This will be the first in a series of posts discussing third-party utilities that make my job easier. As always, exercise caution with any application with which you are unfamiliar.
This month I’d like to discuss Technitium’s excellent DNS Server application. This is a free, open-source application (GPLv3), that runs on Windows, Linux, macOS, the ubiquitous Raspberry Pi, or in a Docker container. As the name implies, it allows you to run a DNS server using DNS-over-HTTPS, DNS-over-TLS, and DNS-over-QUIC.
Management of the server is handled using a web browser, and the included options are almost as endless as the breadsticks at Olive Garden.
Pros and Features
As would be expected with any competent DNS server, it supports authoritative zones, error and audit logging (which provide an easy window into what is happening with the server), the ability to view cached DNS queries, and a built-in DNS client if you’re feeling too lazy to use nslookup. Oh, and lest I forget, it also has a DHCP server which adds even more utility for testing purposes.
Some of the additional features include the following:
- High-performance DNS server based on async IO that can serve millions of requests per minute even on a commodity desktop PC (load tested on Intel i7-8700 CPU with more than 100,000 request/second over Gigabit Ethernet)
- DNS-over-HTTPS implementation supports HTTP/1.1, HTTP/2, and HTTP/3 transport protocols
- DNSSEC validation support with RSA & ECDSA algorithms for recursive resolver, forwarders, and conditional forwarders
- Advanced caching with features like serve stale, prefetching, and auto prefetching
- Primary, Secondary, Stub, and Conditional Forwarder zone support
- Static stub zone support implemented in Conditional Forwarder zone to force a domain name to resolve via given name servers using NS records
- Zone transfer support
- Wildcard subdomain support
One feature I want to call out is ad blocking. Sure, you can do this in your web browser with the appropriate plugin, but Technitium DNS Server allows you to do so at the DNS level. For home use, this makes it a great alternative to Pi-hole.
Forwarders can be configured manually or by using a predefined list of the most popular public DNS services available (CloudFlare, Google, Quad9, OpenDNS, or AdGuard). The included forwarder options even make selecting a protocol incredibly simple.
There’s also a built-in app “store,” where you can download extensions that add features. You can even create your own apps, provided of course you have the expertise and inclination.
While Technitium DNS is not a replacement for Active-Directory-integrated DNS using Windows Server, it does serve as a great tool for deployment testing, troubleshooting, or home use. This is one piece of software that I’m happy to see free and open-source, but would have gladly paid for.
The One Con With Technitium DNS Server
There is one issue I’ve come across when running Technitium DNS on Windows 10/11, and that is interference from Internet Connection Sharing (ICS). Any application that makes use of the ICS service will cause problems, as ICS listens for UDP traffic on port 53. So, roles like Hyper-V (using the default switch) and applications such as Microsoft Defender Application Guard or Docker will therefore be problematic. As a refresher, you can always check to see what ports are open, and by what processes, by running the following command in the Windows CLI: netstat -aon
Where to Get Technitium DNS
Technitium DNS can be download from the following sources:
Have any questions about how to use Technitium? Feel free to contact our experts at any time!
