Recursive DNS

Recursive DNS service running mostly for test purposes and my internal usage.

Service is available under IPv6 only: 2001:67c:21ec::53 and 2a0f:5707:ba00::53 via DNS alias.

DoT on port 853 and DoH over port 443 are enabled.

  • DNSSEC enabled
  • Filtering enabled, using CERT Poland malicious domains list updated hourly
  • Logging disabled
  • Forwarding to Quad9/Cloudflare


Fortigate 40F act as Load Balancer using Virtual Server feature. First Alive is used as load balancer algorithm.

Node #1 (primary):

ThinkCentre M625p AMD E2-9000e 8GB RAM

Node #2A (backup):

Raspberry Pi 4 ARMv7 Processor rev 3 (v7l) 4GB RAM

Node #2B (backup):

Raspberry Pi 4 ARMv7 Processor rev 3 (v7l) 2GB RAM


PowerDNS Recursor running on openSUSE Tumbleweed behind dnsdist with some dymanic block rules and caching.


Node #1 - Primary - dnsdist node 1

Node #1 - Primary - Recursor node 1