Building trust in European DNS resolvers

Jun 29, 2021

OX-Blog-European-DNS-resolvers

Open-Xchange recently announced its support for the European Resolver Policy, an industry initiative to provide more transparency and reliability around the operation of DNS resolvers in Europe.

DNS resolvers are a core component of any internet access service; they come into play whenever a user tries to access a website or a server, as their device needs to convert the address or server name into an IP address and thus a location on the network.

If the DNS resolution is not secure, it could be used as a vector for attacks, for example leading the user to fake versions of the intended website that could be used for phishing. Smart DNS resolvers can also apply filters that block connections towards unsafe websites, such as botnet command and control servers, or, if the user so wishes, websites that are unsafe for family use. In addition, a DNS resolver is a potential point of tracking for profiling; privacy and data protection are extremely important.

Until now, users did not have a standard way to know what their DNS resolver is doing, whether it employs encryption, who is processing their data and for what purposes. Users needed to trust the service operator and the best they could do was look for hard-to-read legal terms and conditions somewhere on a website.

To address this, the European Resolver Policy establishes two important requirements for resolver operators:

  1. The adoption of best practice guidelines, in terms of security, privacy and reliability of the service;
  2. The documentation of the resolver’s practices and features in a standard “transparency statement” that can be made available to end-users.

Open-Xchange supports the initiative and will provide the transparency statement for any stable public resolver service that might be offered to the public in the future. We are glad to share this support with other well-known industry players, such as the public resolver Quad9 and operators of security filters like AdGuard and DNSFilter.

We hope that more operators will adopt this policy as a way to help their users increase the trust they have in DNS services made in Europe.

About the author

Vittorio Bertola

Vittorio Bertola

Head of Policy & Innovation

Related Articles

Interview with John Todd on Quad9’s privacy-oriented global DNS...

Quad9 uses PowerDNS to provide a worldwide encrypted DNS Service, a privacy-friendly public DNS resolving service for...

Oliver Michler 09/3/21

DNS: the solution to online security and control

Internet service providers all aim to provide fast and reliable access. With the growing importance of the Internet and the...

Alexander ter Haar 09/6/18

IoT security is not A-OK

Everyone knows that the internet can be a dangerous place. Phishing continues to increase in volume and effectiveness,...

Neil Cook 08/5/18