Bug#761658: Please do not default to using Google nameservers
Christoph Anton Mitterer
calestyo at scientia.net
Sun Mar 29 05:35:12 BST 2015
On Sun, 2015-03-29 at 05:57 +0200, Marco d'Itri wrote:
> From resolved.conf(5):
>
> Any per-interface DNS servers obtained from
> systemd-networkd.service(8) take precedence over this setting, as do
> any servers set via DNS= above or /etc/resolv.conf. This setting is
> hence only used if no other DNS server information is known.
>
> > I would like to propose that we either provide no default fallback,
> > or chose to support OpenNIC that way.
> This default is not used as long as a resolver has been configured by
> the system administrator or provided by DHCP, and I see no value in
> allocating development time to break cases which currently work by
> removing support for a default.
Wouldn't it be then the naturally expected result that DNS recursion
simply fails and not built-in resolver of some data and money greedy
company is used?
If I haven't DNS configured, I probably don't want it to happen - and if
I do, then I will very quickly notice that it doesn't work and can
easily correct it.
The amount of privacy leakage that sums up these days in Linux and also
Debian is really disturbing.
The masses whine about mass surveillance and we have nothing better to
do than just making live of spy and tracking companies as easy as
possible.
I'm probably used to, that all kinds of GNOME programs leak my peers to
gravatar (and even that the respective upstreams are quite hostile, when
one tells them they have privacy issues)... but now we start such things
even at the lowest system level?
Simply disturbing.
> Since the Google resolvers are a very reliable widely anycasted service
> which third parties are encouraged to use they actually look like a sane
> fail-safe default, hence I am closing this bug.
Well and I'm sure the NSA is best in storing data safely - nevertheless
I wouldn't want them to provide me their "friendly backup services".
I'm really not inclined to start another security discussion, since
that's already lost cause in Debian... but the appropriate way would be
to reopen this bug, solve it so that no data/privacy leakage happen...
or perhaps to retitle Debian Windows, since apparently we're at the best
way to become a system where everything works with many colours out of
the box, but no longer under control or possessed by the user/admin.
Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20150329/c62b750e/attachment.bin>
More information about the Pkg-systemd-maintainers
mailing list