Why Run Your Own DNS Server?

Your router ships with a default DNS configuration — usually pointing to your ISP's DNS servers. These servers are fast and convenient, but they have serious downsides: they log your queries, sell data to advertisers, and offer no protection against malware or phishing domains.

Running a custom DNS server on your home network lets you:

  • Block ads and trackers for every device automatically
  • Use an encrypted DNS upstream (DoH or DoT) for privacy
  • Create local DNS names (e.g., nas.home pointing to your NAS)
  • Monitor DNS queries across your entire network
  • Apply parental controls without per-device configuration

Choosing Your DNS Server Software

The most popular self-hosted DNS filtering solutions are:

  • AdGuard Home — modern UI, built-in DoH/DoT, cross-platform
  • Pi-hole — battle-tested, large community, Linux-only
  • Unbound — a recursive DNS resolver (often used alongside Pi-hole)
  • BIND9 — enterprise-grade, very powerful, steeper learning curve

For home use, AdGuard Home or Pi-hole handle 95% of use cases with minimal complexity.

Step 1: Assign a Static IP to Your DNS Device

Your DNS server must always be reachable at the same IP address. Log into your router and reserve a DHCP lease for the device's MAC address, or configure a static IP directly on the device's network interface.

Example static IP configuration on Linux (/etc/network/interfaces or via nmcli):

  • IP address: 192.168.1.10
  • Subnet mask: 255.255.255.0
  • Gateway: 192.168.1.1 (your router)

Step 2: Install and Configure Your DNS Software

Install your chosen DNS server (AdGuard Home, Pi-hole, etc.) on your device. During setup, ensure it binds to port 53 on your device's local IP. Test that it resolves domains correctly before moving to the next step:

nslookup example.com 192.168.1.10

You should receive a valid IP response. If not, check firewall rules — port 53 (TCP and UDP) must be open on the DNS device.

Step 3: Configure Your Router's DNS Settings

This is what routes all network traffic through your DNS server. Log into your router admin panel (usually at 192.168.1.1 or 192.168.0.1) and look for:

  • DHCP Server Settings → DNS Server 1: set to 192.168.1.10
  • Optionally set DNS Server 2 to a fallback like 1.1.1.1 (for when your server is offline)

Save and restart your router if required. New DHCP leases will use your custom DNS from this point forward. Existing devices may need to reconnect or renew their DHCP lease (ipconfig /renew on Windows, or toggle Wi-Fi off and on).

Step 4: Set Up an Encrypted Upstream Resolver

Your custom DNS server still needs to forward unblocked queries somewhere. Configure it to use a DoH or DoT upstream so these queries are encrypted:

  • Cloudflare DoH: https://cloudflare-dns.com/dns-query
  • Quad9 DoH (with malware blocking): https://dns.quad9.net/dns-query
  • AdGuard DoH: https://dns.adguard-dns.com/dns-query

Step 5: Add Local DNS Records

One underrated benefit of a custom DNS server is local hostname resolution. Create DNS records for your home devices so you can reach them by name:

  • nas.home → 192.168.1.20
  • printer.home → 192.168.1.30
  • camera.home → 192.168.1.40

In AdGuard Home, this is done under Settings → DNS Rewrites. In Pi-hole, add entries to /etc/hosts or use the Custom DNS section.

Troubleshooting Common Issues

  • Devices still using old DNS: Force a DHCP lease renewal or manually set DNS on the device.
  • Sites not loading: Check your DNS server's query log for blocked domains and whitelist as needed.
  • Slow resolution: Enable DNS caching in your server settings and consider a faster upstream resolver.
  • Port 53 conflict: On Ubuntu 22.04+, systemd-resolved uses port 53. Disable it or change its stub listener before running your DNS server.

You're in Control Now

A custom DNS server is one of the highest-leverage privacy and security improvements you can make at home. Once configured, it runs silently in the background, protecting every device on your network without any per-device setup.