I've lost count how often I wrote 8.8.8.8 and 1.1.1.1 somewhere. Cloudflare and Google (and Quad9) understood that you need to remove friction to get more users. I hardly remember 1.1.0.0 (or is it 1.1.1.0 ?), so I've never entered that somewhere.
*Don't make me think*
According to that rule, DNS4EU is dead in the water. It took me at least 5 clicks to see their fucking IP. And there are multiple, to choose from, oh dear lord, help me! The only thing I want to know is: which IP do I need to enter, so that I can try out their service.
But OK, I get it, I'll read their stuff. So the IP could be 84.56.11.11 I think. Could be wrong. I'm pretty sure, it is wrong, because my brain didn't bother to hold that information for 30 seconds. I have multiple working DNS IPs in my brain, the new one needs good reason to get storage space in my small, stupid brain.
I know, this is an extreme take to that matter. But when you build a product, you need to understand, that 99.9% of your potential users are apes, that are bored, stressed and angry at the same time. They don't care at all about all the stuff you care about. Give them, what they need to progress. After that, they will maybe care a little bit about your product.
i don't know what you tried, but i found it by scrolling down and then a single click. then i went back and found that two clicks without scrolling would have done it.
you are right about the problem of hard to remember IP addresses, but i don't think it is that bad.
They don't care at all about all the stuff you care about.
i don't understand this argument. users who don't care would not even bother to change the DNS. and those that do will change their settings once and be done with it. a memorable IP mainly benefits those that set up devices frequently.
As others have noted, my take is slightly unreasonable, but reflects the reality of them.
To be a bit less "stressed, bored and angry ape"-ish, I still see the problem with IPs, that are not as rememberable as possible, and I also think the website should have one of their IPs front and center and reachable without scrolling.
DNS Servers are a strange product. It is very high stakes and very low stakes at the same time.
Without DNS nothing works anymore. Slow servers are a mayor pain. DNS is *the* single point of failure in our electronic lives. So everything is high stakes.
At the same time, DNS is boring as hell. Everyone can run their own DNS server in minutes, there are resolving DNS servers everywhere, you can choose whichever, they will all work like 99,999% the same. It mostly makes no difference, at all, which DNS server someone uses.
So if someone wants to break into that market, they need to be as convincing as possible. Why should I change? How much energy does it take to change? How likely is it, that this new service will be faulty, slow, or does things different, so my users and I are blocked and therefore angry? And if they are angry, can I tell them "oh, google messed up, the internet is broken, nothing I can do here, just wait a bit", or do I have to say "sorry for selecting an unreliable service, I will repair it for you (for free)".
Google DNS and Cloudflare captured the marked with "we are the fastest, and biggest, you will never experience downtime or slowness". And they proved (mostly) that I can count on that.
Quad9 take is "we are fast, big, and we will fight for freedom". Maybe. I honestly forgot, because I can already choose from two others. I just know, that if 8.8.8.8 and 1.1.1.1 fails, I try 9.9.9.9, if that also fails, my network config is definitely fried.
In this space, it is ultra hard to create a new product. Remove friction, get more users. This is all, I wanted to say.
DNS is extremely interesting because it is a distributed network that everyone depends on. DNS has security innovations with DNSSEC, DANE, TLSA. Granted, authoritative nameservers may be more interesting than resolvers, but resolvers have a lot to them, too.
> Everyone can run their own DNS server in minutes, there are resolving DNS servers everywhere, you can choose whichever, they will all work like 99,999% the same.
I ran my own resolver for a while and the latency was terrible. A lot of effort goes into getting good latency everywhere.
> It mostly makes no difference, at all, which DNS server someone uses*
Yea it does. DNS is often the first place governments will apply censorship, since it’s easier than applying for a takedown when what they seek to censor is not illegal in the hosting country.
After reading your claim, I have thought that the first time I have not scrolled enough.
So I scrolled everything without seeing any information, then I have tried the "Set It Up" buttons, which have only taken me to other pages with verbose but useless information.
However, some time later, I have tried again a "Set It Up" button, and this time it showed a popup with the IP addresses or URLs of the servers, which I assume that is what you have seen.
But at least for me, this did not happen at the first attempt, when I could not reach easily this information, despite performing the same steps as later.
If you're willing to setup your own DNS server (on a Pi or any (low-power) device), you don't need any forwarding DNS service. No Google DNS (8.8.8.8, 8.8.4.4) or OpenDNS (1.1.1.1). People sometimes tend to forget how DNS works.
If you setup your own DNS server without a forwarder, it just contacts the root servers and resolve domains through the regular DNS process.
A reason to use the DNS4EU serivce is if you want additional filtering that you may not be able to / or want to realise with pihole.
In my experience, recursive nameservers tend to be a bit slower than using cloud nameservers. Google and Cloudflare have most domains cached, so their responses are faster, especially for domains with authoritative DNS servers on the other side of the world.
Another advantage is that cloud servers can be contacted over ODoH, which encrypts the lookups and protects the privacy of the user (which isn't the case for normal DoH either).
Your recursive nameserver should also cache any resolved domains, so a small delay could happen only if you try to access for the first time some site that you have never visited in the recent past.
In practice, I have used for decades only my own recursive nameservers and I have never perceived any slowness in comparison with computers that were using the ISP or Google or corporate nameservers. More like the opposite, presumably because my own cache always has the content that I access frequently.
1.1.1.1 is cloudflare not opendns. Also you need to use something like unbound as recursive DNS because most of people using pi hole or adguard home they are forwarded DNS and still need upstream. But I agree with you, I run unbound+ Adguard home and don't need anything. I put 9.9.9.9 as fallback however because I don't have replication of the setup yet.
In the past, for many decades, dnscache was an excellent recursive resolver and cache. Unfortunately, it has become obsolete because nowadays many DNS queries return replies so big that they must be obtained over TCP, so an UDP-only tool is no longer good enough.
well, the other reason is to avoid exposing your home IP to the DNS servers of the world.
using e.g. 8.8.8.8 means Google and your ISP can log your dns queries and tie them to your IP, running your own recursor means every DNS server you touch knows you personally looked them up.
The threat of random DNS servers spread over the world knowing your queries is certainly orders of magnitude less than when using the Google or the ISP name servers.
For Google or for the ISP it is trivial to aggregate all your queries in order to have a complete history of your activity.
For many DNS servers distributed over the world and belonging to different organizations it is much more difficult to coordinate in order to monitor you.
In practice, your ISP is the main threat for monitoring your Internet activity, not by DNS, but by its routers, through which any packet sent or received by you must pass.
> The official EU Public DNS Resolver is basic-level protection that everyone should have. It is important to note, however, that most organisations and individuals likely require enhanced protection.
I'm confused - what "enhanced protection" do most individuals require that they aren't providing?
My question is, will they block sites when some e.g Greek or Spanish authority tells them too? One thing I appreciate about Cloudflare or Google's dns-over-https servers, on top of the encryption, is that they don't block sites like Anna's Archive, whereas my local ISP sometimes does.
The funny thing is that they’re reusing the IPv4 octets, that look like decimal notation, but in the hexadecimal Interface ID:
2a13:1001::86:54:11:100
So only hilarity can ensue from misunderstanding that; but the reverse DNS may be achievable.
Not to mention the unfortunate association with IPv4 in the service name. When will DNS6EU be released? More to the point, “for” is a distinctly English word, so has “4” become an international chatspeak stand-in?
Neither the IPv4 addresses nor the IPv6 addresses have reverse lookup set up correctly, as far as I can tell. Both are eminently, and easily, achievable.
The techy people who are the ones who are the target for something like this aren't just setting up their home internet once, they're setting up the internet for their friends and family when they visit, getting roped in to fix the internet for their in-laws when it breaks, etc.
Because, 18 months from now, you or your executrix wakes up with a hangover, and your Internet connection is down, and you or your executrix begin troubleshooting, and poking through the DNS configuration, your executrix scratches her head and exclaims “who in the world is 2a13:1001::86:54:11:100 and why did we ever add this in here?!”
And then you or your executrix reset it to 8.8.8.8 because that is distinctly memorable and unmistakable.
In just one phrase: Whalebone, the main contractor, is neither listed in the world's top fastest and reliable secure DNS server in the world:
https://www.dnsperf.com/#!dns-resolvers
(Seriously though, this service is the middle ground no one asked for. The technically literate runs their own resolver, like the example above, or has chosen one they trust. The technically illiterate doesn't know they want this and will never find this service.)
Eh, I think there's a reasonable middle ground, especially on mobile devices. It's an easy, one-time thing to set your "secure DNS" on Android, and I'm sure small but non-trivial number of people using CloudFlare or Quad9 or something for DoH.
There's nothing here suggesting that 'protective' will block torrent sites or similar - AFAICT it's exclusively for recognized malicious/phishing/etc sites, like Google's safe browsing list. It specifically says below "We do not apply any type of legal filtering".
Yes, it is good to have a state-sponsored and controlled DNS service, because the state is my friend and has my best interests at heart.
If you're a criminal, a person with something to hide, or a loathsome anarchist you should go away and use unofficial and unapproved software like a local instance of unbound or https://www.dnscrypt.org/
1. Looks like the cost of this project so far is already ~€1M. Does it really take you a million Euros to set up a DNS server?
(Just did a quick research in the EU's financial transparency system [1], I entered "dns4eu" in the subject field. €3m budgeted, €1M used already, most of it going to a company named "Whalebone sro" (?))
2. Why does every EU-funded software project have such a terrible website? As a visitor, you get the impression that the designers took great care to obfuscate the actual product as much as possible, while throwing in random text blurbs, useless buttons and boxes.
Stuff like:
> Looking for a fast, secure, and privacy-focused way to browse the internet? You're in the right place.
Yeah, sure.. just give me the product?
Reading on..
> Learn everything you need to know about DNS4EU Public Service – including where it's located, how to easily set it up on your device, and what configuration options are available to best suit your needs.
Yeah, sure.. just give me the product?
Compare this with the UI of Cloudflare's 1.1.1.1 [2] which gives visitors exactly what they need. It's awesome.
---
It's hard not to be cynical about EU projects, this one included. I've had the questionable pleasure of diving deep into EU software projects and their funding when analyzing and rebuilding [3] the EU medical device database [4], a simple database with ~500k entries (~10GB on disk), which has burned €45M (!) so far and employs a team of ~50 people. Link to website with budget tracker [5].
I don't know the finer details of this project that's being launched, but if I'm setting up a global DNS server, I want to make sure it stays up all the time, it's kind of the point.
It's not a project that "We will scale when we reach out limit". So I imagine there's a significant initial payment.
I never said that 1M EUR is too much.
And yeh you are right, you want a global DNS server to be global.
Nonetheless Cloudflare has more POPs of their DNS server as this project and a lot lot more traffic as this project just starts.
So i think that the comparison is not useful at all.
An better question is why they did not take more money and build an alternative to the root servers on top of it, or a super low cost registrar (for self cost like CF).
I would absolutely love too see more from this project and less of bad comparisons that are knee jerk comparisons.
> Does it really take you a million Euros to set up a DNS server?
The subtext of the above being
that it "obviously" shouldn't cost 1M to slap BIND on a spare beige box in a closet.
The subtext in mine was to put the scale context back in, not really comparing this project to Cloudflare who has more POP but also does a lot of other things (and so providing the DNS part for free is really a rounding error in their biz bottom line and they probably couldn't really tell how much it would actually cost).
But then again the QA invites the comparison, they clearly position as challengers to 1.1.1.1/8.8.8.8/9.9.9.9
I didn't mean it to be knee jerk at all, sorry of it came across so.
Overhead from "international consortium of members from 10 EU countries": €500k
I'm just making up numbers here, but this is roughly how it usually works. A lot of these EU projects are huge "design by committee" efforts, with all the associated downsides.
It's not really a "EU thing though", but more of a "government thing". Or perhaps more accurately: "private companies doing work for government" thing. Defence contractors in the US are notorious for having their snout in the trough. How much was spent on that UK Post Office accounting system? A billion pounds IIRC? And that "contact tracing" COVID app that didn't even work was a few dozen million quid IIRC. There is an endless list of examples from many countries.
slight improvement: "more of a not government thing". Neo-liberal dogma tells us that `public services == bad`, government should hand out contracts to commercial sector, aka "small government".
Commercial sector gets dependent on government, and takes on politics as part of the business. You end up with State Capture. That means that the "real world" government is shifted outside public control.
> Defence contractors in the US
are something else entirely. keyword: political economy
I agree 100% with everything you've said, and I'm from the EU. EU companies are burning and pocketing as much money as they can for themselves while delivering sub-par software.
I do get your point - and, sure, the EU website is not catastrophically terrible. But, damn, if I'm looking for a DNS, I just want the IP, I don't want five options and the mental overhead of having to determine why the hell I now am faced with five options for a DNS, which one I should choose, how they differ, etc., etc.. Add all of the IPv4/6 stuff on top of that, and.. oh man, I feel like you've lost 90%+ of interested people already.
I agree that the DNS4EU website is not designed very well, but CF's isn't any better - sure it shows the IP up front, but immediately below is the incredibly non-descriptive tagline of "The free app that makes your Internet safer." and download links for some kind of unrelated software (looks like a proxy? CF says it helps me "Connect to the Internet faster and in a more secure way.", and that "The Cloudflare WARP client blah blah faster, more secure, and more private experience online blah blah The WARP client sits between your device and the Internet, blah blah"). I'm just looking for DNS configuration instructions, why are they asking me to download software.
I am in for better public documentation about the various software initiatives the EU supports in general. The reporting seems to follow the internal governments process and structure in form, rather than having some external user in mind.
The EU funds various highly useful, difficult projects across the globe. They make use of lean foundations who are highly knowledgeable in their area of expertise with a focus on delivering improvements for the public. The EU supports even non-EU citizens open source innovations, for example projects with a focus on novel p2p techniques, open hardware etc.
I have a problem with the general "omg public good, money waste" learned response from some other commenters. Neo liberal dogma's are just that, and they end up convincing the public to give consent to State capture. To me the more interesting critique would have been why DNS is not considered public infrastructure, instead of leaving that to commercial control only.
> Does it really take you a million Euros to set up a DNS server?
Why are you acting as if the scope of this project is dumping bind on a server somewhere? They are operating filters and threat detection. The scope is obviously wider than just “setting up a DNS server”.
> as any critique of the EU seems to be met with universal outrage.
Absolutely not, in fact as an EU citizen, I am the first to call out issues and complain about things getting changed. That's why there are nicer privacy protections for example in the EU.
That said, the comment doesn't really apply to "only EU".
> a simple database with ~500k entries (~10GB on disk), which has burned €45M (!) so far and employs a team of ~50 people
"Burned €45M" with zero citiation, on even where the funding goes to, there are lot of regulations around medical databases, and for good reason.
Tell me outside the EU doesn't have overblown budgets also?
1. Enter "subject of grant or contract" = "eudamed" [enter]
2. Receive the numbers until 2022 inclusive (2023 is incomplete).
3. Extrapolate conservatively.
Citation #2:
We received documents as part of a "freedom of information act" request (the EU version, named differently) which we published here. Those include numbers for 2022 and the head count, among other things.
> You throw your computer out of the window, quit your regulatory job and vote "Yes" on Brexit.
Talk about throwing the baby out with the bathwater.
> Okay okay, yes, this is a bit of an apples-to-oranges comparison: The EUDAMED team had to spend time on the upfront work modelling the data structures (not that the end result is super great), and they also had to build the whole "entering data" kind of stuff which our solution doesn't have. Sure, the EUDAMED team had more work. But 300x more work?
This is something we hear all too often and it never passes the smell test.
"Well you finished that feature in 1 day so I can give you 5 features for this week"
It's not the same.
I agree it could be better, but there are graph databases with the data that work extremely well for my requests anyway. But sure, you offer a right click solution. Great, but I "imagine" it doesn't fit everyone's requirements.
Let alone any legacy integrations that might already be there.
[ad filtering] Accesses are resolved with the IP address 0.0.0.0
I remember the days I was running a Pi-hole at home, and after having no web server running on my desktop machine, I started an Apache web server, and there was a surprise in store for me, as suddenly 0.0.0.0:80 was responding to HTTP GET...!
*Don't make me think*
According to that rule, DNS4EU is dead in the water. It took me at least 5 clicks to see their fucking IP. And there are multiple, to choose from, oh dear lord, help me! The only thing I want to know is: which IP do I need to enter, so that I can try out their service.
Everyone else understood this. Look at Cloudflare: https://www.cloudflare.com/de-de/learning/dns/what-is-1.1.1.... the IP is RIGHT IN THE URL! I don't even need to visit their website.
But OK, I get it, I'll read their stuff. So the IP could be 84.56.11.11 I think. Could be wrong. I'm pretty sure, it is wrong, because my brain didn't bother to hold that information for 30 seconds. I have multiple working DNS IPs in my brain, the new one needs good reason to get storage space in my small, stupid brain.
I know, this is an extreme take to that matter. But when you build a product, you need to understand, that 99.9% of your potential users are apes, that are bored, stressed and angry at the same time. They don't care at all about all the stuff you care about. Give them, what they need to progress. After that, they will maybe care a little bit about your product.