Boost Your Network Security with Technitium DNS Server: An Open-Source Solution for DNS Privacy

Boost Your Network Security with Technitium DNS Server: An Open-Source Solution for DNS Privacy

Technitium DNS Server is an open-source, cross-platform DNS server software designed for ease of use, privacy, and security. It supports DNS-over-HTTPS (DoH), DNS-over-TLS (DoT), and DNSCrypt protocols, making it ideal for enhancing DNS privacy.

The software is user-friendly, with a web-based interface for managing DNS records, and is well-suited for both personal and small business use.

Technitium DNS Server also includes DNSSEC validation, customizable filtering rules, and the ability to run as a recursive or authoritative server.

Features

  • Works on Windows, Linux, macOS and Raspberry Pi.
  • Docker image available on Docker Hub.
  • Installs in just a minute and works out-of-the-box with zero configuration.
  • Block ads & malware using one or more block list URLs.
  • High performance DNS server based on async IO that can serve millions of requests per minute even on a commodity desktop PC hardware (load tested on Intel i7-8700 CPU with more than 100,000 request/second over Gigabit Ethernet).
  • Self host DNS-over-TLSDNS-over-HTTPS, and DNS-over-QUIC DNS services on your network.
  • DNS-over-HTTPS implementation supports HTTP/1.1, HTTP/2, and HTTP/3 transport protocols.
  • Supports DNS over PROXY protocol version 1 and 2 for both UDP and TCP transports.
  • Use public DNS resolvers like Cloudflare, Google, Quad9, and AdGuard with DNS-over-TLSDNS-over-HTTPS, or DNS-over-QUIC protocols as forwarders.
  • Advanced caching with features like serve stale, prefetching and auto prefetching.
  • Persistent caching feature that saves cache to disk when DNS server restarts.
  • DNS rebinding attack protection feature available with DNS Rebinding Protection App.
  • Supports working as an authoritative as well as a recursive DNS server.
  • DNSSEC validation support with RSA & ECDSA algorithms for recursive resolver, forwarders, and conditional forwarders with NSEC and NSEC3 support.
  • DNSSEC support for all supported DNS transport protocols including encrypted DNS protocols.
  • DANE TLSA RFC 6698 record type support. This includes support for automatically generating the hash values using certificates in PEM format.
  • SVCB & HTTPS draft-ietf-dnsop-svcb-https record type support.
  • URI RFC 7553 record type support.
  • SSHFP RFC 4255 record type support.
  • CNAME cloaking feature to block domain names that resolve to CNAME which are blocked.
  • QNAME minimization support in recursive resolver RFC 9156.
  • QNAME case randomization support for UDP transport protocol draft-vixie-dnsext-dns0x20-00.
  • DNAME record RFC 6672 support.
  • ANAME proprietary record support to allow using CNAME like feature at zone apex (CNAME flattening). Supports multiple ANAME records at both zone apex and sub domains.
  • APP proprietary record support that allows custom DNS Apps to directly handle DNS requests and return a custom DNS response based on any business logic.
  • Support for features like Split Horizon and Geolocation based responses using DNS Apps feature.
  • Support for REGEX based block lists with different block lists for different client IP addresses or subnet using Advanced Blocking DNS App.
  • Primary, Secondary, Stub, and Conditional Forwarder zone support.
  • Static stub zone support implemented in Conditional Forwarder zone to force a domain name to resolve via given name servers using NS records.
  • Bulk conditional forwarding support using Advanced Forwarding DNS App.
  • DNSSEC signed zones support with RSA & ECDSA algorithms.
  • DNSSEC support for both NSEC and NSEC3.
  • Zone transfer with AXFR and IXFR RFC 1995 and DNS NOTIFY RFC 1996 support.
  • Zone transfer over TLS (XFR-over-TLS) RFC 9103 support.
  • Zone transfer over QUIC (XFR-over-QUIC) RFC 9250 support.
  • Dynamic DNS Updates RFC 2136 support with security policy.
  • Secret key transaction authentication (TSIG) RFC 8945 support for zone transfers.
  • EDNS(0) RFC6891 support.
  • EDNS Client Subnet (ECS) RFC 7871 support for recursive resolution and forwarding.
  • Extended DNS Errors RFC 8914 support.
  • DNS64 function RFC 6147 support for use by IPv6 only clients using the DNS64 App.
  • Support to host DNSBL / RBL block lists RFC 5782.
  • Multi-user role based access with non-expiring API token support.
  • Self host your domain names on your own DNS server.
  • Wildcard sub domain support.
  • Enable/disable zones and records to allow testing with ease.
  • Built-in DNS Client with option to import responses to local zone.
  • Supports out-of-order DNS request processing for DNS-over-TCP and DNS-over-TLS protocols RFC 7766.
  • Built-in DHCP Server that can work for multiple networks.
  • IPv6 support in DNS server core.
  • HTTP & SOCKS5 proxy support which can be configured to route DNS over Tor Network or use Cloudflare's hidden DNS resolver.
  • Web console portal for easy configuration using any web browser.
  • Built in HTTP API to allow 3rd party apps to control and configure the DNS server.
  • Built-in system logging and query logging.
  • Open source cross-platform .NET 8 implementation hosted on GitHub.

Supported Systems

  • Windows
  • Linux
  • Raspberry Pi
  • Docker

License

GPL-3.0

Resources & Downloads

GitHub - TechnitiumSoftware/DnsServer: Technitium DNS Server
Technitium DNS Server. Contribute to TechnitiumSoftware/DnsServer development by creating an account on GitHub.
Technitium DNS Server | An Open Source DNS Server For Privacy & Security
Technitium DNS Server is an open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security.







Open-source Apps

9,500+

Medical Apps

500+

Lists

450+

Dev. Resources

900+