On Tue, Sep 1, 2020 at 8:17 am, Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote:
Hiding it inside yet another systemd structure without following the existing standards is, sadly, typical of systemd. It also puts at risk restricted environments where providing no DNS is deliberately used to restrict outbound network use, such as virtual machines or chroot cages without an enabled /etc/resolv.conf. That includes the "mock" build environment where "pip install" is kept network disabled by the lack of DNS.
So open up /etc/systemd/resolved.conf and set FallbackDNS= (set it to nothing). That will override fallback to Cloudflare or Google. Then you're done.
Realistically, this fallback is unlikely to ever be used anyway, so it doesn't matter very much. And if you're operating a restricted environment and you don't know how to configure DNS, you likely have bigger problems than systemd....
It will also completely screw up VPN setups where out-of-band DNS servers break internal versus external service access management.
No it won't. systemd is not going to use a fallback DNS server if your VPN provides its own DNS. It's not stupid. This is very easily verified simply by typing 'resolvectl' and seeing what DNS servers it has configured for a particular tun interface.
Michael _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
