I love that list. It’s like a convenient lookup directory when you need to pirate or stream something, freely accessible, sponsored for by the government and the entertainment industry!
NO censorship as far as I can tell, all websites I tried worked. Beyond that, Russian websites are also fine.
Also, I don't expect to have EU wide bans anytime soon because each country is into doing its thing in this regard. When Germany, Italy etc. are going trigger happy for piracy Eastern EU and the Nordics used to be or maybe continue to be the providers of that.
Another interesting test case are the following domains (Russian propaganda websites) that many German (European?) internet providers are prone to block:
Their network map promiscuously shows ZERO servers in Germany. They have in every other major EU country. I guess they have it this way to not follow this.
It shows two datacenter locations in Germany, Digital Realty and Interxion, both in Frankfurt.
They are also operating in Denmark, which have laws similar to those of Germany. One way they could get around the issue is perhaps by not actually being an ISP. I'm not a 100% sure, but I believe that at least in Denmark it's the job of the ISPs to block you from accessing certain sites. DNS blocking has been deemed sufficient. The providers of public DNS servers aren't ISPs so it's not their job to block the traffic. I also don't belive that e.g. Googles 8.8.8.8 is censured in the EU.
> I also don't belive that e.g. Googles 8.8.8.8 is censured in the EU.
They were recently forced by Italy’s AGCOM to censor domains used for piracy, specifically they had to sign up to the PiracyShield thing that was also discussed here some time ago.
They have not posted anything on social media in a long time and there was some downtime a few months ago. I would really like to use this primarily, but it is really a problem when your DNS suddenly becomes unavailable without any note from the devs ^^
Some context that might be overlooked by the non-eu visitors: the eu is passing a bunch of laws that forces/requires larger corporations and so called “critical entities” to invest in resilience. Amongst which of course also cyber resilience. This is a broad area, from security hardening to cataclysm preparation. The relevant eu guidelines are NIS2 and CER.
The laws don’t tell the entities what they should prepare for. Rather, they state that the entities must execute a proper risk assessment and prepare accordingly (obviously this is the rough summary. The actual legislations are a bit better worded than a 9pm forum post)
And given what’s going on in the world + the phrasing of the legislations, using eu based services is becoming a lot more attractive to these companies.
Which means that being a eu based company whose offer is “whatever US company X does, but a bit less mature atm, we’re working on it!” has gone from a pointless strategy to one that might just work.
Edit: BTW that last paragraph is not meant to imply that dns0 isn’t mature. I don’t know them. Just wanted to put in words the general vibe I’m picking up.
> NextDNS was founded in May 2019 in Delaware, USA by two French founders Romain Cointepas and Olivier Poitrey. Olivier has been working on Internet infrastructures for the last 20 years. In 2005, he founded Dailymotion, the largest video sharing service after Youtube and the most popular European website in the world at the time. He is currently Director of Engineering at Netflix, working on Open Connect, Netflix's home CDN also known as the CDN moving about 30% of the total US Internet traffic. Romain and Olivier closely worked for years at Dailymotion on many different projects. Romain ended up leading the mobile & TV department.
This is made and maintained by the same guy who made NextDNS, a Netflix CDN expert.
They know how to make low latency distributed network applications, but it isn't their day job and the pace of development of both Next and this shows it.
I've been paying for NextDNS for at least 4 years now and use their DoH clients on mobile, and its the upstream for AdGuard at home + cloudflared for laptops on the go. It's a great service.
Living in Germany, one of the things about DNS-level adblocking is: It SILENTLY obstructs a lot of the payback, reward and coupon programs.
For example, the biggest country-wide payback program is payback.de, and their most of their coupon multiplier links here – https://www.payback.de/coupons/info – will be clickable, but silently not work after you purchase.
Adblocking is good, but I prefer when it's controlled and I can just open an incognito window or disable it temporarily when I need them, for whatever reason.
> For example, the biggest country-wide payback program is payback.de, and their most of their coupon multiplier links here – https://www.payback.de/coupons/info – will be clickable, but silently not work after you purchase.
I don't understand this claim. Payback coupons have to be activated before purchase, so even if somehow that link wouldn't work anymore after a purchase it'd be too late anyway to have the coupon applied.
Can you elaborate or provide links for more information?
This is neat. I wonder what the delta is between this and NextDNS (who funds/powers the non-profit). I imagine NextDNS blocks a superset of the baseline of dangerous domains blocked by dns0.eu? Is the main addition primarily advertising and analytics related?
edit: another key addition by NextDNS is a global infra footprint, rather than just in the EU. Oh it looks like there’s no anycast with the non-profit as well? And you have to pick your local resolver. I guess that makes sense because the main value prop of NextDNS (to me) is when I’m traveling and a local pi-hole won’t suffice.
I thought the two sounded similar, then I saw at the bottom they both have come from the same two founders. Nice to have a straightforward alternative to NextDNS to recommend to relatives.
Unfortunately, the setup instructions for "Linux" on the homepage only consider "systemd." Of course, every GNU/Linux user — or rather, administrator — who doesn't use systemd knows how to set it up the "old" UNIX way. However, assuming that Linux equals systemd is kind of offensive to a small group of systemd avoiders (such as myself).
Unfortunately, the road signs for "vehicles" on the streets only consider "motor vehicles". Of course, every vehicle operator — or rather, rider — who doesn’t drive a car knows how to travel them on horse carriages. However assuming that vehicles equal cars is kind of offensive to a small group of motor avoiders (such as myself).
I use wayland with sysvinit and comments like this make me cringe. He was not even talking about wayland and you managed to inject this anti-X11 tirade into the conversion anyway. X11 works great for many people and if it were not for XWayland, Wayland would be unusable.
"Nous distribuons notre infrastructure sur plusieurs hébergeurs dans chaque État membre de l'Union européenne. Notre pile logicielle sur mesure a été testée au combat pendant plus de 3 ans, répondant à des billions de requêtes et servant des centaines de milliers d'utilisateurs chez NextDNS."
Claims it's 100% european, can't even have proper french. :-/
To a french ear, it sounds like a (bad) translation from English.
For instance, "a été testée au combat" is meaningless in French. The same idea in idiomatic French would be "a subi l'épreuve du feu". And I guess the "billions" should be only "milliards" (French uses the long scale, so the word "billion" exists but corresponds to a thousand billions as understood in (US?) English)...
I hear you, but it's also a reality that more people in our field have heard "battle tested", know what it means and understand the French translation than "épreuve du feu" (I genuinely only ever read that idiom, and not once since the horrible movie which got that as the French name).
That's where I'm saying going back to an older idiom just makes it classic, and doesn't help communication in itself IMHO.
"testée au combat" is a dumb and lazy translation for "battle-tested". Also, we don't have billions here, it's "milliards". The fact that it comes from a french non-profit organization makes it even worse. Such a lack of respect for their own culture makes me sad.
2x10^12 isn't crazy for a number of requests over 3 years.
For comparison Cloudflare deals with 32 million requests per second[0]. I don't know if they're at CF scale, but in itself it's still a plausible number for a multinational DNS.
Clearly a translation from English. Which is funny since there are no native English-speaking languages in the EU anymore (Ireland's first official language is not English).
But also, it's amazing that the EU can function at all with the amount of criticism it gets if every single little communication is not perfectly tuned for every potential European reader. :-/
> Which is funny since there are no native English-speaking languages in the EU anymore (Ireland's first official language is not English).
Did you mean "no native English speakers"? There are - Ireland.
"First" is doing a lot of heavy lifting. I'm sure you well know there are 2 official languages in Ireland, and English is used by the majority of the population, and English-only speakers far outnumber the fluent bilingual speakers.
Of course on paper Ireland are going to hold Irish as supreme (which I support), but de facto and practically, the language of Ireland is English.
Ireland and Malta still remain EU members whose official languages include English.
More over, the lingua franca of Europe is still English, despite any French sadness that it's not French any more.
I suspect that will be news to most (97%) of Irelands population :-) Ireland is very much an English speaking country with Irish coming a distant second despite both being 'official' languages and the latter being our traditional tongue.
How does this differ from a service like quad9? Has someone done speed tests? One key difference is probably quad9 being under Swiss privacy laws and dns0 being under gdpr laws in the EU.
You cannot have someone like TRump instruct/pressure/force microsoft to delete emails and accounts of the International war crimes investigators, who were investigating Israel for war crimes.
A french non-profit subject to the EU and France rules.
Which means they absolutely abide the DSA and must block 'illegal content' which is pretty extensive these days. Includes 'hate speech' which isnt well defined, but only when ordered by a court. Not to mention various "disinformation" orders they must abide by now.
They are also subject to orders from ARCOM? for copyright related stuff.
They are also obligated to record and store all dns queries by ip essentially forever.
This is literally why the title claims "safer". They are censoring.
Sounds poorly defined. I have no explicit obligation to participate on this forum or any other high profile tech forum, but should I feel inclined implicitly, now I'm beholden to the local moderation.
I'm "free to leave the EU if I don't like it", as a certain kind of folk would say.
Issues like this always have exceptions and grey areas
> I'm "free to leave the EU if I don't like it",
A country is free to leave the EU. An individual can leave by moving elsewhere.
I have never come across anyone saying they could give up EU membership as an individual, as individuals are not members of the EU.
> I have no explicit obligation to participate on this forum or any other high profile tech forum, but should I feel inclined implicitly, now I'm beholden to the local moderation.
That is exactly the point. Private spaces can have all kinds of rules stopping you doing things you are free to do in public.
> Issues like this always have exceptions and grey areas
That's my point. If that holds, then it will also hold that there will be individuals who can call moderation censorship. Either we accept these categories as equals from the get-go (content filtering), or this doesn't justify equating them, which is what GP said he'd be doing if he felt the cynic rise in them.
For what it's worth, it's not that I don't recognize the ideas of moderation and censorship different. It's just that I think of them as different characterizations of the same thing - and then sometimes those characterizations I find fair, sometimes not so much.
> I have never come across anyone saying they could give up EU membership as an individual, as individuals are not members of the EU.
You're still yet to come across anyone like that, as you're misinterpreting the word "leave" for reasons beyond me.
I can leave my home, I can leave my home country, why couldn't I leave [the area of] the EU? Why did you think I was talking about some ceremonial relinquishing of my EU "citizenship" that as you say does not exist?
> you are free to do in public.
There's nothing stopping anyone from claiming any area as theirs and then imposing rules on them, trivially bypassing this notion. Examples include: not in my backyard, not in front of my house, not in this city, not in this country, etc.
In a lot of use cases you only need to change the host name. https://dns0.eu/ or dns0.eu is not that difficult to remember.
The ip addresses are indeed not memorable, but users who change the settings of their routers won’t have too much trouble copy and pasting an IP address once or twice. Save it in a password manager and you’re done.
Bureaucracy has nothing to do with it, it’s a matter of resources.
I totally agree. When you go into that much trouble of creating an alternative (safer) EU DNS, try at least to make it user memorable by using easy IPs. I don5 understand why other HN users have downvoted your comment.
Would be cool, but it's very very hard to get such a memorable IP. And it costs a lot of money. Those who own such IPs wont give them away so easily. So unless you get a donation of such an IP address (actually more a block of IPs, like Quad9 who got 9.9.9.0/24 from IBM, see e.g. https://www.reddit.com/r/privacytoolsIO/comments/llqd7h/quad...), or have a lot of money... you'll probably be out of luck.
Because I set DNS approximately once per LAN that I build, when I configure its DHCP. The pretty IPs are cool, but this isn’t something I type more than once per year or so.
How much EU is in DNS4EU? - https://news.ycombinator.com/item?id=44255116 - June 2025 (108 comments)
DNS4EU, an EU-based DNS resolution service - https://news.ycombinator.com/item?id=44254610 - June 2025 (50 comments)
DNS4EU for Public Is Available - https://news.ycombinator.com/item?id=44190071 - June 2025 (78 comments)
> https://cuiiliste.de/domains
> https://de.wikipedia.org/wiki/Clearingstelle_Urheberrecht_im...
(both are German websites, but they should be easily understandable for everybody)
This list rather did rather become known because of a leak. Here is a German article about this topic: https://netzpolitik.org/2024/cuii-liste-diese-websites-sperr...
Also, I don't expect to have EU wide bans anytime soon because each country is into doing its thing in this regard. When Germany, Italy etc. are going trigger happy for piracy Eastern EU and the Nordics used to be or maybe continue to be the providers of that.
* nox.to
* getrockmusic.net
* libgen.gs
* sci-hub.st
Another interesting test case are the following domains (Russian propaganda websites) that many German (European?) internet providers are prone to block:
For example in Germany, Vodafone blocks the first three ones. The reason for this blocking is not the CUII list, but ANNEX XV of"COUNCIL REGULATION (EU) 2022/350
of 1 March 2022
amending Regulation (EU) No 833/2014 concerning restrictive measures in view of Russia's actions destabilising the situation in Ukraine":
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...
They are also operating in Denmark, which have laws similar to those of Germany. One way they could get around the issue is perhaps by not actually being an ISP. I'm not a 100% sure, but I believe that at least in Denmark it's the job of the ISPs to block you from accessing certain sites. DNS blocking has been deemed sufficient. The providers of public DNS servers aren't ISPs so it's not their job to block the traffic. I also don't belive that e.g. Googles 8.8.8.8 is censured in the EU.
They were recently forced by Italy’s AGCOM to censor domains used for piracy, specifically they had to sign up to the PiracyShield thing that was also discussed here some time ago.
They provide variants for unfiltered DNS, blocking malware/phishing, and malware/phishing + pornography.
All variants are provided over IPv4, IPv6, DoH, and DoT.
https://www.cira.ca/en/canadian-shield/configure/summary-cir...
The laws don’t tell the entities what they should prepare for. Rather, they state that the entities must execute a proper risk assessment and prepare accordingly (obviously this is the rough summary. The actual legislations are a bit better worded than a 9pm forum post)
And given what’s going on in the world + the phrasing of the legislations, using eu based services is becoming a lot more attractive to these companies.
Which means that being a eu based company whose offer is “whatever US company X does, but a bit less mature atm, we’re working on it!” has gone from a pointless strategy to one that might just work.
Edit: BTW that last paragraph is not meant to imply that dns0 isn’t mature. I don’t know them. Just wanted to put in words the general vibe I’m picking up.
> dns0.eu is a French non‑profit organization founded in 2022 by Romain Cointepas and Olivier Poitrey — co-founders of NextDNS.
-> https://help.nextdns.io/t/y4hmv0n/who-is-behind-nextdns
> Who is behind NextDNS?
> NextDNS was founded in May 2019 in Delaware, USA by two French founders Romain Cointepas and Olivier Poitrey. Olivier has been working on Internet infrastructures for the last 20 years. In 2005, he founded Dailymotion, the largest video sharing service after Youtube and the most popular European website in the world at the time. He is currently Director of Engineering at Netflix, working on Open Connect, Netflix's home CDN also known as the CDN moving about 30% of the total US Internet traffic. Romain and Olivier closely worked for years at Dailymotion on many different projects. Romain ended up leading the mobile & TV department.
Brain gymnastics at work.
They know how to make low latency distributed network applications, but it isn't their day job and the pace of development of both Next and this shows it.
For example, the biggest country-wide payback program is payback.de, and their most of their coupon multiplier links here – https://www.payback.de/coupons/info – will be clickable, but silently not work after you purchase.
Adblocking is good, but I prefer when it's controlled and I can just open an incognito window or disable it temporarily when I need them, for whatever reason.
I don't understand this claim. Payback coupons have to be activated before purchase, so even if somehow that link wouldn't work anymore after a purchase it'd be too late anyway to have the coupon applied.
Can you elaborate or provide links for more information?
edit: another key addition by NextDNS is a global infra footprint, rather than just in the EU. Oh it looks like there’s no anycast with the non-profit as well? And you have to pick your local resolver. I guess that makes sense because the main value prop of NextDNS (to me) is when I’m traveling and a local pi-hole won’t suffice.
You can stick to fiddling your way with sysv and x11 if you like. The world has moved on.
Of course.
At work, I use the system my employer provides, with systemd and gnome.
At home, I use the one that gives me the most freedom, with sysvinit and x11.
Such is the reality of life.
Claims it's 100% european, can't even have proper french. :-/
It's not traditional idiomatic, but we're also in 2025 and most people won't even understand the old idioms.
For instance, "a été testée au combat" is meaningless in French. The same idea in idiomatic French would be "a subi l'épreuve du feu". And I guess the "billions" should be only "milliards" (French uses the long scale, so the word "billion" exists but corresponds to a thousand billions as understood in (US?) English)...
That's where I'm saying going back to an older idiom just makes it classic, and doesn't help communication in itself IMHO.
A billion in French is 10^12 (1,000,000,000,000) so I doubt they truly served "billions de requêtes".
For comparison Cloudflare deals with 32 million requests per second[0]. I don't know if they're at CF scale, but in itself it's still a plausible number for a multinational DNS.
[0] https://blog.cloudflare.com/application-security/
PS: mistaking the short scale for the longer is common, but that shouldn't be a pretext to straight throw every use of "billion" under the bus.
(It's very French of you to complain about it, though.)
But also, it's amazing that the EU can function at all with the amount of criticism it gets if every single little communication is not perfectly tuned for every potential European reader. :-/
Did you mean "no native English speakers"? There are - Ireland.
"First" is doing a lot of heavy lifting. I'm sure you well know there are 2 official languages in Ireland, and English is used by the majority of the population, and English-only speakers far outnumber the fluent bilingual speakers.
Of course on paper Ireland are going to hold Irish as supreme (which I support), but de facto and practically, the language of Ireland is English.
Ireland and Malta still remain EU members whose official languages include English.
More over, the lingua franca of Europe is still English, despite any French sadness that it's not French any more.
https://en.wikipedia.org/wiki/Languages_of_the_European_Unio...
https://www.cso.ie/en/csolatestnews/pressreleases/2023pressr...
No, thanks. I don't want a "safe" DNS, I want one that always returns the IP of the host, no matter the actual safety/censorship policies of the day.
on paper it looks great
https://en.wikipedia.org/wiki/Quad9
https://news.ycombinator.com/item?id=43469457
Added it to Librewolf and it works fine,
Just put the kids.dns0.eu on my grandkids phone and again it works perfectly.
I have of course already done this in the past with the Mullvad DNS with the family filter:
I would rather use an EU DNS server than any US shite.
dnsleaktest; on the Mx-linux machine
IP: 217.156.17.129 M247 Europe Brussels, Belgium
I do hope that the EU can slowly disconnnect from all USA services and have our own.
https://nlnet.nl/project/current.html
https://european-alternatives.eu/
You cannot have someone like TRump instruct/pressure/force microsoft to delete emails and accounts of the International war crimes investigators, who were investigating Israel for war crimes.
Which means they absolutely abide the DSA and must block 'illegal content' which is pretty extensive these days. Includes 'hate speech' which isnt well defined, but only when ordered by a court. Not to mention various "disinformation" orders they must abide by now.
They are also subject to orders from ARCOM? for copyright related stuff.
They are also obligated to record and store all dns queries by ip essentially forever.
This is literally why the title claims "safer". They are censoring.
Characterization.
I'm certainly not aware of any possible ways of restricting things to make things safer where one couldn't just decide to call it censorship at least.
Control.
If it is an optional service provided to users it is moderation.
If it is not optional, then it is censorship.
I'm "free to leave the EU if I don't like it", as a certain kind of folk would say.
Issues like this always have exceptions and grey areas
> I'm "free to leave the EU if I don't like it",
A country is free to leave the EU. An individual can leave by moving elsewhere.
I have never come across anyone saying they could give up EU membership as an individual, as individuals are not members of the EU.
> I have no explicit obligation to participate on this forum or any other high profile tech forum, but should I feel inclined implicitly, now I'm beholden to the local moderation.
That is exactly the point. Private spaces can have all kinds of rules stopping you doing things you are free to do in public.
That's my point. If that holds, then it will also hold that there will be individuals who can call moderation censorship. Either we accept these categories as equals from the get-go (content filtering), or this doesn't justify equating them, which is what GP said he'd be doing if he felt the cynic rise in them.
For what it's worth, it's not that I don't recognize the ideas of moderation and censorship different. It's just that I think of them as different characterizations of the same thing - and then sometimes those characterizations I find fair, sometimes not so much.
> I have never come across anyone saying they could give up EU membership as an individual, as individuals are not members of the EU.
You're still yet to come across anyone like that, as you're misinterpreting the word "leave" for reasons beyond me.
I can leave my home, I can leave my home country, why couldn't I leave [the area of] the EU? Why did you think I was talking about some ceremonial relinquishing of my EU "citizenship" that as you say does not exist?
> you are free to do in public.
There's nothing stopping anyone from claiming any area as theirs and then imposing rules on them, trivially bypassing this notion. Examples include: not in my backyard, not in front of my house, not in this city, not in this country, etc.
Perfect example how one can destroy whole concept with bad user experience.
I truly don’t get this. Is it a Europe = bureaucracy take?
> they came up with IP's that can't be more random
Came up with? I imagine those novelty IPs are extremely difficult and expensive to acquire.
That said I 100% agree memorable IPs is very useful for DNS config.
For example
https://github.com/samhocevar/rinetdThe ip addresses are indeed not memorable, but users who change the settings of their routers won’t have too much trouble copy and pasting an IP address once or twice. Save it in a password manager and you’re done.
Bureaucracy has nothing to do with it, it’s a matter of resources.
Could you afford 4.4.4.4?