Hi, Dwayne-- On Mar 1, 2013, at 10:29 AM, Dwayne Hottinger wrote: > I would like for users inside my network to not be able to do ssl searches > with google, because of cipa compliance issues.
OK, so you should block port tcp/443 to Google's network addresses (approximately 173.194.79.0/24) on your firewall. > I added a cname record to my zone file: > > www.google.com CNAME nosslsearch.google.com > > To try and get it to redirect. Since Im not authoritive for google, I dont > think this will work no matter how I tweak it. Am I right in this assumption? You can use RPZ capabilities in BIND to override their records: http://www.isc.org/software/rpz ...but that won't do anything to prevent a knowledgeable user from hitting something like https://173.194.79.99/ directly. Regards, -- -Chuck _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
