Re: systemd-resolved fallback DNS servers: usability vs. GDPR

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am 23.02.21 um 20:34 schrieb Zbigniew Jędrzejewski-Szmek:


Everything, that is not prepresenting a person, is not regulated by
GDPR, therefor it does not "need" to comply.

No. GDPR is about "personally identifying information". In particular,
it talks about information which may be combined with other information
(now or in the future) to identify a specific person. And an IP address
falls into this category in the general case.

The scenario we are considering here is e.g. a company which provides
computers with Fedora installed to its employees or customers. Whatever
resolver is used gets the source IP information which as described
above can be identifying (depending on the network setup and other
circumstances). By removing the fallback, we're removing a possible
information expose and violation of the law by the company.


I didn't say anything else ;)
If a  PC in a companies network, is accessing the companies dns cache, the dns cache uses it's own ip for the root dns request, hiding the personal IP from that root dns.  This is fine.
If the copmanies DNS cache is failing and the PC is falling back, using IPv6 to connect to a fallback server, that is an issue.
 I personally think, IPv4 doesn't matter here, as most companies do use NAT to connect the lan to the outside world. Individual traceback is no possible that way.
Which leads to the conclusion, that a workstation should not have fallbackservers for dns, where Cloudinstances need to check that requirement themselves as it matters how and where they do dns. It relies heavily on the service and how many people use it. 

Best regards,
Marius Schwarz
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux