On Sun, Mar 29, 2015 at 08:27:01PM -0400, Hendrik Boom wrote: > Why I've never understood is why it's not the default for a Debian > installation to have its own nameserver. > > Is there a reason to trust anyone else's nameserver?
Without DNSSEC, it's a fair tradeoff (no caching, but you have one less daemon to run) -- and anyone on the path can feed you bogus data anyway. But if we're trying to be secure, running the last mile over an untrusted network means you could as well not bother with DNSSEC. And outside of controlled setups, the only trusted network is localhost. So even with the most benevolent DNS server operator, you should run one locally. But in this case, we're talking of a company whose income relies on gathering tracking data. By defaulting to 8.8.8.8, resolvd effectively feeds metadata on almost any TCP/IP connection you make to Google. In other words, the bug that's being wontfixed here is a massive security/privacy hole. -- // If you believe in so-called "intellectual property", please immediately // cease using counterfeit alphabets. Instead, contact the nearest temple // of Amon, whose priests will provide you with scribal services for all // your writing needs, for Reasonable and Non-Discriminatory prices. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
