This is incorrect. It is illegal to have a cname and any other record on the same name in dns. The ns and soa count as records. On Apr 16, 2012 9:41 AM, "Matthew Huff" <mh...@ox.com> wrote:
> Actually, this can be done. > > Create a zone file for "www.google.com", not "google.com". The zone file > should like this (replace THIS_HOSTNAME with the name of your nameserver: > > > @ IN SOA localhost root@localhost. ( > 2012041100 > 7200 > 1800 > 1209600 > 300 ) > > IN NS THIS_HOSTNAME > > IN CNAME nosslsearch.google.com. > > > > > ---- > Matthew Huff | 1 Manhattanville Rd > Director of Operations | Purchase, NY 10577 > OTA Management LLC | Phone: 914-460-4039 > aim: matthewbhuff | Fax: 914-460-4139 > > > -----Original Message----- > > From: bind-users-bounces+mhuff=ox....@lists.isc.org [mailto:bind-users- > > bounces+mhuff=ox....@lists.isc.org] On Behalf Of Lyle Giese > > Sent: Monday, April 16, 2012 8:50 AM > > To: bind-users@lists.isc.org > > Subject: Re: Configuring CNAME for nosslsearch.google.com > > > > On 4/16/2012 3:30 AM, Phil Mayers wrote: > > > On 04/15/2012 11:40 PM, Tobias Krais wrote: > > >> Hi Ben, > > >> > > >> hmm. How can I manage what google suggests: > > >> "Information for school network administrators about the No-SSL > > >> option > > >> > > >> To utilize the no SSL option for your network, configure the DNS > > >> entry for www.google.com to be a CNAME for nosslsearch.google.com." > > >> Source: > > >> > > http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer= > > 186669. > > >> > > >> You can find this quite at the end of the document. > > >> > > >> How can I realize such a configuration in bind? > > > > > > As you've been told, you can't. CNAMEs can't live at zone apex, so > > you > > > can't a CNAME at the zone apex of "www.google.com". And if you create > > > "google.com" as a zone, all other hostnames will be blackholed, > > > including "nosslsearch.google.com". > > > > > > I don't know why Google have made that suggestion; it's a bad > > > suggestion, that's not supported by many nameservers. > > > > > > I personally think it's a bad idea to try and disable SSL search for > > > your users too, but that's your decision. > > > > > > "unbound" might be able to to this, with a transparent local-zone and > > > local-data override for "www.google.com". > > > _______________________________________________ > > > > Or did they really mean, create a hosts file on the local machine that > > contains... > > > > Or in your proxy server redirect www.google.com to > > nosslsearch.google.com > > > > DNS server software is not very supportive of doing this for good > > reasons. > > > > Lyle Giese > > LCR Computer Services, Inc. > > > > _______________________________________________ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > > unsubscribe from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
