Building trust in European DNS resolvers

Jun 29, 2021

OX-Blog-European-DNS-resolvers

Open-Xchange recently announced its support for the European Resolver Policy, an industry initiative to provide more transparency and reliability around the operation of DNS resolvers in Europe.

DNS resolvers are a core component of any internet access service; they come into play whenever a user tries to access a website or a server, as their device needs to convert the address or server name into an IP address and thus a location on the network.

If the DNS resolution is not secure, it could be used as a vector for attacks, for example leading the user to fake versions of the intended website that could be used for phishing. Smart DNS resolvers can also apply filters that block connections towards unsafe websites, such as botnet command and control servers, or, if the user so wishes, websites that are unsafe for family use. In addition, a DNS resolver is a potential point of tracking for profiling; privacy and data protection are extremely important.

Until now, users did not have a standard way to know what their DNS resolver is doing, whether it employs encryption, who is processing their data and for what purposes. Users needed to trust the service operator and the best they could do was look for hard-to-read legal terms and conditions somewhere on a website.

To address this, the European Resolver Policy establishes two important requirements for resolver operators:

  1. The adoption of best practice guidelines, in terms of security, privacy and reliability of the service;
  2. The documentation of the resolver’s practices and features in a standard “transparency statement” that can be made available to end-users.

Open-Xchange supports the initiative and will provide the transparency statement for any stable public resolver service that might be offered to the public in the future. We are glad to share this support with other well-known industry players, such as the public resolver Quad9 and operators of security filters like AdGuard and DNSFilter.

We hope that more operators will adopt this policy as a way to help their users increase the trust they have in DNS services made in Europe.

About the author

Vittorio Bertola

Vittorio Bertola

Head of Policy & Innovation

Categories

Related Articles

Customer Focus: Yvan Knapp, Chief Strategy Officer at Hostpoint

Hostpoint has been shaping the internet in Switzerland since 2001 and is now the country’s largest web hosting provider and...

Chris Holder Oct 5, 2023

PowerDNS brings encrypted DNS capabilities onto routers for the...

Helps protect confidentiality and integrity of traffic in the first mile CPE (customer premise equipment) manufacturers,...

Chris Holder Jul 5, 2023

DNSdist as a router-ready solution

As you might have read, with the release of DNSdist 1.8, PowerDNS brings DNS encryption with DNS over TLS (DoT) and DNS over...

Bob Brandt Apr 12, 2023

Production-ready PowerDNS Cloud Control available

DNS is one of the vital components of the internet, invisibly making the internet work for everyone for almost four decades....

Alexander ter Haar Dec 5, 2022