Open-Xchange is committed to a borderless internet that is open, safe and free, allowing users to protect their data and privacy. To achieve this, we develop tried and trusted, open source-based products that can be used by the community, as well as form the basis of our commercial solutions for the world’s leading service and hosting providers as well as telco companies. In this way, they can, for example, run DNS services with the necessary data privacy benefits for their customers. Now, Open-Xchange has been awarded a grant as part of the European Next Generation Internet initiative (NGI) by the Dutch NLnet Foundation for the implementation of a number of privacy enhancements.
The NLnet Foundation awards these grants as part of the European Next Generation Internet initiative for organizations that come up with solutions that contribute to an ‘open information society’ – in this particular case, NLnet focused on privacy and trust enhancing technologies. With this in mind it called for contributors that help making the internet, and technologies built with and for the internet, more privacy friendly. Many of those technologies play an important part in all our daily lives but weren’t designed primarily with privacy and data security in mind.
Open-Xchange applied for this grant with the goal of enhancing the availability of open, trustworthy, privacy respecting DNS resolvers in such a way that it allows any DNS provider, operator, or user to provide encrypted DNS services. By doing so, Open-Xchange allows every user to choose a DNS resolver they trust and is located in their own jurisdiction. This includes the development of important privacy enhancing features of DNSdist and PowerDNS resolvers that encrypt the entire DNS-chain (from client, to caching-resolver, to authoritative nameserver). In this way, we can ensure that both the PowerDNS community versions, as well as the commercial PowerDNS solutions, will be ready for implementation by network operators and (third-party) DNS providers, allowing them to offer privacy-respecting DNS services based on an open source ecosystem.
A critical part of this project focuses on further optimizing the DNS over HTTPS (DoH) and DNS over TLS (DoT) capabilities of DNSdist. In addition, we are planning for the PowerDNS resolver to support even more privacy features. It already comes with malware filtering, as well as dynamic protection against subscriber originated issues, runaway traffic from high-bandwidth customers and denial-of-service (DoS) attacks. In the course of this initiative, we will add Qname minimization to prevent leakage of extraneous query information to authoritative servers. We are also developing EDNS(0) padding, both for answers towards the authoritative server as well as for answers back to the client. Finally, in line with the DNS encryption measures mentioned above, PowerDNS recursors will be able to encrypt outgoing queries towards authoritative servers.
If you would like to know more about this initiative and our plans for more secure and privacy-friendly internet services, please get in touch. We can also provide further details about PowerDNS and DNSdist, if you would like to learn more.