Force Safe Search Google Search with DNS RRS feed

  • Question

  • I have quite an interesting issue with DNS that randomly occurred one weekend seemingly without any change in variables. I work for the technology of a school in North Texas. We have been using a domain alias (DNAME) record on our DNS servers to force traffic to use Google Safe Search for some time now. All of a sudden, it stopped working, refusing to resolve google search requests by our users network wide. The DNS record was such:

    We have a Forward Lookup Zone directory for

    In that directory, we have the SOA record of parent directory for the particular DNS server, then two NS records for our primary and secondary DNS servers. The only record we have added is the DNAME record for this directory that takes the FQDN of and target host FQDN of

    This has been working for months, forcing all Google search traffic onto safe search. Once it stopped working, we fixed the problem by deleting the DNAME record and replacing it with an A record for and the IP address of, This setup works for now, but I want to know why it broke in the first place.

    We had some issue with DNS resolution to secure HTTPS due to beta firmware on our security appliance months ago, but this seems to be specifically a problem from our DNS server as using Google's public DNS on a host on the network resolved Google search requests and perfectly fine (which with the beta firmware issue still did not work). Also once we changed to an A record, it works fine.

    Per Google support, a CNAME record is to be made in the exact same way we had done, we simply used a Domain Alias instead of simply the Alias record. Other educational organizations in our area use the DNAME entry exactly as we do without any qualms (yet). Any thoughts on to why this won't work on our network anymore?

    Tuesday, April 19, 2016 3:28 PM


  • Hi Jbparrish,

    When the issue happen, have you checked the DNAME record in the zone? You could run debug mode of nslookup on client to analyze.

    Here is the reference for the command:

    >>We have a Forward Lookup Zone directory for

    If you have zone of, I suppose DNAME record is not needed. Creating an A record pointing to the IP address of forcesafesearch could achieve your goal. (Just as you did to replcae the DNAME record)

    Or you could create an A record for, then add a CNAME record named www pointing to

    Best Regards,


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact

    Wednesday, April 20, 2016 5:28 AM

All replies