Skip to content

Monitoring UI

Jump to bottom Edit New page
Frank Denis edited this page May 20, 2025 · 1 revision

Monitoring UI

dnscrypt-proxy includes a web-based monitoring interface that provides real-time statistics and information about your DNS queries. This feature helps you visualize DNS traffic, monitor performance, and troubleshoot issues.

Configuration

The Monitoring UI is disabled by default. To enable it, add the following section to your dnscrypt-proxy.toml configuration file:

[monitoring_ui]
enabled = true
listen_address = "127.0.0.1:8080"
username = "admin"
password = "changeme"
tls_certificate = ""
tls_key = ""
enable_query_log = true
privacy_level = 1

Configuration Options

  • enabled: Set to true to enable the Monitoring UI
  • listen_address: The IP address and port where the UI will be accessible (default: "127.0.0.1:8080")
  • username and password: Credentials for basic authentication
    • To disable authentication, set username to an empty string: username = ""
    • If both username and password are empty, no authentication is required
  • tls_certificate and tls_key: Paths to TLS certificate and key files for HTTPS
    • If both are empty, HTTP will be used
  • enable_query_log: Set to true to show recent queries in the UI
  • privacy_level: Controls the level of detail shown in the UI
    • 0: Show all details including client IPs
    • 1: Anonymize client IPs (default)
    • 2: Aggregate data only (no individual queries or domains shown)

Accessing the UI

Once enabled, you can access the Monitoring UI by opening your web browser and navigating to the address you configured (e.g., http://127.0.0.1:8080).

If you configured authentication, you'll be prompted to enter the username and password.

Security Considerations

For security reasons, consider the following precautions:

  1. Change the default credentials: Always change the default admin / changeme credentials to something unique and secure.

  2. Restrict access: By default, the UI is only accessible from the local machine (127.0.0.1). If you need to access it from other devices on your network, you can change listen_address to "0.0.0.0:8080", but be aware this exposes the interface to your entire network.

  3. Use HTTPS: For sensitive environments or remote access, configure HTTPS by providing TLS certificate and key files.

  4. Consider privacy levels: Set an appropriate privacy level based on your needs. Using level 1 (anonymized IPs) or 2 (aggregate data only) is recommended when multiple users share the same dnscrypt-proxy instance.

Features

The Monitoring UI provides several useful features:

  • Dashboard: Overview of query statistics, cache hit rate, and performance metrics
  • Query Log: Recent DNS queries with response details (when enable_query_log = true)
  • Server Status: Information about connected DNS servers and their performance
  • Cache Status: Details about the DNS cache utilization
  • Resolver Selection: View and customize resolver selection

Performance Impact

The Monitoring UI adds minimal overhead to dnscrypt-proxy, especially with default settings. However, enabling detailed query logging (enable_query_log = true) can slightly increase memory usage, particularly on systems with high DNS query volumes.

If you notice performance issues, consider:

  • Setting privacy_level = 2 to reduce processing required for query details
  • Disabling query logging by setting enable_query_log = false
  • Only enabling the Monitoring UI temporarily when needed for troubleshooting

Are these instructions not clear? Wrong? Insufficient? This documentation page is a Wiki, so you can contribute by improving it!

Clone this wiki locally