Am 29.09.20 um 10:19 schrieb Lennart Poettering: > > Also, people would react very allergic if we'd start sending all DNS > traffic to google or so. I mean, you can't believe how pissed people > are that we have a fallback in place that if no DNS servers have been > configured at all or acquired via DHCP we fall back to Cloudflare + > Google DNS servers. Downstream distros (Debian…) tend to patch that > fallback out even... >
I hope they all patch it out. Google NS Service may be reliable, but with GDPR in place in Europe, you really can't sell your user base out to google and cloudflare like mozilla did. DNS data, because a user IP is involved, is personal data per definition in Germany. You, of all others, should know that as the Kammergericht, Berlin stated it in their 2013 judgement. So, if my pc is sending a dns request to a google or CF dns server, and it's a company pc, it's a GDPR violation. And those are not the only data protection laws in the world. The only valid way to handle a none working DNS is to NOT CIRCUMVENT IT. If the admin of that network has failed to set them up correctly, any other device will fail too or they too have hardcoded dns servers somewhere. I would prefer to be informed that dns is not setuped correctly to fix the mistake instead of silently working around it. (btw thats was the job of the replaced /etc/resolv.conf , to honour the nameservers the user wants, not some place to store the result of dhcp ) Linux is known to the public as a data protecting os and not one that rants out it's users to cloudflare. A few postings ago i thought, that reenabling dnssec would solve the issue, but now I tend to vote for a revert on the use of systemd-resolved in Fedora if I need to worry about my dns having privacy issues. Marius Schwarz Germany EU
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
