013

Hi, Dwayne--

On Mar 1, 2013, at 10:29 AM, Dwayne Hottinger wrote:
> I would like for users inside my network to not be able to do ssl searches with google, because of cipa compliance issues.

OK, so you should block port tcp/443 to Google's network addresses (approximately on your firewall.

>  I added a cname record to my zone file:
> To try and get it to redirect.  Since Im not authoritive for google, I dont think this will work no matter how I tweak it.  Am I right in this assumption?

You can use RPZ capabilities in BIND to override their records:

...but that won't do anything to prevent a knowledgeable user from hitting something like directly.


More information about the bind-users mailing list