Yeah, I'm not seeing a good way to do this at the DNS level. At least not with Windows DNS.
Might be time to employ a proxy or application firewall and manage the traffic at that level. This is not strictly a DNS issue. * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Fri, Feb 10, 2012 at 12:47 PM, Brian Desmond <[email protected]>wrote: > *I don’t know if you can define non glue/NS/SOA records in a stub. * > > * * > > *Thanks,* > > *Brian Desmond* > > *[email protected]* > > * * > > *w – 312.625.1438 | c – 312.731.3132* > > * * > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Friday, February 10, 2012 11:17 AM > > *To:* NT System Admin Issues > *Subject:* Re: DNS Partial zone CNAMEs?**** > > ** ** > > What about using a Stub zone?**** > > ** ** > > I agree that it is annoying, though. > **** > > *ASB***** > > *http://XeeMe.com/AndrewBaker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > > > **** > > On Fri, Feb 10, 2012 at 11:51 AM, Brian Desmond <[email protected]> > wrote:**** > > *No it won’t forward unless you have all the records. I don’t see how > this is scalable. ***** > > * ***** > > *Thanks,***** > > *Brian Desmond***** > > *[email protected]***** > > * ***** > > *w – 312.625.1438 | c – 312.731.3132***** > > * ***** > > *From:* Kennedy, Jim [mailto:[email protected]] > *Sent:* Friday, February 10, 2012 9:45 AM > *To:* NT System Admin Issues > *Subject:* DNS Partial zone CNAMEs?**** > > **** > > Long story made somewhat short: We enforce safe search on google images > with our filter. If a clever student hits https://www.google.com and > searches for Excalibur Films images the safe search enforcement fails and > they are going to get more than they should. And since I now know this, I > will go to jail and my wife will be sad.**** > > **** > > So I need to do the below from Google:**** > > **** > > To utilize this solution, your school’s network administrator would modify > your DNS (Domain Name System) configuration to make Google domains, e.g. > www.google.com to be an alias or CNAME (canonical name) of > nossl.google.com. When we see search requests arriving over the nossl end > point we will redirect these to a non-SSL search session. HTTP traffic and > other services will not be affected.**** > > **** > > I am a bit puzzled on how to do this. If I toss up a zone for google.comand > put up a > www.google.com CNAME nossl.google.com What happens when someone tries > to hit mail.google.com? My zone lookup will fail…will my DNS server then > hit my forwarders for mail.google.com **** > > ** ** > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
