Boost Your Network Security with Technitium DNS Server: An Open-Source Solution for DNS Privacy

Technitium DNS Server is an open-source, cross-platform DNS server software designed for ease of use, privacy, and security. It supports DNS-over-HTTPS (DoH), DNS-over-TLS (DoT), and DNSCrypt protocols, making it ideal for enhancing DNS privacy.

The software is user-friendly, with a web-based interface for managing DNS records, and is well-suited for both personal and small business use.

Technitium DNS Server also includes DNSSEC validation, customizable filtering rules, and the ability to run as a recursive or authoritative server.

Features

• Works on Windows, Linux, macOS and Raspberry Pi.
• Docker image available on Docker Hub.
• Installs in just a minute and works out-of-the-box with zero configuration.
• Block ads & malware using one or more block list URLs.
• High performance DNS server based on async IO that can serve millions of requests per minute even on a commodity desktop PC hardware (load tested on Intel i7-8700 CPU with more than 100,000 request/second over Gigabit Ethernet).
• Self host DNS-over-TLS, DNS-over-HTTPS, and DNS-over-QUIC DNS services on your network.
• DNS-over-HTTPS implementation supports HTTP/1.1, HTTP/2, and HTTP/3 transport protocols.
• Supports DNS over PROXY protocol version 1 and 2 for both UDP and TCP transports.
• Use public DNS resolvers like Cloudflare, Google, Quad9, and AdGuard with DNS-over-TLS, DNS-over-HTTPS, or DNS-over-QUIC protocols as forwarders.
• Advanced caching with features like serve stale, prefetching and auto prefetching.
• Persistent caching feature that saves cache to disk when DNS server restarts.
• DNS rebinding attack protection feature available with DNS Rebinding Protection App.
• Supports working as an authoritative as well as a recursive DNS server.
• DNSSEC validation support with RSA & ECDSA algorithms for recursive resolver, forwarders, and conditional forwarders with NSEC and NSEC3 support.
• DNSSEC support for all supported DNS transport protocols including encrypted DNS protocols.
• DANE TLSA RFC 6698 record type support. This includes support for automatically generating the hash values using certificates in PEM format.
• SVCB & HTTPS draft-ietf-dnsop-svcb-https record type support.
• URI RFC 7553 record type support.
• SSHFP RFC 4255 record type support.
• CNAME cloaking feature to block domain names that resolve to CNAME which are blocked.
• QNAME minimization support in recursive resolver RFC 9156.
• QNAME case randomization support for UDP transport protocol draft-vixie-dnsext-dns0x20-00.
• DNAME record RFC 6672 support.
• ANAME proprietary record support to allow using CNAME like feature at zone apex (CNAME flattening). Supports multiple ANAME records at both zone apex and sub domains.
• APP proprietary record support that allows custom DNS Apps to directly handle DNS requests and return a custom DNS response based on any business logic.
• Support for features like Split Horizon and Geolocation based responses using DNS Apps feature.
• Support for REGEX based block lists with different block lists for different client IP addresses or subnet using Advanced Blocking DNS App.
• Primary, Secondary, Stub, and Conditional Forwarder zone support.
• Static stub zone support implemented in Conditional Forwarder zone to force a domain name to resolve via given name servers using NS records.
• Bulk conditional forwarding support using Advanced Forwarding DNS App.
• DNSSEC signed zones support with RSA & ECDSA algorithms.
• DNSSEC support for both NSEC and NSEC3.
• Zone transfer with AXFR and IXFR RFC 1995 and DNS NOTIFY RFC 1996 support.
• Zone transfer over TLS (XFR-over-TLS) RFC 9103 support.
• Zone transfer over QUIC (XFR-over-QUIC) RFC 9250 support.
• Dynamic DNS Updates RFC 2136 support with security policy.
• Secret key transaction authentication (TSIG) RFC 8945 support for zone transfers.
• EDNS(0) RFC6891 support.
• EDNS Client Subnet (ECS) RFC 7871 support for recursive resolution and forwarding.
• Extended DNS Errors RFC 8914 support.
• DNS64 function RFC 6147 support for use by IPv6 only clients using the DNS64 App.
• Support to host DNSBL / RBL block lists RFC 5782.
• Multi-user role based access with non-expiring API token support.
• Self host your domain names on your own DNS server.
• Wildcard sub domain support.
• Enable/disable zones and records to allow testing with ease.
• Built-in DNS Client with option to import responses to local zone.
• Supports out-of-order DNS request processing for DNS-over-TCP and DNS-over-TLS protocols RFC 7766.
• Built-in DHCP Server that can work for multiple networks.
• IPv6 support in DNS server core.
• HTTP & SOCKS5 proxy support which can be configured to route DNS over Tor Network or use Cloudflare's hidden DNS resolver.
• Web console portal for easy configuration using any web browser.
• Built in HTTP API to allow 3rd party apps to control and configure the DNS server.
• Built-in system logging and query logging.
• Open source cross-platform .NET 8 implementation hosted on GitHub.

Supported Systems

• Windows
• Linux
• Raspberry Pi
• Docker

License

GPL-3.0

Resources & Downloads

• Download
• Home

GitHub - TechnitiumSoftware/DnsServer: Technitium DNS Server

Technitium DNS Server. Contribute to TechnitiumSoftware/DnsServer development by creating an account on GitHub.

GitHubTechnitiumSoftware

Technitium DNS Server | An Open Source DNS Server For Privacy & Security

Technitium DNS Server is an open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security.

An Open Source DNS Server For Privacy & Security