ryantimwilson / rpms / systemd

Forked from rpms/systemd a month ago
Clone

14b2fa resolve: remove the fallback dns server list

Authored and Committed by Zbigniew Jędrzejewski-Szmek 4 years ago
    resolve: remove the fallback dns server list
    
    DNS questions (which necessarilly include IP addresses) are personally
    indentifying information in the sense of GDPR
    (https://gdpr.eu/eu-gdpr-personal-data/ explicitly lists IP address as
    PII). Sending those packets to Google or Cloudflare is "forwarding"
    this PII to them. GDPR says that information which is not enough to
    identify individuals still needs to be protected because it may be
    combined with other information or processed with improved technology
    later. So even though the information in DNS alone it not very big, it
    may be interpreted as protected information in various scenarios.
    
    When Fedora is installed by an end-user, they must have the reasonable
    expectation that Fedora will contant Fedora servers for updates and
    status checks and such. But the case of DNS packets is different,
    because the dns servers are not under our control. While most of the
    time the information leak through DNS is negligible, we can't rule out
    scenarios where it could be considered more important.
    
    Another thing to consider is that ISP and other local internet access
    mechanisms are probably worse overall for privacy compared to google and
    cloudflare dns servers. Nevertheless, they are more obvious to users and
    fit better in the regulatory framework, because there are local laws
    that govern them and implicitic or explicit agreements for their use.
    Whereas US-based servers are foreign and are covered by different rules.
    
    The fallback DNS servers don't matter most of the time because
    NetworkManager will include the servers from a DHCP lease. So
    hopefully users will not see any effect from the change done in this
    patch. Right now I think it is better to avoid the legal and privacy
    risk. If it turns out this change causes noticable problems, we might
    want to reconsider. In particular we could use the fallback servers
    only in containers and such which are not "personal" machines and there
    is no particular person attached to them.
    
    https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/3C4KESHIMZDB6XCFO4EOBEDV4Q2AVVQ5/
    
    I think we could provide a default dns server list more reasonably if
    there was some kind of privacy policy published by Fedora and users
    could at least learn about those defaults. Sadly, we don't have any
    relevant privacy policy (https://pagure.io/Fedora-Council/tickets/issue/53).
    
        
file modified
+2 -0