Solved

Trying to add a CNAME

Posted on 2013-12-28
8
1,858 Views
Last Modified: 2014-10-31
Google broke the SafeSearch feature for our organization when they directed all traffic to https.  Google has the following fix for this...

"To disable SSL search for your network, configure the DNS entry for www.google.com to be a CNAME for nosslsearch.google.com."

So on our DNS server, I created a zone called google.com and put in a CNAME for www.  Now www.google.com points to nosslsearch.google.com and that part works perfectly!  The bad thing is, all other sub domains of google no longer work (like mail.google.com, maps.google.com, etc.).

I think this happens because we have a forward lookup zone for google.com, but only www.google.com is in this zone.  How can I add a CNAME on a Windows DNS server for www.google.com without affecting any other sub domains of google?

I know how to create forward lookup zones and CNAMEs, but I'm not a DNS experts.  I need help from someone who is an experts.  Please, no links!  Thanks in advance!
0
Comment
Question by:bpl5000
8 Comments
 
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 100 total points
ID: 39744344
Remove the google.com zone you created. Then create a zone for www.google.com and create a CNAME record in that zone, leaving the primary field blank. That record will now reference the root of the zone so it works the same as what you already have.

Other lookups, like mail or maps will now NOT match the zone you created so a recurisive lookup will work as expected.
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39744665
Try creating DNS forwarder for Google.com

Refer below MS links for configuring the DNS forwarder

http://technet.microsoft.com/en-us/library/cc782142(v=ws.10).aspx 

http://technet.microsoft.com/en-us/library/cc754941.aspx
0
 
LVL 5

Author Comment

by:bpl5000
ID: 39745279
cgaliher, thanks for your reply.  I did try doing that, but I get the following error.  If I put anything in the alias name, then it will let me create it, but of course I need to keep it blank.  Any ideas why I can't do this?
Error adding CNAME
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39745284
That happens if you have a conflicting record of a different type. A "blank" A record, for exMppe, would conflict.
0
 
LVL 5

Author Comment

by:bpl5000
ID: 39745472
The only records I have in this zone are the ones shown in the image (the NS and SOA records).
0
 
LVL 18

Accepted Solution

by:
Jeremy Weisinger earned 300 total points
ID: 39749072
It seems that creating a CNAME for the root is not supported:
http://technet.microsoft.com/en-us/library/cc816819(v=ws.10).aspx
0
 
LVL 25

Assisted Solution

by:Cyclops3590
Cyclops3590 earned 100 total points
ID: 39754984
ya, looks like it was broken as of 2008R2.  only thing I can think of is just create an a blank A record instead.  That still works.  Only problem of course is if google changes their IP address for that nosslsearch name.
0
 

Expert Comment

by:mikeld
ID: 40416022
Unsure if this will help, but almost every school and public library needs a fix for this issue.  That issue being that when the IP address changes the A Record fix will no longer fix the issue.  I believe the following information from Google is new:

https://support.google.com/websearch/answer/186669?hl=en  Below is a paste of that article
Option 3:  
About SafeSearch Virtual IP address (VIP)

SafeSearch VIP will force all users on your network to use SafeSearch on Google Search while still allowing a secure connection via HTTPS. The VIP in SafeSearch VIP refers to a Virtual IP which is an IP address that can be routed internally to multiple Google servers.

When SafeSearch VIP is turned on, teachers and students at your school will see a notification the first time they go to Google; this will let them know that SafeSearch is on.

SafeSearch VIP can be used as part of a comprehensive internet safety policy by schools; this is part of keeping students secure while limiting their access to adult content at school.

Using SafeSearch VIP will not affect other Google services outside of Google Search.
Turn on SafeSearch VIP
To force SafeSearch for your network, you’ll need to update your DNS configuration. Set the DNS entry for www.google.com (and any other Google ccTLD country subdomains your users may use) to be a CNAME for forcesafesearch.google.com.

We will serve SafeSearch Search and Image Search results for requests that we receive on this VIP.

The issue is that in Windows Server 2008R2 you cannot just do as Google Describes above.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question