Video tutorial coming soon.
Deploy Technitium DNS Server on Ubuntu for a full-featured, self-hosted DNS solution with ad blocking, DoH/DoT support, split-horizon zones, and a clean web management UI.
Grab the automated bash script from GitHub to follow along with the video.
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/networking/technitium/technitium-ubuntu.sh
chmod +x technitium-ubuntu.sh
sudo bash technitium-ubuntu.shwget https://raw.githubusercontent.com/mhmdali94/Docker/main/networking/technitium/technitium-ubuntu.shchmod +x technitium-ubuntu.shThe script installs Docker if needed, then deploys Technitium DNS Server ready for initial configuration.
sudo bash technitium-ubuntu.shOpen your browser and navigate to:
http://<your-server-ip>:5380Add upstream forwarders (DoH), enable ad blocking lists, and create local DNS zones for your homelab services in the web UI.
| Port | Purpose |
|---|---|
| 53 | DNS (UDP+TCP — primary) |
| 5380 | Web UI (internal — admin) |
| 853 | DNS over TLS (DoT) |
| 443 | DNS over HTTPS (DoH) |
Technitium DNS Server is a cross-platform, open-source DNS server that functions as both a recursive resolver and an authoritative name server. Unlike Pi-hole and AdGuard Home (which are primarily DNS sinkholes with ad blocking), Technitium is a full DNS server that supports DNS over HTTPS (DoH), DNS over TLS (DoT), DNS over QUIC (DoQ), DNSSEC, split-horizon zones, and a comprehensive web management UI.
Technitium is the most capable self-hosted DNS server for homelabs that need more than basic ad blocking. Its split-horizon zone feature lets you resolve internal services by name (e.g. `jellyfin.home`) while also resolving public domains through encrypted DoH forwarders. The web UI makes zone management as easy as a graphical DNS manager.
Technitium listens on port 53 for DNS (UDP+TCP — must be open to all LAN devices), port 5380 for the web UI (internal only), port 853 for DNS over TLS, and port 443 for DNS over HTTPS. Open port 53 to your LAN; keep port 5380 internal-only.
AdGuard Home (simpler UI, ad-blocking focus, DoH/DoT), Pi-hole (DNS sinkhole, no authoritative zones), BIND9 (most powerful, no web UI, complex), CoreDNS (Kubernetes native). Technitium is the best option for homelabs that need full DNS control with a GUI.
If you only need ad blocking and basic DNS, AdGuard Home is simpler and lighter. If you need enterprise authoritative DNS with DNSSEC signing for public domains, use BIND9 or PowerDNS. Technitium is the sweet spot for homelab operators who need more than a sinkhole but less than a production DNS cluster.
PrismaTechWork provides end-to-end infrastructure services — from initial deployment and security hardening to ongoing monitoring, automated backups, and dedicated support. Whether you need a single-server setup or a multi-site network, our team ensures your infrastructure is built right, secured properly, and maintained reliably.
Pi-hole is primarily a DNS sinkhole for ad blocking — it forwards queries to an upstream resolver and blocks known ad domains. Technitium is a full DNS server: it can be both recursive and authoritative, supports DNSSEC, DoH/DoT/DoQ, and split-horizon zones. Technitium can do everything Pi-hole does plus much more.
Yes. Configure your router's DHCP server to advertise your Technitium server's IP as the DNS for all LAN clients. All DNS queries from devices on your network will then go through Technitium, enabling network-wide ad blocking and internal name resolution.
Create a primary zone in Technitium for your domain (e.g. `home.arpa` or `lan`). Add A records for each service pointing to your server's local IP. LAN devices using Technitium as their DNS will resolve these names automatically.
Yes on both sides: it can use DoH forwarders for upstream queries (sending queries encrypted to Cloudflare or Quad9), and it can expose a DoH endpoint for clients to use. Configure a valid TLS certificate for the DoH endpoint.
Yes. Technitium's blocking feature is compatible with standard hosts file format and domain list format block lists — the same formats used by Pi-hole and AdGuard Home. You can use Steven Black's hosts file, oisd.nl, or any similar list directly.
Split-horizon DNS returns different answers for the same domain depending on who is asking. For example, `app.yourdomain.com` resolves to `192.168.1.10` for internal clients but to your public IP for external clients. Set this up by creating an internal primary zone for your domain in Technitium that overrides public DNS for LAN clients.
AdGuard Home has a simpler setup and a more polished UI for per-device statistics and filtering. Technitium has more DNS server features: authoritative zones, DNSSEC, split-horizon, and more granular query control. For pure ad blocking, AdGuard Home is friendlier. For full DNS server functionality, Technitium is more capable.
Run `docker compose pull && docker compose up -d`. Your zones, block lists, and settings are stored in a persistent volume and are not affected by image updates.