Solved

Trying to add a CNAME

Posted on 2013-12-28
8
1,825 Views
Last Modified: 2014-10-31
Google broke the SafeSearch feature for our organization when they directed all traffic to https.  Google has the following fix for this...

"To disable SSL search for your network, configure the DNS entry for www.google.com to be a CNAME for nosslsearch.google.com."

So on our DNS server, I created a zone called google.com and put in a CNAME for www.  Now www.google.com points to nosslsearch.google.com and that part works perfectly!  The bad thing is, all other sub domains of google no longer work (like mail.google.com, maps.google.com, etc.).

I think this happens because we have a forward lookup zone for google.com, but only www.google.com is in this zone.  How can I add a CNAME on a Windows DNS server for www.google.com without affecting any other sub domains of google?

I know how to create forward lookup zones and CNAMEs, but I'm not a DNS experts.  I need help from someone who is an experts.  Please, no links!  Thanks in advance!
0
Comment
Question by:bpl5000
8 Comments
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 100 total points
ID: 39744344
Remove the google.com zone you created. Then create a zone for www.google.com and create a CNAME record in that zone, leaving the primary field blank. That record will now reference the root of the zone so it works the same as what you already have.

Other lookups, like mail or maps will now NOT match the zone you created so a recurisive lookup will work as expected.
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39744665
Try creating DNS forwarder for Google.com

Refer below MS links for configuring the DNS forwarder

http://technet.microsoft.com/en-us/library/cc782142(v=ws.10).aspx 

http://technet.microsoft.com/en-us/library/cc754941.aspx
0
 
LVL 5

Author Comment

by:bpl5000
ID: 39745279
cgaliher, thanks for your reply.  I did try doing that, but I get the following error.  If I put anything in the alias name, then it will let me create it, but of course I need to keep it blank.  Any ideas why I can't do this?
Error adding CNAME
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39745284
That happens if you have a conflicting record of a different type. A "blank" A record, for exMppe, would conflict.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 5

Author Comment

by:bpl5000
ID: 39745472
The only records I have in this zone are the ones shown in the image (the NS and SOA records).
0
 
LVL 18

Accepted Solution

by:
Jeremy Weisinger earned 300 total points
ID: 39749072
It seems that creating a CNAME for the root is not supported:
http://technet.microsoft.com/en-us/library/cc816819(v=ws.10).aspx
0
 
LVL 25

Assisted Solution

by:Cyclops3590
Cyclops3590 earned 100 total points
ID: 39754984
ya, looks like it was broken as of 2008R2.  only thing I can think of is just create an a blank A record instead.  That still works.  Only problem of course is if google changes their IP address for that nosslsearch name.
0
 

Expert Comment

by:mikeld
ID: 40416022
Unsure if this will help, but almost every school and public library needs a fix for this issue.  That issue being that when the IP address changes the A Record fix will no longer fix the issue.  I believe the following information from Google is new:

https://support.google.com/websearch/answer/186669?hl=en  Below is a paste of that article
Option 3:  
About SafeSearch Virtual IP address (VIP)

SafeSearch VIP will force all users on your network to use SafeSearch on Google Search while still allowing a secure connection via HTTPS. The VIP in SafeSearch VIP refers to a Virtual IP which is an IP address that can be routed internally to multiple Google servers.

When SafeSearch VIP is turned on, teachers and students at your school will see a notification the first time they go to Google; this will let them know that SafeSearch is on.

SafeSearch VIP can be used as part of a comprehensive internet safety policy by schools; this is part of keeping students secure while limiting their access to adult content at school.

Using SafeSearch VIP will not affect other Google services outside of Google Search.
Turn on SafeSearch VIP
To force SafeSearch for your network, you’ll need to update your DNS configuration. Set the DNS entry for www.google.com (and any other Google ccTLD country subdomains your users may use) to be a CNAME for forcesafesearch.google.com.

We will serve SafeSearch Search and Image Search results for requests that we receive on this VIP.

The issue is that in Windows Server 2008R2 you cannot just do as Google Describes above.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
website went down 6 35
Evicting A cluster Node in windows server 2012 R2 5 40
AD Account Lockout 22 31
DNS error assumed 8 38
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now