Friday, November 17, 2017

Running Technitium DNS Server on Ubuntu Linux

Updated: 11 Feb 2024

Technitium DNS Server is build to be cross platform using the .NET. You can run the DNS Server Portable App on Windows, Linux, or macOS by using ASP.NET Core 8 Runtime. Raspberry Pi with an arm7 CPU is supported and thus both Raspberry Pi 1 and Raspberry Pi Zero which have arm6 CPU are not supported.

This post is written for Ubuntu Linux but, you can easily follow similar steps on your favorite distro.

This blog post is updated regularly to provide latest instructions to install the DNS Server. So, refer it when you are about to do a fresh installation.

Using Automated Installer / Updater

Automated installer script can be used to install or update the DNS Server. The automated installer script has been tested on following distros:

  • Ubuntu Server (x64)
  • Ubuntu Desktop (x64)
  • Raspbian (Buster) (ARM32)
  • CentOS 8.2 (2004) (x64)
  • Fedora Server 32 (x64)
The installer script may work on other distros and platforms as well.

curl -sSL https://download.technitium.com/dns/install.sh | sudo bash

NOTE! If you have a firewall installed, you will need to allow these ports manually:

  • 5380/tcp (for web console access)
  • 53443/tcp (for web console HTTPS access)
  • 53/udp (default DNS service)
  • 53/tcp (default DNS service)
  • 853/udp (DNS-over-QUIC service)
  • 853/tcp (DNS-over-TLS service)
  • 443/udp (DNS-over-HTTPS service over HTTP/3)
  • 443/tcp (DNS-over-HTTPS service over HTTP/1.1 and HTTP/2)
  • 80/tcp (DNS-over-HTTP service for reverse proxy or certificate renewal HTTP challenge)
  • 67/udp (if you plan to use the built-in DHCP server)

Using Automated Uninstaller

Automated uninstaller script can be used to remove the DNS Server that was installed using the above automated installer script. The uninstaller script will remove both the DNS Server and .NET runtime.

curl -sSL https://download.technitium.com/dns/uninstall.sh | sudo bash

NOTE: The uninstaller will set your /etc/resolv.conf file to use 8.8.8.8 and 1.1.1.1 DNS servers. To restore the defaults follow the steps for your distro:

  • Ubuntu Server, Ubuntu Desktop, CentOS, or Fedora
    sudo systemctl enable systemd-resolved
    sudo systemctl start systemd-resolved
    sudo rm /etc/resolv.conf
    sudo ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
    
    The above steps will restore the default systemd-resolved setup.
  • Raspbian (Buster)
    sudo rm /etc/resolv.conf
    sudo resolvconf -ul
    
    The above steps will restore the default resolvconf setup.

Deploying Docker Container

You can install the DNS Server using the official Docker image available on Docker Hub.

Download the docker-compose.yml file and edit it as per your deployment requirements. Once the file is ready, run the following commands to create a new Docker container using the docker-compose.yml file as shown below:

docker compose up -d

To update an existing container, run the following commands:

docker compose down
docker image rm technitium/dns-server
docker compose up -d

Installing DNS Server Manually

Install the ASP.NET Core 8 Runtime from here. If you want to install ASP.NET Core Runtime on Raspberry Pi, use the instructions in this blog post to install it manually.

Once you have installed ASP.NET Core Runtime, start Terminal or SSH into the server and follow the steps below to install DNS Server on Ubuntu:

  1. Download DNS Server portable app using wget and extract it.
    wget https://download.technitium.com/dns/DnsServerPortable.tar.gz
    sudo mkdir -p /opt/technitium/dns
    sudo tar -zxf DnsServerPortable.tar.gz -C /opt/technitium/dns
    
  2. You can now run the DNS Server directly from console as a standalone app.
    cd /opt/technitium/dns
    sudo ./start.sh
    
  3. Or, if your distro uses systemd, follow these steps to install it as a daemon.
    sudo cp /opt/technitium/dns/systemd.service /etc/systemd/system/dns.service
    sudo systemctl enable dns.service
    sudo systemctl start dns.service
    

    You may want to check the systemd log entries to find issue if the daemon fails to start:

    journalctl --unit dns --follow
    

  4. Open the url http://<server-ip-address>:5380/ to access the web console.

Updating DNS Server Manually

Make sure you got the ASP.NET Core 8 Runtime from here. Start Terminal and follow the steps below to update DNS Server on Ubuntu:

  1. Download DNS Server portable app using wget and extract it.
    wget https://download.technitium.com/dns/DnsServerPortable.tar.gz
    sudo tar -zxf DnsServerPortable.tar.gz -C /opt/technitium/dns
    
  2. If your distro uses systemd, follow these steps to restart the DNS Server daemon.
    sudo systemctl restart dns.service
    

    You may want to check the systemd log entries to find issue if the daemon fails to start:

    journalctl --unit dns --follow
    

  3. Open the url http://<server-ip-address>:5380/ to access the web console.

Note! The installation folder has been changed from the old "/etc/dns" to "/opt/technitium/dns" in the above instructions. You must extract the files into the folder in which you have the DNS server installed.

Common Issue With Ubuntu

If you are using Ubuntu Desktop, you may find dnsmasq or systemd-resolved daemon already running on UDP port 53 preventing the DNS Server to listen on the same port. You can check the DNS Server log file from the web console to confirm the issue by finding this error:

[2019-01-01 07:30:59 UTC] [0.0.0.0:53] System.Net.Sockets.SocketException (98): Address already in use
   at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName)
   at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.Sockets.Socket.Bind(EndPoint localEP)
   at DnsServerCore.DnsServer.Start() in Z:\Technitium\Projects\DnsServer\DnsServerCore\DnsServer.cs:line 811

You may confirm if its dnsmasq or systemd-resolved by running sudo netstat -nlpu command.

Follow these steps below to disable the dnsmasq service:

  1. Edit the NetworkManager.conf file to disable dnsmasq service:
    sudo nano /etc/NetworkManager/NetworkManager.conf
    
    Comment out the dns=dnsmasq line by adding # character at the beginning like this #dns=dnsmasq and exit the editor by pressing CTRL+X and enter y to save the file.
  2. Restart the computer to apply changes as shown below:
    sudo reboot now
    
  3. After system reboot, open Terminal and check DNS Server logs again from the web console.

Follow these steps below to disable the systemd-resolved service:

  1. Disable the systemd-resolved service and stop it:
    sudo systemctl disable systemd-resolved
    sudo systemctl stop systemd-resolved
    
  2. Configure /etc/resolv.conf as shown below:
    sudo rm /etc/resolv.conf
    sudo echo "nameserver 127.0.0.1" > /etc/resolv.conf
    
  3. If you are using Ubuntu Desktop then edit your /etc/NetworkManager/NetworkManager.conf using nano:
    sudo nano /etc/NetworkManager/NetworkManager.conf
    
    Put the following line in the [main] section of your /etc/NetworkManager/NetworkManager.conf as shown below:
    [main]
    dns=default
    
    Restart network-manager:
    sudo service network-manager restart
    
  4. Now restart the DNS Server and check logs again from the web console.
    sudo systemctl restart dns.service
    

Build From Source Code

You can also build the DNS server from source and install it manually by following the Build Instructions.

That's it!

The DNS Server is running and you can configure your network with the IP address of this computer for DNS resolution.

Check out the web console to create zone, check cached zones, access DNS client tool and configure server settings.

The DNS Server creates a folder named config in the current folder which contains the server config and zone files. Make sure you copy this folder while moving the DNS server folder if you want all the zone files and config to persist.

For any related queries, feel free to comment on this post.

60 comments:

  1. I have a problem regarding to hosting a hotspot with spoofed MAC address. None of my devices can connect to my hotspot unless I revert the MAC address back to original. Is there anyways to be able to host a hotspot with spoofed MAC Address?

    ReplyDelete
    Replies
    1. Send email to support@technitium.com with screenshots and details like OS version mobile device type etc.

      Delete
  2. I have a problem regarding to hosting a hotspot with spoofed MAC address. None of my devices can connect to my hotspot unless I revert the MAC address back to original. Is there anyways to be able to host a hotspot with spoofed MAC Address?

    ReplyDelete
  3. Replies
    1. You can do that as mentioned here: https://pmcgrath.net/running-a-simple-dotnet-core-linux-daemon

      I will be working on making an bash script that will automate and run the app as a daemon.

      Delete
    2. I have updated this post with instructions to run the DNS server as a daemon.

      Delete
  4. I have used this program for some time on my company's server for client computers. I'm finding it very good, fast and besides it's safe!!! Many thanks for being free!!!

    ReplyDelete
  5. How do I uninstall Technitium?

    ReplyDelete
    Replies
    1. It depends on your installation. If you have systemd then just disable & stop the dns.service. If you are using supervisord, then delete the /etc/supervisor/conf.d/dns.conf file and restart supervisord. After that, you can delete the /etc/dns/ directory to complete the uninstallation.

      Delete
    2. Sorry, I was not clear. I am a Noob and I installed on my Raspberry Pi using the following: curl -sSL https://technitium.com/download/dns/install-raspi.sh | sudo bash.
      Is there a way to run a "reverse" install to remove all that has been installed?

      Delete
    3. Just run the following commands to remove it from raspberry pi:

      # stop and disable the dns daemon
      sudo systemctl disable dns.service
      sudo systemctl stop dns.service
      # delete dns server files
      sudo rm -rf /etc/dns/

      # remove dotnet
      sudo rm /usr/bin/dotnet
      sudo rm -rf /opt/dotnet/

      Delete

  6. Hi, I installed the tutorial, but when I'm running on the network, it's slowing down, or sometimes I have to restart the ubuntu server that is running DNS TECHNITIUM, have any suggestions to help me.

    ReplyDelete
    Replies
    1. Thanks for the feedback. Please send details like the config of the server and exact details of the issue to support@technitium.com. Is the server slowing down with high CPU usage or is the DNS Server not responding in time? How many users are using the DNS Server? Do send any screenshots too if necessary for clarity.

      Delete
  7. how to show in browser this program

    ReplyDelete
    Replies
    1. Once the DNS Server is running, just confirm if the port 5380 is running using netstat -nlpt command. Make sure that you add the port 5380 to firewall, if any. Use the server's IP address and the port to connect to the web console from your laptop.

      Delete
  8. On a freshly installed and fully updated Raspbian Lite Stretch (28-11-2013 version) system I get at web gui login: Error! parsererror - SyntaxError: Unexpected token < in JSON at position 4.

    ReplyDelete
    Replies
    1. Thanks for the feedback. Please email me more details like the web browser version and screenshots to support@technitium.com.

      Delete
  9. CentOS7 Intel NUC, Installed per guidelines for manual install. Login page is giving me:

    Error! parsererror - SyntaxError: JSON.parse: unexpected character at line 3 column 1 of the JSON data

    and won't let me log in with the default credentials.

    ReplyDelete
    Replies
    1. Its most probably your anti-virus software blocking you from using non-HTTPS website for login. You can confirm this by using web browser's developer tools network tab. Just see what content is in the response of the login call and you may see the anti-virus software message.

      Try adding the url to anti-virus exceptions and see if that works.

      Delete
  10. I am trying to install this on Debian. II get the server installed with this command: curl -sSL https://download.technitium.com/dns/install-raspi.sh | sudo bash

    However I cannot open a browser on port 5380 any idea's what to check?

    ReplyDelete
    Replies
    1. The install script that you tried works only for Raspberry Pi and wont work on Debian due to different processor architecture. Thus, the script you ran has actually installed .NET Core runtime for ARM processor which wont run on your machine and thus the software is not up.

      You need to install .NET Core manually from instruction on the Microsoft website mentioned in the manual install section of this blog and then follow the steps in blog to install the DNS Server.

      Delete
  11. Is it safe to install it on VPS?

    ReplyDelete
    Replies
    1. Yes, you can install it on VPS. Only issue could be if you run recursive DNS service then it could be accessed by anyone unless you setup iptables.

      Delete
  12. I think it's good to disable dnsmasp



    Uninstall dnsmasq base package

    sudo apt-get remove dnsmasq-base

    ReplyDelete
  13. the server dont block the blocklist list.

    ReplyDelete
    Replies
    1. Email to support@technitium.com for resolving any issues you have with the configuration.

      Delete
  14. Hi thank you for your hard work over this project. I installed it on my Debian 10 almost without any issues. I had to edit a little bit the installer - hard code version 18.04 because Microsoft don't have a package for Debian 10. I want to point you to 1 issue with default block list - there 2 dead lists in it - ransomwaretracker is discontinued and hosts-file not working at all. The last one make a huge delay of start of the blocking process.

    ReplyDelete
    Replies
    1. Thanks for the compliments. There is a plan make a generic install script in to-do list which will make it easy to install it in most distros. Yes, I am aware of the dead lists and they have been removed in development code already. I am already working on next release which will be much more optimized and use less memory.

      Delete
  15. How to update DNS server into version 5.0 automatically from Raspberry pi2 model B?

    ReplyDelete
    Replies
    1. Just run the same command used for installing the DNS Server:

      curl -sSL https://download.technitium.com/dns/install-raspi.sh | sudo bash

      Delete
  16. I installed the dns server on a debian, and this is high on the cpu to the point of the server stopping what can be?

    ReplyDelete
    Replies
    1. Thanks for the feedback. It will be really appreciated if you can send in more details to support@technitium.com. Do send details like hardware config, the total number of users (best would be to send a screenshot of the dashboard), and log files during the high CPU usage. If possible send the complete /etc/dns/config folder zipped.

      Delete

    2. in fact I wanted to use it in an internet provider I don't know if it could hold, the problem appears with 100k of requisition

      Delete
    3. There is already an issue being tracked here which may be related to your feedback. A bug has been identified that caused this issue and will get fixed in next update.

      Regarding scaling the DNS server, I have done load testing on DNS server and it managed to clock around 100k requests/sec or 6m requests/min on Intel i7 8700 Desktop CPU.

      Delete
    4. exactly what happens, the DnsServerApp.dll process gets stuck with the processing percentage only returns to normal when it is restarted, tests done on debian and linux arch

      Delete
  17. Is there a way to migrate from one server to another and keep all settings? i.e zone and dhcp information.

    ReplyDelete
    Replies
    1. Yes, you just need to copy the 'config' folder to the other server and everything will be migrated. The folder can be found at '/etc/dns/config'.

      Delete
  18. Hi -

    Great work!

    I am trying to monitor which device requests what domain name and enabled query log. It makes the size bigger but gives me what I am looking for, and based on analyzing this log, I will customize block list. The smart TV seems to be the most truant, followed by my kid! :)

    I have it setup on my Ras pi 3b.

    I thought of a quick log parser, but need to know where the logs so created are kept.

    Also is there a schedule based on which the logs are deleted?

    TiA!

    ReplyDelete
    Replies
    1. Hi. Thanks for the compliments. You can find the log files in '/etc/dns/config/logs' directory. Logs are not deleted automatically.

      Delete
  19. I came across this solution by accident while watching some YouTube videos. I had an existing (but very old) Raspberry Pi 1 running DietPi and PowerDNS/Bind to host my internal DNS domain and was then using recursion to send all other DNS queries to another host running PiHole.

    I have a new Pi4 which I wanted to use as a replacement but it would seem that something has changed and I was unable to get recursion to work. When I saw the YouTube video (https://www.youtube.com/watch?v=IUjSAWDB7E4&t=23s) I realised that Technitium also had the ability to host your own DNS zones, plus ad blocking DNS and decided to give this a try.

    Initially, even though the installation process said it was successful, I couldn't get the service to run or connect to the web interface on :5380, but as I had been trying out different things on this Pi and Technitium may not have been happy with the lighthttpd web service I was using, I decided to try a fresh O/S installation (DietPi which is an optimised version of Raspian/Raspberry Pi OS), installed Apache instead of lighthttpd and this time after installing I was able to confirm the service was running (systemctl status dns.service) and connect to the web interface.

    First impressions are really good. I have been able to set up my own forward & reverse zones and they are working well.

    I would like to set up a secondary server and allow zone transfer and in my older PowerDND/Bind setup I was able to add "allow-transfer" to the specific IP address of the other machine I was using for internal DNS, making sure that no other machine could perform a zone transfer from my main DNS server.

    I am asking this question after only about 15 minutes exposure to Technitium, so I may find a setting, but if I were to set up a second Pi with Technitium can I configure it to replicate the zones created on the main server, but not allow zone transfers to any other IP addresses?

    Thank you.

    ReplyDelete
    Replies
    1. Thanks for the comment. You can setup secondary zone directly from the Add Zone option. If your zone is not resolvable then you need to specify the IP address of your primary DNS server running the zone. The secondary zone would sync up and keep syncing automatically. If you create primary zone on Technitium DNS and want another any other DNS server to run the secondary zone then you will need to first create a NS record for the secondary zone (with a glue record if domain is not resolvable) and then create secondary zone on the other DNS server. As of now, Technitium DNS allows zone transfer only to secondary servers which have an NS record. There are no options to allow zone transfer to any arbitrary DNS server. If you need more help then do email support@technitium.com with screenshots of your config.

      Delete
  20. How can i run both Technitium DNS Server and Webserver (Nginx), im using ubuntu Bionic 18.02?

    ReplyDelete
    Replies
    1. You can run both on the same server normally unless you want to run DoH and also host HTTPS websites. In such case, configure nginx as reverse proxy for hosting DoH and point it to http://127.0.0.1:8053/dns-query and on the DNS server just enable DNS-over-HTTP optional protocol. With this setup your nginx will host both websites and DoH.

      Delete
  21. how to select ip address when server has different ip addresses and only one should be used for dns?

    ReplyDelete
    Replies
    1. You can do that from the Settings in the web console. Find the "DNS Server Local End Points" option in Settings and change it to the network adapter's IP address on which you want the DNS server to listen on.

      Delete
  22. Hi there, I am trying to run the updated to 8.1.4 from 7.1 on Ubuntu 18 and its not doing the install, says something about not seeing the host, My current 7.1 runs flawlessy though

    ReplyDelete
    Replies
    1. Thanks for the feedback. Do share the exact error message that you see to support@technitium.com. Also check the /etc/dns/install.log file and see if there are any errors logged in there.

      Delete
  23. Hi there, I'm trying for technitium behind dnsdist server. But technitium's log query only shows dnsdist ip. I tried to add ecs option in dnsdist but on technitium log file only shows ecs extension and not in query logs. Is there any way I can override ecs ip to client ip or can show ecs ip in query logs (I use sqlite app).

    ReplyDelete
    Replies
    1. Thanks for asking. Technitium DNS server currently does not support any method to get the original source IP address when using UDP/TCP/TLS transports. It supports only when using HTTPS transport. But, there is already a plan to implement support for the PROXY protocol which dnsdist supports.

      Delete
    2. Thanks for your feedback. It worked

      Delete
  24. I'm trying for technitium behind dnsdist server. But technitium's log query only shows dnsdist ip. I tried to add ecs option in dnsdist but on technitium log file only shows ecs extension and not in query logs. Is there any way I can override ecs ip to client ip or can show ecs ip in query logs (I use sqlite app).

    ReplyDelete
  25. Just wanted to let you (all) know that this installed perfectly on Debian bookworm (version 12), and its footprint is waaaay smaller than that of pihole or bind or powerdns or complex unbound dnsmasq configs I've used on many systems over the years, both in memory use as in diskspace/CPU impact. The fact that it runs in a really efficient dotnet instance makes all the difference. (Obviously done quite well by MicroSoft in this case, no wonder seeing the budget they have for this..) I love the interface, and I will definitely change the dark mode css one user has started into something more appealing soon. Anyhow, great work, very extensive package, good web-UI. I'll surely donate when our income is back at a decent level. Thanks!

    ReplyDelete
    Replies
    1. Thanks for the compliments. Good to know that its working well for you.

      Delete
  26. The Docker Compose instructions aren't as straight forward as what is listed here. DNS within the containers wants to bind to 53 on each of the networks it creates/uses at runtime. Following the instructions to the letter, the container never starts and an error indicating that port 53 on 0.0.0.0 is already in use. Want to have robust DNS resolution for homelab, outside of the container environment.

    ReplyDelete
    Replies
    1. Thanks for the feedback. The blog post already mentions this issue under "Common Issue With Ubuntu". You just need to stop any existing DNS stub resolver you have so that the Technitium DNS server can use the port.

      Delete
  27. is there any replication or high availability level with dns server software like Master/Slave or Primary/Secondary installation ?? if so how to configure or setup it ?
    thanks in advanced

    ReplyDelete
    Replies
    1. Thanks for asking. There is primary/secondary for zones which you have to create secondary zones manually on the other server. There is clustering feature planned which will automatically configure two or more servers but this feature will take a few months to be available.

      Delete
  28. After installing dns-server using docker compose (unchanged from installation instructions) the web service is not accessable http://dockerhost:5380 (http error 500), while the log reports web service started normally. my docker host is a linux x86_64 Synology NAS. any hints?

    ReplyDelete
    Replies
    1. Thanks for asking. Its not enough info to understand the issue. Share more details with screenshots to support@technitium.com and you will get a response.

      Delete