로만

Building a Self-Hosted DNS Server To Streamline My Workflow

- September 22, 2025 → View Repository

1 . Context

Whenever I was first building my personal home network infrastructure, my top priority was to implement as many enterprise-grade switching and routing practices that I knew I could, while still maintaining the most practical utility within my home environment. What struck me as being the most important in this endeavor were two things:

it was from this mindset that I came to realize DNS is both a simple, but immensely powerful protocol that can be expanded to support both of these priorities directly, in ways one might not initially think of. I wanted to create this post to share this mentality & show its application in home labbing.

This post aims to demonstrate how DNS functions in my own home lab & how it can be setup and automated as a tool that can be used daily to enhance and contribute towards productivity habits.

2 . Network

The main fabric of this project is my home network infrastructure, which I'm always designing and tinkering with to keep its utility while still allowing me to experiment with different networking practices and be used for studying.

Since this is still a relatively new home lab, the layout is intentionally simple but structured in a way that can scale as I expand.

2.1 Components

  • Cisco Catalyst 3560-CX Switch (Layer 3 Switch)
    • Provides VLAN segmentation & inter-VLAN routing
    • Handles DHCP relay, QoS, and ACLs to keep management and client traffic separate
    • Functions as the default gateway for all VLANs
    • Implements other technologies like SSH, port security, and DHCP snooping
  • Lenovo ThinkCentre Mini PC (Media & Storage Server)
    • Hosts a self-hosted media server stack (Jellyfin)
    • Provides centralized storage for personal files
    • Accessible via SFTP for file transfers
    • Connected to the Media VLAN for high-speed streaming
    • Configured as a centralized syslog node for monitoring
  • Raspberry Pi Raspberry Pi #1 (DNS & DHCP Server)
    • Runs Pi-hole with Unbound as a recursive DNS resolver
    • Provides ad/malware blocking, DNSSEC validation, and privacy by resolving queries directly against root servers
    • Placed in the Management VLAN
  • Raspberry Pi Raspberry Pi #2 (TV Client)
    • Runs Kodi as a frontend media client
    • Connects to the media server via the Media VLAN
    • Allows for content consumption without depending on proprietary ecosystems
  • Raspberry Pi Raspberry Pi #3 (VPN & Utility Server)
    • Hosts a WireGuard VPN for secure SSH access
    • Runs SFTP/OpenSSH for file transfer & remote management
    • Provides a TFTP service for Cisco firmware updates & config backups
    • Placed in the Management VLAN
  • ISP Home Gateway
    • Provides WAN connectivity
    • DHCP for wireless clients
  • Extras + Misc. Equipment
    • External hard drives for storing files & media
    • Standard CAT6 cables, terminated by me
    • PDU

    • For more specific details regarding how I make use of all of these services, I have a post here detailing how I've integrated my lab components into my workflow.

3 . Pi-hole Configuration & Purpose

Pi-hole is the service that I host for providing DNS control in my network. It operates as a network-wide DNS server that intercepts queries from connected devices and applies filtering rules in real time. Some key benefits include:

  • Network-wide ad-blocking & privacy protection.
  • Custom blacklisting (including based on VLAN/client devices)
  • Block proprietary trackers & telemetry on home smart TVs.
  • Centralized DNS monitoring by logging queries & creating statistics.
  • Can be used as a DHCP server, dynamically asigning DNS.
Pi-hole Logo
Pi-hole dashboard

3.1 Why I Use Unbound

To avoid reliance on third-party DNS providers and maximize privacy, I pair my Pi-hole configuration with Unbound —a recursive, caching DNS resolver. Using Unbound allows my setup to query root DNS servers directly, instead of forwarding requests to Google or any other upstream providers.

While Pi-hole alone grants me DNS control, by default it can't provide anything outside of that; it still needs an external server to resolve domains. Using unbound ensures that the service is officially mine.

Using Unbound grants my network with:

  • Privacy-first architecture
  • DNSSEC validation
  • DNS-Over-TLS
  • Full control over the resolution chain

Unbound uses loopback (127.0.0.1#5335)

This forwards all queries to unbound running on localhost

3.2 Workflow / DNS Segmentation

This was what gave me the initial spark to use Pi-Hole—as it lets me tailor my blacklists according to what I'm doing, focused on, & grants me the ability to automate them according to custom rules as well.

These are my custom groups:

  • Work - Blocks distracting sites & made to enforce that I stay on task throughout the day
  • Study - Similar to Work, but tweaked independently according to what I'm focused on & wanting to study
  • Leisure - Blacklists any sites that I don't want to spend my free-time on (Like work-related sites)
  • Baseline - Always on. Provides ad-blocking and privacy protection. I have 600,000+ domains blocked currently
  • Unrestricted (Rarely used)

3.3 SSH & Custom Scripts

To streamline management, I developed a set of custom shell scripts that sit on the Pi-hole server & client-side scripts that stay synced to my Linux devices. They are configured to be executed over SSH.

Workflow selection script

Workflow Filtering

Updater script interface

Updater Script

DNS statistics checker

DNS Statistics

The source-code for these are all hosted on my GitHub repository.

These allow me to not need to jump between devices constantly & perform maintenance tasks on Pi-hole straight from SSH.

3.4 Repository Overview

I wanted to take advantage of git when I initially began this project. I thought it would make sense to try and keep my configurations & home lab services synced through an open-source repository, albeit while maintaining privacy & not leaking sensitive info (Because of this, a majority of my repositories remain private). This also allows me to share these projects publicly & open for use.

Which is why I now have this repo: roman-dns-stack

The repo contains all of my scripts, blocklists, unbound, some screenshots and a few txt & markdown documents.

Example - baseline.txt

Loading...

This file links to all of my adlists, put under the "baseline" group in Pi-hole. I'm using adlists from Hagezi + StevenBlack for my specific setup.

GitHub Repo Preview

4 . How This Effects My Life

Now that I've explained the technical related aspects, I'd like to go over & explain how this setup particularly plays into my workflow and has helped in supporting what I've needed it to do.

I'll have a much more detailed explanation in my Productivity Workflow + Home Lab post explaining how the services in my home lab function in their entirety, but I'll take the time to focus strictly on DNS as it pertains to this post.

4.1 Staying On Task (Why do this anyways?)

Before every work session, I make sure that I run my workflow script to set my group to "Work" along with pacman -Syu to synchronize my arch packages. I can then use piholeupdate to sync my pihole settings (officially applying them) and start the session.

Whenever I'm in this mode, the process is pretty self-explanatory: Anytime I'm distracted, I'm quickly reminded of the restrictions I put in place, and can't access any distracting sites.

This helps not only with not using blacklisted sites but also enforces:

  • Not falling into algorithmic pipelines & feedback loops, even if I'm using said site for one singular purpose.
  • Forces me into starting work faster & getting into flow as soon as I begin.

Another particularly unique part about this setup is the advantage of being able to implement some of the standard features of already existing programs like Cold Turkey (a website blocker for productivity) integrated into my very network infrastructure. This keeps my tools self-hosted and allows them to blends seamlessly into other DNS & network rules. An interesting aspect to this is it grants me the ability to use:

  • Cron jobs - Schedule times of the day to perform functions
  • Platform agnostic - I can use my server on any device regardless of OS
  • Use VLANs to isolate devices with custom rules
  • Block traffic by port & protocol - target apps that use nonstandard domains like Discord

Because I can segment traffic as well, this allows for extendable network experimentation & means my setup won't get in the way of other clients and users on the network. It transforms it into an engaging way to learn home labbing & apply my networking knowledge to minimize relying on external programs. It also helps to not be tied to things like subscriptions.

4.2 Leisure Time + Media Consumption

In the book Digital Minimalism by Cal Newport, he outlines a concept he calls high-quality leisure: activities that are satisfying, mentally engaging, and valuable to your life. He contrasts high quality leisure with digital activities that shorten your attention and encourage passive consumption (like: doomscrolling).

The goal in achieving high-quality-leisure is pretty simple: to reclaim time, attention, and mental energy within our free time—and create space for more fulfilling and purposeful experiences.

This was the motivation behind my "Leisure" blocklist. Rather than being outright unrestricted during my free-time, I can in the same way as Work & Study, "force" myself to immediately have the focus of high-quality-leisure in mind, and to not accidentally let my mind slip into work mode nor spend my free-time doomscrolling.

This plays into why I decided to start using Jellyfin + Kodi as well. Not only is it a highly customizable ecosystem that can be catered towards my preferences and experience, but allows me to jump right into whatever content, movies, and TV shows I'd like to enjoy without ads & being connected to the internet.

Additionally, I've got into the habit of writing notes and journaling themes, quotes, etc that I've extracted while watching new movies or TV shows. I also write down sentences & timestamps for learning new words in foreign languages through sentence mining . This approach has brought watching media in a useful and engaging way to another level.

4.3 Conclusion

This project was a simple, neat & fun way to try and make use of scripting, networking & DNS in day-to-day life. This is also the first blog post I've written where I detail my home lab. If you want to learn more about how my home lab works with my daily routine, I plan to go into further detail here. If you took the time to read/and or learned anything useful, thank you!

Roman Todd   —   09-22-25