On Thu, Sep 10, 2020 at 9:34 PM John M. Harris Jr <johnmh(a)splentity.com> wrote:
On Thursday, September 10, 2020 1:36:18 AM MST alciregi(a)posteo.net wrote:
> On Thu, 2020-09-10 at 01:02 -0700, John M. Harris Jr wrote:
>
> >
> >
> > A quick reminder that we're about to release with the system
> > configured to use
> > Google DNS when no DNS servers are configured. If privacy is valued
> > at all,
> > this needs to be addressed before release.
>
>
>
> These DNS addresses are bundled upstream in systemd. And they are used
> in the event of a misconfiguration of your network settings, isn't it?
> However they are easily customizable in /etc/systemd/resolved.conf
> (FallbackDNS option)
>
> And for the records:
https://github.com/systemd/systemd/issues/8782
>
> The same thing is true for system time and date (systemd default to
> Google NTP servers). But as far as I can see it is already addressed
> here
>
https://src.fedoraproject.org/rpms/systemd/blob/master/f/systemd.spec#_329
Regardless of Lennart's personal views, this is something that definitely
merits some attention, and perhaps to be fixed before go-live. They're used
whenever there are no configured DNS servers, not in the event of
misconfiguration. Perhaps we should update /etc/systemd/resolved.conf to
include "FallbackDNS=" system-wide? That would fix this behavior, for sure,
and prevent the privacy issue for our users.
I'd rather have fallback DNS than no DNS by default.
Why in the world would systemd have anything to do with NTP? We still
use
ntpd, do we not? Checking my system.. Nope, but it's chronyd. Still not
systemd.
timesyncd is a simple NTP client for minimal Linux systems. We don't
use it, because chronyd is miles better.
Also, looks like systemd is adding itself as a user and group
database? This
is probably a bug. Right?
https://src.fedoraproject.org/rpms/systemd/blob/master/f/systemd.spec#_655
No. nss-systemd has been a thing for many years. It was added so that
DynamicUsers= functionality for systemd units would work.
--
真実はいつも一つ!/ Always, there's only one truth!