Authentication and extended web UI for DNSvizor

• OCaml
• MirageOS
• DNSvizor

TL;DR: DNSvizor now has authentication for its web UI, which is extended with updating its configuration. We are continuing our work on DNSvizor (repository).

Authenticating users

Our primary goal was to extend the web interface to require authentication for modifying content, such as block lists and altering configuration data. This ensures that only authorized users can make changes to your DNSvizor instance.

We use HTTP Basic Auth, which is simple and effective. It doesn't require cookies or complex login pages. Instead, it works through a "ping-pong" exchange using standard HTTP headers:

• When a user tries to access a protected endpoint, the server responds with a 401 Unauthorized status.
• Included in this response is a WWW-Authenticate: Basic realm="REALM" header.
• The web browser sees this header and automatically prompts the user with a small dialog for a username and password.
• Once entered, the browser sends the credentials back in an Authorization header with every subsequent request to that endpoint.

For DNSvizor, the password is passed as a command-line argument, and this is the system password used to authenticate users. Any username provided is fine, as we do not require a specific username for access.

The PR for this implementation can be found at dnsvizor#48.

Extended web UI

We also worked on providing the configuration in the web interface, and allowing to edit it (with changes being applied to the running DNSvizor).

Also, already in our blocklist PR (described in more detail in our previous blog post) we provided a website to add domains to the blocklist and remove domains.

Conclusion

DNSvizor provides DNS resolution and DHCP service for your network with a web interface - and now we provide authentication for changing the configuration, adding domains to the blocklist and removing domains from the blocklist. Please report issues you encounter and questions you may have. Also, if you use dnsmasq, please show us your configuration.

If you're interested in MirageOS and using it in your domain, don't hesitate to reach out to us (via eMail: team@robur.coop) - we're keen to deploy MirageOS and find more domains where it is useful.

Our work is only partially funded, we cross-fund our work by commercial contracts and public (EU) funding. We are part of a non-profit company, you can make a (in the EU tax-deductible) donation (select "DONATION robur" in the dropdown menu), or sponsor us via the GitHub sponsor button.