Authentication and extended web UI for DNSvizor
2025-07-22TL;DR: DNSvizor now has authentication for its web UI, which is extended with updating its configuration. We are continuing our work on DNSvizor (repository).
Authenticating users
Our primary goal was to extend the web interface to require authentication for modifying content, such as block lists and altering configuration data. This ensures that only authorized users can make changes to your DNSvizor instance.
We use HTTP Basic Auth, which is simple and effective. It doesn't require cookies or complex login pages. Instead, it works through a "ping-pong" exchange using standard HTTP headers:
- When a user tries to access a protected endpoint, the server responds with a 401 Unauthorized status.
- Included in this response is a WWW-Authenticate: Basic realm="REALM" header.
- The web browser sees this header and automatically prompts the user with a small dialog for a username and password.
- Once entered, the browser sends the credentials back in an Authorization header with every subsequent request to that endpoint.
For DNSvizor, the password is passed as a command-line argument, and this is the system password used to authenticate users. Any username provided is fine, as we do not require a specific username for access.
The PR for this implementation can be found at dnsvizor#48.
Extended web UI
We also worked on providing the configuration in the web interface, and allowing to edit it (with changes being applied to the running DNSvizor).
Also, already in our blocklist PR (described in more detail in our previous blog post) we provided a website to add domains to the blocklist and remove domains.
Conclusion
DNSvizor provides DNS resolution and DHCP service for your network with a web interface - and now we provide authentication for changing the configuration, adding domains to the blocklist and removing domains from the blocklist. Please report issues you encounter and questions you may have. Also, if you use dnsmasq, please show us your configuration.