DNS4EU - Quad9 Perspective and Status
Summary
On January 12th, the European Commission posted a tender for bid to provide seed funding for a “DNS4EU” project as part of a larger proposal focused on cloud services in Europe. After long consideration, Quad9 has decided not to participate in a bid for the DNS4EU project at this time.
We believe the effort to create additional secure, privacy-focused recursive DNS services is worthwhile, as this is what Quad9 currently provides across Europe and in more than 100 countries globally. However, in working with our consortium partners, we could not construct a business case for integrating the free services described with the for-profit services specified by the tender in a way that made sense for all participants. Combining free services for the public good with paid services that meet the criteria outlined in the tender is a significant challenge. Quad9 could not discern a model compatible with our existing strongly-held primary mission to provide user privacy and security via our recursive DNS services.
Quad9 could build and operate such a platform at a cost significantly lower than the grant amount with a more practical structure. We welcome discussions that could strengthen Quad9’s existing rDNS service to deliver the intended security and privacy results both within the EU and worldwide. Please contact us if you are interested in learning more about how Quad9 can immediately deliver on the security and privacy intents of DNS4EU to the users in your nation or organization.
DNS4EU Background
Primary Goals
DNS4EU, broadly put, is an effort to create an EU-based recursive DNS (rDNS) service available at no cost to any EU users. To re-state in our own words what we believe the core requirements of this tender to be:
- compliance with GDPR guidelines
- availability at no cost to users
- support for privacy for end users via the rDNS
- support for current and emerging encryption methods
- integration of EU-specific security risks
- cooperation with EU-specific security organizations to share threat data
- highly-reliability service
- easily discoverable service by devices and individuals
- no monetization of personal data of individuals
Quad9 currently operates an rDNS service available in more than 30 locations distributed across the EU, already providing this set of services to any internet users who wish to use the platform. We believe our current offering checks every box in the list above. In addition, Quad9 also operates in almost one hundred nations worldwide to give users equal security and privacy options. It has five years of proven delivery as the only large-scale rDNS provider with the end-user (as opposed to profit) as the focus of the service.
Secondary Goals
The tender outlined several secondary objectives for the rDNS services. Again, in our own words, we interpret these objectives to be:
- legal/corporate control from within the EU
- additional blocking services (e.g., child-safe, parental controls, nation-specific filtering)
- for-profit upgrade path for individuals or corporations looking for unspecified “additional” services.
These are criteria that Quad9 does not currently fulfill, though we could meet these requirements through our consortium of existing partners, potential new legal arrangements, new partnerships, or internal development work.
Quad9, based in Europe, would seem an obvious match for this tender as the currently running Quad9 service meets all of the primary service specifications.
Exclusive, not Inclusive Model
Quad9 strives to “raise the bar” for rDNS operators in all environments. We hoped this tender would create incentives for EU-based rDNS operators (ISPs, telcos, network service operators or rDNS platforms) to work towards an equivalent set of privacy and security guidelines. We had hoped that Quad9 would be one of multiple winning candidates funding expansion and service upgrades across the EU.
Instead, this is a “winner-takes-all” solution, where a single entity (even a consortium of many members) would receive funding to build a single rDNS service. While the security and privacy requirements of the tender are excellent, they apply only to this new rDNS service. The tender is singularly funded and does not create circumstances that incentivise adopting these security and privacy enhancements for operators of existing rDNS platforms or services. This approach limits the end-user participation to those who are customers of consortium members. Other end-users may opt into the service, but that takes time and has a high operational cost, neither provided by the tender.
Consortium-Building
The tender expressed a strong preference for respondents to build a consortium composed of a wide range of geographic and industry participants. Quad9 can create an exceptionally diverse and competent group of participants for such a consortium. Our current non-profit model already relies upon our ability to work with supporters who provide the bulk of our funding and capabilities. Our current partners include industry-leading threat intelligence providers, CERTs, hosting and colocation services, open-source software developers, and a wide range of other non-profit and for-profit entities globally. As Quad9 is a Swiss entity with a Netherlands sister organization, we need to work closely with consortium partners to satisfy the EU-specific sourcing in any bid scenario.
Through our many conversations with new and existing partners about the DNS4EU bid, it was clear that the primary goal of offering a free service is not well-matched with the for-profit business case required, especially within such a short window for bidding. Throughout those conversations, no participants (including Quad9) could describe or express a strong belief in a business case that would support fronting the effort with several million euros, even if that bid was far below the maximums of the tender.
Conclusion
This result was both a surprise and a disappointment, given how closely Quad9’s running service matched the requirements. It may be the case that there is a winner in the DNS4EU bidding process, and if so, we hope that outcome creates a successful entrant into the rDNS community. Neither our partners nor we could see how we could create and participate in a way that would survive past the end of the funding cycle and be a worthwhile expenditure of the grant.
We believe Quad9 could provide the capability described at a fraction of the proposed costs. We are excited to explore opportunities of a similar nature in the EU or other geographies with slightly different criteria and constraints. We welcome discussions that could strengthen Quad9’s existing rDNS service to deliver the intended security and privacy results both within the EU and worldwide. Please contact us if you are interested in learning more about how Quad9 can immediately deliver on the security and privacy intents of DNS4EU to the users in your nation or organization.