Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Oct 1, 2020 at 3:32 pm, Marius Schwarz <fedoradev@xxxxxxxxxxxx> wrote: 
I think, he meant the systemd-resolved fiallback to Cloudflare and
Google. Is that in the fedora build? If so, i suggest to patch it out.
That will fix the issue for me in perspective of the GDPR.
Unless you explain this *very* clearly, I'm going to ignore it, because it seems farfetched. Fedora is not operating its own DNS server or collecting any sort of DNS-related data from you.
We are not going to patch out fallback to Cloudflare or Google because it is a non-issue. Fallback only happens when you have zero other DNS servers configured. When was the last time you connected to a network and there's no DHCP, no nothing? The number of users without some other working DNS is probably under 0.1%. Even then, I think you also have to disable NetworkManager for systemd-resolved to ever use its fallback DNS, because NetworkManager will configure a ~. DNS domain, causing systemd-resolved to never use its global DNS settings. (I think. That's my reading of the manpage. Testing welcome from anyone who wants to confirm that.)
So (if I'm right) we are talking about the exceeding rare combination of (a) no DNS set by DHCP, and also (b) user manually disabled NetworkManager. If you're really going to do (b) you will probably also disable systemd-resolved, right? Or make the one-line config file change to remove the fallback DNS? Or just manually set some DNS server? Seriously, this is a silly thing to worry about.
Finally, in the extremely unlikely event you do somehow wind up with Cloudflare and Google DNS, then you should *celebrate*, because they have extremely strong privacy policies for their DNS. Unless you think they are just lying about their data collection practices -- which they are not -- you have nothing to worry about from their DNS [1][2]. In contrast, your ISP is probably selling your DNS queries to advertisers. If you disagree, doesn't matter, because you're probably never going to see this fallback. 

Michael

[1] https://developers.google.com/speed/public-dns/privacy
[2] https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/ 

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux