Id like to use the new Google SafeSearch VIP to force safe search on for my users. It sounds easy; "Set the DNS entry for www.google.com
to be a CNAME for forcesafesearch.google.com
Above came from https://support.google.com/websearch/answer/186669?hl=en
Ok great, how do I do that? I use MS DNS internally and do not have a forward lookup zone for google.com. Do I need to make one? Primary or stub? I tried a primary forward lookup zone google.com and added the CNAME so the end result looked like the graphic here: https://support.opendns.com/entries/57304954-Enforcing-Google-SafeSearch
but then nothing worked, I think because google.com would not resolve at all so clearly I need help with MS DNS and the instruction above.