DNS4EU, an EU-based DNS resolution service
50 points by stanislavb 3 weeks ago | 52 comments- JimDabell 3 weeks agoPrevious discussion (76 comments):
- antonkochubey 3 weeks agohttps://ec.europa.eu/info/law/better-regulation/have-your-sa...
Yeah, right. Good timing.
- carlhjerpe 3 weeks agoWhy can't I find there who the idiots putting these shits forwards are? They should be humiliated in media over their tries on government overreach.
- isodev 3 weeks agoIf you open the assessment document, you see the responsible division is HOME.D4 - The Home D4 unit is part of the Directorate-General for Migration and Home Affairs (DG HOME) within the European Commission (D4 focuses on Counter-Terrorism). They have a head of unit [1].
To be clear, the call for feedback happens _before_ a legislative draft is put forward as a proposal. The feedback will be analysed by D4, there will be things like impact assessment and finally the College of Commissioners will create a proposal for the Council and EP to start the usual legislation procedures.
[1] https://op.europa.eu/en/web/who-is-who/organization/-/organi...
PS: I’m not saying they should be shamed, just answering your question who is responsible :)
- MildlySerious 3 weeks agoThey refuse to disclose the authors. [1]
[1] https://www.reddit.com/r/europe/comments/1kvmguc/eu_is_plann...
HN Discussion: https://news.ycombinator.com/item?id=44168134
- isodev 3 weeks ago
- carlhjerpe 3 weeks ago
- halpow 3 weeks ago"Privacy-focused" unless you need privacy from the EU itself. DNS services know every website your computer connects to before HTTPs comes on, so it's rather sensitive.
- ewidar 3 weeks agoDepending how it's implemented it can still be privacy focused (not keeping logs, tracking usage...).
No idea if that's the case, but the two are not necessarily incompatible.
- ninjin 3 weeks agoHere is the policy for their public-facing DNS:
https://142290803.fs1.hubspotusercontent-eu1.net/hubfs/14229...
Read it rather quickly, but looks fine at least on the surface. Sadly, there is no way I would trust anything as sensitive as DNS with the EU given their dreadful record of creeping surveillance.
- MattPalmer1086 3 weeks agoThere aren't many places with stronger privacy and personal data protection legislation than the EU. Switzerland I guess is better.
- protocolture 3 weeks agoTrusting anyone to provide DNS seems silly in this day and age. I wouldnt single out the EU at all.
- ewidar 3 weeks agoI respect that, but I am curious, what DNS do you use?
- pergadad 3 weeks agoThere were many laws on surveillance proposed in the EU context as there are many parties that make proposals. But there's no actual such law in place. And the EU is bound by GDPR and EDPR and actually does a huge circus to respect them, so I'd trust them more than any other party, be it my provider or the mega corps collecting data for ads.
- MattPalmer1086 3 weeks ago
- ninjin 3 weeks ago
- perching_aix 3 weeks agoNon-cPIR databases tend to have that problem indeed, and from what I understand cPIR is not practical. So in the strictest sense, this issue will continue to remain and is not reasonable to expect otherwise.
But if someone here is more involved in private information retrieval tech and the likes & knows different, happy to learn more.
- diggan 3 weeks agoIn the end, with DNS you have to trust someone, your ISP, the DoH host, or wherever you get the records for running your own resolver. It's not a "Do I want privacy yes or no?" but rather "Who do I trust enough to make these requests through?"
Personally, I'd trust an entity that is under GDPR more than one that is not.
- ewidar 3 weeks ago
- zerof1l 3 weeks agoAs an EU citizen, I'm happy that we're starting to have more infra and are less reliant on countries outside of EU. However, I'm skeptical of their "privacy-focused" slogan. Most likely they mean that your data won't leave EU. However, EU itself does a lot of tracking and blocking.
The only true private DNS server is the one you own. It should be a recursive DNS server configured with DNS root zone and DNSSEC. So it would first contact one of the root DNS servers (obtained from ICANN), validate the authenticity of the response ensure it is not tampered with using DNSSEC, and then proceed to call the next server in the chain until the query is fully resolved. Such DNS server would bypass all censorships.
Also nice is that more and more root servers already support DoT meaning that the request and response would be encrypted preventing intermediaries like your ISP from seeing the data.
As a last resort, your DNS server can be hosted outside of the country on a server and then you'd connect to it over DoT or DoH.
- tptacek 3 weeks agoDNSSEC does nothing to prevent DNS censorship, besides maybe, in some rare cases (given how little of the domain space is signed) telling you that it's happening.
- whatevaa 3 weeks agoIf you are the only one connecting to that server, there is no privacy here, you can be easily traced.
- immibis 3 weeks agoFlagged comment said: Depends if you bought your server with Bitcoin. (In which case, remember that your server host will be raided by the gestapo, so make sure you have adequate redundancy)
I suppose I have to elaborate to not get it deleted by moderators. If you bought a server with sufficiently anonymized bitcoins, your connections can be traced to the server but they don't know whose server it is. However, hosting providers that allow people to buy servers with sufficiently anonymized bitcoins tend to be raided by the gestapo because of the other kinds of things that some people like to run on servers bought with sufficiently anonymized bitcoins. So you should have redundancy in place.
- immibis 3 weeks ago[flagged]
- immibis 3 weeks ago
- tptacek 3 weeks ago
- snvzz 3 weeks agoAn EU DNS resolution server, so that the EU can:
- Censor: So they can refuse to solve a name, or solve to whatever address they mandate.
- Log: So that you can get criminally prosecuted for having requested resolution of names at any point in the future.
No thanks. I'll keep my unbound local cache pointed to a tor-based dns-on-tls server.
- nektro 3 weeks agoi'm sure many eu citizens will be happy to have a dns option not reliant on american companies
- MildlySerious 3 weeks agoQuad9 and dns0 are the current "go to" EU options I believe. I would wager that most users of those services would be more wary of an option directly provided by the EU instead of a third party, not less.
- cyberpunk 3 weeks agoWhy don't more people run their own DNS servers? I rigged up a little unbound instance with a cronjob that pumps oisd.nl lists into the config each night and it works perfectly...
- DyslexicAtheist 3 weeks agohow would you protect that server? I'm flippantly assuming you're hosting it on some VPS for which you use a credit card to pay with? depending on the threat-model, that may or may not be a solution.
- cyberpunk 3 weeks agoit runs inside my home network and isn’t exposed to the internet, also on my tailnet.
as for securing an externally available resolver, standard rules apply (disable zone transfers etc)
- cyberpunk 3 weeks ago
- immibis 3 weeks agoMore to the point, why don't operating systems run one by default?
- DyslexicAtheist 3 weeks ago
- perching_aix 3 weeks agoNot exactly a hot topic so I'm not sure why you'd think that. Reminds me to that joke about whether people prefer Windows or something else, and the kick is that "normal people don't talk about operating systems".
- wsc981 3 weeks agoI am not a European citizen anymore, but I was born and raised in The Netherlands, lived there until about 30 years old.
But if I still lived there, I would have more trust in US companies to be honest. I actually use US-based DNS to this day, Cloudflare is my number one choice.
By the way, this is from a comment in a Reddit thread linked in this HN thread:
> they want to sanction unlicensed messaging apps, hosting services and websites that don’t spy on users (and impose criminal penalties)
> mandatory data retention, all your online activity must be tied to your identity
> end of privacy friendly VPN’s and other services
> cooperate with hardware manufacturers to ensure lawful access by design (backdoors for phones and computers)
> And much, much more. And this law isn’t aimed towards big companies, all communication service providers are explicitly in scope no matter how small or open source.
> A mass surveillance law being written by unknown lobbyists behind closed doors, demanding that the EU should monitor the internet more than Russia, being pushed by the EU commission. Should be the biggest news of the decade, but isn’t.
> Also, EU commission (Ursula, Virkkunen, Brunner as the key players) are using the same high level group as a key source in their ProtectEU plan, which is their strategy for 2029 and includes restricting encryption.
Seriously, EU is slowly turning into some communist superstate. And with the technology that exists now, it'll be way easier to control people compared than -say- back in Soviet Russia. EU also don't want people to have much cash at home, will not allow people to get a lot of money from ATM, etc...
- BSDobelix 3 weeks ago>EU is slowly turning into some communist superstate
That's not true!
Communist State's have at least real leaders/parties and a vision for the future. The EU is turning it into a surveillance state in fear from itself (direct?-democracy), fear to take a seat (responsibility) in global matters (France and some others maybe excluded from that that statement) and fear to impose already existing laws (because illegal migration gives us cheap labor aka "modern slavery").
- immibis 3 weeks agoagency in charge of spying on people sends out a proposal "hey we think we should be able to spy on everyone", news at 11.
Seriously, this happens several times a year and always gets rejected by the actual lawmakers.
- wsc981 3 weeks agoA quote from Jean-Claude Juncker who headed the EU Commission in the past:
> We decide on something, leave it lying around, and wait and see what happens. If no one kicks up a fuss, because most people don't understand what has been decided, we continue step by step until there is no turning back.
- wsc981 3 weeks ago
- BSDobelix 3 weeks ago
- MildlySerious 3 weeks ago
- laughing_snyder 3 weeks agoOther european based DNS services: https://european-alternatives.eu/category/public-dns
- jesterson 3 weeks ago[flagged]
- ewidar 3 weeks agoApparently there is an unfiltered option, we'll see what it looks like.
But why the negativity for a project that has value in diversifying a core component of the Internet backbone, and that is completely optional?
- jesterson 3 weeks agoWhere do you see negativity? I just expressed surprise someone would use it, given current situation. If I am wrong and people find it useful - by all means.
- jesterson 3 weeks ago
- whatevermom 3 weeks agoHow and when ?
- Propelloni 3 weeks agoLOL, you need to get out more.
- jesterson 3 weeks agoNext time I'll be in trouble of making a decision I would certainly ask you, but before that happens, its suggested to refrain from giving unsolicited advises.
- jesterson 3 weeks ago
- ewidar 3 weeks ago
- hunglee2 3 weeks agoDigital sovereignty becoming a thing. EU needs to go further - erect its own Great Firewall, protect and nurture EU native tech. 400 million people cannot be dependent on an internet controlled by foreigners
- protocolture 3 weeks agoI dont know about a great firewall, but it certainly needs parallel services.
The problem I have is 2 fold.
1. We need more distributed services and less reliance on that silly country full of absolute dunderheads I am not allowed to be mean to on this service.
2. We ALSO need to safeguard freedom of communication BETWEEN countries, lest a series of bad events leads to a bunch of countries going permanently dark.
The BGP bomb isnt frightening because you might be left without root service nodes, its frightening because there are people in other countries we get great value out of communicating with.
- immibis 3 weeks agoWe need a hierarchical addressing architecture, so when you (in the USA) want to talk to Amazon you say "talk to Amazon" but when I (in an oppressive regime) want to talk to Amazon I say "talk to Tor gateway, tell him to talk to Timbuktu exit node, tell him to talk to America, tell him to talk to Amazon"
We have something like this with phone numbers (dial 9 for outside line) and domains but not with IP addresses. The "internet" used to have it with bang paths.
Flat addressing is very good and convenient, but political turmoil easily destroys it, as Russia has already seen and the US is about to see.
(Cryptographic flat addresses don't suffer political problems but have different problems with scalability)
It would solve NAT, too.
- protocolture 3 weeks ago>We need a hierarchical addressing architecture
As much as I love ENS I didnt propose a flat structure. I just think we can have our cake (hierarchies) and eat it to (Not have the yanks at the top/root of those heirarchies)
- protocolture 3 weeks ago
- hunglee2 3 weeks agoI've come to believe that a great firewall is the only way parallel services might emerge, EU should've done this in mid 2000's
- immibis 3 weeks ago
- carlhjerpe 3 weeks agoNot that it's entirely related, but there are a lot of countries from Europe which are very high on the "Freedom house" score.
https://freedomhouse.org/country/scores
I'd say most of my privacy is being invaded by US companies, I can trust my insurance company isn't buying health data through third parties about me and such.
- protocolture 3 weeks agoAustralia needs to be way lower on that net score.
The Access and Assistance bill lets government ministers compel companies to create backdoors verbally with no recourse. Jailtime if they let anyone know about the backdoor. Including legal representation.
The bill was meant to be amended but no one will touch it, its radioactive.
It inspired the UK NZ and Canada to similar arrangements from memory.
Yes corporations making a buck off your user data is bad but I am much more afraid of what government can do with it.
- protocolture 3 weeks ago
- philprx 3 weeks agoYou're advocating for going the way of dystopian china?
Gee... Those who trade privacy for security will get neither (and deserve none?)
- hunglee2 3 weeks agoChina is the only country that has internet sovereignty, quite essential for national sovereignty
- hunglee2 3 weeks ago
- sunaookami 3 weeks agoNot sure if irony but they are certainly interested in a Great Firewall: https://diginomica.com/eu-policy-doc-recommends-building-eur...
https://www.europarl.europa.eu/RegData/etudes/STUD/2020/6487... (page 12)
- protocolture 3 weeks ago