European Commission wants a DNS built and offered by the EU
On the surface, browsing the web appears to be quite a simple process. Behind the scenes, after you type a URL in your device’s address bar, your device sends a query to a Domain Name Server (DNS) to translate the URL to a machine-readable IP address. Once your device receives the corresponding IP address, it opens the website. There are lots of reasons a user may wish to set a custom DNS on their smartphone; be it to avoid content filtering, for privacy, or for any other reason, and services like Google and Cloudflare offer their own DNS. Now, though, the European Health and Digital Executive Agency (HaDEA) has proposed a DNS infrastructure built and offered by the EU, dubbed DNS4EU.
In the DNS4EU infrastructure project (spotted by The Record), it says that “The deployment of DNS4EU aims to address such consolidation of DNS resolution in the hands of few companies, which renders the resolution process itself vulnerable in case of significant events affecting one major provider.” While it’s true that many DNS providers are based outside of the EU, the project page also outlines that the EU wants to launch DNS4EU for cybersecurity and data privacy reasons. The European Commission outlined the need for a sovereign DNS in December.
DNS4EU would also filter illegal content hosted on dangerous domains, such as malware, phishing sites, and other cybersecurity threats. Websites barred by court orders could also be added to the filter. DNS4EU would also need to completely comply with GDPR, ensuring that data is processed in Europe, and personal data cannot be sold or monetized.
As for technical details, the document says that “service infrastructure shall conform to the latest security and privacy-enhancing standards (e.g. HTTPS, DNSSEC), including DNS encryption (e.g. DNS over TLS (DoT) and DoH) and be fully IPv6 compliant.” DNS-over-TLS (DoT) or DNS-over-HTTPS (DoH) are private DNS standards that ensure your DNS requests are encrypted. Many popular DNS servers, like Google Public DNS, NextDNS, and Cloudflare, support both DoT and DoH standards. Android 12 currently only natively supports DoT, but support for DoH is also being added in Android 13.
It does not appear that the EU intends on making this DNS infrastructure mandatory for use in the EU, as it has said that guides will be made available for users to configure it on their own devices “via a dedicated website under a clearly branded URL”. It also doesn’t appear to be an entirely public service, as there will be “premium services for enhanced security (e.g. ad hoc filtering, monitoring, 24×7 support), tailored to specific sectorial needs”.