The problem is we don't need a few big providers, we need thousands of smaller ones everywhere. Big providers are easy to attack with a single bullet (court case).

Small providers can also be hit with the same bullet (depending on the wording), it’s whether the laws can actually be enforced, which is a cat-and-mouse game the same way piracy generally is. They are still providing a digital service in the country and are subject to the laws.

Small providers can, but when they are across many countries it takes a lot of work to actually accomplish that.

DNS feels like it should be easy to proxy. Or just have more distributed resolvers. Why isn't it done more? Is it super expensive? Maybe due to UDP allowing traffic-amplification attacks?

What do you mean by "DNS proxy"? What is a DNS resolver if not a proxy for DNS requests?

> What is a DNS resolver if not a proxy for DNS requests?

A DNS resolver... resolves (recursively). unbound[0] would be an example.

A proxy instead only forwards to a trusted DNS server (or servers) and may cache their responses but won't do any resolution by themselves. dnsmasq[1] would be an example.

My guess is a simple proxy is less vulnerable to UDP amplification attacks (and also vastly simpler to implement and maintain).

The drawback is you need a resolver you trust, but that might be okay if you actually do have one. E.g. some DNS server that you know is safe but is not operating in your country (you might just want to proxy it so its closer to you for lower latency).

[0] https://en.m.wikipedia.org/wiki/Unbound_(DNS_server)

[1] https://en.m.wikipedia.org/wiki/Dnsmasq

that's true! i was thinking about it in terms of resolv.conf, where everything is a resolving "nameserver" with an ip address regardless of how it actually works.

In that sense, proxies are also resolvers. Just not recursive.

No, it means that the French and Belgian governments are pieces of shit who should be lynched.