docker.recipes

Technitium DNS Server

intermediate

Advanced DNS server with DNSSEC, DNS-over-HTTPS, blocking, and web interface.

Overview

Technitium DNS Server is a comprehensive, open-source DNS solution developed as an alternative to traditional DNS servers like BIND and Microsoft DNS. Built on .NET Core, it provides enterprise-grade features including DNSSEC validation and signing, DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) support, advanced filtering capabilities, and a modern web-based management interface. Unlike legacy DNS servers that require complex configuration files, Technitium offers intuitive administration through its built-in web UI while maintaining full RFC compliance and supporting modern DNS security standards. This stack combines Technitium DNS Server with Prometheus for metrics collection and Grafana for visualization, creating a complete DNS infrastructure monitoring solution. Prometheus scrapes DNS query metrics, response times, and server health data from Technitium's built-in metrics endpoint, while Grafana transforms this telemetry into actionable dashboards showing query patterns, blocked requests, upstream resolver performance, and DNSSEC validation statistics. The integration enables administrators to track DNS performance trends, identify potential security threats, and optimize resolver configurations based on real usage data. This configuration is ideal for network administrators managing corporate DNS infrastructure, homelab enthusiasts seeking enterprise-grade DNS capabilities, and organizations requiring detailed DNS analytics and compliance reporting. The combination provides both operational DNS services and comprehensive monitoring in a single deployment, making it particularly valuable for environments where DNS performance and security visibility are critical requirements.

Key Features

  • DNSSEC validation and authoritative zone signing with automatic key rotation
  • DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) support for encrypted DNS queries
  • Advanced DNS filtering with custom block lists and regex-based blocking rules
  • Conditional forwarding with per-domain upstream resolver configuration
  • Built-in DNS Apps framework supporting custom DNS response modification
  • Real-time Prometheus metrics export for DNS queries, cache hits, and response times
  • Grafana dashboard integration with pre-configured DNS performance visualizations
  • Web-based zone management with support for all standard DNS record types

Common Use Cases

  • 1Corporate network DNS infrastructure with centralized filtering and monitoring
  • 2Homelab DNS server with ad-blocking capabilities and performance analytics
  • 3ISP or hosting provider authoritative DNS service with DNSSEC compliance
  • 4Educational institutions requiring DNS content filtering and usage reporting
  • 5Development environments needing custom DNS resolution with split-horizon configurations
  • 6Security-conscious organizations implementing DNS-over-HTTPS for privacy protection
  • 7Network operations centers requiring real-time DNS performance monitoring and alerting

Prerequisites

  • Minimum 1GB RAM for DNS server with additional 512MB for monitoring stack
  • UDP/TCP port 53 available for DNS queries (may require host networking or privileged containers)
  • Understanding of DNS concepts including zone files, record types, and DNSSEC
  • Basic familiarity with PromQL for creating custom Grafana queries and alerts
  • Network configuration knowledge for proper upstream resolver and forwarder setup
  • SSL certificate management experience for DNS-over-HTTPS and web interface security

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  dns-server: 
3    image: technitium/dns-server:latest
4    ports: 
5      - "53:53/tcp"
6      - "53:53/udp"
7      - "5380:5380/tcp"
8      - "443:443/tcp"
9      - "853:853/tcp"
10    volumes: 
11      - dns_config:/etc/dns
12    environment: 
13      DNS_SERVER_DOMAIN: ${DNS_DOMAIN}
14      DNS_SERVER_ADMIN_PASSWORD: ${DNS_ADMIN_PASSWORD}
15    networks: 
16      - dns-net
17    restart: unless-stopped
18
19  prometheus: 
20    image: prom/prometheus:latest
21    ports: 
22      - "9090:9090"
23    volumes: 
24      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
25      - prometheus_data:/prometheus
26    networks: 
27      - dns-net
28    restart: unless-stopped
29
30  grafana: 
31    image: grafana/grafana:latest
32    ports: 
33      - "3000:3000"
34    environment: 
35      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_PASSWORD}
36    volumes: 
37      - grafana_data:/var/lib/grafana
38    networks: 
39      - dns-net
40    restart: unless-stopped
41
42volumes: 
43  dns_config: 
44  prometheus_data: 
45  grafana_data: 
46
47networks: 
48  dns-net: 
49    driver: bridge

.env Template

.env
1# DNS Server
2DNS_DOMAIN=dns.example.com
3DNS_ADMIN_PASSWORD=secure_admin_password
4
5# Grafana
6GRAFANA_PASSWORD=secure_grafana_password

Usage Notes

  1. 1Web UI at http://localhost:5380
  2. 2Supports DNSSEC validation and signing
  3. 3Built-in DNS over HTTPS and TLS
  4. 4Configure blocking via Apps section

Individual Services(3 services)

Copy individual services to mix and match with your existing compose files.

dns-server
dns-server:
  image: technitium/dns-server:latest
  ports:
    - 53:53/tcp
    - 53:53/udp
    - 5380:5380/tcp
    - 443:443/tcp
    - 853:853/tcp
  volumes:
    - dns_config:/etc/dns
  environment:
    DNS_SERVER_DOMAIN: ${DNS_DOMAIN}
    DNS_SERVER_ADMIN_PASSWORD: ${DNS_ADMIN_PASSWORD}
  networks:
    - dns-net
  restart: unless-stopped
prometheus
prometheus:
  image: prom/prometheus:latest
  ports:
    - "9090:9090"
  volumes:
    - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
    - prometheus_data:/prometheus
  networks:
    - dns-net
  restart: unless-stopped
grafana
grafana:
  image: grafana/grafana:latest
  ports:
    - "3000:3000"
  environment:
    GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_PASSWORD}
  volumes:
    - grafana_data:/var/lib/grafana
  networks:
    - dns-net
  restart: unless-stopped

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  dns-server:
5    image: technitium/dns-server:latest
6    ports:
7      - "53:53/tcp"
8      - "53:53/udp"
9      - "5380:5380/tcp"
10      - "443:443/tcp"
11      - "853:853/tcp"
12    volumes:
13      - dns_config:/etc/dns
14    environment:
15      DNS_SERVER_DOMAIN: ${DNS_DOMAIN}
16      DNS_SERVER_ADMIN_PASSWORD: ${DNS_ADMIN_PASSWORD}
17    networks:
18      - dns-net
19    restart: unless-stopped
20
21  prometheus:
22    image: prom/prometheus:latest
23    ports:
24      - "9090:9090"
25    volumes:
26      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
27      - prometheus_data:/prometheus
28    networks:
29      - dns-net
30    restart: unless-stopped
31
32  grafana:
33    image: grafana/grafana:latest
34    ports:
35      - "3000:3000"
36    environment:
37      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_PASSWORD}
38    volumes:
39      - grafana_data:/var/lib/grafana
40    networks:
41      - dns-net
42    restart: unless-stopped
43
44volumes:
45  dns_config:
46  prometheus_data:
47  grafana_data:
48
49networks:
50  dns-net:
51    driver: bridge
52EOF
53
54# 2. Create the .env file
55cat > .env << 'EOF'
56# DNS Server
57DNS_DOMAIN=dns.example.com
58DNS_ADMIN_PASSWORD=secure_admin_password
59
60# Grafana
61GRAFANA_PASSWORD=secure_grafana_password
62EOF
63
64# 3. Start the services
65docker compose up -d
66
67# 4. View logs
68docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/technitium-dns-server/run | bash

Troubleshooting

  • DNS queries failing with permission denied: Run container with --cap-add=NET_BIND_SERVICE or use host networking mode for port 53 binding
  • Technitium web interface shows 'Unable to load dashboard': Check that DNS_SERVER_DOMAIN environment variable matches your actual domain configuration
  • DNSSEC validation errors in logs: Verify system time synchronization as DNSSEC requires accurate timestamps for signature validation
  • Prometheus not scraping DNS metrics: Enable statistics API in Technitium admin panel and configure prometheus.yml to scrape port 5380/stats endpoint
  • High memory usage during zone transfers: Increase container memory limits and configure zone transfer throttling in Technitium advanced settings
  • Grafana dashboards showing no DNS data: Verify Prometheus data source URL points to http://prometheus:9090 within the Docker network

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

technitium-dnsprometheusgrafana

Tags

#dns#technitium#dnssec#doh#ad-blocking

Category

Home Lab & Self-Hosting

Related Recipes

Ad Space