The EU is interested in building its own recursive DNS service, which will be freely available to EU institutions and the public.
proposed service, named DNS4EU, is currently in the project planning stage, and the EU is looking for partners to help build a vast infrastructure to serve all of its existing 27 member states.
EU officials said they started working on an EU-based centrally managed DNS service after observing consolidation in the DNS market around a small number of non-EU operators.
“The deployment of DNS4EU is designed to address this consolidation of DNS resolution in the hands of a small number of companies, which leaves the resolution process itself vulnerable in the event of a major incident affecting one major provider,” officials said in a statement. DNS4EU Infrastructure Project Revealed last week.
But EU officials say other factors also played a role in their decision to create DNS4EU, including cybersecurity and data privacy.
DNS4EU includes powerful filtering capabilities
The EU says DNS4EU will feature built-in filtering capable of blocking DNS name resolution for malicious domains, such as those hosting malware, phishing sites or other cybersecurity threats.
This filtering capability will be built using threat intelligence feeds from trusted partners, such as national CERT teams, and can be used to protect organizations across Europe from common malicious threats.
It is unclear whether DNS4EU will be mandatory for all EU or national government organisations, but if so, it would give organisations such as CERT-EU more power and agility to stop cyberattacks once they are detected.
In addition, EU officials want to use DNS4EU’s filtering system to block access to other types of prohibited content, which they say can be done under a court order. Although officials did not elaborate, this is likely to refer to domains displaying child sexual abuse material and copyright-infringing (piracy) content.
The EU said the proposed DNS4EU system would also have to comply with all data processing laws, such as the GDPR, ensure that domain name resolution data is processed in Europe, and prohibit the sale or monetization of any personal data.
As for the technical details, DNS4EU must also support all modern DNS standards and technologies, such as DNSSEC, DoT, DoH, and also be compatible with IPv6.
Once launched, the service will be available to anyone, including the private sector and household consumers, not just public institutions, officials said.
The company that will be selected to build DNS4EU will also be responsible for creating and running a website with instructions on how users can modify their device’s DNS settings to use DNS4EU servers for name resolution.
Commendable effort, but success will depend on many factors
“I think this is a necessary move in a digital sovereignty strategy: Europeans should always have the option of a free EU-based public resolver as an alternative to Google’s current dominant service and other similar non-EU services,” Vittorio Bertola, the director of policy and innovation at Open-Xchange, a company that provides email and DNS services, told record in an email today.
“If Google’s services are not available in Europe for any reason, those who currently use it should immediately find an alternative; furthermore, given the CLOUD Act and the recent ruling on EU-US data exports, for many companies, especially public bodies, In the GDPR compliance terms, it becomes impossible to use any service owned by a non-EU business group,” Bertola added.
“Even if most users generally continue to use other services, the existence of effective alternatives is already an important achievement and safety net for Europe.”
However, Bertola also questioned how DNS4EU will sustain itself in the long term, as the service has been banned from monetizing any of its user data and European network operators will have no incentive to promote the service as it will eventually be phased out. part of their profits.
“Another important topic is compliance. Global resolvers claim not to be subject to any country blocking orders in Europe (for example against The Pirate Bay or SciHub); in fact, being able to access illegal websites is the point where users abandon their local ISP’s resolvers and turn to One of the strongest drivers of global service abroad,” Bertola said.
“However, the European service will not be able to ignore this problem,” he said.
“All in all, the committee’s efforts are commendable and many players will certainly consider bidding, but whether they will actually do so, and whether this will make a long-term change, will depend on several factors that still need to be understood.”
