Bug#923081: privacy invasion due to automatic fallback to Cloudflare

Toni toni at debian.org
Sat Feb 23 23:12:47 GMT 2019

Package: systemd
Version: 240-6
Severity: important
Tags: upstream


I was looking into upstream's changes for the release in unstable to
decide, whether or not I should report the problem with stopping
systemd-resolved, and found this:

resolved: use Cloudflare public DNS server as a default fallback alon…

…gside Google one

Cloudflare public DNS service is currently the fastest one according to
https://www.dnsperf.com/#!dns-resolvers. Why not improve the experience for
systemd users using this as a default fallback nameserver?

(Commit #def3c7c)

That falls imho under unpleasant surprises. We pretend to be conscious
of privacy etc, then underhandedly hand our DNS queries to Google and
Cloudflare if something goes wrong (misconfigured router? broken other
DNS server?), instead of having the query fail and let the user take a


-- Package-specific info:

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (70, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/12 CPU cores)
Kernel taint flags: TAINT_SOFTLOCKUP
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  adduser          3.118
ii  libacl1          2.2.52-3+b1
ii  libapparmor1     2.13.2-7
ii  libaudit1        1:2.8.4-2
ii  libblkid1        2.33.1-0.1
ii  libc6            2.28-7
ii  libcap2          1:2.25-2
ii  libcryptsetup12  2:2.1.0-1
ii  libgcrypt20      1.8.4-5
ii  libgnutls30      3.6.6-2
ii  libgpg-error0    1.35-1
ii  libidn11         1.33-2.2
ii  libip4tc0        1.8.2-3
ii  libkmod2         26-1
ii  liblz4-1         1.8.3-1
ii  liblzma5         5.2.4-1
ii  libmount1        2.33.1-0.1
ii  libpam0g         1.1.8-4
ii  libseccomp2      2.3.3-4
ii  libselinux1      2.8-1+b1
ii  libsystemd0      240-6
ii  mount            2.33.1-0.1
ii  util-linux       2.33.1-0.1

Versions of packages systemd recommends:
ii  dbus            1.12.12-1
ii  libpam-systemd  240-6

Versions of packages systemd suggests:
ii  policykit-1        0.105-25
pn  systemd-container  <none>

Versions of packages systemd is related to:
pn  dracut           <none>
ii  initramfs-tools  0.133
ii  udev             240-6

-- Configuration Files:
/etc/systemd/resolved.conf changed [not included]

-- no debconf information

More information about the Pkg-systemd-maintainers mailing list