Hi,
I would like to question the decision that was made by systemd
maintainers to remove the fallback DNS server list:
https://src.fedoraproject.org/rpms/systemd/c/14b2fafb3688a4170a9c15235d1c...
And then backported to F33:
https://src.fedoraproject.org/rpms/systemd/c/ed795fb1fc9a2c20ebcac34bdf7e...
On F33, this actually breaks a working vanilla cloud instance by
removing the fallback DNS server list in a systemd upgrade, effectively
leaving the system with no DNS servers configured.
I described this in more detail here:
https://lists.fedoraproject.org/archives/list/cloud@lists.fedoraproject.o...
Zbigniew Jędrzejewski-Szmek wrote the following in the commit message
accompanying the fallback DNS server list removal:
So hopefully users will not see any effect from the change done in
this patch. Right now I think it is better to avoid the legal and
privacy risk. If it turns out this change causes noticable problems,
we might want to reconsider. In particular we could use the fallback
servers only in containers and such which are not "personal" machines
and there is no particular person attached to them.
I would argue that the change causes noticeable problems and we want to
reconsider this change.
In particular, I think cloud image users would prefer to have their
cloud instances usable out of the box, i.e. have DNS working out-of-the
box.
Don't get me wrong, I understand the privacy concerns and I think
Fedora should strive to protect the privacy of its users as much as
possible, but at the same time, the circumstances of a cloud instance
are probably very different from a e.g. workstation instance.
Possible solutions that come to mind:
1) Use different defaults for different Fedora editions, e.g. container
and cloud images include the fallback DNS servers list while
workstation (and similar) images don't.
2) Pick a reputable DNS resolver that preserves users' privacy and
doesn't log anything and configure it as a fallback DNS server.
Here is a good summary of DNS resolvers and their privacy:
https://privacytools.io/providers/dns/#dns
Thoughts?
Regards,
Tadej
P.S. I'm subscribed, but please keep me in Cc so I'll notice replies
sooner.