Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 29.09.20 um 10:19 schrieb Lennart Poettering:

Also, people would react very allergic if we'd start sending all DNS
traffic to google or so. I mean, you can't believe how pissed people
are that we have a fallback in place that if no DNS servers have been
configured at all or acquired via DHCP we fall back to Cloudflare +
Google DNS servers. Downstream distros (Debian…) tend to patch that
fallback out even... 


I hope they all patch it out. Google NS Service may be reliable, but with GDPR in place in Europe, you really can't sell your user base out to google and cloudflare like mozilla did.

DNS data, because a user IP is involved, is personal data per definition in Germany. You, of all others, should know that as the Kammergericht, Berlin stated it in their 2013 judgement.
So, if my pc is sending a dns request to a google or CF dns server,  and it's a company pc, it's a GDPR violation. And those are not the only data protection laws in the world.

The only valid way to handle a none working DNS is to NOT CIRCUMVENT IT. If the admin of that network has failed to set them up correctly, any other device will fail too or they too have hardcoded dns servers somewhere. I would prefer to be informed that dns is not setuped correctly to fix the mistake instead of silently working around it. (btw thats was the job of the replaced /etc/resolv.conf , to honour the nameservers the user wants, not some place to store the result of dhcp )

Linux is known to the public as a data protecting os and not one that rants out it's users to cloudflare. A few postings ago i thought, that reenabling dnssec would solve the issue, but now I tend to vote for a revert on the use of systemd-resolved in Fedora if I need to worry about my dns having privacy issues.

Marius Schwarz
Germany
EU



_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux