Google SafeSearch and SSL Search for Schools suggests implementing the following changes to the network:
To utilize the no SSL option for your network, configure the DNS entry for www.google.com to be a CNAME for nosslsearch.google.com.
Here are the reasons why this is a bad idea and solution:
- In order to create a CNAME record for www.google.com we need to become an authoritative master of that zone.
- If you become an authoritative master you need to host all of Google’s DNS resource records for the domain.
- Google is asking us to DNS poison it’s flag ship product on our networks.
- If other companies follow suit the internet will quickly become unmanageable. DNS was not ment to work this way.
- Not all networks have a local DNS server
This is a bad idea. Please change your stance on this matter.