Hacker News new | ask | show | jobs
by fside 369 days ago
I’m with the author. DNS4EU is being sold as “sovereignty,” but it’s just another centralized resolver sitting on the same foreign-owned infrastructure we already depend on. Shuffling everyone’s queries through one EU-branded endpoint doesn’t fix privacy or resilience—it just adds another middleman. If the EU really wants independence, it should invest in making local ISP resolvers secure and trustworthy instead of outsourcing the job yet again.
2 comments
supermatt 369 days ago
> Shuffling everyone’s queries through one EU-branded endpoint doesn’t fix privacy or resilience—it just adds another middleman.

The ENTIRE point is to be a publicly funded middleman that doesn’t collect or expose user data.

It’s not about “sovereignty” over DNS - it is primarily to prevent dns providers invading user privacy. Go and read the official documentation on ENISA.

Maybe you should have at least a rudimentary understanding of it’s purpose before making uninformed judgements?

link
bux93 369 days ago
And it should only use the I- and K- root-servers, and fund those.
link
letters90 369 days ago
That'd be a really good idea

https://en.wikipedia.org/wiki/Root_name_server

To be honest, setting up a DNS4EU replica would just be a simple unbound

link
fside 369 days ago
Should be easy enough. But, the problem is the scale. I work at a privacy conscious EU based startup and we used to use quad9 for our infra. Shortly after we started using, we started to hit scalability issues. When the whole eu traffic was hot, our DNS query latency would also go up. To be able to keep up, we had to switch back to CF and Google. Hope there is a really good alternative one day.
link
quuxberlin 369 days ago
Run your own resolver. It's not that hard.
link
fside 369 days ago
Sure thing, but essentially it would be another thing that we have to make sure that it is protected and performant. At the time of building a startup, that’s still an item we are leaving someone else to manage.
link
letters90 369 days ago
It's simple to setup a resolver, really. Basically just "apt install unbound" and you have a resolver ready.

the only thing you might have to adjust is the access control

https://www.linuxbabe.com/ubuntu/set-up-unbound-dns-resolver...

      access-control: 10.0.0.0/8 allow
      access-control: 127.0.0.1/24 allow
      access-control: 2001:DB8::/64 allow
link