I've been testing out DNS servers lately, and while they've all got standout features, Technitium has captured my attention. It's powerful, easy to set up, and deep when you want to add more functionality, and it uses barely any resources when running. It's also cross-platform, authoritative for your local DNS rebinds, and recursive for finding IP addresses while browsing the internet. And that's just the start.

Why run a local DNS server anyway?

Make your searches faster, more secure, and (with the right settings) unviewable by your ISP

All data can be monetized, and that includes the DNS lookups from your web browsing and other app usage. If you're not using encrypted DNS, your ISP is tracking your browsing habits, performing some performative level of making it anonymous, packaging it with similar users, and selling it to advertisers. That's one big reason to run your own DNS server, and one of the biggest things on my mind whenever I plan out networks.

But it's not only about limiting access to your data. It's about defining what data gets in front of your eyes, whether DNS-level blocking of malware and advertising, or redirecting domain names to local resources, so you can access self-hosted services to reduce the hold cloud companies have over the rest of your data. Plus, you get benefits like local caching for frequently-accessed domains, making browsing faster after the first visit.

It's not without its pitfalls, and DNS has a propensity to go wrong when misconfigured, but with a little bit of research and taking things slow when enabling new features, your self-hosted DNS server will protect your network and every device on it.

Setting up Technitium

This couldn't be easier

Technitium is built with .NET, so it's cross platform and works where your infrastructure already is. There are prebuilt packages for Windows, a portable app for Win/Linux/macOS/Raspberry Pi, an automated script to install it on Linux or Raspberry Pi, and an official Docker image, plus source if you want to compile it into FreeBSD or other OSes.

Running Technitium on Windows 10/11 is possible, but Internet Connection Sharing (ICS) can cause issues as it also listens on port 53. Docker, Hyper-V, and Microsoft Defender Application Guard all use the same port, so you can get around it by changing the port Technitium listens on (or avoid it altogether by running the DNS server on another machine that isn't Windows-based).

In my home lab, it's installed on Proxmox, because that and my router are the only devices I never turn off. And once I've gathered a couple more mini PCs, I'll have a Proxmox High Availability cluster going so my DNS will never be offline as long as I have power.

If you've already got a Proxmox server going, the easiest way is to use the Proxmox VE Helper-Scripts site. Go to the shell on the pve node and put the following in:

bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/technitiumdns.sh)"

That will download Technitium, set up the LXC container, and give you the local IP address ending in port 5380 to connect to for the rest of the setup process. It's ready to go out of the box, as it were, so all I did was set a secure password and that's all you'll need to do as well.

Then it's a matter of setting the Technitium IP address instead of whatever DNS servers your individual devices were set to use, so that they're using your new DNS for resolving and not directly getting details from your ISP or Google, or wherever your router was configured to use.

So why is Technitium the best option

So. Many. Options.

Technitium is user-friendly, like Pi-hole, but so much more powerful, like BIND or PowerDNS. You get network control, DNS-based blocking, the ability to host domains you own, and advanced features like split horizon DNS. You can encrypt your DNS traffic with DNS over TLS, DNS over HTTPS, DNS over QUIC, and others. Has a built-in DNS client to test domain resolution, and it's fast. Like, superfast, with millions of requests per minute possible even on midrange consumer CPUs.

You can set up Primary, Secondary, Stub, and Conditional Forwarder zones, wildcard subdomain support to hide your subdomain structure somewhat, and drop-down selection for forwarders with a whole range of protocols. Oh and an app store for even more extensions to make your perfect DNS server. I've been using it for a while now and it works wonderfully. DNS is weird enough without extra complications, and I've not run into any major issues. And the developer is super responsive on Reddit, GitHub and everywhere else I've seen while searching for my own error messages, which is awesome to see.

All the site blocking you could want

Many home users run DNS blocking for malware, adware, and other unwanted domains, so they never touch their network at all. Technitium has support for popular block lists, but you can also add your own IP addresses to banish to the shadow realm at any time. You get granular control over setting individual devices that can bypass those blocks, or temporarily lift blocking while you troubleshoot, and it all happens at the network level before content starts to download to the browser.

Create Split Horizon DNS

This one needs the Split Horizon app installing from the included App Store. Split Horizon returns different DNS query answers based on the IP address of the device asking for them, which is very handy indeed. You can make it so that internal IP addresses resolve to a specific self-hosted app, while making the same DNS query from an external IP address will either error out or return an external domain (assuming there is one that matches).

{
 "192.168.1.0/24": ["192.168.1.100"],
 "0.0.0.0/0": [""]
}

Remember to remove any A records from the app or service you want only resolving internally, as when there is an A record and an APP record, the A record will be used.

Run a built-in DHCP server with DNS integration

Technitium is also a fully-featured DHCP server if you wish, and you can create multiple network scopes, so that multiple networks, subdomains, or VLANs can all use the DNS server for resolution. This drastically simplifies things while making it an incredibly powerful tool. It also works with DHCP relay agents, and the DHCP server integrates with the DNS server, so when clients connect to a defined DHCP scope, the server creates the necessary forward and reverse DNS records for that client.

Technitium is only going to get better

The sole developer behind this wonderful DNS tool has said the next major update will bring one sorely missing feature - clustering for ultimate uptime with each DNS resolver synced to the others. That's the only drawback with having your own DNS resolver, planning for if or when it isn't reachable, because not every device will let you set up more than one custom DNS server. You can set up two instances of Technitium in the meantime and set zones up for each so they'll failover if one goes down, but that will only be needed for a short while until clustering support is ready.