Technitium DNS Server
Self host a DNS server for privacy & security
Block ads & malware at DNS level for your entire network!
Version 13.2.2
(Windows 7 SP1 and above)
(.NET 8 Runtime)
curl -sSL https://download.technitium.com/dns/install.sh | sudo bash
docker pull technitium/dns-server:latest
Technitium DNS Server is an open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security. It works out-of-the-box with no or minimal configuration and provides a user friendly web console accessible using any modern web browser.
Nobody really bothers about domain name resolution since it works automatically behind the scenes and is complex to understand. Most computer software use the operating system's DNS resolver that usually query the configured ISP's DNS server using UDP protocol. This way works well for most people but, your ISP can see and control what website you can visit even when the website employ HTTPS security. Not only that, some ISPs can redirect, block or inject content into websites you visit even when you use a different DNS provider like Google DNS or Cloudflare DNS. Having Technitium DNS Server configured to use DNS-over-TLS, DNS-over-HTTPS, or DNS-over-QUIC encrypted DNS protocols with forwarders, these privacy & security issues can be mitigated very effectively.
Be it a home network or an organization's network, having a locally running DNS server gives you more insights into your network and helps to understand it better using the DNS logs and stats. It improves overall performance since most queries are served from the DNS cache making web sites load faster by not having to wait for frequent DNS resolutions. It also gives you an additional control over your network allowing you to block domain names network wide and also allows you to route your DNS traffic securely using encrypted DNS protocols.
Block Ads At DNS Level
Technitium DNS Server allows you to configure Block List URLs that gets automatically updated daily to block ads on your network. The Quick Add option lists popular block lists available for you to choose from.
Read More: Blocking Internet Ads Using DNS Sinkhole
Privacy & Security
Technitium DNS Server supports using DNS-over-TLS, DNS-over-HTTPS, and DNS-over-QUIC protocols for forwarders allowing you to use popular public DNS resolvers like Cloudflare, Google & Quad9. These protocols provides privacy by encrypting your DNS traffic on the network and protects you from man-in-the-middle attacks.
Read More: How To Configure DNS Server For Privacy & Security
Features
- Works on Windows, Linux, macOS and Raspberry Pi.
- Docker image available on Docker Hub
- Installs in just a minute and works out-of-the-box with zero configuration.
- Block ads & malware using one or more block list URLs.
- Supports working as an authoritative as well as a recursive DNS server.
- High performance DNS server based on async IO that can serve millions of requests per minute even on a commodity desktop PC hardware (load tested on Intel i7-8700 CPU with more than 100,000 request/second over Gigabit Ethernet).
- Self host DNS-over-TLS, DNS-over-HTTPS, and DNS-over-QUIC DNS services on your network.
- DNS-over-HTTPS implementation supports HTTP/1.1, HTTP/2, and HTTP/3 transport protocols.
- Supports DNS over PROXY protocol version 1 and 2 for both UDP and TCP transports.
- Use public DNS resolvers like Cloudflare, Google, Quad9, and AdGuard with DNS-over-TLS, DNS-over-HTTPS, or DNS-over-QUIC protocols as forwarders.
- Support for latency based name server selection algorithm that works with concurrency feature for both recursive resolution and forwarders.
- Advanced caching with features like serve stale, prefetching and auto prefetching.
- Persistent caching feature that saves cache to disk when DNS server restarts.
- DNS rebinding attack protection feature available with DNS Rebinding Protection App.
- DNSSEC validation support with RSA & ECDSA algorithms for recursive resolver, forwarders, and conditional forwarders.
- DNSSEC support for all supported DNS transport protocols including encrypted DNS protocols.
- DANE TLSA [RFC 6698] record type support. This includes support for automatically generating the hash values using certificates in PEM format.
- SVCB & HTTPS [draft-ietf-dnsop-svcb-https] record type support.
- URI [RFC 7553] record type support.
- SSHFP [RFC 4255] record type support.
- CNAME cloaking feature to block domain names that resolve to CNAME which are blocked.
- QNAME minimization support in recursive resolver [RFC 9156].
- QNAME case randomization support for UDP transport protocol [draft-vixie-dnsext-dns0x20-00].
- DNAME record [RFC 6672] support.
- ANAME proprietary record support to allow using CNAME like feature at zone apex (CNAME flattening). Supports multiple ANAME records at both zone apex and sub domains.
- APP proprietary record support that allows custom DNS Apps to directly handle DNS requests and return a custom DNS response based on any business logic.
- Support for features like Split Horizon and Geolocation based responses using DNS Apps feature.
- Support for REGEX based block lists with different block lists for different client IP addresses or subnet using Advanced Blocking DNS App.
- Primary, Secondary, Stub, and Conditional Forwarder zone support.
- Static stub zone support implemented in Conditional Forwarder zone to force a domain name to resolve via given name servers using NS records.
- Supports Catalog Zones [RFC 9432].
- Supports record aging where the records with expiry set are automatically removed from the zone.
- Bulk conditional forwarding support using Advanced Forwarding DNS App.
- DNSSEC signed zones support with RSA & ECDSA algorithms.
- DNSSEC support for both NSEC and NSEC3.
- Zone transfer with AXFR and IXFR [RFC 1995] and DNS NOTIFY [RFC 1996] support.
- Zone transfer over TLS (XFR-over-TLS) [RFC 9103] support.
- Zone transfer over QUIC (XFR-over-QUIC) [RFC 9250] support.
- Support for zone validation using ZONEMD records [RFC 8976] for Secondary zones.
- Dynamic DNS Updates [RFC 2136] support with security policy.
- Secret key transaction authentication (TSIG) [RFC 8945] support for zone transfers.
- EDNS(0) [RFC6891] support.
- EDNS Client Subnet (ECS) [RFC 7871] support for recursive resolution and forwarding.
- Extended DNS Errors [RFC 8914] support.
- DNS64 function [RFC 6147] support for use by IPv6 only clients using the DNS64 App.
- Support to host DNSBL / RBL block lists [RFC 5782].
- Multi-user role based access with non-expiring API token support.
- Self host your domain names on your own DNS server.
- Wildcard sub domain support.
- Enable/disable zones and records to allow testing with ease.
- Built-in DNS Client with option to import responses to local zone.
- Supports out-of-order DNS request processing for DNS-over-TCP and DNS-over-TLS protocols [RFC 7766].
- Built-in DHCP Server that can work for multiple networks.
- IPv6 support in DNS server core.
- HTTP & SOCKS5 proxy support which can be configured to route DNS over Tor Network or use Cloudflare's hidden DNS resolver.
- Web console portal for easy configuration using any web browser.
- Built in HTTP API to allow 3rd party apps to control and configure the DNS server.
- Built-in system logging and query logging.
- Open source cross-platform .NET 8 implementation hosted on GitHub.
How To Get Started
- Download and install the DNS server. You can use the portable zip/tar.gz file too by extracting and run the DNS Server app.
- Open http://localhost:5380/ on your favourite web browser.
- The web console will auto login using default username 'admin' and password 'admin'. Don't forget to change the password to disable auto login!
- Optionally, configure forwarder DNS server IP addresses or URLs in DNS Settings so that the DNS Server uses them to resolve requests instead of doing recursive resolution by itself. You may configure any public DNS server like Google DNS, Cloudflare DNS or OpenDNS.
- Configure the DNS server's IP address in your network configuration and on other computers on the network if needed. You can use the built-in DHCP server to assign IP addresses and the DNS servers automatically on your local network.
- ???
- Profit!
API Documentation
The DNS server HTTP API allows any 3rd party app or script to configure the DNS server. The HTTP API is used by the web console and thus all the actions that the web console does can be performed via the API. Read the HTTP API documentation for complete details.
Open Source
Source code available under GNU GPLv3 Licence on GitHub.
Help Topics
Read the latest help topics which contains the DNS Server user manual and covers frequently asked questions.
Support
For more info, send an email to [email protected]. Any feedback or feature requests are welcome.
Join /r/technitium on Reddit.
Donate
Make a contribution to Technitium and help making new software, updates, and features possible.
Privacy Policy
Read the privacy policy to know how your data is used.