You have no items in your shopping cart.
Menu

Using Technitium DNS

Using Technitium DNS as Your Recursion Server

Technitium | December 16, 2025

What is Technitium DNS Server

Technitium DNS Server is a modern, open-source authoritative and recursive DNS server. You can use it for your ISP as a recursion server and/or point domains to it and use it as your authoritative DNS server. It provides caching and is very simple to install. It installs on Windows and Linux and works well in production environments.

It can also block DNS entries using lists similar to Pi-hole. For ISP-grade recursion, Technitium is straightforward because out of the box it can perform full recursion directly to root servers (instead of forwarding to public resolvers such as 1.1.1.1 by default).

Technitium supports modern security features including DNS-over-TLS (DoT), DNS-over-HTTPS (DoH), and DNS-over-QUIC (DoQ). If low latency is your primary objective, enabling DNS-over-QUIC is typically the best choice.

Authoritative vs Recursive

Recursive DNS is the service that answers queries for “any and all” domains on behalf of clients. This is what ISPs should provide to customers. A recursive resolver retrieves answers from authoritative sources, caches them for the configured TTL, and then serves cached responses quickly for subsequent requests. Because it is not the authoritative source, it returns non-authoritative answers to the client.

Authoritative DNS is responsible for a specific domain and provides the “source of truth” records (A/AAAA, MX, TXT, etc.). The domain registrar delegates the domain to the authoritative name servers. A recursive resolver will query those authoritative servers to obtain the answer, then cache it, and respond to the client.

What DNS Should You Run?

The right choice depends on your operational model and threat posture. For authoritative DNS, some operators prefer self-hosting for control and independence, while others prefer managed providers for large-scale DDoS mitigation. For ISP operations, running at least two recursive DNS servers (not one) is strongly recommended, placed in low-latency areas of your network. Recursion servers must also be secured to prevent open-resolver abuse.

Why Should I Care?

DNS runs the internet. No DNS effectively means no internet for the vast majority of users. If you are an ISP and you do not provide DNS services within your own operational control, you can create avoidable risk and extended outage windows.

Many ISPs point customers at Google DNS or Cloudflare. While this works functionally, the key question is whether those providers are within your circle of influence. If an issue occurs, do you have a support path that will treat your outage as urgent and actionable? In many cases, the practical answer is no—especially when the service is free.

Google Issue Resolution Time

In one case, Google DNS confirmed a routing issue over email, but end-to-end resolution timing was measured in weeks due to scheduled maintenance windows. That experience is a common driver for ISPs to deploy and manage their own recursive DNS infrastructure.

So Now Back to Technitium DNS Server

When evaluating DNS platforms, Technitium stands out as a feature-complete, zero-cost alternative to solutions like Simple DNS (paid) while remaining easy to deploy. It runs on Windows and Linux, supports full recursion to root by default, provides strong caching controls, and includes optional blocking using familiar list formats.

For environments previously using Pi-hole plus Unbound (to reach root) and separate authoritative tooling, Technitium can reduce operational complexity by consolidating recursion, caching, and optional blocking into one web-managed system.

How to Install Technitium DNS Server

In this example, we used an Ubuntu 24 container, but a VM works equally well. After the OS is up, apply updates:

sudo apt update
sudo apt upgrade -y

Then install Technitium DNS Server:

curl -sSL https://download.technitium.com/dns/install.sh | sudo bash

===============================
Technitium DNS Server Installer
===============================
Updating ASP.NET Core Runtime...
ASP.NET Core Runtime was updated successfully!

Downloading Technitium DNS Server...
Updating Technitium DNS Server...

ICU package is already installed.

Restarting system service...

Technitium DNS Server was installed successfully!
Open http://dns1:5380/ to access the web console.

At this point, the service is installed and running.

Updating to DNS-over-QUIC

To enable DNS-over-QUIC support, install the required Microsoft package and libmsquic:

wget https://packages.microsoft.com/config/$ID/$VERSION_ID/packages-microsoft-prod.deb -O packages-microsoft-prod.deb -4

sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb

sudo apt update
sudo apt install libmsquic -y
sudo apt upgrade -y

This workflow adds the Microsoft repo package, installs the QUIC library, and ensures the system is current.

Configuration of Technitium DNS

Most of the performance-related defaults are already in place. The key operational changes for ISP recursion are securing recursion and tuning cache sizing.

Secure Recursion (ACL)

Under Settings > Recursion, switch to a Specified Network Access Control List (ACL) and add all networks that should be permitted to recurse (private ranges and any customer public IPv4/IPv6 blocks as applicable). Save the configuration to prevent open-resolver abuse.

Technitium Recursion ACL Settings

Cache Tuning

Under Settings > Cache, consider increasing Cache Maximum Entries. The default of 10,000 is often too low for ISP workloads. A practical range is 50,000 to 200,000, depending on available RAM and whether you enable DNSSEC and additional features.

Using Block Lists (Optional)

ISPs typically should not block broad categories of content. If you do implement blocking, keep it narrow (for example, adware/malware) and ensure you have a documented opt-out process for customers. Under Settings > Blocking, you can add allow/block lists. If you use community lists, keep the scope conservative.

Reviewing Your Setup

The dashboard provides visibility into request volume, cache utilization, and optional blocking statistics. By default, Technitium does not store your full query logs; logging can be enabled via optional apps/plugins depending on your requirements.

Technitium Dashboard Summary

Watch cache size, blocked domains (if enabled), and dropped queries. Query-per-minute limits are configured under Settings > General. If a single client regularly hits limits, investigate rather than exempting them as a first step.

So What Have We Done?

We installed Technitium DNS Server, tuned caching for ISP use, secured recursion with an ACL, and optionally added a conservative block list. From here, duplicate the build for a secondary resolver and deploy both servers via DHCP (or your preferred distribution method). Remember: fast DNS equals a better internet experience, and resolver placement matters.

About Link Technologies, Inc.

Link Technologies, Inc. has been in business for nearly 20 years. We provide MikroTik, 9Dot, and NetPoint antenna hardware and other hardware and software solutions. We focus on MikroTik hardware and engineering services and build practical solutions that solve real operational needs.

Our customers include ISPs, fiber operators, hotels, casinos, healthcare organizations, MSPs, and credit unions. Our solutions include zero-trust networking, firewalling, BGP, VPLS, MPLS, OSPF, MikroTik, Cisco, Juniper, web proxy, backup services, and hosted email and servers. We also provide rackspace in our dedicated data center in House Springs, Missouri, and offer on-site MikroTik and operational training.

How to Contact Us

USA: 314-735-0270  |  Canada: 647-725-7011  |  Toll Free: 866-620-0074
Hardware Sales / New Accounts: sales@LinkTechs.net

Leave your comment

*