* Michael Catanzaro: > I don't think it would be smart for employees to voluntarily opt-in to > sending all DNS to their employer anyway... there's little benefit to > the employee, and a lot of downside. Importantly, if you're looking in > your network settings and you see a checkbox that says "Use this > connection only for resources on its network," a reasonable user > *expects* that the connection will *really* only be used for resources > on its network, not that it will be used for everything except DNS, > which randomly goes to who knows where depending on what else you're > connected to. Our design must try to avoid this failure case: "Sadly > for Distrustful Denise, her employer discovers that she has been > making some embarrassing DNS requests that she had expected to go > through public-vpn.example.com instead." Eh, for a corporate laptop (which is not physically connected to the corporate network due to present circumstances), I do expect that DNS is handled by the corporate DNS servers. I would also like to route all network traffic over the corporate VPN, but as I tried to explain, that is just not feasible at the moment. I also don't see how this is a trust issue for a *corporate* laptop used for work purposes. Thanks, Florian -- Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
