Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2003
  • Last Modified:

Trying to add a CNAME

Google broke the SafeSearch feature for our organization when they directed all traffic to https.  Google has the following fix for this...

"To disable SSL search for your network, configure the DNS entry for www.google.com to be a CNAME for nosslsearch.google.com."

So on our DNS server, I created a zone called google.com and put in a CNAME for www.  Now www.google.com points to nosslsearch.google.com and that part works perfectly!  The bad thing is, all other sub domains of google no longer work (like mail.google.com, maps.google.com, etc.).

I think this happens because we have a forward lookup zone for google.com, but only www.google.com is in this zone.  How can I add a CNAME on a Windows DNS server for www.google.com without affecting any other sub domains of google?

I know how to create forward lookup zones and CNAMEs, but I'm not a DNS experts.  I need help from someone who is an experts.  Please, no links!  Thanks in advance!
0
bpl5000
Asked:
bpl5000
3 Solutions
 
Cliff GaliherCommented:
Remove the google.com zone you created. Then create a zone for www.google.com and create a CNAME record in that zone, leaving the primary field blank. That record will now reference the root of the zone so it works the same as what you already have.

Other lookups, like mail or maps will now NOT match the zone you created so a recurisive lookup will work as expected.
0
 
Manjunath SulladTechnical ConsultantCommented:
Try creating DNS forwarder for Google.com

Refer below MS links for configuring the DNS forwarder

http://technet.microsoft.com/en-us/library/cc782142(v=ws.10).aspx 

http://technet.microsoft.com/en-us/library/cc754941.aspx
0
 
bpl5000Author Commented:
cgaliher, thanks for your reply.  I did try doing that, but I get the following error.  If I put anything in the alias name, then it will let me create it, but of course I need to keep it blank.  Any ideas why I can't do this?
Error adding CNAME
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
Cliff GaliherCommented:
That happens if you have a conflicting record of a different type. A "blank" A record, for exMppe, would conflict.
0
 
bpl5000Author Commented:
The only records I have in this zone are the ones shown in the image (the NS and SOA records).
0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
It seems that creating a CNAME for the root is not supported:
http://technet.microsoft.com/en-us/library/cc816819(v=ws.10).aspx
0
 
Cyclops3590Commented:
ya, looks like it was broken as of 2008R2.  only thing I can think of is just create an a blank A record instead.  That still works.  Only problem of course is if google changes their IP address for that nosslsearch name.
0
 
mikeldCommented:
Unsure if this will help, but almost every school and public library needs a fix for this issue.  That issue being that when the IP address changes the A Record fix will no longer fix the issue.  I believe the following information from Google is new:

https://support.google.com/websearch/answer/186669?hl=en  Below is a paste of that article
Option 3:  
About SafeSearch Virtual IP address (VIP)

SafeSearch VIP will force all users on your network to use SafeSearch on Google Search while still allowing a secure connection via HTTPS. The VIP in SafeSearch VIP refers to a Virtual IP which is an IP address that can be routed internally to multiple Google servers.

When SafeSearch VIP is turned on, teachers and students at your school will see a notification the first time they go to Google; this will let them know that SafeSearch is on.

SafeSearch VIP can be used as part of a comprehensive internet safety policy by schools; this is part of keeping students secure while limiting their access to adult content at school.

Using SafeSearch VIP will not affect other Google services outside of Google Search.
Turn on SafeSearch VIP
To force SafeSearch for your network, you’ll need to update your DNS configuration. Set the DNS entry for www.google.com (and any other Google ccTLD country subdomains your users may use) to be a CNAME for forcesafesearch.google.com.

We will serve SafeSearch Search and Image Search results for requests that we receive on this VIP.

The issue is that in Windows Server 2008R2 you cannot just do as Google Describes above.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now