Latest update

6/recent/ticker-posts

Technitium DNS Server in Docker: Is this the Best Home Server DNS?

 

Technitium DNS Server in Docker for Home

When many enthusiasts or home labbers start to look at services they want to run at home after purchasing some server gear, DNS server is one of the first services that you can benefit from. DNS provides the core name resolution for your home lab and server environment. Hosting your own DNS server provides many benefits over using the configured ISP’s DNS server settings.

Requirements for this post:

  • Access to a host that will run Technitium
    • Can be a full Linux/Windows OS or Docker host
  • Internet connectivity to pull down the Technitium image/install
  • Install Docker and Docker Compose if going the container route
  • Point clients to the new server

What is a DNS Server?

A DNS (Domain Name System) server is one of the technological foundations of the Internet. It translates human-readable domain names into IP addresses. It acts as a phonebook for the Internet, allowing humans to not have to remember the IP addresses of their favorite websites or server hosts, but instead type in friendly, easy-to-remember names. DNS servers are responsible for domain name resolution and handle clients’ DNS requests.

 

Recursive DNS Server

A recursive DNS server is a type of DNS server that directly handles DNS requests from clients. It plays a vital role in resolving domain names and can be configured as a locally running DNS server or use different DNS provider options.

Why is DNS Important for Home Lab?

If you are running a home server or home lab environment with many self-hosted resources, running your own DNS server has many benefits. These include:

  • Enhanced privacy and security

  • Performance

  • Name resolution for local resources

Enhanced Privacy and Security

Many host their own DNS server for privacy and security reasons. A DNS server for privacy can block ads malware at the DNS level and employ HTTPS security. Server options for privacy security include features like encrypted DNS protocols and DNSSEC validation support.

Also, it means you are filtering and sanitizing your DNS requests before they leave the control of your network, allowing you to squash unwanted privacy and security concerns before they happen.

Performance

A self-hosted high-performance DNS server offers advanced DNS blocking and custom DNS response based on your needs. In other words, your queries from clients will hit your local DNS server first and resolve from cache; only if the DNS server needs to forward the request will the traffic traverse outside your network.

Name resolution for local resources

You may be using a “.local” or “.lab” suffix for your internal domain. If that is the case, you will need a way to resolve these names inside your network since they won’t exist outside the network.

Hosting your own DNS server allows effectively answering these queries for resources that only exist in your lab environment without the possibility of the lookups failing and eliminating the need to handle name resolution in less efficient ways, like manipulating host files.

What is Technitium DNS Server

Technitium DNS Server is more than just a DNS server; it’s a tool that empowers users to host a DNS server, configure their ISP’s DNS server, and even self-host a DNS. With features like encrypted DNS protocols and wildcard subdomain support, it’s a versatile solution for privacy and security.

Like Pi-Hole and Adguard Home, it allows blocking ads malware at DNS layer.

Technitium DNS Server
Technitium DNS Server

Also, like other self-hosted DNS services, you can run Technitium on commodity desktop pc hardware or run it inside a Docker container, as we will see below.

Technitium DNS Server: Features and Benefits

Note the following benefits of Technitium DNS server:

  • Advanced forwarding

  • Enhanced privacy and security

  • User friendly console

  • DNS Apps

Advanced Forwarding DNS App and Extended DNS Errors Support

Technitium DNS Server offers an advanced forwarding DNS app that enhances the user experience. Extended DNS errors support ensures that users can troubleshoot issues with ease. These features contribute to making Technitium a high-performance DNS server.

DNS Server for Privacy Security

With server options for privacy security, Technitium DNS Server configured settings provide robust protection. Block ads malware at the DNS level and employ HTTPS security to safeguard your entire network.

 

User-Friendly Web Console and Modern Web Browser Compatibility

You don’t have to read a DNS server user manual to run Technitium. The user-friendly web console in Technitium allows for easy navigation and management. Compatibility with modern web browsers ensures that users can access the DNS server core functionalities without hassle.

One complaint that I do have about the interface is there is no dark mode unfortunately 🙁

DNS Apps

As we will see below, DNS Apps in Technititum allow extending the capabilities of Technititum and allow it to do even more. It makes it a highly modular solution that sets it apart from other self-hosted DNS solutions.

How Does Technitium Compare to Pi-Hole and AdGuard Home?

Technitium DNS Server vs. Pi-Hole

Technitium DNS Server offers advanced features like DNS server HTTP API and extended DNS errors support. Unlike Pi-Hole, Technitium supports DNS notify support and dynamic DNS updates support. It has much more robust conditional forwarding support as well. I do think the web console in Pi-Hole looks better than Technitium with the default dark mode and modern UI.

Check out my video on using Unbound with Pi-hole here:

Technitium DNS Server vs. AdGuard Home

Compared to AdGuard Home, Technitium offers unique features like custom DNS apps feature and more robust domain zone handling. With options to route DNS through different client IP addresses and support for DNS apps, Technitium stands out vs Adguard. The DNS cache management and frequent DNS resolution support make it a good choice.

Installing Technitium – Step-by-Step

Let’s consider installing Technitium as a self-hosted resource on your home server environment, including configuring the operating system’s DNS resolver for clients, etc.

One of the easiest ways to install Technitium is by using a Docker container. You can easily spin up Technitium using Docker Compose. To get Docker and Docker Compose up and running in Ubuntu, you can use the following:

sudo apt-get update \
sudo apt-get install \ 
    ca-certificates \ 
    curl \ 
    gnupg \ 
    lsb-release -y && \ 
sudo mkdir -m 0755 -p /etc/apt/keyrings  
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \ 
echo \ 
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ 
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null && \ 
sudo apt-get update && \ 
sudo chmod a+r /etc/apt/keyrings/docker.gpg 
sudo apt-get update && \ 
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

Use the following code found on the official Technitium GitHub repository to create a new Technitium contanier.

You can uncomment the line for admin password:

  • DNS_SERVER_ADMIN_PASSWORD

Or you can use a password file and uncomment that line alternatively.

version: "3"
services:
  dns-server:
    container_name: dns-server
    hostname: dns-server
    image: technitium/dns-server:latest
    # For DHCP deployments, use "host" network mode and remove all the port mappings, including the ports array by commenting them
    # network_mode: "host"
    ports:
      - "5380:5380/tcp" #DNS web console (HTTP)
      # - "53443:53443/tcp" #DNS web console (HTTPS)
      - "53:53/udp" #DNS service
      - "53:53/tcp" #DNS service
      # - "853:853/udp" #DNS-over-QUIC service
      # - "853:853/tcp" #DNS-over-TLS service
      # - "443:443/udp" #DNS-over-HTTPS service (HTTP/3)
      # - "443:443/tcp" #DNS-over-HTTPS service (HTTP/1.1, HTTP/2)
      # - "80:80/tcp" #DNS-over-HTTP service (use with reverse proxy or certbot certificate renewal)
      # - "8053:8053/tcp" #DNS-over-HTTP service (use with reverse proxy)
      # - "67:67/udp" #DHCP service      
    environment:
      - DNS_SERVER_DOMAIN=dns-server #The primary domain name used by this DNS Server to identify itself.
      # - DNS_SERVER_ADMIN_PASSWORD=password #DNS web console admin user password.
      # - DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt #The path to a file that contains a plain text password for the DNS web console admin user.
      # - DNS_SERVER_PREFER_IPV6=false #DNS Server will use IPv6 for querying whenever possible with this option enabled.
      # - DNS_SERVER_WEB_SERVICE_HTTP_PORT=5380 #The TCP port number for the DNS web console over HTTP protocol.
      # - DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443 #The TCP port number for the DNS web console over HTTPS protocol.
      # - DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=false #Enables HTTPS for the DNS web console.
      # - DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false #Enables self signed TLS certificate for the DNS web console.
      # - DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx.
      # - DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks #Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworks.
      # - DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24 #Comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworks` recursion option.
      # - DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24 #Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworks` recursion option.
      # - DNS_SERVER_ENABLE_BLOCKING=false #Sets the DNS server to block domain names using Blocked Zone and Block List Zone.
      # - DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false #Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests.
      # - DNS_SERVER_BLOCK_LIST_URLS= #A comma separated list of block list URLs.
      # - DNS_SERVER_FORWARDERS=1.1.1.1, 8.8.8.8 #Comma separated list of forwarder addresses.
      # - DNS_SERVER_FORWARDER_PROTOCOL=Tcp #Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson.
      # - DNS_SERVER_LOG_USING_LOCAL_TIME=true #Enable this option to use local time instead of UTC for logging.
    volumes:
      - config:/etc/dns
    restart: unless-stopped
    sysctls:
      - net.ipv4.ip_local_port_range=1024 65000
 
volumes:
    config:

 

Place the code inside a new docker-compose.yml file and then issue the command:

docker compose up -d
Pulling the Technitium DNS Server Docker container
Pulling the Technitium DNS Server Docker container

At this point, you should be able to browse to the IP address of your Docker host, hosting the Technitium server and enter the credentials configured in the Docker Compose code.

Login with your admin password to Technitium
Login with your admin password to Technitium

To start having Technitium answer DNS queries, point your clients to the Technitium DNS server IP (Docker host IP if hosted in Docker). You can automate this configuration of course by configuring your DHCP server to hand out the IP address of your Technitium DNS server.

Configure your network clients with the Technitium DNS Server address
Configure your network clients with the Technitium DNS Server address

 

After a few moments (you may need to refresh the Dashboard screen), you will see the DNS query activity hit the Technitium DNS server.

DNS query activity in Technitium
DNS query activity in Technitium

Adding block lists

How do you add block lists to Technitium? They have made this quite easy, but it isn’t just readily obvious if you haven’t used Technitium before. Navigate to the Settings > Blocking page.

There is a Quick Add dropdown with included blocklists, like in Pi-Hole and others. Select the blocklists from the dropdown menu and save your changes.

Quick add block lists
Quick add block lists

Custom DNS Apps

One of the great things about Technitium is its modular architecture. Within the Technitium interface, you can add DNS “apps” that extend the functionality of Technitium. You can access this from the Apps screen.

Viewing the apps screen in Technitium
Viewing the apps screen in Technitium

 

As you can see, when you open the Apps, you will see the DNS App Store. There are several apps listed in the store, including the following in the store by default:

  • Advanced Blocking

  • Advanced Forwarding

  • Auto PTR

  • Block Page

  • DNS64

  • DNS Block List (DNSBL)

  • Drop Requests

  • Failover

  • Geo Continent

  • Geo Country

  • Geo Distance

  • NO DATA

  • NX Domain

  • Query Logs (Sqlite)

  • Split Horizon

  • Weighted Round Robin

  • What is My DNS

  • Wild IP

  • Zone Alias

Viewing the DNS App store
Viewing the DNS App store

Below, I am editing the App Config for the Advanced Blocking DNS app.

Customizing the app config
Customizing the app config

One of the apps you will need to install from the start is the Query Logs (Sqlite) app. This app will allow you to query the logs on the Technitium DNS server. I am not sure why they don’t have this installed by default? However, note this if you install it and run into the error getting the logs from the server.

Installing the Query Logs DNS app
Installing the Query Logs DNS app

Explore custom DNS apps and how to create custom DNS responses. Whether you’re looking to route DNS traffic securely or implement dynamic DNS update support, this section covers it all.

 

Robust DNS conditional forwarder zone support

One of the things that I like about Technitium is the robust conditional forwarder support built-in. One of the limitations I ran into with Pi-Hole was being limited to a single conditional forwarder in the Pi-Hole interface.

Below is a look at the Pi-Hole dashboard and conditional forwarder settings.

Conditional Forwarding configuration in Pi Hole
Conditional Forwarding configuration in Pi Hole

Technitium has much more robust options for controlling DNS zones. You can add multiple conditional forwarders, and there are many more options for DNS zones.

Conditional Forwarder configuration in Technitium DNS Server
Conditional Forwarder configuration in Technitium DNS Server

Roles and RBAC

Technitium comes out of the box with great support for role-based access controls. It has the concept of users and groups and built in permissions that define access to the core features of the solution. It was designed to allow administration for multiple users, using least privilege access settings.

RBAC administration built into Technitium DNS Server
RBAC administration built into Technitium DNS Server

 

Other screens, features, and configuration

Take note of the following additional screens, features, and configuration.

Optional Protocols.

Technitium optional protocols
Technitium optional protocols

Recursion settings.

Recursion configuration
Recursion configuration

Cache configuration.

Technitium cache configuration
Technitium cache configuration

 

Blocking configuration.

Blocking configuration and ability to add quick block lists
Blocking configuration and ability to add quick block lists

Proxy and forwarders.

Technitium DNS Server proxy and forwarders configuration
Technitium DNS Server proxy and forwarders configuration

Technitium vs. Other DNS Providers

Public resolvers like Google DNS and Cloudflare DNS are good choices for upstream DNS servers. However, you won’t be able to resolve your local non-public DNS zones with these providers. Technitium gives you more options in supported DNS transport protocols and features like DNS notify support and bulk conditional forwarding support in your home & home lab networks.

Add dark mode to Technitium

On the subject of dark mode, which the default “light” mode of the interface and no option to change to dark mode natively, can leave your eyes feeling like they are about to bleed. However, if you want to use a browser plugin, the “Dark Reader” plugin allows you to create a list of websites you want to display in dark mode, and it will force the site into dark mode.

After installing it and configuring the Technitium URL to display in dark mode, the results were great (much better than the default light mode):

Dark mode for Technitium
Dark mode for Technitium

Wrapping up: My thoughts on Technitium

In setting up and using Technitium, I found it to be surprisingly powerful compared to other solutions I have used, like Pi-Hole and Adguard. It has many features above and beyond other solutions if you like to have fine-grained control and unlimited options for setting up your DNS zones, like conditional forwarding.

I really like the DNS apps it provides, which allow you to extend the functionality of the solution and pick and choose additional features you want to add and do really cool things like split horizon DNS. Also, the built-in RBAC, and great DNS zone control are extremely handy.

Despite the lack of a dark mode in the interface and the inability to customize the dashboard from what I could find, this is perhaps the best home dns server. Let me know in the comments if you have used Technitium or use something you like better.

 

Post a Comment

0 Comments