The EU wants to build its own DNS resolver called “DNS4EU.”
The European Commission published a call for proposals that included details about the government-run DNS resolver on January 12, 2022. The call for proposals contained more than enough information to predict the direction of this project. But their goals are straightforward enough.
The deployment of DNS4EU aims to address such consolidation of DNS resolution in the hands of a few companies, which renders the resolution process itself vulnerable in case of significant events affecting one major provider.
They actually published the plans for the DNS resolver in December 2020 as a part of the “EU’s Cybersecurity Strategy for the Digital Decade.” The 2020 document contains much of the same language:
“[P]eople and organizations in the EU increasingly rely on a few public DNS resolvers operated by non-EU entities. Such consolidation of DNS resolution in the hands of a few companies renders the resolution process itself vulnerable in case of significant events affecting one major provider and makes it more difficult for EU authorities to address possible malicious cyberattacks and major geopolitical and technical incidents.”
The call for proposals listed the project requirements. Most of the requirements are standard. The concept of feature parity comes to mind. At the site, the list of requirements includes a short description of the requirement. Since the majority of the features are not interesting to me, I will simply include a concise summary instead of the entire requirement’s description.
- High adoption rate through targetting the entire EU as a customer base;
- High reliability and uptime, as well as low latency of DNS resolution;
- Broad accessibility (low barrier of entry);
- “Widely discoverable” by users and services;
- Opt-in paid premium services for enhanced security;
- Opt-in and fully transparent parental control filtering services;
- To include the “latest DNS security and privacy-enhancing technologies”;
- GDPR compliant;
- A federated infrastructure spread throughout the EU
- “State-of-the-art protection against cybersecurity threats by blocking malware, phishing and other threats”;
- To include DoT and DoH and be fully IPv6 compliant;
- No monetization of personal data
And you knew it was coming:
- “Lawful filtering: Filtering of URLs leading to illegal content based on legal requirements applicable in the EU or national jurisdictions (e.g. based on court orders), in full compliance with EU rules.”
This seems like a pointless exercise on its own. Perhaps they will introduce legislation that requires people to obtain a license to change their DNS resolver? How silly.
TorrentFreak pointed to an oddity. “[I]t will offer better security options for “customers” who pay, which seems strange for a government-backed service.”
I can’t envision a world where people voluntarily switch to an (openly) state-controlled DNS resolver. The existence of premium options makes me think that individuals might not actually be the targeted userbase here. Would a large corporation pay the government to do the DNS thing? Probably.
Very boring: The EU’s Cybersecurity Strategy for the Digital Decade (pdf)