The Domain Name System has been an essential component of the Internet since the mid-eighties.
DNS resolvers make it possible to map a human-readable domain name to an IP-address, so a website or service can be easily located. Older people also call it the Internet’s phone book.
Nowadays, there are several large DNS resolvers. Many ISPs operate their own but third-party DNS services are very popular too. The most used third-party options include Google, Cloudflare, OpenDNS and Norton, which are all US-based. This large foreign footprint has the EU worried.
To offer some balance to the American dominance in the DNS industry, Europe is proposing its own alternative titled DNS4EU. Last week the European Commission published a call for proposals, which also describes in detail what features the government-controlled DNS resolver should offer.
The project overview makes it clear that DNS4EU is meant to protect the privacy of end-users and keep them secure.
“DNS4EU shall offer a high level of resilience, global and EU-specific cybersecurity protection, data protection and privacy according to EU rules, ensure that DNS resolution data are processed in Europe and personal data are not monetised,” the EU writes in its overview.
In addition to serving individuals directly, the resolver will also be available to Internet backbone networks that handle traffic in, from, and to Europe. These backbones are part of global traffic routes which means that millions of people could potentially be impacted.
Many of the proposed DNS4EU features aim to protect EU citizens. For example, the DSN resolver is not allowed to monetize user data and has to comply with applicable privacy regulations including the GDPR.
At the same time, there is also a heavy focus on filtering. DNS4U should help to block malware and phishing, for example, and protect against other cybersecurity threats. These are quite common features for DNS services nowadays.
Blocking Unlawful Traffic
The EU initiative goes a step further though. While details are scarce at this early stage, the language in the official documentation suggests that “illegal content” could be blocked as well.
“Filtering of URLs leading to illegal content based on legal requirements applicable in the EU or in national jurisdictions (e.g. based on court orders), in full compliance with EU rules.”
The above suggests that pirate sites can be blocked by DNS4EU as well, if there’s an applicable court order. These sites will then be blocked for all users in the region. At the same time, it could also affect traffic that passes through the Internet backbones that use the DNS resolver.
Without knowing the full technical setup we’re cautious not to draw strong conclusions. That said, backbones generally operate across borders and continents, so potential overblocking is a serious concern.
The project overview stresses that filtering and blocking measures should be in line with national rules so we assume that the DNS resolver may treat traffic from individual member states differently if needed.
Patrick Breyer, Member of the European Parliament (MEP) for the Pirate Party, believes that the project is unnecessary. The current DNS solutions work fine and adding government-run filtering and blocking tools is dangerous.
“A government-run DSA scheme comes with the risk of online censorship,” Breyer tells TorrentFreak, while adding that DNS blocking itself is easily circumvented.
“Access blocking leaves content online and therefore can easily be circumvented and often results in overblocking and collateral suppression of legal speech hosted on the same website, by the same provider or via the same network.”
This type of collateral damage is not just hypothetical. Breyer notes that, in 2020, the public domain library Project Gutenberg was blocked in its entirety in Italy because some content allegedly violated local laws.
That blocking won’t always stop at borders is also well known. In 2017, several websites were blocked around the world because Internet backbone provider Cogent blackholed several Cloudflare IP-addresses in response to an Italian court order.
According to Breyer, infringing content should be removed, not blocked. Otherwise, there’s always the risk of overblocking.
“Illegal content should be removed where it is hosted,” Breyer says, adding that this is why the civil liberties committee will ask the European Parliament to scrap blocking orders from the Digital Services Act.
The DNS4EU also raises other issues. For example, it will offer better security options for “customers” who pay, which seems strange for a government-backed service.
As said before, the project is still in its early stages and a lot of details have yet to be fleshed out.
According to Breyer, this DNS solution shouldn’t turn into a “Chinese-style Euro-Net.” It’s important that people are aware of these plans and that they are amended where needed, in order to maintain an open Internet.