Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

28 Sep 2020


      * Michael Catanzaro:
...
If you're running mail servers or VPN servers, you can probably
configure the DNS to your liking, right? Either enable DNSSEC support 
in systemd-resolved, or disable systemd-resolved. I'm not too
concerned about this....
What about end users who just enable a VPN client?
My understanding is that the DNS request routing in systemd-resolved
effectively disables any security mechanisms on the VPN side, and
instructs most current browsers to route DNS requests to centralized DNS
servers for all requests (i.e., overriding what came from both the VPN
and DHCP).
Thanks,
Florian
-- 
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved