On Wed, Apr 15, 2020 at 5:06 pm, Lennart Poettering
<mzerqung@xxxxxxxxxxx> wrote:
If RH VPN configures "redhat.com" as search domain for their VPN then
this means all redhat.com traffic is automatically pulled over to the
VPN and will not be routed elsewhere anymore.
In particular: current behavior is that redhat.com queries will leak to
public DNS if the user connects to the public VPN first, which is the
usual case, especially for anyone who configures public VPN to
autoconnect on startup. So the status quo is really not secure at all.
Yes, it will break the sinkholing for lookalike domains, but on balance
I would say that getting the right DNS queries to the right servers is
more important for security overall.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
