#dns4eu — Public Fediverse posts

📬 DNS4EU: DNS-Sperren in Frankreich ausgeweitet
#Rechtssachen #Streaming #CANAL+ #DNSSperren #DNS4EU #Formel1 #GerichtshofParis #MotoGP #Whalebone https://sc.tarnkappe.info/476d75

EU-Funded DNS Provider Must Block Pirate Sites, French Court Rules

https://torrentfreak.com/eu-funded-dns-provider-must-block-pirate-sites-french-court-rules/

#siteblocking #Piracy #dns4eu #Europe #France #eu

0 days since #Whalebone fucked up completely and #DNS4EU started resolving #Gentoo .org to some random Japanese site.

Now that people have told me that #Whalebone is the company behind #DNS4EU and not just some random scam suddenly sending me mail that they've created an account for me I've never asked for, I've checked the status about my false positive reports. Both have gotten an automated response that I'm going to get an answer in 24 hours.

While the second one could be explained by holiday period, the first one is waiting since November 10th. This whole thing is a huge mistake.

📬 DNS0 ist abgeschaltet. Ein Rückblick auf das kurze Leben des EU-finanzierten DNS-Resolvers.
#Datenschutz #AdGuardDNS #DNSResolver #DNS0 #DNS4EU #NextDNS #Olivier Poitrey #Romain Cointepas https://sc.tarnkappe.info/2635f7

@badscooter Une recherche WHOIS donne « Pickup Services SA » qui est en fait DPD, une filiale de Geopost qui appartient au groupe La Poste.
C’est donc un faux-positif à faire remonter à #Whalebone qui opère #DNS4EU : https://www.joindns4.eu/contact

#DNS4EU #FiveEyes #Cloudflare #Google #NoBigFive

How much EU is in DNS4EU?

$ telnet route-views.amsix.routeviews.org
route-views.amsix.routeviews.org> sh bgp ipv6 2a13:1001::86:54:11
BGP routing table entry for 2a13:1001::/48, version 327804
Paths: (22 available, best #1, table default)
[...]
15943 60068 198121
[...]
51088 60068 198121
[...]
1103 60068 198121
[...]
12779 60068 198121
[...]
38880 6939 60068 198121
[...]
60150 5405 60068 198121
[...]

BGP uses AS numbers for routing and the above output shows us the way from the Amsix route-views router to our destination in AS198121.

Once again we can use whois to query information about these ASN. You just need to put AS in front of the number when asking.

There is way more output, try for yourself:

$ whois as198121 | grep country
country:        CZ

Ah, good - EU! Not so fast… Note that the second to last AS is always the same.

$ whois as60068 | grep country
country:        GB

Last time I checked GB was not part of the EU. And it’s also a member of FIVE eyes.

So we have a service sponsored by EU, to protect the privacy of EU citizens using mainly non-EU services and routing all of their traffic, at least for the sample I took, via an non-EU provider.

How much EU is in DNS4EU?

https://techlog.jenslink.net/posts/dns4eu/

#HackerNews #DNS4EU #EUtech #InternetPolicy #Cybersecurity #DigitalInfrastructure

Exploring #DNS4EU a little further and throwing myself back to research I was involved in a while back (https://arxiv.org/abs/2403.05638), surprisingly shows that the #European #resolver shows no problems resolving the sanctioned entities of #RussiaToday and #Sputniknews.

An oversight? I would be less surprised if the unfiltered #resolvers resolve the domain names, but even the protective ones resolve to the correct domain names, revealing that #DNSblocking is not applied on #EU cyber-resiliency flagship project.

#DNS #Sanctions #RussiansSanctions #EuropeanAlternatives #Whalebone

Another thought about #DNS4EU :

The protective nameserver responds much faster on #IPv6 than it does on #IPv4. Good job, #Whalebone!

Launching service like this around 6th June makes me sad. #dns4eu #ipv4first #ipv4only
https://stat.ripe.net/widget/dns-chain#resource=protective.joindns4.eu

Last week was another stakeholder meeting on #DNS4EU. #Whalebone provided a short overview of the project including a timeline. Public launch is scheduled for June this year. The talk elaborates on various considerations of the new #DNS project. I was mostly interested in the deployment aspect, the #DDoS slides and the #privacy and #anonymization mechanisms.

My personal main concern with the project is the absence of resolver technology. The project plainly uses the #KnotDNS resolver. Not a bad choice, but University taught me that diversity in the backend software introduces even more resiliency. Yet, as Whalebone is a #Czech company, it is apparent why they chose #KnotDNS exclusively.

The slides are public.

During my lunch break, I watched the #DNS4EU update of DNS-OARC 41 earlier this year. Since the company responsible for operating the DNS4EU project is Czech, it comes at no surprise that they consider #KnotDNS as part of their infrastructure. Yet, in the talk it does not sound like they settle on software diversity, and predominantly consider the (pretty reliable) Czech resolver.

From other folks, I heard that software diversity is just one of the resiliency features among ASN diversity, geographical diversity, etc. Why is this not highlighted in the "scope, timeline and challenges" talk on DNS4EU?

Slides and talk.

#DNS #europe #dnsoarc #resiliency #privacy

EU-Kommission erteilt Zuschlag für europäische DNS-Resolver

Wer DNS-Resolver betreibt, weiß, wohin seine Nutzer surfen. Die EU will eigene Resolver als Gegengewicht zu Anbietern wie Google und Cloudflare aufbauen.

https://www.heise.de/news/EU-Kommission-erteilt-Zuschlag-fuer-europaeische-DNS-Resolver-7441690.html?wt_mc=sm.red.ho.mastodon.mastodon.-.-

#DNS #DNSResolver #DNSSperren #DNS4EU #Datenschutz #Datensouveränität #DomainNameServer #DomainNameService #EU #Internet #Netze #Tschechien #Whalebone #Zensur #News