Technitium DNS Server

Source
dnsself-hostingad-blockingprivacynetwork-securitydockerdns-over-httpsopen-source

Summary

Technitium DNS Server is a mature, open-source, cross-platform DNS server that combines authoritative + recursive DNS, network-wide ad blocking, and encrypted DNS protocols (DoT, DoH, DoQ) in a single self-hosted package. It runs on Windows, Linux, macOS, Raspberry Pi, and Docker with minimal configuration, and offers a web console for management.

Key Insight

  • Serves as a Pi-hole alternative with significantly more features: full authoritative DNS, DNSSEC signing/validation, zone transfers (AXFR/IXFR), dynamic DNS updates, and catalog zones
  • Supports all modern encrypted DNS protocols: DNS-over-TLS, DNS-over-HTTPS (HTTP/1.1, HTTP/2, HTTP/3), and DNS-over-QUIC — making it a complete privacy-first DNS stack
  • Performance claim: 100 000+ requests/second on commodity hardware (Intel i7-8700 over Gigabit Ethernet) using async IO
  • Built-in DHCP server eliminates the need for a separate DHCP service on small networks
  • “DNS Apps” feature allows custom business logic for DNS responses — enables split-horizon, geolocation-based responses, and regex-based blocking per client IP/subnet
  • Built-in clustering allows managing multiple DNS server instances from a single web console
  • PROXY protocol v1/v2 support means it works behind HAProxy or similar load balancers without losing client IP info
  • Has a full HTTP API, so it can be automated/scripted for infrastructure-as-code setups
  • CNAME cloaking detection blocks tracker domains that hide behind CNAME chains — a technique many ad blockers miss
  • Built on .NET 9, GPLv3 licensed, actively maintained (version 14.3 as of bookmark date)