diff --git a/Makefile b/Makefile
index 7142588..ec85d1d 100644
--- a/Makefile
+++ b/Makefile
@@ -13,7 +13,7 @@
 
 DOCKER := docker
 
-PROFILES := caddy wordpress adminer uptime-kuma qbittorrent gitea jellyfin watchtower backup syncthing openssh
+PROFILES := caddy wordpress adminer uptime-kuma qbittorrent gitea jellyfin watchtower backup openssh dns-server syncthing
 PROFILE_CMD := $(addprefix --profile ,$(PROFILES))
 
 COMPOSE_FILES :=  $(shell find docker-compose*.yml | sed -e 's/^/--file /')
diff --git a/caddy/bensuperpc.org/Caddyfile b/caddy/bensuperpc.org/Caddyfile
index 6995c0f..9e05477 100644
--- a/caddy/bensuperpc.org/Caddyfile
+++ b/caddy/bensuperpc.org/Caddyfile
@@ -69,6 +69,10 @@ syncthing.bensuperpc.org {
 	}
 }
 
+dns.bensuperpc.org {
+	reverse_proxy dns-server:5380
+}
+
 link.bensuperpc.org {
 	# TODO: Use service with database
 	# Friendly links
diff --git a/docker-compose.dns.yml b/docker-compose.dns.yml
new file mode 100644
index 0000000..65a0b23
--- /dev/null
+++ b/docker-compose.dns.yml
@@ -0,0 +1,23 @@
+version: '3.9'
+
+services:
+  dns-server:
+    container_name: dns-server
+    hostname: dns-server
+    profiles:
+      - dns-server
+    image: technitium/dns-server:latest
+    restart: on-failure
+    networks:
+      - infra-network
+    security_opt:
+      - no-new-privileges:true
+    volumes:
+      - dns-config:/etc/dns
+    env_file:
+      - env/technitium.env
+
+volumes:
+  dns-config:
+    name: dns-config
+
diff --git a/env/technitium.env b/env/technitium.env
new file mode 100644
index 0000000..22d7530
--- /dev/null
+++ b/env/technitium.env
@@ -0,0 +1,18 @@
+DNS_SERVER_DOMAIN=dns-server
+DNS_SERVER_ADMIN_PASSWORD=fddsdfF548TjSNbi490fzZspmLSDf
+# DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt
+# DNS_SERVER_PREFER_IPV6=false
+# DNS_SERVER_WEB_SERVICE_HTTP_PORT=5380
+# DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443
+# DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=true
+# DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false
+# DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=true
+# DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks
+# DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24
+# DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24
+# DNS_SERVER_ENABLE_BLOCKING=false
+# DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false
+# DNS_SERVER_BLOCK_LIST_URLS=
+# DNS_SERVER_FORWARDERS=1.1.1.1, 8.8.8.8
+# DNS_SERVER_FORWARDER_PROTOCOL=Tcp
+# DNS_SERVER_LOG_USING_LOCAL_TIME=true