On Thu, Sep 10, 2020 at 01:27:30PM +0200, alciregi(a)posteo.net wrote:
On Thu, 2020-09-10 at 12:06 +0200, Eugene Syromiatnikov wrote:
> >
> > These DNS addresses are bundled upstream in systemd. And they are
> > used
> > in the event of a misconfiguration of your network settings, isn't
> > it?
> > However they are easily customizable in /etc/systemd/resolved.conf
> > (FallbackDNS option)
>
> It's about the distribution's default setting, not a configuration
> possibility.
"Which servers are used (or any at all) as a fallback is a compile-time
as well as a runtime option. If you don't like the upstream defaults,
then please work with downstream to pick different options or make the
choices locally in your configuration files."
As a concerned user, you can configure the FallbackDNS option in
/etc/systemd/resolved.conf and put whatever DNS you prefer. Google and
so on will never be contacted.
Obviously the distribution can put different DNS in systemd at compile
time, or provide a default resolved.conf file where FallbackDNS is
uncommented and filled.
Exactly. With my maintainer hat on: this is a non-issue. We consider
current defaults (a working fallback configuration out of the box that
has a very minor information leak) better than the proposed (a non-working
fallback configuration). If you need to, provide the trivial two-line dropin
file to override this locally.
Zbyszek