On 2/22/21 11:17 AM, Zbigniew Jędrzejewski-Szmek wrote: > On Mon, Feb 22, 2021 at 10:58:09AM +0100, Tadej Janež wrote: >> Hi, >> >> I would like to question the decision that was made by systemd >> maintainers to remove the fallback DNS server list: >> https://src.fedoraproject.org/rpms/systemd/c/14b2fafb3688a4170a9c15235d1c3feb7ddeaf9d >> >> And then backported to F33: >> https://src.fedoraproject.org/rpms/systemd/c/ed795fb1fc9a2c20ebcac34bdf7e7c7ae17322a2?branch=f33 >> >> On F33, this actually breaks a working vanilla cloud instance by >> removing the fallback DNS server list in a systemd upgrade, effectively >> leaving the system with no DNS servers configured. >> >> I described this in more detail here: >> https://lists.fedoraproject.org/archives/list/cloud@xxxxxxxxxxxxxxxxxxxxxxx/thread/72MRKIFGPMFGBS7XJ5T5I23NVDXXWVGR/ >> >> Zbigniew Jędrzejewski-Szmek wrote the following in the commit message >> accompanying the fallback DNS server list removal: >> >>> So hopefully users will not see any effect from the change done in >>> this patch. Right now I think it is better to avoid the legal and >>> privacy risk. If it turns out this change causes noticable problems, >>> we might want to reconsider. In particular we could use the fallback >>> servers only in containers and such which are not "personal" machines >>> and there is no particular person attached to them. >> >> I would argue that the change causes noticeable problems and we want to >> reconsider this change. >> In particular, I think cloud image users would prefer to have their >> cloud instances usable out of the box, i.e. have DNS working out-of-the >> box. >> >> Don't get me wrong, I understand the privacy concerns and I think >> Fedora should strive to protect the privacy of its users as much as >> possible, but at the same time, the circumstances of a cloud instance >> are probably very different from a e.g. workstation instance. >> >> Possible solutions that come to mind: >> >> 1) Use different defaults for different Fedora editions, e.g. container >> and cloud images include the fallback DNS servers list while >> workstation (and similar) images don't. > > Yes, I think this would be the way to go. Cloud images already have > special configuration to invoke the "cloud init" services. They could > just as well add a drop-in in /usr/lib/systemd/resolved.conf/ with > FallbackDNS=. It would be even better to make sure that the cloud > config sets some appropriate dns servers in all cases. Problem with fallback is, you never know when they are appropriate. I think it should be possible to configure container without DNS access at all. It should depend on deployment configuration, not on fallback. It should obey configuration and notify user, when configuration is wrong. He should not realize that only when fallbacks were removed. > >> 2) Pick a reputable DNS resolver that preserves users' privacy and >> doesn't log anything and configure it as a fallback DNS server. >> Here is a good summary of DNS resolvers and their privacy: >> https://privacytools.io/providers/dns/#dns > > I don't think this is feasible. The laws put a lot of emphasis on > location (i.e. that the data is not processed by outside entities). > So an even perfectly good privacy-respecting provider might not be > acceptable in some locations (there's at least EU, Brazil, Japan that > have GDPR-like rules…). I don't think we want to analyze the situation > to figure out whether some provider is acceptable everywhere even once, > and promising to do that continuously as things change would be even > worse. > > Zbyszek > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemensik@xxxxxxxxxx PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure