DNS Server

Username

Password

Enter OTP

Enter the 6-digit code you see in your authenticator app.

Forgot Password?

or login with

DNS Server

Last Hour Last Day Last Week Last Month Last Year Custom

Page Number

Zones Per Page

0 zones

#	Zone	Type	DNSSEC	Status	Serial	Expiry	Last Modified
0 zones 1

#	Name	Type	TTL	Data
0 records 1

technitium.com

Installed Apps
Total Apps: 0

Server

Domain

Type

DNS-over-

EDNS Client Subnet

Enable DNSSEC Validation

Leases
Scopes

Scope	MAC Address	IP Address		Host Name	Lease Obtained	Lease Expires
Total Leases: 0

Name	Scope Range/Subnet Mask	Network/Broadcast	Interface
Total Leases: 0

Edit Scope

Name

Starting Address

Ending Address

Subnet Mask

Lease Time

Days Hours Minutes

The duration for which the clients should be leased the IP address.

Offer Delay Time

milliseconds

The time duration that the DHCP server delays sending an DHCPOFFER message.

Ping Check

Enable Ping Check

Enable this option to allow DHCP server to find out if an IP address is already in use to prevent IP address conflict when some of the devices on the network have manually configured IP addresses.

Ping Check Timeout

milliseconds (default 1000)

The timeout interval to wait for an ping reply.

Ping Check Retries

(default 2)

The maximum number of ping requests to try.

Warning! Ping check would work as expected only when you make sure that all the client devices with manually configured IP addresses on the network respond to a ping request. Devices running Microsoft Windows by default drop ping requests at host firewall and will cause this ping check to fail to detect in use IP addresses. It is recommended to not rely on this option and instead make sure that you exclude a range of addresses using Exclusions and manually assign IP addresses to your devices only in the excluded range.

Domain Name

The domain name for this network to allow assigning a fully qualified domain name to clients. Use a domain name that you own or that is not in common use like 'home' or 'lan' so that you don't block out an existing domain name. (Option 15)

Domain Search List

The list of domain names that the clients can use as a suffix when searching a domain name. (Option 119)

DNS Updates

Enable DNS Updates

Enable this option to allow the DHCP server to automatically update forward and reverse DNS entries for clients.

Enable DNS Overwrite For Dynamic Lease

Enable this option to allow the DHCP server to overwrite existing DNS A record matching the client domain name for dynamic leases.

DNS TTL

seconds (default 900/15m)

The TTL value of the DNS records updated for the above provided domain name.

Router Address

The default gateway IP address to be used by the clients. (Option 3)

DNS Servers

Use This DNS Server

Enable this option to automatically use this DNS Server.

The DNS Server IP addresses to be used by the clients. (Option 6)

WINS Servers

The NBNS/WINS server IP addresses to be used by the clients. (Option 44)

NTP Servers

The Network Time Protocol (NTP) server IP addresses to be used by the clients. (Option 42)

NTP Server Domain Names

Enter NTP server domain names (e.g. pool.ntp.org) above that the DHCP server should automatically resolve and pass the resolved IP addresses to clients as NTP server option. (Option 42)

Static Routes

Destination	Subnet Mask	Router

The static routes to be used by the clients for accessing specified destination networks. (Option 121)

Bootstrap Server Address

The IP address of next server (TFTP) to use in bootstrap by the clients. If not specified, the DHCP server's IP address is used. (siaddr)

Bootstrap Server Host Name

The optional bootstrap server host name to be used by the clients to identify the TFTP server. (sname/Option 66)

Boot File Name

The boot file name stored on the bootstrap TFTP server to be used by the clients. (file/Option 67)

Vendor Specific Information

Vendor Class Identifier	Vendor Specific Information

The Vendor Specific Information (option 43) to be sent to the clients that match the Vendor Class Identifier (option 60) in the request. The Vendor Class Identifier can be empty string to match any identifier, or matched exactly, or match a substring, for example substring(vendor-class-identifier,0,9)=="PXEClient". The Vendor Specific Information must be either a colon (:) separated hex string or a normal hex string, for example 06:01:03:0A:04:00:50:58:45:09:14:00:00:11:52:61:73:70:62:65:72:72:79:20:50:69:20:42:6F:6F:74:FF OR 0601030A0400505845091400001152617370626572727920506920426F6F74FF.

CAPWAP Access Controller Addresses

The Control And Provisioning of Wireless Access Points (CAPWAP) Access Controller IP addresses to be used by Wireless Termination Points to discover the Access Controllers to which it is to connect. (Option 138)

TFTP Server Addresses

The TFTP Server Address or the VoIP Configuration Server Address. (Option 150)

Generic DHCP Options

Code	Hex Value

This feature allows you to define DHCP options that are not yet directly supported. To add an option, use the DHCP option code defined for it and enter the value in either a colon (:) separated hex string or a normal hex string format, for example C0:A8:01:01 OR C0A80101.

Exclusions

Starting Address	Ending Address

The IP address range that must be excluded or not assigned dynamically to any client by the DHCP server.

Note! Make sure to exclude address ranges if you plan to manually assign IP addresses to some of the devices or to assign reserved leases so that these IP addresses are not dynamically allocated in the first place.

Advanced Options

Allow Only Reserved Lease Allocations

Enable this option to stop dynamic IP address allocation and allocate only reserved IP addresses.

Block Locally Administered MAC Addresses

Enable this option to stop dynamic IP address allocation for clients with locally administered MAC addresses. MAC address with 0x02 bit set in the first octet indicate a locally administered MAC address which usually means that the device is not using its original MAC address.

Ignore Client Identifier (Option 61)

This option when enabled will always use the client's MAC address as the identifier to allocate lease instead of the Client Identifier (Option 61) provided by the client in the request. Some Linux distros use a custom Client Identifier instead of the device's MAC Address which can cause issues when the Virtual Machine (VM) in which the OS is installed is cloned causing both the original and cloned clients to get same IP allocated. There can be issues too when the same client changes its Client Identifier and starts getting a different IP address lease. Enabling the Ignore Client Identifier option will fix such issues. Changing this option may cause the existing clients to get a different IP lease on renewal.

Reserved Leases

Host Name	MAC Address	IP Address	Comments

The reserved IP addresses to be assigned to specific clients based on their MAC address. Set a hostname to override the client's hostname.

Username	Session	Last Seen	Remote Address	User Agent

Username	Display Name	Type	2FA Status	Status	Recent Login	Previous Login

Name	Description

Section	User Permissions	Group Permissions

Single Sign-On (SSO)

Enable Single Sign-On (SSO)

Enable to allow Single Sign-On (SSO) with OpenID Connect (OIDC).

Authority (Issuer)

The OpenID Connect (OIDC) Authority URL.

Client ID

The OpenID Connect (OIDC) Client ID.

Client Secret

The OpenID Connect (OIDC) Client Secret.

Metadata Address (Optional)

The OpenID Connect (OIDC) metadata discovery URL to be used instead of the default one. Configure this option only if the Single Sign-On (SSO) provider uses a different discovery URL.

Scopes

Scope Name

Enter the scopes to be sent to the Single Sign-On (SSO) provider. The scopes openid and profile are mandatory and will be automatically added if missing. Add the scope email if you want to use email address as the username for all SSO users that sign up for an account.

SSO User Sign Up

Allow New User Sign Up

Enable to allow automatically provisioning of user accounts for new users signing in via Single Sign-On (SSO). Keep this option disabled if you do not expect new SSO users to sign up.

Allow Sign Up Only For Mapped Users

Enable to allow a new user to sign up via Single Sign-On (SSO) only when the user is a member of at least one Remote Group that is mapped to a Local Group in the Group Map option below. This option allows SSO administrators to restrict SSO users to control who can sign up and get access based on their group memberships.

Group Map (Optional)

Remote Group	Local Group

Map Remote Groups at Single Sign-On (SSO) provider to Local Groups for both new and existing users signed up via Single Sign-On (SSO). A SSO user's group membership will be automatically synced to the mapped Local Groups each time they log in. If your SSO provider does not include group membership claim by default then you will have to add group or roles scope in the Scopes option above as required by the SSO provider.

Note! The Single Sign-On (SSO) uses /sso/callback as the callback path. Thus, your SSO Redirect URI for this DNS Server should be http://localhost:5380/sso/callback which needs to be configure with the SSO provider.

Note! Single Sign-On (SSO) will be enabled only when all of the required parameters are configured correctly. If SSO does not work for any reason, check the Logs section on the panel and search for related error logs.

Note! When a Single Sign-On (SSO) user signs up with the DNS Server, an account for the user is created which uses the email address as the username. If email address is not available, the preferred username is used instead. If you do not wish to use email address as the username, you can remove the email scope from the Scopes option above.

Note! The Single Sign-On (SSO) user's Display Name and Username are managed via the SSO provider and they are automatically synced each time a user logs in.

Note! When Group Map is configured, the Single Sign-On (SSO) user's group membership cannot be managed locally and any group membership changes must be configured at the SSO provider itself. SSO users need to relogin so that any group membership changes made at SSO provider are applied to their user accounts. The Group Map thus allows managing user access centrally via the SSO provider. Keep the Group Map empty if group membership management for SSO users is required to be managed via the DNS Server itself.

Note! The Web Service will be automatically restarted to apply these changes thus there is no need to restart the DNS Server manually.

Note! When using a reverse proxy with the Web Service, you need to add X-Forwarded-Proto and X-Forwarded-Host headers to proxy request to allow the Web Service to correctly form the SSO Redirect URI. If the reverse proxy is setup to use a path prefix then make sure to add the X-Forwarded-Prefix header to proxy request too. These headers will be read only if the reverse proxy IP address is configured to be allowed in the Reverse Proxy Addresses option in Settings > Web Service section. For example, if you are using nginx as the reverse proxy with a path prefix of /dns, then you should add the following headers: proxy_set_header X-Forwarded-Proto $scheme;, proxy_set_header X-Forwarded-Host $host;, proxy_set_header X-Forwarded-Prefix /dns;, and proxy_redirect / /dns/;

Warning! All URLs configured above must use https URL scheme for production environments. Using http URL scheme is not secure and should be used only for testing purposes.

Warning! Any DNS related failure may cause Single Sign-On (SSO) to fail to work making it impossible for SSO users to log in to fix the DNS issue due to circular dependency. Thus, it is recommended to maintain a local administrator user account for such scenarios.

Node Name	IP Address	URL	Type	State	Up Since	Last Seen	Last Synced

View Logs
Query Logs

20171012

App Name

Class Path

Page Number

Logs Per Page

Order

From

Client IP Address

Protocol

Response Type

RCODE

Domain

Type

Class

Live Update

Found: 0 logs

#	Timestamp	Client IP Address	Protocol	Response Type	RCODE	Domain	Type	Class	Answer
Found: 0 logs 1

Technitium DNS Server

Version

Server up since

Copyright (C) 2026 Shreyas Zare (shreyas@technitium.com)
This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions.

Source code available under GNU General Public License v3.0 on GitHub

What's New?

Read the change log to know what's new in this release.

API Documentation

The DNS Server HTTP API allows any 3rd party app or script to configure the DNS Server. The HTTP API is used by this web console and thus all the actions that this web console does can be performed via the API. Read the HTTP API documentation for complete details.