As a part of its Cybersecurity strategy for digital decade, European commission published a joint communication about its intentions to work on improving the DNS infrastructure for internet in the European regions. This was news back in 2000. Well, it is getting real, EU recently took the next steps forwad. Last week, commission has published a tender for “Equipping backbone networks with high-performance and secure DNS resolution infrastructures works” named DNS4EU.
What is DNS4EU?
DNS4EU is a project lead by European Commission to build a unified DNS Resolver infrastructure for the member states of European Union.
The Commission plans to offer this dependable infrastructure specially for serving socio-economic drivers, public, corporate and residential internet end-users in the EU, and offering very high reliability and protection against global cybersecurity threats and those specific to the EU (e.g. phishing in EU languages).
What is a DNS Resolver?
A DNS (Domain Name System) resolver, also known as a resolver, is a server on the Internet that converts domain names into IP addresses. Imagine it to be similar to a look-up table which resolves domain name to its current IP address.
When you use the Internet, every time you connect to a website using its domain name (such as “cybermetrics.eu”), your web-browser needs to know that website’s IP address. So your computer contacts a DNS resolver, and gets the current IP address of cybermetrics.eu. Usually, the resolver is one part of a larger decentralized DNS. When you send your request to the DNS resolver, the resolver accesses other servers in the DNS table to obtain the address, then sends you the response.
Why DNS4EU?
There are many reasons, but besides all, this improves privacy and data protection rights.
EU sees DNS4EU as a key policy action announced in the 2020 “Joint Communication: The EU’s Cybersecurity Strategy for the Digital Decade”. Such a critical service infrastructure is currently not available at European level with the level of performance, resilience, security and privacy envisaged, and the market will not invest in it alone given the lack of a business case (DNS resolution is normally provided for free).
As stated the EU’s Cybersecurity Strategy, citizens and organisations in the EU increasingly rely on a few public DNS resolvers operated by non-EU entities. The deployment of DNS4EU aims to address such consolidation of DNS resolution in the hands of few companies, which renders the resolution process itself vulnerable in case of significant events affecting one major provider. Moreover the lack of significant EU investment in the field hampers the development of infrastructures that favour the detection and filtering of local cyber-threats that nonetheless could have significant socio-economic impacts. In addition, the processing of DNS data can have an impact on privacy and data protection rights.
The Commission will also, in liaison with Member States and industry, accelerate the uptake of key internet standards including IPv6 and well-established internet security standards and good practices for DNS, routing, and email security.
DNS4EU to include powerful filtering capabilities
The EU said that DNS4EU would come with built-in filtering capabilities that will be able to block DNS name resolutions for bad domains, such as those hosting malware, phishing sites, or other cybersecurity threats. This filtering capability would be built using threat intelligence feeds provided by trusted partners, such as national CERT teams, and could be used to defend organizations across Europe from common malicious threats.
It is unclear if DNS4EU usage would be mandatory for all EU or national government organizations, but if so, it would grant organizations like CERT-EU more power and the agility it needs to block cyber-attacks as soon as they are detected. In addition, EU officials also want to use DNS4EU’s filtering system to also block access to other types of prohibited content, which they say could be done based on court orders. While officials didn’t go into details, this most likely refers to domains showing child sexual abuse materials and copyright-infringing (pirated) content.
The EU said the proposed DNS4EU system would also have to comply with all data processing laws, such as the GDPR, ensure that domain name resolution data is processed in Europe, and prohibit the sale or monetization of any personal data. As for the technical details, DNS4EU would also have to support all modern DNS standards and technologies, such as DNSSEC, DoT, DoH, and also be IPv6 compliant.
Once launched, officials said the service would be available to anyone, including the private sector and home consumers, and not just for public institutions. The company or companies that will be selected to build DNS4EU will also be tasked with creating and running a website with instructions on how users could modify their devices’ DNS settings to use DNS4EU servers for name resolutions.
If you like our posts, please feel free to support us by commenting below, and share with your connections on LinkedIn. You can subscribe to our posts too.
