Bug#761658: Please do not default to using Google nameservers

Christoph Anton Mitterer calestyo at scientia.net
Wed Apr 8 14:03:11 BST 2015


On Wed, 2015-04-08 at 10:45 +0200, Michael Biebl wrote: 
> Just like resolved needs explicit opt in by the admin (the service is
> disabled by default).
I don't think that this actually changes anything.
Everything is in a way explicitly opt in, when you install Debian.
The point is can some behaviour be expected or not and is some behaviour
and unnecessary privacy leak or not.
Moreover, Debian is an Opensource project and not a corporate OS, so we
should probably not choose a single vendor and "advertise" the use of
his services.


> Also, it writes the resolv.conf to /run/systemd/resolve/resolv.conf.
> So the admin needs to explicitly replace /etc/resolv.conf with a symlink
> to enable this feature.
> Also, 99,9% (or more) do not even need the fallback, because they've
> setup their DNS config statically or via DNS.
Which makes it just more a question why this behaviour is insisted upon
when it has clearly documented disadvantages.

> Also, the fallback is clearly documented in /etc/systemd/resolved.conf,
> so the fallback DNS entries are by no means hidden, as was claimed
> somewhere else.
I think that's relative.
Nothing is hidden in the sense that it's open source, but one cannot
expect anybody to read through all documentation and config files,
especially not for base services and especially not when there is no
reason for the user/admin to believe that well known behaviour has
changed.


> Honestly, this is a tempest in a tea pot.
Well, that depends on one's PoV.
Of course this is just one further "little" privacy leak. But that's
basically everyone's excuse for such issues, and in total all of them
make a big issue.
Take a thousand tea pots, each with its tempest, and you'll have a real
storm.


Last but not least,... it isn't so unlikely that resolved *will* become
the default, and if only because it's a natural choice.
And I see it coming that changing the, then, long standing default,
would be refused either.


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20150408/9bb0bbb2/attachment-0002.bin>


More information about the Pkg-systemd-maintainers mailing list