I’ve run Pi-hole in my home lab for years. Paired with Unbound as a recursive resolver, it was a solid setup — ad blocking, local DNS resolution, no queries leaking to upstream providers. It worked, and for a long time that was enough.
But there was one thing that I found annoying, Pi-hole for blocking and Unbound for recursion. Two config files, two services, two sets of logs to check when something broke. When I wanted DNS over HTTPS I was looking at a third component. When I wanted to add a local DNS record I had to think about which tool actually owned that. It wasn’t complicated exactly, but it was spread out, and spread out means more things to maintain and more places for something to go quietly wrong.
I wanted “one tool to rule them all”.
What is Technitium?
Technitium is a full-featured, self-hosted DNS server with a web UI, written in .NET and running happily on Linux. It handles recursive resolution, authoritative zones, DNS over HTTPS, DNS over TLS, ad blocking via blocklists, DHCP, and local DNS records — all from a single application with a single web interface.
It’s not as well known as Pi-hole, maybe because Pi-hole was first, but the software is genuinely excellent.
The migration from Pi-hole and Unbound
I run Ubuntu Server 22.04 VMs in VMware, so the installation was straightforward. Technitium provides an install script that handles the .NET runtime and service configuration:
curl -sSL https://download.technitium.com/dns/install.sh | sudo bashAfter that, the web UI is available on port 5380. First thing I did was set a proper admin password and configure it to listen only on the interfaces I actually wanted.
Setting up recursive resolution
In Unbound I had a reasonable configuration set up to get proper DNSSEC validation and privacy-respecting recursion. In Technitium all this can be done by the UI. The DNS server is set to recursive out of the box, then it’s just enabling DNSSEC validation, and its done. What took me a couple of hours with Unbound took about five minutes here.
Pure recursion means queries go directly to the root servers and work their way down the DNS hierarchy — no third party ever sees your queries. No Cloudflare, no Google, no upstream provider of any kind. For privacy that’s the right way to do it, and Technitium handles it cleanly without the configuration overhead Unbound required. Since version 13.1, it even allows you to create and run your own root server, with a single click.
Migrating blocklists from Pi-hole
Pi-hole uses its own blocklist format and database. Technitium uses standard blocklist URLs, which means anything you were already using in Pi-hole works directly. The one thing Pi-hole does better is the query log UI — it’s more polished and the filtering options are more granular. Technitium’s logging is functional and improving, but if you live in the query log all day you’ll notice the difference. For my use case it’s fine.
Local DNS records
This is where Technitium genuinely shines over Pi-hole. Pi-hole’s local DNS management is bolted on and feels like it. Technitium has proper authoritative zone support — you create a zone for your local domain and manage records the way you’d manage DNS properly, with A records, CNAMEs, PTR records for reverse lookups, the lot.
I created a local zone for my lab domain and migrated all my local records into it. Everything from Pi-hole’s custom DNS entries came across as proper A records in a proper zone. Reverse DNS now works correctly across the lab, which it never quite did cleanly with Pi-hole.
What I’ve gained
Running Technitium instead of Pi-hole plus Unbound means that everythig is now in one place. The UI is responsive and covers everything I need while the built-in DHCP server means I can see hostnames automatically registered when devices get leases.
Pure recursive resolution with DNSSEC validation works out of the box. The blocklists work. The local zones work. The API is documented and usable if you want to script anything.
I’ve been running it for a couple of months now and I haven’t missed Pi-hole once.
Is it right for you?
If you’re happy with Pi-hole and your setup is working, there’s no urgent reason to switch. Pi-hole has a larger community and more guides. If you’re already running Unbound alongside it and considering adding DoH, or if you’re finding the multi-tool setup increasingly annoying to maintain — Technitium is worth an afternoon of your time to evaluate.
The install is fast, the migration is low-risk, and you can run it alongside Pi-hole initially to compare before committing.
In my lab, one tool doing everything properly beats two tools each doing half of it making this a good choice for me.