On Thu, 1 Oct 2020, Michael Catanzaro wrote:
We are not going to patch out fallback to Cloudflare or Google because it is a non-issue. Fallback only happens when you have zero other DNS servers configured. When was the last time you connected to a network and there's no DHCP, no nothing? The number of users without some other working DNS is probably under 0.1%.
DNS discovery is currrently a hot topic at the IETF and there are various proposals circulating on how a client should behave to find its best DNS resolver. Please see the ADD and DPRIVE working groups and their documents. I posted a few direct links in the last few days already. I think a mechanism that has been architectured by a wider group of engineers from a large number of different backgrounds and use cases would be a more appropriate venue to address this complex policy issue. Personally, I prefer to prompt the user for permission before deciding to send their personal data to (mostly US based) entities. And while the majorit of desktop users _might_ be okay with this implicit decision, it is always better to confirm that explicitely. You might think that UI is as bad as the COOKIE popups we now get, but lawyers disagree with us - whether we like or not that is a universe we live in. Fruthermore it seems the servers running this will almost always never want this to happen, as most enterprises these days, especially in light of TLS 1.3 and encrypted SNI, are more and more reliant on using the DNS stream as an active firewall. Paul _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
