Implementing Google ForceSafeSearch on Mac OS X Server

I'm trying to implement Google Safe Search — per Option 3 at this article: https://support.google.com/websearch/answer/186669 — on our Mac OS X Server.

In other words, I'm trying to force Safe Search via DNS by creating a CNAME alias to "forcesafesearch.google.com" for www.google.com and the www.google.x country domains (I've also tried an A record instead).

I ran into problems when attempting to enable this for www.google.com in particular. I cannot find any Google documentation on how to properly implement this CNAME alias (or A/"Machine" record) for Mac servers.

What do I need to put in for "Nameservers" as seen in the attached screenshot? I cannot leave it blank. I've tried ns1.google.com through ns4, but obviously that doesn't do any good for google.com itself. In the attached screenshot you can see that my latest attempt was to try the IPs of ns1.google.com through ns4 (for now just testing with a Google country domain, google.ad, so it won't mess anything up with the main Google site). However, when I tried these settings briefly for www.google.com it blocked accounts.google.com — and obviously we need that to work for logging into Google services! Google.com has a lot of subdomains so it's not feasible to try to implement this for all of them (not to mention that I'm not sure that would work, anyway). Again, I cannot leave out Nameserver Hostnames because the configuration cannot be saved if one attempts to do so.

What's the proper way to configure Nameservers as seen in the attached screenshot to enable Safe Search via DNS while still enabling other subdomains of Google.com to work properly, e.g. images.google.com and accounts.google.com? I've read that this can also be done for YouTube.com: http://www.solidborder.com/2014/12/google-dns-safe-search-enforcement/ (alas, instructions are for a Windows server).