[systemd-devel] systemd-resolved, multi-home DNS resolution, VPNs, and privacy

Tom Gundersen teg at jklm.no
Thu Aug 28 14:29:11 PDT 2014

On Thu, Aug 28, 2014 at 10:08 PM, Josh Triplett <josh at joshtriplett.org> wrote:
> The documentation for systemd-resolved says it sends DNS queries on all
> interfaces.  That seems like a bug for privacy and security reasons: I
> don't necessarily want a query for foo.internalhost.com going anywhere
> other than my VPN for internalhost.com, and if I run a VPN for privacy
> purposes then I don't want *anything* other than the VPN itself to send
> traffic over a non-VPN interface.  Any way we could fix that while
> retaining the "works out of the box" behavior?

Hi Josh,

The idea is to make it possible to lock this down further. I believe
we still lack a few bits before we have everything, but the general
idea is outlined here:
which I think fits with what you are after.



More information about the systemd-devel mailing list