Bug#761658: Please do not default to using Google nameservers

Martin Steigerwald martin at lichtvoll.de
Sun Mar 29 10:59:10 BST 2015 

Am Sonntag, 29. März 2015, 07:18:43 schrieb Christoph Anton Mitterer:
> On Sun, 2015-03-29 at 06:55 +0200, Michael Biebl wrote:
> > Am 29.03.2015 um 06:35 schrieb Christoph Anton Mitterer:
> > > I'm really not inclined to start another security discussion, since
> > > that's already lost cause in Debian... but the appropriate way would
> > > be
> > > to reopen this bug, solve it so that no data/privacy leakage
> > > happen...
> > > or perhaps to retitle Debian Windows,
> > 
> > I don't really appreciate this tone. You're not really convincing
> > anyone this way only putting people off.
> 
> The "tone" wasn't impolite or offensive to anyone,... and that security
> is just amongst further goals in Debian is simply a matter of fact.
> 
> And AFAIU the problem of data/privacy leakage isn't just made up, is it?
> If the system falls back to google nameservers they will now anything
> one tries to resolve.
> And
> $ geoiplookup 8.8.8.8
> GeoIP Country Edition: US, United States
> shows that it won't be only Google who knows ;-)
> 
> So what exactly is it that you don't like, cause I don't understand it.
> 
> Seriously, Michael, just because someone didn't start a message with
> hugs and cookies doesn't mean he meant anything offensive or unfriendly.
> Or are there already Code of Conflict cases running against me now or
> Marco because he used the word "lunacy" on someone else's work o.O

I highly appreciate if the default of using google name server if nothing 
else is configured is removed from Debian´s systemd.

I had a similar issue with Debian packaged Wordpress which appears to try 
to download fonts from Google unless I install a plugin to disable this, 
which I didn´t yet report. But really, if there is no DNS server 
configured I expect name resolution to *fail*, instead of the system 
asking any DNS server of choice by some who was not me. At least unless 
there is a DNS service that provably doesn´t track and save queries of 
users of it. As thats near to impossible to prove.

And no, I do not want to have to configure the system for basic privacy. I 
do want this to be the default. This is Debian, no Google Play enabled 
Android device.

So I kindly ask you to remove configuring some DNS server in systemd if 
the unlikely case none is configured elsewise. User desktops often use 
DHCP. Then they usually have DNS. And if someone configured network 
manually, for example for a server VM, please pretty please require that 
he gives a DNS server by itself. There are even cases where one may not 
want to have DNS resolution at all.

If you want, add a dialog on desktop enviroment "no dns server configured" 
with choices like "choose one from a list" and "enter one manually", but 
don´t do it implicetely. Users are not in control otherwise cause frankly, 
who would notice that the system would use Google name servers if none a 
configured? I bet most won´t even notice it. So they are *not* in control. 
Cause you can only be in control of what you *know*. I didn´t notice 
Wordpress accessing Google servers unless I installed Iceweasel request 
policy plugin. Thus I didn´t just sacrifice the privacy of myself, but 
also of my users *without* knowing so. I was very angry as I found out 
which remembers me to report a bug. I didn´t at that time as I even feared 
a harsh respone. If a systemd based system is used on a misconfigured 
router it may leak the privacy of any users behind it.

I hope this gives a clear reasoning. Frankly I do not understand why this 
default has not already been removed long ago. Whats the case for *having* 
this as a default? Some minor convenience in the case someone messes up 
network configuration by not providing a DNS server? Just that it is in 
systemd upstream does not mean that it is good to have.

Ciao,
-- 
Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
GPG: 03B0 0D6C 0040 0710 4AFA  B82F 991B EAAC A599 84C7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20150329/5c206427/attachment-0002.sig>

More information about the Pkg-systemd-maintainers mailing list