[cremp]

Discovered this Fun fact last night; the systemd resolver since V242, used cloudflare as a fallback DNS. [0] The fallback has been Google and quad9.

In theory (haven't tested it,) this means that even if I give 0 DNS servers on a DHCP request, and I ignore any DNS requests to the gateway (if I wanted a machine totally unable to resolve) I can't do that because a distro choice to use the systemd resolver.

[0] https://github.com/systemd/systemd/blob/master/NEWS#L751

[LinuxBender]

This is going to create a lot of noise (firewall drops) in networks where Linux is expected to be isolated. Many companies do this and many of those companies will start seeing alerts in their security operations centers. I am curious how most of them will respond.

[heavyset_go]

It's trivial to disable the systemd resolver or change the fallback DNS servers to something other than Cloudflare.

[LinuxBender]

Agreed, but people tend to not customize settings proactively. I usually see reactive changes. More often than not, people don't even know these changes to the base OS are occurring.

[Fnoord]

I get why you'd want to avoid Google, but why Cloudflare over Quad9?