Maintained by: NLnet Labs

[Unbound-users] Configuring CNAME for nosslsearch.google.com

Phil Mayers
Tue Apr 17 15:04:19 CEST 2012


On 17/04/12 13:38, Tobias Krais wrote:
>
> My question: how can I manage what google suggests:
> "Information for school network administrators about the No-SSL option
>
> To utilize the no SSL option for your network, configure the DNS entry
> for www.google.com to be a CNAME for nosslsearch.google.com."
> Source:
> http://support.google.com/websearch/bin/answer.py?hl=en&hlrm=en&answer=186669.
>
> You can find this quite at the end of the document.
>
> Can anyone help me to create a working unbound configuration file?

Hello again.

You want something like this:

  local-zone: "google.com." transparent
  local-data: "www.google.com. 300 IN CNAME nosslsearch.google.com."

...along with the normal unbound.conf config for recursive resolution.

To repeat what I've said elsewhere: I think this is a bad idea, and you 
shouldn't do it. It breaks DNSSEC, and potentially other things.