Welcome to DoTH-DNS’s documentation!

Your server doth DNS the safe way if you use DoTH-DNS.

License Code Style: Black

Travis - Build Status
Read the Docs (latest) - Status

PyPI - Python versions supported PyPI - Implementations supported
PyPI - Package latest release PyPI - Package stability PyPI - Format PyPI - Wheel PyPI - Monthly downloads

Github Latest Release GitHub commits since latest release GitHub last commit
Github stars Github forks Github Contributors

Utilizes the power of the DNS sinkhole pi-hole and unbound to create a DNS server under your own authority but with the ability to connect via Do53 (default, unencrypted), DoH (DNS over HTTPS) and DoT (DNS over TLS).


This project was created for use in a local network. If you want to use it on a VPS or in an cloud environment be sure to properly secure your environment and know what you do.


This project’s goal is setup a recursive DNS server inside docker with the option to also connect via DoH or DoT. Therefor pi-hole, unbound, traefik and a DoH-server are utilized.

You may ask ‘Why use DoH or DoT for an local DNS server?’. Good question! I set this up because firefox needs you to use DoH if you want to use ESNI. The DoT support was just some lines of code more so I did it also.

You could also run the stack in a cloud (not tested) and connect there via DoH/DoT.

Query forwarding:

  • Do53 query: port 53 -> pihole -> unbound

  • DoT query: port 853 -> traefik -> pihole -> unbound

  • DoH query: port 443 -> traefik -> DoH-server -> pihole -> unbound

Project name origin

Firstly the name DoTH-DNS is a word construct resulting from the ability to use DoT and DoH for DNS queries.

Secondly doth is an archaic word for third person singular present tense of do, which matches the name perfectly well, because it does DNS (see slogan at top).