On Thu 30 Sep 2021 at 15:17:03 (+0200), Stella Ashburne wrote:
> > Sent: Thursday, September 30, 2021 at 1:38 PM
> > From: "David Wright" <deb...@lionunicorn.co.uk>
> >
> > My usual strategy is to let the Debian installer set the dns server to
> > IP address of the router, and configure the router to query 8.8.8.8/1.1.1.1.
> > It's not ideal if you have a router that doesn't "belong" to you,
> > ie that you can't configure yourself.
> >
> In the past I used to let the Debian installer set the DNS resolver for me. 
> But you know what? When I did that, I found out that Debian added 192.163.1.1 
> as one of the DNS resolvers. This was and is a No!No! for me because of 
> possible DNS leaks when I used a commercial VPN provider.

Is 192.163.1.1 a typo for 192.168.1.1? Or do you really mean that you
were using a resolver at Texas Instruments? Let's assume the former.

192.168.1.1 looks like the d-i ran a DHCP client to get an address
for your PC, and that the DHCP server that responded was probably
your router, address 192.168.1.1, and so the d-i figured that your
router would be able to resolve DNS. If it couldn't, it would pass
the request through to whichever resolvers were set up in the router
(by you). This is all standard practice. As I said, you are free to
override it, and I gave one possible hack. (Hack because I haven't
tried to keep up with the proper commands since it was mingled with
systemd, and sprouted resolvctl.)

The idea behind resolvconf is that when you connect to a different
network (say, in a hotel), or to a VPN, it can update the resolver
addresses in /etc/resolv.conf to suit, and reverse them when you
disconnect. If you only ever want a fixed set of DNS resolvers,
then I don't think you need resolvconf at all. Some people even
make /etc/resolv.conf immutable.

Cheers,
David.

Reply via email to