Hi, I would like to question the decision that was made by systemd maintainers to remove the fallback DNS server list: https://src.fedoraproject.org/rpms/systemd/c/14b2fafb3688a4170a9c15235d1c3feb7ddeaf9d And then backported to F33: https://src.fedoraproject.org/rpms/systemd/c/ed795fb1fc9a2c20ebcac34bdf7e7c7ae17322a2?branch=f33 On F33, this actually breaks a working vanilla cloud instance by removing the fallback DNS server list in a systemd upgrade, effectively leaving the system with no DNS servers configured. I described this in more detail here: https://lists.fedoraproject.org/archives/list/cloud@xxxxxxxxxxxxxxxxxxxxxxx/thread/72MRKIFGPMFGBS7XJ5T5I23NVDXXWVGR/ Zbigniew Jędrzejewski-Szmek wrote the following in the commit message accompanying the fallback DNS server list removal: > So hopefully users will not see any effect from the change done in > this patch. Right now I think it is better to avoid the legal and > privacy risk. If it turns out this change causes noticable problems, > we might want to reconsider. In particular we could use the fallback > servers only in containers and such which are not "personal" machines > and there is no particular person attached to them. I would argue that the change causes noticeable problems and we want to reconsider this change. In particular, I think cloud image users would prefer to have their cloud instances usable out of the box, i.e. have DNS working out-of-the box. Don't get me wrong, I understand the privacy concerns and I think Fedora should strive to protect the privacy of its users as much as possible, but at the same time, the circumstances of a cloud instance are probably very different from a e.g. workstation instance. Possible solutions that come to mind: 1) Use different defaults for different Fedora editions, e.g. container and cloud images include the fallback DNS servers list while workstation (and similar) images don't. 2) Pick a reputable DNS resolver that preserves users' privacy and doesn't log anything and configure it as a fallback DNS server. Here is a good summary of DNS resolvers and their privacy: https://privacytools.io/providers/dns/#dns Thoughts? Regards, Tadej P.S. I'm subscribed, but please keep me in Cc so I'll notice replies sooner.
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
