* Michael Catanzaro: > "Fedora 33 uses systemd-resolved for name resolution. Most users will > not notice any difference, but VPN users will benefit from safer > defaults that ensure DNS requests are sent to the same network that > would receive the corresponding traffic, avoiding unexpected DNS leaks > or failure to resolve internal domains."
I think this is rather misleading. * The change disables protection mechanisms built into corporate VPNs that require them to observe all DNS traffic. Now this may sound rather weak as far as countermeasures go, but DNS-based mechanisms are the only thing you have got if you do not enforce a client-side approach (ugh, no thanks), or disable split tunneling (i.e., default route over the VPN; frequently not possible with current VPN usage levels and virtual company meetings over video link). * There is no real protocol for sharing internal domains, so systemd-resolved cannot know all of them, and resolving some of them will fail or receive unexpected resolution results (probably observable for some jboss.org subdomains for Red Hatters, but I don't work in that area, so I don't have a good example at hand). Thanks, Florian -- Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
