OK, you convinced me: https://src.fedoraproject.org/rpms/systemd/pull-request/37. Let's see what others say. Zbyszek On Fri, Oct 02, 2020 at 12:34:32AM +0200, Marius Schwarz wrote: > Am 01.10.20 um 16:36 schrieb Alexander Bokovoy: > > > > You can also drop a configuration snippet in > > /etc/systemd/resolved.conf.d/ to contain > > > > FallbackDNS=<servers> > > > > This will disable global DNS servers for any case. > > > if that would be the default, it would be ok. > > Am 01.10.20 um 16:03 schrieb Michael Catanzaro: > > We are not going to patch out fallback to Cloudflare or Google because > > it is a non-issue. Fallback only happens when you have zero other DNS > > servers configured. When was the last time you connected to a network > > and there's no DHCP, no nothing? The number of users without some > > other working DNS is probably under 0.1%. > > BTW: thumbs up for the DOT proposal. > > I will make it very clear and easy: > > O== Situation for Germany > > GDPR is in place as a EU LAW. The protection rules are only active for > companies or organizations, not for private people. > > 2013 a german court (Kammergericht Berlin) ruled, that IP addresses are > Personal Data. It has never been overruled. > > Personal Data can only be send to none eu countries and corporations, if > there is a data protection law in place that has the same or better > level of protection as the eu law has ( or if it's necessary to buy > stuff (a house, car, whatever ). The pact the EU did with the US was > called Privacy Shield. It imploded (for the second time) a few months > ago. From the moment the eu court rule was public, transfer of personal > data into the us was illegal. > > If you send a DNS REQUEST to a US DNS server from within a company > network, and with ipv6 the internal ip is sent out i learned lately, you > have sent personal data which is protected under the GDRP. It's not > unlikely to use company pcs for private webvisits while having a meal > break. > > Therefor, a os that has google and cloudflare as a default, even if it's > unlikely to happen as you point out, which sends out dns with personal > data in it to a us dns server, brings the company in great trouble with > the law. In the end, this means, you as a company/org need to pay a > (possibly) shitload of money as a fine and therefor they can't use this > os anymore. (someone else on the list pointed this out too.) The > consequence is, Fedora is a juristic risk. [The fine is higher, if you > as corp/org did not document this data transfer in your data protection > memos] Of course a working dns setup will prevent this problem, but > thats not the point. Activists in germany and other countries try to get > more and more gov projects to OSS due to privacy issues with M$. It > would be a shame if Fedora would also count as a potential problem. > > Do we all really want this, for the benefit on 0.1%(as you say) have a > dns lookup instead of a hint, that their systems are broken? > > Pls remember: I'm just the messenger, Í didn't write the laws ;) > > Funfact: last time I checked the northern germany police pc in my city, > they used a fedora based desktop system. I like that fact :D But i'm > pretty sure, they don't like a cloudflare fallback dns once they reach > F33 ( if ever ). > > > > best regards, > Marius Schwarz > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
