Re: Configuring CNAME for nosslsearch.google.com
Hi together, thanks for these many hints. Wow! So many mistakes in a few lines. Here ist now my config file: -%- @ IN SOA localhost. root.localhost. ( 2012050900 7200 1800 1209600 300 ) 1800IN NS localhost. 1800IN A 216.239.32.20 ;nosslsearch.google.com. -%- And here my dig answer: -%- root@tobias-xps:/home/tobias# dig @localhost www.google.com ; DiG 9.8.1-P1 @localhost www.google.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 51300 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.google.com.IN A ;; ANSWER SECTION: www.google.com. 1800IN A 216.239.32.20 ... -%- That looks good. Are there any more mistakes or hints not mentioned yet? Greetings, Tobias ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
Hi Phil, 4. Create a zone for www.google.com and instead of CNAME, put an A record at the apex with the same IP as nosslsearch.google.com. Run a script FREQUENTLY to re-resolve the host, as Google do short-TTL DNS-based loadbalancing. For unbound has no solution Inow want to try your suggestion no. 4. My db file now looks like this: -%- @ IN SOA localhost root@localhost. ( 2012041100 7200 1800 1209600 300 ) IN A 216.239.32.20 #nosslsearch.google.com. -%- But this does not work. Can you tell me whats wrong? Greetings, Tobias ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
In article mailman.713.1336489020.63724.bind-us...@lists.isc.org, Tobias Krais tux-s...@design-to-use.de wrote: Hi Phil, 4. Create a zone for www.google.com and instead of CNAME, put an A record at the apex with the same IP as nosslsearch.google.com. Run a script FREQUENTLY to re-resolve the host, as Google do short-TTL DNS-based loadbalancing. For unbound has no solution Inow want to try your suggestion no. 4. My db file now looks like this: -%- @ IN SOA localhost root@localhost. ( 2012041100 7200 1800 1209600 300 ) IN A 216.239.32.20 #nosslsearch.google.com. -%- But this does not work. Can you tell me whats wrong? Greetings, Tobias # isn't the comment character in DNS zond files, ; is. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
-%- @ IN SOA localhost root@localhost. ( 2012041100 7200 1800 1209600 300 ) IN A 216.239.32.20 #nosslsearch.google.com. -%- What's the hash doing there? ...^ That's not a comment. Replace that whole line by nosslsearch.google.com. IN A 216.239.32.20 Assuming you've configured the zone correctly, that ought to do the trick. (It has been pointed out to you previously, that this IP address is bound to change -- you should monitor the real domain name frequently and then update (dynamically?) your zone. -JP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
On May 8 2012, Barry Margolin wrote: In article mailman.713.1336489020.63724.bind-us...@lists.isc.org, Tobias Krais tux-s...@design-to-use.de wrote: Hi Phil, 4. Create a zone for www.google.com and instead of CNAME, put an A record at the apex with the same IP as nosslsearch.google.com. Run a script FREQUENTLY to re-resolve the host, as Google do short-TTL DNS-based loadbalancing. For unbound has no solution Inow want to try your suggestion no. 4. My db file now looks like this: -%- @ IN SOA localhost root@localhost. ( 2012041100 7200 1800 1209600 300 ) IN A 216.239.32.20 #nosslsearch.google.com. -%- But this does not work. Can you tell me whats wrong? Greetings, Tobias # isn't the comment character in DNS zond files, ; is. Also, you need at least one NS record (maybe for localhost.). named-checkzone would have told you about both these problems. Less serious problems: It's better to use a $TTL directive than rely on it defaulting to the SOA.MINTTL value (or specify all TTLs explicltly). You probably meant root.localhost. for the SOA.rname. -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
Sundry nitpicks. Not much of interest here, sorry. On Tue, May 08, 2012 at 05:38:55PM +0200, Jan-Piet Mens wrote: -%- @ IN SOA localhost root@localhost. ( 2012041100 7200 1800 1209600 300 ) IN A 216.239.32.20 #nosslsearch.google.com. -%- What's the hash doing there? ...^ That's not a comment. Replace that whole line by nosslsearch.google.com. IN A 216.239.32.20 ITYM: @ IN A 216.239.32.20 This zone is named www.google.com. Assuming you've configured the zone correctly, that ought to do the trick. (It has been pointed out to you previously, that this IP address is bound to change -- you should monitor the real domain name frequently and then update (dynamically?) your zone. On Tue, May 08, 2012 at 05:07:39PM +0100, Chris Thompson wrote: On May 8 2012, Barry Margolin wrote: In article mailman.713.1336489020.63724.bind-us...@lists.isc.org, Tobias Krais tux-s...@design-to-use.de wrote: Hi Phil, 4. Create a zone for www.google.com and instead of CNAME, put an A record at the apex with the same IP as nosslsearch.google.com. Run a script FREQUENTLY to re-resolve the host, as Google do short-TTL DNS-based loadbalancing. For unbound has no solution Inow want to try your suggestion no. 4. My db file now looks like this: -%- @ IN SOA localhost root@localhost. ( 2012041100 7200 1800 1209600 300 ) IN A 216.239.32.20 #nosslsearch.google.com. -%- But this does not work. Can you tell me whats wrong? Greetings, Tobias # isn't the comment character in DNS zond files, ; is. Also, you need at least one NS record (maybe for localhost.). named-checkzone would have told you about both these problems. Less serious problems: It's better to use a $TTL directive than rely on it defaulting to the SOA.MINTTL value (or specify all TTLs explicltly). You probably meant root.localhost. for the SOA.rname. And localhost. for the SOA.mname. And the SOA.serial implies the date of April 11. :) Seriously, you would probably want the serial to reflect the date you last did a check of the upstream name, nosslsearch.google.com. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject: ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
On Tue, Apr 17, 2012 at 02:24:48PM +0200, Tobias Krais wrote: Hi all together, very interesting this discussion. For I am a newbie I understood only half. Thus I detected 2 ways to continue: I believe you can use response policy (RPZ) to achieve this. Or you can use just about any non-BIND resolver (e.g. unbound) to achieve this. 1. Don't use bind but e.g. unbound instead. 2. Ask Google. ... 6. Use your workstation's /etc/hosts or MSW's something...\hosts file to insert the desired IP address for www.google.com. This is as bad a suggestion as all the others - worse, because it doesn't scale to a site with multiple workstations. -- /*\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
Hi Jan-Piet, What's the hash doing there? ...^ That's not a comment. Thanks. I continue learning... Replace that whole line by nosslsearch.google.com. IN A 216.239.32.20 Zone is www.google.com. That won't work here Assuming you've configured the zone correctly, that ought to do the trick. (It has been pointed out to you previously, that this IP address is bound to change -- you should monitor the real domain name frequently and then update (dynamically?) your zone. Yes, Phil already told me. But first it has to work with an A record... Thanks Jan-Piet! Greetings, Tobias ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
Hi all together, very interesting this discussion. For I am a newbie I understood only half. Thus I detected 2 ways to continue: I believe you can use response policy (RPZ) to achieve this. Or you can use just about any non-BIND resolver (e.g. unbound) to achieve this. 1. Don't use bind but e.g. unbound instead. 2. Ask Google. Any other ideas I missed? I will do so and in case of success, I'll post the link here. Thanks for your great help! Greetings, Tobias ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
On 17/04/12 13:24, Tobias Krais wrote: Hi all together, very interesting this discussion. For I am a newbie I understood only half. Thus I detected 2 ways to continue: I believe you can use response policy (RPZ) to achieve this. Or you can use just about any non-BIND resolver (e.g. unbound) to achieve this. 1. Don't use bind but e.g. unbound instead. 2. Ask Google. Any other ideas I missed? 3. Use RPZ, as per Chris' suggestion 4. Create a zone for www.google.com and instead of CNAME, put an A record at the apex with the same IP as nosslsearch.google.com. Run a script FREQUENTLY to re-resolve the host, as Google do short-TTL DNS-based loadbalancing. 5. Don't do this at all, since interfering with SSL is bad. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
Hi Phil, 1. Don't use bind but e.g. unbound instead. First: here the link to follow on the unbound mailing list: http://unbound.nlnetlabs.nl/pipermail/unbound-users/2012-April/002329.html Any other ideas I missed? 3. Use RPZ, as per Chris' suggestion 4. Create a zone for www.google.com and instead of CNAME, put an A record at the apex with the same IP as nosslsearch.google.com. Run a script FREQUENTLY to re-resolve the host, as Google do short-TTL DNS-based loadbalancing. 5. Don't do this at all, since interfering with SSL is bad. Thanks for that hint. I'll give it a try if the unbound solution won't work. Greetings, Tobias ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
On 04/15/2012 11:40 PM, Tobias Krais wrote: Hi Ben, hmm. How can I manage what google suggests: Information for school network administrators about the No-SSL option To utilize the no SSL option for your network, configure the DNS entry for www.google.com to be a CNAME for nosslsearch.google.com. Source: http://support.google.com/websearch/bin/answer.py?hl=enhlrm=enanswer=186669. You can find this quite at the end of the document. How can I realize such a configuration in bind? As you've been told, you can't. CNAMEs can't live at zone apex, so you can't a CNAME at the zone apex of www.google.com. And if you create google.com as a zone, all other hostnames will be blackholed, including nosslsearch.google.com. I don't know why Google have made that suggestion; it's a bad suggestion, that's not supported by many nameservers. I personally think it's a bad idea to try and disable SSL search for your users too, but that's your decision. unbound might be able to to this, with a transparent local-zone and local-data override for www.google.com. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
On 4/16/2012 3:30 AM, Phil Mayers wrote: On 04/15/2012 11:40 PM, Tobias Krais wrote: Hi Ben, hmm. How can I manage what google suggests: Information for school network administrators about the No-SSL option To utilize the no SSL option for your network, configure the DNS entry for www.google.com to be a CNAME for nosslsearch.google.com. Source: http://support.google.com/websearch/bin/answer.py?hl=enhlrm=enanswer=186669. You can find this quite at the end of the document. How can I realize such a configuration in bind? As you've been told, you can't. CNAMEs can't live at zone apex, so you can't a CNAME at the zone apex of www.google.com. And if you create google.com as a zone, all other hostnames will be blackholed, including nosslsearch.google.com. I don't know why Google have made that suggestion; it's a bad suggestion, that's not supported by many nameservers. I personally think it's a bad idea to try and disable SSL search for your users too, but that's your decision. unbound might be able to to this, with a transparent local-zone and local-data override for www.google.com. ___ Or did they really mean, create a hosts file on the local machine that contains... Or in your proxy server redirect www.google.com to nosslsearch.google.com DNS server software is not very supportive of doing this for good reasons. Lyle Giese LCR Computer Services, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Configuring CNAME for nosslsearch.google.com
Actually, this can be done. Create a zone file for www.google.com, not google.com. The zone file should like this (replace THIS_HOSTNAME with the name of your nameserver: @ IN SOA localhost root@localhost. ( 2012041100 7200 1800 1209600 300 ) IN NS THIS_HOSTNAME IN CNAME nosslsearch.google.com. Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: bind-users-bounces+mhuff=ox@lists.isc.org [mailto:bind-users- bounces+mhuff=ox@lists.isc.org] On Behalf Of Lyle Giese Sent: Monday, April 16, 2012 8:50 AM To: bind-users@lists.isc.org Subject: Re: Configuring CNAME for nosslsearch.google.com On 4/16/2012 3:30 AM, Phil Mayers wrote: On 04/15/2012 11:40 PM, Tobias Krais wrote: Hi Ben, hmm. How can I manage what google suggests: Information for school network administrators about the No-SSL option To utilize the no SSL option for your network, configure the DNS entry for www.google.com to be a CNAME for nosslsearch.google.com. Source: http://support.google.com/websearch/bin/answer.py?hl=enhlrm=enanswer= 186669. You can find this quite at the end of the document. How can I realize such a configuration in bind? As you've been told, you can't. CNAMEs can't live at zone apex, so you can't a CNAME at the zone apex of www.google.com. And if you create google.com as a zone, all other hostnames will be blackholed, including nosslsearch.google.com. I don't know why Google have made that suggestion; it's a bad suggestion, that's not supported by many nameservers. I personally think it's a bad idea to try and disable SSL search for your users too, but that's your decision. unbound might be able to to this, with a transparent local-zone and local-data override for www.google.com. ___ Or did they really mean, create a hosts file on the local machine that contains... Or in your proxy server redirect www.google.com to nosslsearch.google.com DNS server software is not very supportive of doing this for good reasons. Lyle Giese LCR Computer Services, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users smime.p7s Description: S/MIME cryptographic signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
On 4/16/2012 9:40 AM, Matthew Huff wrote: Actually, this can be done. Create a zone file for www.google.com, not google.com. The zone file should like this (replace THIS_HOSTNAME with the name of your nameserver: @ IN SOA localhost root@localhost. ( 2012041100 7200 1800 1209600 300 ) IN NS THIS_HOSTNAME IN CNAME nosslsearch.google.com. Which isn't legal since you can't have a CNAME and another RR at the same label. AlanC -- a...@clegg.com | acl...@infoblox.com 1.919.355.8851 signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Configuring CNAME for nosslsearch.google.com
This is incorrect. It is illegal to have a cname and any other record on the same name in dns. The ns and soa count as records. On Apr 16, 2012 9:41 AM, Matthew Huff mh...@ox.com wrote: Actually, this can be done. Create a zone file for www.google.com, not google.com. The zone file should like this (replace THIS_HOSTNAME with the name of your nameserver: @ IN SOA localhost root@localhost. ( 2012041100 7200 1800 1209600 300 ) IN NS THIS_HOSTNAME IN CNAME nosslsearch.google.com. Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff| Fax: 914-460-4139 -Original Message- From: bind-users-bounces+mhuff=ox@lists.isc.org [mailto:bind-users- bounces+mhuff=ox@lists.isc.org] On Behalf Of Lyle Giese Sent: Monday, April 16, 2012 8:50 AM To: bind-users@lists.isc.org Subject: Re: Configuring CNAME for nosslsearch.google.com On 4/16/2012 3:30 AM, Phil Mayers wrote: On 04/15/2012 11:40 PM, Tobias Krais wrote: Hi Ben, hmm. How can I manage what google suggests: Information for school network administrators about the No-SSL option To utilize the no SSL option for your network, configure the DNS entry for www.google.com to be a CNAME for nosslsearch.google.com. Source: http://support.google.com/websearch/bin/answer.py?hl=enhlrm=enanswer= 186669. You can find this quite at the end of the document. How can I realize such a configuration in bind? As you've been told, you can't. CNAMEs can't live at zone apex, so you can't a CNAME at the zone apex of www.google.com. And if you create google.com as a zone, all other hostnames will be blackholed, including nosslsearch.google.com. I don't know why Google have made that suggestion; it's a bad suggestion, that's not supported by many nameservers. I personally think it's a bad idea to try and disable SSL search for your users too, but that's your decision. unbound might be able to to this, with a transparent local-zone and local-data override for www.google.com. ___ Or did they really mean, create a hosts file on the local machine that contains... Or in your proxy server redirect www.google.com to nosslsearch.google.com DNS server software is not very supportive of doing this for good reasons. Lyle Giese LCR Computer Services, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
On Mon, Apr 16, 2012 at 09:40:16AM -0400, Matthew Huff wrote: Actually, this can be done. Create a zone file for www.google.com, not google.com. The zone file should like this (replace THIS_HOSTNAME with the name of your nameserver: @ IN SOA localhost root@localhost. ( 2012041100 7200 1800 1209600 300 ) IN NS THIS_HOSTNAME IN CNAME nosslsearch.google.com. Did you try this out with named-checkzone(8)? 1. Bad SOA: a. unqualified MNANE b. @ in RNAME 2. CNAME and other data The top of a zone cannot be a CNAME, because SOA and NS are required. The OP needs to talk to Google about their suggestion. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject: ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
On Apr 15, 2012, at 3:40 PM, Tobias Krais wrote: Hi Ben, hmm. How can I manage what google suggests: Information for school network administrators about the No-SSL option To utilize the no SSL option for your network, configure the DNS entry for www.google.com to be a CNAME for nosslsearch.google.com. Source: http://support.google.com/websearch/bin/answer.py?hl=enhlrm=enanswer=186669. You can find this quite at the end of the document. How can I realize such a configuration in bind? I believe you can use response policy (RPZ) to achieve this. Or you can use just about any non-BIND resolver (e.g. unbound) to achieve this. Chris Buxton BlueCat Networks ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
What you are asking for can't be done. If you load the google.com zone everything you don't load in the zone will be black holed and not resolve. If you try to load WWW.Google.com you will not be able to make WWW a cname due to the no cname and other data rule. On Apr 15, 2012 5:39 PM, Tobias Krais tux-s...@design-to-use.de wrote: Hi together, I am a newbie to bind and wasted hours to create my first bind configuration. My target is simply creating a configuration with a CNAME for www.google.com to nosslsearch.google.com. First: I use Ubuntu Precise Pangolin with bind 9.8.1. I have a transparent proxy (Dansguardian + Squid) that I use for just this lonely copmuter. Now I read that I have to create a zone for google.com. Others said that it is OK to create a zone for www.google.com. But as far as I understand this won't be a great solution. Can you help me to create a zone for google.com that does only one thing: a CNAME for www.google.com to nosslsearch.google.com. It would be best, if all IP-addresses for other google.com subdomains like docs.google.com or even nosslsearch.google.com are taken from the normal nameserver, e.g. 8.8.8.8. Can anyone help me to create my /etc/bind/db.google.com file? Greetings, Tobias ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Configuring CNAME for nosslsearch.google.com
Hi Ben, hmm. How can I manage what google suggests: Information for school network administrators about the No-SSL option To utilize the no SSL option for your network, configure the DNS entry for www.google.com to be a CNAME for nosslsearch.google.com. Source: http://support.google.com/websearch/bin/answer.py?hl=enhlrm=enanswer=186669. You can find this quite at the end of the document. How can I realize such a configuration in bind? Greetings, Tobias Am 16.04.2012 00:31, schrieb Ben Croswell: What you are asking for can't be done. If you load the google.com http://google.com zone everything you don't load in the zone will be black holed and not resolve. If you try to load WWW.Google.com http://WWW.Google.com you will not be able to make WWW a cname due to the no cname and other data rule. On Apr 15, 2012 5:39 PM, Tobias Krais tux-s...@design-to-use.de mailto:tux-s...@design-to-use.de wrote: Hi together, I am a newbie to bind and wasted hours to create my first bind configuration. My target is simply creating a configuration with a CNAME for www.google.com http://www.google.com to nosslsearch.google.com http://nosslsearch.google.com. First: I use Ubuntu Precise Pangolin with bind 9.8.1. I have a transparent proxy (Dansguardian + Squid) that I use for just this lonely copmuter. Now I read that I have to create a zone for google.com http://google.com. Others said that it is OK to create a zone for www.google.com http://www.google.com. But as far as I understand this won't be a great solution. Can you help me to create a zone for google.com http://google.com that does only one thing: a CNAME for www.google.com http://www.google.com to nosslsearch.google.com http://nosslsearch.google.com. It would be best, if all IP-addresses for other google.com http://google.com subdomains like docs.google.com http://docs.google.com or even nosslsearch.google.com http://nosslsearch.google.com are taken from the normal nameserver, e.g. 8.8.8.8. Can anyone help me to create my /etc/bind/db.google.com http://db.google.com file? Greetings, Tobias ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org mailto:bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users