<p>This is incorrect. It is illegal to have a cname and any other record on the same name in dns. The ns and soa count as records.<br>
</p>
<div class="gmail_quote">On Apr 16, 2012 9:41 AM, "Matthew Huff" <<a href="mailto:mhuff@ox.com">mhuff@ox.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Actually, this can be done.<br>
<br>
Create a zone file for "<a href="http://www.google.com" target="_blank">www.google.com</a>", not "<a href="http://google.com" target="_blank">google.com</a>". The zone file<br>
should like this (replace THIS_HOSTNAME with the name of your nameserver:<br>
<br>
<br>
@ IN SOA localhost root@localhost. (<br>
<a href="tel:2012041100" value="+12012041100">2012041100</a><br>
7200<br>
1800<br>
1209600<br>
300 )<br>
<br>
IN NS THIS_HOSTNAME<br>
<br>
IN CNAME <a href="http://nosslsearch.google.com" target="_blank">nosslsearch.google.com</a>.<br>
<br>
<br>
<br>
<br>
----<br>
Matthew Huff | 1 Manhattanville Rd<br>
Director of Operations | Purchase, NY 10577<br>
OTA Management LLC | Phone: <a href="tel:914-460-4039" value="+19144604039">914-460-4039</a><br>
aim: matthewbhuff | Fax: <a href="tel:914-460-4139" value="+19144604139">914-460-4139</a><br>
<br>
> -----Original Message-----<br>
> From: bind-users-bounces+mhuff=<a href="mailto:ox.com@lists.isc.org">ox.com@lists.isc.org</a> [mailto:<a href="mailto:bind-users-">bind-users-</a><br>
> bounces+mhuff=<a href="mailto:ox.com@lists.isc.org">ox.com@lists.isc.org</a>] On Behalf Of Lyle Giese<br>
> Sent: Monday, April 16, 2012 8:50 AM<br>
> To: <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
> Subject: Re: Configuring CNAME for <a href="http://nosslsearch.google.com" target="_blank">nosslsearch.google.com</a><br>
><br>
> On 4/16/2012 3:30 AM, Phil Mayers wrote:<br>
> > On 04/15/2012 11:40 PM, Tobias Krais wrote:<br>
> >> Hi Ben,<br>
> >><br>
> >> hmm. How can I manage what google suggests:<br>
> >> "Information for school network administrators about the No-SSL<br>
> >> option<br>
> >><br>
> >> To utilize the no SSL option for your network, configure the DNS<br>
> >> entry for <a href="http://www.google.com" target="_blank">www.google.com</a> to be a CNAME for <a href="http://nosslsearch.google.com" target="_blank">nosslsearch.google.com</a>."<br>
> >> Source:<br>
> >><br>
> <a href="http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer=" target="_blank">http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer=</a><br>
> 186669.<br>
> >><br>
> >> You can find this quite at the end of the document.<br>
> >><br>
> >> How can I realize such a configuration in bind?<br>
> ><br>
> > As you've been told, you can't. CNAMEs can't live at zone apex, so<br>
> you<br>
> > can't a CNAME at the zone apex of "<a href="http://www.google.com" target="_blank">www.google.com</a>". And if you create<br>
> > "<a href="http://google.com" target="_blank">google.com</a>" as a zone, all other hostnames will be blackholed,<br>
> > including "<a href="http://nosslsearch.google.com" target="_blank">nosslsearch.google.com</a>".<br>
> ><br>
> > I don't know why Google have made that suggestion; it's a bad<br>
> > suggestion, that's not supported by many nameservers.<br>
> ><br>
> > I personally think it's a bad idea to try and disable SSL search for<br>
> > your users too, but that's your decision.<br>
> ><br>
> > "unbound" might be able to to this, with a transparent local-zone and<br>
> > local-data override for "<a href="http://www.google.com" target="_blank">www.google.com</a>".<br>
> > _______________________________________________<br>
><br>
> Or did they really mean, create a hosts file on the local machine that<br>
> contains...<br>
><br>
> Or in your proxy server redirect <a href="http://www.google.com" target="_blank">www.google.com</a> to<br>
> <a href="http://nosslsearch.google.com" target="_blank">nosslsearch.google.com</a><br>
><br>
> DNS server software is not very supportive of doing this for good<br>
> reasons.<br>
><br>
> Lyle Giese<br>
> LCR Computer Services, Inc.<br>
><br>
> _______________________________________________<br>
> Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to<br>
> unsubscribe from this list<br>
><br>
> bind-users mailing list<br>
> <a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
> <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
<br>_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br></blockquote></div>