* Michael Catanzaro: > If you're running mail servers or VPN servers, you can probably > configure the DNS to your liking, right? Either enable DNSSEC support > in systemd-resolved, or disable systemd-resolved. I'm not too > concerned about this.... What about end users who just enable a VPN client? My understanding is that the DNS request routing in systemd-resolved effectively disables any security mechanisms on the VPN side, and instructs most current browsers to route DNS requests to centralized DNS servers for all requests (i.e., overriding what came from both the VPN and DHCP). Thanks, Florian -- Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
