Bug#787731: adds google nameserver without being asked to

Marc Haber mh+debian-packages at zugschlus.de
Thu Jun 4 15:02:32 BST 2015


Package: systemd
Version: 215-17
Severity: normal

On all systems I checked, there is a file /etc/systemd/resolved.conf
with the following contents:

[19/516]mh at barrida:~$ cat /etc/systemd/resolved.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
#
# See resolved.conf(5) for details

[Resolve]
#DNS=8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
[20/517]mh at barrida:~$ 

If I enable systemd-resolved, this ends up in the following resolv.conf:

[16/513]mh at barrida:~$ cat /run/systemd/resolve/resolv.conf
# This file is managed by systemd-resolved(8). Do not edit.
#
# Third party programs must not access this file directly, but
# only through the symlink at /etc/resolv.conf. To manage
# resolv.conf(5) in a different way, replace the symlink by a
# static file or a different symlink.

nameserver 192.168.181.12
nameserver 8.8.8.8
nameserver 8.8.4.4
# Too many DNS servers configured, the following entries may be ignored
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844
[17/514]mh at barrida:~$ 

Changing the commented out line in resolved.conf does not change
anything, so this must be the "compiled-in default".

The "nameserver 192.168.181.12" line that is generated on the system
in question originates in /etc/systemd/network/int181.network and is
the value that I -want- used.

The documentation in resolved.conf(5) suggests that the compiled-in
list does only apply if there is no other definition of DNS-Servers.
This is not the case here, and the fact that systemd-resolved takes
the definition from /etc/systemd/network/int181.network shows that it
knows that there is another definition.

Having google's resolvers in the first place poses a potential data
leak.

Greetings
Marc



More information about the Pkg-systemd-maintainers mailing list