On Thursday, September 10, 2020 4:42:24 AM MST Zbigniew Jędrzejewski-Szmek wrote: > On Thu, Sep 10, 2020 at 01:27:30PM +0200, alciregi@xxxxxxxxxx wrote: > > > On Thu, 2020-09-10 at 12:06 +0200, Eugene Syromiatnikov wrote: > > > > > > > > > > These DNS addresses are bundled upstream in systemd. And they are > > > > used > > > > in the event of a misconfiguration of your network settings, isn't > > > > it? > > > > However they are easily customizable in /etc/systemd/resolved.conf > > > > (FallbackDNS option) > > > > > > > > > It's about the distribution's default setting, not a configuration > > > possibility. > > > > > > "Which servers are used (or any at all) as a fallback is a compile-time > > as well as a runtime option. If you don't like the upstream defaults, > > then please work with downstream to pick different options or make the > > choices locally in your configuration files." > > > > As a concerned user, you can configure the FallbackDNS option in > > /etc/systemd/resolved.conf and put whatever DNS you prefer. Google and > > so on will never be contacted. > > > > Obviously the distribution can put different DNS in systemd at compile > > time, or provide a default resolved.conf file where FallbackDNS is > > uncommented and filled. > > > Exactly. With my maintainer hat on: this is a non-issue. We consider > current defaults (a working fallback configuration out of the box that > has a very minor information leak) better than the proposed (a non-working > fallback configuration). If you need to, provide the trivial two-line > dropin file to override this locally. Zbyszek, I'm definitely not suggesting something that is "non-working". That said, not having any DNS servers configured indicates that remote lookup should not be used, not that a random DNS server should be picked by the resolver itself. When there are no DNS servers, the expected behavior is that no external servers are used for lookup. -- John M. Harris, Jr. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
