How much EU is in DNS4EU?
112 comments
·June 12, 2025AndroTux
redrblackr
There is Nextcloud which is not only eu-based but open source as well. You choose what parts you run but it competes with most of workspace and office 365 (everything but the arguably obscure stuff*). I use all three (g-workspace, office 365 and nextcloud) and I strongly prefer nextcloud excluding my private preference of open source - even more so from an administrative perspective (fuck the workspace admin pages, they causes me so much trouble)
Cloudflare I don't know if there are good competitors by my own experience, but some are listed here: https://european-alternatives.eu/alternative-to/cloudflare
*except email-server which although easy to add on trough stalwart or external email provider is technically not part of the nextcloud ecosystem (webmail is however)
AndroTux
I don't know what you're smoking if you prefer Nextcloud over Google Workspace from an admin point of view, but hey, good for you.
But no, Nextcloud is not comparable to Google Workspace. Not as a user (their office web implementation is spotty at best, constantly crashes and disconnects; their calendar, meeting and chat apps are barebones; the clients regularly corrupt files or have issues syncing, etc.), and definitely not as an administrator: You have to constantly deal with manually updating the instance, re-enabling "incompatible" apps for some reason, deal with the updater taking 4 hours to download the zip file because their servers are overloaded again, updating the database server or PHP version because it will soon no longer be supported, etc. How is that better than having to navigate the Google Workspace admin interface every few months?
StopDisinfo910
Proton is Swiss. That’s part of the CEE. It’s like Norway, EU-adjacent. They are part of a lot of the agreements and their laws track the EU closely where it matters. It makes sense to include in a lot of discussions surrounding sovereignty.
> you can't waste endless resources on building your own internal Cloudflare
The EU has multiple level 1 network operators that would be ideally positioned to build an alternative to Cloudfare if it was truly required. It’s not like they start from zero.
AndroTux
And then the Proton CEO does things like this, which kind of lets me doubt how aligned they actually are with protecting user data: https://theintercept.com/2025/01/28/proton-mail-andy-yen-tru...
ffsm8
I'm not sure I follow?
because the CEO of a company based on a different continent got suckered into believing Trump's campaign promises, which were mostly pretty decent... you're now doubting wherever the company he's the CEO of actually wants to monitor it's users?
I mean it was obvious that Trumps administration was gonna be spicy to say the least - but their messaging was most definitely way closer aligned to the working man vs the campaign Harrises team cooked up.
I wouldn't fault him at all, he likely just watched a Trump clip and posted his comment without any deeper meaning.
He definitely shouldn't have made that comment, but everyone makes the occasional not particularly well thought out statement... And he's a human too - and self aware enough to have other people/his employees overrule whatever he personally wants to say.
I'm not a proton user myself though. I believe the clients are the only parts that are open source, and a closed source backend thats security oriented is an oxymoron as far as I'm concerned. But I'm not particularly informed about proton either, so ymmv.
karel-3d
https://www.icewarp.com/ is EU-based (mostly Czech Republic)
sdoering
Thanks for showing. Will take a closer loo, as this might help me de-Boogle and de-Microsoft my freelance business.
Thanks a ton.
AndroTux
Wow, that looks surprisingly interesting. How come I have never heard of them before, given that they apparently are around for more than 20 years? Have you used their services? Are they any good?
wkat4242
There's decent companies doing web and mail here. Most of them don't have a global CDN but for digital sovereignty that's not really an issue. Putting servers in other jurisdictions means they are vulnerable to local laws.
And also, you have to start somewhere. And the American companies often employ business practices we frown on here. Like Google datamining their users. Microsoft linking their services together and abusing their market position. Meta pirating to train their AIs.
Without those things the services will be more expensive, but they'll also be more honourable. I see a lot of people really defeatist these days "why care about privacy because you have none anyway" and this is mostly because of American companies.
c_hagau
https://mailbox.org is hosted entirely in Germany and, at least in my experience, has been absolutely rock solid. It's also very affordable for private use. No Google, no AWS, no Cloudflare. (I'm not affiliated with them, just a happy customer.)
ta12653421
++1
yes, same for GMX
thibaut_barrere
I came across https://tuta.com/ which looks interesting.
AndroTux
Yeah, I'll use Tuta if I want an email service that I can't use IMAP with, and then I still have to find a replacement for the 95% of other services Google Workplace offers.
frida-rici-12
I use Tuta, quite happy with it. The app is available on F-Droid, and I can sync contacts to my phone, which is very convenient.
Sure, it does not have everything Google has, but I mainly need Mail and Calendar, and for this it’s great. They are also working on a Drive.
ta12653421
well, im quite good with my GMX account? :-))
Doesnt this count?
Sure, not file & coop workspace etc., but it works quite well for me for more than 25 years
supermatt
joindns4eu is not dns4eu. Its effectively a marketing website, probably subcontracted to a design agency. It has nothing to do with the actual operation of dns4eu.
I'd prefer that they weren't spending funds on using US infrastructure for their marketing (and hopefully this publicity will effect a change), but its a real stretch to make out that it in any way undermines the mission of dns4eu - namely providing a public resolver that isn't slurping up request data for their own purposes.
graemep
Nonetheless, the fact that a digital sovereignty project ends up using American infrastructure for its website and email is a pretty good demonstration of how deeply embedded reliance on the US is.
supermatt
Yeah, thats exactly why projects like this are being spearheaded.
graemep
It does not seem to be working though. They could have used EU infrastructure for their for their email and website, and did not bother to. Its not as though there is no alternative.
I suspect people pushing to host websites in the EU will default to using American DNS and email providers etc.
The real problem is lack of motivation, not lack of options and it is a lot easier for people to keep on using Cloudflare and Gmail and AWS etc.
bootsmann
Gotta start somewhere I guess. EUVD also runs on Azure but that's still a step forward from NVD which runs on Azure and is American itself.
bayindirh
EU was cozy with US cloud operators which built and ran datacetners in the EU soil. They have special agreements for data isolation and data travel limitationss (i.e.: Data can't leave the said datacenter or the continent).
After the last election, they decided that it's not safe in the long term, and started to build their own infra. It'll take some time.
mitjam
I would call it laziness as it’s certainly possible to run a mail and Web service at a EU hoster or cloud. It‘s also sad and telling that they don‘t (care?) and even dishonest, as they don’t list the providers as subcontractors in their privacy statement.
graemep
Well spotted. Cloudflare at least should be mentioned as they can collect IP addresses which are PII. They also load scripts from Google, again exposing, at a minimum, IP addresses.
There is a reference to their cookie policy but to link to it.
quuxberlin
It's the site you find when you search for dns4eu.
raverbashing
Yeah
Honestly this "deep dive" borders on self loathing
"oh but their email is not in the EU" ok it's a fair criticism, but for some people nothing is good enough
Then we wonder why nothing goes ahead in the EU because once you do something it gets flooded with tire kickers and bikeshedders criticizing everything
lpcvoid
I have migrated domains from Cloudflare to deSEC.io the past days, and it's been going very well. It's a German nonprofit which is part of DNS4EU as a consortium member.
_joel
for ns in $(dig NS deSEC.io +short); do for ip in $(dig +short $ns); do echo "$ns -> $ip"; whois $ip | grep -i -E "(country|city|netname|orgname)" | head -3; echo; done; done
ns1.deSEC.io. -> 45.54.76.1 NetName: NETACTUATE-MDN-01 OrgName: NetActuate, Inc City: Raleigh
ns2.desec.org. -> 157.53.224.1 NetName: NETACTUATE-MDN-04 OrgName: NetActuate, Inc City: Raleigh
notachatbot123
It looks like you discovered their global anycast network. Check out their homepage for more information.
m3adow
Never heard of them before, but they look interesting, thanks for that. I'll transfer one of my .eu.org domains for testing it out.
pepa65
deSEC.io is great, been using them more than 3 years. I wish they offered DDNS (like 1984.hosting does).
benjojo12
Claiming that AS60068 is not a "EU" because of "GB" code on their whois is really quite an ignorant way of determining that claim.
With that being said actually depends on what is good enough for you, but it's relatively clear that the DNS resolver IPs that are looking up are based in the czech republic.
As I mentioned in another comment "207 Regent Street" (the address in their whois) is a well known virtual office type address in the UK.
As someone (who himself is admittedly in the UK) who is desperately trying to move more more to European products, this kind of absolutism it's just really exhausting on should really be a shared goal. I will happily use/buy good services from the UK,EU,Swiss,etc etc if they are comparable (even just for my own feature use case) to the US ones.
graemep
Also British and I agree. We should have shared goals with a number of other countries in Europe and in the rest of the world. There is a lot of scope for things to be done in cooperation - e.g. shared development of systems and deployment to datacentres in each country that uses it.
karel-3d
I think they don't actually block DNS queries, mostly related to football (soccer for Americans) pirating, that are required to be blocked in Italy, France and Portugal; so probably they break Italian, French and Portugese laws. (Don't quote me on that.)
See https://flashstart.com/opendns-not-available-in-france-and-p... and similar
Also they don't seem to block Russia Today, which might be required in other countries? But that might be on a different layer. Not up to date on that.
pimterry
How do those regulations work? Is it that anybody providing DNS in any way must block resolution of these addresses, or is it that anybody acting as an ISP must block resolution on their default DNS service?
The latter seems more likely - it's much easier to regulate businesses providing a defined service rather than all servers supporting an arbitrary protocol.
karel-3d
I don't know the details. They have ordered Google, Cisco and Cloudflare to block these on their public resolvers (so not just ISPs). I will google "Piracy Shield" to see the details.
edit: it seems it's local court orders, ordering those specific companies to poison the DNS; it's not a law. So DNS4EU is fine for now.
rozumbrada
The last hop showed in the BGP route is AS60068 (cdn77) which is a Czech company with global physical network. It does not mean the data are going through GB, it's not that easy.
quuxberlin
$ whois AS60068 [...] organisation: ORG-DL201-RIPE org-name: Datacamp Limited country: GB org-type: LIR address: 207 Regent Street address: W1B 3HH address: London [...]
benjojo12
In the era of relatively complicated company ownership structures (especially in a capital heavy business such as Datacamp), the company on the whois does have the same level of meaning as you seem to expect it to.
207 Regent Street, it's a relatively well known virtual office type address, I would be shocked to learn that there were any datacamp employees at that address)
rmoriz
Virtual office addresses don't help to make it better.
_joel
Is the domain chosen actually served by DNS4EU or is this a case of a design company doing some work for a client (the EU) and using their infra? I've seen that happen before. If not then, yea, the author's bang on.
_joel
https://www.joindns4.eu/learn/dns4eu-public-service-launched
IP's listed here are in CZ.
gbil
The routing policy is visible in the relevant RIPE entry for their ASN https://apps.db.ripe.net/db-web-ui/lookup?source=ripe&key=AS...
and one can see that they essentially have 2 upstream peers, one from HU and the other from GB, which is the main point of discussion here and open to scrutiny for sure.
quuxberlin
That's the policy. In real life I only found AS60068.
tazjin
Their resolver resolves sites that should be censored in the EU, so it doesn't look like a government-aligned project.
ju-st
> $ dig ns joindns4.eu +short
> ns63.cloudns.net.
> ns64.cloudns.uk.
> ns61.cloudns.net.
And US and UK have control over the TLDs of the nameservers.
miyuru
Nowadays nameservers are pretty resilient and fast, I am questioning why we need public resolvers in the first place.
If someone operates a network, it is really trivial to setup a recursive server for that network.
wkat4242
You don't always want your provider to log all your requests. If you use another one they have to use DPI to see it which is illegal in the EU.
johncoltrane
Great write-up. Note that the UK is no longer part of the EU so even those .uk domains are a bit of a red flag.
Mashimo
That's part of the writeup.
> Last time I checked GB was not part of the EU. And it’s also a member of FIVE eyes.
jeroenhd
> And it’s also a member of FIVE eyes.
I don't think they need to worry about the FIVE eyes when the "FIVE eyes plus 3", "Nine Eyes", and "Fourteen Eyes" contain several EU countries. The larger groups aren't working together as intensively but it's not like cutting off the UK is going to stop the US from the (industrial) espionage they do in the EU.
johncoltrane
I know. It comes up a bit later than the .uk domains, though.
Eduard
$ dig ns joindns4.eu +short
ns63.cloudns.net.
ns64.cloudns.uk.
ns61.cloudns.net.
mitjam
CloudNS is a DNS provider in Bulgaria, offering good and cheap DNS as a service . Still, the project at the moment is just arbitraging and don’t provide own infra,
A little bit off-topic, but regarding this (sarcastic) quote:
> Europeans can’t do web and mail. There is absolutely no provider here who can do such complicated tasks.
We really can't, though. Because it's not just web and mail, it's Cloudflare and Google Workspace. There just are no EU alternatives for this. There just aren't. You can do parts of it, of course, but if you're running a business, you can't waste endless resources on building your own internal Cloudflare and Google Workspace alternative.
This is a real problem and I wish there were more real alternatives to services like these. Even Proton, which arguably replaces parts of Google Workspace, isn't even EU-based.