Technitium DNS Server is an open-source, authoritative and recursive DNS server built for privacy and security, with DNS-over-TLS, DNS-over-HTTPS, ad blocking, and a modern web console for zone and record management. This guide deploys Technitium using Docker Compose with Traefik securing the web console over HTTPS, after freeing the system's port 53. By the end, you'll have a working DNS server resolving queries with an HTTPS-secured admin console.
Free Port 53
Ubuntu's systemd-resolved binds port 53 by default. Release it before deploying.
1. Stop and disable systemd-resolved:
$ sudo systemctl stop systemd-resolved
$ sudo systemctl disable systemd-resolved
2. Replace the resolver configuration:
$ sudo rm /etc/resolv.conf
$ echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.conf
Set Up the Directory Structure
1. Create the project directory structure:
$ mkdir -p ~/technitium/{config,letsencrypt}
$ cd ~/technitium
2. Create the environment file:
$ nano .env
DOMAIN=technitium.example.com
LETSENCRYPT_EMAIL=admin@example.com
Deploy with Docker Compose
1. Add your user to the Docker group:
$ sudo usermod -aG docker $USER
$ newgrp docker
2. Create the Docker Compose manifest:
$ nano docker-compose.yml
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
environment:
DOCKER_API_VERSION: "1.44"
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=traefik-public"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--certificatesresolvers.le.acme.httpchallenge=true"
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL}"
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./letsencrypt:/letsencrypt
dns-server:
image: technitium/dns-server:latest
container_name: dns-server
restart: unless-stopped
environment:
- TZ=UTC
- DNS_SERVER_DOMAIN=${DOMAIN}
ports:
- "53:53/udp"
- "53:53/tcp"
volumes:
- ./config:/etc/dns
labels:
- "traefik.enable=true"
- "traefik.http.routers.dns.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.dns.entrypoints=websecure"
- "traefik.http.routers.dns.tls=true"
- "traefik.http.routers.dns.tls.certresolver=le"
- "traefik.http.services.dns.loadbalancer.server.port=5380"
3. Start the services:
$ docker compose up -d
4. Verify the services are running:
$ docker compose ps
Initial Configuration
- Navigate to
https://technitium.example.com. - Log in with the default credentials
admin/admin. - Change the password when prompted.
- Go to Settings → Proxy & Forwarders.
- Add upstream DNS providers, one per line:
1.1.1.1and8.8.8.8. - Click Save Settings.
Test Resolution
From any machine, query the server by its IP:
$ dig @SERVER_IP vultr.com
A valid answer section confirms the DNS server is resolving queries.
Next Steps
Technitium is running with an HTTPS-secured console. From here you can:
- Create authoritative zones and records for your domains
- Enable DNS-over-TLS and DNS-over-HTTPS for encrypted resolution
- Turn on block lists to filter ads and malicious domains network-wide
For the full guide with additional tips, visit the original article on Vultr Docs.
Top comments (0)