all: sync with master; upd chlog

Updates #5959.

* commit '4b9264531be50e81fe610050a12827b71bc3a9cd':
  clients: use constant a day in milliseconds
  clients: fix lint
  fix error days

.github/ISSUE_TEMPLATE/bug.yml

@@ -32,31 +32,33 @@
   - 'attributes':
         'description': 'On which Platform does the issue occur?'
         'label': 'Platform (OS and CPU architecture)'
+        # NOTE: Keep the 386 at the bottom for each OS, because a lot of people
+        # Seem to confuse them with AMD64, which is what they actually need.
         'options':
-          - 'Darwin (aka macOS)/AMD64 (aka x86_64)'
-          - 'Darwin (aka macOS)/ARM64'
-          - 'FreeBSD/386'
-          - 'FreeBSD/AMD64 (aka x86_64)'
-          - 'FreeBSD/ARM64'
-          - 'FreeBSD/ARMv5'
-          - 'FreeBSD/ARMv6'
-          - 'FreeBSD/ARMv7'
-          - 'Linux/386'
-          - 'Linux/AMD64 (aka x86_64)'
-          - 'Linux/ARM64'
-          - 'Linux/ARMv5'
-          - 'Linux/ARMv6'
-          - 'Linux/ARMv7'
-          - 'Linux/MIPS LE'
-          - 'Linux/MIPS'
-          - 'Linux/MIPS64 LE'
-          - 'Linux/MIPS64'
-          - 'Linux/PPC64 LE'
-          - 'OpenBSD/AMD64 (aka x86_64)'
-          - 'OpenBSD/ARM64'
-          - 'Windows/386'
-          - 'Windows/AMD64 (aka x86_64)'
-          - 'Windows/ARM64'
+          - 'Darwin (aka macOS), AMD64 (aka x86_64)'
+          - 'Darwin (aka macOS), ARM64'
+          - 'FreeBSD, AMD64 (aka x86_64)'
+          - 'FreeBSD, ARM64'
+          - 'FreeBSD, ARMv5'
+          - 'FreeBSD, ARMv6'
+          - 'FreeBSD, ARMv7'
+          - 'FreeBSD, 32-bit Intel (aka 386)'
+          - 'Linux, AMD64 (aka x86_64)'
+          - 'Linux, ARM64'
+          - 'Linux, ARMv5'
+          - 'Linux, ARMv6'
+          - 'Linux, ARMv7'
+          - 'Linux, MIPS LE'
+          - 'Linux, MIPS'
+          - 'Linux, MIPS64 LE'
+          - 'Linux, MIPS64'
+          - 'Linux, PPC64 LE'
+          - 'Linux, 32-bit Intel (aka 386)'
+          - 'OpenBSD, AMD64 (aka x86_64)'
+          - 'OpenBSD, ARM64'
+          - 'Windows, AMD64 (aka x86_64)'
+          - 'Windows, ARM64'
+          - 'Windows, 32-bit Intel (aka 386)'
           - 'Custom (please mention in the description)'
     'id': 'os'
     'type': 'dropdown'
@@ -142,8 +144,10 @@
     'type': 'textarea'
     'validations':
         'required': false
-'description': >
-    Open a bug report.  Please do not open bug reports for questions or help
-    with configuring clients.  If you want to ask for help, use the Discussions
-    section.
+# NOTE: GitHub limits the description length to 200 characters.  Also, Markdown
+# doesn't work here.
+'description': |
+    For help, use the Discussions section instead.  Write the title in English
+    to make it easier for other people to search for duplicates.  (Any language
+    is fine in the body.)
 'name': 'Bug'

.github/ISSUE_TEMPLATE/feature.yml

@@ -48,7 +48,11 @@
     'type': 'textarea'
     'validations':
         'required': false
-'description': 'Suggest a feature or an enhancement for AdGuard Home'
+# NOTE: GitHub limits the description length to 200 characters.  Also, Markdown
+# doesn't work here.
+'description': |
+    Write the title in English to make it easier for other people to search for
+    duplicates.  (Any language is fine in the body.)
 'labels':
   - 'feature request'
 'name': 'Feature request or enhancement'

.github/workflows/build.yml

@@ -1,7 +1,7 @@
 'name': 'build'
 
 'env':
-  'GO_VERSION': '1.19.10'
+  'GO_VERSION': '1.19.11'
   'NODE_VERSION': '14'
 
 'on':

.github/workflows/lint.yml

@@ -1,7 +1,7 @@
 'name': 'lint'
 
 'env':
-  'GO_VERSION': '1.19.10'
+  'GO_VERSION': '1.19.11'
 
 'on':
   'push':

.gitignore

@@ -9,6 +9,7 @@
 *.db
 *.log
 *.snap
+*.test
 /agh-backup/
 /bin/
 /build/*
@@ -16,10 +17,13 @@
 /dist/
 /filtering/tests/filtering.TestLotsOfRules*.pprof
 /filtering/tests/top-1m.csv
+/internal/next/AdGuardHome.yaml
 /launchpad_credentials
 /querylog.json*
 /snapcraft_login
-AdGuardHome*
+AdGuardHome
+AdGuardHome.exe
+AdGuardHome.yaml*
 coverage.txt
 node_modules/
 

CHANGELOG.md

@@ -14,32 +14,204 @@ and this project adheres to
 <!--
 ## [v0.108.0] - TBA
 
-## [v0.107.33] - 2023-06-28 (APPROX.)
+## [v0.107.36] - 2023-08-09 (APPROX.)
 
-See also the [v0.107.33 GitHub milestone][ms-v0.107.33].
+See also the [v0.107.36 GitHub milestone][ms-v0.107.36].
 
-[ms-v0.107.33]: https://github.com/AdguardTeam/AdGuardHome/milestone/68?closed=1
+[ms-v0.107.36]: https://github.com/AdguardTeam/AdGuardHome/milestone/71?closed=1
 
 NOTE: Add new changes BELOW THIS COMMENT.
 -->
 
+<!--
+NOTE: Add new changes ABOVE THIS COMMENT.
+-->
+
+
+
+## [v0.107.35] - 2023-07-26
+
+See also the [v0.107.35 GitHub milestone][ms-v0.107.35].
+
+### Changed
+
+- Improved reliability filtering-rule list updates on Unix systems.
+
+### Fixed
+
+- Occasional client information lookup failures that could lead to the DNS
+  server getting stuck ([#6006]).
+- `bufio.Scanner: token too long` and other errors when trying to add
+  filtering-rule lists with lines over 1024 bytes long or containing cosmetic
+  rules ([#6003]).
+
+### Removed
+
+- Default exposure of the non-standard ports 784 and 8853 for DNS-over-QUIC in
+  the `Dockerfile`.
+
+[#6003]: https://github.com/AdguardTeam/AdGuardHome/issues/6003
+[#6006]: https://github.com/AdguardTeam/AdGuardHome/issues/6006
+
+[ms-v0.107.35]: https://github.com/AdguardTeam/AdGuardHome/milestone/70?closed=1
+
+
+
+## [v0.107.34] - 2023-07-12
+
+See also the [v0.107.34 GitHub milestone][ms-v0.107.34].
+
+### Security
+
+- Go version has been updated to prevent the possibility of exploiting the
+  CVE-2023-29406 Go vulnerability fixed in [Go 1.19.11][go-1.19.11].
+
 ### Added
 
-- The new HTTP API, `GET /control/querylog/export`, which can be used to
-  export query log items.  See `openapi/openapi.yaml` for the full description
-  ([#3389]).
-- The ability to set inactivity periods for filtering blocked services in the
-  configuration file ([#951]).  The UI changes are coming in the upcoming
-  releases.
+- Ability to ignore queries for the root domain, such as `NS .` queries
+  ([#5990]).
+
+### Changed
+
+- Improved CPU and RAM consumption during updates of filtering-rule lists.
+
+#### Configuration Changes
+
+In this release, the schema version has changed from 23 to 24.
+
+- Properties starting with `log_`, and `verbose` property, which used to set up
+  logging are now moved to the new object `log` containing new properties
+  `file`, `max_backups`, `max_size`, `max_age`, `compress`, `local_time`, and
+  `verbose`:
+
+  ```yaml
+  # BEFORE:
+  'log_file': ""
+  'log_max_backups': 0
+  'log_max_size': 100
+  'log_max_age': 3
+  'log_compress': false
+  'log_localtime': false
+  'verbose': false
+
+  # AFTER:
+  'log':
+      'file': ""
+      'max_backups': 0
+      'max_size': 100
+      'max_age': 3
+      'compress': false
+      'local_time': false
+      'verbose': false
+  ```
+
+  To rollback this change, remove the new object `log`, set back `log_` and
+  `verbose` properties and change the `schema_version` back to `23`.
+
+### Deprecated
+
+- Default exposure of the non-standard ports 784 and 8853 for DNS-over-QUIC in
+  the `Dockerfile`.
+
+### Fixed
+
+- Two unspecified IPs when a host is blocked in two filter lists ([#5972]).
+- Incorrect setting of Parental Control cache size.
+- Excessive RAM and CPU consumption by Safe Browsing and Parental Control
+  filters ([#5896]).
+
+### Removed
+
+- The `HEALTHCHECK` section and the use of `tini` in the `ENTRYPOINT` section in
+  `Dockerfile` ([#5939]).  They caused a lot of issues, especially with tools
+  like `docker-compose` and `podman`.
+
+  **NOTE:** Some Docker tools may cache `ENTRYPOINT` sections, so some users may
+  be required to backup their configuration, stop the container, purge the old
+  image, and reload it from scratch.
+
+[#5896]: https://github.com/AdguardTeam/AdGuardHome/issues/5896
+[#5972]: https://github.com/AdguardTeam/AdGuardHome/issues/5972
+[#5990]: https://github.com/AdguardTeam/AdGuardHome/issues/5990
+
+[go-1.19.11]:   https://groups.google.com/g/golang-announce/c/2q13H6LEEx0/m/sduSepLLBwAJ
+[ms-v0.107.34]: https://github.com/AdguardTeam/AdGuardHome/milestone/69?closed=1
+
+
+
+## [v0.107.33] - 2023-07-03
+
+See also the [v0.107.33 GitHub milestone][ms-v0.107.33].
+
+### Added
+
+- The new command-line flag `--web-addr` is the address to serve the web UI on,
+  in the host:port format.
+- The ability to set inactivity periods for filtering blocked services, both
+  globally and per client, in the configuration file ([#951]).  The UI changes
+  are coming in the upcoming releases.
 - The ability to edit rewrite rules via `PUT /control/rewrite/update` HTTP API
-  ([#1577]).
+  and the Web UI ([#1577]).
 
 ### Changed
 
 #### Configuration Changes
 
-In this release, the schema version has changed from 20 to 21.
+In this release, the schema version has changed from 20 to 23.
 
+- Properties `bind_host`, `bind_port`, and `web_session_ttl` which used to setup
+  web UI binding configuration, are now moved to a new object `http` containing
+  new properties `address` and `session_ttl`:
+
+  ```yaml
+  # BEFORE:
+  'bind_host': '1.2.3.4'
+  'bind_port': 8080
+  'web_session_ttl': 720
+
+  # AFTER:
+  'http':
+    'address': '1.2.3.4:8080'
+    'session_ttl': '720h'
+  ```
+
+  Note that the new `http.session_ttl` property is now a duration string.  To
+  rollback this change, remove the new object `http`, set back `bind_host`,
+  `bind_port`, `web_session_ttl`,  and change the `schema_version` back to `22`.
+- Property `clients.persistent.blocked_services`, which in schema versions 21
+  and earlier used to be a list containing ids of blocked services, is now an
+  object containing ids and schedule for blocked services:
+
+  ```yaml
+  # BEFORE:
+  'clients':
+    'persistent':
+      - 'name': 'client-name'
+        'blocked_services':
+        - id_1
+        - id_2
+
+  # AFTER:
+  'clients':
+    'persistent':
+    - 'name': client-name
+      'blocked_services':
+        'ids':
+        - id_1
+        - id_2
+      'schedule':
+        'time_zone': 'Local'
+        'sun':
+          'start': '0s'
+          'end': '24h'
+        'mon':
+          'start': '1h'
+          'end': '23h'
+  ```
+
+  To rollback this change, replace `clients.persistent.blocked_services` object
+  with the list of ids of blocked services and change the `schema_version` back
+  to `21`.
 - Property `dns.blocked_services`, which in schema versions 20 and earlier used
   to be a list containing ids of blocked services, is now an object containing
   ids and schedule for blocked services:
@@ -83,8 +255,23 @@ In this release, the schema version has changed from 20 to 21.
   To rollback this change, replace `dns.blocked_services` object with the list
   of ids of blocked services and change the `schema_version` back to `20`.
 
+### Deprecated
+
+- The `HEALTHCHECK` section and the use of `tini` in the `ENTRYPOINT` section in
+  `Dockerfile` ([#5939]).  They cause a lot of issues, especially with tools
+  like `docker-compose` and `podman`, and will be removed in a future release.
+- Flags `-h`, `--host`, `-p`, `--port` have been deprecated.  The `-h` flag
+  will work as an alias for `--help`, instead of the deprecated `--host` in the
+  future releases.
+
 ### Fixed
 
+- Ignoring of `/etc/hosts` file when resolving the hostnames of upstream DNS
+  servers ([#5902]).
+- Excessive error logging when using DNS-over-QUIC ([#5285]).
+- Inability to set `bind_host` in `AdGuardHome.yaml` in Docker ([#4231],
+  [#4235]).
+- The blocklists can now be deleted properly ([#5700]).
 - Queries with the question-section target `.`, for example `NS .`, are now
   counted in the statistics and correctly shown in the query log ([#5910]).
 - Safe Search not working with `AAAA` queries for domains that don't have `AAAA`
@@ -92,13 +279,16 @@ In this release, the schema version has changed from 20 to 21.
 
 [#951]:  https://github.com/AdguardTeam/AdGuardHome/issues/951
 [#1577]: https://github.com/AdguardTeam/AdGuardHome/issues/1577
-[#3389]: https://github.com/AdguardTeam/AdGuardHome/issues/3389
+[#4231]: https://github.com/AdguardTeam/AdGuardHome/issues/4231
+[#4235]: https://github.com/AdguardTeam/AdGuardHome/pull/4235
+[#5285]: https://github.com/AdguardTeam/AdGuardHome/issues/5285
+[#5700]: https://github.com/AdguardTeam/AdGuardHome/issues/5700
+[#5902]: https://github.com/AdguardTeam/AdGuardHome/issues/5902
 [#5910]: https://github.com/AdguardTeam/AdGuardHome/issues/5910
 [#5913]: https://github.com/AdguardTeam/AdGuardHome/issues/5913
+[#5939]: https://github.com/AdguardTeam/AdGuardHome/discussions/5939
 
-<!--
-NOTE: Add new changes ABOVE THIS COMMENT.
--->
+[ms-v0.107.33]: https://github.com/AdguardTeam/AdGuardHome/milestone/68?closed=1
 
 
 
@@ -2080,11 +2270,14 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].
 
 
 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.33...HEAD
-[v0.107.33]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.32...v0.107.33
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.36...HEAD
+[v0.107.36]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.35...v0.107.36
 -->
 
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.32...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.35...HEAD
+[v0.107.35]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.34...v0.107.35
+[v0.107.34]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.33...v0.107.34
+[v0.107.33]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.32...v0.107.33
 [v0.107.32]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.31...v0.107.32
 [v0.107.31]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.30...v0.107.31
 [v0.107.30]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.29...v0.107.30

Makefile

@@ -37,8 +37,6 @@ SIGN = 1
 VERSION = v0.0.0
 YARN = yarn
 
-NEXTAPI = 0
-
 # Macros for the build-release target.  If FRONTEND_PREBUILT is 0, the
 # default, the macro $(BUILD_RELEASE_DEPS_$(FRONTEND_PREBUILT)) expands
 # into BUILD_RELEASE_DEPS_0, and so both frontend and backend
@@ -66,7 +64,6 @@ ENV = env\
 	PATH="$${PWD}/bin:$$( "$(GO.MACRO)" env GOPATH )/bin:$${PATH}"\
 	RACE='$(RACE)'\
 	SIGN='$(SIGN)'\
-	NEXTAPI='$(NEXTAPI)'\
 	VERBOSE="$(VERBOSE.MACRO)"\
 	VERSION='$(VERSION)'\
 
@@ -78,7 +75,7 @@ build: deps quick-build
 
 quick-build: js-build go-build
 
-ci: deps test
+ci: deps test go-bench go-fuzz
 
 deps: js-deps go-deps
 lint: js-lint go-lint
@@ -104,8 +101,10 @@ js-deps:
 js-lint: ; $(NPM) $(NPM_FLAGS) run lint
 js-test: ; $(NPM) $(NPM_FLAGS) run test
 
+go-bench: ; $(ENV) "$(SHELL)" ./scripts/make/go-bench.sh
 go-build: ; $(ENV) "$(SHELL)" ./scripts/make/go-build.sh
 go-deps:  ; $(ENV) "$(SHELL)" ./scripts/make/go-deps.sh
+go-fuzz:  ; $(ENV) "$(SHELL)" ./scripts/make/go-fuzz.sh
 go-lint:  ; $(ENV) "$(SHELL)" ./scripts/make/go-lint.sh
 go-tools: ; $(ENV) "$(SHELL)" ./scripts/make/go-tools.sh
 
@@ -128,3 +127,10 @@ openapi-lint: ; cd ./openapi/ && $(YARN) test
 openapi-show: ; cd ./openapi/ && $(YARN) start
 
 txt-lint: ; $(ENV) "$(SHELL)" ./scripts/make/txt-lint.sh
+
+# TODO(a.garipov): Consider adding to scripts/ and the common project
+# structure.
+go-upd-tools:
+	cd ./internal/tools/ &&\
+		"$(GO.MACRO)" get -u &&\
+		"$(GO.MACRO)" mod tidy

README.md

@@ -416,7 +416,8 @@ There are three options how you can install an unstable version:
    ###  <a href="#reporting-issues" id="reporting-issues" name="reporting-issues">Report issues</a>
 
 If you run into any problem or have a suggestion, head to [this page][iss] and
-click on the “New issue” button.
+click on the “New issue” button.  Please follow the instructions in the issue
+form carefully and don't forget to start by searching for duplicates.
 
 [iss]: https://github.com/AdguardTeam/AdGuardHome/issues
 

bamboo-specs/release.yaml

@@ -7,7 +7,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
     'channel': 'edge'
-    'dockerGo': 'adguard/golang-ubuntu:6.7'
+    'dockerGo': 'adguard/golang-ubuntu:6.8'
 
 'stages':
   - 'Build frontend':
@@ -272,7 +272,7 @@
         # need to build a few of these.
         'variables':
             'channel': 'beta'
-            'dockerGo': 'adguard/golang-ubuntu:6.7'
+            'dockerGo': 'adguard/golang-ubuntu:6.8'
     # release-vX.Y.Z branches are the branches from which the actual final
     # release is built.
   - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
@@ -287,4 +287,4 @@
         # are the ones that actually get released.
         'variables':
             'channel': 'release'
-            'dockerGo': 'adguard/golang-ubuntu:6.7'
+            'dockerGo': 'adguard/golang-ubuntu:6.8'

bamboo-specs/snapcraft.yaml

@@ -10,7 +10,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
     'channel': 'edge'
-    'dockerGo': 'adguard/golang-ubuntu:6.7'
+    'dockerGo': 'adguard/golang-ubuntu:6.8'
     'snapcraftChannel': 'edge'
 
 'stages':
@@ -191,7 +191,7 @@
         # need to build a few of these.
         'variables':
             'channel': 'beta'
-            'dockerGo': 'adguard/golang-ubuntu:6.7'
+            'dockerGo': 'adguard/golang-ubuntu:6.8'
             'snapcraftChannel': 'beta'
     # release-vX.Y.Z branches are the branches from which the actual final
     # release is built.
@@ -207,5 +207,5 @@
         # are the ones that actually get released.
         'variables':
             'channel': 'release'
-            'dockerGo': 'adguard/golang-ubuntu:6.7'
+            'dockerGo': 'adguard/golang-ubuntu:6.8'
             'snapcraftChannel': 'candidate'

bamboo-specs/test.yaml

@@ -5,7 +5,7 @@
     'key': 'AHBRTSPECS'
     'name': 'AdGuard Home - Build and run tests'
 'variables':
-    'dockerGo': 'adguard/golang-ubuntu:6.7'
+    'dockerGo': 'adguard/golang-ubuntu:6.8'
 
 'stages':
   - 'Tests':

client/src/__locales/be.json

@@ -475,7 +475,9 @@
     "setup_dns_notice": "Каб выкарыстоўваць <1>DNS-over-HTTPS</1> ці <1>DNS-over-TLS</1>, вам патрэбна <0>наладзіць шыфраванне</0> у наладах AdGuard Home.",
     "rewrite_added": "Правіла перанакіравання DNS для «{{key}}» паспяхова дададзена",
     "rewrite_deleted": "Правіла перанакіравання DNS для «{{key}}» паспяхова выдалена",
+    "rewrite_updated": "Перазапіс DNS паспяхова абноўлены",
     "rewrite_add": "Дадаць правіла перанакіравання DNS",
+    "rewrite_edit": "Рэдагаваць перазапіс DNS",
     "rewrite_not_found": "Не знойдзена правілаў перанакіравання DNS",
     "rewrite_confirm_delete": "Вы ўпэўнены, што хочаце выдаліць правіла перанакіравання DNS для «{{key}}»?",
     "rewrite_desc": "Дазваляе лёгка наладзіць карыстацкі DNS-адказ для пэўнага дамена.",

client/src/__locales/cs.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "Opravdu chcete odstranit klienta \"{{key}}\"?",
     "list_confirm_delete": "Opravdu chcete smazat tento seznam?",
     "auto_clients_title": "Spuštění klienti",
-    "auto_clients_desc": "Zařízení, která nejsou na seznamu stálých klientů, a mohou nadále používat AdGuard Home",
+    "auto_clients_desc": "Informace o IP adresách zařízení, která používají nebo mohou používat AdGuard Home. Tyto informace se získávají z několika zdrojů, včetně souborů hosts, reverzního DNS atd.",
     "access_title": "Nastavení přístupu",
     "access_desc": "Zde můžete konfigurovat pravidla přístupu pro server DNS AdGuard Home",
     "access_allowed_title": "Povolení klienti",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "Pro použití <1>DNS skrze HTTPS</1> nebo <1>DNS skrze TLS</1> potřebujete v nastaveních AdGuard Home <0>nakonfigurovat šifrování</0>.",
     "rewrite_added": "Přesměrování DNS pro „{{key}}“ úspěšně přidáno",
     "rewrite_deleted": "Přesměrování DNS pro „{{key}}“ úspěšně smazáno",
+    "rewrite_updated": "Přesměrování DNS bylo úspěšně aktualizováno",
     "rewrite_add": "Přidat přesměrování DNS",
+    "rewrite_edit": "Upravit přesměrování DNS",
     "rewrite_not_found": "Přesměrování DNS nenalezeny",
     "rewrite_confirm_delete": "Jste si jisti, že chcete smazat přesměrování DNS pro „{{key}}“?",
     "rewrite_desc": "Umožňuje snadno nakonfigurovat vlastní DNS odezvy pro konkrétní název domény.",

client/src/__locales/da.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "Sikker på, at du vil slette klient \"{{key}}\"?",
     "list_confirm_delete": "Sikker på, at du vil slette denne liste?",
     "auto_clients_title": "Klienter (runtime)",
-    "auto_clients_desc": "Enheder, som ikke er på listen over Permanente klienter, kan stadig bruge AdGuard Home",
+    "auto_clients_desc": "Oplysninger om IP-adresser på enheder, som (måske) bruger AdGuard Home. Disse oplysninger indsamles fra flere kilder, herunder hosts-filer, reverse DNS mv.",
     "access_title": "Adgangsindstillinger",
     "access_desc": "Her kan adgangsregler for AdGuard Home DNS-serveren opsættes",
     "access_allowed_title": "Tilladte klienter",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "For at kunne bruge <1>DNS-over-HTTPS</1> eller <1>DNS-over-TLS</1>, skal du <0>opsætte Krypteringen</0> i AdGuard Homes indstillinger.",
     "rewrite_added": "DNS-omskrivning for \"{{key}}\" blev tilføjet",
     "rewrite_deleted": "DNS-omskrivning for \"{{key}}\" blev slettet",
+    "rewrite_updated": "DNS-omskrivning hermed opdateret",
     "rewrite_add": "Tilføj DNS-omskrivning",
+    "rewrite_edit": "Redigér DNS-omskrivning",
     "rewrite_not_found": "Ingen DNS-omskrivninger fundet",
     "rewrite_confirm_delete": "Sikker på, at du vil slette DNS-omskrivning for \"{{key}}\"?",
     "rewrite_desc": "Gør det nemt at opsætte det tilpassede DNS-svar for et specifikt domænenavn.",

client/src/__locales/de.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "Möchten Sie den Client „{{key}}“ wirklich löschen?",
     "list_confirm_delete": "Möchten Sie diese Liste wirklich löschen?",
     "auto_clients_title": "Laufzeit-Clients",
-    "auto_clients_desc": "Geräte, die nicht auf der Liste der persistenten Clients stehen und trotzdem AdGuard Home verwenden dürfen",
+    "auto_clients_desc": "Informationen über IP-Adressen der Geräten, die AdGuard Home nutzen oder nutzen könnten. Diese Informationen werden aus verschiedenen Quellen gesammelt, darunter Hosts-Dateien, Reverse-DNS usw.",
     "access_title": "Zugriffsrechte",
     "access_desc": "Hier können Sie die Zugriffsregeln für den DNS-Server von AdGuard Home konfigurieren",
     "access_allowed_title": "Zugelassene Clients",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "Um <1>DNS-over-HTTTPS</1> oder <1>DNS-over-TLS</1> verwenden zu können, müssen Sie in den AdGuard Home Einstellungen die <0>Verschlüsselung konfigurieren</0>.",
     "rewrite_added": "DNS-Umschreibung für „{{key}}“ erfolgreich hinzugefügt",
     "rewrite_deleted": "DNS-Umschreibung für „{{key}}“ erfolgreich entfernt",
+    "rewrite_updated": "DNS-Rewrite erfolgreich aktualisiert",
     "rewrite_add": "DNS-Umschreibung hinzufügen",
+    "rewrite_edit": "DNS-Rewrite bearbeiten",
     "rewrite_not_found": "Keine DNS-Umschreibungen gefunden",
     "rewrite_confirm_delete": "Möchten Sie die DNS-Umschreibung für „{{key}}“ wirklich entfernen?",
     "rewrite_desc": "Ermöglicht die einfache Konfiguration der benutzerdefinierten DNS-Antwort für einen bestimmten Domainnamen.",

client/src/__locales/en.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "Are you sure you want to delete client \"{{key}}\"?",
     "list_confirm_delete": "Are you sure you want to delete this list?",
     "auto_clients_title": "Runtime clients",
-    "auto_clients_desc": "Devices not on the list of Persistent clients that may still use AdGuard Home",
+    "auto_clients_desc": "Information about IP addresses of devices that are using or may use AdGuard Home. This information is gathered from several sources, including hosts files, reverse DNS, etc.",
     "access_title": "Access settings",
     "access_desc": "Here you can configure access rules for the AdGuard Home DNS server",
     "access_allowed_title": "Allowed clients",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "In order to use <1>DNS-over-HTTPS</1> or <1>DNS-over-TLS</1>, you need to <0>configure Encryption</0> in AdGuard Home settings.",
     "rewrite_added": "DNS rewrite for \"{{key}}\" successfully added",
     "rewrite_deleted": "DNS rewrite for \"{{key}}\" successfully deleted",
+    "rewrite_updated": "DNS rewrite successfully updated",
     "rewrite_add": "Add DNS rewrite",
+    "rewrite_edit": "Edit DNS rewrite",
     "rewrite_not_found": "No DNS rewrites found",
     "rewrite_confirm_delete": "Are you sure you want to delete DNS rewrite for \"{{key}}\"?",
     "rewrite_desc": "Allows to easily configure custom DNS response for a specific domain name.",

client/src/__locales/es.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "¿Estás seguro de que deseas eliminar el cliente \"{{key}}\"?",
     "list_confirm_delete": "¿Estás seguro de que deseas eliminar esta lista?",
     "auto_clients_title": "Clientes activos",
-    "auto_clients_desc": "Dispositivos que no están en la lista de clientes persistentes que aún pueden utilizar AdGuard Home",
+    "auto_clients_desc": "Información sobre las direcciones IP de los dispositivos que usan o pueden usar AdGuard Home. Esta información se recopila de varias fuentes, incluidos ficheros de host, DNS inverso, etc.",
     "access_title": "Configuración de acceso",
     "access_desc": "Aquí puedes configurar las reglas de acceso para el servidor DNS de AdGuard Home",
     "access_allowed_title": "Clientes permitidos",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "Para utilizar <1>DNS mediante HTTPS</1> o <1>DNS mediante TLS</1>, debes <0>configurar el cifrado</0> en la configuración de AdGuard Home.",
     "rewrite_added": "Reescritura DNS para \"{{key}}\" añadido correctamente",
     "rewrite_deleted": "Reescritura DNS para \"{{key}}\" eliminado correctamente",
+    "rewrite_updated": "Reconfiguración de DNS actualizada correctamente",
     "rewrite_add": "Añadir reescritura DNS",
+    "rewrite_edit": "Editar reconfiguración de DNS",
     "rewrite_not_found": "No se han encontrado reescrituras DNS",
     "rewrite_confirm_delete": "¿Estás seguro de que deseas eliminar la reescritura DNS para \"{{key}}\"?",
     "rewrite_desc": "Permite configurar fácilmente la respuesta DNS personalizada para un nombre de dominio específico.",

client/src/__locales/fa.json

@@ -440,7 +440,9 @@
     "setup_dns_notice": "به منظور استفاده از <1>DNS-over-HTTPS</1> یا <1>DNS-over-TLS</1>، شما نیاز به <0>پیکربندی رمزگذاری</0> در تنظیمات AdGuard Home دارید.",
     "rewrite_added": "بازنویسی DNS برای \"{{key}}\" با موفقیت اضافه شد",
     "rewrite_deleted": "بازنویسی DNS برای \"{{key}}\" با موفقیت حذف شد",
+    "rewrite_updated": "بازنویسی DNS با موفقیت به روز شد",
     "rewrite_add": "افزودن بازنویسی DNS",
+    "rewrite_edit": "بازنویسی DNS را ویرایش کنید",
     "rewrite_not_found": "بازنویسی DNS یافت نشد",
     "rewrite_confirm_delete": "آیا واقعا میخواهید بازنویسی DNS برای \"{{key}}\" را حذف کنید؟",
     "rewrite_desc": "به آسانی اجازه پیکربندی پاسخ DNS دستی برای یک نام دامنه خاص را می دهد.",

client/src/__locales/fi.json

@@ -2,21 +2,21 @@
     "client_settings": "Päätelaiteasetukset",
     "example_upstream_reserved": "ylävirta <0>tietyille verkkotunnuksille</0>;",
     "example_upstream_comment": "kommentti.",
-    "upstream_parallel": "Käytä rinnakkaisia pyyntöjä ja nopeuta selvitystä käyttämällä kaikkia ylävirran palvelimia samanaikaisesti.",
+    "upstream_parallel": "Käytä rinnakkaisia pyyntöjä ja nopeuta selvitystä käyttämällä kaikkia ylävirtapalvelimia samanaikaisesti.",
     "parallel_requests": "Rinnakkaiset pyynnöt",
     "load_balancing": "Kuormantasaus",
-    "load_balancing_desc": "Lähetä pyyntö yhdelle ylävirran palvelimelle kerrallaan. AdGuard Home pyrkii valitsemaan nopeimman palvelimen painotetun satunnaisalgoritminsa avulla.",
+    "load_balancing_desc": "Lähetä pyyntö yhdelle ylävirtapalvelimelle kerrallaan. AdGuard Home pyrkii valitsemaan nopeimman palvelimen painotetun satunnaisalgoritminsa avulla.",
     "bootstrap_dns": "Bootstrap DNS-palvelimet",
     "bootstrap_dns_desc": "Bootstrap DNS-palvelimia käytetään ylävirroiksi määritettyjen DoH/DoT-resolvereiden IP-osoitteiden selvitykseen.",
-    "local_ptr_title": "Yksityiset käänteiset DNS-palvelimet",
-    "local_ptr_desc": "DNS-palvelimet, joita AdGuard Home käyttää paikallisille PTR-pyynnöille. Näitä palvelimia käytetään yksityistä IP-osoitetta käyttävien PTR-pyyntöjen osoitteiden, kuten \"192.168.12.34\", selvitykseen käänteisen DNS:n avulla. Jos ei käytössä, AdGuard Home käyttää käyttöjärjestelmän oletusarvoisia DNS-resolvereita, poislukien AdGuard Homen omat osoitteet.",
-    "local_ptr_default_resolver": "Oletusarvoisesti AdGuard Home käyttää seuraavia käänteisiä DNS-resolvereita: {{ip}}.",
-    "local_ptr_no_default_resolver": "AdGuard Home ei voinut määrittää tälle järjestelmälle sopivaa yksityistä käänteistä DNS-resolveria.",
+    "local_ptr_title": "Yksityiset käänteis-DNS-palvelimet",
+    "local_ptr_desc": "DNS-palvelimet, joita AdGuard Home käyttää paikallisille PTR-pyynnöille. Näitä palvelimia käytetään yksityistä IP-osoitetta käyttävien PTR-pyyntöjen osoitteiden, kuten \"192.168.12.34\", selvitykseen käänteis-DNS:n avulla. Jos ei käytössä, AdGuard Home käyttää käyttöjärjestelmän oletusarvoisia DNS-resolvereita, poislukien AdGuard Homen omat osoitteet.",
+    "local_ptr_default_resolver": "Oletusarvoisesti AdGuard Home käyttää seuraavia käänteis-DNS-resolvereita: {{ip}}.",
+    "local_ptr_no_default_resolver": "AdGuard Home ei voinut määrittää tälle järjestelmälle sopivaa yksityistä käänteis-DNS-resolveria.",
     "local_ptr_placeholder": "Syötä yksi palvelimen osoite per rivi",
     "resolve_clients_title": "Käytä päätelaitteiden IP-osoitteille käänteistä selvitystä",
-    "resolve_clients_desc": "Selvitä päätelaitteiden IP-osoitteiden isäntänimet käänteisesti lähettämällä PTR-pyynnöt sopiville resolvereille (yksityiset DNS-palvelimet paikallisille päätelaitteille, lähtevät palvelimet päätelaitteille, joilla on julkiset IP-osoitteet).",
-    "use_private_ptr_resolvers_title": "Käytä yksityisiä käänteisiä DNS-resolvereita",
-    "use_private_ptr_resolvers_desc": "Suorita käänteiset DNS-selvitykset paikallisesti tarjotuille osoitteille käyttäen näitä ylävirran palvelimia. Jos ei käytössä, vastaa AdGuard Home kaikkiin sen tyyppisiin PTR-pyyntöihin NXDOMAIN-arvolla, pois lukien DHCP, /etc/hosts, yms. -tiedoista tunnistettut päätelaitteet.",
+    "resolve_clients_desc": "Selvitä päätelaitteiden IP-osoitteiden isäntänimet käänteisesti lähettämällä PTR-pyynnöt sopiville resolvereille (yksityiset DNS-palvelimet paikallisille päätelaitteille, ylävirtapalvelimet päätelaitteille, joilla on julkiset IP-osoitteet).",
+    "use_private_ptr_resolvers_title": "Käytä yksityisiä käänteis-DNS-resolvereita",
+    "use_private_ptr_resolvers_desc": "Suorita käänteis-DNS-selvitykset paikallisesti tarjotuille osoitteille käyttäen näitä ylävirtapalvelimia. Jos ei käytössä, vastaa AdGuard Home kaikkiin sen tyyppisiin PTR-pyyntöihin NXDOMAIN-arvolla, pois lukien DHCP, /etc/hosts, yms. -tiedoista tunnistettut päätelaitteet.",
     "check_dhcp_servers": "Etsi DHCP-palvelimia",
     "save_config": "Tallenna asetukset",
     "enabled_dhcp": "DHCP-palvelin otettiin käyttöön",
@@ -220,9 +220,9 @@
     "example_upstream_tcp_port": "tavallinen DNS (TCP, portti);",
     "example_upstream_tcp_hostname": "tavallinen DNS (TCP, isäntänimi);",
     "all_lists_up_to_date_toast": "Kaikki listat ovat ajan tasalla",
-    "updated_upstream_dns_toast": "Ylävirtojen palvelimet tallennettiin",
+    "updated_upstream_dns_toast": "Ylävirtapalvelimet tallennettiin",
     "dns_test_ok_toast": "Määritetyt DNS-palvelimet toimivat oikein",
-    "dns_test_not_ok_toast": "Palvelin \"{{key}}\": ei voitu käyttää, tarkista sen oikeinkirjoitus",
+    "dns_test_not_ok_toast": "Palvelin \"{{key}}\": Ei voitu käyttää, tarkista oikeinkirjoitus",
     "dns_test_warning_toast": "Datavuon \"{{key}}\" ei vastaa testipyyntöihin eikä välttämättä toimi kunnolla",
     "unblock": "Salli",
     "block": "Estä",
@@ -444,7 +444,7 @@
     "client_confirm_delete": "Haluatko varmasti poistaa päätelaitteen \"{{key}}\"?",
     "list_confirm_delete": "Haluatko varmasti poistaa tämän listan?",
     "auto_clients_title": "Määrittämättömät päätelaitteet",
-    "auto_clients_desc": "Päätelaitteet, joita ei ole määritetty pysyviksi ja jotka voivat silti käyttää AdGuard Homea.",
+    "auto_clients_desc": "Päätelaitteet, joita ei ole määritetty pysyviksi ja jotka voivat silti käyttää AdGuard Homea. Näitä tietoja kertään useista lähteistä, mm. hosts-tiedostoista ja kääteis-DNS:llä.",
     "access_title": "Käytön asetukset",
     "access_desc": "Tässä voidaan määrittää AdGuard Homen DNS-palvelimen käyttöoikeussääntöjä.",
     "access_allowed_title": "Sallitut päätelaitteet",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "<1>DNS-over-HTTPS</1> tai <1>DNS-over-TLS</1> -toteutuksia varten, on AdGuard Homen <0>Salausasetukset</0> määritettävä.",
     "rewrite_added": "Kohteen \"{{key}}\" DNS-uudelleenohjaus lisättiin",
     "rewrite_deleted": "Kohteen \"{{key}}\" DNS-uudelleenohjaus poistettiin",
+    "rewrite_updated": "DNS-uudelleenohjaukset päivitettiin",
     "rewrite_add": "Lisää DNS-uudelleenohjaus",
+    "rewrite_edit": "Muokkaa DNS-uudelleenohjausta",
     "rewrite_not_found": "DNS-uudelleenohjauksia ei löytynyt",
     "rewrite_confirm_delete": "Haluatko varmasti poistaa DNS-uudelleenohjauksen kohteelle \"{{key}}\"?",
     "rewrite_desc": "Mahdollistaa oman DNS-vastauksen helpon määrityksen tietylle verkkotunnukselle.",
@@ -621,7 +623,7 @@
     "enter_cache_size": "Syötä välimuistin koko (tavuina)",
     "enter_cache_ttl_min_override": "Syötä vähimmäis-TTL (sekunteina)",
     "enter_cache_ttl_max_override": "Syötä enimmäis-TTL (sekunteina)",
-    "cache_ttl_min_override_desc": "Pidennä ylävirran palvelimelta vastaanotettuja, lyhyitä elinaika-arvoja (sekunteina) tallennettaessa DNS-vastauksia välimuistiin.",
+    "cache_ttl_min_override_desc": "Pidennä ylävirtapalvelimelta vastaanotettuja, lyhyitä elinaika-arvoja (sekunteina) tallennettaessa DNS-vastauksia välimuistiin.",
     "cache_ttl_max_override_desc": "Määritä DNS-välimuistin kohteiden enimmäiselinaika (sekunteina).",
     "ttl_cache_validation": "Välimuistin vähimmäiselinajan on oltava pienempi tai sama kuin enimmäiselinajan",
     "cache_optimistic": "Optimistinen välimuisti",

client/src/__locales/fr.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "Voulez-vous vraiment supprimer le client « {{key}} » ?",
     "list_confirm_delete": "Voulez-vous vraiment supprimer cette liste ?",
     "auto_clients_title": "Clients d'exécution",
-    "auto_clients_desc": "Appareils ne figurant pas sur la liste des clients persistants qui peuvent encore utiliser AdGuard Home.",
+    "auto_clients_desc": "Informations sur les adresses IP des appareils qui utilisent ou pourraient utiliser AdGuard Home. Ces informations sont recueillies à partir de plusieurs sources, notamment les fichiers hosts, le DNS inverse, etc.",
     "access_title": "Paramètres d'accès",
     "access_desc": "Ici vous pouvez configurer les règles d'accès au serveur DNS AdGuard Home",
     "access_allowed_title": "Clients autorisés",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "Pour utiliser le <1>DNS-over-HTTPS</1> ou le <1>DNS-over-TLS</1>, vous devez <0>configurer le Chiffrement</0> dans les paramètres de AdGuard Home.",
     "rewrite_added": "Réécriture DNS pour « {{key}} » ajoutée",
     "rewrite_deleted": "Réécriture DNS pour « {{key}} » supprimée",
+    "rewrite_updated": "Réécriture DNS mise à jour",
     "rewrite_add": "Ajouter une réécriture DNS",
+    "rewrite_edit": "Modifier la réécriture DNS",
     "rewrite_not_found": "Aucune réécriture DNS trouvée",
     "rewrite_confirm_delete": "Voulez-vous vraiment supprimer la réécriture DNS pour « {{key}} » ?",
     "rewrite_desc": "Permet de configurer facilement la réponse DNS personnalisée pour un nom de domaine spécifique.",

client/src/__locales/hr.json

@@ -478,7 +478,9 @@
     "setup_dns_notice": "Da biste koristili <1>DNS-over-HTTPS</1> ili <1>DNS-over-TLS</1>, morate <0>postaviti šifriranje</0> u AdGuard Home postavkama.",
     "rewrite_added": "DNS prijepis za \"{{key}}\" je uspješno dodan",
     "rewrite_deleted": "DNS prijepis za \"{{key}}\" je uspješno uklonjen",
+    "rewrite_updated": "Prepisivanje DNS-a uspješno ažurirano",
     "rewrite_add": "Dodaj DNS prijepis",
+    "rewrite_edit": "Uredite prepisivanje DNS-a",
     "rewrite_not_found": "Nema DNS prijepisa",
     "rewrite_confirm_delete": "Jeste li sigurni da želite ukloniti DNS prijepis za \"{{key}}\" klijenta?",
     "rewrite_desc": "Omogućuje jednostavno postavljanje prilagođenog DNS odgovora za određenu domenu.",

client/src/__locales/hu.json

@@ -167,6 +167,7 @@
     "enabled_parental_toast": "Szülői felügyelet engedélyezve",
     "disabled_safe_search_toast": "Biztonságos keresés letiltva",
     "enabled_save_search_toast": "Biztonságos keresés engedélyezve",
+    "updated_save_search_toast": "A Biztonságos keresés beállításai frissítve",
     "enabled_table_header": "Engedélyezve",
     "name_table_header": "Név",
     "list_url_table_header": "Lista URL-je",
@@ -290,6 +291,8 @@
     "rate_limit": "Kérések korlátozása",
     "edns_enable": "EDNS kliens alhálózat engedélyezése",
     "edns_cs_desc": "Adja hozzá az EDNS Client Subnet beállítást (ECS) a felfelé irányuló kérésekhez, és naplózza a kliensek által küldött értékeket a lekérdezési naplóban.",
+    "edns_use_custom_ip": "Használjon egyéni IP-címet az EDNS-hez",
+    "edns_use_custom_ip_desc": "Engedélyezze az egyéni IP-cím használatát az EDNS-hez",
     "rate_limit_desc": "Maximálisan hány kérést küldhet egy kliens másodpercenkén. Ha 0-ra állítja, akkor nincs korlátozás.",
     "blocking_ipv4_desc": "A blokkolt A kéréshez visszaadandó IP-cím",
     "blocking_ipv6_desc": "A blokkolt AAAA kéréshez visszaadandó IP-cím",
@@ -475,7 +478,9 @@
     "setup_dns_notice": "Ahhoz, hogy a <1>DNS-over-HTTPS</1> vagy a <1>DNS-over-TLS</1> valamelyikét használja, muszáj <0>beállítania a titkosítást</0> az AdGuard Home beállításaiban.",
     "rewrite_added": "DNS átírás a(z) \"{{key}}\" kulcshoz sikeresen hozzáadva",
     "rewrite_deleted": "DNS átírás a(z) \"{{key}}\" kulcshoz sikeresen törölve",
+    "rewrite_updated": "A DNS újraírása sikeresen frissítve",
     "rewrite_add": "DNS átírás hozzáadása",
+    "rewrite_edit": "DNS újraírás szerkesztése",
     "rewrite_not_found": "Nem találhatók DNS átírások",
     "rewrite_confirm_delete": "Biztosan törölni szeretné a DNS átírást ehhez: \"{{key}}\"?",
     "rewrite_desc": "Lehetővé teszi, hogy egyszerűen beállítson egyéni DNS választ egy adott domain névhez.",
@@ -523,6 +528,10 @@
     "statistics_retention_confirm": "Biztos benne, hogy megváltoztatja a statisztika megőrzési idejét? Ha csökkentette az értéket, a megadottnál korábbi adatok elvesznek",
     "statistics_cleared": "A statisztikák sikeresen vissza lettek állítva",
     "statistics_enable": "Statisztikák engedélyezése",
+    "ignore_domains": "Figyelmen kívül hagyott domainek (újsorral elválasztva)",
+    "ignore_domains_title": "Figyelmen kívül hagyott domainek",
+    "ignore_domains_desc_stats": "Az ezekre a tartományokra vonatkozó lekérdezések nem kerülnek a statisztikákba",
+    "ignore_domains_desc_query": "Az ezekhez a tartományokhoz tartozó lekérdezések nem kerülnek a lekérdezési naplóba",
     "interval_hours": "{{count}} óra",
     "interval_hours_plural": "{{count}} óra",
     "filters_configuration": "Szűrők beállításai",
@@ -643,5 +652,29 @@
     "confirm_dns_cache_clear": "Biztos benne, hogy törölni szeretné a DNS-gyorsítótárat?",
     "cache_cleared": "A DNS gyorsítótár sikeresen törlődött",
     "clear_cache": "Gyorsítótár törlése",
-    "protection_section_label": "Védelem"
+    "make_static": "Statikussá tétel",
+    "theme_auto_desc": "Automatikus (az eszköz színsémájától függően)",
+    "theme_dark_desc": "Sötét téma",
+    "theme_light_desc": "Világos téma",
+    "disable_for_seconds": "{{count}} másodpercig",
+    "disable_for_seconds_plural": "{{count}} másodpercig",
+    "disable_for_minutes": "{{count}} percig",
+    "disable_for_minutes_plural": "{{count}} percig",
+    "disable_for_hours": "{{count}} óráig",
+    "disable_for_hours_plural": "{{count}} óráig",
+    "disable_until_tomorrow": "Holnapig",
+    "disable_notify_for_seconds": "Kapcsolja ki a védelmet {{count}} másodpercre",
+    "disable_notify_for_seconds_plural": "Kapcsolja ki a védelmet {{count}} másodpercre",
+    "disable_notify_for_minutes": "Kapcsolja ki a védelmet {{count}} percre",
+    "disable_notify_for_minutes_plural": "Kapcsolja ki a védelmet {{count}} percre",
+    "disable_notify_for_hours": "Kapcsolja ki a védelmet {{count}} órára",
+    "disable_notify_for_hours_plural": "Kapcsolja ki a védelmet {{count}} órára",
+    "disable_notify_until_tomorrow": "Holnapig kapcsolja ki a védelmet",
+    "enable_protection_timer": "A védelem {{time}}-kor aktiválódik",
+    "custom_retention_input": "Adja meg a megőrzést órákban",
+    "custom_rotation_input": "Írja be a forgatást órákban",
+    "protection_section_label": "Védelem",
+    "log_and_stats_section_label": "Lekérdezési napló és statisztikák",
+    "ignore_query_log": "Figyelmen kívül hagyja ezt az ügyfelet a lekérdezési naplóban",
+    "ignore_statistics": "Hagyja figyelmen kívül ezt az ügyfelet a statisztikákban"
 }

client/src/__locales/id.json

@@ -474,7 +474,9 @@
     "setup_dns_notice": "Jikalau ingin menggunakan <1>DNS-over-HTTPS</1> atau <1>DNS-over-TLS</1>, Anda perlu <0>mengatur Enkripsi</0> pada pengaturan AdGuard Home.",
     "rewrite_added": "DNS rewrite untuk \"{{key}}\" berhasil ditambahkan",
     "rewrite_deleted": "DNS rewrite untuk \"{{key}}\" berhasil dihapus",
+    "rewrite_updated": "Penulisan ulang DNS berhasil diperbarui",
     "rewrite_add": "Tambah DNS rewrite",
+    "rewrite_edit": "Edit penulisan ulang DNS",
     "rewrite_not_found": "Tidak ada DNS rewrite ditemukan",
     "rewrite_confirm_delete": "Apakah anda yakin ingin menghapus DNS rewrite untuk \"{{key}}\"?",
     "rewrite_desc": "Memungkinkan untuk dengan mudah mengkonfigurasi respons DNS kustom untuk nama domain tertentu.",

client/src/__locales/it.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "Sei sicuro di voler eliminare il client \"{{key}}\"?",
     "list_confirm_delete": "Sei sicuro di voler eliminare questo elenco?",
     "auto_clients_title": "Client in tempo reale",
-    "auto_clients_desc": "Dispositivi non presenti nell'elenco dei client Persistenti che possono ancora utilizzare AdGuard Home",
+    "auto_clients_desc": "Informazioni sugli indirizzi IP dei dispositivi che utilizzano o potrebbero utilizzare AdGuard Home. Queste informazioni vengono raccolte da diverse fonti, inclusi file host, DNS inverso, ecc.",
     "access_title": "Impostazioni di accesso",
     "access_desc": "Qui puoi configurare le regole d'accesso per il server DNS di AdGuard Home",
     "access_allowed_title": "Client permessi",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "Per utilizzare <1>DNS su HTTPS</1> o <1>DNS su TLS</1>, è necessario <0>configurare la crittografia</0> nelle impostazioni di AdGuard Home.",
     "rewrite_added": "Riscrittura DNS per \"{{key}}\" aggiunta correttamente",
     "rewrite_deleted": "La riscrittura DNS per \"{{key}}\" è stata eliminata correttamente",
+    "rewrite_updated": "Riscrittura DNS aggiornata correttamente",
     "rewrite_add": "Aggiungi la riscrittura DNS",
+    "rewrite_edit": "Modifica della riscrittura DNS",
     "rewrite_not_found": "Nessuna riscrittura DNS trovata",
     "rewrite_confirm_delete": "Sei sicuro di voler cancellare la riscrittura DNS per \"{{key}}\"?",
     "rewrite_desc": "Consente di configurare facilmente la risposta DNS personalizzata per un nome di dominio specifico.",

client/src/__locales/ja.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "クライアント \"{{key}}\" を削除してもよろしいですか？",
     "list_confirm_delete": "このリストを削除してもよろしいですか？",
     "auto_clients_title": "ランタイムクライアント",
-    "auto_clients_desc": "永続的クライアントのリストに未登録で、AdGuard Homeを使用する場合があるデバイスのリスト。",
+    "auto_clients_desc": "AdGuard Home を使用している、または使用する可能性のあるデバイスの IP アドレスに関する情報です。この情報は、hosts ファイル、リバース DNS など、複数の情報源から収集されます。",
     "access_title": "アクセス設定",
     "access_desc": "こちらでは、AdGuard Home DNSサーバーのアクセスルールを設定できます。",
     "access_allowed_title": "許可されたクライアント",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "<1>DNS-over-HTTPS</1>または<1>DNS-over-TLS</1>を使用するには、AdGuard Home 設定の<0>暗号化設定</0>が必要です。",
     "rewrite_added": "\"{{key}}\" のDNS書き換え情報を追加完了しました",
     "rewrite_deleted": "\"{{key}}\" のDNS書き換え情報を削除完了しました",
+    "rewrite_updated": "DNS rewrite を更新完了しました。",
     "rewrite_add": "DNS書き換え情報を追加する",
+    "rewrite_edit": "DNS rewrite を編集する",
     "rewrite_not_found": "DNS書き換え情報はありません",
     "rewrite_confirm_delete": "\"{{key}}\" のDNS書き換え情報を削除してもよろしいですか？",
     "rewrite_desc": "特定のドメイン名に対するDNS応答を簡単にカスタマイズすることを可能にします。",

client/src/__locales/ko.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "정말 클라이언트 '{{key}}'을(를) 삭제하시겠습니까?",
     "list_confirm_delete": "정말로 이 목록을 제거하시겠습니까?",
     "auto_clients_title": "런타임 클라이언트",
-    "auto_clients_desc": "AdGuard Home을 계속 사용할 수 있는 영구 클라이언트 목록에 없는 디바이스입니다",
+    "auto_clients_desc": "AdGuard Home을 사용 중이거나 사용할 수 있는 기기의 IP 주소에 대한 정보가 표시됩니다. 이 정보는 호스트 파일, 역방향 DNS 등 여러 소스에서 수집됩니다.",
     "access_title": "접근 설정",
     "access_desc": "여기에서 AdGuard Home DNS 서버에 대한 액세스 규칙을 설정할 수 있습니다",
     "access_allowed_title": "허용된 클라이언트",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "<1>DNS-over-HTTPS</1> 또는 <1>DNS-over-TLS를</1> 사용하려면 AdGuard Home 설정에서 <0>암호화를 구성해야 합니다.</0>",
     "rewrite_added": "'{{key}}'에 대한 DNS 수정 정보를 성공적으로 추가 됩니다",
     "rewrite_deleted": "'{{key}}'에 대한 DNS 수정 정보를 성공적으로 삭제 됩니다",
+    "rewrite_updated": "DNS 다시 쓰기 업데이트 완료",
     "rewrite_add": "DNS 변환 정보를 추가합니다",
+    "rewrite_edit": "DNS 다시 쓰기 편집",
     "rewrite_not_found": "DNS 변경 정보를 찾을 수 없습니다",
     "rewrite_confirm_delete": "'{{key}}'에 대한 DNS 변경 정보를 삭제하시겠습니까?",
     "rewrite_desc": "특정 도메인 이름에 대한 사용자 지정 DNS 응답을 쉽게 구성할 수 있습니다.",

client/src/__locales/nl.json

@@ -186,7 +186,7 @@
     "cancel_btn": "Annuleren",
     "enter_name_hint": "Voeg naam toe",
     "enter_url_or_path_hint": "Voer een URL in of het pad van de lijst",
-    "check_updates_btn": "Controleer op updates",
+    "check_updates_btn": "Controleren op updates",
     "new_blocklist": "Nieuwe blokkeerlijst",
     "new_allowlist": "Nieuwe toelatingslijst",
     "edit_blocklist": "Blokkeerlijst beheren",
@@ -444,7 +444,7 @@
     "client_confirm_delete": "Ben je zeker dat je deze gebruiker \"{{key}}\" wilt verwijderen?",
     "list_confirm_delete": "Ben je zeker om deze lijst te verwijderen?",
     "auto_clients_title": "Runtime-clients",
-    "auto_clients_desc": "Apparaten die niet op de lijst van permanente clients staan die mogelijk nog steeds AdGuard Home gebruiken",
+    "auto_clients_desc": "Informatie over IP-adressen van apparaten die AdGuard Home gebruiken of kunnen gebruiken. Deze informatie wordt verzameld uit verschillende bronnen, waaronder hosts-bestanden, reverse DNS, enz.",
     "access_title": "Toegangs instellingen",
     "access_desc": "Hier kan je toegangsregels voor de AdGuard Home DNS-server instellen",
     "access_allowed_title": "Toegestane gebruikers",
@@ -456,7 +456,7 @@
     "access_settings_saved": "Toegangsinstellingen succesvol opgeslagen",
     "updates_checked": "Een nieuwe versie van AdGuard Home is beschikbaar\n",
     "updates_version_equal": "AdGuard Home is actueel",
-    "check_updates_now": "Controleer op updates",
+    "check_updates_now": "Nu controleren op updates",
     "version_request_error": "Updatecontrole mislukt. Controleer je internetverbinding.",
     "dns_privacy": "DNS Privacy",
     "setup_dns_privacy_1": "<0>DNS-via-TLS:</0> Gebruik <1>{{address}}</1> string.",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "Om <1>DNS-via-HTTPS</1> of <1>DNS-via-TLS</1> te gebruiken, moet je <0>Versleuteling configureren</0> in de AdGuard Home instellingen.",
     "rewrite_added": "DNS-herschrijving voor \"{{key}}\" met succes toegevoegd",
     "rewrite_deleted": "DNS-herschrijving voor \"{{key}}\" met succes verwijderd",
+    "rewrite_updated": "DNS-herschrijven succesvol bijgewerkt",
     "rewrite_add": "DNS-herschrijving toevoegen",
+    "rewrite_edit": "DNS-herschrijven bewerken",
     "rewrite_not_found": "Geen DNS-herschrijving gevonden",
     "rewrite_confirm_delete": "Bent u zeker dat u DNS-herschrijving \"{{key}}\" wilt verwijderen?",
     "rewrite_desc": "Hiermee kunt u eenvoudig aangepaste DNS-antwoorden configureren voor een specifieke domeinnaam.",
@@ -571,7 +573,7 @@
     "tags_title": "Labels",
     "tags_desc": "Je kunt labels selecteren die overeenkomen met de client. Labels kunnen worden opgenomen in de filterregels om ze \n nauwkeuriger toe te passen. <0>Meer informatie</0>.",
     "form_select_tags": "Client tags selecteren",
-    "check_title": "Controleer de filtering",
+    "check_title": "De filtering controleren",
     "check_desc": "Controleren of een hostnaam wordt gefilterd.",
     "check": "Controleren",
     "form_enter_host": "Voer een hostnaam in",

client/src/__locales/no.json

@@ -457,7 +457,9 @@
     "setup_dns_notice": "For å benytte <1>DNS-over-HTTPS</1> eller <1>DNS-over-TLS</1>, må du <0>sette opp Kryptering</0> i AdGuard Home-innstillingene.",
     "rewrite_added": "DNS-omdirigeringen for «{{key}}» ble vellykket lagt til",
     "rewrite_deleted": "DNS-omdirigeringen for «{{key}}» ble vellykket slettet",
+    "rewrite_updated": "DNS-omskriving ble oppdatert",
     "rewrite_add": "Legg til DNS-omdirigering",
+    "rewrite_edit": "Rediger DNS-omskriving",
     "rewrite_not_found": "Ingen DNS-omdirigeringer ble funnet",
     "rewrite_confirm_delete": "Er du sikker på at du vil slette DNS-omdirigeringen for «{{key}}»?",
     "rewrite_desc": "Lar deg enkelt konfigurere selvvalgte DNS-tilbakemeldinger for et spesifikt domenenavn.",

client/src/__locales/pl.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "Czy na pewno chcesz usunąć klienta \"{{key}}\"?",
     "list_confirm_delete": "Czy na pewno chcesz usunąć tę listę?",
     "auto_clients_title": "Uruchomieni klienci",
-    "auto_clients_desc": "Urządzenia, których nie ma na liście stałych klientów, które mogą nadal korzystać z AdGuard Home",
+    "auto_clients_desc": "Informacje o adresach IP urządzeń korzystających lub mogących korzystać z AdGuard Home. Te informacje są gromadzone z wielu źródeł takich jak pliki hosta, odwrotna translacja DNS, itp.",
     "access_title": "Ustawienia dostępu",
     "access_desc": "Tutaj możesz skonfigurować reguły dostępu dla serwera DNS AdGuard Home",
     "access_allowed_title": "Dozwoleni klienci",
@@ -470,7 +470,7 @@
     "setup_dns_privacy_ios_2": "Aplikacja <0>AdGuard dla iOS</0> obsługuje <1>DNS-over-HTTPS</1> i <1>DNS-over-TLS</1>.",
     "setup_dns_privacy_other_title": "Inne implementacje",
     "setup_dns_privacy_other_1": "Sam AdGuard Home może być bezpiecznym klientem DNS na dowolnej platformie.",
-    "setup_dns_privacy_other_2": "<0>dnsproxy</0> obsługuje wszystkie znane bezpieczne protokoły DNS.\n\n",
+    "setup_dns_privacy_other_2": "<0>dnsproxy</0> obsługuje wszystkie znane bezpieczne protokoły DNS.",
     "setup_dns_privacy_other_3": "<0>dnscrypt-proxy</0> obsługuje <1>DNS-over-HTTPS</1>.",
     "setup_dns_privacy_other_4": "<0>Mozilla Firefox</0> obsługuje <1>DNS-over-HTTPS</1>.",
     "setup_dns_privacy_other_5": "Znajdziesz więcej implementacji <0>tutaj</0> i <1>tutaj</1>.",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "Aby skorzystać z <1>DNS-over-HTTPS</1> lub <1>DNS-over-TLS</1>, musisz w ustawieniach AdGuard Home <0>skonfigurować szyfrowanie</0>.",
     "rewrite_added": "Pomyślnie dodano przepisanie DNS dla „{{key}}”",
     "rewrite_deleted": "Przepisanie DNS dla „{{key}}” zostało pomyślnie usunięte",
+    "rewrite_updated": "Pomyślnie zaktualizowano przepisywanie DNS",
     "rewrite_add": "Dodaj przepisywanie DNS",
+    "rewrite_edit": "Edytuj przepisywanie DNS",
     "rewrite_not_found": "Nie znaleziono przepisywania DNS",
     "rewrite_confirm_delete": "Czy na pewno chcesz usunąć przepisywanie DNS dla „{{key}}”?",
     "rewrite_desc": "Pozwala łatwo skonfigurować niestandardową odpowiedź DNS dla określonej nazwy domeny.",

client/src/__locales/pt-br.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "Você tem certeza de que deseja excluir o cliente \"{{key}}\"?",
     "list_confirm_delete": "Você tem certeza de que deseja excluir essa lista?",
     "auto_clients_title": "Clientes ativos",
-    "auto_clients_desc": "Dispositivo não está na lista de dispositivos persistentes que podem ser utilizados no AdGuard Home",
+    "auto_clients_desc": "Informações sobre endereços IP de dispositivos que usam ou podem usar o AdGuard Home. Essas informações são coletadas de várias fontes, incluindo arquivos de hosts, DNS reverso, etc.",
     "access_title": "Configurações de acessos",
     "access_desc": "Aqui você pode configurar as regras de acesso para o servidores de DNS do AdGuard Home",
     "access_allowed_title": "Clientes permitidos",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "Para usar o <1>DNS-sobre-HTTPS</1> ou <1>DNS-sobre-TLS</1>, você precisa <0>configurar a criptografia</0> nas configurações do AdGuard Home.",
     "rewrite_added": "Reescrita de DNS para \"{{key}}\" adicionada com sucesso",
     "rewrite_deleted": "Reescrita de DNS para \"{{key}}\" excluída com sucesso",
+    "rewrite_updated": "Reconfiguração de DNS atualizada com êxito",
     "rewrite_add": "Adicionar reescrita de DNS",
+    "rewrite_edit": "Editar reconfiguração de DNS",
     "rewrite_not_found": "Nenhuma reescrita de DNS foi encontrada",
     "rewrite_confirm_delete": "Você tem certeza de que deseja excluir a reescrita de DNS para \"{{key}}\"?",
     "rewrite_desc": "Permite configurar uma resposta personalizada do DNS para um nome de domínio específico.",

client/src/__locales/pt-pt.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "Tem a certeza de que deseja excluir o cliente \"{{key}}\"?",
     "list_confirm_delete": "Você tem certeza de que deseja excluir essa lista?",
     "auto_clients_title": "Clientes ativos",
-    "auto_clients_desc": "Dispositivo não está na lista de dispositivos persistentes que podem ser utilizados no AdGuard Home",
+    "auto_clients_desc": "Informações sobre endereços IP de dispositivos que estão a utilizar ou podem utilizar o AdGuard Home. Estas informações são recolhidas a partir de várias fontes, incluindo ficheiros hosts, DNS reverso etc.",
     "access_title": "Definições de acesso",
     "access_desc": "Aqui pode configurar as regras de acesso para o servidores de DNS do AdGuard Home",
     "access_allowed_title": "Clientes permitidos",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "Para usar o <1>DNS-sobre-HTTPS</1> ou <1>DNS-sobre-TLS</1>, precisa de <0>configurar a criptografia</0> nas configurações do AdGuard Home.",
     "rewrite_added": "Reescrita de DNS para \"{{key}}\" adicionada com sucesso",
     "rewrite_deleted": "Reescrita de DNS para \"{{key}}\" excluída com sucesso",
+    "rewrite_updated": "Reedição de DNS atualizada com sucesso",
     "rewrite_add": "Adicionar reescrita de DNS",
+    "rewrite_edit": "Editar reedição de DNS",
     "rewrite_not_found": "Nenhuma reescrita de DNS foi encontrada",
     "rewrite_confirm_delete": "Tem a certeza de que deseja excluir a reescrita de DNS para \"{{key}}\"?",
     "rewrite_desc": "Permite configurar uma resposta personalizada do DNS para um nome de domínio específico.",

client/src/__locales/ro.json

@@ -167,6 +167,7 @@
     "enabled_parental_toast": "Control Parental activat",
     "disabled_safe_search_toast": "Căutare protejată dezactivată",
     "enabled_save_search_toast": "Căutare protejată activată",
+    "updated_save_search_toast": "Setări Căutare sigură actualizate",
     "enabled_table_header": "Activat",
     "name_table_header": "Nume",
     "list_url_table_header": "Lista URL",
@@ -256,12 +257,12 @@
     "query_log_cleared": "Jurnalul de interogare a fost șters cu succes",
     "query_log_updated": "Jurnalul de solicitări a fost actualizat cu succes",
     "query_log_clear": "Curăță jurnalele",
-    "query_log_retention": "Retenție jurnale interogare",
+    "query_log_retention": "Interogarea jurnalelor de rotație",
     "query_log_enable": "Activați jurnal",
     "query_log_configuration": "Configurația jurnalelor",
     "query_log_disabled": "Jurnalul de interogare este dezactivat și poate fi configurat în <0>setări</0>",
     "query_log_strict_search": "Utilizați ghilimele duble pentru căutare strictă",
-    "query_log_retention_confirm": "Sunteți sigur că doriți să schimbați retenția jurnalului de interogare? Reducând valoarea intervalului, unele date vor fi pierdute",
+    "query_log_retention_confirm": "Sigur doriți să modificați rotația jurnalului de interogări? Dacă micșorați valoarea intervalului, unele date se vor pierde",
     "anonymize_client_ip": "Anonimizare client IP",
     "anonymize_client_ip_desc": "Nu salvați adresa IP completă a clientului în jurnale și statistici",
     "dns_config": "Configurația serverului DNS",
@@ -290,6 +291,8 @@
     "rate_limit": "Limita ratei",
     "edns_enable": "Activați subrețeaua de clienți EDNS",
     "edns_cs_desc": "Adaugă opțiunea EDNS Client Subnet (ECS) la solicitările în amonte și înregistrează valorile trimise de clienți în jurnalul de interogare.",
+    "edns_use_custom_ip": "Utilizați IP personalizat pentru EDNS",
+    "edns_use_custom_ip_desc": "Permiteți utilizarea IP-ului personalizat pentru EDNS",
     "rate_limit_desc": "Numărul de interogări pe secundă permise pe client. Setarea la 0 înseamnă că nu există limită.",
     "blocking_ipv4_desc": "Adresa IP de returnat pentru o cerere A de blocare",
     "blocking_ipv6_desc": "Adresa IP de returnat pentru o cerere AAAA de blocare",
@@ -475,7 +478,9 @@
     "setup_dns_notice": "Pentru a utiliza <1>DNS-over-HTTPS</1> sau <1>DNS-over-TLS</1>, trebuie să <0>configurați Criptarea</0> în setările AdGuard Home.",
     "rewrite_added": "Rescriere DNS pentru \"{{key}}\" adăugată cu succes",
     "rewrite_deleted": "Rescriere DNS pentru \"{{key}}\" ștearsă cu succes",
+    "rewrite_updated": "DNS rescrie actualizat cu succes",
     "rewrite_add": "Adăugați rescriere DNS",
+    "rewrite_edit": "Editați rescrierea DNS",
     "rewrite_not_found": "Nu s-au găsit rescrieri DNS",
     "rewrite_confirm_delete": "Sunteți sigur că doriți să ștergeți rescrierea DNS pentru \"{{key}}\"?",
     "rewrite_desc": "Permite configurarea cu ușurință a răspunsului personalizat DNS pentru un nume de domeniu specific.",
@@ -523,6 +528,10 @@
     "statistics_retention_confirm": "Sunteți sigur că doriți să schimbați păstrarea statisticilor? Dacă reduceți valoarea intervalului, unele date vor fi pierdute",
     "statistics_cleared": "Statisticile au fost șterse cu succes",
     "statistics_enable": "Activați statisticile",
+    "ignore_domains": "Domenii ignorate (separate prin linie nouă)",
+    "ignore_domains_title": "Domenii ignorate",
+    "ignore_domains_desc_stats": "Interogările pentru aceste domenii nu sunt scrise în statistici",
+    "ignore_domains_desc_query": "Interogările pentru aceste domenii nu sunt scrise în jurnalul de interogări",
     "interval_hours": "{{count}} oră",
     "interval_hours_plural": "{{count}} ore",
     "filters_configuration": "Configurația filtrelor",
@@ -643,5 +652,29 @@
     "confirm_dns_cache_clear": "Sunteți sigur că doriți să ștergeți memoria cache DNS?",
     "cache_cleared": "Cache-ul DNS a fost golit cu succes",
     "clear_cache": "Goliți memoria cache",
-    "protection_section_label": "Protecție"
+    "make_static": "Faceți static",
+    "theme_auto_desc": "Auto (pe baza schemei de culori a dispozitivului dvs.)",
+    "theme_dark_desc": "Temă întunecată",
+    "theme_light_desc": "Temă luminoasă",
+    "disable_for_seconds": "Timp de {{count}} secundă",
+    "disable_for_seconds_plural": "Timp de {{count}} secunde",
+    "disable_for_minutes": "Timp de {{count}} minut",
+    "disable_for_minutes_plural": "Timp de {{count}} minute",
+    "disable_for_hours": "Timp de {{count}} oră",
+    "disable_for_hours_plural": "Timp de {{count}} ore",
+    "disable_until_tomorrow": "Până mâine",
+    "disable_notify_for_seconds": "Dezactivați protecția timp de {{count}} secundă",
+    "disable_notify_for_seconds_plural": "Dezactivați protecția timp de {{count}} secunde",
+    "disable_notify_for_minutes": "Dezactivați protecția timp de {{count}} minut",
+    "disable_notify_for_minutes_plural": "Dezactivați protecția timp de {{count}} minute",
+    "disable_notify_for_hours": "Dezactivează protecția timp de {{count}} oră",
+    "disable_notify_for_hours_plural": "Dezactivați protecția timp de {{count}} ore",
+    "disable_notify_until_tomorrow": "Dezactivează protecția până mâine",
+    "enable_protection_timer": "Protecția va fi activată în {{time}}",
+    "custom_retention_input": "Introduceți reținerea în ore",
+    "custom_rotation_input": "Introduceți rotația în ore",
+    "protection_section_label": "Protecție",
+    "log_and_stats_section_label": "Jurnal de interogări și statistici",
+    "ignore_query_log": "Ignorați acest client în jurnalul de interogări",
+    "ignore_statistics": "Ignorați acest client în statistici"
 }

client/src/__locales/ru.json

@@ -135,7 +135,7 @@
     "number_of_dns_query_to_safe_search": "Количество запросов DNS для поисковых систем, для которых был применён Безопасный поиск",
     "average_processing_time": "Среднее время обработки запроса",
     "average_processing_time_hint": "Среднее время для обработки запроса DNS  в миллисекундах",
-    "block_domain_use_filters_and_hosts": "Блокировать домены с использованием фильтров и файлов хостов",
+    "block_domain_use_filters_and_hosts": "Блокировать домены с использованием фильтров и файлов hosts",
     "filters_block_toggle_hint": "Вы можете настроить правила блокировки в <a>«Фильтрах»</a>.",
     "use_adguard_browsing_sec": "Включить Безопасную навигацию AdGuard",
     "use_adguard_browsing_sec_hint": "AdGuard Home проверит, включён ли домен в веб-службу безопасности браузера. Он будет использовать API, чтобы выполнить проверку: на сервер отправляется только короткий префикс имени домена SHA256.",
@@ -296,7 +296,7 @@
     "rate_limit_desc": "Ограничение на количество запросов в секунду для каждого клиента (0 — неограниченно).",
     "blocking_ipv4_desc": "IP-адрес, возвращаемый при блокировке A-запроса",
     "blocking_ipv6_desc": "IP-адрес, возвращаемый при блокировке AAAA-запроса",
-    "blocking_mode_default": "Стандартный: Отвечает с нулевым IP-адресом, (0.0.0.0 для A; :: для AAAA) когда заблокировано правилом в стиле Adblock; отвечает с IP-адресом, указанным в правиле, когда заблокировано правилом в стиле /etc/hosts-style",
+    "blocking_mode_default": "Стандартный: Отвечает с нулевым IP-адресом, (0.0.0.0 для A; :: для AAAA) когда заблокировано правилом в стиле Adblock; отвечает с IP-адресом, указанным в правиле, когда заблокировано правилом в стиле файлов hosts",
     "blocking_mode_refused": "REFUSED: Отвечает с кодом REFUSED",
     "blocking_mode_nxdomain": "NXDOMAIN: Отвечает с кодом NXDOMAIN\n",
     "blocking_mode_null_ip": "Нулевой IP: Отвечает с нулевым IP-адресом (0.0.0.0 для A; :: для AAAA)",
@@ -444,7 +444,7 @@
     "client_confirm_delete": "Вы уверены, что хотите удалить клиента «{{key}}»?",
     "list_confirm_delete": "Вы уверены, что хотите удалить этот список?",
     "auto_clients_title": "Клиенты (runtime)",
-    "auto_clients_desc": "Несохранённые клиенты, которые могут пользоваться AdGuard Home",
+    "auto_clients_desc": "Информация об IP-адресах устройств, которые используют или могут использовать AdGuard Home. Эта информация собирается из нескольких источников, включая файлы hosts, обратный DNS и так далее.",
     "access_title": "Настройки доступа",
     "access_desc": "Здесь вы можете настроить правила доступа к DNS-серверу AdGuard Home",
     "access_allowed_title": "Разрешённые клиенты",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "Чтобы использовать <1>DNS-over-HTTPS</1> или <1>DNS-over-TLS</1>, вам нужно <0>настроить шифрование</0> в настройках AdGuard Home.",
     "rewrite_added": "Правило перезаписи DNS-запросов для «{{key}}» успешно добавлено",
     "rewrite_deleted": "Правило перезаписи DNS-запросов для «{{key}}» успешно удалено",
+    "rewrite_updated": "Правило перезаписи DNS-запросов успешно обновлено",
     "rewrite_add": "Добавить правило перезаписи DNS-запросов",
+    "rewrite_edit": "Редактировать правило перезаписи DNS-запросов",
     "rewrite_not_found": "Не найдено правил перезаписи DNS-запросов",
     "rewrite_confirm_delete": "Вы уверены, что хотите удалить правило перезаписи DNS-запросов для «{{key}}»?",
     "rewrite_desc": "Позволяет легко настроить пользовательский DNS-ответ для определеннного домена.",

client/src/__locales/si-lk.json

@@ -153,6 +153,7 @@
     "enabled_parental_toast": "දෙමාපිය පාලනය සබල කෙරිණි",
     "disabled_safe_search_toast": "ආරක්‍ෂිත සෙවුම අබල කෙරිණි",
     "enabled_save_search_toast": "ආරක්‍ෂිත සෙවුම සබල කෙරිණි",
+    "updated_save_search_toast": "ආරක්‍ෂිත සෙවුමේ සැකසුම් යාවත්කාල විය",
     "enabled_table_header": "සබලයි",
     "name_table_header": "නම",
     "list_url_table_header": "ඒ.ස.නි.(URL) ලැයිස්තුව",
@@ -237,12 +238,12 @@
     "query_log_cleared": "විමසුම් සටහන සාර්ථකව හිස් කර ඇත",
     "query_log_updated": "විමසුම් සටහන සාර්ථකව යාවත්කාල කෙරිණි",
     "query_log_clear": "විමසුම් සටහන් හිස් කරන්න",
-    "query_log_retention": "විමසුම් සටහන් රඳවා තබා ගැනීම",
+    "query_log_retention": "විමසුම් සටහන් රැඳවීම",
     "query_log_enable": "සටහන සබල කරන්න",
     "query_log_configuration": "සටහන් වින්‍යාසය",
     "query_log_disabled": "විමසුම් සටහන අබල කර ඇති අතර එය <0>සැකසුම්</0> තුළ වින්‍යාසගත කළ හැකිය",
     "query_log_strict_search": "ඉතා නිවැරදිව සෙවීමට ද්විත්ව උද්ධෘතය භාවිතා කරන්න",
-    "query_log_retention_confirm": "විමසුම් සටහන රඳවා තබා ගැනීම වෙනස් කිරීමට ඇවැසි බව ඔබට විශ්වාසද? ඔබ කාල පරතරයෙහි අගය අඩු කළහොත් සමහර දත්ත නැති වී යනු ඇත",
+    "query_log_retention_confirm": "විමසුම් සටහන රඳවා තබා ගැනීම වෙනස් කිරීමට වුවමනා ද? ඔබ කාල පරතරයෙහි අගය අඩු කළහොත් සමහර දත්ත නැති වී යනු ඇත",
     "anonymize_client_ip": "අනුග්‍රාහකයෙහි අ.ජා.කෙ. (IP) නිර්නාමික කරන්න",
     "anonymize_client_ip_desc": "සටහන් සහ සංඛ්‍යාලේඛන තුළ අනුග්‍රාහකයේ පූර්ණ අ.ජා.කෙ. ලිපිනය සුරකින්න එපා",
     "dns_config": "ව.නා.ප. සේවාදායක වින්‍යාසය",
@@ -270,6 +271,8 @@
     "form_enter_rate_limit": "අනුපාත සීමාව ඇතුල් කරන්න",
     "rate_limit": "අනුපාත සීමාව",
     "edns_enable": "EDNS අනුග්‍රාහක අනුජාලය සබල කරන්න",
+    "edns_use_custom_ip": "EDNS සඳහා අභිරුචි අ.ජා.කෙ. යොදාගන්න",
+    "edns_use_custom_ip_desc": "EDNS සඳහා අභිරුචි අ.ජා.කෙ. භාවිතයට ඉඩදෙන්න",
     "rate_limit_desc": "එක් අනුග්‍රාහකයකට ඉඩ දී ඇති තත්පරයට ඉල්ලීම් ගණන. එය 0 ලෙස සැකසීම යනුවෙන් අදහස් කරන්නේ සීමාවක් නැති බවයි.",
     "blocking_ipv4_desc": "අවහිර කළ A ඉල්ලීමක් සඳහා ආපසු එවිය යුතු අ.ජා.කෙ. (IP) ලිපිනය",
     "blocking_ipv6_desc": "අවහිර කළ AAAA ඉල්ලීමක් සඳහා ආපසු එවිය යුතු අ.ජා.කෙ. (IP) ලිපිනය",
@@ -278,6 +281,9 @@
     "blocking_mode_nxdomain": "නොපවතින වසම: NXDOMAIN කේතය සමඟ ප්‍රතිචාර දක්වයි",
     "blocking_mode_null_ip": "අභිශූන්‍යය අ.ජා.කෙ.: ශුන්‍ය අ.ජා.කෙ. ලිපිනය සමඟ ප්‍රතිචාර දක්වයි (A සඳහා 0.0.0.0; AAAA සඳහා ::)",
     "blocking_mode_custom_ip": "අභිරුචි අන්තර්ජාල කෙටුම්පත: අතින් සැකසූ අ.ජා. කෙ. ලිපිනයක් සමඟ ප්‍රතිචාර දක්වයි",
+    "theme_auto": "ස්වයං",
+    "theme_light": "දීප්ත",
+    "theme_dark": "අඳුරු",
     "upstream_dns_client_desc": "ඔබ මෙම ක්ෂේත්‍රය හිස්ව තබා ගන්නේ නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් <0>ව.නා.ප. සැකසුම්</0> හි වින්‍යාසගත කර ඇති සේවාදායක භාවිතා කරනු ඇත.",
     "tracker_source": "ලුහුබැඳීම් මූලාශ්‍රය",
     "source_label": "මූලාශ්‍රය",
@@ -370,6 +376,7 @@
     "encryption_issuer": "නිකුත් කරන්නා",
     "encryption_hostnames": "ධාරක නාම",
     "encryption_reset": "සංකේතාංකන සැකසුම් යළි පිහිටුවීමට අවශ්‍ය බව ඔබට විශ්වාස ද?",
+    "encryption_warning": "අවවාදයයි",
     "topline_expiring_certificate": "ඔබගේ SSL සහතිකය කල් ඉකුත්වීමට ආසන්න වී ඇත. <0>සංකේතන සැකසුම්</0> යාවත්කාල කරන්න.",
     "topline_expired_certificate": "ඔබගේ SSL සහතිකය කල් ඉකුත් වී ඇත. <0>සංකේතන සැකසුම්</0> යාවත්කාල කරන්න.",
     "form_error_port_range": "80-65535 පරාසය හි තොටක අගයක් ඇතුල් කරන්න",
@@ -428,6 +435,7 @@
     "updates_checked": "ඇඩ්ගාර්ඩ් හෝම් හි නව අනුවාදයක් තිබේ",
     "updates_version_equal": "ඇඩ්ගාර්ඩ් හෝම් යාවත්කාලීනයි",
     "check_updates_now": "දැන් යාවත්කාල පරීක්‍ෂා කරන්න",
+    "version_request_error": "යාවත්කාලීන පරීක්‍ෂාවට අසමත් විය. ඔබගේ අන්තර්ජාල සම්බන්ධතාවය පරීක්‍ෂා කරන්න.",
     "dns_privacy": "ව.නා.ප. රහස්‍යතා",
     "setup_dns_privacy_1": "<0>TLS-මගින්-ව.නා.ප.</0> සඳහා <1>{{address}}</1>.",
     "setup_dns_privacy_2": "<0>HTTPS-මගින්-ව.නා.ප.</0> සඳහා <1>{{address}}</1>.",
@@ -446,7 +454,9 @@
     "setup_dns_notice": "ඔබට <1>HTTPS-මගින්-ව.නා.ප.</1> හෝ <1>DNS-මගින්-ව.නා.ප.</1> භාවිතයට ඇඩ්ගාර්ඩ් හෝම් සැකසුම් තුළ <0>සංකේතනය වින්‍යාසගත</0> කළ යුතුය.",
     "rewrite_added": "\"{{key}}\" සඳහා ව.නා.ප. නැවත ලිවීම සාර්ථකව එකතු කෙරිණි",
     "rewrite_deleted": "\"{{key}}\" සඳහා ව.නා.ප. නැවත ලිවීම ඉවත් කෙරිණි",
-    "rewrite_add": "ව.නා.ප. නැවත ලිවීමක් එකතු කරන්න",
+    "rewrite_updated": "ව.නා.ප. නැවත ලිවීම සාර්ථකව යාවත්කාලීන කෙරිණි",
+    "rewrite_add": "ව.නා.ප. නැවත ලිවීමක් යොදන්න",
+    "rewrite_edit": "ව.නා.ප. නැවත ලිවීම සංස්කරණය",
     "rewrite_not_found": "ව.නා.ප. නැවත ලිවීම් හමු නොවිණි",
     "rewrite_confirm_delete": "\"{{key}}\" සඳහා ව.නා.ප. නැවත ලිවීම ඉවත් කිරීමට අවශ්‍ය බව ඔබට විශ්වාසද?",
     "rewrite_desc": "නිශ්චිත වසම් නාමයක් සඳහා අභිරුචි ව.නා.ප. ප්‍රතිචාර පහසුවෙන් වින්‍යාසගත කිරීමට ඉඩ දෙයි.",
@@ -490,8 +500,10 @@
     "statistics_clear": "සංඛ්‍යාලේඛන හිස් කරන්න",
     "statistics_clear_confirm": "සංඛ්‍යාලේඛන ඉවත් කිරීමට වුවමනා ද?",
     "statistics_retention_confirm": "සංඛ්‍යාලේඛන රඳවා තබා ගැනීම වෙනස් කිරීමට අවශ්‍ය බව ඔබට විශ්වාසද? ඔබ කාල පරතරයෙහි අගය අඩු කළහොත් සමහර දත්ත නැති වී යනු ඇත",
-    "statistics_cleared": "සංඛ්‍යාලේඛන සාර්ථකව ඉවත් කෙරිණි",
+    "statistics_cleared": "සංඛ්‍යාලේඛන සාර්ථකව හිස් කෙරිණි",
     "statistics_enable": "සංඛ්‍යාලේඛන සබල කරන්න",
+    "ignore_domains": "නොසලකන වසම් (පේළියකට එක බැගින්)",
+    "ignore_domains_title": "නොසලකන වසම්",
     "interval_hours": "පැය {{count}}",
     "interval_hours_plural": "පැය {{count}}",
     "filters_configuration": "පෙරහන් වින්‍යාසය",
@@ -601,5 +613,34 @@
     "parental_control": "දෙමාපිය පාලනය",
     "safe_browsing": "ආරක්‍ෂිත පිරික්සුම",
     "served_from_cache": "{{value}} <i>(නිහිතයෙන් ගැනිණි)</i>",
-    "form_error_password_length": "මුරපදය අවම වශයෙන් අකුරු {{value}} ක් දිගු විය යුතුමයි"
+    "form_error_password_length": "මුරපදය අවම වශයෙන් අකුරු {{value}} ක් දිගු විය යුතුමයි",
+    "anonymizer_notification": "<0>සටහන:</0> අ.ජා.කෙ. නිර්නාමිකකරණය සබලයි. ඔබට එය <1>පොදු සැකසුම්</1> හරහා අබල කිරීමට හැකිය .",
+    "confirm_dns_cache_clear": "ඔබට ව.නා.ප. නිහිතය හිස් කිරීමට වුවමනාද?",
+    "cache_cleared": "ව.නා.ප. නිහිතය හිස් කෙරිණි",
+    "clear_cache": "නිහිතය මකන්න",
+    "make_static": "ස්ථිතික කරන්න",
+    "theme_auto_desc": "ස්වයං (උපාංගයේ වර්ණ පරිපාටිය මත පදනම්ව)",
+    "theme_dark_desc": "අඳුරු තේමාව",
+    "theme_light_desc": "දීප්ත තේමාව",
+    "disable_for_seconds": "තත්පර {{count}} ක්",
+    "disable_for_seconds_plural": "තත්පර {{count}} ක්",
+    "disable_for_minutes": "විනාඩි {{count}} ක්",
+    "disable_for_minutes_plural": "විනාඩි {{count}} ක්",
+    "disable_for_hours": "පැය {{count}} ක්",
+    "disable_for_hours_plural": "පැය {{count}} ක්",
+    "disable_until_tomorrow": "හෙට වනතුරු",
+    "disable_notify_for_seconds": "තත්. {{count}} කට රැකවරණය අබල කරන්න",
+    "disable_notify_for_seconds_plural": "තත්. {{count}} කට රැකවරණය අබල කරන්න",
+    "disable_notify_for_minutes": "විනාඩි {{count}} කට රැකවරණය අබල කරන්න",
+    "disable_notify_for_minutes_plural": "විනාඩි {{count}} කට රැකවරණය අබල කරන්න",
+    "disable_notify_for_hours": "පැය {{count}} කට රැකවරණය අබල කරන්න",
+    "disable_notify_for_hours_plural": "පැය {{count}} කට රැකවරණය අබල කරන්න",
+    "disable_notify_until_tomorrow": "හෙට වනතුරු රැකවරණය අබල කරන්න",
+    "enable_protection_timer": "{{time}} න් රැකවරණය සබල කෙරේ",
+    "custom_retention_input": "රඳවා ගැනීම පැය වලින්",
+    "custom_rotation_input": "රඳවා ගැනීම පැය වලින්",
+    "protection_section_label": "රැකවරණය",
+    "log_and_stats_section_label": "විමසුම් සටහන හා සංඛ්‍යාලේඛන",
+    "ignore_query_log": "සටහනෙහි අනුග්‍රාහකය නොසලකන්න",
+    "ignore_statistics": "සංඛ්‍යාලේඛනයට අනුග්‍රාහකය නොසලකන්න"
 }

client/src/__locales/sk.json

@@ -387,7 +387,7 @@
     "encryption_key": "Súkromný kľúč",
     "encryption_key_input": "Skopírujte a prilepte sem svoj súkromný kľúč vo formáte PEM pre Váš certifikát.",
     "encryption_enable": "Zapnite šifrovanie (HTTPS, DNS-cez-HTTPS a DNS-cez-TLS)",
-    "encryption_enable_desc": "Ak je šifrovanie zapnuté, AdGuard Home administrátorské rozhranie bude pracovať cez HTTPS a DNS server bude počúvať požiadavky cez DNS-cez-HTTPS a DNS-cez-TLS.",
+    "encryption_enable_desc": "Ak je šifrovanie zapnuté, AdGuard Home administrátorské rozhranie bude pracovať cez HTTPS a DNS server bude počúvať dopyty cez DNS-cez-HTTPS a DNS-cez-TLS.",
     "encryption_chain_valid": "Certifikačný reťazec je platný",
     "encryption_chain_invalid": "Certifikačný reťazec je neplatný",
     "encryption_key_valid": "Toto je platný {{type}} súkromný kľúč",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "Pre použitie <1>DNS-over-HTTPS</1> alebo <1>DNS-over-TLS</1>, potrebujete v nastaveniach AdGuard Home <0>nakonfigurovať šifrovanie</0>.",
     "rewrite_added": "DNS prepísanie pre \"{{key}}\" bolo úspešne pridané",
     "rewrite_deleted": "DNS prepísanie pre \"{{key}}\" bolo úspešne vymazané",
+    "rewrite_updated": "Prepísanie DNS bolo úspešne aktualizované",
     "rewrite_add": "Pridať DNS prepísanie",
+    "rewrite_edit": "Upraviť prepísanie DNS",
     "rewrite_not_found": "Neboli nájdené žiadne DNS prepísania",
     "rewrite_confirm_delete": "Naozaj chcete odstrániť prepísanie DNS pre \"{{key}}\"?",
     "rewrite_desc": "Umožňuje ľahko nakonfigurovať vlastnú odpoveď DNS pre konkrétne meno domény.",
@@ -495,7 +497,7 @@
     "blocked_services": "Blokované služby",
     "blocked_services_desc": "Umožňuje rýchlo blokovať populárne stránky a služby.",
     "blocked_services_saved": "Blokované služby boli úspešne uložené",
-    "blocked_services_global": "Použite globálne blokované služby",
+    "blocked_services_global": "Použiť globálne blokované služby",
     "blocked_service": "Blokované služby",
     "block_all": "Blokovať všetko",
     "unblock_all": "Odblokovať všetko",
@@ -552,7 +554,7 @@
     "whois": "WHOIS",
     "filtering_rules_learn_more": "<0>Dozvedieť sa viac</0> o tvorbe vlastných zoznamov hostiteľov.",
     "blocked_by_response": "Blokované pomocou CNAME alebo IP v odpovedi",
-    "blocked_by_cname_or_ip": "Zablokované na základe CNAME alebo IP",
+    "blocked_by_cname_or_ip": "Blokované pomocou CNAME alebo IP",
     "try_again": "Skúste znova",
     "domain_desc": "Zadajte meno domény alebo zástupný znak, ktorý chcete prepísať.",
     "example_rewrite_domain": "prepísať odpovede iba pre toto meno domény.",
@@ -569,7 +571,7 @@
     "autofix_warning_list": "Bude vykonávať tieto úlohy: <0>Deaktivovať systém DNSStubListener</0> <0>Nastaviť adresu servera DNS na 127.0.0.1</0> <0>Nahradiť cieľový symbolický odkaz /etc/resolv.conf na /run/systemd/resolve/resolv.conf</0> <0>Zastaviť službu DNSStubListener (znova načítať službu systemd-resolved)</0>",
     "autofix_warning_result": "Výsledkom bude, že všetky DNS dopyty z Vášho systému budú štandardne spracované službou AdGuard Home.",
     "tags_title": "Tagy",
-    "tags_desc": "Môžete vybrať značky, ktoré zodpovedajú klientovi. Zahrňte značky do pravidiel filtrovania, aby ste ich použili presnejšie. <0>Viac informácií</0>.",
+    "tags_desc": "Môžete vybrať značky, ktoré zodpovedajú klientovi. Zahrňte značky do pravidiel filtrácie, aby ste ich použili presnejšie. <0>Viac informácií</0>.",
     "form_select_tags": "Zvoľte tagy klienta",
     "check_title": "Skontrolujte filtráciu",
     "check_desc": "Skontrolujte, či je názov hostiteľa filtrovaný.",
@@ -606,7 +608,7 @@
     "show_whitelisted_responses": "Obsiahnuté v bielej listine",
     "show_processed_responses": "Spracované",
     "blocked_safebrowsing": "Zablokované modulom Bezpečné prehliadanie",
-    "blocked_adult_websites": "Zablokovaná stránka pre dospelých",
+    "blocked_adult_websites": "Zablokované Rodičovskou kontrolou",
     "blocked_threats": "Zablokované hrozby",
     "allowed": "Povolené",
     "filtered": "Filtrované",

client/src/__locales/sl.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "Ali ste prepričani, da želite izbrisati odjemalca \"{{key}}\"?",
     "list_confirm_delete": "Ali ste prepričani, da želite izbrisati ta seznam?",
     "auto_clients_title": "Odjemalci izvajanja",
-    "auto_clients_desc": "Naprave, ki niso na seznamu trajnih odjemalcev, ki morda še vedno uporabljajo AdGuard Home",
+    "auto_clients_desc": "Informacije o naslovih IP naprav, ki uporabljajo ali bi lahko uporabljale AdGuard Home. Te informacije so zbrane iz več virov, vključno z datotekami gostiteljev, povratnim DNS-jem itd.",
     "access_title": "Nastavitve dostopa",
     "access_desc": "Tukaj lahko nastavite pravila dostopa strežnika DNS AdGuard Home",
     "access_allowed_title": "Dovoljeni odjemalci",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "Za uporabo <1>DNS-prek-HTTPS</1> ali <1>DNS-prek-TLS</1>, morate <0>konfigurirati šifriranje</0> v nastavitvah AdGuard Home.",
     "rewrite_added": "Uspešno je dodano DNS prepisovanje za \"{{key}}\"",
     "rewrite_deleted": "Uspešno je izbrisano DNS prepisovanje za \"{{key}}\"",
+    "rewrite_updated": "DNS prepisovanje uspešno posodobljen",
     "rewrite_add": "Dodaj prepisovanje DNS",
+    "rewrite_edit": "Urejanje prepisa DNS",
     "rewrite_not_found": "Ni bilo najdenih prepisovanj DNS",
     "rewrite_confirm_delete": "Ali ste prepričani, da želite izbrisati prepisovanje DNS za \"{{key}}\"?",
     "rewrite_desc": "Omogoča enostavno konfiguriranje odgovora DNS po meri za določeno ime domene.",

client/src/__locales/sr-cs.json

@@ -167,6 +167,7 @@
     "enabled_parental_toast": "Uključena roditeljska kontrola",
     "disabled_safe_search_toast": "Isključena sigurna pretraga",
     "enabled_save_search_toast": "Uključeno sigurno pretraživanje",
+    "updated_save_search_toast": "Ažurirane postavke bezbedne pretrage",
     "enabled_table_header": "Uključeno",
     "name_table_header": "Ime",
     "list_url_table_header": "URL do liste",
@@ -256,12 +257,12 @@
     "query_log_cleared": "Dnevnik unosa je uspešno očišćen",
     "query_log_updated": "Dnevnik zapisa je uspešno ažuriran",
     "query_log_clear": "Očisti dnevnike unosa",
-    "query_log_retention": "Zadržavanje dnevnika unosa",
+    "query_log_retention": "Rotacija evidencija upita",
     "query_log_enable": "Uključi dnevnik",
     "query_log_configuration": "Konfiguracija dnevnika",
     "query_log_disabled": "Dnevnik unosa je isključen ali se može konfigurisati u <0>postavkama</0>",
     "query_log_strict_search": "Koristi duple navodnike za striktnu pretragu",
-    "query_log_retention_confirm": "Jeste li sigurni da želite da promenite zadržavanje dnevnika unosa? Ako smanjite vrednost intervala, neki podaci će biti izgubljeni",
+    "query_log_retention_confirm": "Želite li zaista da promenite rotaciju evidencije upita? Ako smanjite vrednost intervala, neki podaci će biti izgubljeni",
     "anonymize_client_ip": "Anonimizuj IP klijenta",
     "anonymize_client_ip_desc": "Ne čuvaj punu IP adresu klijenta u dnevnicima i statistikama",
     "dns_config": "Konfiguracija DNS servera",
@@ -290,6 +291,8 @@
     "rate_limit": "Ograničenje brzine",
     "edns_enable": "Uključi EDNS Client Subnet",
     "edns_cs_desc": "Dodajte opciju podmreži EDNS klijenta (ECS) uzvodnim zahtevima i evidentirajte vrednosti koje klijenti šalju u evidenciji upita.",
+    "edns_use_custom_ip": "Koristi prilagođeni IP za EDNS",
+    "edns_use_custom_ip_desc": "Dozvoli korišćenje prilagođenog IP-a za EDNS",
     "rate_limit_desc": "Broj zahteva u sekundi dozvoljen po klijentu. Postavljanje na 0 znači da nema ograničenja.",
     "blocking_ipv4_desc": "IP adresa koja će biti vraćena za blokirane zahteve",
     "blocking_ipv6_desc": "IP adresa koja će biti vraćena za blokirane AAAA zahteve",
@@ -441,7 +444,7 @@
     "client_confirm_delete": "Jeste li sigurni da želite da izbrišete klijenta \"{{key}}\"?",
     "list_confirm_delete": "Jeste li sigurni da želite da izbrišete ovu listu?",
     "auto_clients_title": "Klijenti (runtime)",
-    "auto_clients_desc": "Uređaji koji nisu na listi upornih klijenata koji i dalje mogu da koriste AdGuard Home",
+    "auto_clients_desc": "Podaci o klijentima koji koriste AdGuard Home, ali nisu sačuvani u konfiguraciji",
     "access_title": "Postavke pristupa",
     "access_desc": "Ovde možete konfigurisati pravila pristupa za AdGuard Home DNS server",
     "access_allowed_title": "Dozvoljeni klijenti",
@@ -475,7 +478,9 @@
     "setup_dns_notice": "Kako biste koristili <1>DNS-over-HTTPS</1> ili <1>DNS-over-TLS</1>, potrebno je da <0>konfigurišete šifrovanje</0> u AdGuard Home postavkama.",
     "rewrite_added": "DNS prepisivanje za \"{{key}}\" je uspešno dodato",
     "rewrite_deleted": "DNS prepisivanje za \"{{key}}\" uspešno izbrisano",
+    "rewrite_updated": "DNS ponovo napisao uspešno ažuriran",
     "rewrite_add": "Dodaj DNS prepisivanje",
+    "rewrite_edit": "Uređivanje DNS prepravke",
     "rewrite_not_found": "DNS prepisivanja nisu pronađena",
     "rewrite_confirm_delete": "Jeste li sigurni da želite da izbrišete DNS prepisivanje za \"{{key}}\"?",
     "rewrite_desc": "Dozvoljava da jednostavno konfigurišete prilagođeni DNS odgovor za određeni domen.",
@@ -523,6 +528,10 @@
     "statistics_retention_confirm": "Jeste li sigurni da želite da promenite zadržavanje statistike? Ako smanjite vrednost intervala, neki podaci će biti izgubljeni",
     "statistics_cleared": "Statistika je uspešno očišćena",
     "statistics_enable": "Uključi statistiku",
+    "ignore_domains": "Zanemari domene (razdvojene novom linijom)",
+    "ignore_domains_title": "Zanemareni domeni",
+    "ignore_domains_desc_stats": "Upiti za ove domene nisu upisani u statistiku",
+    "ignore_domains_desc_query": "Upiti za ove domene nisu upisani u evidenciju upita",
     "interval_hours": "{{count}} čas",
     "interval_hours_plural": "{{count}} časova",
     "filters_configuration": "Konfiguracija filtera",
@@ -643,5 +652,29 @@
     "confirm_dns_cache_clear": "Želite li zaista da obrišite DNS keš?",
     "cache_cleared": "DNS keš je uspešno očišćen",
     "clear_cache": "Obriši keš memoriju",
-    "protection_section_label": "Zaštita"
+    "make_static": "Učini statičnim",
+    "theme_auto_desc": "Automatski (na osnovu šeme boja uređaja)",
+    "theme_dark_desc": "Tamna tema",
+    "theme_light_desc": "Svetla tema",
+    "disable_for_seconds": "Za {{count}} sekund",
+    "disable_for_seconds_plural": "Za {{count}} sekundi",
+    "disable_for_minutes": "Za {{count}} minut",
+    "disable_for_minutes_plural": "Za {{count}} minuta",
+    "disable_for_hours": "Za {{count}} sat",
+    "disable_for_hours_plural": "Za {{count}} sati",
+    "disable_until_tomorrow": "Do sutra",
+    "disable_notify_for_seconds": "Isključi zaštitu na {{count}} sekund",
+    "disable_notify_for_seconds_plural": "Isključi zaštitu na {{count}} sekundi",
+    "disable_notify_for_minutes": "Isključi zaštitu na {{count}} minut",
+    "disable_notify_for_minutes_plural": "Isključi zaštitu na {{count}} minuta",
+    "disable_notify_for_hours": "Isključi zaštitu na {{count}} sat",
+    "disable_notify_for_hours_plural": "Isključi zaštitu na {{count}} sati",
+    "disable_notify_until_tomorrow": "Isključi zaštitu do sutra",
+    "enable_protection_timer": "Zaštita će biti uključena u {{time}}",
+    "custom_retention_input": "Unesite zadržavanje u časovima",
+    "custom_rotation_input": "Unesite rotaciju u časovima",
+    "protection_section_label": "Zaštita",
+    "log_and_stats_section_label": "Evidencija upita i statistika",
+    "ignore_query_log": "Zanemari ovog klijenta u evidenciji upita",
+    "ignore_statistics": "Zanemari ovog klijenta u statističkim podacima"
 }

client/src/__locales/sv.json

@@ -475,7 +475,9 @@
     "setup_dns_notice": "För att kunna använda <1>DNS-över-HTTPS</1> eller <1>DNS-över-TLS</1>, behöver du <0>konfigurera Kryptering</0> i AdGuard Home-inställningar.",
     "rewrite_added": "DNS-omskrivning för \"{{key}}\" lyckad",
     "rewrite_deleted": "DNS-omskrivning för \"{{key}}\" har tagits bort",
+    "rewrite_updated": "DNS-omskrivning har uppdaterats",
     "rewrite_add": "Lägg till DNS omskrivning",
+    "rewrite_edit": "Redigera DNS-omskrivning",
     "rewrite_not_found": "Inga DNS omskrivningar hittades",
     "rewrite_confirm_delete": "Är du säker på att du vill ta bort DNS-omskrivningen för \"{{key}}\"?",
     "rewrite_desc": "Gör det enkelt att konfigurera anpassat DNS svar för ett specifikt domännamn.",

client/src/__locales/tr.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "\"{{key}}\" istemcisini silmek istediğinizden emin misiniz?",
     "list_confirm_delete": "Bu listeyi silmek istediğinizden emin misiniz?",
     "auto_clients_title": "Çalışma zamanı istemcileri",
-    "auto_clients_desc": "Henüz AdGuard Home'u kullanabilecek Kalıcı istemciler listesinde olmayan cihazlar",
+    "auto_clients_desc": "AdGuard Home'u kullanan veya kullanabilecek cihazların IP adresleri hakkında bilgiler. Bu bilgiler, hosts dosyaları, ters DNS, vb. dahil olmak üzere çeşitli kaynaklardan toplanır.",
     "access_title": "Erişim ayarları",
     "access_desc": "AdGuard Home DNS sunucusu için erişim kurallarını buradan yapılandırabilirsiniz",
     "access_allowed_title": "İzin verilen istemciler",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "<1>DNS-over-HTTPS</1> veya <1>DNS-over-TLS</1> protokolünü kullanmak için AdGuard Home üzerinde <0>Şifreleme ayarları</0> bölümünden ayarları yapmanız gerekir.",
     "rewrite_added": "\"{{key}}\" için DNS yeniden yazımı başarıyla eklendi",
     "rewrite_deleted": "\"{{key}}\" için DNS yeniden yazımı başarıyla silindi",
+    "rewrite_updated": "DNS yeniden yazma başarıyla güncellendi",
     "rewrite_add": "DNS yeniden yazımı ekle",
+    "rewrite_edit": "DNS yeniden yazmayı düzenle",
     "rewrite_not_found": "DNS yeniden yazımı bulunamadı",
     "rewrite_confirm_delete": "\"{{key}}\" için DNS yeniden yazımını silmek istediğinize emin misiniz?",
     "rewrite_desc": "Belirli bir alan adı için özel DNS yanıtını kolayca yapılandırmanızı sağlar.",

client/src/__locales/uk.json

@@ -478,7 +478,9 @@
     "setup_dns_notice": "Для використання <1>DNS-over-HTTPS</1> або <1>DNS-over-TLS</1>, вам потрібно <0>налаштувати Шифрування</0> в налаштуваннях AdGuard Home.",
     "rewrite_added": "Перезапис DNS для «{{key}}» успішно додано",
     "rewrite_deleted": "Перезапис DNS для «{{key}}» успішно видалено",
+    "rewrite_updated": "Перезапис DNS успішно оновлено",
     "rewrite_add": "Додати перезапис DNS",
+    "rewrite_edit": "Редагувати перезапис DNS",
     "rewrite_not_found": "Перезаписів DNS не знайдено",
     "rewrite_confirm_delete": "Ви впевнені, що хочете видалити перезапис DNS для «{{key}}»?",
     "rewrite_desc": "Дозволяє легко налаштувати власну відповідь DNS для певного доменного імені.",

client/src/__locales/vi.json

@@ -1,5 +1,5 @@
 {
-    "client_settings": "Cài đặt máy khách",
+    "client_settings": "Cài đặt thiết bị",
     "example_upstream_reserved": "ngược dòng <0>cho các miền cụ thể</0>;",
     "example_upstream_comment": "một lời bình luận.",
     "upstream_parallel": "Sử dụng truy vấn song song để tăng tốc độ giải quyết bằng cách truy vấn đồng thời tất cả các máy chủ ngược tuyến",
@@ -167,6 +167,7 @@
     "enabled_parental_toast": "Đã bật quản lý của phụ huynh",
     "disabled_safe_search_toast": "Đã tắt tìm kiếm an toàn",
     "enabled_save_search_toast": "Đã bật tìm kiếm an toàn",
+    "updated_save_search_toast": "Cài đặt Tìm kiếm an toàn đã được cập nhật",
     "enabled_table_header": "Kích hoạt",
     "name_table_header": "Tên",
     "list_url_table_header": "URL bộ lọc",
@@ -256,12 +257,12 @@
     "query_log_cleared": "Nhật ký truy vấn đã được xóa thành công",
     "query_log_updated": "Cập nhật thành công nhật kí truy xuất",
     "query_log_clear": "Xóa nhật ký truy vấn",
-    "query_log_retention": "Lưu giữ nhật ký truy vấn",
+    "query_log_retention": "Xoay vòng nhật ký truy vấn",
     "query_log_enable": "Bật nhật ký",
     "query_log_configuration": "Cấu hình nhật ký",
     "query_log_disabled": "Nhật ký truy vấn bị vô hiệu hóa và có thể được định cấu hình trong <0>cài đặt</ 0>",
     "query_log_strict_search": "Sử dụng dấu ngoặc kép để tìm kiếm nghiêm ngặt",
-    "query_log_retention_confirm": "Bạn có chắc chắn muốn thay đổi lưu giữ nhật ký truy vấn? Nếu bạn giảm giá trị khoảng, một số dữ liệu sẽ bị mất",
+    "query_log_retention_confirm": "Bạn có chắc chắn muốn thay đổi xoay vòng nhật ký truy vấn không? Nếu bạn giảm giá trị khoảng thời gian, một số dữ liệu sẽ bị mất",
     "anonymize_client_ip": "Ẩn danh IP khách",
     "anonymize_client_ip_desc": "Không lưu địa chỉ IP đầy đủ của khách hàng trong nhật ký và thống kê",
     "dns_config": "Thiết lập máy chủ DNS",
@@ -290,6 +291,8 @@
     "rate_limit": "Giới hạn yêu cầu",
     "edns_enable": "Bật mạng con EDNS Client",
     "edns_cs_desc": "Thêm tùy chọn EDNS Client Subnet (ECS) vào các yêu cầu ngược dòng và ghi lại các giá trị được gửi bởi các máy khách trong nhật ký truy vấn.",
+    "edns_use_custom_ip": "Sử dụng địa chỉ IP tùy chỉnh cho EDNS",
+    "edns_use_custom_ip_desc": "Cho phép sử dụng địa chỉ IP tùy chỉnh cho EDNS",
     "rate_limit_desc": "Số lượng yêu cầu mỗi giây mà một khách hàng được phép thực hiện (0: không giới hạn)",
     "blocking_ipv4_desc": "Địa chỉ IP được trả lại cho một yêu cầu A bị chặn",
     "blocking_ipv6_desc": "Địa chỉ IP được trả lại cho một yêu cầu AAA bị chặn",
@@ -475,7 +478,9 @@
     "setup_dns_notice": "Để sử dụng <1>DNS-over-HTTPS</1> hoặc <1>DNS-over-TLS</1>, bạn cần <0>định cấu hình Mã hóa</0> trong cài đặt AdGuard Home.",
     "rewrite_added": "DNS viết lại cho \"{{key}}\" đã thêm thành công",
     "rewrite_deleted": "DNS viết lại cho \"{{key}}\" đã xóa thành công",
+    "rewrite_updated": "Viết lại DNS được cập nhật thành công",
     "rewrite_add": "Thêm DNS viết lại",
+    "rewrite_edit": "Chỉnh sửa viết lại DNS",
     "rewrite_not_found": "Không tìm thấy DNS viết lại",
     "rewrite_confirm_delete": "Bạn có chắc chắn muốn xóa DNS viết lại cho \"{{key}}\" không?",
     "rewrite_desc": "Cho phép dễ dàng định cấu hình tùy chỉnh DNS phản hồi cho một tên miền cụ thể.",
@@ -523,6 +528,10 @@
     "statistics_retention_confirm": "Bạn có chắc chắn muốn thay đổi lưu giữ số liệu thống kê? Nếu bạn giảm giá trị khoảng, một số dữ liệu sẽ bị mất",
     "statistics_cleared": "Xoá thống kê thành công",
     "statistics_enable": "Bật thống kê",
+    "ignore_domains": "Các miền bị bỏ qua (cách nhau bởi dòng mới)",
+    "ignore_domains_title": "Các miền bị bỏ qua",
+    "ignore_domains_desc_stats": "Các truy vấn cho các miền này sẽ không được ghi vào thống kê",
+    "ignore_domains_desc_query": "Các truy vấn cho các miền này sẽ không được ghi vào nhật ký truy vấn",
     "interval_hours": "{{count}} giờ",
     "interval_hours_plural": "{{count}} giờ",
     "filters_configuration": "Cấu hình bộ lọc",
@@ -643,5 +652,29 @@
     "confirm_dns_cache_clear": "Bạn có chắc chắn muốn xóa bộ đệm ẩn DNS không?",
     "cache_cleared": "Đã xóa thành công bộ đệm DNS",
     "clear_cache": "Xóa bộ nhớ cache",
-    "protection_section_label": "Sự bảo vệ"
+    "make_static": "Chuyển sang tĩnh",
+    "theme_auto_desc": "Tự động (dựa trên chủ đề màu của thiết bị của bạn)",
+    "theme_dark_desc": "Chủ đề tối",
+    "theme_light_desc": "Chủ đề sáng",
+    "disable_for_seconds": "Trong {{count}} giây",
+    "disable_for_seconds_plural": "Trong {{count}} giây",
+    "disable_for_minutes": "Trong {{count}} phút",
+    "disable_for_minutes_plural": "Trong {{count}} phút",
+    "disable_for_hours": "Trong {{count}} giờ",
+    "disable_for_hours_plural": "Trong {{count}} giờ",
+    "disable_until_tomorrow": "Cho đến ngày mai",
+    "disable_notify_for_seconds": "Tắt bảo vệ trong {{count}} giây",
+    "disable_notify_for_seconds_plural": "Tắt bảo vệ trong {{count}} giây",
+    "disable_notify_for_minutes": "Tắt bảo vệ trong {{count}} phút",
+    "disable_notify_for_minutes_plural": "Tắt bảo vệ trong {{count}} phút",
+    "disable_notify_for_hours": "Tắt bảo vệ trong {{count}} giờ",
+    "disable_notify_for_hours_plural": "Tắt bảo vệ trong {{count}} giờ",
+    "disable_notify_until_tomorrow": "Vô hiệu hóa bảo vệ cho đến ngày mai",
+    "enable_protection_timer": "Bảo vệ sẽ được bật trong {{time}}",
+    "custom_retention_input": "Nhập thời gian giữ lại theo giờ",
+    "custom_rotation_input": "Nhập chu kỳ theo giờ",
+    "protection_section_label": "Sự bảo vệ",
+    "log_and_stats_section_label": "Nhật ký truy vấn và thống kê",
+    "ignore_query_log": "Bỏ qua máy khách này trong nhật ký truy vấn",
+    "ignore_statistics": "Bỏ qua máy khách này trong thống kê"
 }

client/src/__locales/zh-cn.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "您确定要删除客户端 \"{{key}}\"？",
     "list_confirm_delete": "您确定要删除此列表吗？",
     "auto_clients_title": "客户端（运行时间）",
-    "auto_clients_desc": "不在可继续使用 AdGuard Home 的持久客户端列表中的设备。",
+    "auto_clients_desc": "有关正在使用或可能使用 AdGuard Home 的设备的 IP 地址的信息。此信息是从多个来源收集的，包括 hosts 文件、反向 DNS 等。",
     "access_title": "访问设置",
     "access_desc": "您可以在此处配置 AdGuard Home 的 DNS 服务器的访问规则",
     "access_allowed_title": "允许的客户端",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "为了使用 <1>DNS-over-HTTPS</1> 或者 <1>DNS-over-TLS</1> ，您需要在 AdGuard Home 设置中 <0>配置加密</0> 。",
     "rewrite_added": "已成功添加 \"{{key}}\" 的 DNS 重写",
     "rewrite_deleted": "已成功删除 \"{{key}}\" 的 DNS 重写",
+    "rewrite_updated": "DNS 重写已成功更新",
     "rewrite_add": "添加 DNS 重写",
+    "rewrite_edit": "编辑 DNS 重写",
     "rewrite_not_found": "未找到 DNS 重写",
     "rewrite_confirm_delete": "您确定要删除 \"{{key}}\" 的 DNS 重写？",
     "rewrite_desc": "可以轻松地为特定域名配置自定义 DNS 响应。",

client/src/__locales/zh-hk.json

@@ -48,6 +48,7 @@
     "out_of_range_error": "必須介於 \"{{start}}\" - \"{{end}}\" 範圍之外",
     "lower_range_start_error": "必須小於起始值",
     "greater_range_start_error": "必須大於起始值",
+    "gateway_or_subnet_invalid": "無效子網路",
     "dhcp_form_gateway_input": "閘道 IP 位址",
     "dhcp_form_subnet_input": "子網路遮罩",
     "dhcp_form_range_title": "IP 位址範圍",
@@ -163,7 +164,7 @@
     "disabled_parental_toast": "已停用家長監護",
     "enabled_parental_toast": "已啟用家長監護",
     "disabled_safe_search_toast": "已停用安全搜尋",
-    "enabled_save_search_toast": "已啟用安全搜尋",
+    "updated_save_search_toast": "已更新安全搜尋設定",
     "enabled_table_header": "啟用",
     "name_table_header": "名稱",
     "list_url_table_header": "清單 URL 網址",
@@ -195,6 +196,7 @@
     "form_error_url_or_path_format": "列表中含有的 URL 網址或絕對路徑",
     "custom_filter_rules": "自訂過濾規則",
     "custom_filter_rules_hint": "一行一條規則。您可以使用「adblock」語法或「hosts檔案」的語法。",
+    "system_host_files": "系統 hosts 檔案",
     "examples_title": "範例",
     "example_meaning_filter_block": "封鎖對 example.org 網域及其所有子網域的存取",
     "example_meaning_filter_whitelist": "解除對 example.org 網域及其所有子網域存取封鎖",
@@ -209,6 +211,10 @@
     "example_upstream_doq": "加密 <0>DNS-over-QUIC</0>",
     "example_upstream_sdns": "您可以使透過 <0>DNS Stamps</0> 來解析  <1>DNSCrypt</1> 或 <2>DNS-over-HTTPS</2>",
     "example_upstream_tcp": "一般 DNS（透過 TCP）",
+    "example_upstream_regular_port": "一般 DNS（透過 UDP，連接埠）",
+    "example_upstream_udp": "一般 DNS（透過 UDP，主機名稱）",
+    "example_upstream_tcp_port": "一般 DNS（透過 TCP，連接埠）",
+    "example_upstream_tcp_hostname": "一般 DNS（透過 TCP，主機名稱）",
     "all_lists_up_to_date_toast": "所有清單已更新至最新",
     "dns_test_ok_toast": "設定中的 DNS 上游運作正常",
     "dns_test_not_ok_toast": "DNS 設定中的 \"{{key}}\" 出現錯誤，請確認是否正確輸入",
@@ -279,6 +285,8 @@
     "rate_limit": "速率限制",
     "edns_enable": "啟用 EDNS Client Subnet",
     "edns_cs_desc": "傳送用戶端的子網路給 DNS 伺服器。",
+    "edns_use_custom_ip": "使用自訂 EDNS IP",
+    "edns_use_custom_ip_desc": "允許使用自訂 EDNS IP",
     "rate_limit_desc": "限制單一裝置每秒發出的查詢次數（設定為 0 即表示無限制）",
     "blocking_ipv4_desc": "回覆指定 IPv4 位址給被封鎖的網域的 A 紀錄查詢",
     "blocking_ipv6_desc": "回覆指定 IPv6 位址給被封鎖的網域的 AAAA 紀錄查詢",
@@ -287,6 +295,9 @@
     "blocking_mode_nxdomain": "NXDOMAIN：回應 NXDOMAIN 狀態碼",
     "blocking_mode_null_ip": "Null IP：回應零值的 IP 位址（A 紀錄回應 0.0.0.0 ，AAAA 紀錄回應 ::）",
     "blocking_mode_custom_ip": "自訂 IP 位址：回應一個自訂的 IP 位址",
+    "theme_auto": "自動",
+    "theme_light": "明亮",
+    "theme_dark": "深色",
     "upstream_dns_client_desc": "如果您將此欄位留白，AdGuard Home 將使用 <0>DNS 設定</0> 內的設定的 DNS 伺服器。",
     "tracker_source": "追蹤器來源",
     "source_label": "來源",
@@ -397,6 +408,7 @@
     "dns_providers": "下列為常見的<0> DNS 伺服器</0>。",
     "update_now": "立即更新",
     "update_failed": "自動更新發生錯誤。請嘗試依照<a>以下步驟</a> 來手動更新。",
+    "manual_update": "請嘗試依照<a>下列步驟</a>來手動更新。",
     "processing_update": "請稍候，AdGuard Home 正在更新",
     "clients_title": "用戶端",
     "clients_desc": "對已連接到 AdGuard Home 的裝置進行設定",
@@ -460,6 +472,7 @@
     "rewrite_added": "「{{key}}」的 DNS 覆寫新增成功",
     "rewrite_deleted": "「{{key}}」的 DNS 覆寫刪除成功",
     "rewrite_add": "新增 DNS 覆寫",
+    "rewrite_edit": "編輯 DNS 覆寫",
     "rewrite_not_found": "找不到 DNS 覆寫",
     "rewrite_confirm_delete": "您確定要刪除 \"{{key}}\" 的 DNS 覆寫？",
     "rewrite_desc": "提供簡單的方式對特定網域自訂 DNS 回應。",
@@ -493,6 +506,7 @@
     "interval_days": "{{count}} 天",
     "interval_days_plural": "{{count}} 天",
     "domain": "網域",
+    "ecs": "EDNS 子網",
     "punycode": "Punycode",
     "answer": "回應",
     "filter_added_successfully": "已成功新增清單",
@@ -505,6 +519,9 @@
     "statistics_clear_confirm": "您確定要清除統計資料嗎？",
     "statistics_retention_confirm": "您確定要更改統計資料保存時間嗎？如果您縮短期限部分資料可能將會遺失",
     "statistics_cleared": "已清除統計資料",
+    "statistics_enable": "啟用統計數據",
+    "ignore_domains": "已忽略網域（每行一個）",
+    "ignore_domains_title": "已忽略網域",
     "interval_hours": "{{count}} 小時",
     "interval_hours_plural": "{{count}} 小時",
     "filters_configuration": "過濾器設定",
@@ -613,5 +630,23 @@
     "original_response": "原始回應",
     "click_to_view_queries": "按一下以檢視查詢結果",
     "port_53_faq_link": "連接埠 53 經常被「DNSStubListener」或「systemd-resolved」服務佔用。請閱讀下列有關解決<0>這個問題</0>的說明",
-    "adg_will_drop_dns_queries": "AdGuard Home 將停止回應此用戶端的所有 DNS 查詢。"
+    "adg_will_drop_dns_queries": "AdGuard Home 將停止回應此用戶端的所有 DNS 查詢。",
+    "safe_browsing": "安全瀏覽",
+    "served_from_cache": "{{value}} <i>(由快取回應)</i>",
+    "form_error_password_length": "密碼必須至少 {{value}} 個字元長度",
+    "make_static": "新增為靜態",
+    "theme_dark_desc": "深色主題",
+    "theme_light_desc": "淺色主題",
+    "disable_for_seconds": "{{count}} 秒",
+    "disable_for_seconds_plural": "{{count}} 秒",
+    "disable_for_minutes": "{{count}} 分鐘",
+    "disable_for_minutes_plural": "{{count}} 分鐘",
+    "disable_for_hours": "{{count}} 小時",
+    "disable_for_hours_plural": "{{count}} 小時",
+    "disable_until_tomorrow": "直到明天",
+    "disable_notify_for_seconds": "暫停防護 {{count}} 秒",
+    "disable_notify_for_seconds_plural": "暫停防護 {{count}} 秒",
+    "disable_notify_for_minutes": "暫停防護 {{count}} 分鐘",
+    "disable_notify_for_minutes_plural": "暫停防護 {{count}} 分鐘",
+    "disable_notify_for_hours": "暫停防護 {{count}} 小時"
 }

client/src/__locales/zh-tw.json

@@ -444,7 +444,7 @@
     "client_confirm_delete": "您確定您想要刪除用戶端 \"{{key}}\" 嗎？",
     "list_confirm_delete": "您確定您想要刪除該清單嗎？",
     "auto_clients_title": "執行時期用戶端",
-    "auto_clients_desc": "未於可能仍然使用 AdGuard Home 的持續性用戶端之清單上的裝置",
+    "auto_clients_desc": "AdGuard Home 使用或可能使用的裝置的 IP 地址資訊。這些資訊來自多個來源，包括主機檔案、反向 DNS 等。",
     "access_title": "存取設定",
     "access_desc": "於此您可配置用於 AdGuard Home DNS 伺服器之存取規則",
     "access_allowed_title": "已允許的用戶端",
@@ -478,7 +478,9 @@
     "setup_dns_notice": "為了使用 <1>DNS-over-HTTPS</1> 或 <1>DNS-over-TLS</1>，您需要在 AdGuard Home 設定裡<0>配置加密</0>。",
     "rewrite_added": "對於 \"{{key}}\" 之 DNS 改寫被成功地加入",
     "rewrite_deleted": "對於 \"{{key}}\" 之 DNS 改寫被成功地刪除",
+    "rewrite_updated": "DNS 重寫已成功更新",
     "rewrite_add": "新增 DNS 改寫",
+    "rewrite_edit": "編輯 DNS 重寫",
     "rewrite_not_found": "無已發現之 DNS 改寫",
     "rewrite_confirm_delete": "您確定您想要刪除對於 \"{{key}}\" 之 DNS 改寫嗎？",
     "rewrite_desc": "允許輕易地配置自訂的 DNS 回應供特定的域名。",

client/src/actions/rewrites.js

@@ -38,6 +38,29 @@ export const addRewrite = (config) => async (dispatch) => {
     }
 };
 
+export const updateRewriteRequest = createAction('UPDATE_REWRITE_REQUEST');
+export const updateRewriteFailure = createAction('UPDATE_REWRITE_FAILURE');
+export const updateRewriteSuccess = createAction('UPDATE_REWRITE_SUCCESS');
+
+/**
+ * @param {Object} config
+ * @param {string} config.target - current DNS rewrite value
+ * @param {string} config.update - updated DNS rewrite value
+ */
+export const updateRewrite = (config) => async (dispatch) => {
+    dispatch(updateRewriteRequest());
+    try {
+        await apiClient.updateRewrite(config);
+        dispatch(updateRewriteSuccess());
+        dispatch(toggleRewritesModal());
+        dispatch(getRewritesList());
+        dispatch(addSuccessToast(i18next.t('rewrite_updated', { key: config.domain })));
+    } catch (error) {
+        dispatch(addErrorToast({ error }));
+        dispatch(updateRewriteFailure());
+    }
+};
+
 export const deleteRewriteRequest = createAction('DELETE_REWRITE_REQUEST');
 export const deleteRewriteFailure = createAction('DELETE_REWRITE_FAILURE');
 export const deleteRewriteSuccess = createAction('DELETE_REWRITE_SUCCESS');

client/src/api/Api.js

@@ -455,6 +455,8 @@ class Api {
 
     REWRITE_ADD = { path: 'rewrite/add', method: 'POST' };
 
+    REWRITE_UPDATE = { path: 'rewrite/update', method: 'PUT' };
+
     REWRITE_DELETE = { path: 'rewrite/delete', method: 'POST' };
 
     getRewritesList() {
@@ -470,6 +472,14 @@ class Api {
         return this.makeRequest(path, method, parameters);
     }
 
+    updateRewrite(config) {
+        const { path, method } = this.REWRITE_UPDATE;
+        const parameters = {
+            data: config,
+        };
+        return this.makeRequest(path, method, parameters);
+    }
+
     deleteRewrite(config) {
         const { path, method } = this.REWRITE_DELETE;
         const parameters = {

client/src/components/Dashboard/Counters.js

@@ -6,7 +6,7 @@ import { shallowEqual, useSelector } from 'react-redux';
 import Card from '../ui/Card';
 import { formatNumber } from '../../helpers/helpers';
 import LogsSearchLink from '../ui/LogsSearchLink';
-import { RESPONSE_FILTER } from '../../helpers/constants';
+import { RESPONSE_FILTER, DAY } from '../../helpers/constants';
 import Tooltip from '../ui/Tooltip';
 
 const Row = ({
@@ -54,12 +54,12 @@ const Counters = ({ refreshButton, subtitle }) => {
         avgProcessingTime,
     } = useSelector((state) => state.stats, shallowEqual);
     const { t } = useTranslation();
-
+    const days = interval / DAY;
     const rows = [
         {
             label: 'dns_query',
             count: numDnsQueries,
-            tooltipTitle: interval === 1 ? 'number_of_dns_query_24_hours' : t('number_of_dns_query_days', { count: interval }),
+            tooltipTitle: days === 1 ? 'number_of_dns_query_24_hours' : t('number_of_dns_query_days', { count: days }),
             response_status: RESPONSE_FILTER.ALL.QUERY,
         },
         {

client/src/components/Filters/Rewrites/Form.js

@@ -105,6 +105,7 @@ Form.propTypes = {
     submitting: PropTypes.bool.isRequired,
     processingAdd: PropTypes.bool.isRequired,
     t: PropTypes.func.isRequired,
+    initialValues: PropTypes.object,
 };
 
 export default flow([

client/src/components/Filters/Rewrites/Modal.js

@@ -3,6 +3,7 @@ import PropTypes from 'prop-types';
 import { Trans, withTranslation } from 'react-i18next';
 import ReactModal from 'react-modal';
 
+import { MODAL_TYPE } from '../../../helpers/constants';
 import Form from './Form';
 
 const Modal = (props) => {
@@ -12,6 +13,8 @@ const Modal = (props) => {
         toggleRewritesModal,
         processingAdd,
         processingDelete,
+        modalType,
+        currentRewrite,
     } = props;
 
     return (
@@ -24,13 +27,18 @@ const Modal = (props) => {
             <div className="modal-content">
                 <div className="modal-header">
                     <h4 className="modal-title">
-                        <Trans>rewrite_add</Trans>
+                        {modalType === MODAL_TYPE.EDIT_REWRITE ? (
+                            <Trans>rewrite_edit</Trans>
+                        ) : (
+                            <Trans>rewrite_add</Trans>
+                        )}
                     </h4>
                     <button type="button" className="close" onClick={() => toggleRewritesModal()}>
                         <span className="sr-only">Close</span>
                     </button>
                 </div>
                 <Form
+                    initialValues={{ ...currentRewrite }}
                     onSubmit={handleSubmit}
                     toggleRewritesModal={toggleRewritesModal}
                     processingAdd={processingAdd}
@@ -47,6 +55,8 @@ Modal.propTypes = {
     toggleRewritesModal: PropTypes.func.isRequired,
     processingAdd: PropTypes.bool.isRequired,
     processingDelete: PropTypes.bool.isRequired,
+    modalType: PropTypes.string.isRequired,
+    currentRewrite: PropTypes.object,
 };
 
 export default withTranslation()(Modal);

client/src/components/Filters/Rewrites/Table.js

@@ -3,6 +3,7 @@ import PropTypes from 'prop-types';
 import ReactTable from 'react-table';
 import { withTranslation } from 'react-i18next';
 import { sortIp } from '../../../helpers/helpers';
+import { MODAL_TYPE } from '../../../helpers/constants';
 
 class Table extends Component {
     cellWrap = ({ value }) => (
@@ -31,24 +32,44 @@ class Table extends Component {
             maxWidth: 100,
             sortable: false,
             resizable: false,
-            Cell: (value) => (
-                <div className="logs__row logs__row--center">
-                    <button
-                        type="button"
-                        className="btn btn-icon btn-icon--green btn-outline-secondary btn-sm"
-                        onClick={() => this.props.handleDelete({
-                            answer: value.row.answer,
-                            domain: value.row.domain,
-                        })
-                        }
-                        title={this.props.t('delete_table_action')}
-                    >
-                        <svg className="icons">
-                            <use xlinkHref="#delete" />
-                        </svg>
-                    </button>
-                </div>
-            ),
+            Cell: (value) => {
+                const currentRewrite = {
+                    answer: value.row.answer,
+                    domain: value.row.domain,
+                };
+
+                return (
+                    <div className="logs__row logs__row--center">
+                        <button
+                            type="button"
+                            className="btn btn-icon btn-outline-primary btn-sm mr-2"
+                            onClick={() => {
+                                this.props.toggleRewritesModal({
+                                    type: MODAL_TYPE.EDIT_REWRITE,
+                                    currentRewrite,
+                                });
+                            }}
+                            disabled={this.props.processingUpdate}
+                            title={this.props.t('edit_table_action')}
+                        >
+                            <svg className="icons icon12">
+                                <use xlinkHref="#edit" />
+                            </svg>
+                        </button>
+
+                        <button
+                            type="button"
+                            className="btn btn-icon btn-outline-secondary btn-sm"
+                            onClick={() => this.props.handleDelete(currentRewrite)}
+                            title={this.props.t('delete_table_action')}
+                        >
+                            <svg className="icons">
+                                <use xlinkHref="#delete" />
+                            </svg>
+                        </button>
+                    </div>
+                );
+            },
         },
     ];
 
@@ -84,7 +105,9 @@ Table.propTypes = {
     processing: PropTypes.bool.isRequired,
     processingAdd: PropTypes.bool.isRequired,
     processingDelete: PropTypes.bool.isRequired,
+    processingUpdate: PropTypes.bool.isRequired,
     handleDelete: PropTypes.func.isRequired,
+    toggleRewritesModal: PropTypes.func.isRequired,
 };
 
 export default withTranslation()(Table);

client/src/components/Filters/Rewrites/index.js

@@ -6,16 +6,13 @@ import Table from './Table';
 import Modal from './Modal';
 import Card from '../../ui/Card';
 import PageTitle from '../../ui/PageTitle';
+import { MODAL_TYPE } from '../../../helpers/constants';
 
 class Rewrites extends Component {
     componentDidMount() {
         this.props.getRewritesList();
     }
 
-    handleSubmit = (values) => {
-        this.props.addRewrite(values);
-    };
-
     handleDelete = (values) => {
         // eslint-disable-next-line no-alert
         if (window.confirm(this.props.t('rewrite_confirm_delete', { key: values.domain }))) {
@@ -23,6 +20,19 @@ class Rewrites extends Component {
         }
     };
 
+    handleSubmit = (values) => {
+        const { modalType, currentRewrite } = this.props.rewrites;
+
+        if (modalType === MODAL_TYPE.EDIT_REWRITE && currentRewrite) {
+            this.props.updateRewrite({
+                target: currentRewrite,
+                update: values,
+            });
+        } else {
+            this.props.addRewrite(values);
+        }
+    };
+
     render() {
         const {
             t,
@@ -36,6 +46,9 @@ class Rewrites extends Component {
             processing,
             processingAdd,
             processingDelete,
+            processingUpdate,
+            modalType,
+            currentRewrite,
         } = rewrites;
 
         return (
@@ -54,13 +67,15 @@ class Rewrites extends Component {
                             processing={processing}
                             processingAdd={processingAdd}
                             processingDelete={processingDelete}
+                            processingUpdate={processingUpdate}
                             handleDelete={this.handleDelete}
+                            toggleRewritesModal={toggleRewritesModal}
                         />
 
                         <button
                             type="button"
                             className="btn btn-success btn-standard mt-3"
-                            onClick={() => toggleRewritesModal()}
+                            onClick={() => toggleRewritesModal({ type: MODAL_TYPE.ADD_REWRITE })}
                             disabled={processingAdd}
                         >
                             <Trans>rewrite_add</Trans>
@@ -68,10 +83,13 @@ class Rewrites extends Component {
 
                         <Modal
                             isModalOpen={isModalOpen}
+                            modalType={modalType}
                             toggleRewritesModal={toggleRewritesModal}
                             handleSubmit={this.handleSubmit}
                             processingAdd={processingAdd}
                             processingDelete={processingDelete}
+                            processingUpdate={processingUpdate}
+                            currentRewrite={currentRewrite}
                         />
                     </Fragment>
                 </Card>
@@ -86,6 +104,7 @@ Rewrites.propTypes = {
     toggleRewritesModal: PropTypes.func.isRequired,
     addRewrite: PropTypes.func.isRequired,
     deleteRewrite: PropTypes.func.isRequired,
+    updateRewrite: PropTypes.func.isRequired,
     rewrites: PropTypes.object.isRequired,
 };
 

client/src/components/Filters/Table.js

@@ -48,6 +48,7 @@ class Table extends Component {
             Header: <Trans>list_url_table_header</Trans>,
             accessor: 'url',
             minWidth: 180,
+            // eslint-disable-next-line react/prop-types
             Cell: ({ value }) => (
                 <div className="logs__row">
                     {isValidAbsolutePath(value) ? value

client/src/components/ProtectionTimer/index.js

@@ -32,6 +32,8 @@ const ProtectionTimer = ({
 };
 
 ProtectionTimer.propTypes = {
+    protectionDisabledDuration: PropTypes.number,
+    toggleProtectionSuccess: PropTypes.func.isRequired,
     setProtectionTimerTime: PropTypes.func.isRequired,
 };
 

client/src/components/Settings/Clients/ClientsTable/ClientsTable.js

@@ -57,7 +57,7 @@ const ClientsTable = ({
     };
 
     const handleSubmit = (values) => {
-        const config = values;
+        const config = { ...values };
 
         if (values) {
             if (values.blocked_services) {

client/src/components/Settings/LogsConfig/Form.js

@@ -27,7 +27,6 @@ import {
 } from '../../../helpers/constants';
 import '../FormButton.css';
 
-
 const getIntervalTitle = (interval, t) => {
     switch (interval) {
         case RETENTION_CUSTOM:

client/src/components/Settings/StatsConfig/Form.js

@@ -7,7 +7,6 @@ import { Trans, withTranslation } from 'react-i18next';
 import flow from 'lodash/flow';
 import { connect } from 'react-redux';
 
-
 import {
     renderRadioField,
     toNumber,

client/src/components/ui/Icons.js

@@ -1,3 +1,4 @@
+/* eslint-disable react/no-unknown-property */
 import React from 'react';
 
 import './Icons.css';

client/src/containers/DnsRewrites.js

@@ -3,6 +3,7 @@ import {
     getRewritesList,
     addRewrite,
     deleteRewrite,
+    updateRewrite,
     toggleRewritesModal,
 } from '../actions/rewrites';
 import Rewrites from '../components/Filters/Rewrites';
@@ -17,6 +18,7 @@ const mapDispatchToProps = {
     getRewritesList,
     addRewrite,
     deleteRewrite,
+    updateRewrite,
     toggleRewritesModal,
 };
 

client/src/helpers/constants.js

@@ -173,6 +173,8 @@ export const MODAL_TYPE = {
     ADD_FILTERS: 'ADD_FILTERS',
     EDIT_FILTERS: 'EDIT_FILTERS',
     CHOOSE_FILTERING_LIST: 'CHOOSE_FILTERING_LIST',
+    ADD_REWRITE: 'ADD_REWRITE',
+    EDIT_REWRITE: 'EDIT_REWRITE',
 };
 
 export const CLIENT_ID = {

client/src/helpers/filters/filters.js

@@ -64,12 +64,6 @@ export default {
             "homepage": "https://github.com/MasterKia/PersianBlocker",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_19.txt"
         },
-        "ITA_filtri_dns": {
-            "name": "ITA: Filtri-DNS",
-            "categoryId": "regional",
-            "homepage": "https://filtri-dns.ga/",
-            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt"
-        },
         "KOR_list_kr": {
             "name": "KOR: List-KR DNS",
             "categoryId": "regional",
@@ -166,14 +160,20 @@ export default {
             "homepage": "https://github.com/DandelionSprout/adfilt",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt"
         },
+        "dandelion_sprouts_anti_push_notifications": {
+            "name": "Dandelion Sprout's Anti Push Notifications",
+            "categoryId": "other",
+            "homepage": "https://github.com/DandelionSprout/adfilt",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_39.txt"
+        },
         "dandelion_sprouts_game_console_adblock_list": {
             "name": "Dandelion Sprout's Game Console Adblock List",
             "categoryId": "other",
             "homepage": "https://github.com/DandelionSprout/adfilt",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_6.txt"
         },
-        "hagezi_personal": {
-            "name": "HaGeZi Personal Black \u0026 White",
+        "hagezi_multinormal": {
+            "name": "HaGeZi Multi NORMAL",
             "categoryId": "general",
             "homepage": "https://github.com/hagezi/dns-blocklists",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_34.txt"

client/src/helpers/helpers.js

@@ -845,7 +845,6 @@ export const sortIp = (a, b) => {
     }
 };
 
-
 /**
  * @param {number} filterId
  * @returns {string}

client/src/reducers/rewrites.js

@@ -30,7 +30,27 @@ const rewrites = handleActions(
         [actions.deleteRewriteFailure]: (state) => ({ ...state, processingDelete: false }),
         [actions.deleteRewriteSuccess]: (state) => ({ ...state, processingDelete: false }),
 
-        [actions.toggleRewritesModal]: (state) => {
+        [actions.updateRewriteRequest]: (state) => ({ ...state, processingUpdate: true }),
+        [actions.updateRewriteFailure]: (state) => ({ ...state, processingUpdate: false }),
+        [actions.updateRewriteSuccess]: (state) => {
+            const newState = {
+                ...state,
+                processingUpdate: false,
+            };
+            return newState;
+        },
+
+        [actions.toggleRewritesModal]: (state, { payload }) => {
+            if (payload) {
+                const newState = {
+                    ...state,
+                    modalType: payload.type || '',
+                    isModalOpen: !state.isModalOpen,
+                    currentRewrite: payload.currentRewrite,
+                };
+                return newState;
+            }
+
             const newState = {
                 ...state,
                 isModalOpen: !state.isModalOpen,
@@ -42,7 +62,10 @@ const rewrites = handleActions(
         processing: true,
         processingAdd: false,
         processingDelete: false,
+        processingUpdate: false,
         isModalOpen: false,
+        modalType: '',
+        currentRewrite: {},
         list: [],
     },
 );

docker/Dockerfile

@@ -1,6 +1,6 @@
 # A docker file for scripts/make/build-docker.sh.
 
-FROM alpine:3.17
+FROM alpine:3.18
 
 ARG BUILD_DATE
 ARG VERSION
@@ -25,8 +25,6 @@ RUN apk --no-cache add ca-certificates libcap tzdata && \
 	mkdir -p /opt/adguardhome/conf /opt/adguardhome/work && \
 	chown -R nobody: /opt/adguardhome
 
-RUN apk --no-cache add tini
-
 ARG DIST_DIR
 ARG TARGETARCH
 ARG TARGETOS
@@ -43,45 +41,19 @@ RUN setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome
 # 68     :      UDP : DHCP (client)
 # 80     : TCP      : HTTP (main)
 # 443    : TCP, UDP : HTTPS, DNS-over-HTTPS (incl. HTTP/3), DNSCrypt (main)
-# 784    :      UDP : DNS-over-QUIC (experimental)
 # 853    : TCP, UDP : DNS-over-TLS, DNS-over-QUIC
 # 3000   : TCP, UDP : HTTP(S) (alt, incl. HTTP/3)
-# 3001   : TCP, UDP : HTTP(S) (beta, incl. HTTP/3)
 # 5443   : TCP, UDP : DNSCrypt (alt)
 # 6060   : TCP      : HTTP (pprof)
-# 8853   :      UDP : DNS-over-QUIC (experimental)
-#
-# TODO(a.garipov): Remove the old, non-standard 784 and 8853 ports for
-# DNS-over-QUIC in a future release.
-EXPOSE 53/tcp 53/udp 67/udp 68/udp 80/tcp 443/tcp 443/udp 784/udp\
-	853/tcp 853/udp 3000/tcp 3000/udp 5443/tcp\
-	5443/udp 6060/tcp 8853/udp
+EXPOSE 53/tcp 53/udp 67/udp 68/udp 80/tcp 443/tcp 443/udp 853/tcp\
+	853/udp 3000/tcp 3000/udp 5443/tcp 5443/udp 6060/tcp
 
 WORKDIR /opt/adguardhome/work
 
-# Install helpers for healthcheck.
-COPY --chown=nobody:nogroup\
-	./${DIST_DIR}/docker/scripts\
-	/opt/adguardhome/scripts
-
-HEALTHCHECK \
-	--interval=30s \
-	--timeout=10s \
-	--retries=3 \
-	CMD [ "/opt/adguardhome/scripts/healthcheck.sh" ]
-
-# It seems that the healthckech script sometimes spawns zombie processes, so we
-# need a way to handle them, since AdGuard Home doesn't know how to keep track
-# of the processes delegated to it by the OS.  Use tini as entry point because
-# it needs the PID=1 to be the default parent for orphaned processes.
-#
-# See https://github.com/adguardTeam/adGuardHome/issues/3290.
-ENTRYPOINT [ "/sbin/tini", "--" ]
+ENTRYPOINT ["/opt/adguardhome/AdGuardHome"]
 
 CMD [ \
-	"/opt/adguardhome/AdGuardHome", \
 	"--no-check-update", \
 	"-c", "/opt/adguardhome/conf/AdGuardHome.yaml", \
-	"-h", "0.0.0.0", \
 	"-w", "/opt/adguardhome/work" \
 ]

docker/dns-bind.awk

@@ -1,29 +0,0 @@
-/^[^[:space:]]/ { is_dns = /^dns:/ }
-
-/^[[:space:]]+bind_hosts:/ { if (is_dns) prev_line = FNR }
-
-/^[[:space:]]+- .+/ {
-    if (FNR - prev_line == 1) {
-        addrs[$2] = true
-        prev_line = FNR
-
-        if ($2 == "0.0.0.0" || $2 == "'::'") {
-            # Drop all the other addresses.
-            delete addrs
-            addrs[""] = true
-            prev_line = -1
-        }
-    }
-}
-
-/^[[:space:]]+port:/ { if (is_dns) port = $2 }
-
-END {
-    for (addr in addrs) {
-        if (match(addr, ":")) {
-            print "[" addr "]:" port
-        } else {
-            print addr ":" port
-        }
-    }
-}

docker/healthcheck.sh

@@ -1,107 +0,0 @@
-#!/bin/sh
-
-# AdGuard Home Docker healthcheck script
-
-# Exit the script if a pipeline fails (-e), prevent accidental filename
-# expansion (-f), and consider undefined variables as errors (-u).
-set -e -f -u
-
-# Function error_exit is an echo wrapper that writes to stderr and stops the
-# script execution with code 1.
-error_exit() {
-	echo "$1" 1>&2
-
-	exit 1
-}
-
-agh_dir="/opt/adguardhome"
-readonly agh_dir
-
-filename="${agh_dir}/conf/AdGuardHome.yaml"
-readonly filename
-
-if ! [ -f "$filename" ]
-then
-    wget "http://127.0.0.1:3000" -O /dev/null -q || exit 1
-
-    exit 0
-fi
-
-help_dir="${agh_dir}/scripts"
-readonly help_dir
-
-# Parse web host
-
-web_url="$( awk -f "${help_dir}/web-bind.awk" "$filename" )"
-readonly web_url
-
-if [ "$web_url" = '' ]
-then
-    error_exit "no web bindings could be retrieved from $filename"
-fi
-
-# TODO(e.burkov):  Deal with 0 port.
-case "$web_url"
-in
-(*':0')
-    error_exit '0 in web port is not supported by healthcheck'
-    ;;
-(*)
-    # Go on.
-    ;;
-esac
-
-# Parse DNS hosts
-
-dns_hosts="$( awk -f "${help_dir}/dns-bind.awk" "$filename" )"
-readonly dns_hosts
-
-if [ "$dns_hosts" = '' ]
-then
-    error_exit "no DNS bindings could be retrieved from $filename"
-fi
-
-first_dns="$( echo "$dns_hosts" | head -n 1 )"
-readonly first_dns
-
-# TODO(e.burkov):  Deal with 0 port.
-case "$first_dns"
-in
-(*':0')
-    error_exit '0 in DNS port is not supported by healthcheck'
-    ;;
-(*)
-    # Go on.
-    ;;
-esac
-
-# Check
-
-# Skip SSL certificate validation since there is no guarantee the container
-# trusts the one used.  It should be safe to drop the SSL validation since the
-# current script intended to be used from inside the container and only checks
-# the endpoint availability, ignoring the content of the response.
-#
-# See https://github.com/AdguardTeam/AdGuardHome/issues/5642.
-wget --no-check-certificate "$web_url" -O /dev/null -q || exit 1
-
-test_fqdn="healthcheck.adguardhome.test."
-readonly test_fqdn
-
-# The awk script currently returns only port prefixed with colon in case of
-# unspecified address.
-case "$first_dns"
-in
-(':'*)
-    nslookup -type=a "$test_fqdn" "127.0.0.1${first_dns}" > /dev/null ||\
-    nslookup -type=a "$test_fqdn" "[::1]${first_dns}" > /dev/null ||\
-        error_exit "nslookup failed for $host"
-    ;;
-(*)
-    echo "$dns_hosts" | while read -r host
-    do
-        nslookup -type=a "$test_fqdn" "$host" > /dev/null ||\
-            error_exit "nslookup failed for $host"
-    done
-    ;;
-esac

docker/web-bind.awk

@@ -1,13 +0,0 @@
-# Don't consider the HTTPS hostname since the enforced HTTPS redirection should
-# work if the SSL check skipped.  See file docker/healthcheck.sh.
-/^bind_host:/ { host = $2 }
-
-/^bind_port:/ { port = $2 }
-
-END {
-    if (match(host, ":")) {
-        print "http://[" host "]:" port
-     } else {
-        print "http://" host ":" port
-    }
-}

go.mod

@@ -3,8 +3,8 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.19
 
 require (
-	github.com/AdguardTeam/dnsproxy v0.50.2
-	github.com/AdguardTeam/golibs v0.13.3
+	github.com/AdguardTeam/dnsproxy v0.52.0
+	github.com/AdguardTeam/golibs v0.13.6
 	github.com/AdguardTeam/urlfilter v0.16.1
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.2.7
@@ -15,9 +15,9 @@ require (
 	github.com/go-ping/ping v1.1.0
 	github.com/google/go-cmp v0.5.9
 	github.com/google/gopacket v1.1.19
-	github.com/google/renameio v1.0.1
+	github.com/google/renameio/v2 v2.0.0
 	github.com/google/uuid v1.3.0
-	github.com/insomniacslk/dhcp v0.0.0-20230516061539-49801966e6cb
+	github.com/insomniacslk/dhcp v0.0.0-20230612134759-b20c9ba983df
 	github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86
 	github.com/kardianos/service v1.2.2
 	github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118
@@ -26,15 +26,15 @@ require (
 	// TODO(a.garipov): This package is deprecated; find a new one or use our
 	// own code for that.  Perhaps, use gopacket.
 	github.com/mdlayher/raw v0.1.0
-	github.com/miekg/dns v1.1.54
-	github.com/quic-go/quic-go v0.35.1
+	github.com/miekg/dns v1.1.55
+	github.com/quic-go/quic-go v0.36.1
 	github.com/stretchr/testify v1.8.4
 	github.com/ti-mo/netfilter v0.5.0
 	go.etcd.io/bbolt v1.3.7
-	golang.org/x/crypto v0.10.0
-	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
-	golang.org/x/net v0.11.0
-	golang.org/x/sys v0.9.0
+	golang.org/x/crypto v0.11.0
+	golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1
+	golang.org/x/net v0.12.0
+	golang.org/x/sys v0.10.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gopkg.in/yaml.v3 v3.0.1
 	howett.net/plist v1.0.0
@@ -50,17 +50,17 @@ require (
 	github.com/golang/mock v1.6.0 // indirect
 	github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 // indirect
 	github.com/mdlayher/socket v0.4.1 // indirect
-	github.com/onsi/ginkgo/v2 v2.10.0 // indirect
+	github.com/onsi/ginkgo/v2 v2.11.0 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
-	github.com/pierrec/lz4/v4 v4.1.17 // indirect
+	github.com/pierrec/lz4/v4 v4.1.18 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/quic-go/qpack v0.4.0 // indirect
 	github.com/quic-go/qtls-go1-19 v0.3.2 // indirect
 	github.com/quic-go/qtls-go1-20 v0.2.2 // indirect
 	github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 // indirect
-	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/sync v0.2.0 // indirect
-	golang.org/x/text v0.10.0 // indirect
-	golang.org/x/tools v0.9.3 // indirect
+	golang.org/x/mod v0.11.0 // indirect
+	golang.org/x/sync v0.3.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
+	golang.org/x/tools v0.10.0 // indirect
 )

go.sum

@@ -1,9 +1,9 @@
-github.com/AdguardTeam/dnsproxy v0.50.2 h1:p1471SsMZ6SMo7T51Olw4aNluahvMwSLMorwxYV18ts=
-github.com/AdguardTeam/dnsproxy v0.50.2/go.mod h1:CQhZTkqC8X0ID6glrtyaxgqRRdiYfn1gJulC1cZ5Dn8=
+github.com/AdguardTeam/dnsproxy v0.52.0 h1:uZxCXflHSAwtJ7uTYXP6qgWcxaBsH0pJvldpwTqIDJk=
+github.com/AdguardTeam/dnsproxy v0.52.0/go.mod h1:Jo2zeRe97Rxt3yikXc+fn0LdLtqCj0Xlyh1PNBj6bpM=
 github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
-github.com/AdguardTeam/golibs v0.13.3 h1:RT3QbzThtaLiFLkIUDS6/hlGEXrh0zYvdf4bd7UWpGo=
-github.com/AdguardTeam/golibs v0.13.3/go.mod h1:wkJ6EUsN4np/9Gp7+9QeooY9E2U2WCLJYAioLCzkHsI=
+github.com/AdguardTeam/golibs v0.13.6 h1:z/0Q25pRLdaQxtoxvfSaooz5mdv8wj0R8KREj54q8yQ=
+github.com/AdguardTeam/golibs v0.13.6/go.mod h1:hOtcb8dPfKcFjWTPA904hTA4dl1aWvzeebdJpE72IPk=
 github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU=
 github.com/AdguardTeam/urlfilter v0.16.1 h1:ZPi0rjqo8cQf2FVdzo6cqumNoHZx2KPXj2yZa1A5BBw=
 github.com/AdguardTeam/urlfilter v0.16.1/go.mod h1:46YZDOV1+qtdRDuhZKVPSSp7JWWes0KayqHrKAFBdEI=
@@ -52,14 +52,14 @@ github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF
 github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs=
 github.com/google/pprof v0.0.0-20230602150820-91b7bce49751/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA=
-github.com/google/renameio v1.0.1 h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU=
-github.com/google/renameio v1.0.1/go.mod h1:t/HQoYBZSsWSNK35C6CO/TpPLDVWvxOHboWUAweKUpk=
+github.com/google/renameio/v2 v2.0.0 h1:UifI23ZTGY8Tt29JbYFiuyIU3eX+RNFtUwefq9qAhxg=
+github.com/google/renameio/v2 v2.0.0/go.mod h1:BtmJXm5YlszgC+TD4HOEEUFgkJP3nLxehU6hfe7jRt4=
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8CrSJVmaolDVOxTfS9kc36uB6H40kdbQq8=
-github.com/insomniacslk/dhcp v0.0.0-20230516061539-49801966e6cb h1:6fDKEAXwe3rsfS4khW3EZ8kEqmSiV9szhMPcDrD+Y7Q=
-github.com/insomniacslk/dhcp v0.0.0-20230516061539-49801966e6cb/go.mod h1:7474bZ1YNCvarT6WFKie4kEET6J0KYRDC4XJqqXzQW4=
+github.com/insomniacslk/dhcp v0.0.0-20230612134759-b20c9ba983df h1:pF1MMIzEJzJ/MyI4bXYXVYyN8CJgoQ2PPKT2z3O/Cl4=
+github.com/insomniacslk/dhcp v0.0.0-20230612134759-b20c9ba983df/go.mod h1:7474bZ1YNCvarT6WFKie4kEET6J0KYRDC4XJqqXzQW4=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
 github.com/josharian/native v1.0.1-0.20221213033349-c1e37c09b531/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
@@ -85,18 +85,18 @@ github.com/mdlayher/socket v0.2.1/go.mod h1:QLlNPkFR88mRUNQIzRBMfXxwKal8H7u1h3bL
 github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U=
 github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA=
 github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
-github.com/miekg/dns v1.1.54 h1:5jon9mWcb0sFJGpnI99tOMhCPyJ+RPVz5b63MQG0VWI=
-github.com/miekg/dns v1.1.54/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
+github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
+github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/onsi/ginkgo/v2 v2.10.0 h1:sfUl4qgLdvkChZrWCYndY2EAu9BRIw1YphNAzy1VNWs=
-github.com/onsi/ginkgo/v2 v2.10.0/go.mod h1:UDQOh5wbQUlMnkLfVaIUMtQ1Vus92oM+P2JX1aulgcE=
-github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU=
+github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
+github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
+github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pierrec/lz4/v4 v4.1.14/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
-github.com/pierrec/lz4/v4 v4.1.17 h1:kV4Ip+/hUBC+8T6+2EgburRtkE9ef4nbY3f4dFhGjMc=
-github.com/pierrec/lz4/v4 v4.1.17/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
+github.com/pierrec/lz4/v4 v4.1.18 h1:xaKrnTkyoqfh1YItXl56+6KJNVYWlEEPuAQW9xsplYQ=
+github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -108,8 +108,8 @@ github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc8
 github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
 github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E=
 github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
-github.com/quic-go/quic-go v0.35.1 h1:b0kzj6b/cQAf05cT0CkQubHM31wiA+xH3IBkxP62poo=
-github.com/quic-go/quic-go v0.35.1/go.mod h1:+4CVgVppm0FNjpG3UcX8Joi/frKOH7/ciD5yGcwOO1g=
+github.com/quic-go/quic-go v0.36.1 h1:WsG73nVtnDy1TiACxFxhQ3TqaW+DipmqzLEtNlAwZyY=
+github.com/quic-go/quic-go v0.36.1/go.mod h1:zPetvwDlILVxt15n3hr3Gf/I3mDf7LpLKPhR4Ez0AZQ=
 github.com/shirou/gopsutil/v3 v3.21.8 h1:nKct+uP0TV8DjjNiHanKf8SAuub+GNsbrOtM9Nl9biA=
 github.com/shirou/gopsutil/v3 v3.21.8/go.mod h1:YWp/H8Qs5fVmf17v7JNZzA0mPJ+mS2e9JdiUF9LlKzQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -134,15 +134,15 @@ go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
 go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
-golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
-golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc=
-golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
+golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
+golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 h1:MGwJjxBy0HJshjDNfLsYO8xppfqWlA5ZT9OhtUUhTNw=
+golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
-golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
+golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -152,12 +152,12 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210929193557-e81a3d93ecf6/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU=
-golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
-golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190322080309-f49334f85ddc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -177,22 +177,22 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
-golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58=
-golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
+golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM=
-golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
+golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg=
+golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

internal/aghio/limitedreader_test.go

@@ -1,10 +1,11 @@
-package aghio
+package aghio_test
 
 import (
 	"io"
 	"strings"
 	"testing"
 
+	"github.com/AdguardTeam/AdGuardHome/internal/aghio"
 	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -31,7 +32,7 @@ func TestLimitReader(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			_, err := LimitReader(nil, tc.n)
+			_, err := aghio.LimitReader(nil, tc.n)
 			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
 		})
 	}
@@ -57,7 +58,7 @@ func TestLimitedReader_Read(t *testing.T) {
 		limit: 3,
 		want:  0,
 	}, {
-		err: &LimitReachedError{
+		err: &aghio.LimitReachedError{
 			Limit: 0,
 		},
 		name:  "limit_reached",
@@ -74,7 +75,7 @@ func TestLimitedReader_Read(t *testing.T) {
 
 	for _, tc := range testCases {
 		readCloser := io.NopCloser(strings.NewReader(tc.rStr))
-		lreader, err := LimitReader(readCloser, tc.limit)
+		lreader, err := aghio.LimitReader(readCloser, tc.limit)
 		require.NoError(t, err)
 		require.NotNil(t, lreader)
 
@@ -89,7 +90,7 @@ func TestLimitedReader_Read(t *testing.T) {
 }
 
 func TestLimitedReader_LimitReachedError(t *testing.T) {
-	testutil.AssertErrorMsg(t, "attempted to read more than 0 bytes", &LimitReachedError{
+	testutil.AssertErrorMsg(t, "attempted to read more than 0 bytes", &aghio.LimitReachedError{
 		Limit: 0,
 	})
 }

internal/aghnet/addr.go

@@ -0,0 +1,43 @@
+package aghnet
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/AdguardTeam/golibs/stringutil"
+)
+
+// NormalizeDomain returns a lowercased version of host without the final dot,
+// unless host is ".", in which case it returns it unchanged.  That is a special
+// case that to allow matching queries like:
+//
+//	dig IN NS '.'
+func NormalizeDomain(host string) (norm string) {
+	if host == "." {
+		return host
+	}
+
+	return strings.ToLower(strings.TrimSuffix(host, "."))
+}
+
+// NewDomainNameSet returns nil and error, if list has duplicate or empty domain
+// name.  Otherwise returns a set, which contains domain names normalized using
+// [NormalizeDomain].
+func NewDomainNameSet(list []string) (set *stringutil.Set, err error) {
+	set = stringutil.NewSet()
+
+	for i, host := range list {
+		if host == "" {
+			return nil, fmt.Errorf("at index %d: hostname is empty", i)
+		}
+
+		host = NormalizeDomain(host)
+		if set.Has(host) {
+			return nil, fmt.Errorf("duplicate hostname %q at index %d", host, i)
+		}
+
+		set.Add(host)
+	}
+
+	return set, nil
+}

internal/aghnet/addr_test.go

@@ -0,0 +1,59 @@
+package aghnet_test
+
+import (
+	"testing"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
+	"github.com/AdguardTeam/golibs/testutil"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNewDomainNameSet(t *testing.T) {
+	t.Parallel()
+
+	testCases := []struct {
+		name       string
+		wantErrMsg string
+		in         []string
+	}{{
+		name:       "nil",
+		wantErrMsg: "",
+		in:         nil,
+	}, {
+		name:       "success",
+		wantErrMsg: "",
+		in: []string{
+			"Domain.Example",
+			".",
+		},
+	}, {
+		name:       "dups",
+		wantErrMsg: `duplicate hostname "domain.example" at index 1`,
+		in: []string{
+			"Domain.Example",
+			"domain.example",
+		},
+	}, {
+		name:       "bad_domain",
+		wantErrMsg: "at index 0: hostname is empty",
+		in: []string{
+			"",
+		},
+	}}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			set, err := aghnet.NewDomainNameSet(tc.in)
+			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
+			if err != nil {
+				return
+			}
+
+			for _, host := range tc.in {
+				assert.Truef(t, set.Has(aghnet.NormalizeDomain(host)), "%q not matched", host)
+			}
+		})
+	}
+}

internal/aghnet/hostgen.go

@@ -1,12 +1,8 @@
 package aghnet
 
 import (
-	"fmt"
 	"net/netip"
 	"strings"
-
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/stringutil"
 )
 
 // GenerateHostname generates the hostname from ip.  In case of using IPv4 the
@@ -29,32 +25,8 @@ func GenerateHostname(ip netip.Addr) (hostname string) {
 	hostname = ip.StringExpanded()
 
 	if ip.Is4() {
-		return strings.Replace(hostname, ".", "-", -1)
+		return strings.ReplaceAll(hostname, ".", "-")
 	}
 
-	return strings.Replace(hostname, ":", "-", -1)
-}
-
-// NewDomainNameSet returns nil and error, if list has duplicate or empty
-// domain name.  Otherwise returns a set, which contains non-FQDN domain names,
-// and nil error.
-func NewDomainNameSet(list []string) (set *stringutil.Set, err error) {
-	set = stringutil.NewSet()
-
-	for i, v := range list {
-		host := strings.ToLower(strings.TrimSuffix(v, "."))
-		// TODO(a.garipov): Think about ignoring empty (".") names in the
-		// future.
-		if host == "" {
-			return nil, errors.Error("host name is empty")
-		}
-
-		if set.Has(host) {
-			return nil, fmt.Errorf("duplicate host name %q at index %d", host, i)
-		}
-
-		set.Add(host)
-	}
-
-	return set, nil
+	return strings.ReplaceAll(hostname, ":", "-")
 }

internal/aghnet/hostscontainer.go

@@ -56,15 +56,20 @@ func (rm *requestMatcher) MatchRequest(
 ) (res *urlfilter.DNSResult, ok bool) {
 	switch req.DNSType {
 	case dns.TypeA, dns.TypeAAAA, dns.TypePTR:
-		log.Debug("%s: handling the request for %s", hostsContainerPrefix, req.Hostname)
+		log.Debug(
+			"%s: handling %s request for %s",
+			hostsContainerPrefix,
+			dns.Type(req.DNSType),
+			req.Hostname,
+		)
+
+		rm.stateLock.RLock()
+		defer rm.stateLock.RUnlock()
+
+		return rm.engine.MatchRequest(req)
 	default:
 		return nil, false
 	}
-
-	rm.stateLock.RLock()
-	defer rm.stateLock.RUnlock()
-
-	return rm.engine.MatchRequest(req)
 }
 
 // Translate returns the source hosts-syntax rule for the generated dnsrewrite
@@ -96,6 +101,8 @@ const hostsContainerPrefix = "hosts container"
 
 // HostsContainer stores the relevant hosts database provided by the OS and
 // processes both A/AAAA and PTR DNS requests for those.
+//
+// TODO(e.burkov):  Improve API and move to golibs.
 type HostsContainer struct {
 	// requestMatcher matches the requests and translates the rules.  It's
 	// embedded to implement MatchRequest and Translate for *HostsContainer.
@@ -134,9 +141,9 @@ type HostsRecord struct {
 	Canonical string
 }
 
-// equal returns true if all fields of rec are equal to field in other or they
+// Equal returns true if all fields of rec are equal to field in other or they
 // both are nil.
-func (rec *HostsRecord) equal(other *HostsRecord) (ok bool) {
+func (rec *HostsRecord) Equal(other *HostsRecord) (ok bool) {
 	if rec == nil {
 		return other == nil
 	} else if other == nil {
@@ -488,7 +495,7 @@ func (hc *HostsContainer) refresh() (err error) {
 	}
 
 	// hc.last is nil on the first refresh, so let that one through.
-	if hc.last != nil && maps.EqualFunc(hp.table, hc.last, (*HostsRecord).equal) {
+	if hc.last != nil && maps.EqualFunc(hp.table, hc.last, (*HostsRecord).Equal) {
 		log.Debug("%s: no changes detected", hostsContainerPrefix)
 
 		return nil

internal/aghnet/hostscontainer_internal_test.go

@@ -0,0 +1,144 @@
+package aghnet
+
+import (
+	"io/fs"
+	"net/netip"
+	"path"
+	"testing"
+	"testing/fstest"
+
+	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/netutil"
+	"github.com/AdguardTeam/golibs/testutil/fakefs"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const nl = "\n"
+
+func TestHostsContainer_PathsToPatterns(t *testing.T) {
+	gsfs := fstest.MapFS{
+		"dir_0/file_1":       &fstest.MapFile{Data: []byte{1}},
+		"dir_0/file_2":       &fstest.MapFile{Data: []byte{2}},
+		"dir_0/dir_1/file_3": &fstest.MapFile{Data: []byte{3}},
+	}
+
+	testCases := []struct {
+		name  string
+		paths []string
+		want  []string
+	}{{
+		name:  "no_paths",
+		paths: nil,
+		want:  nil,
+	}, {
+		name:  "single_file",
+		paths: []string{"dir_0/file_1"},
+		want:  []string{"dir_0/file_1"},
+	}, {
+		name:  "several_files",
+		paths: []string{"dir_0/file_1", "dir_0/file_2"},
+		want:  []string{"dir_0/file_1", "dir_0/file_2"},
+	}, {
+		name:  "whole_dir",
+		paths: []string{"dir_0"},
+		want:  []string{"dir_0/*"},
+	}, {
+		name:  "file_and_dir",
+		paths: []string{"dir_0/file_1", "dir_0/dir_1"},
+		want:  []string{"dir_0/file_1", "dir_0/dir_1/*"},
+	}, {
+		name:  "non-existing",
+		paths: []string{path.Join("dir_0", "file_3")},
+		want:  nil,
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			patterns, err := pathsToPatterns(gsfs, tc.paths)
+			require.NoError(t, err)
+
+			assert.Equal(t, tc.want, patterns)
+		})
+	}
+
+	t.Run("bad_file", func(t *testing.T) {
+		const errStat errors.Error = "bad file"
+
+		badFS := &fakefs.StatFS{
+			OnOpen: func(_ string) (f fs.File, err error) { panic("not implemented") },
+			OnStat: func(name string) (fi fs.FileInfo, err error) {
+				return nil, errStat
+			},
+		}
+
+		_, err := pathsToPatterns(badFS, []string{""})
+		assert.ErrorIs(t, err, errStat)
+	})
+}
+
+func TestUniqueRules_ParseLine(t *testing.T) {
+	ip := netutil.IPv4Localhost()
+	ipStr := ip.String()
+
+	testCases := []struct {
+		name      string
+		line      string
+		wantIP    netip.Addr
+		wantHosts []string
+	}{{
+		name:      "simple",
+		line:      ipStr + ` hostname`,
+		wantIP:    ip,
+		wantHosts: []string{"hostname"},
+	}, {
+		name:      "aliases",
+		line:      ipStr + ` hostname alias`,
+		wantIP:    ip,
+		wantHosts: []string{"hostname", "alias"},
+	}, {
+		name:      "invalid_line",
+		line:      ipStr,
+		wantIP:    netip.Addr{},
+		wantHosts: nil,
+	}, {
+		name:      "invalid_line_hostname",
+		line:      ipStr + ` # hostname`,
+		wantIP:    ip,
+		wantHosts: nil,
+	}, {
+		name:      "commented_aliases",
+		line:      ipStr + ` hostname # alias`,
+		wantIP:    ip,
+		wantHosts: []string{"hostname"},
+	}, {
+		name:      "whole_comment",
+		line:      `# ` + ipStr + ` hostname`,
+		wantIP:    netip.Addr{},
+		wantHosts: nil,
+	}, {
+		name:      "partial_comment",
+		line:      ipStr + ` host#name`,
+		wantIP:    ip,
+		wantHosts: []string{"host"},
+	}, {
+		name:      "empty",
+		line:      ``,
+		wantIP:    netip.Addr{},
+		wantHosts: nil,
+	}, {
+		name:      "bad_hosts",
+		line:      ipStr + ` bad..host bad._tld empty.tld. ok.host`,
+		wantIP:    ip,
+		wantHosts: []string{"ok.host"},
+	}}
+
+	for _, tc := range testCases {
+		hp := hostsParser{}
+		t.Run(tc.name, func(t *testing.T) {
+			got, hosts := hp.parseLine(tc.line)
+			assert.Equal(t, tc.wantIP, got)
+			assert.Equal(t, tc.wantHosts, hosts)
+		})
+	}
+}

internal/aghnet/hostscontainer_test.go

@@ -1,9 +1,7 @@
-package aghnet
+package aghnet_test
 
 import (
-	"io/fs"
 	"net"
-	"net/netip"
 	"path"
 	"strings"
 	"sync/atomic"
@@ -12,6 +10,7 @@ import (
 	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghchan"
+	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/netutil"
@@ -24,10 +23,7 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-const (
-	nl = "\n"
-	sp = " "
-)
+const nl = "\n"
 
 func TestNewHostsContainer(t *testing.T) {
 	const dirname = "dir"
@@ -48,11 +44,11 @@ func TestNewHostsContainer(t *testing.T) {
 		name:    "one_file",
 		paths:   []string{p},
 	}, {
-		wantErr: ErrNoHostsPaths,
+		wantErr: aghnet.ErrNoHostsPaths,
 		name:    "no_files",
 		paths:   []string{},
 	}, {
-		wantErr: ErrNoHostsPaths,
+		wantErr: aghnet.ErrNoHostsPaths,
 		name:    "non-existent_file",
 		paths:   []string{path.Join(dirname, filename+"2")},
 	}, {
@@ -77,7 +73,7 @@ func TestNewHostsContainer(t *testing.T) {
 				return eventsCh
 			}
 
-			hc, err := NewHostsContainer(0, testFS, &aghtest.FSWatcher{
+			hc, err := aghnet.NewHostsContainer(0, testFS, &aghtest.FSWatcher{
 				OnEvents: onEvents,
 				OnAdd:    onAdd,
 				OnClose:  func() (err error) { return nil },
@@ -103,7 +99,7 @@ func TestNewHostsContainer(t *testing.T) {
 
 	t.Run("nil_fs", func(t *testing.T) {
 		require.Panics(t, func() {
-			_, _ = NewHostsContainer(0, nil, &aghtest.FSWatcher{
+			_, _ = aghnet.NewHostsContainer(0, nil, &aghtest.FSWatcher{
 				// Those shouldn't panic.
 				OnEvents: func() (e <-chan struct{}) { return nil },
 				OnAdd:    func(name string) (err error) { return nil },
@@ -114,7 +110,7 @@ func TestNewHostsContainer(t *testing.T) {
 
 	t.Run("nil_watcher", func(t *testing.T) {
 		require.Panics(t, func() {
-			_, _ = NewHostsContainer(0, testFS, nil, p)
+			_, _ = aghnet.NewHostsContainer(0, testFS, nil, p)
 		})
 	})
 
@@ -127,7 +123,7 @@ func TestNewHostsContainer(t *testing.T) {
 			OnClose:  func() (err error) { return nil },
 		}
 
-		hc, err := NewHostsContainer(0, testFS, errWatcher, p)
+		hc, err := aghnet.NewHostsContainer(0, testFS, errWatcher, p)
 		require.ErrorIs(t, err, errOnAdd)
 
 		assert.Nil(t, hc)
@@ -158,11 +154,11 @@ func TestHostsContainer_refresh(t *testing.T) {
 		OnClose: func() (err error) { return nil },
 	}
 
-	hc, err := NewHostsContainer(0, testFS, w, "dir")
+	hc, err := aghnet.NewHostsContainer(0, testFS, w, "dir")
 	require.NoError(t, err)
 	testutil.CleanupAndRequireSuccess(t, hc.Close)
 
-	checkRefresh := func(t *testing.T, want *HostsRecord) {
+	checkRefresh := func(t *testing.T, want *aghnet.HostsRecord) {
 		t.Helper()
 
 		upd, ok := aghchan.MustReceive(hc.Upd(), 1*time.Second)
@@ -175,11 +171,11 @@ func TestHostsContainer_refresh(t *testing.T) {
 		require.True(t, ok)
 		require.NotNil(t, rec)
 
-		assert.Truef(t, rec.equal(want), "%+v != %+v", rec, want)
+		assert.Truef(t, rec.Equal(want), "%+v != %+v", rec, want)
 	}
 
 	t.Run("initial_refresh", func(t *testing.T) {
-		checkRefresh(t, &HostsRecord{
+		checkRefresh(t, &aghnet.HostsRecord{
 			Aliases:   stringutil.NewSet(),
 			Canonical: "hostname",
 		})
@@ -189,7 +185,7 @@ func TestHostsContainer_refresh(t *testing.T) {
 		testFS["dir/file2"] = &fstest.MapFile{Data: []byte(ipStr + ` alias` + nl)}
 		eventsCh <- event{}
 
-		checkRefresh(t, &HostsRecord{
+		checkRefresh(t, &aghnet.HostsRecord{
 			Aliases:   stringutil.NewSet("alias"),
 			Canonical: "hostname",
 		})
@@ -228,66 +224,6 @@ func TestHostsContainer_refresh(t *testing.T) {
 	})
 }
 
-func TestHostsContainer_PathsToPatterns(t *testing.T) {
-	gsfs := fstest.MapFS{
-		"dir_0/file_1":       &fstest.MapFile{Data: []byte{1}},
-		"dir_0/file_2":       &fstest.MapFile{Data: []byte{2}},
-		"dir_0/dir_1/file_3": &fstest.MapFile{Data: []byte{3}},
-	}
-
-	testCases := []struct {
-		name  string
-		paths []string
-		want  []string
-	}{{
-		name:  "no_paths",
-		paths: nil,
-		want:  nil,
-	}, {
-		name:  "single_file",
-		paths: []string{"dir_0/file_1"},
-		want:  []string{"dir_0/file_1"},
-	}, {
-		name:  "several_files",
-		paths: []string{"dir_0/file_1", "dir_0/file_2"},
-		want:  []string{"dir_0/file_1", "dir_0/file_2"},
-	}, {
-		name:  "whole_dir",
-		paths: []string{"dir_0"},
-		want:  []string{"dir_0/*"},
-	}, {
-		name:  "file_and_dir",
-		paths: []string{"dir_0/file_1", "dir_0/dir_1"},
-		want:  []string{"dir_0/file_1", "dir_0/dir_1/*"},
-	}, {
-		name:  "non-existing",
-		paths: []string{path.Join("dir_0", "file_3")},
-		want:  nil,
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			patterns, err := pathsToPatterns(gsfs, tc.paths)
-			require.NoError(t, err)
-
-			assert.Equal(t, tc.want, patterns)
-		})
-	}
-
-	t.Run("bad_file", func(t *testing.T) {
-		const errStat errors.Error = "bad file"
-
-		badFS := &aghtest.StatFS{
-			OnStat: func(name string) (fs.FileInfo, error) {
-				return nil, errStat
-			},
-		}
-
-		_, err := pathsToPatterns(badFS, []string{""})
-		assert.ErrorIs(t, err, errStat)
-	})
-}
-
 func TestHostsContainer_Translate(t *testing.T) {
 	stubWatcher := aghtest.FSWatcher{
 		OnEvents: func() (e <-chan struct{}) { return nil },
@@ -297,7 +233,7 @@ func TestHostsContainer_Translate(t *testing.T) {
 
 	require.NoError(t, fstest.TestFS(testdata, "etc_hosts"))
 
-	hc, err := NewHostsContainer(0, testdata, &stubWatcher, "etc_hosts")
+	hc, err := aghnet.NewHostsContainer(0, testdata, &stubWatcher, "etc_hosts")
 	require.NoError(t, err)
 	testutil.CleanupAndRequireSuccess(t, hc.Close)
 
@@ -527,7 +463,7 @@ func TestHostsContainer(t *testing.T) {
 		OnClose:  func() (err error) { return nil },
 	}
 
-	hc, err := NewHostsContainer(listID, testdata, &stubWatcher, "etc_hosts")
+	hc, err := aghnet.NewHostsContainer(listID, testdata, &stubWatcher, "etc_hosts")
 	require.NoError(t, err)
 	testutil.CleanupAndRequireSuccess(t, hc.Close)
 
@@ -558,69 +494,3 @@ func TestHostsContainer(t *testing.T) {
 		})
 	}
 }
-
-func TestUniqueRules_ParseLine(t *testing.T) {
-	ip := netutil.IPv4Localhost()
-	ipStr := ip.String()
-
-	testCases := []struct {
-		name      string
-		line      string
-		wantIP    netip.Addr
-		wantHosts []string
-	}{{
-		name:      "simple",
-		line:      ipStr + ` hostname`,
-		wantIP:    ip,
-		wantHosts: []string{"hostname"},
-	}, {
-		name:      "aliases",
-		line:      ipStr + ` hostname alias`,
-		wantIP:    ip,
-		wantHosts: []string{"hostname", "alias"},
-	}, {
-		name:      "invalid_line",
-		line:      ipStr,
-		wantIP:    netip.Addr{},
-		wantHosts: nil,
-	}, {
-		name:      "invalid_line_hostname",
-		line:      ipStr + ` # hostname`,
-		wantIP:    ip,
-		wantHosts: nil,
-	}, {
-		name:      "commented_aliases",
-		line:      ipStr + ` hostname # alias`,
-		wantIP:    ip,
-		wantHosts: []string{"hostname"},
-	}, {
-		name:      "whole_comment",
-		line:      `# ` + ipStr + ` hostname`,
-		wantIP:    netip.Addr{},
-		wantHosts: nil,
-	}, {
-		name:      "partial_comment",
-		line:      ipStr + ` host#name`,
-		wantIP:    ip,
-		wantHosts: []string{"host"},
-	}, {
-		name:      "empty",
-		line:      ``,
-		wantIP:    netip.Addr{},
-		wantHosts: nil,
-	}, {
-		name:      "bad_hosts",
-		line:      ipStr + ` bad..host bad._tld empty.tld. ok.host`,
-		wantIP:    ip,
-		wantHosts: []string{"ok.host"},
-	}}
-
-	for _, tc := range testCases {
-		hp := hostsParser{}
-		t.Run(tc.name, func(t *testing.T) {
-			got, hosts := hp.parseLine(tc.line)
-			assert.Equal(t, tc.wantIP, got)
-			assert.Equal(t, tc.wantHosts, hosts)
-		})
-	}
-}

internal/aghnet/net.go

@@ -3,6 +3,7 @@ package aghnet
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -15,6 +16,10 @@ import (
 	"github.com/AdguardTeam/golibs/log"
 )
 
+// DialContextFunc is the semantic alias for dialing functions, such as
+// [http.Transport.DialContext].
+type DialContextFunc = func(ctx context.Context, network, addr string) (conn net.Conn, err error)
+
 // Variables and functions to substitute in tests.
 var (
 	// aghosRunCommand is the function to run shell commands.

internal/aghnet/net_darwin_test.go

@@ -5,9 +5,9 @@ import (
 	"testing"
 	"testing/fstest"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/testutil"
+	"github.com/AdguardTeam/golibs/testutil/fakefs"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -118,7 +118,7 @@ func TestIfaceSetStaticIP(t *testing.T) {
 			Data: []byte(`nameserver 1.1.1.1`),
 		},
 	}
-	panicFsys := &aghtest.FS{
+	panicFsys := &fakefs.FS{
 		OnOpen: func(name string) (fs.File, error) { panic("not implemented") },
 	}
 

internal/aghnet/net_internal_test.go

@@ -0,0 +1,334 @@
+package aghnet
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/fs"
+	"net"
+	"net/netip"
+	"os"
+	"strings"
+	"testing"
+
+	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/netutil"
+	"github.com/AdguardTeam/golibs/testutil"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// testdata is the filesystem containing data for testing the package.
+var testdata fs.FS = os.DirFS("./testdata")
+
+// substRootDirFS replaces the aghos.RootDirFS function used throughout the
+// package with fsys for tests ran under t.
+func substRootDirFS(t testing.TB, fsys fs.FS) {
+	t.Helper()
+
+	prev := rootDirFS
+	t.Cleanup(func() { rootDirFS = prev })
+	rootDirFS = fsys
+}
+
+// RunCmdFunc is the signature of aghos.RunCommand function.
+type RunCmdFunc func(cmd string, args ...string) (code int, out []byte, err error)
+
+// substShell replaces the the aghos.RunCommand function used throughout the
+// package with rc for tests ran under t.
+func substShell(t testing.TB, rc RunCmdFunc) {
+	t.Helper()
+
+	prev := aghosRunCommand
+	t.Cleanup(func() { aghosRunCommand = prev })
+	aghosRunCommand = rc
+}
+
+// mapShell is a substitution of aghos.RunCommand that maps the command to it's
+// execution result.  It's only needed to simplify testing.
+//
+// TODO(e.burkov):  Perhaps put all the shell interactions behind an interface.
+type mapShell map[string]struct {
+	err  error
+	out  string
+	code int
+}
+
+// theOnlyCmd returns mapShell that only handles a single command and arguments
+// combination from cmd.
+func theOnlyCmd(cmd string, code int, out string, err error) (s mapShell) {
+	return mapShell{cmd: {code: code, out: out, err: err}}
+}
+
+// RunCmd is a RunCmdFunc handled by s.
+func (s mapShell) RunCmd(cmd string, args ...string) (code int, out []byte, err error) {
+	key := strings.Join(append([]string{cmd}, args...), " ")
+	ret, ok := s[key]
+	if !ok {
+		return 0, nil, fmt.Errorf("unexpected shell command %q", key)
+	}
+
+	return ret.code, []byte(ret.out), ret.err
+}
+
+// ifaceAddrsFunc is the signature of net.InterfaceAddrs function.
+type ifaceAddrsFunc func() (ifaces []net.Addr, err error)
+
+// substNetInterfaceAddrs replaces the the net.InterfaceAddrs function used
+// throughout the package with f for tests ran under t.
+func substNetInterfaceAddrs(t *testing.T, f ifaceAddrsFunc) {
+	t.Helper()
+
+	prev := netInterfaceAddrs
+	t.Cleanup(func() { netInterfaceAddrs = prev })
+	netInterfaceAddrs = f
+}
+
+func TestGatewayIP(t *testing.T) {
+	const ifaceName = "ifaceName"
+	const cmd = "ip route show dev " + ifaceName
+
+	testCases := []struct {
+		shell mapShell
+		want  netip.Addr
+		name  string
+	}{{
+		shell: theOnlyCmd(cmd, 0, `default via 1.2.3.4 onlink`, nil),
+		want:  netip.MustParseAddr("1.2.3.4"),
+		name:  "success_v4",
+	}, {
+		shell: theOnlyCmd(cmd, 0, `default via ::ffff onlink`, nil),
+		want:  netip.MustParseAddr("::ffff"),
+		name:  "success_v6",
+	}, {
+		shell: theOnlyCmd(cmd, 0, `non-default via 1.2.3.4 onlink`, nil),
+		want:  netip.Addr{},
+		name:  "bad_output",
+	}, {
+		shell: theOnlyCmd(cmd, 0, "", errors.Error("can't run command")),
+		want:  netip.Addr{},
+		name:  "err_runcmd",
+	}, {
+		shell: theOnlyCmd(cmd, 1, "", nil),
+		want:  netip.Addr{},
+		name:  "bad_code",
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			substShell(t, tc.shell.RunCmd)
+
+			assert.Equal(t, tc.want, GatewayIP(ifaceName))
+		})
+	}
+}
+
+func TestInterfaceByIP(t *testing.T) {
+	ifaces, err := GetValidNetInterfacesForWeb()
+	require.NoError(t, err)
+	require.NotEmpty(t, ifaces)
+
+	for _, iface := range ifaces {
+		t.Run(iface.Name, func(t *testing.T) {
+			require.NotEmpty(t, iface.Addresses)
+
+			for _, ip := range iface.Addresses {
+				ifaceName := InterfaceByIP(ip)
+				require.Equal(t, iface.Name, ifaceName)
+			}
+		})
+	}
+}
+
+func TestBroadcastFromIPNet(t *testing.T) {
+	known4 := netip.MustParseAddr("192.168.0.1")
+	fullBroadcast4 := netip.MustParseAddr("255.255.255.255")
+
+	known6 := netip.MustParseAddr("102:304:506:708:90a:b0c:d0e:f10")
+
+	testCases := []struct {
+		pref netip.Prefix
+		want netip.Addr
+		name string
+	}{{
+		pref: netip.PrefixFrom(known4, 0),
+		want: fullBroadcast4,
+		name: "full",
+	}, {
+		pref: netip.PrefixFrom(known4, 20),
+		want: netip.MustParseAddr("192.168.15.255"),
+		name: "full",
+	}, {
+		pref: netip.PrefixFrom(known6, netutil.IPv6BitLen),
+		want: known6,
+		name: "ipv6_no_mask",
+	}, {
+		pref: netip.PrefixFrom(known4, netutil.IPv4BitLen),
+		want: known4,
+		name: "ipv4_no_mask",
+	}, {
+		pref: netip.PrefixFrom(netip.IPv4Unspecified(), 0),
+		want: fullBroadcast4,
+		name: "unspecified",
+	}, {
+		pref: netip.Prefix{},
+		want: netip.Addr{},
+		name: "invalid",
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			assert.Equal(t, tc.want, BroadcastFromPref(tc.pref))
+		})
+	}
+}
+
+func TestCheckPort(t *testing.T) {
+	laddr := netip.AddrPortFrom(netutil.IPv4Localhost(), 0)
+
+	t.Run("tcp_bound", func(t *testing.T) {
+		l, err := net.Listen("tcp", laddr.String())
+		require.NoError(t, err)
+		testutil.CleanupAndRequireSuccess(t, l.Close)
+
+		ipp := testutil.RequireTypeAssert[*net.TCPAddr](t, l.Addr()).AddrPort()
+		require.Equal(t, laddr.Addr(), ipp.Addr())
+		require.NotZero(t, ipp.Port())
+
+		err = CheckPort("tcp", ipp)
+		target := &net.OpError{}
+		require.ErrorAs(t, err, &target)
+
+		assert.Equal(t, "listen", target.Op)
+	})
+
+	t.Run("udp_bound", func(t *testing.T) {
+		conn, err := net.ListenPacket("udp", laddr.String())
+		require.NoError(t, err)
+		testutil.CleanupAndRequireSuccess(t, conn.Close)
+
+		ipp := testutil.RequireTypeAssert[*net.UDPAddr](t, conn.LocalAddr()).AddrPort()
+		require.Equal(t, laddr.Addr(), ipp.Addr())
+		require.NotZero(t, ipp.Port())
+
+		err = CheckPort("udp", ipp)
+		target := &net.OpError{}
+		require.ErrorAs(t, err, &target)
+
+		assert.Equal(t, "listen", target.Op)
+	})
+
+	t.Run("bad_network", func(t *testing.T) {
+		err := CheckPort("bad_network", netip.AddrPortFrom(netip.Addr{}, 0))
+		assert.NoError(t, err)
+	})
+
+	t.Run("can_bind", func(t *testing.T) {
+		err := CheckPort("udp", netip.AddrPortFrom(netip.IPv4Unspecified(), 0))
+		assert.NoError(t, err)
+	})
+}
+
+func TestCollectAllIfacesAddrs(t *testing.T) {
+	testCases := []struct {
+		name       string
+		wantErrMsg string
+		addrs      []net.Addr
+		wantAddrs  []string
+	}{{
+		name:       "success",
+		wantErrMsg: ``,
+		addrs: []net.Addr{&net.IPNet{
+			IP:   net.IP{1, 2, 3, 4},
+			Mask: net.CIDRMask(24, netutil.IPv4BitLen),
+		}, &net.IPNet{
+			IP:   net.IP{4, 3, 2, 1},
+			Mask: net.CIDRMask(16, netutil.IPv4BitLen),
+		}},
+		wantAddrs: []string{"1.2.3.4", "4.3.2.1"},
+	}, {
+		name:       "not_cidr",
+		wantErrMsg: `parsing cidr: invalid CIDR address: 1.2.3.4`,
+		addrs: []net.Addr{&net.IPAddr{
+			IP: net.IP{1, 2, 3, 4},
+		}},
+		wantAddrs: nil,
+	}, {
+		name:       "empty",
+		wantErrMsg: ``,
+		addrs:      []net.Addr{},
+		wantAddrs:  nil,
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			substNetInterfaceAddrs(t, func() ([]net.Addr, error) { return tc.addrs, nil })
+
+			addrs, err := CollectAllIfacesAddrs()
+			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
+
+			assert.Equal(t, tc.wantAddrs, addrs)
+		})
+	}
+
+	t.Run("internal_error", func(t *testing.T) {
+		const errAddrs errors.Error = "can't get addresses"
+		const wantErrMsg string = `getting interfaces addresses: ` + string(errAddrs)
+
+		substNetInterfaceAddrs(t, func() ([]net.Addr, error) { return nil, errAddrs })
+
+		_, err := CollectAllIfacesAddrs()
+		testutil.AssertErrorMsg(t, wantErrMsg, err)
+	})
+}
+
+func TestIsAddrInUse(t *testing.T) {
+	t.Run("addr_in_use", func(t *testing.T) {
+		l, err := net.Listen("tcp", "0.0.0.0:0")
+		require.NoError(t, err)
+		testutil.CleanupAndRequireSuccess(t, l.Close)
+
+		_, err = net.Listen(l.Addr().Network(), l.Addr().String())
+		assert.True(t, IsAddrInUse(err))
+	})
+
+	t.Run("another", func(t *testing.T) {
+		const anotherErr errors.Error = "not addr in use"
+
+		assert.False(t, IsAddrInUse(anotherErr))
+	})
+}
+
+func TestNetInterface_MarshalJSON(t *testing.T) {
+	const want = `{` +
+		`"hardware_address":"aa:bb:cc:dd:ee:ff",` +
+		`"flags":"up|multicast",` +
+		`"ip_addresses":["1.2.3.4","aaaa::1"],` +
+		`"name":"iface0",` +
+		`"mtu":1500` +
+		`}` + "\n"
+
+	ip4, ok := netip.AddrFromSlice([]byte{1, 2, 3, 4})
+	require.True(t, ok)
+
+	ip6, ok := netip.AddrFromSlice([]byte{0xAA, 0xAA, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1})
+	require.True(t, ok)
+
+	net4 := netip.PrefixFrom(ip4, 24)
+	net6 := netip.PrefixFrom(ip6, 8)
+
+	iface := &NetInterface{
+		Addresses:    []netip.Addr{ip4, ip6},
+		Subnets:      []netip.Prefix{net4, net6},
+		Name:         "iface0",
+		HardwareAddr: net.HardwareAddr{0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF},
+		Flags:        net.FlagUp | net.FlagMulticast,
+		MTU:          1500,
+	}
+
+	b := &bytes.Buffer{}
+	err := json.NewEncoder(b).Encode(iface)
+	require.NoError(t, err)
+
+	assert.Equal(t, want, b.String())
+}

internal/aghnet/net_linux.go

@@ -14,7 +14,7 @@ import (
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/stringutil"
-	"github.com/google/renameio/maybe"
+	"github.com/google/renameio/v2/maybe"
 	"golang.org/x/sys/unix"
 )
 

internal/aghnet/net_test.go

@@ -1,21 +1,11 @@
-package aghnet
+package aghnet_test
 
 import (
-	"bytes"
-	"encoding/json"
-	"fmt"
 	"io/fs"
-	"net"
-	"net/netip"
 	"os"
-	"strings"
 	"testing"
 
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 )
 
 func TestMain(m *testing.M) {
@@ -24,315 +14,3 @@ func TestMain(m *testing.M) {
 
 // testdata is the filesystem containing data for testing the package.
 var testdata fs.FS = os.DirFS("./testdata")
-
-// substRootDirFS replaces the aghos.RootDirFS function used throughout the
-// package with fsys for tests ran under t.
-func substRootDirFS(t testing.TB, fsys fs.FS) {
-	t.Helper()
-
-	prev := rootDirFS
-	t.Cleanup(func() { rootDirFS = prev })
-	rootDirFS = fsys
-}
-
-// RunCmdFunc is the signature of aghos.RunCommand function.
-type RunCmdFunc func(cmd string, args ...string) (code int, out []byte, err error)
-
-// substShell replaces the the aghos.RunCommand function used throughout the
-// package with rc for tests ran under t.
-func substShell(t testing.TB, rc RunCmdFunc) {
-	t.Helper()
-
-	prev := aghosRunCommand
-	t.Cleanup(func() { aghosRunCommand = prev })
-	aghosRunCommand = rc
-}
-
-// mapShell is a substitution of aghos.RunCommand that maps the command to it's
-// execution result.  It's only needed to simplify testing.
-//
-// TODO(e.burkov):  Perhaps put all the shell interactions behind an interface.
-type mapShell map[string]struct {
-	err  error
-	out  string
-	code int
-}
-
-// theOnlyCmd returns mapShell that only handles a single command and arguments
-// combination from cmd.
-func theOnlyCmd(cmd string, code int, out string, err error) (s mapShell) {
-	return mapShell{cmd: {code: code, out: out, err: err}}
-}
-
-// RunCmd is a RunCmdFunc handled by s.
-func (s mapShell) RunCmd(cmd string, args ...string) (code int, out []byte, err error) {
-	key := strings.Join(append([]string{cmd}, args...), " ")
-	ret, ok := s[key]
-	if !ok {
-		return 0, nil, fmt.Errorf("unexpected shell command %q", key)
-	}
-
-	return ret.code, []byte(ret.out), ret.err
-}
-
-// ifaceAddrsFunc is the signature of net.InterfaceAddrs function.
-type ifaceAddrsFunc func() (ifaces []net.Addr, err error)
-
-// substNetInterfaceAddrs replaces the the net.InterfaceAddrs function used
-// throughout the package with f for tests ran under t.
-func substNetInterfaceAddrs(t *testing.T, f ifaceAddrsFunc) {
-	t.Helper()
-
-	prev := netInterfaceAddrs
-	t.Cleanup(func() { netInterfaceAddrs = prev })
-	netInterfaceAddrs = f
-}
-
-func TestGatewayIP(t *testing.T) {
-	const ifaceName = "ifaceName"
-	const cmd = "ip route show dev " + ifaceName
-
-	testCases := []struct {
-		shell mapShell
-		want  netip.Addr
-		name  string
-	}{{
-		shell: theOnlyCmd(cmd, 0, `default via 1.2.3.4 onlink`, nil),
-		want:  netip.MustParseAddr("1.2.3.4"),
-		name:  "success_v4",
-	}, {
-		shell: theOnlyCmd(cmd, 0, `default via ::ffff onlink`, nil),
-		want:  netip.MustParseAddr("::ffff"),
-		name:  "success_v6",
-	}, {
-		shell: theOnlyCmd(cmd, 0, `non-default via 1.2.3.4 onlink`, nil),
-		want:  netip.Addr{},
-		name:  "bad_output",
-	}, {
-		shell: theOnlyCmd(cmd, 0, "", errors.Error("can't run command")),
-		want:  netip.Addr{},
-		name:  "err_runcmd",
-	}, {
-		shell: theOnlyCmd(cmd, 1, "", nil),
-		want:  netip.Addr{},
-		name:  "bad_code",
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			substShell(t, tc.shell.RunCmd)
-
-			assert.Equal(t, tc.want, GatewayIP(ifaceName))
-		})
-	}
-}
-
-func TestInterfaceByIP(t *testing.T) {
-	ifaces, err := GetValidNetInterfacesForWeb()
-	require.NoError(t, err)
-	require.NotEmpty(t, ifaces)
-
-	for _, iface := range ifaces {
-		t.Run(iface.Name, func(t *testing.T) {
-			require.NotEmpty(t, iface.Addresses)
-
-			for _, ip := range iface.Addresses {
-				ifaceName := InterfaceByIP(ip)
-				require.Equal(t, iface.Name, ifaceName)
-			}
-		})
-	}
-}
-
-func TestBroadcastFromIPNet(t *testing.T) {
-	known4 := netip.MustParseAddr("192.168.0.1")
-	fullBroadcast4 := netip.MustParseAddr("255.255.255.255")
-
-	known6 := netip.MustParseAddr("102:304:506:708:90a:b0c:d0e:f10")
-
-	testCases := []struct {
-		pref netip.Prefix
-		want netip.Addr
-		name string
-	}{{
-		pref: netip.PrefixFrom(known4, 0),
-		want: fullBroadcast4,
-		name: "full",
-	}, {
-		pref: netip.PrefixFrom(known4, 20),
-		want: netip.MustParseAddr("192.168.15.255"),
-		name: "full",
-	}, {
-		pref: netip.PrefixFrom(known6, netutil.IPv6BitLen),
-		want: known6,
-		name: "ipv6_no_mask",
-	}, {
-		pref: netip.PrefixFrom(known4, netutil.IPv4BitLen),
-		want: known4,
-		name: "ipv4_no_mask",
-	}, {
-		pref: netip.PrefixFrom(netip.IPv4Unspecified(), 0),
-		want: fullBroadcast4,
-		name: "unspecified",
-	}, {
-		pref: netip.Prefix{},
-		want: netip.Addr{},
-		name: "invalid",
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			assert.Equal(t, tc.want, BroadcastFromPref(tc.pref))
-		})
-	}
-}
-
-func TestCheckPort(t *testing.T) {
-	laddr := netip.AddrPortFrom(netutil.IPv4Localhost(), 0)
-
-	t.Run("tcp_bound", func(t *testing.T) {
-		l, err := net.Listen("tcp", laddr.String())
-		require.NoError(t, err)
-		testutil.CleanupAndRequireSuccess(t, l.Close)
-
-		ipp := testutil.RequireTypeAssert[*net.TCPAddr](t, l.Addr()).AddrPort()
-		require.Equal(t, laddr.Addr(), ipp.Addr())
-		require.NotZero(t, ipp.Port())
-
-		err = CheckPort("tcp", ipp)
-		target := &net.OpError{}
-		require.ErrorAs(t, err, &target)
-
-		assert.Equal(t, "listen", target.Op)
-	})
-
-	t.Run("udp_bound", func(t *testing.T) {
-		conn, err := net.ListenPacket("udp", laddr.String())
-		require.NoError(t, err)
-		testutil.CleanupAndRequireSuccess(t, conn.Close)
-
-		ipp := testutil.RequireTypeAssert[*net.UDPAddr](t, conn.LocalAddr()).AddrPort()
-		require.Equal(t, laddr.Addr(), ipp.Addr())
-		require.NotZero(t, ipp.Port())
-
-		err = CheckPort("udp", ipp)
-		target := &net.OpError{}
-		require.ErrorAs(t, err, &target)
-
-		assert.Equal(t, "listen", target.Op)
-	})
-
-	t.Run("bad_network", func(t *testing.T) {
-		err := CheckPort("bad_network", netip.AddrPortFrom(netip.Addr{}, 0))
-		assert.NoError(t, err)
-	})
-
-	t.Run("can_bind", func(t *testing.T) {
-		err := CheckPort("udp", netip.AddrPortFrom(netip.IPv4Unspecified(), 0))
-		assert.NoError(t, err)
-	})
-}
-
-func TestCollectAllIfacesAddrs(t *testing.T) {
-	testCases := []struct {
-		name       string
-		wantErrMsg string
-		addrs      []net.Addr
-		wantAddrs  []string
-	}{{
-		name:       "success",
-		wantErrMsg: ``,
-		addrs: []net.Addr{&net.IPNet{
-			IP:   net.IP{1, 2, 3, 4},
-			Mask: net.CIDRMask(24, netutil.IPv4BitLen),
-		}, &net.IPNet{
-			IP:   net.IP{4, 3, 2, 1},
-			Mask: net.CIDRMask(16, netutil.IPv4BitLen),
-		}},
-		wantAddrs: []string{"1.2.3.4", "4.3.2.1"},
-	}, {
-		name:       "not_cidr",
-		wantErrMsg: `parsing cidr: invalid CIDR address: 1.2.3.4`,
-		addrs: []net.Addr{&net.IPAddr{
-			IP: net.IP{1, 2, 3, 4},
-		}},
-		wantAddrs: nil,
-	}, {
-		name:       "empty",
-		wantErrMsg: ``,
-		addrs:      []net.Addr{},
-		wantAddrs:  nil,
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			substNetInterfaceAddrs(t, func() ([]net.Addr, error) { return tc.addrs, nil })
-
-			addrs, err := CollectAllIfacesAddrs()
-			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
-
-			assert.Equal(t, tc.wantAddrs, addrs)
-		})
-	}
-
-	t.Run("internal_error", func(t *testing.T) {
-		const errAddrs errors.Error = "can't get addresses"
-		const wantErrMsg string = `getting interfaces addresses: ` + string(errAddrs)
-
-		substNetInterfaceAddrs(t, func() ([]net.Addr, error) { return nil, errAddrs })
-
-		_, err := CollectAllIfacesAddrs()
-		testutil.AssertErrorMsg(t, wantErrMsg, err)
-	})
-}
-
-func TestIsAddrInUse(t *testing.T) {
-	t.Run("addr_in_use", func(t *testing.T) {
-		l, err := net.Listen("tcp", "0.0.0.0:0")
-		require.NoError(t, err)
-		testutil.CleanupAndRequireSuccess(t, l.Close)
-
-		_, err = net.Listen(l.Addr().Network(), l.Addr().String())
-		assert.True(t, IsAddrInUse(err))
-	})
-
-	t.Run("another", func(t *testing.T) {
-		const anotherErr errors.Error = "not addr in use"
-
-		assert.False(t, IsAddrInUse(anotherErr))
-	})
-}
-
-func TestNetInterface_MarshalJSON(t *testing.T) {
-	const want = `{` +
-		`"hardware_address":"aa:bb:cc:dd:ee:ff",` +
-		`"flags":"up|multicast",` +
-		`"ip_addresses":["1.2.3.4","aaaa::1"],` +
-		`"name":"iface0",` +
-		`"mtu":1500` +
-		`}` + "\n"
-
-	ip4, ok := netip.AddrFromSlice([]byte{1, 2, 3, 4})
-	require.True(t, ok)
-
-	ip6, ok := netip.AddrFromSlice([]byte{0xAA, 0xAA, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1})
-	require.True(t, ok)
-
-	net4 := netip.PrefixFrom(ip4, 24)
-	net6 := netip.PrefixFrom(ip6, 8)
-
-	iface := &NetInterface{
-		Addresses:    []netip.Addr{ip4, ip6},
-		Subnets:      []netip.Prefix{net4, net6},
-		Name:         "iface0",
-		HardwareAddr: net.HardwareAddr{0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF},
-		Flags:        net.FlagUp | net.FlagMulticast,
-		MTU:          1500,
-	}
-
-	b := &bytes.Buffer{}
-	err := json.NewEncoder(b).Encode(iface)
-	require.NoError(t, err)
-
-	assert.Equal(t, want, b.String())
-}

internal/aghrenameio/renameio.go

@@ -0,0 +1,52 @@
+// Package aghrenameio is a wrapper around package github.com/google/renameio/v2
+// that provides a similar stream-based API for both Unix and Windows systems.
+// While the Windows API is not technically atomic, it still provides a
+// consistent stream-based interface, and atomic renames of files do not seem to
+// be possible in all cases anyway.
+//
+// See https://github.com/google/renameio/issues/1.
+//
+// TODO(a.garipov): Consider moving to golibs/renameioutil once tried and
+// tested.
+package aghrenameio
+
+import (
+	"io/fs"
+
+	"github.com/AdguardTeam/golibs/errors"
+)
+
+// PendingFile is the interface for pending temporary files.
+type PendingFile interface {
+	// Cleanup closes the file, and removes it without performing the renaming.
+	// To close and rename the file, use CloseReplace.
+	Cleanup() (err error)
+
+	// CloseReplace closes the temporary file and replaces the destination file
+	// with it, possibly atomically.
+	//
+	// This method is not safe for concurrent use by multiple goroutines.
+	CloseReplace() (err error)
+
+	// Write writes len(b) bytes from b to the File.  It returns the number of
+	// bytes written and an error, if any.  Write returns a non-nil error when n
+	// != len(b).
+	Write(b []byte) (n int, err error)
+}
+
+// NewPendingFile is a wrapper around [renameio.NewPendingFile] on Unix systems
+// and [os.CreateTemp] on Windows.
+func NewPendingFile(filePath string, mode fs.FileMode) (f PendingFile, err error) {
+	return newPendingFile(filePath, mode)
+}
+
+// WithDeferredCleanup is a helper that performs the necessary cleanups and
+// finalizations of the temporary files based on the returned error.
+func WithDeferredCleanup(returned error, file PendingFile) (err error) {
+	// Make sure that any error returned from here is marked as a deferred one.
+	if returned != nil {
+		return errors.WithDeferred(returned, file.Cleanup())
+	}
+
+	return errors.WithDeferred(nil, file.CloseReplace())
+}

internal/aghrenameio/renameio_test.go

@@ -0,0 +1,101 @@
+package aghrenameio_test
+
+import (
+	"io/fs"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghrenameio"
+	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/testutil"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// testPerm is the common permission mode for tests.
+const testPerm fs.FileMode = 0o644
+
+// Common file data for tests.
+var (
+	initialData = []byte("initial data\n")
+	newData     = []byte("new data\n")
+)
+
+func TestPendingFile(t *testing.T) {
+	t.Parallel()
+
+	targetPath := newInitialFile(t)
+	f, err := aghrenameio.NewPendingFile(targetPath, testPerm)
+	require.NoError(t, err)
+
+	_, err = f.Write(newData)
+	require.NoError(t, err)
+
+	err = f.CloseReplace()
+	require.NoError(t, err)
+
+	gotData, err := os.ReadFile(targetPath)
+	require.NoError(t, err)
+
+	assert.Equal(t, newData, gotData)
+}
+
+// newInitialFile is a test helper that returns the path to the file containing
+// [initialData].
+func newInitialFile(t *testing.T) (targetPath string) {
+	t.Helper()
+
+	dir := t.TempDir()
+	targetPath = filepath.Join(dir, "target")
+
+	err := os.WriteFile(targetPath, initialData, 0o644)
+	require.NoError(t, err)
+
+	return targetPath
+}
+
+func TestWithDeferredCleanup(t *testing.T) {
+	t.Parallel()
+
+	const testError errors.Error = "test error"
+
+	testCases := []struct {
+		error      error
+		name       string
+		wantErrMsg string
+		wantData   []byte
+	}{{
+		name:       "success",
+		error:      nil,
+		wantErrMsg: "",
+		wantData:   newData,
+	}, {
+		name:       "error",
+		error:      testError,
+		wantErrMsg: testError.Error(),
+		wantData:   initialData,
+	}}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			targetPath := newInitialFile(t)
+			f, err := aghrenameio.NewPendingFile(targetPath, testPerm)
+			require.NoError(t, err)
+
+			_, err = f.Write(newData)
+			require.NoError(t, err)
+
+			err = aghrenameio.WithDeferredCleanup(tc.error, f)
+			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
+
+			gotData, err := os.ReadFile(targetPath)
+			require.NoError(t, err)
+
+			assert.Equal(t, tc.wantData, gotData)
+		})
+	}
+}

internal/aghrenameio/renameio_unix.go

@@ -0,0 +1,48 @@
+//go:build unix
+
+package aghrenameio
+
+import (
+	"io/fs"
+
+	"github.com/google/renameio/v2"
+)
+
+// pendingFile is a wrapper around [*renameio.PendingFile] making it an
+// [io.WriteCloser].
+type pendingFile struct {
+	file *renameio.PendingFile
+}
+
+// type check
+var _ PendingFile = pendingFile{}
+
+// Cleanup implements the [PendingFile] interface for pendingFile.
+func (f pendingFile) Cleanup() (err error) {
+	return f.file.Cleanup()
+}
+
+// CloseReplace implements the [PendingFile] interface for pendingFile.
+func (f pendingFile) CloseReplace() (err error) {
+	return f.file.CloseAtomicallyReplace()
+}
+
+// Write implements the [PendingFile] interface for pendingFile.
+func (f pendingFile) Write(b []byte) (n int, err error) {
+	return f.file.Write(b)
+}
+
+// NewPendingFile is a wrapper around [renameio.NewPendingFile].
+//
+// f.Close must be called to finish the renaming.
+func newPendingFile(filePath string, mode fs.FileMode) (f PendingFile, err error) {
+	file, err := renameio.NewPendingFile(filePath, renameio.WithPermissions(mode))
+	if err != nil {
+		// Don't wrap the error since it's informative enough as is.
+		return nil, err
+	}
+
+	return pendingFile{
+		file: file,
+	}, nil
+}

internal/aghrenameio/renameio_windows.go

@@ -0,0 +1,74 @@
+//go:build windows
+
+package aghrenameio
+
+import (
+	"fmt"
+	"io/fs"
+	"os"
+	"path/filepath"
+
+	"github.com/AdguardTeam/golibs/errors"
+)
+
+// pendingFile is a wrapper around [*os.File] calling [os.Rename] in its Close
+// method.
+type pendingFile struct {
+	file       *os.File
+	targetPath string
+}
+
+// type check
+var _ PendingFile = (*pendingFile)(nil)
+
+// Cleanup implements the [PendingFile] interface for *pendingFile.
+func (f *pendingFile) Cleanup() (err error) {
+	closeErr := f.file.Close()
+	err = os.Remove(f.file.Name())
+
+	// Put closeErr into the deferred error because that's where it is usually
+	// expected.
+	return errors.WithDeferred(err, closeErr)
+}
+
+// CloseReplace implements the [PendingFile] interface for *pendingFile.
+func (f *pendingFile) CloseReplace() (err error) {
+	err = f.file.Close()
+	if err != nil {
+		return fmt.Errorf("closing: %w", err)
+	}
+
+	err = os.Rename(f.file.Name(), f.targetPath)
+	if err != nil {
+		return fmt.Errorf("renaming: %w", err)
+	}
+
+	return nil
+}
+
+// Write implements the [PendingFile] interface for *pendingFile.
+func (f *pendingFile) Write(b []byte) (n int, err error) {
+	return f.file.Write(b)
+}
+
+// NewPendingFile is a wrapper around [os.CreateTemp].
+//
+// f.Close must be called to finish the renaming.
+func newPendingFile(filePath string, mode fs.FileMode) (f PendingFile, err error) {
+	// Use the same directory as the file itself, because moves across
+	// filesystems can be especially problematic.
+	file, err := os.CreateTemp(filepath.Dir(filePath), "")
+	if err != nil {
+		return nil, fmt.Errorf("opening pending file: %w", err)
+	}
+
+	err = file.Chmod(mode)
+	if err != nil {
+		return nil, fmt.Errorf("preparing pending file: %w", err)
+	}
+
+	return &pendingFile{
+		file:       file,
+		targetPath: filePath,
+	}, nil
+}

internal/aghtest/aghtest.go

@@ -2,7 +2,9 @@
 package aghtest
 
 import (
+	"crypto/sha256"
 	"io"
+	"net"
 	"testing"
 
 	"github.com/AdguardTeam/golibs/log"
@@ -34,3 +36,10 @@ func ReplaceLogLevel(t testing.TB, l log.Level) {
 	t.Cleanup(func() { log.SetLevel(prev) })
 	log.SetLevel(l)
 }
+
+// HostToIPs is a helper that generates one IPv4 and one IPv6 address from host.
+func HostToIPs(host string) (ipv4, ipv6 net.IP) {
+	hash := sha256.Sum256([]byte(host))
+
+	return net.IP(hash[:4]), net.IP(hash[4:20])
+}

internal/aghtest/interface.go

@@ -2,11 +2,15 @@ package aghtest
 
 import (
 	"context"
-	"io/fs"
 	"net"
+	"net/netip"
+	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
+	"github.com/AdguardTeam/AdGuardHome/internal/client"
 	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
+	"github.com/AdguardTeam/AdGuardHome/internal/rdns"
+	"github.com/AdguardTeam/AdGuardHome/internal/whois"
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/miekg/dns"
 )
@@ -15,94 +19,20 @@ import (
 //
 // Keep entities in this file in alphabetic order.
 
-// Standard Library
-
-// Package fs
-
-// type check
-var _ fs.FS = &FS{}
-
-// FS is a mock [fs.FS] implementation for tests.
-type FS struct {
-	OnOpen func(name string) (fs.File, error)
-}
-
-// Open implements the [fs.FS] interface for *FS.
-func (fsys *FS) Open(name string) (fs.File, error) {
-	return fsys.OnOpen(name)
-}
-
-// type check
-var _ fs.GlobFS = &GlobFS{}
-
-// GlobFS is a mock [fs.GlobFS] implementation for tests.
-type GlobFS struct {
-	// FS is embedded here to avoid implementing all it's methods.
-	FS
-	OnGlob func(pattern string) ([]string, error)
-}
-
-// Glob implements the [fs.GlobFS] interface for *GlobFS.
-func (fsys *GlobFS) Glob(pattern string) ([]string, error) {
-	return fsys.OnGlob(pattern)
-}
-
-// type check
-var _ fs.StatFS = &StatFS{}
-
-// StatFS is a mock [fs.StatFS] implementation for tests.
-type StatFS struct {
-	// FS is embedded here to avoid implementing all it's methods.
-	FS
-	OnStat func(name string) (fs.FileInfo, error)
-}
-
-// Stat implements the [fs.StatFS] interface for *StatFS.
-func (fsys *StatFS) Stat(name string) (fs.FileInfo, error) {
-	return fsys.OnStat(name)
-}
-
-// Package net
-
-// type check
-var _ net.Listener = (*Listener)(nil)
-
-// Listener is a mock [net.Listener] implementation for tests.
-type Listener struct {
-	OnAccept func() (conn net.Conn, err error)
-	OnAddr   func() (addr net.Addr)
-	OnClose  func() (err error)
-}
-
-// Accept implements the [net.Listener] interface for *Listener.
-func (l *Listener) Accept() (conn net.Conn, err error) {
-	return l.OnAccept()
-}
-
-// Addr implements the [net.Listener] interface for *Listener.
-func (l *Listener) Addr() (addr net.Addr) {
-	return l.OnAddr()
-}
-
-// Close implements the [net.Listener] interface for *Listener.
-func (l *Listener) Close() (err error) {
-	return l.OnClose()
-}
-
 // Module adguard-home
 
 // Package aghos
 
-// type check
-var _ aghos.FSWatcher = (*FSWatcher)(nil)
-
-// FSWatcher is a mock [aghos.FSWatcher] implementation for tests.
+// FSWatcher is a fake [aghos.FSWatcher] implementation for tests.
 type FSWatcher struct {
 	OnEvents func() (e <-chan struct{})
 	OnAdd    func(name string) (err error)
 	OnClose  func() (err error)
 }
 
+// type check
+var _ aghos.FSWatcher = (*FSWatcher)(nil)
+
 // Events implements the [aghos.FSWatcher] interface for *FSWatcher.
 func (w *FSWatcher) Events() (e <-chan struct{}) {
 	return w.OnEvents()
@@ -120,16 +50,16 @@ func (w *FSWatcher) Close() (err error) {
 
 // Package agh
 
-// type check
-var _ agh.ServiceWithConfig[struct{}] = (*ServiceWithConfig[struct{}])(nil)
-
-// ServiceWithConfig is a mock [agh.ServiceWithConfig] implementation for tests.
+// ServiceWithConfig is a fake [agh.ServiceWithConfig] implementation for tests.
 type ServiceWithConfig[ConfigType any] struct {
 	OnStart    func() (err error)
 	OnShutdown func(ctx context.Context) (err error)
 	OnConfig   func() (c ConfigType)
 }
 
+// type check
+var _ agh.ServiceWithConfig[struct{}] = (*ServiceWithConfig[struct{}])(nil)
+
 // Start implements the [agh.ServiceWithConfig] interface for
 // *ServiceWithConfig.
 func (s *ServiceWithConfig[_]) Start() (err error) {
@@ -148,14 +78,76 @@ func (s *ServiceWithConfig[ConfigType]) Config() (c ConfigType) {
 	return s.OnConfig()
 }
 
+// Package client
+
+// AddressProcessor is a fake [client.AddressProcessor] implementation for
+// tests.
+type AddressProcessor struct {
+	OnProcess func(ip netip.Addr)
+	OnClose   func() (err error)
+}
+
+// type check
+var _ client.AddressProcessor = (*AddressProcessor)(nil)
+
+// Process implements the [client.AddressProcessor] interface for
+// *AddressProcessor.
+func (p *AddressProcessor) Process(ip netip.Addr) {
+	p.OnProcess(ip)
+}
+
+// Close implements the [client.AddressProcessor] interface for
+// *AddressProcessor.
+func (p *AddressProcessor) Close() (err error) {
+	return p.OnClose()
+}
+
+// AddressUpdater is a fake [client.AddressUpdater] implementation for tests.
+type AddressUpdater struct {
+	OnUpdateAddress func(ip netip.Addr, host string, info *whois.Info)
+}
+
+// type check
+var _ client.AddressUpdater = (*AddressUpdater)(nil)
+
+// UpdateAddress implements the [client.AddressUpdater] interface for
+// *AddressUpdater.
+func (p *AddressUpdater) UpdateAddress(ip netip.Addr, host string, info *whois.Info) {
+	p.OnUpdateAddress(ip, host, info)
+}
+
+// Package filtering
+
+// Resolver is a fake [filtering.Resolver] implementation for tests.
+type Resolver struct {
+	OnLookupIP func(ctx context.Context, network, host string) (ips []net.IP, err error)
+}
+
+// LookupIP implements the [filtering.Resolver] interface for *Resolver.
+func (r *Resolver) LookupIP(ctx context.Context, network, host string) (ips []net.IP, err error) {
+	return r.OnLookupIP(ctx, network, host)
+}
+
+// Package rdns
+
+// Exchanger is a fake [rdns.Exchanger] implementation for tests.
+type Exchanger struct {
+	OnExchange func(ip netip.Addr) (host string, ttl time.Duration, err error)
+}
+
+// type check
+var _ rdns.Exchanger = (*Exchanger)(nil)
+
+// Exchange implements [rdns.Exchanger] interface for *Exchanger.
+func (e *Exchanger) Exchange(ip netip.Addr) (host string, ttl time.Duration, err error) {
+	return e.OnExchange(ip)
+}
+
 // Module dnsproxy
 
 // Package upstream
 
-// type check
-var _ upstream.Upstream = (*UpstreamMock)(nil)
-
-// UpstreamMock is a mock [upstream.Upstream] implementation for tests.
+// UpstreamMock is a fake [upstream.Upstream] implementation for tests.
 //
 // TODO(a.garipov): Replace with all uses of Upstream with UpstreamMock and
 // rename it to just Upstream.
@@ -165,6 +157,9 @@ type UpstreamMock struct {
 	OnClose    func() (err error)
 }
 
+// type check
+var _ upstream.Upstream = (*UpstreamMock)(nil)
+
 // Address implements the [upstream.Upstream] interface for *UpstreamMock.
 func (u *UpstreamMock) Address() (addr string) {
 	return u.OnAddress()

internal/aghtest/interface_test.go

@@ -1,3 +1,11 @@
 package aghtest_test
 
+import (
+	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
+	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
+)
+
 // Put interface checks that cause import cycles here.
+
+// type check
+var _ filtering.Resolver = (*aghtest.Resolver)(nil)

internal/aghtest/resolver.go

@@ -1,57 +0,0 @@
-package aghtest
-
-import (
-	"context"
-	"crypto/sha256"
-	"net"
-	"sync"
-)
-
-// TestResolver is a Resolver for tests.
-type TestResolver struct {
-	counter     int
-	counterLock sync.Mutex
-}
-
-// HostToIPs generates IPv4 and IPv6 from host.
-func (r *TestResolver) HostToIPs(host string) (ipv4, ipv6 net.IP) {
-	hash := sha256.Sum256([]byte(host))
-
-	return net.IP(hash[:4]), net.IP(hash[4:20])
-}
-
-// LookupIP implements Resolver interface for *testResolver. It returns the
-// slice of net.IP with IPv4 and IPv6 instances.
-func (r *TestResolver) LookupIP(_ context.Context, _, host string) (ips []net.IP, err error) {
-	ipv4, ipv6 := r.HostToIPs(host)
-	addrs := []net.IP{ipv4, ipv6}
-
-	r.counterLock.Lock()
-	defer r.counterLock.Unlock()
-	r.counter++
-
-	return addrs, nil
-}
-
-// LookupHost implements Resolver interface for *testResolver. It returns the
-// slice of IPv4 and IPv6 instances converted to strings.
-func (r *TestResolver) LookupHost(host string) (addrs []string, err error) {
-	ipv4, ipv6 := r.HostToIPs(host)
-
-	r.counterLock.Lock()
-	defer r.counterLock.Unlock()
-	r.counter++
-
-	return []string{
-		ipv4.String(),
-		ipv6.String(),
-	}, nil
-}
-
-// Counter returns the number of requests handled.
-func (r *TestResolver) Counter() int {
-	r.counterLock.Lock()
-	defer r.counterLock.Unlock()
-
-	return r.counter
-}

internal/client/addrproc.go

@@ -0,0 +1,294 @@
+package client
+
+import (
+	"context"
+	"net/netip"
+	"sync"
+	"time"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
+	"github.com/AdguardTeam/AdGuardHome/internal/rdns"
+	"github.com/AdguardTeam/AdGuardHome/internal/whois"
+	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
+)
+
+// ErrClosed is returned from [AddressProcessor.Close] if it's closed more than
+// once.
+const ErrClosed errors.Error = "use of closed address processor"
+
+// AddressProcessor is the interface for types that can process clients.
+type AddressProcessor interface {
+	Process(ip netip.Addr)
+	Close() (err error)
+}
+
+// EmptyAddrProc is an [AddressProcessor] that does nothing.
+type EmptyAddrProc struct{}
+
+// type check
+var _ AddressProcessor = EmptyAddrProc{}
+
+// Process implements the [AddressProcessor] interface for EmptyAddrProc.
+func (EmptyAddrProc) Process(_ netip.Addr) {}
+
+// Close implements the [AddressProcessor] interface for EmptyAddrProc.
+func (EmptyAddrProc) Close() (_ error) { return nil }
+
+// DefaultAddrProcConfig is the configuration structure for address processors.
+type DefaultAddrProcConfig struct {
+	// DialContext is used to create TCP connections to WHOIS servers.
+	// DialContext must not be nil if [DefaultAddrProcConfig.UseWHOIS] is true.
+	DialContext aghnet.DialContextFunc
+
+	// Exchanger is used to perform rDNS queries.  Exchanger must not be nil if
+	// [DefaultAddrProcConfig.UseRDNS] is true.
+	Exchanger rdns.Exchanger
+
+	// PrivateSubnets are used to determine if an incoming IP address is
+	// private.  It must not be nil.
+	PrivateSubnets netutil.SubnetSet
+
+	// AddressUpdater is used to update the information about a client's IP
+	// address.  It must not be nil.
+	AddressUpdater AddressUpdater
+
+	// InitialAddresses are the addresses that are queued for processing
+	// immediately by [NewDefaultAddrProc].
+	InitialAddresses []netip.Addr
+
+	// UseRDNS, if true, enables resolving of client IP addresses using reverse
+	// DNS.
+	UseRDNS bool
+
+	// UsePrivateRDNS, if true, enables resolving of private client IP addresses
+	// using reverse DNS.  See [DefaultAddrProcConfig.PrivateSubnets].
+	UsePrivateRDNS bool
+
+	// UseWHOIS, if true, enables resolving of client IP addresses using WHOIS.
+	UseWHOIS bool
+}
+
+// AddressUpdater is the interface for storages of DNS clients that can update
+// information about them.
+//
+// TODO(a.garipov): Consider using the actual client storage once it is moved
+// into this package.
+type AddressUpdater interface {
+	// UpdateAddress updates information about an IP address, setting host (if
+	// not empty) and WHOIS information (if not nil).
+	UpdateAddress(ip netip.Addr, host string, info *whois.Info)
+}
+
+// DefaultAddrProc processes incoming client addresses with rDNS and WHOIS, if
+// configured, and updates that information in a client storage.
+type DefaultAddrProc struct {
+	// clientIPsMu serializes closure of clientIPs and access to isClosed.
+	clientIPsMu *sync.Mutex
+
+	// clientIPs is the channel queueing client processing tasks.
+	clientIPs chan netip.Addr
+
+	// rdns is used to perform rDNS lookups of clients' IP addresses.
+	rdns rdns.Interface
+
+	// whois is used to perform WHOIS lookups of clients' IP addresses.
+	whois whois.Interface
+
+	// addrUpdater is used to update the information about a client's IP
+	// address.
+	addrUpdater AddressUpdater
+
+	// privateSubnets are used to determine if an incoming IP address is
+	// private.
+	privateSubnets netutil.SubnetSet
+
+	// isClosed is set to true once the address processor is closed.
+	isClosed bool
+
+	// usePrivateRDNS, if true, enables resolving of private client IP addresses
+	// using reverse DNS.
+	usePrivateRDNS bool
+}
+
+const (
+	// defaultQueueSize is the size of queue of IPs for rDNS and WHOIS
+	// processing.
+	defaultQueueSize = 255
+
+	// defaultCacheSize is the maximum size of the cache for rDNS and WHOIS
+	// processing.  It must be greater than zero.
+	defaultCacheSize = 10_000
+
+	// defaultIPTTL is the Time to Live duration for IP addresses cached by
+	// rDNS and WHOIS.
+	defaultIPTTL = 1 * time.Hour
+)
+
+// NewDefaultAddrProc returns a new running client address processor.  c must
+// not be nil.
+func NewDefaultAddrProc(c *DefaultAddrProcConfig) (p *DefaultAddrProc) {
+	p = &DefaultAddrProc{
+		clientIPsMu:    &sync.Mutex{},
+		clientIPs:      make(chan netip.Addr, defaultQueueSize),
+		rdns:           &rdns.Empty{},
+		addrUpdater:    c.AddressUpdater,
+		whois:          &whois.Empty{},
+		privateSubnets: c.PrivateSubnets,
+		usePrivateRDNS: c.UsePrivateRDNS,
+	}
+
+	if c.UseRDNS {
+		p.rdns = rdns.New(&rdns.Config{
+			Exchanger: c.Exchanger,
+			CacheSize: defaultCacheSize,
+			CacheTTL:  defaultIPTTL,
+		})
+	}
+
+	if c.UseWHOIS {
+		p.whois = newWHOIS(c.DialContext)
+	}
+
+	go p.process()
+
+	for _, ip := range c.InitialAddresses {
+		p.Process(ip)
+	}
+
+	return p
+}
+
+// newWHOIS returns a whois.Interface instance using the given function for
+// dialing.
+func newWHOIS(dialFunc aghnet.DialContextFunc) (w whois.Interface) {
+	// TODO(s.chzhen):  Consider making configurable.
+	const (
+		// defaultTimeout is the timeout for WHOIS requests.
+		defaultTimeout = 5 * time.Second
+
+		// defaultMaxConnReadSize is an upper limit in bytes for reading from a
+		// net.Conn.
+		defaultMaxConnReadSize = 64 * 1024
+
+		// defaultMaxRedirects is the maximum redirects count.
+		defaultMaxRedirects = 5
+
+		// defaultMaxInfoLen is the maximum length of whois.Info fields.
+		defaultMaxInfoLen = 250
+	)
+
+	return whois.New(&whois.Config{
+		DialContext:     dialFunc,
+		ServerAddr:      whois.DefaultServer,
+		Port:            whois.DefaultPort,
+		Timeout:         defaultTimeout,
+		CacheSize:       defaultCacheSize,
+		MaxConnReadSize: defaultMaxConnReadSize,
+		MaxRedirects:    defaultMaxRedirects,
+		MaxInfoLen:      defaultMaxInfoLen,
+		CacheTTL:        defaultIPTTL,
+	})
+}
+
+// type check
+var _ AddressProcessor = (*DefaultAddrProc)(nil)
+
+// Process implements the [AddressProcessor] interface for *DefaultAddrProc.
+func (p *DefaultAddrProc) Process(ip netip.Addr) {
+	p.clientIPsMu.Lock()
+	defer p.clientIPsMu.Unlock()
+
+	if p.isClosed {
+		return
+	}
+
+	select {
+	case p.clientIPs <- ip:
+		// Go on.
+	default:
+		log.Debug("clients: ip channel is full; len: %d", len(p.clientIPs))
+	}
+}
+
+// process processes the incoming client IP-address information.  It is intended
+// to be used as a goroutine.  Once clientIPs is closed, process exits.
+func (p *DefaultAddrProc) process() {
+	defer log.OnPanic("addrProcessor.process")
+
+	log.Info("clients: processing addresses")
+
+	for ip := range p.clientIPs {
+		host := p.processRDNS(ip)
+		info := p.processWHOIS(ip)
+
+		p.addrUpdater.UpdateAddress(ip, host, info)
+	}
+
+	log.Info("clients: finished processing addresses")
+}
+
+// processRDNS resolves the clients' IP addresses using reverse DNS.  host is
+// empty if there were errors or if the information hasn't changed.
+func (p *DefaultAddrProc) processRDNS(ip netip.Addr) (host string) {
+	start := time.Now()
+	log.Debug("clients: processing %s with rdns", ip)
+	defer func() {
+		log.Debug("clients: finished processing %s with rdns in %s", ip, time.Since(start))
+	}()
+
+	ok := p.shouldResolve(ip)
+	if !ok {
+		return
+	}
+
+	host, changed := p.rdns.Process(ip)
+	if !changed {
+		host = ""
+	}
+
+	return host
+}
+
+// shouldResolve returns false if ip is a loopback address, or ip is private and
+// resolving of private addresses is disabled.
+func (p *DefaultAddrProc) shouldResolve(ip netip.Addr) (ok bool) {
+	return !ip.IsLoopback() &&
+		(p.usePrivateRDNS || !p.privateSubnets.Contains(ip.AsSlice()))
+}
+
+// processWHOIS looks up the information about clients' IP addresses in the
+// WHOIS databases.  info is nil if there were errors or if the information
+// hasn't changed.
+func (p *DefaultAddrProc) processWHOIS(ip netip.Addr) (info *whois.Info) {
+	start := time.Now()
+	log.Debug("clients: processing %s with whois", ip)
+	defer func() {
+		log.Debug("clients: finished processing %s with whois in %s", ip, time.Since(start))
+	}()
+
+	// TODO(s.chzhen):  Move the timeout logic from WHOIS configuration to the
+	// context.
+	info, changed := p.whois.Process(context.Background(), ip)
+	if !changed {
+		info = nil
+	}
+
+	return info
+}
+
+// Close implements the [AddressProcessor] interface for *DefaultAddrProc.
+func (p *DefaultAddrProc) Close() (err error) {
+	p.clientIPsMu.Lock()
+	defer p.clientIPsMu.Unlock()
+
+	if p.isClosed {
+		return ErrClosed
+	}
+
+	close(p.clientIPs)
+	p.isClosed = true
+
+	return nil
+}

internal/client/addrproc_test.go

@@ -0,0 +1,259 @@
+package client_test
+
+import (
+	"context"
+	"io"
+	"net"
+	"net/netip"
+	"testing"
+	"time"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
+	"github.com/AdguardTeam/AdGuardHome/internal/client"
+	"github.com/AdguardTeam/AdGuardHome/internal/whois"
+	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/netutil"
+	"github.com/AdguardTeam/golibs/testutil"
+	"github.com/AdguardTeam/golibs/testutil/fakenet"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestEmptyAddrProc(t *testing.T) {
+	t.Parallel()
+
+	p := client.EmptyAddrProc{}
+
+	assert.NotPanics(t, func() {
+		p.Process(testIP)
+	})
+
+	assert.NotPanics(t, func() {
+		err := p.Close()
+		assert.NoError(t, err)
+	})
+}
+
+func TestDefaultAddrProc_Process_rDNS(t *testing.T) {
+	t.Parallel()
+
+	privateIP := netip.MustParseAddr("192.168.0.1")
+
+	testCases := []struct {
+		rdnsErr    error
+		ip         netip.Addr
+		name       string
+		host       string
+		usePrivate bool
+		wantUpd    bool
+	}{{
+		rdnsErr:    nil,
+		ip:         testIP,
+		name:       "success",
+		host:       testHost,
+		usePrivate: false,
+		wantUpd:    true,
+	}, {
+		rdnsErr:    nil,
+		ip:         testIP,
+		name:       "no_host",
+		host:       "",
+		usePrivate: false,
+		wantUpd:    false,
+	}, {
+		rdnsErr:    nil,
+		ip:         netip.MustParseAddr("127.0.0.1"),
+		name:       "localhost",
+		host:       "",
+		usePrivate: false,
+		wantUpd:    false,
+	}, {
+		rdnsErr:    nil,
+		ip:         privateIP,
+		name:       "private_ignored",
+		host:       "",
+		usePrivate: false,
+		wantUpd:    false,
+	}, {
+		rdnsErr:    nil,
+		ip:         privateIP,
+		name:       "private_processed",
+		host:       "private.example",
+		usePrivate: true,
+		wantUpd:    true,
+	}, {
+		rdnsErr:    errors.Error("rdns error"),
+		ip:         testIP,
+		name:       "rdns_error",
+		host:       "",
+		usePrivate: false,
+		wantUpd:    false,
+	}}
+
+	for _, tc := range testCases {
+		tc := tc
+
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			updIPCh := make(chan netip.Addr, 1)
+			updHostCh := make(chan string, 1)
+			updInfoCh := make(chan *whois.Info, 1)
+
+			p := client.NewDefaultAddrProc(&client.DefaultAddrProcConfig{
+				DialContext: func(_ context.Context, _, _ string) (conn net.Conn, err error) {
+					panic("not implemented")
+				},
+				Exchanger: &aghtest.Exchanger{
+					OnExchange: func(ip netip.Addr) (host string, ttl time.Duration, err error) {
+						return tc.host, 0, tc.rdnsErr
+					},
+				},
+				PrivateSubnets: netutil.SubnetSetFunc(netutil.IsLocallyServed),
+				AddressUpdater: &aghtest.AddressUpdater{
+					OnUpdateAddress: newOnUpdateAddress(tc.wantUpd, updIPCh, updHostCh, updInfoCh),
+				},
+				UseRDNS:        true,
+				UsePrivateRDNS: tc.usePrivate,
+				UseWHOIS:       false,
+			})
+			testutil.CleanupAndRequireSuccess(t, p.Close)
+
+			p.Process(tc.ip)
+
+			if !tc.wantUpd {
+				return
+			}
+
+			gotIP, _ := testutil.RequireReceive(t, updIPCh, testTimeout)
+			assert.Equal(t, tc.ip, gotIP)
+
+			gotHost, _ := testutil.RequireReceive(t, updHostCh, testTimeout)
+			assert.Equal(t, tc.host, gotHost)
+
+			gotInfo, _ := testutil.RequireReceive(t, updInfoCh, testTimeout)
+			assert.Nil(t, gotInfo)
+		})
+	}
+}
+
+// newOnUpdateAddress is a test helper that returns a new OnUpdateAddress
+// callback using the provided channels if an update is expected and panicking
+// otherwise.
+func newOnUpdateAddress(
+	want bool,
+	ips chan<- netip.Addr,
+	hosts chan<- string,
+	infos chan<- *whois.Info,
+) (f func(ip netip.Addr, host string, info *whois.Info)) {
+	return func(ip netip.Addr, host string, info *whois.Info) {
+		if !want {
+			panic("got unexpected update")
+		}
+
+		ips <- ip
+		hosts <- host
+		infos <- info
+	}
+}
+
+func TestDefaultAddrProc_Process_WHOIS(t *testing.T) {
+	t.Parallel()
+
+	testCases := []struct {
+		wantInfo *whois.Info
+		exchErr  error
+		name     string
+		wantUpd  bool
+	}{{
+		wantInfo: &whois.Info{
+			City: testWHOISCity,
+		},
+		exchErr: nil,
+		name:    "success",
+		wantUpd: true,
+	}, {
+		wantInfo: nil,
+		exchErr:  nil,
+		name:     "no_info",
+		wantUpd:  false,
+	}, {
+		wantInfo: nil,
+		exchErr:  errors.Error("whois error"),
+		name:     "whois_error",
+		wantUpd:  false,
+	}}
+
+	for _, tc := range testCases {
+		tc := tc
+
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			whoisConn := &fakenet.Conn{
+				OnClose: func() (err error) { return nil },
+				OnRead: func(b []byte) (n int, err error) {
+					if tc.wantInfo == nil {
+						return 0, tc.exchErr
+					}
+
+					data := "city: " + tc.wantInfo.City + "\n"
+					copy(b, data)
+
+					return len(data), io.EOF
+				},
+				OnSetDeadline: func(_ time.Time) (err error) { return nil },
+				OnWrite:       func(b []byte) (n int, err error) { return len(b), nil },
+			}
+
+			updIPCh := make(chan netip.Addr, 1)
+			updHostCh := make(chan string, 1)
+			updInfoCh := make(chan *whois.Info, 1)
+
+			p := client.NewDefaultAddrProc(&client.DefaultAddrProcConfig{
+				DialContext: func(_ context.Context, _, _ string) (conn net.Conn, err error) {
+					return whoisConn, nil
+				},
+				Exchanger: &aghtest.Exchanger{
+					OnExchange: func(_ netip.Addr) (_ string, _ time.Duration, _ error) {
+						panic("not implemented")
+					},
+				},
+				PrivateSubnets: netutil.SubnetSetFunc(netutil.IsLocallyServed),
+				AddressUpdater: &aghtest.AddressUpdater{
+					OnUpdateAddress: newOnUpdateAddress(tc.wantUpd, updIPCh, updHostCh, updInfoCh),
+				},
+				UseRDNS:        false,
+				UsePrivateRDNS: false,
+				UseWHOIS:       true,
+			})
+			testutil.CleanupAndRequireSuccess(t, p.Close)
+
+			p.Process(testIP)
+
+			if !tc.wantUpd {
+				return
+			}
+
+			gotIP, _ := testutil.RequireReceive(t, updIPCh, testTimeout)
+			assert.Equal(t, testIP, gotIP)
+
+			gotHost, _ := testutil.RequireReceive(t, updHostCh, testTimeout)
+			assert.Empty(t, gotHost)
+
+			gotInfo, _ := testutil.RequireReceive(t, updInfoCh, testTimeout)
+			assert.Equal(t, tc.wantInfo, gotInfo)
+		})
+	}
+}
+
+func TestDefaultAddrProc_Close(t *testing.T) {
+	t.Parallel()
+
+	p := client.NewDefaultAddrProc(&client.DefaultAddrProcConfig{})
+
+	err := p.Close()
+	assert.NoError(t, err)
+
+	err = p.Close()
+	assert.ErrorIs(t, err, client.ErrClosed)
+}

internal/client/client.go

@@ -0,0 +1,5 @@
+// Package client contains types and logic dealing with AdGuard Home's DNS
+// clients.
+//
+// TODO(a.garipov): Expand.
+package client

internal/client/client_test.go

@@ -0,0 +1,25 @@
+package client_test
+
+import (
+	"net/netip"
+	"testing"
+	"time"
+
+	"github.com/AdguardTeam/golibs/testutil"
+)
+
+func TestMain(m *testing.M) {
+	testutil.DiscardLogOutput(m)
+}
+
+// testHost is the common hostname for tests.
+const testHost = "client.example"
+
+// testTimeout is the common timeout for tests.
+const testTimeout = 1 * time.Second
+
+// testWHOISCity is the common city for tests.
+const testWHOISCity = "Brussels"
+
+// testIP is the common IP address for tests.
+var testIP = netip.MustParseAddr("1.2.3.4")

internal/dhcpd/bitset.go

@@ -25,11 +25,8 @@ func (s *bitSet) isSet(n uint64) (ok bool) {
 
 	var word uint64
 	word, ok = s.words[wordIdx]
-	if !ok {
-		return false
-	}
 
-	return word&(1<<bitIdx) != 0
+	return ok && word&(1<<bitIdx) != 0
 }
 
 // set sets or unsets a bit.

internal/dhcpd/conn_bsd.go

@@ -249,31 +249,30 @@ func (c *dhcpConn) buildEtherPkt(payload []byte, peer *dhcpUnicastAddr) (pkt []b
 func (s *v4Server) send(peer net.Addr, conn net.PacketConn, req, resp *dhcpv4.DHCPv4) {
 	switch giaddr, ciaddr, mtype := req.GatewayIPAddr, req.ClientIPAddr, resp.MessageType(); {
 	case giaddr != nil && !giaddr.IsUnspecified():
-		// Send any return messages to the server port on the BOOTP
-		// relay agent whose address appears in giaddr.
+		// Send any return messages to the server port on the BOOTP relay agent
+		// whose address appears in giaddr.
 		peer = &net.UDPAddr{
 			IP:   giaddr,
 			Port: dhcpv4.ServerPort,
 		}
 		if mtype == dhcpv4.MessageTypeNak {
 			// Set the broadcast bit in the DHCPNAK, so that the relay agent
-			// broadcasts it to the client, because the client may not have
-			// a correct network address or subnet mask, and the client may not
-			// be answering ARP requests.
+			// broadcasts it to the client, because the client may not have a
+			// correct network address or subnet mask, and the client may not be
+			// answering ARP requests.
 			resp.SetBroadcast()
 		}
 	case mtype == dhcpv4.MessageTypeNak:
 		// Broadcast any DHCPNAK messages to 0xffffffff.
 	case ciaddr != nil && !ciaddr.IsUnspecified():
-		// Unicast DHCPOFFER and DHCPACK messages to the address in
-		// ciaddr.
+		// Unicast DHCPOFFER and DHCPACK messages to the address in ciaddr.
 		peer = &net.UDPAddr{
 			IP:   ciaddr,
 			Port: dhcpv4.ClientPort,
 		}
 	case !req.IsBroadcast() && req.ClientHWAddr != nil:
-		// Unicast DHCPOFFER and DHCPACK messages to the client's
-		// hardware address and yiaddr.
+		// Unicast DHCPOFFER and DHCPACK messages to the client's hardware
+		// address and yiaddr.
 		peer = &dhcpUnicastAddr{
 			Addr:   raw.Addr{HardwareAddr: req.ClientHWAddr},
 			yiaddr: resp.YourIPAddr,

internal/dhcpd/conn_linux.go

@@ -247,31 +247,30 @@ func (c *dhcpConn) buildEtherPkt(payload []byte, peer *dhcpUnicastAddr) (pkt []b
 func (s *v4Server) send(peer net.Addr, conn net.PacketConn, req, resp *dhcpv4.DHCPv4) {
 	switch giaddr, ciaddr, mtype := req.GatewayIPAddr, req.ClientIPAddr, resp.MessageType(); {
 	case giaddr != nil && !giaddr.IsUnspecified():
-		// Send any return messages to the server port on the BOOTP
-		// relay agent whose address appears in giaddr.
+		// Send any return messages to the server port on the BOOTP relay agent
+		// whose address appears in giaddr.
 		peer = &net.UDPAddr{
 			IP:   giaddr,
 			Port: dhcpv4.ServerPort,
 		}
 		if mtype == dhcpv4.MessageTypeNak {
 			// Set the broadcast bit in the DHCPNAK, so that the relay agent
-			// broadcasts it to the client, because the client may not have
-			// a correct network address or subnet mask, and the client may not
-			// be answering ARP requests.
+			// broadcasts it to the client, because the client may not have a
+			// correct network address or subnet mask, and the client may not be
+			// answering ARP requests.
 			resp.SetBroadcast()
 		}
 	case mtype == dhcpv4.MessageTypeNak:
 		// Broadcast any DHCPNAK messages to 0xffffffff.
 	case ciaddr != nil && !ciaddr.IsUnspecified():
-		// Unicast DHCPOFFER and DHCPACK messages to the address in
-		// ciaddr.
+		// Unicast DHCPOFFER and DHCPACK messages to the address in ciaddr.
 		peer = &net.UDPAddr{
 			IP:   ciaddr,
 			Port: dhcpv4.ClientPort,
 		}
 	case !req.IsBroadcast() && req.ClientHWAddr != nil:
-		// Unicast DHCPOFFER and DHCPACK messages to the client's
-		// hardware address and yiaddr.
+		// Unicast DHCPOFFER and DHCPACK messages to the client's hardware
+		// address and yiaddr.
 		peer = &dhcpUnicastAddr{
 			Addr:   packet.Addr{HardwareAddr: req.ClientHWAddr},
 			yiaddr: resp.YourIPAddr,

internal/dhcpd/db.go

@@ -9,7 +9,7 @@ import (
 
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
-	"github.com/google/renameio/maybe"
+	"github.com/google/renameio/v2/maybe"
 	"golang.org/x/exp/slices"
 )
 

internal/dhcpd/dhcpd.go

@@ -28,8 +28,9 @@ const (
 	defaultBackoff     time.Duration = 500 * time.Millisecond
 )
 
-// Lease contains the necessary information about a DHCP lease.  It's used in
-// various places.  So don't change it without good reason.
+// Lease contains the necessary information about a DHCP lease.  It's used as is
+// in the database, so don't change it until it's absolutely necessary, see
+// [dataVersion].
 type Lease struct {
 	// Expiry is the expiration time of the lease.
 	Expiry time.Time `json:"expires"`
@@ -41,8 +42,6 @@ type Lease struct {
 	HWAddr net.HardwareAddr `json:"mac"`
 
 	// IP is the IP address leased to the client.
-	//
-	// TODO(a.garipov): Migrate leases.db.
 	IP netip.Addr `json:"ip"`
 
 	// IsStatic defines if the lease is static.

internal/dhcpd/migrate.go

@@ -51,6 +51,9 @@ func migrateDB(conf *ServerConfig) (err error) {
 	oldLeasesPath := filepath.Join(conf.WorkDir, dbFilename)
 	dataDirPath := filepath.Join(conf.DataDir, dataFilename)
 
+	// #nosec G304 -- Trust this path, since it's taken from the old file name
+	// relative to the working directory and should generally be considered
+	// safe.
 	file, err := os.Open(oldLeasesPath)
 	if errors.Is(err, os.ErrNotExist) {
 		// Nothing to migrate.

internal/dhcpd/routeradv.go

@@ -200,7 +200,7 @@ func createICMPv6RAPacket(params icmpv6RA) (data []byte, err error) {
 func (ra *raCtx) Init() (err error) {
 	ra.stop.Store(0)
 	ra.conn = nil
-	if !(ra.raAllowSLAAC || ra.raSLAACOnly) {
+	if !ra.raAllowSLAAC && !ra.raSLAACOnly {
 		return nil
 	}