Actually, this can be done. Create a zone file for "www.google.com", not "google.com". The zone file should like this (replace THIS_HOSTNAME with the name of your nameserver:
@ IN SOA localhost root@localhost. (
2012041100
7200
1800
1209600
300 )
IN NS THIS_HOSTNAME
IN CNAME nosslsearch.google.com.
----
Matthew Huff | 1 Manhattanville Rd
Director of Operations | Purchase, NY 10577
OTA Management LLC | Phone: 914-460-4039
aim: matthewbhuff | Fax: 914-460-4139
> -----Original Message-----
> From: bind-users-bounces+mhuff=ox....@lists.isc.org [mailto:bind-users-
> bounces+mhuff=ox....@lists.isc.org] On Behalf Of Lyle Giese
> Sent: Monday, April 16, 2012 8:50 AM
> To: bind-users@lists.isc.org
> Subject: Re: Configuring CNAME for nosslsearch.google.com
>
> On 4/16/2012 3:30 AM, Phil Mayers wrote:
> > On 04/15/2012 11:40 PM, Tobias Krais wrote:
> >> Hi Ben,
> >>
> >> hmm. How can I manage what google suggests:
> >> "Information for school network administrators about the No-SSL
> >> option
> >>
> >> To utilize the no SSL option for your network, configure the DNS
> >> entry for www.google.com to be a CNAME for nosslsearch.google.com."
> >> Source:
> >>
> http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer=
> 186669.
> >>
> >> You can find this quite at the end of the document.
> >>
> >> How can I realize such a configuration in bind?
> >
> > As you've been told, you can't. CNAMEs can't live at zone apex, so
> you
> > can't a CNAME at the zone apex of "www.google.com". And if you create
> > "google.com" as a zone, all other hostnames will be blackholed,
> > including "nosslsearch.google.com".
> >
> > I don't know why Google have made that suggestion; it's a bad
> > suggestion, that's not supported by many nameservers.
> >
> > I personally think it's a bad idea to try and disable SSL search for
> > your users too, but that's your decision.
> >
> > "unbound" might be able to to this, with a transparent local-zone and
> > local-data override for "www.google.com".
> > _______________________________________________
>
> Or did they really mean, create a hosts file on the local machine that
> contains...
>
> Or in your proxy server redirect www.google.com to
> nosslsearch.google.com
>
> DNS server software is not very supportive of doing this for good
> reasons.
>
> Lyle Giese
> LCR Computer Services, Inc.
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
