Technitium DNS Server

Authoritative and recursive DNS server

★ 5,1 k DNS

Homepage · Source code

Author: Technitium · License: GPL-3.0

Version: 13.4.2 ·

À propos de Technitium DNS Server

Technitium DNS Server is an open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security. It works out-of-the-box with no or minimal configuration and provides a user friendly web console accessible using any modern web browser.

preview

Features

  • Works on Windows, Linux, macOS and Raspberry Pi.
  • Docker image available on Docker Hub.
  • Installs in just a minute and works out-of-the-box with zero configuration.
  • Block ads & malware using one or more block list URLs.
  • Supports working as an authoritative as well as a recursive DNS server.
  • High performance DNS server based on async IO that can serve millions of requests per minute even on a commodity desktop PC hardware (load tested on Intel i7-8700 CPU with more than 100,000 request/second over Gigabit Ethernet).
  • Self host DNS-over-TLS, DNS-over-HTTPS, and DNS-over-QUIC DNS services on your network.
  • DNS-over-HTTPS implementation supports HTTP/1.1, HTTP/2, and HTTP/3 transport protocols.
  • Supports DNS over PROXY protocol version 1 and 2 for both UDP and TCP transports.
  • Use public DNS resolvers like Cloudflare, Google, Quad9, and AdGuard with DNS-over-TLS, DNS-over-HTTPS, or DNS-over-QUIC protocols as forwarders.
  • Support for latency based name server selection algorithm that works with concurrency feature for both recursive resolution and forwarders.
  • Advanced caching with features like serve stale, prefetching and auto prefetching.
  • Persistent caching feature that saves cache to disk when DNS server restarts.
  • DNS rebinding attack protection feature available with DNS Rebinding Protection App.
  • DNSSEC validation support with RSA & ECDSA algorithms for recursive resolver, forwarders, and conditional forwarders with NSEC and NSEC3 support.
  • DNSSEC support for all supported DNS transport protocols including encrypted DNS protocols.
  • DANE TLSA RFC 6698 record type support. This includes support for automatically generating the hash values using certificates in PEM format.
  • SVCB & HTTPS draft-ietf-dnsop-svcb-https record type support.
  • URI RFC 7553 record type support.
  • SSHFP RFC 4255 record type support.
  • CNAME cloaking feature to block domain names that resolve to CNAME which are blocked.
  • QNAME minimization support in recursive resolver RFC 9156.
  • QNAME case randomization support for UDP transport protocol draft-vixie-dnsext-dns0x20-00.
  • DNAME record RFC 6672 support.
  • ANAME proprietary record support to allow using CNAME like feature at zone apex (CNAME flattening). Supports multiple ANAME records at both zone apex and sub domains.
  • APP proprietary record support that allows custom DNS Apps to directly handle DNS requests and return a custom DNS response based on any business logic.
  • Support for features like Split Horizon and Geolocation based responses using DNS Apps feature.
  • Support for REGEX based block lists with different block lists for different client IP addresses or subnet using Advanced Blocking DNS App.
  • Primary, Secondary, Stub, and Conditional Forwarder zone support.
  • Static stub zone support implemented in Conditional Forwarder zone to force a domain name to resolve via given name servers using NS records.
  • Supports Catalog Zones RFC 9432.
  • Supports record aging where the records with expiry set are automatically removed from the zone.
  • Bulk conditional forwarding support using Advanced Forwarding DNS App.
  • DNSSEC signed zones support with RSA & ECDSA algorithms.
  • DNSSEC support for both NSEC and NSEC3.
  • Zone transfer with AXFR and IXFR RFC 1995 and DNS NOTIFY RFC 1996 support.
  • Zone transfer over TLS (XFR-over-TLS) RFC 9103 support.
  • Zone transfer over QUIC (XFR-over-QUIC) RFC 9250 support.
  • Support for zone validation using ZONEMD records RFC 8976 for Secondary zones.
  • Dynamic DNS Updates RFC 2136 support with security policy.
  • Secret key transaction authentication (TSIG) RFC 8945 support for zone transfers.
  • EDNS(0) RFC6891 support.
  • EDNS Client Subnet (ECS) RFC 7871 support for recursive resolution and forwarding.
  • Extended DNS Errors RFC 8914 support.
  • DNS64 function RFC 6147 support for use by IPv6 only clients using the DNS64 App.
  • Support to host DNSBL / RBL block lists RFC 5782.
  • Multi-user role based access with non-expiring API token support.
  • Self host your domain names on your own DNS server.
  • Wildcard sub domain support.
  • Enable/disable zones and records to allow testing with ease.
  • Built-in DNS Client with option to import responses to local zone.
  • Supports out-of-order DNS request processing for DNS-over-TCP and DNS-over-TLS protocols RFC 7766.
  • Built-in DHCP Server that can work for multiple networks.
  • IPv6 support in DNS server core.
  • HTTP & SOCKS5 proxy support which can be configured to route DNS over Tor Network or use Cloudflare's hidden DNS resolver.
  • Web console portal for easy configuration using any web browser.
  • Built in HTTP API to allow 3rd party apps to control and configure the DNS server.
  • Built-in system logging and query logging.
  • Open source cross-platform .NET 8 implementation hosted on GitHub.

Variables d'environnement

Voir les variables d'environnement
PROJECT
  technitium-dns
DOMAIN
  stack.localhost
DNS_SERVER_DOMAIN
  $PROJECT.$DOMAIN #The primary domain name used by this DNS Server to identify itself.
DNS_SERVER_ADMIN_PASSWORD
  password #DNS web console admin user password.
DNS_SERVER_PREFER_IPV6
  false #DNS Server will use IPv6 for querying whenever possible with this option enabled.
DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES
  172.17.0.1,127.0.0.1 #Comma separated list of network interface IP addresses that you want the web service to listen on for requests. The "172.17.0.1" address is the built-in Docker bridge. The "[::]" is the default value if not specified. Note! This must be used only with "host" network mode.
DNS_SERVER_WEB_SERVICE_HTTP_PORT
  5380 #The TCP port number for the DNS web console over HTTP protocol.
DNS_SERVER_WEB_SERVICE_HTTPS_PORT
  53443 #The TCP port number for the DNS web console over HTTPS protocol.
DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS
  false #Enables HTTPS for the DNS web console.
DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT
  false #Enables self signed TLS certificate for the DNS web console.
DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP
  false #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx.
DNS_SERVER_RECURSION
  AllowOnlyForPrivateNetworks #Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworkACL.
DNS_SERVER_RECURSION_NETWORK_ACL
  192.168.10.0/24, !192.168.10.2 #Comma separated list of IP addresses or network addresses to allow access. Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Valid only for `UseSpecifiedNetworkACL` recursion option.
DNS_SERVER_RECURSION_DENIED_NETWORKS
  1.1.1.0/24 #Comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead.
DNS_SERVER_RECURSION_ALLOWED_NETWORKS
  127.0.0.1, 192.168.1.0/24 #Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead.
DNS_SERVER_ENABLE_BLOCKING
  false #Sets the DNS server to block domain names using Blocked Zone and Block List Zone.
DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT
  false #Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests.
DNS_SERVER_FORWARDERS
  1.1.1.1, 8.8.8.8 #Comma separated list of forwarder addresses.
DNS_SERVER_FORWARDER_PROTOCOL
  Tcp #Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson.
DNS_SERVER_LOG_USING_LOCAL_TIME
  true #Enable this option to use local time instead of UTC for logging.