At some point in your self-hosting journey, you realize that you’re already running most of your network stack at home, so what’s the harm in adding one more service? And when it’s something as immediately useful as a Domain Name Service (DNS) server, giving you power over local domain resolution to power your home lab experiments, the only thing you have to think about is which DNS service you want to install.
I’ve used most of the DNS resolvers on this list, and there isn’t a clear winner because they are all capable enough for the core functionality you’d want from a local DNS server: DNS redirects to self-hosted apps, adblocking at the DNS level, DNS-over-HTTPS (DoH), DNS-over-TLS (DoT), DNSSEC, and caching so that future DNS requests are handled locally.
That means the decision comes down to things like whether it has a web interface to manage things from, how many aspects of DNS you can control, and what type of system you need to run it on. Personal preferences, really, which is absolutely how it should be in my eyes, as properly set up DNS is essential to your home network and your internet experience, and you shouldn’t be able to install a half-baked solution that breaks (unless you misconfigure something, that is).
Related
10.0.0.1 times it really was DNS
Sometimes memes are grounded in truth.
5
BIND
It’s an industry standard for a reason
BIND likes to say it was the first and oldest DNS solution, although that’s not technically correct as there was a proto-DNS called “Jeeves” written the year before BIND was created at Berkeley. Can you imagine—that the first DNS solutions were built by hand—using a central HOSTS.TXT file that you could get your computer added to by picking up the telephone and calling the SRI Network Information Center (NIC), so one of the staff members could add it to the digital file? And while you don’t have to get that hands-on with BIND 9, a lot of its configuration is handled in your favorite ‘nix text editor.
Time to break out the good ol command line and brush up on your vim escape theory, because it’s about to get old skool in here. BIND is a bit of a relic these days as every other DNS resolver has web-based management interfaces, but it’s been around since the start of Internet time, and deserves our respect. Plus, the hands-on nature means you learn what’s going on under the shiny interface, and nothing is better at explaining DNS, except maybe DNS and BIND by O’Reilly Media, still the education company’s finest work.
4
PowerDNS
This powerful DNS system is used by ISPs and some of the DNS providers you’re familiar with
If you’ve ever wanted to run your own production-ready nameserver that supports multiple backends, has a load-balancing module that can scale to thousands of users, and is used by ISPs and huge corporations across the globe, PowerDNS will get you there. And depending on where you live, and how your network is set up, you might already be using this tried-and-tested system. British Telecom uses PowerDNS for broadband and 5G users, and they’re far from the only worldwide telco using this DNS resolver and nameserver.
Quad9, the well-known privacy-first, encrypted DNS service, uses PowerDNS to run things, and if it’s good enough for all your security-conscious friends, it’s good enough to run at home. It’s available for many Linux and Unix distributions, OpenWrt, and various BSD variants, and is packaged as separate Authoritative and Recursive DNS modules, and DNSdist, which is a DNS, DoS, and abuse-aware loadbalancer to ensure those DNS requests are always handled with the lowest latency.
3
Pi-hole paired with Unbound
Block annoyances and create some of your own
Ah, the ever-present Pi-hole. Named after the Raspberry Pi SBC that’s often used to host it, and the method of blocking ads from the network by blackholing them via DNS entries. Some of the staff love it so much they have more than one running at a time, which provides a backup in case one of the Pi-holes glitches or the SD card in the SBC dies. The high-availability setup does come at a cost, with an annoying setup that doesn’t always manage to sync every DNS record when one goes down.
But, for the cost, it’s a perfectly good setup for home users, able to clear ads, malware, dodgy domains, and trackers from the home network. Adding Unbound to the mix gets you DNS recursion to cache the answers to DNS queries, speeding things up the next time you go to that website. Just make sure DNSSEC is enabled, to improve the security and legitimacy of the responses you receive.
2
AdGuard Home
While the adblocker is paid, the DNS-based self-hosted version is free and fantastic
AdGuard Home was created primarily to block advertising at the DNS level, but it can also be used for a DNS server, a DHCP server, and encrypt all your DNS requests so that nobody can snoop on your browsing habits. It’s free, which is surprising to anyone who knows AdGuard, as the company has a history of oddly-priced lifetime licenses for its mobile adblockers and other tools.
Use the Docker container on anything, install the OPNsense plugin, or run it as a package on Linux, macOS, FreeBSD, OpenBSD, or Unix, a LXC on Proxmox or almost any computing device that has an Ethernet connection. While it’s more powerful at adblocking, DNS rebinds are also easy to set up, removing the need to have a domain name when you’re only using locally hosted services.
1
Technitium
My favorite self-hosted DNS server gives you (almost) the same powers as a domain registrar
While other DNS servers on this list are used by domain registrars and public DNS providers, my favorite for home use is Technitium. It’s an authoritative and recursive DNS server that’s every bit as powerful as the registrar systems, but it’s easier to manage, has a great GUI, and does some of the annoying parts for you, like handling PTR records when you set up new CNAME entries.
You get plenty of lists to block adware, malware, and other annoyances, works with multicast properly so it doesn’t break Apple device discovery, which is very important in many homes, and you can also self-host domain names you own, taking Cloudflare or whoever out of the equation. You can force individual apps to use custom DNS apps for resolving, which is powerful for testing out architecture and microservices before putting them into production without affecting the rest of your network. When clustering and failover comes in the near future (it’s on the roadmap), you’ll be able to spin up several instances at home and have them stay in sync, so that you get high availability without having to jump through hoops to keep each DNS server supplied with the same cached records. Oh, and it’s fast, but that should be a given.
Self-hosting a DNS server is somewhat of a rite of passage
Whether you go old-school with the CLI of BIND, or opt for Docker containers or a Technitium install, having a local DNS server makes managing your home lab easier. IT also brings benefits to your home network, as you can block IoT and other smart devices from phoning back to their cloud servers, keeping your network safer. And after the first time you browse to a website, every successive visit will feel faster, because those DNS requests will be served from local cache and not from a server miles from home.