Bug#876962: systemd: Default /etc/resolv.conf leak DNS lookups to Google
Petter Reinholdtsen
pere at hungry.com
Wed Sep 27 08:25:18 BST 2017
Package: systemd
Version: 234-3
Severity: important
By default, the systemd-resolved service in systemd will insert Google
controlled DNS servers in /etc/resolv.conf (8.8.8.8, 8.8.4.4,
2001:4860:4860::8888,2001:4860:4860::8844) . The effect is that all DNS
lookups are reported to Google, providing a rather nasty information
leak to Google by default.
Please change this to not leak information to Google by default.
The Google IP addresses are hardcoded into the binaries, as far as I can
tell, but can be overrided using the FallbackDNS value in
/etc/systemd/resolved.conf.
% strings /lib/systemd/systemd-resolved | grep 8.8.8
8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
%
--
Happy hacking
Petter Reinholdtsen
More information about the Pkg-systemd-maintainers
mailing list