Friday, November 17, 2017

Running Technitium DNS Server on Ubuntu Linux

Technitium DNS Server is build to be cross platform using the .NET Standard 2.0. You can run the DNS Server Portable App on Linux or macOS by using .NET Core. This post is written for Ubuntu Linux but, you can easily follow similar steps on your favorite distro.

This blog post is updated regularly to provide latest instructions to install the DNS Server. So, refer it when you are about to do a fresh installation.

Using Automated Installer / Updater

Automated installer script can be used to install or update the DNS Server. The automated installer script has been tested on following distros:

  • Ubuntu Server (x64)
  • Ubuntu Desktop (x64)
  • Raspbian (Buster) (ARM32)
  • CentOS 8.2 (2004) (x64)
  • Fedora Server 32 (x64)
The installer script may work on other distros and platforms as well.

curl -sSL https://download.technitium.com/dns/install.sh | sudo bash

NOTE! If you have a firewall installed, you will need to allow these ports manually:

  • 53/udp (default DNS service)
  • 53/tcp (default DNS service)
  • 5380/tcp (for web console access)
  • 67/udp (if you plan to use the built-in DHCP server)

Using Automated Uninstaller

Automated uninstaller script can be used to remove the DNS Server that was installed using the above automated installer script. The uninstaller script will remove both the DNS Server and .NET Core runtime.

curl -sSL https://download.technitium.com/dns/uninstall.sh | sudo bash

NOTE: The uninstaller will set your /etc/resolv.conf file to use 8.8.8.8 and 1.1.1.1 DNS servers. To restore the defaults follow the steps for your distro:

  • Ubuntu Server, Ubuntu Desktop, CentOS, or Fedora
    sudo systemctl enable systemd-resolved
    sudo systemctl start systemd-resolved
    sudo rm /etc/resolv.conf
    sudo ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
    
    The above steps will restore the default systemd-resolved setup.
  • Raspbian (Buster)
    sudo rm /etc/resolv.conf
    sudo resolvconf -ul
    
    The above steps will restore the default resolvconf setup.

Installing DNS Server Manually

Install the latest .NET Core runtime from here. If you want to install .NET Core on Raspberry Pi, use the instructions in this blog post to install it manually.

Once you have installed .NET Core, start Terminal or SSH into the server and follow the steps below to install DNS Server on Ubuntu:

  1. Download DNS Server portable app using wget and extract it.
    wget https://download.technitium.com/dns/DnsServerPortable.tar.gz
    sudo mkdir -p /etc/dns/
    sudo tar -zxf DnsServerPortable.tar.gz -C /etc/dns/
    
  2. You can now run the DNS Server directly from console as a standalone app.
    cd /etc/dns/
    sudo ./start.sh
    
  3. Or, if your distro uses systemd, follow these steps to install it as a daemon.
    sudo cp /etc/dns/systemd.service /etc/systemd/system/dns.service
    sudo systemctl enable dns.service
    sudo systemctl start dns.service
    

    You may want to check the systemd log entries to find issue if the daemon fails to start:

    journalctl --unit dns --follow
    

  4. Or, if your distro does not support systemd, follow these steps to run it as a daemon using supervisor.
    sudo apt-get -y install supervisor
    sudo cp /etc/dns/supervisor.conf /etc/supervisor/conf.d/dns.conf
    sudo service supervisor restart
    

    You may want to check the log file to find issue if the daemon fails to start:

    cat /var/log/dns.err.log
    

  5. Open the url http://localhost:5380/ to access the web console.

Updating DNS Server Manually

Make sure you got the latest .NET Core runtime from here. Start Terminal and follow the steps below to update DNS Server on Ubuntu:

  1. Download DNS Server portable app using wget and extract it.
    wget https://download.technitium.com/dns/DnsServerPortable.tar.gz
    sudo tar -zxf DnsServerPortable.tar.gz -C /etc/dns/
    
  2. If your distro uses systemd, follow these steps to restart the DNS Server daemon.
    sudo systemctl restart dns.service
    

    You may want to check the systemd log entries to find issue if the daemon fails to start:

    journalctl --unit dns --follow
    

  3. Or, if your distro does not support systemd, follow these steps to restart the DNS Server using supervisor.
    sudo service supervisor restart
    

    You may want to check the log file to find issue if the daemon fails to start:

    cat /var/log/dns.err.log
    

  4. Open the url http://localhost:5380/ to access the web console.

Common Issue With Ubuntu

If you are using Ubuntu Desktop, you may find dnsmasq or systemd-resolved daemon already running on UDP port 53 preventing the DNS Server to listen on the same port. You can check the DNS Server log file from the web console to confirm the issue by finding this error:

[2019-01-01 07:30:59 UTC] [0.0.0.0:53] System.Net.Sockets.SocketException (98): Address already in use
   at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName)
   at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.Sockets.Socket.Bind(EndPoint localEP)
   at DnsServerCore.DnsServer.Start() in Z:\Technitium\Projects\DnsServer\DnsServerCore\DnsServer.cs:line 811

You may confirm if its dnsmasq or systemd-resolved by running sudo netstat -nlpu command.

Follow these steps below to disable the dnsmasq service:

  1. Edit the NetworkManager.conf file to disable dnsmasq service:
    sudo nano /etc/NetworkManager/NetworkManager.conf
    
    Comment out the dns=dnsmasq line by adding # character at the beginning like this #dns=dnsmasq and exit the editor by pressing CTRL+X and enter y to save the file.
  2. Restart the computer to apply changes as shown below:
    sudo reboot now
    
  3. After system reboot, open Terminal and check DNS Server logs again from the web console.

Follow these steps below to disable the systemd-resolved service:

  1. Disable the systemd-resolved service and stop it:
    sudo systemctl disable systemd-resolved
    sudo systemctl stop systemd-resolved
    
  2. Configure /etc/resolv.conf as shown below:
    sudo rm /etc/resolv.conf
    sudo echo "nameserver 127.0.0.1" > /etc/resolv.conf
    
  3. If you are using Ubuntu Desktop then edit your /etc/NetworkManager/NetworkManager.conf using nano:
    sudo nano /etc/NetworkManager/NetworkManager.conf
    
    Put the following line in the [main] section of your /etc/NetworkManager/NetworkManager.conf as shown below:
    [main]
    dns=default
    
    Restart network-manager:
    sudo service network-manager restart
    
  4. Now restart the DNS Server and check logs again from the web console.
    sudo systemctl restart dns.service
    

That's it!

The DNS Server is running and you can configure your network with the IP address of this computer for DNS resolution.

Check out the web console to create zone, check cached zones, access DNS client tool and configure server settings.

The DNS Server creates a folder named config in the current folder which contains the server config and zone files. Make sure you copy this folder while moving the DNS server folder if you want all the zone files and config to persist.

For any related queries, feel free to comment on this post.

43 comments:

  1. Hello my loved one! I wish to say that this post is amazing, nice written and come
    with approximately all significant infos. I would like to look
    more posts like this .

    ReplyDelete
  2. I have a problem regarding to hosting a hotspot with spoofed MAC address. None of my devices can connect to my hotspot unless I revert the MAC address back to original. Is there anyways to be able to host a hotspot with spoofed MAC Address?

    ReplyDelete
    Replies
    1. Send email to support@technitium.com with screenshots and details like OS version mobile device type etc.

      Delete
  3. I have a problem regarding to hosting a hotspot with spoofed MAC address. None of my devices can connect to my hotspot unless I revert the MAC address back to original. Is there anyways to be able to host a hotspot with spoofed MAC Address?

    ReplyDelete
  4. Replies
    1. You can do that as mentioned here: https://pmcgrath.net/running-a-simple-dotnet-core-linux-daemon

      I will be working on making an bash script that will automate and run the app as a daemon.

      Delete
    2. I have updated this post with instructions to run the DNS server as a daemon.

      Delete
  5. I have used this program for some time on my company's server for client computers. I'm finding it very good, fast and besides it's safe!!! Many thanks for being free!!!

    ReplyDelete
  6. How do I uninstall Technitium?

    ReplyDelete
    Replies
    1. It depends on your installation. If you have systemd then just disable & stop the dns.service. If you are using supervisord, then delete the /etc/supervisor/conf.d/dns.conf file and restart supervisord. After that, you can delete the /etc/dns/ directory to complete the uninstallation.

      Delete
    2. Sorry, I was not clear. I am a Noob and I installed on my Raspberry Pi using the following: curl -sSL https://technitium.com/download/dns/install-raspi.sh | sudo bash.
      Is there a way to run a "reverse" install to remove all that has been installed?

      Delete
    3. Just run the following commands to remove it from raspberry pi:

      # stop and disable the dns daemon
      sudo systemctl disable dns.service
      sudo systemctl stop dns.service
      # delete dns server files
      sudo rm -rf /etc/dns/

      # remove dotnet
      sudo rm /usr/bin/dotnet
      sudo rm -rf /opt/dotnet/

      Delete

  7. Hi, I installed the tutorial, but when I'm running on the network, it's slowing down, or sometimes I have to restart the ubuntu server that is running DNS TECHNITIUM, have any suggestions to help me.

    ReplyDelete
    Replies
    1. Thanks for the feedback. Please send details like the config of the server and exact details of the issue to support@technitium.com. Is the server slowing down with high CPU usage or is the DNS Server not responding in time? How many users are using the DNS Server? Do send any screenshots too if necessary for clarity.

      Delete
  8. how to show in browser this program

    ReplyDelete
    Replies
    1. Once the DNS Server is running, just confirm if the port 5380 is running using netstat -nlpt command. Make sure that you add the port 5380 to firewall, if any. Use the server's IP address and the port to connect to the web console from your laptop.

      Delete
  9. On a freshly installed and fully updated Raspbian Lite Stretch (28-11-2013 version) system I get at web gui login: Error! parsererror - SyntaxError: Unexpected token < in JSON at position 4.

    ReplyDelete
    Replies
    1. Thanks for the feedback. Please email me more details like the web browser version and screenshots to support@technitium.com.

      Delete
  10. CentOS7 Intel NUC, Installed per guidelines for manual install. Login page is giving me:

    Error! parsererror - SyntaxError: JSON.parse: unexpected character at line 3 column 1 of the JSON data

    and won't let me log in with the default credentials.

    ReplyDelete
    Replies
    1. Its most probably your anti-virus software blocking you from using non-HTTPS website for login. You can confirm this by using web browser's developer tools network tab. Just see what content is in the response of the login call and you may see the anti-virus software message.

      Try adding the url to anti-virus exceptions and see if that works.

      Delete
  11. I am trying to install this on Debian. II get the server installed with this command: curl -sSL https://download.technitium.com/dns/install-raspi.sh | sudo bash

    However I cannot open a browser on port 5380 any idea's what to check?

    ReplyDelete
    Replies
    1. The install script that you tried works only for Raspberry Pi and wont work on Debian due to different processor architecture. Thus, the script you ran has actually installed .NET Core runtime for ARM processor which wont run on your machine and thus the software is not up.

      You need to install .NET Core manually from instruction on the Microsoft website mentioned in the manual install section of this blog and then follow the steps in blog to install the DNS Server.

      Delete
  12. Is it safe to install it on VPS?

    ReplyDelete
    Replies
    1. Yes, you can install it on VPS. Only issue could be if you run recursive DNS service then it could be accessed by anyone unless you setup iptables.

      Delete
  13. I think it's good to disable dnsmasp



    Uninstall dnsmasq base package

    sudo apt-get remove dnsmasq-base

    ReplyDelete
  14. the server dont block the blocklist list.

    ReplyDelete
    Replies
    1. Email to support@technitium.com for resolving any issues you have with the configuration.

      Delete
  15. Hi thank you for your hard work over this project. I installed it on my Debian 10 almost without any issues. I had to edit a little bit the installer - hard code version 18.04 because Microsoft don't have a package for Debian 10. I want to point you to 1 issue with default block list - there 2 dead lists in it - ransomwaretracker is discontinued and hosts-file not working at all. The last one make a huge delay of start of the blocking process.

    ReplyDelete
    Replies
    1. Thanks for the compliments. There is a plan make a generic install script in to-do list which will make it easy to install it in most distros. Yes, I am aware of the dead lists and they have been removed in development code already. I am already working on next release which will be much more optimized and use less memory.

      Delete
  16. How to update DNS server into version 5.0 automatically from Raspberry pi2 model B?

    ReplyDelete
    Replies
    1. Just run the same command used for installing the DNS Server:

      curl -sSL https://download.technitium.com/dns/install-raspi.sh | sudo bash

      Delete
  17. I installed the dns server on a debian, and this is high on the cpu to the point of the server stopping what can be?

    ReplyDelete
    Replies
    1. Thanks for the feedback. It will be really appreciated if you can send in more details to support@technitium.com. Do send details like hardware config, the total number of users (best would be to send a screenshot of the dashboard), and log files during the high CPU usage. If possible send the complete /etc/dns/config folder zipped.

      Delete

    2. in fact I wanted to use it in an internet provider I don't know if it could hold, the problem appears with 100k of requisition

      Delete
    3. There is already an issue being tracked here which may be related to your feedback. A bug has been identified that caused this issue and will get fixed in next update.

      Regarding scaling the DNS server, I have done load testing on DNS server and it managed to clock around 100k requests/sec or 6m requests/min on Intel i7 8700 Desktop CPU.

      Delete
    4. exactly what happens, the DnsServerApp.dll process gets stuck with the processing percentage only returns to normal when it is restarted, tests done on debian and linux arch

      Delete
  18. Is there a way to migrate from one server to another and keep all settings? i.e zone and dhcp information.

    ReplyDelete
    Replies
    1. Yes, you just need to copy the 'config' folder to the other server and everything will be migrated. The folder can be found at '/etc/dns/config'.

      Delete
  19. Hi -

    Great work!

    I am trying to monitor which device requests what domain name and enabled query log. It makes the size bigger but gives me what I am looking for, and based on analyzing this log, I will customize block list. The smart TV seems to be the most truant, followed by my kid! :)

    I have it setup on my Ras pi 3b.

    I thought of a quick log parser, but need to know where the logs so created are kept.

    Also is there a schedule based on which the logs are deleted?

    TiA!

    ReplyDelete
    Replies
    1. Hi. Thanks for the compliments. You can find the log files in '/etc/dns/config/logs' directory. Logs are not deleted automatically.

      Delete
  20. I came across this solution by accident while watching some YouTube videos. I had an existing (but very old) Raspberry Pi 1 running DietPi and PowerDNS/Bind to host my internal DNS domain and was then using recursion to send all other DNS queries to another host running PiHole.

    I have a new Pi4 which I wanted to use as a replacement but it would seem that something has changed and I was unable to get recursion to work. When I saw the YouTube video (https://www.youtube.com/watch?v=IUjSAWDB7E4&t=23s) I realised that Technitium also had the ability to host your own DNS zones, plus ad blocking DNS and decided to give this a try.

    Initially, even though the installation process said it was successful, I couldn't get the service to run or connect to the web interface on :5380, but as I had been trying out different things on this Pi and Technitium may not have been happy with the lighthttpd web service I was using, I decided to try a fresh O/S installation (DietPi which is an optimised version of Raspian/Raspberry Pi OS), installed Apache instead of lighthttpd and this time after installing I was able to confirm the service was running (systemctl status dns.service) and connect to the web interface.

    First impressions are really good. I have been able to set up my own forward & reverse zones and they are working well.

    I would like to set up a secondary server and allow zone transfer and in my older PowerDND/Bind setup I was able to add "allow-transfer" to the specific IP address of the other machine I was using for internal DNS, making sure that no other machine could perform a zone transfer from my main DNS server.

    I am asking this question after only about 15 minutes exposure to Technitium, so I may find a setting, but if I were to set up a second Pi with Technitium can I configure it to replicate the zones created on the main server, but not allow zone transfers to any other IP addresses?

    Thank you.

    ReplyDelete
    Replies
    1. Thanks for the comment. You can setup secondary zone directly from the Add Zone option. If your zone is not resolvable then you need to specify the IP address of your primary DNS server running the zone. The secondary zone would sync up and keep syncing automatically. If you create primary zone on Technitium DNS and want another any other DNS server to run the secondary zone then you will need to first create a NS record for the secondary zone (with a glue record if domain is not resolvable) and then create secondary zone on the other DNS server. As of now, Technitium DNS allows zone transfer only to secondary servers which have an NS record. There are no options to allow zone transfer to any arbitrary DNS server. If you need more help then do email support@technitium.com with screenshots of your config.

      Delete