[bahjoite]

> The "Switching to fallback DNS server 8.8.8.8." message indicates that you have no DNS servers configured at all, in which case resolved will use compiled-in fallback servers because it tries hard to just work also if you have a locally misconfigured system

It's good to have the knowledge that Google servers are compiled-in to resolved.

[geofft]

They're "compiled in" in the sense that they're the upstream default - people are generally expected to use systemd from a Linux distro, and distributors are expected to patch this to some appropriate default (or patch out the fallback entirely, if your distro would prefer your users get no DNS to Google DNS, which seems like a defensible decision to make). There are no upstream binary releases. 8.8.8.8 is as reasonable as anything else for someone running `make` on the upstream sources and hacking on things; it's probably not a great default for a downstream distributor.

[bahjoite]

The relevant option to change is "dns-servers" at https://github.com/systemd/systemd/blob/master/meson_options...

[hedora]

Heh. The line above the one you highlight makes dnssec vulnerable to MITM attacks by default. Nice.

(Also, the one below points at more Google infrastructure...)

[TheDong]

That's a link to master. For future reference, here's a stable link which will not rot away over time:

https://github.com/systemd/systemd/blob/v234/meson_options.t...

Already the line numbers are slightly different

[jetpks]

I guess it's time to null route 8.8.8.8 and 8.8.4.4 on my networks.