cname record
Chuck Swiger
cswiger at mac.com
Fri Mar 1 18:36:24 UTC 2013
Hi, Dwayne--
On Mar 1, 2013, at 10:29 AM, Dwayne Hottinger wrote:
> I would like for users inside my network to not be able to do ssl searches with google, because of cipa compliance issues.
OK, so you should block port tcp/443 to Google's network addresses (approximately 173.194.79.0/24) on your firewall.
> I added a cname record to my zone file:
>
> www.google.com CNAME nosslsearch.google.com
>
> To try and get it to redirect. Since Im not authoritive for google, I dont think this will work no matter how I tweak it. Am I right in this assumption?
You can use RPZ capabilities in BIND to override their records:
http://www.isc.org/software/rpz
...but that won't do anything to prevent a knowledgeable user from hitting something like https://173.194.79.99/ directly.
Regards,
--
-Chuck
More information about the bind-users
mailing list