Join GitHub today
Don't fallback to Google DNS #8782
systemd version the issue has been seen with
Leaking private data to Google when the user doesn't even know about it, is the Windows way.
See these discussions:
Google NTP service should also be removed from the default configuration for the same privacy reasons, though it has much lower impact than directing all DNS queries to Google. Google DNS is completely unacceptable.
This is about NTP, not DNS. Default DNS can already be easily replaced at compile time.
Do keep in mind that, unlike DNS, NTP would probably stay the default for most systems... which means redirecting a large amount of requests towards whoever becomes the default. So whoever is selected needs to have the capacity to support whatever trafic this change redirects...
The main concern not in the choice of default option, but in its existence. Having a fallback option means hiding the occurred misconfiguration from the user and giving him a false confidence of safety.
No, they are better, because local providers have much less power than a global corporation. This is very poor, but a kind of decentralization.
If I configure my very secure and trusted DNS on a router and then advertise it throught DHCP, I'll face the same issue:
I can try to disable numerous spying services in Windows 10 as well. But why I need to do it?
There must be no such features in the default configuration, because rare user would bother finding them all before running the system. And what if I just forget to disable
One fixed default can be replaced by a random choice from a long list: https://support.ntp.org/bin/view/Servers/WebHome#Browsing_the_Lists.
Which servers are used (or any at all) as a fallback is a compile-time as well as a runtime option. If you don't like the upstream defaults, then please work with downstream to pick different options or make the choices locally in your configuration files.
We think it's very much in the interest of users to make things "just work", but we are fully aware that downstreams and users might want to make different choices there, hence it's configurable at every level. From upstream we just default to good, working defaults.
Hence, please tlak you your distro, or just use FallbackDNS= in resolved.conf to adjust things to whatever you like. In either case it doesn't matter what upstream does there...
Thank you for understanding.