The debate over digital sovereignty revolves around the cloud, AI models, and data centers. It involves discussions of hosting providers and jurisdictions. It almost never mentions the two protocols without which none of this works. Not a single leader is keeping an eye on them. Yet, the day one of them fails, the rest will fall with it. Let’s break it down, without overdoing the drama.
What the DNS Does, and Where the Control Points Are
The DNS is the Internet’s address book. You type in a name; your computer needs a number—the IP address—to reach the machine on the other end. The DNS translates one into the other. Without this translation, the names lead nowhere. Everything you do online starts with a DNS query that you never see.
The system is hierarchical, and that’s where the control points are located. At the very top is the root. Thirteen sets of root servers, coordinated under the auspices of ICANN, a U.S.-based organization. Below the root are the registries: the one that manages .com, the one that manages .fr—Afnic, in this case. Below the registries are the registrars that sell you your domain name. And at the other end of the chain are the resolvers: the servers that handle the translation for your network.
Three areas of vulnerability stand out. The root and its legal framework, which centralize global coordination. The registry for your domain extension, which can suspend a domain name. And above all, the resolver you use every day. Many organizations allow their machines to query Google’s or Cloudflare’s public resolvers by default, without making a conscious decision. This resolver processes every domain name you request. It’s a complete browsing log, entrusted to a third party that no one has chosen.
What NTP Does, and Why Time Is Critical
NTP synchronizes the clocks on machines. Every server, every workstation, and every piece of network equipment constantly adjusts its time to a reference source, through successive layers called strata, from an atomic clock or a satellite signal all the way down to your machine. We tend to think of this as a technical detail. It’s a fundamental dependency.
Without precise time, cryptography breaks down. A TLS certificate has a start date and an end date. If the clock drifts, the certificate is deemed expired or not yet valid, and the secure connection fails. Authentication tokens, one-time codes, and timestamping protocols all rely on a common time. Shift the clocks, and security silently collapses.
Without consistent time, logs become unreadable. Correlating an incident across ten servers requires that all ten time their events on the same scale. A discrepancy of just a few seconds makes it impossible to reconstruct the timeline of an attack. Without reliable time, financial transactions lose their order. Regulated markets require microsecond-level synchronization precisely for this reason. Time is not a convenience. It is the infrastructure beneath the infrastructure.
And the default source is often a single one: a public pool, or the servers of the operating system vendor. A silent dependency, once again.
Why the Political Debate Goes Awry
As soon as these protocols are brought into the political arena, the discussion derails—and always in the same way. One side wants to regain control, which quickly translates into recentralization: a national resolver, a regional root, a sovereign reference time. The other side points out that the robustness of these protocols stems precisely from their distribution, and that fragmenting them along national borders would make them more fragile, not less so.
Both sides have a point, and that’s why the debate isn’t moving forward. The DNS root is indeed subject to foreign law—that’s a fact. But building an alternative root would amount to splitting the namespace, thereby undermining the universality that is the very essence of the Internet. Similarly, a single resolver imposed at the national level creates a point of control where none existed before.
The trap is always the same: people want to regulate something without specifying what it is. Regulate the root? No single entity has the power to do that alone. The resolver? In that case, yes, one organization decides. Time synchronization? One organization decides that, too. Meaningful sovereignty isn’t decided at the top of the hierarchy, out of reach. It’s decided right where you actually have control.
What an organization can do right now
There’s no need to wait twenty years for a European standard. Four measures are within reach today.
Take back control of DNS resolution. Host your own resolver, or choose one where you know the operator and the applicable law, instead of letting your machines point by default to a public resolver about which you know nothing. This way, you’ll retain the log of your own queries.
Diversify your time sources. Configure multiple NTP servers from different sources, and not all from the same provider. An exposed organization benefits from having an internal reference—such as a satellite signal receiver—to avoid relying on a single external source.
Enable DNSSEC. This extension cryptographically signs DNS responses and ensures that a domain name hasn’t been hijacked en route. It is implemented on both the domain side and the resolver side, and it blocks an entire class of attacks.
Monitor both. A dashboard that tracks the drift of your clocks and the health of your DNS resolution is inexpensive and reveals silent failures before they become incidents. What you don’t measure, you don’t see failing.
DNS and NTP will never make the headlines. They have neither a logo nor a flag to wave. But they are verifiable dependencies, with known checkpoints and concrete countermeasures. Sovereignty begins when you stop accepting default settings that no one decided on.
Sources
- ICANN, How the Root Server System Works, icann.org
- Afnic, Management of the
.frRegistry, afnic.fr - RFC 1035 (DNS) and RFC 5905 (NTPv4), IETF
- ANSSI, Recommendations on DNS and DNSSEC Security, cyber.gouv.fr
- ESMA / MiFID II, Clock Synchronization Requirements for Regulated Markets