Quoting Jaromil (jaro...@dyne.org): > for the record and the sake of historical correctness: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761658
I install Debian so rarely (and always supply my own recursive nameserver IP when I do) that I never noticed this policy decision. The only good thing I can say about said policy is that it's easy to override by the local sysadmin -- but really, DDs, if a service isn't configured then the installer should default to no service, on the Principle of Least Surprise. This shouldn't have been difficult for them to figure out. > there is however an issue we need to look at for Devuan: it seems the > default dns resolver for our distribution is also back to 8.8.8.8, at > least someone on irc backfired to this thread with this claim. > > despite this being a different change than just removing systemd, I > clearly recall that with Nextime we agreed back at the time of that > bug that we would not fall for this decision. So we should guard the > default and change it again if necessary now. > > While at ISOC NL new years reception I'll use the dinner conversation > to ask fellows at RIPE which public service dns they think are best. > I do like the OpenNIC project, among their servers some already > support dnscrypt. I would suggest, if the installing sysadmin has opted to not configure any DNS nameservice at all, i.e., was prompted for nameserver IP and provided none, and also had did not opt to have one given to the host with a DHCP lease, then the installing sysadmin should be assumed to _not want_ DNS nameservice on that machine. Some situations don't call for DNS nameservice, e.g., a compute cluster with only an isolated network might deliberately use only /etc/hosts files, or a NIS or LDAP network might use that host-name information service (plus /etc/hosts) and not use DNS.[1] IMO, the sysadmin should not wake up one morning, read his/her NIDS reports, and say 'Why are my Linux machines all trying to talk to Google Public DNS (or OpenDNS, etc.)? I didn't conigure that.' [1] Last time I installed Solaris, it still defaulted that way. If you don't furnish a nameserver IP or opt for DHCP, then there's not even a DNS presence in nsswitch.conf . _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
