On 4/16/2012 3:30 AM, Phil Mayers wrote:
On 04/15/2012 11:40 PM, Tobias Krais wrote:
Hi Ben,
hmm. How can I manage what google suggests:
"Information for school network administrators about the No-SSL option
To utilize the no SSL option for your network, configure the DNS entry
for www.google.com to be a CNAME for nosslsearch.google.com."
Source:
http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer=186669.
You can find this quite at the end of the document.
How can I realize such a configuration in bind?
As you've been told, you can't. CNAMEs can't live at zone apex, so you
can't a CNAME at the zone apex of "www.google.com". And if you create
"google.com" as a zone, all other hostnames will be blackholed,
including "nosslsearch.google.com".
I don't know why Google have made that suggestion; it's a bad
suggestion, that's not supported by many nameservers.
I personally think it's a bad idea to try and disable SSL search for
your users too, but that's your decision.
"unbound" might be able to to this, with a transparent local-zone and
local-data override for "www.google.com".
_______________________________________________
Or did they really mean, create a hosts file on the local machine that
contains...
Or in your proxy server redirect www.google.com to nosslsearch.google.com
DNS server software is not very supportive of doing this for good reasons.
Lyle Giese
LCR Computer Services, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
