Simon Hobson writes:
For the rest of us, if we have no DNS servers in resolv.conf
then we expect the system to respect that and not do DNS
resolution. That is the **ONLY** correct behaviour.
What is absolutely, 100%, not acceptable behaviour is what's
been done - to silently do something that no sane admin would
expect, and many people have objections to doing. Even worse is
when there isn't a mechanism for turning this off.
You can also make a similar argument that if the software requests DNS
lookups and nothing's been firewalled, then the **ONLY** correct behaviour
is to fulfil the request.
There is a contradiction here. An operation is requested and configured to
be available in the firewall, but configuration blocks it elsewhere.
Calling any particular behaviour a 100% solution is IMO naïve.
Arnt
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
