Your message dated Mon, 25 Feb 2019 09:25:48 +0100
with message-id <[email protected]>
and subject line Re: privacy invasion due to automatic fallback to Cloudflare
has caused the Debian Bug report #923081,
regarding privacy invasion due to automatic fallback to Cloudflare
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
923081: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923081
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: systemd
Version: 240-6
Severity: important
Tags: upstream
Hi,
I was looking into upstream's changes for the release in unstable to
decide, whether or not I should report the problem with stopping
systemd-resolved, and found this:
---------------
resolved: use Cloudflare public DNS server as a default fallback alon…
…gside Google one
Cloudflare public DNS service is currently the fastest one according to
https://www.dnsperf.com/#!dns-resolvers. Why not improve the experience for
systemd users using this as a default fallback nameserver?
---------------
(Commit #def3c7c)
That falls imho under unpleasant surprises. We pretend to be conscious
of privacy etc, then underhandedly hand our DNS queries to Google and
Cloudflare if something goes wrong (misconfigured router? broken other
DNS server?), instead of having the query fail and let the user take a
decision.
Cheers,
Toni
-- Package-specific info:
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (70, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-2-amd64 (SMP w/12 CPU cores)
Kernel taint flags: TAINT_SOFTLOCKUP
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages systemd depends on:
ii adduser 3.118
ii libacl1 2.2.52-3+b1
ii libapparmor1 2.13.2-7
ii libaudit1 1:2.8.4-2
ii libblkid1 2.33.1-0.1
ii libc6 2.28-7
ii libcap2 1:2.25-2
ii libcryptsetup12 2:2.1.0-1
ii libgcrypt20 1.8.4-5
ii libgnutls30 3.6.6-2
ii libgpg-error0 1.35-1
ii libidn11 1.33-2.2
ii libip4tc0 1.8.2-3
ii libkmod2 26-1
ii liblz4-1 1.8.3-1
ii liblzma5 5.2.4-1
ii libmount1 2.33.1-0.1
ii libpam0g 1.1.8-4
ii libseccomp2 2.3.3-4
ii libselinux1 2.8-1+b1
ii libsystemd0 240-6
ii mount 2.33.1-0.1
ii util-linux 2.33.1-0.1
Versions of packages systemd recommends:
ii dbus 1.12.12-1
ii libpam-systemd 240-6
Versions of packages systemd suggests:
ii policykit-1 0.105-25
pn systemd-container <none>
Versions of packages systemd is related to:
pn dracut <none>
ii initramfs-tools 0.133
ii udev 240-6
-- Configuration Files:
/etc/systemd/resolved.conf changed [not included]
-- no debconf information
--- End Message ---
--- Begin Message ---
Hello Toni,
Thanks for your bug report but this is yet another duplicate of
many reports before it, like eg. #761658
On Sat, Feb 23, 2019 at 11:12:47PM +0000, Toni wrote:
[...]
> ---------------
> resolved: use Cloudflare public DNS server as a default fallback alon…
>
> …gside Google one
[...]
(Not sure why you think Cloudflare is a problem but Google is not, but
oh well.....)
> [...] pretend to be conscious of privacy etc, [...]
I think the previous conclusions can be summarized as:
If *you* enable systemd-resolved (which is shipped completely disabled)
then *you* are expected to know how to configure it.
https://www.freedesktop.org/software/systemd/man/resolved.conf.html#FallbackDNS=
Regards,
Andreas Henriksson
--- End Message ---
