On Monday 31 January, the RIPE NCC held an “Open House” community discussion about DNS4EU, the European Commission's recent tender process to establish a European public DNS resolver.
This intention was originally mentioned in the EU's Cybersecurity Strategy, published in December 2020. Although few details were available at the time, the recently published tender provides more details on how the EU Commission envisions this service. The call for proposals has become part of the Connecting Europe Facility that aims to co-fund this and other projects to enhance the European Digital Infrastructure
From the Commission side, the concerns driving this initiative relate to consolidation of DNS resolution services in the hands of a few (non-EU) companies (i.e. the emergence of public DNS resolver services hosted by Google and Cloudflare), privacy and data protection in the processing of DNS data, and the perceived need for EU investment in the field to better identify and filter EU-specific “cyber-threats”.
The session drew around 140 people, and following a brief presentation on the background and details, many joined in an active conversation over the course of just over an hour. The archive of these discussions and related slide-deck are all available online, and I won’t attempt here to capture everything that was said, either out loud or in the accompanying chat. However, a number of points emerged from the discussion that I can try to summarise:
- There are significant concerns within the community about how such a service might be used in future. While the current documentation makes no reference to any requirement for operators or individuals to use this resolver service, numerous participants felt that such a service, developed and launched under such circumstances, raised the spectre of such obligations or requirements coming into force at a future date.
- While there have been other DNS resolver projects around the world with government support or involvement (for instance, in the UK and Canada), there was a sense that DNS4EU represents a new kind and degree of government intervention in the space.
- There is clear interest on the part of the European DNS community (which is perhaps distinct from, but very much overlapping with the RIPE community) in who will be selected to carry out this project, as it will have a significant impact on the DNS landscape in the region. A number of call participants noted that they are part of consortiums preparing to bid for the project, or are interested in joining such a consortium.
- There were technical concerns noted in relation to centralisation or consolidation of DNS resolution services (a potential “single point of failure”), though some saw a “federated” DNS4EU model as providing sufficiently distributed service to mitigate that risk.
- The possibility of the RIPE NCC taking an active role in this process was raised, but there was not clear support for (and some strong sentiment against) the RIPE NCC being involved with any bidding consortium; however, some noted that the RIPE community may wish to engage with the eventual operator, particularly if that operator is looking to develop some form of multistakeholder governance. There was also support for the RIPE NCC’s continuing engagement with the European Commission (and facilitation of engagement between the EU institutions and the RIPE community).
This is a topic that is getting a great deal of attention in various venues, and will likely continue to be a subject of interest in the coming months. There has already been some discussion on the RIPE DNS Working Group mailing list; there is also obvious relevance for the RIPE Cooperation Working Group, and possibly other RIPE working groups. Expect to hear more, and I’d encourage anyone with interest or insight to contribute to those RIPE community discussions!