On Sun, 2015-03-29 at 05:57 +0200, Marco d'Itri wrote: > From resolved.conf(5): > > Any per-interface DNS servers obtained from > systemd-networkd.service(8) take precedence over this setting, as do > any servers set via DNS= above or /etc/resolv.conf. This setting is > hence only used if no other DNS server information is known. > > > I would like to propose that we either provide no default fallback, > > or chose to support OpenNIC that way. > This default is not used as long as a resolver has been configured by > the system administrator or provided by DHCP, and I see no value in > allocating development time to break cases which currently work by > removing support for a default. Wouldn't it be then the naturally expected result that DNS recursion simply fails and not built-in resolver of some data and money greedy company is used? If I haven't DNS configured, I probably don't want it to happen - and if I do, then I will very quickly notice that it doesn't work and can easily correct it.
The amount of privacy leakage that sums up these days in Linux and also Debian is really disturbing. The masses whine about mass surveillance and we have nothing better to do than just making live of spy and tracking companies as easy as possible. I'm probably used to, that all kinds of GNOME programs leak my peers to gravatar (and even that the respective upstreams are quite hostile, when one tells them they have privacy issues)... but now we start such things even at the lowest system level? Simply disturbing. > Since the Google resolvers are a very reliable widely anycasted service > which third parties are encouraged to use they actually look like a sane > fail-safe default, hence I am closing this bug. Well and I'm sure the NSA is best in storing data safely - nevertheless I wouldn't want them to provide me their "friendly backup services". I'm really not inclined to start another security discussion, since that's already lost cause in Debian... but the appropriate way would be to reopen this bug, solve it so that no data/privacy leakage happen... or perhaps to retitle Debian Windows, since apparently we're at the best way to become a system where everything works with many colours out of the box, but no longer under control or possessed by the user/admin. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature