On 04/15/2012 11:40 PM, Tobias Krais wrote:
Hi Ben,
hmm. How can I manage what google suggests:
"Information for school network administrators about the No-SSL option
To utilize the no SSL option for your network, configure the DNS entry
for www.google.com to be a CNAME for nosslsearch.google.com."
Source:
http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer=186669.
You can find this quite at the end of the document.
How can I realize such a configuration in bind?
As you've been told, you can't. CNAMEs can't live at zone apex, so you
can't a CNAME at the zone apex of "www.google.com". And if you create
"google.com" as a zone, all other hostnames will be blackholed,
including "nosslsearch.google.com".
I don't know why Google have made that suggestion; it's a bad
suggestion, that's not supported by many nameservers.
I personally think it's a bad idea to try and disable SSL search for
your users too, but that's your decision.
"unbound" might be able to to this, with a transparent local-zone and
local-data override for "www.google.com".
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
