Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
EU Privacy The Internet

EU Wants To Build Its Own DNS Infrastructure With Built-in Filtering Capabilities (therecord.media) 57

The European Union is interested in building its own recursive DNS service that will be made available to EU institutions and the general public for free. From a report: The proposed service, named DNS4EU, is currently in a project planning phase, and the EU is looking for partners to help build a sprawling infrastructure to serve all its current 27 member states. EU officials said they started looking into an EU-based centrally-managed DNS service after observing consolidation in the DNS market around a small handful of non-EU operators. "The deployment of DNS4EU aims to address such consolidation of DNS resolution in the hands of few companies, which renders the resolution process itself vulnerable in case of significant events affecting one major provider," officials said in the DNS4EU infrastructure project revealed last week. But EU officials said that other factors also played a role in their decision to build DNS4EU, including cybersecurity and data privacy.
This discussion has been archived. No new comments can be posted.

EU Wants To Build Its Own DNS Infrastructure With Built-in Filtering Capabilities

Comments Filter:
  • The more crap... (Score:5, Insightful)

    by Puls4r ( 724907 ) on Wednesday January 19, 2022 @01:20PM (#62188353)
    That you build into what is supposed to be a basic communications setup, the more easily it will break and be hacked. It's a simple law of nature. The current version of DNS is still being improved and fixes implemented. But OH SHINY LOOK OVER HERE blah blah blah censor you blah blah.
    • Re: (Score:1, Insightful)

      by sabri ( 584428 )

      But OH SHINY LOOK OVER HERE blah blah blah censor you blah blah.

      Exactly. First, it starts off at "look what we built, for the community".

      Then it will be: "We'll filter bad things, you know, to protect the children"

      Then it will be: "We'll make this mandatory for children, no worries, adults can still choose"

      Then it will be: "This is mandatory now, for everyone. DeMoCRaCy"

      Fuck the EUSSR.

      • STANDARD (supposed) SECURITY CRACKDOWN ARTICLE FORM REPLY

        We are headed for a one world fascist government, and this article shows another piece of what's coming together.

        You won't even be considered a human being anymore, instead just a 'unit', with a police identification number to identify you. You will be a forever suspect, a potential enemy of the 'state', and they will constantly watch for any little thing to hang you for. They will always be hungry for your blood.

        People l

    • That you build into what is supposed to be a basic communications setup, the more easily it will break and be hacked. It's a simple law of nature. The current version of DNS is still being improved and fixes implemented. But OH SHINY LOOK OVER HERE blah blah blah censor you blah blah.

      Sure, it will be trivial to sidestep. For the 1% of population which are computer nerds and even know what DNS *is*. The other 99%? No news portals unapproved by EU overlords.

      • by Saffaya ( 702234 )

        Some people might think you are exagerating, but you are not.
        For several years now, being in EU, I had to change the DNS settings from my ISP to something else, as it didn't want me to see the drawings at (triangle)complex.
        Sigh.

    • by gweihir ( 88907 )

      Well, the surveillance-fascists try and try and try again. Until they have an accurate record of any and all thoughts of every citizens, they will never be satisfied. Fortunately, this project is so obscure, I have not even seen it mentioned in the European press so far.

    • by AmiMoJo ( 196126 )

      DNS blocking of malware and phishing sites is very mature now. Many ISPs do it, many users do it (thanks to APK I guess). What they are proposing will be of interest to many organizations and individuals in the EU, who want a simple DNS based protection system that is free and reliable.

      The pirate site blocking is worrying, but again most orgs and users don't actually care about that.

  • by nisse-j ( 1044566 ) on Wednesday January 19, 2022 @01:25PM (#62188379)
    Germany wants to ban Telegram: https://www.independent.co.uk/... [independent.co.uk] I am sure there are no nefarious motives behind wanting to establish a centralized EU recursive DNS service. None whatsoever. Anyone who believes that is a conspiracy theorist. /s
    • by waspleg ( 316038 )

      That'll happen along with all alleged pirate sites.

    • by OrangeTide ( 124937 ) on Wednesday January 19, 2022 @01:35PM (#62188427) Homepage Journal

      The short-term goal of fighting crime is put ahead of any long-term concerns of fighting government encroachment and fascism. It's forgivable in that it is a rational choice when resources are limited and the need to stop crime is vital to society. There is possibly no nefarious agenda behind governments that try to shut down encrypted communication services (that don't cooperate with law enforcement).

      But I do wonder where we'll be in 20 to 50 years. I predict either extreme and no middle ground, mass surveillance and authoritarian control of all communication, or revolution with collapsed dysfunctional democracy and the economic strife that comes with it.

      • by shanen ( 462549 )

        Of the early comments, this is the one that I would have voted for as FP in the hopes of a productive discussion. But I wish you hadn't propagated the vacuous Subject.

        But a better Subject? Right now I gut nuttin'.

      • "But I do wonder where we'll be in 20 to 50 years. I predict either extreme and no middle ground, mass surveillance and authoritarian control of all communication, or revolution with collapsed"

        I think your prediction will not only come true, but will happen sooner than you think.

        Give greedy, power hungry people some new toys, and I can guarantee that they will find every excuse to use it.

        Just look what happened to the police forces in the United States. And take a look at the result:

      • The short-term goal of fighting crime is put ahead of any long-term concerns of fighting government encroachment and fascism. It's forgivable in that it is a rational choice when resources are limited and the need to stop crime is vital to society. There is possibly no nefarious agenda behind governments that try to shut down encrypted communication services (that don't cooperate with law enforcement).

        No, it's not forgivable. "Those who sacrifice liberty to obtain security deserve neither and loose both". This needs to be shot down, HARD, and people responsible for even floating the ideas need to be voted out of any public office they currently hold.

        • by gweihir ( 88907 )

          There is actually no need to shoot anything down. This is pretty much both technologically and legally impossible. They are just trying to appear to be doing something. The "voting out of office" is also difficult, because the other side (which you would need to vote in) is far worse. They would not only use empty words, they would actually try. Sure, they would very likely fail, but still.

      • by gweihir ( 88907 )

        Actually, no. These people know they cannot shutdown Telegram. Technologically, they have no chance. The Russians with far less protection of individual freedoms tried and failed. And legally, this will not work in Germany either. They just try to appear to be "doing something".

      • by AmiMoJo ( 196126 )

        If it was a slippery slope it would already have happened. Private companies have been going to court to demand DNS level blocks on pirate sites for a couple of decades now, and governments have had bad site blocklists (like the UK and Canada's CleanFeed for a similar length of time.

        https://en.wikipedia.org/wiki/... [wikipedia.org]

    • It also means they'll be able to see the sites you visit. Every DNS request sent is a decent indicator of a site you're attempting to visit.
      • by gweihir ( 88907 )

        It also means they'll be able to see the sites you visit. Every DNS request sent is a decent indicator of a site you're attempting to visit.

        That is certainly a primary motivation behind this.

      • by AmiMoJo ( 196126 )

        Chances are they will just offer root servers, not directly accessible to users. Then ISPs and organizations will have their own DNS servers that refer to them when they don't have details of a requested domain.

        You know, exactly how the current hierarchical DNS system works.

    • by DeplorableCodeMonkey ( 4828467 ) on Wednesday January 19, 2022 @03:23PM (#62188849)

      Germany has tried repeatedly to get Gab to censor Germans using the site. Gab's told them to go pound sand [gab.com]. Just watch as Germany tries to go after foreign platforms that allow "hate speech."

    • by gweihir ( 88907 )

      Ah, no. Some politico claimed that they are very seriously thinking about doing something they cannot actually legally or technologically do. In the German press, this was a small blip because everybody knows this is verbal public masturbation to appear to be doing something.

  • So dont use it? Dns isnt compulsory.

    • by JBMcB ( 73720 )

      They set up BGP rules to not allow extra-EU DNS queries.

      • by taustin ( 171655 )

        Or just silently hijack it.

      • by x0ra ( 1249540 )
        How would they redirect DNS-over-HTTPS ?
      • by PPH ( 736903 )

        Is that a HOSTS file you have keistered on a USB drive?

      • by gweihir ( 88907 )

        BGP does not work on port level. Also, they would break basically all the non-EU Internet for the whole EU if they could do that. Not going to happen.

  • GFW started with DNS filtering...
    • TLA (three letter acronym) police here. That acronym is what now?
      • by Anonymous Coward
        I'm guessing it refers to the Great FireWall [of China].
    • by gweihir ( 88907 )

      Not really. Just the usual authoritarian assholes trying to control what people are allowed to think. There is basically nothing they can do so they try to be loud instead.

  • by Anonymous Coward

    I suspect that no users have been asking for filtering capabilities. If this is intended to be inflicted upon the European people, I don't think it's reasonable for the government(s) to expect rapid uptake. They might be able to literally force ISPs' DHCP servers to suggest a compromised DNS server to users, but it's not really practical to make people use it (unless they outlaw crypto).

    "Yeah yeah, people disobey laws, what's new" you're probably thinking, but if different people go different ways on DNS, t

    • I suspect that no users have been asking for filtering capabilities. If this is intended to be inflicted upon the European people, I don't think it's reasonable for the government(s) to expect rapid uptake. They might be able to literally force ISPs' DHCP servers to suggest a compromised DNS server to users, but it's not really practical to make people use it (unless they outlaw crypto).

      Not really practical? How many internet users even know what DNS *is*, not to mention how to override the default settings provided by ISP? So once you force ISPs to set up everything to use EU-DNS by default, how many people are left seeing non-censored Internet? 5%? 2%? And you bet once they get that going you'll see "only fascists are avoiding EU-DNS, are you a fascist?" campaign targeting the remaining group.

  • is your Mummy and Da-Da...AND DON'T FORGET IT."

  • in the EU to only use approved DNS servers.
  • Most people use their ISP's DNS server, it's only tech minded people who use 8.8.8.8 or 1.1.1.1 or whatever.
    • Or their own
      • by x0ra ( 1249540 )
        They probably aren't running a root server, so when you run your own DNS, what really matters is who you forward the requests to ?
        • Root server addresses are widely published and are given to to recursive resolvers as the starting point to use when going down the domain hierarchy. ISPs generally run full recursive resolvers of their own that use those root hint rather than forwarding requests to someone else's recursive resolver.
    • Most people use their ISP's DNS server, it's only tech minded people who use 8.8.8.8 or 1.1.1.1 or whatever.

      Wanna bet on how long after this system is working until EU mandates ISPs to set their DNS to forward queries to this system?

      • I wouldn't put it past them to try but they would find out very rapidly that it was well beyond their technical capability to serve the traffic involved.
  • So let me get this straight:
    You want to replace an outdated and broken DNS with an even shittier one?
    How's that supposed to go?
    Like that epic success "DE-Mail - E-Mail Made in Germany"?
    *Tadum* *Crash* *Thud*
    Thank you, thank you, I love you too!

    This is reality outpacing satire, big time.

    • Re: (Score:2, Insightful)

      by blahabl ( 7651114 )

      So let me get this straight: You want to replace an outdated and broken DNS with an even shittier one? How's that supposed to go? Like that epic success "DE-Mail - E-Mail Made in Germany"? *Tadum* *Crash* *Thud* Thank you, thank you, I love you too!

      This is reality outpacing satire, big time.

      Sure, sounds funny. Until armed goons from "democratic" EU show up at your doorstep for communicating over UDP 53 with anything other than approved servers. Or attempting to send any traffic to anyone that they can't decrypt. Yeah, not happening today, but just wait 10-20 years.

  • And now DNS-over-HTTP seems to make more sense: https://www.techtarget.com/sea... [techtarget.com]

    I was worried for the replacement of an open protocol with an obscure one, and only China's great firewall would need such a thing. Now even Western "democracies" are worried about what people do freely online.

    One way or another, lines are being drawn, and we will have a showdown. The Internet will either stay open and free, or will be another controlled telco service.

  • they need to add in X.509 DCs for all their citizens. It is good to secure the DNS, but they need to secure email, IM, etc. as well.
  • ...with Blackjack and Hookers.

    In fact, forget the DNS infrastructure!

Truly simple systems... require infinite testing. -- Norman Augustine

Working...