Am 01.10.20 um 19:36 schrieb Simo Sorce: > That said, > if it really is an internal DNS and there are strong policies around it > I assume that the perimeter or the local machine firewall will be > configured to block UDP packets to port 53 to any other external > servers ... > > This leaves out only some machines or some cases where a > misconfiguration may cause this fallback to kick in. The occurrence is > probably rare enough not to be a problem in practice at least from the > pov of GDPR. you know, that you contradict yourself here? :)
If the corp has blocked port 53 except for the internal dns server, how should the fallback packet get out? I think, it's not important how often the default is used, it's the fact that it's hidden and therefor surprising for the corp itself, which makes it even more risky to run the os, than it's worth giving ( or in your example not to give ) the 0.1% a fallback answere. IRL admins who know about it, as we all do now, we can avoid the problem. But for a company, which has to justify the surprising result of a DP audit, it will not be an easy talk with the dp buero. Just for the lols, I will ask our highest federal dp advocate tomorrow, what he thinks about this. Best regards, Marius _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
