Building trust in European DNS resolvers

Jun 29, 2021

OX-Blog-European-DNS-resolvers

Open-Xchange recently announced its support for the European Resolver Policy, an industry initiative to provide more transparency and reliability around the operation of DNS resolvers in Europe.

DNS resolvers are a core component of any internet access service; they come into play whenever a user tries to access a website or a server, as their device needs to convert the address or server name into an IP address and thus a location on the network.

If the DNS resolution is not secure, it could be used as a vector for attacks, for example leading the user to fake versions of the intended website that could be used for phishing. Smart DNS resolvers can also apply filters that block connections towards unsafe websites, such as botnet command and control servers, or, if the user so wishes, websites that are unsafe for family use. In addition, a DNS resolver is a potential point of tracking for profiling; privacy and data protection are extremely important.

Until now, users did not have a standard way to know what their DNS resolver is doing, whether it employs encryption, who is processing their data and for what purposes. Users needed to trust the service operator and the best they could do was look for hard-to-read legal terms and conditions somewhere on a website.

To address this, the European Resolver Policy establishes two important requirements for resolver operators:

  1. The adoption of best practice guidelines, in terms of security, privacy and reliability of the service;
  2. The documentation of the resolver’s practices and features in a standard “transparency statement” that can be made available to end-users.

Open-Xchange supports the initiative and will provide the transparency statement for any stable public resolver service that might be offered to the public in the future. We are glad to share this support with other well-known industry players, such as the public resolver Quad9 and operators of security filters like AdGuard and DNSFilter.

We hope that more operators will adopt this policy as a way to help their users increase the trust they have in DNS services made in Europe.

About this article

About the Author

Vittorio Bertola

Vittorio Bertola

Head of Policy & Innovation

Share this article