Actually, this can be done. Create a zone file for "www.google.com", not "google.com". The zone file should like this (replace THIS_HOSTNAME with the name of your nameserver:
@ IN SOA localhost root@localhost. ( 2012041100 7200 1800 1209600 300 ) IN NS THIS_HOSTNAME IN CNAME nosslsearch.google.com. ---- Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 > -----Original Message----- > From: bind-users-bounces+mhuff=ox....@lists.isc.org [mailto:bind-users- > bounces+mhuff=ox....@lists.isc.org] On Behalf Of Lyle Giese > Sent: Monday, April 16, 2012 8:50 AM > To: bind-users@lists.isc.org > Subject: Re: Configuring CNAME for nosslsearch.google.com > > On 4/16/2012 3:30 AM, Phil Mayers wrote: > > On 04/15/2012 11:40 PM, Tobias Krais wrote: > >> Hi Ben, > >> > >> hmm. How can I manage what google suggests: > >> "Information for school network administrators about the No-SSL > >> option > >> > >> To utilize the no SSL option for your network, configure the DNS > >> entry for www.google.com to be a CNAME for nosslsearch.google.com." > >> Source: > >> > http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer= > 186669. > >> > >> You can find this quite at the end of the document. > >> > >> How can I realize such a configuration in bind? > > > > As you've been told, you can't. CNAMEs can't live at zone apex, so > you > > can't a CNAME at the zone apex of "www.google.com". And if you create > > "google.com" as a zone, all other hostnames will be blackholed, > > including "nosslsearch.google.com". > > > > I don't know why Google have made that suggestion; it's a bad > > suggestion, that's not supported by many nameservers. > > > > I personally think it's a bad idea to try and disable SSL search for > > your users too, but that's your decision. > > > > "unbound" might be able to to this, with a transparent local-zone and > > local-data override for "www.google.com". > > _______________________________________________ > > Or did they really mean, create a hosts file on the local machine that > contains... > > Or in your proxy server redirect www.google.com to > nosslsearch.google.com > > DNS server software is not very supportive of doing this for good > reasons. > > Lyle Giese > LCR Computer Services, Inc. > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users