The new infrastructure should have built-in filtering capabilities, according to the spec.
The European Union is officially in the market to build its own recursive DNS service. The service will be made available to EU institutions and the general public for free.
The proposed service, named DNS4EU, is currently in a project planning phase. The bloc is looking for partners to help build a sprawling infrastructure to serve all its current 27 member states.
EU officials said they started looking into an EU-based centrally-managed DNS service after observing consolidation in the DNS market around a small handful of non-EU operators.
The European Commission has issued an official call for proposals to build and deploy the project they are calling DNS4EU. This will be “a recursive European DNS resolver service infrastructure serving EU-based internet users in need of privacy-respecting and secure DNS resolution to access resources on the internet.”
“The deployment of DNS4EU aims to address such consolidation of DNS resolution in the hands of few companies, which renders the resolution process itself vulnerable in case of significant events affecting one major provider,” the CFP further states.
Security and Privacy are major focus points
But EU officials said that other factors also played a role in their decision to build DNS4EU, including cybersecurity and data privacy.
The system must have a sophisticated filtering capability. DNS4EU must provide “state-of-the-art protection against cybersecurity threats by blocking malware, phishing and other threats,” the document says. The protection should be based on “reliable and up to date global threat feeds.” It should also address “in particular local threats (e.g. based on EU-languages).”
Not surprisingly, Privacy and Data Protection are also major deliverables. Data processing shall take place through “transparent and published policy and rules, in full compliance with EU rules,” they say. And of course, DNS resolution data and meta-data processing must take place in the EU.
Most importantly, there will be no monetisation of personal data. Moreover, “potential use of aggregated data (e.g. for cybersecurity analysis) shall be specified and made transparent.”