F21 System Wide Change: Default Local DNS Resolver

[Paul Wouters]

On Wed, 30 Apr 2014, Dan Williams wrote:

> Untrusted networks use WPA too, like coffee shops that don't leave the
> network open, but write the WPA key on the chalkboard menu or print it
> on standup cards at the tables.  I've seen quite a few of these.

You are at least consciously logging into that network - it is not that
your device accidentally roamed on to it.

> There's really no guessing what's trusted/not-trusted unless you're
> using 802.1x/WPA Enterprise, or if the user has told you explicitly to
> trust this network.

I'm fine with marking anything untrusted unless otherwise signaled by
the user via the NM GUI. But others raised objections that it would
break too much. I argued changing the search list already breaks my
laptop security.

The problem is people have linked up the DHCP domain option with the
resolv.conf domain/search keywords to make "internal only" names
visible.

Between usability and security, where do we put the dial?

Paul