My Own DNS Server at Home – Part 1: IPv4
9 comments
·September 5, 2025Arch-TK
ninkendo
Y’know the script approach sounds like a good idea.
I also have an OpenBSD box similar to what you describe, but I run ISC dhcpd and BIND because it’s the only setup that does old-school dynamic DNS where the dhcp server sends zone updates to BIND when a lease happens.
But I hate BIND, and not to mention this setup doesn’t work with DHCPv6 (no idea why, it should in principal…) maybe I should just do the “script to read the leases and generate the zone file” approach instead.
thedanbob
I set up authoritative nameservers at home using unbound, which appears to be considerably easier than configuring BIND, but I still can't say that I fully understand it. DNS (and networking in general) is a bit of a dark art.
icedchai
I've been running BIND at home since the mid 90's when I had ISDN. The O'Reilly "DNS and BIND" book was my go-to guide when I got started.
ai-christianson
> DNS (and networking in general) is a bit of a dark art.
Dynamic routing is fun :)
daneel_w
Try NSD. Unlike unbound, NSD is the actual authoritative name server in the project.
louwrentius
If you decide not to use a forwarder, the DNS server will be truly independent.
The DNS server will contact the Root servers for the TLD namesevers of a domain, the TLD nameservers and then the actual authoritative nameserver for the particular domain.
No forwarder needed.
This means you bypass any DNS based filtering any DNS ‘forwarder’ may have in place.
craftkiller
I used to do that, but that has the downside of sending all your DNS requests unencrypted over the network. By using a forwarder you have the option to use DoT or DoH.
bmozumder
[dead]
At home I have an openbsd box as my network gateway running unbound and nsd. Unbound handles the caching and recursion, nsd handles the local name resolution.
I have a small utility (made up of two shell scripts and a python script) which watches /var/db/dhcpd.leases for changes and parses it to produce the zonefiles for nsd.