Am 01.10.20 um 16:36 schrieb Alexander Bokovoy: > > You can also drop a configuration snippet in > /etc/systemd/resolved.conf.d/ to contain > > FallbackDNS=<servers> > > This will disable global DNS servers for any case. > if that would be the default, it would be ok. Am 01.10.20 um 16:03 schrieb Michael Catanzaro: > We are not going to patch out fallback to Cloudflare or Google because > it is a non-issue. Fallback only happens when you have zero other DNS > servers configured. When was the last time you connected to a network > and there's no DHCP, no nothing? The number of users without some > other working DNS is probably under 0.1%. BTW: thumbs up for the DOT proposal. I will make it very clear and easy: O== Situation for Germany GDPR is in place as a EU LAW. The protection rules are only active for companies or organizations, not for private people. 2013 a german court (Kammergericht Berlin) ruled, that IP addresses are Personal Data. It has never been overruled. Personal Data can only be send to none eu countries and corporations, if there is a data protection law in place that has the same or better level of protection as the eu law has ( or if it's necessary to buy stuff (a house, car, whatever ). The pact the EU did with the US was called Privacy Shield. It imploded (for the second time) a few months ago. From the moment the eu court rule was public, transfer of personal data into the us was illegal. If you send a DNS REQUEST to a US DNS server from within a company network, and with ipv6 the internal ip is sent out i learned lately, you have sent personal data which is protected under the GDRP. It's not unlikely to use company pcs for private webvisits while having a meal break. Therefor, a os that has google and cloudflare as a default, even if it's unlikely to happen as you point out, which sends out dns with personal data in it to a us dns server, brings the company in great trouble with the law. In the end, this means, you as a company/org need to pay a (possibly) shitload of money as a fine and therefor they can't use this os anymore. (someone else on the list pointed this out too.) The consequence is, Fedora is a juristic risk. [The fine is higher, if you as corp/org did not document this data transfer in your data protection memos] Of course a working dns setup will prevent this problem, but thats not the point. Activists in germany and other countries try to get more and more gov projects to OSS due to privacy issues with M$. It would be a shame if Fedora would also count as a potential problem. Do we all really want this, for the benefit on 0.1%(as you say) have a dns lookup instead of a hint, that their systems are broken? Pls remember: I'm just the messenger, Í didn't write the laws ;) Funfact: last time I checked the northern germany police pc in my city, they used a fedora based desktop system. I like that fact :D But i'm pretty sure, they don't like a cloudflare fallback dns once they reach F33 ( if ever ). best regards, Marius Schwarz _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
