The simple yet powerful DNS server for Windows . What makes Simple DNS Plus Portable “simple” is its user interface and automation features. All options and settings are available directly from the intuitive Windows user interface. It provides wizards for common tasks such as setting up new zones, importing data, making bulk updates, etc. You never need to mess with cryptic configuration files or registry settings.
Novice users can have their DNS server up and running correctly and securely in no time. But make no mistake – Simple DNS Plus Portable is a very capable and full featured DNS server, and it has plenty of options for expert users to tweak it just the way they want.
Features
Authoritative and Recursive (resolver and cache) DNS server
All the DNS server features and functionality you need to host DNS for domain names, assign domain name to computers and devices for easy access, create and delegate sub-domains, resolve other domain names on the Internet, speed up Internet access with centralized DNS caching, etc.
High performance DNS server engine and user interface
Great for hosting and managing anywhere from a few domains to +100,000 domains.
The user interface is optimized to handle really large domain name portfolios.
Highly configurable
Simple DNS Plus has options to configure all aspects of the DNS services, including many unique but important options not found in competing products such as the ability to limit recursion by IP address. Options are well organized and easy to manage in a central Options dialog available directly from first toolbar button in the main program window.
Of course the software comes preconfigured with settings that are appropriate for most users.
Remote Management / Windows Server Core
The Simple DNS Plus user interface can be run on a desktop computer connecting to a remote Simple DNS Plus server, making it easy and fast to manage the server without Remote Desktop, VNC, or similar.
You can even remote manage a Simple DNS Plus service running on Windows Server Core (no GUI on server)
Direct support for dynamic IP clients
Simple DNS Plus supports TSIG authenticated dynamic DNS updates.
This update method is more efficient than the HTTP based and other proprietary update methods typically used because it happens directly via the DNS protocol.
Several dynamic IP updater applications can be used with this.
Setup tutorials are provided for DynSite and DirectUpdate.
Simple DNS Plus can also function as a dynamic DNS service for more generic HTTP based update clients either by using the DynDNS Service plug-in or by using a web-server front-end. ASP.NET and classic ASP sample code for this is available here.
Full support for IDNs (internationalized domain names)
In Simple DNS Plus you can enter domain names with native characters directly (no punycode conversion needed), and have an option to display native character or punycoded domain names anywhere in the user interface, and quickly switch between these modes.
IPv6
Simple DNS Plus has full support for IPv6.
Easy to integrate with other applications
You can create DNS records or entire DNS zones from other applications or web-sites and prompt Simple DNS Plus to dynamically load and use these through our REST / JSON based HTTP API.
In fact you can control pretty much everyhing in the software through the HTTP API.
We provide a Swagger / OpenAPI specification file for the HTTP API to use with a long list of automation tools – for example to generate client code in practically any programming / scripting language.
You can explore, play with and test the HTTP API through Swagger UI. Have a peek athttps://simpledns.com/swagger-ui
The HTTP API also supports CORS making it possible to access the HTTP API from javascript on a web-page, SSL for secure connections, and detailed debugging log files.
Simple DNS Plus also allows you to connect with other applications and data from different sources through various plug-ins and can be extended through an open plug-in architecture.
100% .NET managed code
This provides great performance – also on 64 bit computers where Simple DNS Plus runs in native 64 bit mode.
And it is very secure because common security issues such as buffer overruns simply cannot happen.
Strong security features
Protects against DNS spoofing (a.k.a. “cache poisoning”)
“DNS spoofing” is a term used for malicious cache poisoning where forged data is placed in the cache of DNS server.
Spoofing attacks can result in serious security problems, for example causing users to be directed to wrong Internet sites or e-mail being routed to non-authorized mail servers.
Simple DNS Plus automatically protects against this in several ways
– It automatically filters out any response received which does not match a sent request.
– All records in received DNS answers are checked for authority, and records for which the answering DNS server does not have authority are ignored.
– It uses random requests IDs.
– It sends outbound DNS requests from random port numbers (a.k.a. “port randomization”).
– It queues identical requests to prevent “birthday attacks”.
– It has an option to “Ignore responses not coming from the IP address that request was sent to”.
– It has an option to “Ignore responses which do not echo the request question section”.
– It has an option to randomize the letter casing of the query name of outgoing DNS requests, and only accept responses which correctly echo this (DNS0X20).
Restrict recursion by client IP address
You can specify exactly which clients (by IP address / subnet) that you want the server to perform recursion for.
Response Filtering stops “DNS rebinding attacks”
Web-browsers generally allow any script, Java object, Flash object, etc. to communicate via HTTP / TCP with the server that served a web-page for as long as that web-page is open in the browser. This is controlled by the host name specified in the web-page URL. A “DNS rebinding attack” is done by having the DNS record for the host name time out very quickly (low TTL and other tricks) and then serve a new IP address for the host name in response to the next DNS request (“rebinding”). The new IP address would be the private/local IP address of an intranet server or device at your location. Now with a bit of scripting, the attacker can in effect use your browser as a gateway to your entire intranet – completely bypassing your firewall. The same type attack may also be possible with other Internet applications that rely on host names for security. Browser companies are taking steps to prevent this in new browser versions, but it is much more efficient and secure to stop this type of attack at the DNS level by filtering out any private/local IP addresses in DNS responses from outside DNS servers.
“Stealth DNS” option
A hacker may use a software utility known as a “DNS port scanner” to search for potential targets. This software sends dummy DNS requests to a range of IP addresses on different service ports simply to register which addresses/ports respond.
Any addresses/ports that responded will then be probed further for possible vulnerabilities.
Simple DNS Plus has a special “stealth” option which makes it invisible to such DNS port scanners, by not responding to a DNS request unless it is for data in local zones or originates from a client offered recursion.
Secure Zone Transfers
Avoid revealing all your server addresses and other potentially sensitive data by limiting who can zone transfer your zones.
Simple DNS Plus supports secure zone transfer (TSIG authenticated). Both zone transfer requests and responses are authenticated so this provides protection in two ways; it prevents unauthorized transfers (only people / servers with the correct key can transfer), and it ensures data integrity on secondary servers (not possible to spoof / inject false data during transfers).
Zone transfers can also be limited by IP address for cases where the secondary DNS server does not support TSIG signed zone transfers (less secure but much better than letting anyone zone tranfer your data).
IP address blocking
Ignore packets from known offenders (by IP address). You specify how long a block should be in effect along with comments about why the IP address was blocked for easy reference. Such comments will also be shown in the log when a requests from the IP address is ignored.
IP addresses that make too many requests to quickly (possible DoS attack) can either automatically be added to to the block list, or be rate limited.
An editable list of trusted IP addresses are not not subject to automatic blocking / rate limiting.
Download Simple DNS Plus Portable
Download – 25.0 MB
Technitium DNS Server
Self host a DNS server for privacy & security
Block ads & malware at DNS level for your entire network!
Technitium DNS Server is an open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security. It works out-of-the-box with no or minimal configuration and provides a user friendly web console accessible using any modern web browser.
Nobody really bothers about domain name resolution since it works automatically behind the scenes and is complex to understand. Most computer software use the operating system’s DNS resolver that usually query the configured ISP’s DNS server using UDP protocol. This way works well for most people but, your ISP can see and control what website you can visit even when the website employ HTTPS security. Not only that, some ISPs can redirect, block or inject content into websites you visit even when you use a different DNS provider like Google DNS or Cloudflare DNS. Having Technitium DNS Server configured to use DNS-over-TLS, DNS-over-HTTPS, or DNS-over-QUIC forwarders, these privacy & security issues can be mitigated very effectively.
Be it a home network or an organization’s network, having a locally running DNS server gives you more insights into your network and helps to understand it better using the DNS logs and stats. It improves overall performance since most queries are served from the DNS cache making web sites load faster by not having to wait for frequent DNS resolutions. It also gives you an additional control over your network allowing you to block domain names network wide and also allows you to route your DNS traffic securely using encrypted DNS protocols.
Sponsored By
Features
- Works on Windows, Linux, macOS and Raspberry Pi.
- Docker image available on Docker Hub.
- Installs in just a minute and works out-of-the-box with zero configuration.
- Block ads & malware using one or more block list URLs.
- Supports working as an authoritative as well as a recursive DNS server.
- High performance DNS server based on async IO that can serve millions of requests per minute even on a commodity desktop PC hardware (load tested on Intel i7-8700 CPU with more than 100,000 request/second over Gigabit Ethernet).
- Self host DNS-over-TLS, DNS-over-HTTPS, and DNS-over-QUIC DNS services on your network.
- DNS-over-HTTPS implementation supports HTTP/1.1, HTTP/2, and HTTP/3 transport protocols.
- Supports DNS over PROXY protocol version 1 and 2 for both UDP and TCP transports.
- Use public DNS resolvers like Cloudflare, Google, Quad9, and AdGuard with DNS-over-TLS, DNS-over-HTTPS, or DNS-over-QUIC protocols as forwarders.
- Support for latency based name server selection algorithm that works with concurrency feature for both recursive resolution and forwarders.
- Advanced caching with features like serve stale, prefetching and auto prefetching.
- Persistent caching feature that saves cache to disk when DNS server restarts.
- DNS rebinding attack protection feature available with DNS Rebinding Protection App.
- DNSSEC validation support with RSA, ECDSA & EdDSA algorithms for recursive resolver, forwarders, and conditional forwarders with NSEC and NSEC3 support.
- DNSSEC support for all supported DNS transport protocols including encrypted DNS protocols.
- DANE TLSA RFC 6698 record type support. This includes support for automatically generating the hash values using certificates in PEM format.
- SVCB & HTTPS draft-ietf-dnsop-svcb-https record type support.
- URI RFC 7553 record type support.
- SSHFP RFC 4255 record type support.
- CNAME cloaking feature to block domain names that resolve to CNAME which are blocked.
- QNAME minimization support in recursive resolver RFC 9156.
- QNAME case randomization support for UDP transport protocol draft-vixie-dnsext-dns0x20-00.
- DNAME record RFC 6672 support.
- ANAME proprietary record support to allow using CNAME like feature at zone apex (CNAME flattening). Supports multiple ANAME records at both zone apex and sub domains.
- APP proprietary record support that allows custom DNS Apps to directly handle DNS requests and return a custom DNS response based on any business logic.
- Support for features like Split Horizon and Geolocation based responses using DNS Apps feature.
- Support for REGEX based block lists with different block lists for different client IP addresses or subnet using Advanced Blocking DNS App.
- Primary, Secondary, Stub, and Conditional Forwarder zone support.
- Static stub zone support implemented in Conditional Forwarder zone to force a domain name to resolve via given name servers using NS records.
- Supports Catalog Zones RFC 9432.
- Supports record aging where the records with expiry set are automatically removed from the zone.
- Bulk conditional forwarding support using Advanced Forwarding DNS App.
- DNSSEC signed zones support with RSA, ECDSA & EdDSA algorithms.
- DNSSEC support for both NSEC and NSEC3.
- Zone transfer with AXFR and IXFR RFC 1995 and DNS NOTIFY RFC 1996 support.
- Zone transfer over TLS (XFR-over-TLS) RFC 9103 support.
- Zone transfer over QUIC (XFR-over-QUIC) RFC 9250 support.
- Support for zone validation using ZONEMD records RFC 8976 for Secondary zones.
- Dynamic DNS Updates RFC 2136 support with security policy.
- Secret key transaction authentication (TSIG) RFC 8945 support for zone transfers.
- EDNS(0) RFC6891 support.
- EDNS Client Subnet (ECS) RFC 7871 support for recursive resolution and forwarding.
- Extended DNS Errors RFC 8914 support.
- DNS64 function RFC 6147 support for use by IPv6 only clients using the DNS64 App.
- Support to host DNSBL / RBL block lists RFC 5782.
- Multi-user role based access with non-expiring API token support.
- Self host your domain names on your own DNS server.
- Wildcard sub domain support.
- Enable/disable zones and records to allow testing with ease.
- Built-in DNS Client with option to import responses to local zone.
- Supports out-of-order DNS request processing for DNS-over-TCP and DNS-over-TLS protocols RFC 7766.
- Built-in DHCP Server that can work for multiple networks.
- IPv6 support in DNS server core.
- HTTP & SOCKS5 proxy support which can be configured to route DNS over Tor Network or use Cloudflare’s hidden DNS resolver.
- Web console portal for easy configuration using any web browser.
- Built in HTTP API to allow 3rd party apps to control and configure the DNS server.
- Built-in system logging and query logging.
- Open source cross-platform .NET 8 implementation hosted on GitHub.
Planned Features
- Clustering support to manage two or more DNS servers.
Installation
- Windows: Download setup installer for easy installation.
- Linux & Raspberry Pi: Follow install instructions from this blog post.
- Cross-Platform: Download portable app to run on any platform that has .NET 8 installed.
- Docker: Pull the official image from Docker Hub. Use the docker-compose.yml example to create a new container and edit it as required for your deployments. For more details and troubleshooting read the install instructions.
Build Instructions
You can build the DNS server from source and install it manually by following the Build Instructions.
Docker Environment Variables
Technitium DNS Server supports environment variables to allow initializing the config when the DNS server starts for the first time. Read the environment variable documentation for complete details.
API Documentation
The DNS server HTTP API allows any 3rd party app or script to configure the DNS server. The HTTP API is used by the web console and thus all the actions that the web console does can be performed via the API. Read the HTTP API documentation for complete details.
Help Topics
Read the latest online help topics which contains the DNS Server user manual and covers frequently asked questions.
Support
For support, send an email to support@technitium.com. For any issues, feedback, or feature request, create an issue on GitHub.
Join /r/technitium on Reddit.
Donate
Make contribution to Technitium and help making new software, updates, and features possible.
Donate Now!
Blog Posts
- Technitium Blog: How To Configure Catalog Zones For Automatic Provisioning Of Secondary Zones (Oct 2024)
- Technitium Blog: Technitium DNS Server v13 Released! (Sept 2024)
- Technitium Blog: Technitium DNS Server v12 Released! (Feb 2024)
- Technitium Blog: For DNSSEC And Why DANE Is Needed (May 2023)
- Technitium Blog: How To Auto Renew SSL Certificates With Certbot Using DNS Challenge (Mar 2023)
- Technitium Blog: Configuring DNS-over-QUIC and HTTPS/3 For Technitium DNS Server (Feb 2023)
- Technitium Blog: Technitium DNS Server v11 Released! (Feb 2023)
- Technitium Blog: Technitium DNS Server v10 Released! (Nov 2022)
- Technitium Blog: Technitium DNS Server v9 Released! (Sept 2022)
- Technitium Blog: How To Secure Your Domain Name With DNSSEC (Jul 2022)
- Technitium Blog: How To Self Host Your Own Domain Name (Jun 2022)
- Technitium Blog: Technitium DNS Server v8 Released! (Mar 2022)
- Technitium Blog: Running A Root Server Locally On Your DNS Resolver (Jul 2021)
- Yolan Romailler: Being ad-free on Android without rooting (Apr 2021)
- Technitium Blog: Creating And Running DNS Apps On Technitium DNS Server (Mar 2021)
- Technitium Blog: How To Host Your Own DNS-over-HTTPS And DNS-over-TLS Services (Oct 2020)
- Technitium Blog: How To Disable Firefox DNS-over-HTTPS On Your Network (Jul 2020)
- Technitium Blog: How To Enforce Google Safe Search And YouTube Restricted Mode On Your Network (Jul 2020)
- Technitium Blog: Technitium DNS Server v5 Released! (Jul 2020)
- Brian Wojtczak: Keep It Encrypted, Keep It Safe: Working with ESNI, DoH, and DoT (Jan 2020)
- phra’s blog: Exfiltrate Like a Pro: Using DNS over HTTPS as a C2 Channel (Aug 2019)
- Scott Hanselman: Exploring DNS with the .NET Core based Technitium DNS Server (Apr 2019)
- Technitium Blog: Turn Raspberry Pi Into Network Wide DNS Server (Jan 2019)
- Technitium Blog: Blocking Internet Ads Using DNS Sinkhole (Oct 2018)
- Technitium Blog: Configuring DNS Server For Privacy & Security (Jun 2018)
- Technitium Blog: Technitium DNS Server v1.3 Released! (Jun 2018)
- Technitium Blog: Running Technitium DNS Server on Ubuntu Linux (Nov 2017)
- Technitium Blog: Technitium DNS Server Released! (Nov 2017)
The simple yet powerful DNS server for Windows . What makes Simple DNS Plus «simple» is its user interface and automation features. All options and settings are available directly from the intuitive Windows user interface. It provides wizards for common tasks such as setting up new zones, importing data, making bulk updates, etc. You never need to mess with cryptic configuration files or registry settings.
Novice users can have their DNS server up and running correctly and securely in no time. But make no mistake — Simple DNS Plus is a very capable and full featured DNS server, and it has plenty of options for expert users to tweak it just the way they want.
Features
Authoritative and Recursive (resolver and cache) DNS server
All the DNS server features and functionality you need to host DNS for domain names, assign domain name to computers and devices for easy access, create and delegate sub-domains, resolve other domain names on the Internet, speed up Internet access with centralized DNS caching, etc.
High performance DNS server engine and user interface
Great for hosting and managing anywhere from a few domains to +100,000 domains.
The user interface is optimized to handle really large domain name portfolios.
Highly configurable
Simple DNS Plus has options to configure all aspects of the DNS services, including many unique but important options not found in competing products such as the ability to limit recursion by IP address. Options are well organized and easy to manage in a central Options dialog available directly from first toolbar button in the main program window.
Of course the software comes preconfigured with settings that are appropriate for most users.
Remote Management / Windows Server Core
The Simple DNS Plus user interface can be run on a desktop computer connecting to a remote Simple DNS Plus server, making it easy and fast to manage the server without Remote Desktop, VNC, or similar.
You can even remote manage a Simple DNS Plus service running on Windows Server Core (no GUI on server)
Direct support for dynamic IP clients
Simple DNS Plus supports TSIG authenticated dynamic DNS updates.
This update method is more efficient than the HTTP based and other proprietary update methods typically used because it happens directly via the DNS protocol.
Several dynamic IP updater applications can be used with this.
Setup tutorials are provided for DynSite and DirectUpdate.
Simple DNS Plus can also function as a dynamic DNS service for more generic HTTP based update clients either by using the DynDNS Service plug-in or by using a web-server front-end. ASP.NET and classic ASP sample code for this is available here.
Full support for IDNs (internationalized domain names)
In Simple DNS Plus you can enter domain names with native characters directly (no punycode conversion needed), and have an option to display native character or punycoded domain names anywhere in the user interface, and quickly switch between these modes.
IPv6
Simple DNS Plus has full support for IPv6.
Easy to integrate with other applications
You can create DNS records or entire DNS zones from other applications or web-sites and prompt Simple DNS Plus to dynamically load and use these through our REST / JSON based HTTP API.
In fact you can control pretty much everyhing in the software through the HTTP API.
We provide a Swagger / OpenAPI specification file for the HTTP API to use with a long list of automation tools — for example to generate client code in practically any programming / scripting language.
You can explore, play with and test the HTTP API through Swagger UI. Have a peek athttps://simpledns.com/swagger-ui
The HTTP API also supports CORS making it possible to access the HTTP API from javascript on a web-page, SSL for secure connections, and detailed debugging log files.
Simple DNS Plus also allows you to connect with other applications and data from different sources through various plug-ins and can be extended through an open plug-in architecture.
100% .NET managed code
This provides great performance — also on 64 bit computers where Simple DNS Plus runs in native 64 bit mode.
And it is very secure because common security issues such as buffer overruns simply cannot happen.
Download
Simple DNS Plus 9.1 Build 116.rar — 17.3 MB
Simple DNS Plus 9.1 Build 116 Portable
Recently I needed at quick DHCP server for some testing and didn’t want to build a full DHCP server. So I went to the Internet and found this handy tool that was both a DHCP and DNS server in one. It was called Dual Server and it did everything I needed and more. Here is a list of features:
- Either DHCP or DNS or Both Services can be used.
- DHCP hosts automatically added to DNS, If both services used
- DHCP Supports 125 ranges, all options, range specific options
- DNS Supports Zone Transfer and Zone Replication
- DHCP Supports BOOTP Relay Agents, PXE Boot, BOOTP
- Dynamically Detects Listening Interfaces, can listen on 125 interfaces
- HTTP Interface for Lease Status
- Filtering of Ranges by Mac Range, Vendor Class and User Class
- Very easy configuration, no Zone files required
- Allows Replicated operations for DHCP and DNS
- Very Low Memory and CPU use
- Can be installed and used by person not having DNS/DHCP Concepts
- Designed to run as Replicated Load sharing Duplex Operation
I extracted the files and ran it from a flash drive which makes this portable and handy for a quick DHCP server on the fly. It has pretty straight forward configuration using a INI file and a HTML file to monitor the leases that have been handed out. It can be ran as a service or from a command terminal. Here is a few pic of the interface.
I am sure you can use this on a more permanent basis but I only used it for a short while. So I don’t know how well it performs for a full network of devices. However it performed well for my use and I added it to my tool bag for future use. To get it up and running just run the EXE file which will extract the files. Then open the DualServer.ini file and put in your range and machine IP address to listen on. There is a ton of other options that can be configured such as the domain your on, replication to other DNS servers, and the level of logging you want. These are just a few things you can do. The INI file is loaded and I am sure it can be configured to fit your need.
So if you need a quick DHCP server or you don’t have a server OS and need a simple to use option look into Dual Server. It can be found at the following link. http://sourceforge.net/projects/dhcp-dns-server/ The Dual Server website is at the following link: http://dhcp-dns-server.sourceforge.net/