Hi Phil, >> 1. Don't use bind but e.g. unbound instead.
First: here the link to follow on the unbound mailing list: http://unbound.nlnetlabs.nl/pipermail/unbound-users/2012-April/002329.html >> Any other ideas I missed? > > 3. Use RPZ, as per Chris' suggestion > > 4. Create a zone for "www.google.com" and instead of CNAME, put an A > record at the apex with the same IP as "nosslsearch.google.com". Run a > script FREQUENTLY to re-resolve the host, as Google do short-TTL > DNS-based loadbalancing. > > 5. Don't do this at all, since interfering with SSL is bad. Thanks for that hint. I'll give it a try if the unbound solution won't work. Greetings, Tobias _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
