Beiträge von administrator32

The problem we have is that most people have no idea how one's privacy is compromised by little unpublished/under-published "software quirks" like this and they are not understood by most people. I would recommended all freedom loving people pay attention to things like this and educate yourself if necessary.

In my case, I route everything through a trusted VPN. I don't care if I'm studying basket weaving I don't want a lifelong record of every website I have ever visited stored at goggle or anywhere else.

So getting back to this little DNS quirk in Armbian, that little trick would, if I didn't have firewall rules in place to block it, have sent all the DNS requests originating from OMV computer to a commercial DNS provided (clouldflare) who would have stored it for I don't know how long and shared/sold/turned it over to whomever without me ever knowing about it thinking I was using my trusted VPN DNS servers provided by my DCHP configuration. Black mark for Armbian in my book.

Most people forget about DNS requests when they think about privacy. Recording your DNS requests make a nice concise record of everywhere you visited, from where you connected, along with the date and time. This is called a DNS leak!

For anybody that's interested in this I've found the following file in /etc/resolvconf/resolv.conf.d/head. This file has the offending server 1.1.1.1 in it as the only entry. The name of the file is "head" like in first place. I deleted the line in the file and rebooted. Now 1.1.1.1 is no longer listed first or at all in resolv.conf. I don't know if this will last but indeed it does look like an Armbian thing. I do not like it at all.

Thanks for that. I'll look at the readme file. I for one would vote for no updates until requested by the user.

But what about overriding the DHCP DNS addresses (DNS leak)? I don't like that. It has permanently set 1.1.1.1 as the first DNS server checked and you can't get rid of it.

Odroid HC-2 install. Noticed right after first boot OMV tried to circumvent my DHCP supplied DNS servers by putting 1.1.1.1 at top of resolve.conf (constantly rewrites to ensure that 1.1.1.1 is always the first DNS server) and then tried to contact multiple Internet servers. I did not request any system updates. Does anybody know the purpose of all this? Firewall log attached.