When building a homelab, there are bound to be rabbit holes. My latest one was [[DNS]]. Initially, I was using Windows DNS because everything in the house was Windows-based. I was running Active Directory, I had every machine connected to the Domain, because as a Windows Administrator, that’s all I knew. Now, don’t get me wrong, Windows DNS did precisely what it was supposed to do. Provide Name Resolution to the house.

As I started moving away from physical servers and towards virtualization, I wanted to experiment with other operating systems. Proxmox was my HyperVisor of choice. Again, Windows DNS was running just fine. Still, I needed something lightweight to run on a Raspberry PI, as there were too many instances of rebooting a hypervisor or encountering an issue, which would cause the house to lose its internet connection.

PI-Hole to the rescue.

Pi-Hole addressed that immediate need. And that’s when I learned about Ad-blocking for the home as well. It was a new concept for me, and I got very excited about it. My wife, on the other hand, is not so much, since she can no longer access sponsored sites and other things. It took some time, but I got Pi-hole working and configured it perfectly in the house. But using Pi-hole presented another challenge. Since DNS was still running on Windows and it was the record of truth, because DHCP was updated, Pi-Hole didn’t get that information. I use reserved MAC addresses for servers. I researched for days and was unable to find a way to update Pi-Hole’s zone list from an external source natively. Finally, I created a PowerShell script that would export the DNS zone, and using the Pi-Hole API, it would update the DNS records. This would work great unless something went wrong with the Windows server.

As time went on, I realized it didn’t make sense to have the Windows DNS running, because the Pi-hole server was set as the primary DNS, and if it were unavailable, we would lose network-wide ad-blocking protection. So it was time to ditch the Windows server and set up secondary Pi-hole servers. But still presented the same problem. Pi-Hole doesn’t have High Availability natively. However, Gravity Sync solves this problem.

As time went on, everything was working great, until my ISP started blocking queries on Port 53. While researching how to address the issue, I came across AdGuard Home. I decided to give it a try since it was pretty straightforward to configure DNS over HTTPS and DNS over TLS. I was having issues configuring it with Pi-Hole. After installing AdGuard Home, I was impressed and happy with the simplicity of the GUI. However, the same problem persists as before: no High Availability is natively supported. Adguard-Sync to the rescue. However, as time passed, I began to notice performance issues with the query results. Results were returning slower than when I was running Pi-Hole. I contemplated going back to Pi-hole until a friend suggested I try Technitium. He said how Technitium helped him resolve some DNS authorization issues he was having, and it was working great. I figured, what the hell, why not give it a shot?

I spun up an LXC container and installed Technitium. The installation was relatively easy. During my test, I noticed that performance was improving for resolution. Technitium gave me more control over my DNS settings, in addition to ad-blocking and parental controls. My kids are no longer kids. I didn’t have a need for parental control, but I also needed more than just ad blocking. I also needed authoritative DNS for my internal zones. I still needed the DNS over TLS and/or HTTPS.

As I started playing more with Technitium, it was essentially a combination of Pi-Hole, AdGuard Home, and Windows DNS, all in one application. All the little intricacies I was able to accomplish in my network, I was able to do with Technitium. I didn’t have any fundamental limitations, except for the obvious one: “High Availability.” However, I was tasked with locating and modifying a script by Besmir Zanaj.

It took a few years to reach this point, and currently, Technitium is serving its purpose and getting the job done. I don’t have any issues, and I like the advanced functionality that Technitium provides, which is more than enough to help me keep my DNS clean and secure.