cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1307
Views
0
Helpful
0
Replies

Firepower DNS Sinkhole Bypass

dan.letkeman
Level 4
Level 4

Hello,

 

I am using the DNS sinkhole option to enforce google, bing and youtube safe search.  This is working well.

 

However there seem to be some google services that don't work when you use the recommended google safe search dns server:

 

https://support.google.com/websearch/answer/186669

 

So when a user tries to go to something like musiclab.chromeexperiments.com they get a 404 error because google returns google.com with the dns response as seen here and then it matches our DNS sinkhole rule as seen here:

 

nslookup musiclab.chromeexperiments.com
Server: dns1.mydomain.com
Address: 10.5.0.103

Non-authoritative answer:
Name: ghs.google.com
Addresses: 2001:db8::
216.239.38.120
Aliases: musiclab.chromeexperiments.com

 

Is there anyone that is using the DNS sinkhole that has found a solution?

 

Thanks,

Dan.

0 Replies 0