Building trust in European DNS resolvers

Jun 29, 2021


Open-Xchange recently announced its support for the European Resolver Policy, an industry initiative to provide more transparency and reliability around the operation of DNS resolvers in Europe.

DNS resolvers are a core component of any internet access service; they come into play whenever a user tries to access a website or a server, as their device needs to convert the address or server name into an IP address and thus a location on the network.

If the DNS resolution is not secure, it could be used as a vector for attacks, for example leading the user to fake versions of the intended website that could be used for phishing. Smart DNS resolvers can also apply filters that block connections towards unsafe websites, such as botnet command and control servers, or, if the user so wishes, websites that are unsafe for family use. In addition, a DNS resolver is a potential point of tracking for profiling; privacy and data protection are extremely important.

Until now, users did not have a standard way to know what their DNS resolver is doing, whether it employs encryption, who is processing their data and for what purposes. Users needed to trust the service operator and the best they could do was look for hard-to-read legal terms and conditions somewhere on a website.

To address this, the European Resolver Policy establishes two important requirements for resolver operators:

  1. The adoption of best practice guidelines, in terms of security, privacy and reliability of the service;
  2. The documentation of the resolver’s practices and features in a standard “transparency statement” that can be made available to end-users.

PowerDNS supports the initiative and will provide the transparency statement for any stable public resolver service that might be offered to the public in the future. We are glad to share this support with other well-known industry players, such as the public resolver Quad9 and operators of security filters like AdGuard and DNSFilter.

We hope that more operators will adopt this policy as a way to help their users increase the trust they have in DNS services made in Europe.

About the author

Vittorio Bertola

Vittorio Bertola

Head of Policy & Innovation


Related Articles

A surprising discovery on converting IPv6 addresses: we no...

Yesterday, we were contacted by PowerDNS user James Baer who noted strange crashes in PowerDNS (on Linux) upon adding...

Bert Hubert 05/4/14

A few quick notes on making an application FULLY IPv6 compliant

Over the past decade, PowerDNS has become ever more IPv6 compliant, and I think that since a year or so, we fixed every last...

Bert Hubert 08/3/12

When DNS is cool and when it is not

Whenever massive query rates are desired for globally distributed data, with high redundancy and built in positive and...

Bert Hubert 11/4/09 PowerDNS Development & Community Server @...

Hi everybody, Over the past few months, the PowerDNS Wiki and Subversion servers had a hard time and were no longer able to...

Bert Hubert 11/1/09