[Unbound-users] Configuring CNAME for nosslsearch.google.com

Chris Smith fixie at chrissmith.org
Tue Apr 17 17:05:27 UTC 2012


On Tue, Apr 17, 2012 at 12:24 PM, Stephan Lagerholm
<stephan.lagerholm at secure64.com> wrote:
> However, the client will never ask for the CNAME

The crux of the biscuit. In fact it breaks access to Google unless the
local-zone is defined as typetransparent (which basically means the
local-data is ignored unless doing a dig/drill for CNAME).

> Best thing to do is to use an A and AAAA record instead.

Then you have to maintain synchronization with Google's DNS records
and your local-data. Using a stub-zone works perfectly and avoids this
scenario.



More information about the Unbound-users mailing list