You should make a blog post about this one. On Mon, Feb 13, 2012 at 6:19 AM, Kennedy, Jim <[email protected]>wrote:
> I figured it out. It would not take a blank CNAME, so I started looking at > other record types and DNAME jumped out at me as a possible solution. > Basically a CNAME for a domain name which would work if Google has an A > record up for the targeted domain name, which they do.**** > > ** ** > > I put up a primary zone www.google.com Then I put up a DNAME leaving > the first line blank )alias name) so that it would use the parent domain. > And the FQDN for the target host as nosslsearch.google.com. Tested it > extensively Sunday from home on the VPN and then again here and everything > is working as it should. All the other google servers resolve correctly > and when they go to httpS://www.google.com it redirects them to the plain > http.**** > > ** ** > > :banana: **** > > ** ** > > ** ** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Monday, February 13, 2012 1:07 AM > > *To:* NT System Admin Issues > *Subject:* Re: DNS Partial zone CNAMEs?**** > > ** ** > > Yeah, I'm not seeing a good way to do this at the DNS level. At least not > with Windows DNS.**** > > ** ** > > Might be time to employ a proxy or application firewall and manage the > traffic at that level. This is not strictly a DNS issue.**** > > ** ** > > *ASB***** > > *http://XeeMe.com/AndrewBaker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > > > **** > > On Fri, Feb 10, 2012 at 12:47 PM, Brian Desmond <[email protected]> > wrote:**** > > *I don’t know if you can define non glue/NS/SOA records in a stub. ***** > > * ***** > > *Thanks,***** > > *Brian Desmond***** > > *[email protected]***** > > * ***** > > *w – 312.625.1438 | c – 312.731.3132***** > > * ***** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Friday, February 10, 2012 11:17 AM**** > > > *To:* NT System Admin Issues**** > > *Subject:* Re: DNS Partial zone CNAMEs?**** > > **** > > What about using a Stub zone?**** > > **** > > I agree that it is annoying, though. > **** > > *ASB***** > > *http://XeeMe.com/AndrewBaker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > ** ** > > On Fri, Feb 10, 2012 at 11:51 AM, Brian Desmond <[email protected]> > wrote:**** > > *No it won’t forward unless you have all the records. I don’t see how > this is scalable. ***** > > * ***** > > *Thanks,***** > > *Brian Desmond***** > > *[email protected]***** > > * ***** > > *w – 312.625.1438 | c – 312.731.3132***** > > * ***** > > *From:* Kennedy, Jim [mailto:[email protected]] > *Sent:* Friday, February 10, 2012 9:45 AM > *To:* NT System Admin Issues > *Subject:* DNS Partial zone CNAMEs?**** > > **** > > Long story made somewhat short: We enforce safe search on google images > with our filter. If a clever student hits https://www.google.com and > searches for Excalibur Films images the safe search enforcement fails and > they are going to get more than they should. And since I now know this, I > will go to jail and my wife will be sad.**** > > **** > > So I need to do the below from Google:**** > > **** > > To utilize this solution, your school’s network administrator would modify > your DNS (Domain Name System) configuration to make Google domains, e.g. > www.google.com to be an alias or CNAME (canonical name) of > nossl.google.com. When we see search requests arriving over the nossl end > point we will redirect these to a non-SSL search session. HTTP traffic and > other services will not be affected.**** > > **** > > I am a bit puzzled on how to do this. If I toss up a zone for google.comand > put up a > www.google.com CNAME nossl.google.com What happens when someone tries > to hit mail.google.com? My zone lookup will fail…will my DNS server then > hit my forwarders for mail.google.com **** > > **** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
