Derek del Barrio

Bing, Google, and YouTube Safe Search

Solid Border has many K-12 customers who depend on SafeSearch features in search engines. These features are constantly updated, usually without warning. This can cause issues when web filters that have worked for years are suddenly unable to filter adult content from image searches. Now with the move to SSL-everywhere, safe search is tougher than ever to enforce at the network level. In late 2014, we're starting to see the major search & content providers finally provide network-wide options for enabling safe search.

Bing has a network-wide option for schools. They can sign up their public IPs to enforce safe search and disable ads for Bing.

Google & YouTube recently released a hostname called All Google and YouTube traffic destined to this hostname will be forced to enable Safe Search, with no options to disable it.

Google's documentation suggests that a CNAME be created in DNS to redirect traffic to this host. There are some complications with this, which we will not get into here. These instructions will guide you through creating A record entries for and with Windows DNS, though BIND and other servers will work similarly. Warning: DO NOT add zones for .com or , this will only bring you heartache. You want your zone names to be and

Currently, resolves to You can verify this at any command line by entering nslookup

Once verified, create a new zone for (and again for


Once the zone is created, you'll need to add an A record for the domain name that points to


When you are finished, your zone should look like this:


Once this is in place you can test by performing an nslookup on, it should resolve only to this IP address. Now test by browsing to and All search requests, including are redirected to, so there is no need to worry about Google's other hostnames (at the time of this writing).


Derek del Barrio is President and Systems Engineer at Solid Border, Inc. Derek has been working in the IT Security field since 2000. CNSE (Palo Alto Networks) certified since 2012.