Solved

Trying to add a CNAME

Posted on 2013-12-28
8
1,802 Views
Last Modified: 2014-10-31
Google broke the SafeSearch feature for our organization when they directed all traffic to https.  Google has the following fix for this...

"To disable SSL search for your network, configure the DNS entry for www.google.com to be a CNAME for nosslsearch.google.com."

So on our DNS server, I created a zone called google.com and put in a CNAME for www.  Now www.google.com points to nosslsearch.google.com and that part works perfectly!  The bad thing is, all other sub domains of google no longer work (like mail.google.com, maps.google.com, etc.).

I think this happens because we have a forward lookup zone for google.com, but only www.google.com is in this zone.  How can I add a CNAME on a Windows DNS server for www.google.com without affecting any other sub domains of google?

I know how to create forward lookup zones and CNAMEs, but I'm not a DNS experts.  I need help from someone who is an experts.  Please, no links!  Thanks in advance!
0
Comment
Question by:bpl5000
8 Comments
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 100 total points
Comment Utility
Remove the google.com zone you created. Then create a zone for www.google.com and create a CNAME record in that zone, leaving the primary field blank. That record will now reference the root of the zone so it works the same as what you already have.

Other lookups, like mail or maps will now NOT match the zone you created so a recurisive lookup will work as expected.
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
Comment Utility
Try creating DNS forwarder for Google.com

Refer below MS links for configuring the DNS forwarder

http://technet.microsoft.com/en-us/library/cc782142(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/cc754941.aspx
0
 
LVL 5

Author Comment

by:bpl5000
Comment Utility
cgaliher, thanks for your reply.  I did try doing that, but I get the following error.  If I put anything in the alias name, then it will let me create it, but of course I need to keep it blank.  Any ideas why I can't do this?
Error adding CNAME
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
That happens if you have a conflicting record of a different type. A "blank" A record, for exMppe, would conflict.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 5

Author Comment

by:bpl5000
Comment Utility
The only records I have in this zone are the ones shown in the image (the NS and SOA records).
0
 
LVL 18

Accepted Solution

by:
Jeremy Weisinger earned 300 total points
Comment Utility
It seems that creating a CNAME for the root is not supported:
http://technet.microsoft.com/en-us/library/cc816819(v=ws.10).aspx
0
 
LVL 25

Assisted Solution

by:Cyclops3590
Cyclops3590 earned 100 total points
Comment Utility
ya, looks like it was broken as of 2008R2.  only thing I can think of is just create an a blank A record instead.  That still works.  Only problem of course is if google changes their IP address for that nosslsearch name.
0
 

Expert Comment

by:mikeld
Comment Utility
Unsure if this will help, but almost every school and public library needs a fix for this issue.  That issue being that when the IP address changes the A Record fix will no longer fix the issue.  I believe the following information from Google is new:

https://support.google.com/websearch/answer/186669?hl=en  Below is a paste of that article
Option 3:  
About SafeSearch Virtual IP address (VIP)

SafeSearch VIP will force all users on your network to use SafeSearch on Google Search while still allowing a secure connection via HTTPS. The VIP in SafeSearch VIP refers to a Virtual IP which is an IP address that can be routed internally to multiple Google servers.

When SafeSearch VIP is turned on, teachers and students at your school will see a notification the first time they go to Google; this will let them know that SafeSearch is on.

SafeSearch VIP can be used as part of a comprehensive internet safety policy by schools; this is part of keeping students secure while limiting their access to adult content at school.

Using SafeSearch VIP will not affect other Google services outside of Google Search.
Turn on SafeSearch VIP
To force SafeSearch for your network, you’ll need to update your DNS configuration. Set the DNS entry for www.google.com (and any other Google ccTLD country subdomains your users may use) to be a CNAME for forcesafesearch.google.com.

We will serve SafeSearch Search and Image Search results for requests that we receive on this VIP.

The issue is that in Windows Server 2008R2 you cannot just do as Google Describes above.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

In my previous 24 VMware Articles (http://www.experts-exchange.com/ARTH_1864316.html?arthOrderBy=3&arthSort=1#arth), most featured Intermediate VMware Topics. My next series of articles concentrated on topics for the VMware Novice;   If you would…
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now