Bug#876962: systemd: Default /etc/resolv.conf leak DNS lookups to Google

Petter Reinholdtsen pere at hungry.com
Wed Sep 27 08:25:18 BST 2017

Package: systemd
Version: 234-3
Severity: important

By default, the systemd-resolved service in systemd will insert Google
controlled DNS servers in /etc/resolv.conf (,,
2001:4860:4860::8888,2001:4860:4860::8844) .  The effect is that all DNS
lookups are reported to Google, providing a rather nasty information
leak to Google by default.

Please change this to not leak information to Google by default.

The Google IP addresses are hardcoded into the binaries, as far as I can
tell, but can be overrided using the FallbackDNS value in

% strings /lib/systemd/systemd-resolved | grep 8.8.8 2001:4860:4860::8888 2001:4860:4860::8844

Happy hacking
Petter Reinholdtsen

More information about the Pkg-systemd-maintainers mailing list