Re: [Test-Announce] Re: Fedora 33 Beta Go/No-Go and Release Readiness meetings

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 10, 2020 at 06:37:56PM -0700, John M. Harris Jr wrote:
> On Thursday, September 10, 2020 4:42:24 AM MST Zbigniew Jędrzejewski-Szmek 
> wrote:
> > On Thu, Sep 10, 2020 at 01:27:30PM +0200, alciregi@xxxxxxxxxx wrote:
> > 
> > > On Thu, 2020-09-10 at 12:06 +0200, Eugene Syromiatnikov wrote:
> > > 
> > > > > 
> > > > > These DNS addresses are bundled upstream in systemd. And they are
> > > > > used
> > > > > in the event of a misconfiguration of your network settings, isn't
> > > > > it?
> > > > > However they are easily customizable in /etc/systemd/resolved.conf
> > > > > (FallbackDNS option)
> > > > 
> > > > 
> > > > It's about the distribution's default setting, not a configuration
> > > > possibility.
> > > 
> > > 
> > > "Which servers are used (or any at all) as a fallback is a compile-time
> > > as well as a runtime option. If you don't like the upstream defaults,
> > > then please work with downstream to pick different options or make the
> > > choices locally in your configuration files."
> > > 
> > > As a concerned user, you can configure the FallbackDNS option in
> > > /etc/systemd/resolved.conf and put whatever DNS you prefer. Google and
> > > so on will never be contacted.
> > > 
> > > Obviously the distribution can put different DNS in systemd at compile
> > > time, or provide a default resolved.conf file where FallbackDNS is
> > > uncommented and filled.
> > 
> > 
> > Exactly. With my maintainer hat on: this is a non-issue. We consider
> > current defaults (a working fallback configuration out of the box that
> > has a very minor information leak) better than the proposed (a non-working
> > fallback configuration). If you need to, provide the trivial two-line
> > dropin file to override this locally.
> 
> Zbyszek,
> 
> I'm definitely not suggesting something that is "non-working". That said, not 
> having any DNS servers configured indicates that remote lookup should not be 
> used, not that a random DNS server should be picked by the resolver itself. 
> When there are no DNS servers, the expected behavior is that no external 
> servers are used for lookup.

There are no environments where remote lookup SHOULD NOT not be used. There
are remote environments where it MUST NOT be used, and environments where it
is expected to work. For the former, just emptying /etc/resolv.conf is a halfway
measure that doesn't do enough so strong filtering with namespaces or routing
must be provided anyway. In the second case, we want to have working networking
(even if your local crappy dns router forgets to attach a dns server to the
dhcp lease or such).

Zbyszek
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux