* Michael Catanzaro:
"Fedora 33 uses systemd-resolved for name resolution. Most users will not notice any difference, but VPN users will benefit from safer defaults that ensure DNS requests are sent to the same network that would receive the corresponding traffic, avoiding unexpected DNS leaks or failure to resolve internal domains."
I think this is rather misleading.
* The change disables protection mechanisms built into corporate VPNs that require them to observe all DNS traffic. Now this may sound rather weak as far as countermeasures go, but DNS-based mechanisms are the only thing you have got if you do not enforce a client-side approach (ugh, no thanks), or disable split tunneling (i.e., default route over the VPN; frequently not possible with current VPN usage levels and virtual company meetings over video link).
* There is no real protocol for sharing internal domains, so systemd-resolved cannot know all of them, and resolving some of them will fail or receive unexpected resolution results (probably observable for some jboss.org subdomains for Red Hatters, but I don't work in that area, so I don't have a good example at hand).
Thanks, Florian