* Michael Catanzaro:
I don't think it would be smart for employees to voluntarily
opt-in to
sending all DNS to their employer anyway... there's little benefit to
the employee, and a lot of downside. Importantly, if you're looking in
your network settings and you see a checkbox that says "Use this
connection only for resources on its network," a reasonable user
*expects* that the connection will *really* only be used for resources
on its network, not that it will be used for everything except DNS,
which randomly goes to who knows where depending on what else you're
connected to. Our design must try to avoid this failure case: "Sadly
for Distrustful Denise, her employer discovers that she has been
making some embarrassing DNS requests that she had expected to go
through
public-vpn.example.com instead."
Eh, for a corporate laptop (which is not physically connected to the
corporate network due to present circumstances), I do expect that DNS is
handled by the corporate DNS servers. I would also like to route all
network traffic over the corporate VPN, but as I tried to explain, that
is just not feasible at the moment. I also don't see how this is a
trust issue for a *corporate* laptop used for work purposes.
Thanks,
Florian
--
Red Hat GmbH,
https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill