Technitium DNS Server v15.1.0 has been released with support for OIDC! Now you can use your preferred identity provider to log in to user accounts, and manage your DHCP/DNS deployments with approriately granular permissions controls.
I’ve played around with it, and safe to say that the SSO integration works well. I’ve written a guide to set it up against Kanidm here. There were some OIDC/clustering bugs in prior v15 releases, and with v15.1.0 they have been squashed and solved.
The major release of version 15 also include various important changes, such as the following highlights:
- A new API call for Prometheus metrics
- Query Logs apps can now follow live updates
- Codebase updated to .NET 10 runtime
- HTTP tokens are now accepted via the
Authorization: Bearer <token>header - Many other bugfixes, secfixes, and improvements…
Technitium is pretty great. Hope everyone enjoy the release :)
This could honesty be a enterprise product
Yep. I gave up on it cos it was too much for my home setup. It really is comprehensive.
Someone should do a write up for pihole vs adguard vs technitium vs eBlockerOS
https://eblocker.org/en/ (German product?) (BTW you’re all welcome that I showed you a new thing)
Edit May 7: eBlockerOS seems geared towards better packet* inspection, hidden trackers protection, and fingerprinting. You can install a HTTPS cert* on your current machine so it does MITM packet inspection where it can scan*, inspect, and reencrypt from the looks of it.
Im probably going to run this at work on my test environment to see how well it does overall. Maybe less granular control, but I like is more* than just an adblocker like pihole.
eBlocker definitely looks like an interesting project, I may end up checking that out.
eBlocker does indeed seem German. It’s also much more than PiHole (it MITMs your packets, it seems) https://eblocker.org/en/how-eblocker-works/
eBlocker uses SSL bumping with a unique root certificate to decrypt possibly encrypted TCP/IP packets. After this deep packet inspection a pattern matching to the target URI is performed. In case of a match, the request is answered by the eBlocker (instead of being sent to the target URI).
As a slightly less accurate alternative, eBlocker uses DNS blocking for fallback, where the domains of known data collectors are blocked. This way, even devices that do not allow to install root certificates are also protected.
Has anyone used this and Pihole and have some thoughts on which they would use and why?
Currently using Pihole myself. For adblocking, and a local DNS server. I also have Unbound configured and installed which my Pihole uses.
Anyone have any insight on this before I work on spinning something like this up?
I migrated from pihole to technitium a few weeks ago and it was so smooth.
Native support for clustering is huge. I didn’t even realize how complex managing the pihole had gotten trying to get it to sync to multiple instances.
That’s good to hear!
One feature I wish I could find was automatic DNS record creation for new docker containers I spawn.
Can’t wait to check out Technitium.
I never could get Technitium working correctly, it’s like there’s some switch you need to throw to actually get it to accept requests. I posted that and had a couple of other say the same thing. I didn’t spend a lot of time with it, IMO a DNS server should serve requests out of the box.
Went back to Unbound on my OPNsense router.
Went back to Unbound on my OPNsense router.
Yeah. I get more mileage with pFsense + unbound
And + pfBlockerNG
Absolutely. It’s quite effective.
I’ve used PiHole and have switched to Technitium. Basically there’s vastly more options available. A lot of DNS records and zones that simply isn’t available with PiHole.
Also much better support for more advanced protocols (DoH, DoT, …).
But to get the best out of it you do need to use the “Advanced Blocking app”, which is a sort of a plugin. And it doesn’t always play nice with defaults in terms of blockint.
It’s best if one uses one or another, also because of how temporary disabling works.
Sounds like I am going to dig into some documentation for Technitium.
When you mention the “Advanced Blocking App” can you provide a link that for more info by chance?
I had zero plans of running both, more of a situation where I would want to try Technitium and then switch once I know everything is working!
Thank you for the info!
Hi, the other comments have said it pretty well, but you can also check out my previous post for some of the other comparisons.
I went from Pihole > Adguard Home > Technitium, and stuck with the last one because it supports clustering (syncing data between nodes) and recursion (so no need for external Unbound). The interface is a bit complex and there is no dedicated documentation, but should be intuitive enough as you learn.
If you want something simpler, I think Adguard Home is a better choice than Pihole as it natively supports encrypted DNS protocol, and has a sleeker UI. But other than that Technitium is nice as you expand your homelab eventually.
Thank you for sharing the link to your previous post. Will definitely read up on that!
I think I will skip Adguard just due to not wanting a license.
I do wish they had more documentation on this stuff for Technitium.
Though it does seem like a cool product.
adguard home is foss (gpl3)
I may give this a shot and see how I like it. However, I am struggling with my systemd-resolvd service not wanting to disable.
I have used Pi-Hole but not Technitium. As I understand it, Technitium has some more options than that of Pi-Hole + Unbound that power users may appreciate.
Technitium DNS Server v15.1.0 has been released… with support for OIDC! Now you can use your preferred identity provider to log in to Technitium accounts, and manage your DHCP/DNS deployments with approriately granular permissions controls.
I didn’t understand the conection between DHCP/DNS server and login with an IDP. Had to look it up: That server has a web UI and you can use an identity provider to authenticate users, instead of local user management I guess.
Technitium DNS is advertised as a Pihole alternative.
Technitium? Indian company. One guy? Has a blog with some interesting entries. Products: a p2p messenger and a DNS resolver.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DHCP Dynamic Host Configuration Protocol, automates assignment of IPs when connecting to a network DNS Domain Name Service/System IP Internet Protocol PiHole Network-wide ad-blocker (DNS sinkhole) SSL Secure Sockets Layer, for transparent encryption TCP Transmission Control Protocol, most often over IP VPS Virtual Private Server (opposed to shared hosting)
[Thread #274 for this comm, first seen 6th May 2026, 01:40] [FAQ] [Full list] [Contact] [Source code]
