On Wed, Apr 15, 2020 at 5:06 pm, Lennart Poettering
<mzerq...@0pointer.de> wrote:
If RH VPN configures "redhat.com" as search domain for their VPN then
this means all redhat.com traffic is automatically pulled over to the
VPN and will not be routed elsewhere anymore.
In particular: current behavior is that redhat.com queries will leak to
public DNS if the user connects to the public VPN first, which is the
usual case, especially for anyone who configures public VPN to
autoconnect on startup. So the status quo is really not secure at all.
Yes, it will break the sinkholing for lookalike domains, but on balance
I would say that getting the right DNS queries to the right servers is
more important for security overall.
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
