cherry-pick: prepare changelog for v0.106.2

Merge in DNS/adguard-home from changelog to master

Squashed commit of the following:

commit 8727a97d052d5d89a4a6ff9a56751c167a36e103
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Thu May 6 18:06:56 2021 +0300

    prepare changelog for v0.106.2

CHANGELOG.md

@@ -14,9 +14,35 @@ and this project adheres to
 -->
 
 <!--
-## [v0.106.1] - 2021-05-17 (APPROX.)
+## [v0.106.3] - 2021-05-17 (APPROX.)
 -->
 
+
+
+## [v0.106.2] - 2021-05-06
+
+### Fixed
+
+- Uniqueness validation for dynamic DHCP leases ([#3056]).
+
+[#3056]: https://github.com/AdguardTeam/AdGuardHome/issues/3056
+
+
+
+## [v0.106.1] - 2021-04-30
+
+### Fixed
+
+- Local domain name handling when the DHCP server is disabled ([#3028]).
+- Normalization of perviously-saved invalid static DHCP leases ([#3027]).
+- Validation of IPv6 addresses with zones in system resolvers ([#3022]).
+
+[#3022]: https://github.com/AdguardTeam/AdGuardHome/issues/3022
+[#3027]: https://github.com/AdguardTeam/AdGuardHome/issues/3027
+[#3028]: https://github.com/AdguardTeam/AdGuardHome/issues/3028
+
+
+
 ## [v0.106.0] - 2021-04-28
 
 ### Added
@@ -320,12 +346,14 @@ and this project adheres to
 
 
 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.1...HEAD
-[v0.107.0]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.1...v0.107.0
-[v0.106.1]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.0...v0.106.1
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.3...HEAD
+[v0.107.0]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.3...v0.107.0
+[v0.106.3]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.2...v0.106.3
 -->
 
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.0...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.2...HEAD
+[v0.106.2]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.1...v0.106.2
+[v0.106.1]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.0...v0.106.1
 [v0.106.0]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.105.2...v0.106.0
 [v0.105.2]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.105.1...v0.105.2
 [v0.105.1]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.105.0...v0.105.1

bamboo-specs/release.yaml

@@ -4,6 +4,7 @@
   'project-key': 'AGH'
   'key': 'AGHBSNAPSPECS'
   'name': 'AdGuard Home - Build and publish release'
+# Make sure to sync any changes with the branch overrides below.
 'variables':
   'channel': 'edge'
   'dockerGo': 'adguard/golang-ubuntu:2.0'
@@ -250,3 +251,25 @@
 'labels': []
 'other':
   'concurrent-build-plugin': 'system-default'
+
+'branch-overrides':
+# beta-vX.Y branches are the branches into which the commits that are needed to
+# release a new patch version are initially cherry-picked.
+- '^beta-v[0-9]+\.[0-9]+':
+    # Build betas on release branches manually.
+    'triggers': []
+    # Set the default release channel on the release branch to beta, as we may
+    # need to build a few of these.
+    'variables':
+      'channel': 'beta'
+      'dockerGo': 'adguard/golang-ubuntu:2.0'
+# release-vX.Y.Z branches are the branches from which the actual final release
+# is built.
+- '^release-v[0-9]+\.[0-9]+\.[0-9]+':
+    # Build final releases on release branches manually.
+    'triggers': []
+    # Set the default release channel on the final branch to release, as these
+    # are the ones that actually get released.
+    'variables':
+      'channel': 'release'
+      'dockerGo': 'adguard/golang-ubuntu:2.0'

client/src/__locales/cs.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Bootstrap DNS servery",
     "bootstrap_dns_desc": "Servery Bootstrap DNS se používají k řešení IP adres DoH/DoT, které zadáváte jako upstreamy.",
     "local_ptr_title": "Soukromé DNS servery",
-    "local_ptr_desc": "Servery DNS, které AdGuard Home použije pro dotazy na lokálně poskytované zdroje. Tento server bude například používán k řešení názvů hostitelů pro klienty se soukromými IP adresami. Pokud není nastaveno, AdGuard Home automaticky použije váš výchozí překladač DNS.",
+    "local_ptr_desc": "Servery DNS, které AdGuard Home používá pro lokální dotazy PTR. Tyto servery se používají k rozlišení názvů hostitelů klientů se soukromými adresami IP, například \"192.168.12.34\" pomocí rDNS. Pokud není nastaveno, AdGuard Home automaticky použije výchozí řešitele vašeho OS.",
     "local_ptr_placeholder": "Zadejte jednu adresu serveru na řádek",
     "resolve_clients_title": "Povolit zpětné řešení IP adres klientů",
     "resolve_clients_desc": "Pokud je povoleno, AdGuard Home se pokusí obráceně vyřešit IP adresy klientů na jejich názvy hostitelů zasláním dotazů PTR příslušným řešitelům (soukromé DNS servery pro místní klienty, odchozí server pro klienty s veřejnou IP adresou).",

client/src/__locales/da.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Bootstrap DNS-servere",
     "bootstrap_dns_desc": "Bootstrap DNS-servere bruges til at fortolke IP-adresser for de DoH-/DoT-resolvere, du angiver som upstream.",
     "local_ptr_title": "Private DNS-servere",
-    "local_ptr_desc": "De DNS-servere som AdGuard Home vil bruge til forespørgsler efter lokalt leverede ressourcer. For eksempel vil denne server blive brugt til at løse klienters værtsnavne for klienter med private IP-adresser. Hvis ikke indstillet, bruger AdGuard Home automatisk din standard DNS-resolver.",
+    "local_ptr_desc": "De DNS-servere, som AdGuard Home bruger til lokale PTR-forespørgsler. Disse servere bruges til at opløse klientværtsnavne med private IP-adresser, f.eks. \"192.168.12.34\", vha. rDNS. Hvis ikke indstillet, bruger AdGuard Home dit operativsystems standard DNS-opløsere.",
     "local_ptr_placeholder": "Indtast en serveradresse pr. Linje",
     "resolve_clients_title": "Aktivér omvendt løsning af klienters IP-adresser",
     "resolve_clients_desc": "Hvis aktiveret, forsøger AdGuard Home automatisk at løse klienters værtsnavne fra deres IP-adresser ved at sende en PTR-forespørgsel til en tilsvarende resolver (privat DNS-server til lokale klienter, upstream-server til klienter med offentlig IP-adresse).",

client/src/__locales/de.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Bootstrap DNS-Server starten",
     "bootstrap_dns_desc": "Bootstrap-DNS-Server werden verwendet, um IP-Adressen der DoH/DoT-Resolver aufzulösen, die Sie als Upstreams angeben.",
     "local_ptr_title": "Eigene DNS-Server",
-    "local_ptr_desc": "DNS-Server, die AdGuard Home für Abfragen nach lokal bereitgestellten Ressourcen verwenden wird. Diese Server werden z. B. für die Auflösung der Hostnamen der Clients für die Clients mit privaten IP-Adressen verwendet. Wenn nicht festgelegt, verwendet AdGuard Home automatisch Ihre Standard-DNS-Auflösung.",
+    "local_ptr_desc": "Die DNS-Server, die AdGuard Home für lokale PTR-Abfragen verwendet. Diese Server werden verwendet, um die Hostnamen von Clients mit privaten IP-Adressen, z. B. „192.168.12.34“, mithilfe von rDNS aufzulösen. Wenn nicht festgelegt, verwendet AdGuard Home die Standard-DNS-Resolver Ihres Betriebssystems.",
     "local_ptr_placeholder": "Eine Serveradresse pro Zeile eingeben",
     "resolve_clients_title": "Hostnamenauflösung der Clients aktivieren",
     "resolve_clients_desc": "Wenn aktiviert, versucht AdGuard Home, die Hostnamen der Clients automatisch aus deren IP-Adressen aufzulösen, indem er eine PTR-Abfrage an einen entsprechenden Auflösungsdienst (privater DNS-Server für lokale Clients, Upstream-Server für Clients mit öffentlicher IP) sendet.",

client/src/__locales/en.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Bootstrap DNS servers",
     "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve IP addresses of the DoH/DoT resolvers you specify as upstreams.",
     "local_ptr_title": "Private DNS servers",
-    "local_ptr_desc": "The DNS servers that AdGuard Home will use for queries for locally served resources. For instance, this server will be used for resolving clients' hostnames for the clients with private IP addresses. If not set, AdGuard Home will automatically use your default DNS resolver.",
+    "local_ptr_desc": "The DNS servers that AdGuard Home uses for local PTR queries. These servers are used to resolve the hostnames of clients with private IP addresses, for example \"192.168.12.34\", using rDNS. If not set, AdGuard Home uses the default DNS resolvers of your OS.",
     "local_ptr_placeholder": "Enter one server address per line",
     "resolve_clients_title": "Enable reverse resolving of clients' IP addresses",
     "resolve_clients_desc": "If enabled, AdGuard Home will attempt to reversely resolve clients' IP addresses into their hostnames by sending PTR queries to corresponding resolvers (private DNS servers for local clients, upstream server for clients with public IP addresses).",

client/src/__locales/es.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Servidores DNS de arranque",
     "bootstrap_dns_desc": "Los servidores DNS de arranque se utilizan para resolver las direcciones IP de los resolutores DoH/DoT que especifiques como DNS de subida.",
     "local_ptr_title": "Servidores DNS privados",
-    "local_ptr_desc": "Los servidores DNS que AdGuard Home utilizará para las consultas de recursos servidos localmente. Por ejemplo, este servidor se utilizará para resolver los nombres de hosts de los clientes con direcciones IP privadas. Si no está establecido, AdGuard Home utilizará automáticamente tu resolutor DNS predeterminado.",
+    "local_ptr_desc": "Los servidores DNS que AdGuard Home utiliza para las consultas PTR locales. Estos servidores se utilizan para resolver los nombres de hosts de los clientes a direcciones IP privadas, por ejemplo \"192.168.12.34\", utilizando rDNS. Si no está establecido, AdGuard Home utilizará los resolutores DNS predeterminados de tu sistema operativo.",
     "local_ptr_placeholder": "Ingresa una dirección de servidor por línea",
     "resolve_clients_title": "Habilitar la resolución inversa de las direcciones IP de clientes",
     "resolve_clients_desc": "Si está habilitado, AdGuard Home intentará resolver de manera inversa las direcciones IP de los clientes a sus nombres de hosts enviando consultas PTR a los resolutores correspondientes (servidores DNS privados para clientes locales, servidor DNS de subida para clientes con direcciones IP públicas).",

client/src/__locales/fr.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Serveurs DNS d'amorçage",
     "bootstrap_dns_desc": "Les serveurs DNS d'amorçage sont utilisés pour résoudre les adresses IP des résolveurs DoH/DoT que vous spécifiez comme upstream.",
     "local_ptr_title": "Serveurs DNS privés",
-    "local_ptr_desc": "Le serveur ou serveurs DNS qui seront utilisés par AdGuard Home pour les requêtes de ressources servies localement. Ce serveur pourra être utilisé, par exemple, pour résoudre les noms d'hôtes des clients pour les clients avec des adresses IP privées. S'il n'est pas défini, AdGuard Home utilisera votre résolveur DNS par défaut automatiquement.",
+    "local_ptr_desc": "Les serveurs DNS utilisés par AdGuard Home pour les requêtes PTR servies localement. Ces serveurs sont utilisés pour résoudre les noms d'hôtes des clients pour les clients avec des adresses IP privées, par exemple \"192.168.12.34\", en utilisant rDNS. S'il n'est pas défini, AdGuard Home utilisera le résolveur DNS de votre OS par défaut automatiquement.",
     "local_ptr_placeholder": "Saisissez une adresse de serveur par ligne",
     "resolve_clients_title": "Activer la résolution inverse des adresses IP des clients",
     "resolve_clients_desc": "Lorsque activé, AdGuard Home tentera de résoudre de manière inverse les adresses IP des clients en leurs noms d'hôtes en envoyant des requêtes PTR aux résolveurs correspondants (serveurs DNS privés pour les clients locaux, serveur en amont pour les clients ayant des adresses IP publiques).",

client/src/__locales/hu.json

@@ -9,7 +9,10 @@
     "bootstrap_dns": "Bootstrap DNS kiszolgálók",
     "bootstrap_dns_desc": "A Bootstrap DNS szerverek a DoH/DoT feloldók IP-címeinek feloldására szolgálnak.",
     "local_ptr_title": "Privát DNS szerverek",
+    "local_ptr_desc": "Azok a DNS szerverek, amiket az AdGuard Home a helyi PTR kérésekhez használ. Ezeket a szervereket arra használjuk, hogy az rDNS segítségével fel lehessen oldani a kliensek hosztneveit. Ha nincs beállítva ilyen, akkor az AdGuard Home alapértelmezés szerint az OS nevét fogja feloldani.",
     "local_ptr_placeholder": "Adjon meg soronként egy kiszolgáló címet",
+    "resolve_clients_title": "Kliensek IP címeinek fordított feloldása",
+    "resolve_clients_desc": "Ha engedélyezve van, az AdGuard Home megpróbálja átfordítani a kliensek IP címeit hosztnevekre, PTR lekérdezéseket küldve a megfelelő feloldóknak (privát DNS szerverek a helyi kliensek számára, upstream szerverek a nyilvános IP címmel rendelkező ügyfelek számára).",
     "check_dhcp_servers": "DHCP szerverek keresése",
     "save_config": "Konfiguráció mentése",
     "enabled_dhcp": "DHCP szerver engedélyezve",
@@ -35,6 +38,7 @@
     "form_error_mac_format": "Érvénytelen MAC formátum",
     "form_error_client_id_format": "Érvénytelen kliens ID formátum",
     "form_error_server_name": "Érvénytelen szervernév",
+    "form_error_subnet": "A(z) \"{{cidr}}\" alhálózat nem tartalmazza a(z) \"{{ip}}\" IP címet",
     "form_error_positive": "0-nál nagyobbnak kell lennie",
     "form_error_negative": "Legalább 0-nak kell lennie",
     "range_end_error": "Nagyobbnak kell lennie, mint a tartomány kezdete",
@@ -307,6 +311,7 @@
     "install_devices_router": "Router",
     "install_devices_router_desc": "Ez a beállítás lefed minden eszközt, amik az Ön routeréhez csatlakoznak, így azokat nem kell külön, kézzel beállítania.",
     "install_devices_address": "Az AdGuard DNS szerver a következő címeket figyeli",
+    "install_devices_router_list_1": "Nyissa meg a router beállításait. Ez általában a böngészőn keresztül történik egy URL megadásával (pl. http://192.168.0.1/ vagy http://192.168.1.1/). Ez az oldal valószínűleg felhasználónevet és jelszót fog kérni. Ha nem tudja a belépési adatokat, ellenőrizze a router dobozát, a router alján levő fehér címkét vagy a technikai dokumentációt az interneten. Végső esetben visszaállíthatja a routert, azonban ne feledje, hogyha ezt az eljárást választja, akkor valószínűleg elveszíti annak összes beállítását. Ha a router beállításához alkalmazásra van szükség, telepítse az alkalmazást a telefonjára vagy a számítógépére, és használja azt az útválasztó beállításainak eléréséhez.",
     "install_devices_router_list_2": "Keresse meg a DHCP/DNS beállításokat. Keresse a DNS szót egy olyan mező mellett, amely egy 4 csoportból álló, 1-3 számjegyű számsort vár.",
     "install_devices_router_list_3": "Adja meg az AdGuard Home szerver címét itt.",
     "install_devices_router_list_4": "Bizonyos típusú routereknél nem állíthat be egyéni DNS-kiszolgálót. Ebben az esetben segíthet, ha az AdGuard Home-t DHCP-szerverként állítja be. Ellenkező esetben keresse meg az adott router kézikönyvében a DNS-kiszolgálók testreszabását.",
@@ -396,6 +401,7 @@
     "ip_address": "IP cím",
     "client_identifier_desc": "A klienseket az IP-cím, a CIDR, a MAC-cím vagy egy speciális kliens azonosító alapján lehet azonosítani (ez használható DoT/DoH /DoQ esetén). <0>Itt</0> többet is megtudhat a kliensek azonosításáról.",
     "form_enter_ip": "IP-cím megadása",
+    "form_enter_subnet_ip": "Adjon meg egy IP címet az alhálózatban \"{{cidr}}\"",
     "form_enter_mac": "MAC-cím megadása",
     "form_enter_id": "Azonosító megadása",
     "form_add_id": "Azonosító hozzáadása",

client/src/__locales/id.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Server DNS bootstrap",
     "bootstrap_dns_desc": "Server Bootstrap DNS dapat digunakan untuk meresolve alamat IP pada DoH/DoT resolvers yang Anda tentukan sebagai upstreams.",
     "local_ptr_title": "Server DNS pribadi",
-    "local_ptr_desc": "Server atau server DNS yang akan digunakan AdGuard Home untuk kueri sumber daya disajikan secara lokal. Misalnya, server ini akan digunakan untuk menyelesaikan hostname klien untuk klien dengan alamat IP pribadi. Jika tidak disetel, AdGuard Home akan secara otomatis menggunakan resolver DNS default Anda.",
+    "local_ptr_desc": "Server DNS yang digunakan AdGuard Home untuk kueri PTR lokal. Server ini digunakan untuk menetapkan nama host klien bersama alamat IP pribadi, sebagai contoh \"192.168.12.34\", menggunakan rDNS. Jika tidka diatur, AdGuard Home akan menggunakan resolver DNS bawaan/default OS Anda.",
     "local_ptr_placeholder": "Masukkan satu alamat server per baris",
     "resolve_clients_title": "Aktifkan resolusi hostname klien",
     "resolve_clients_desc": "Jika diaktifkan, AdGuard Home akan mencoba menyelesaikan hostname klien secara otomatis dari alamat IP mereka dengan mengirimkan kueri PTR ke penyelesai yang sesuai (server DNS pribadi untuk klien lokal, server upstream untuk klien dengan IP publik).",

client/src/__locales/it.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Server DNS bootstrap",
     "bootstrap_dns_desc": "I server DNS di bootstrap sono utilizzati per risolvere gli indirizzi IP dei risolutori DoH/DoT specificati come upstream.",
     "local_ptr_title": "Server DNS privati",
-    "local_ptr_desc": "I server DNS che AdGuard Home utilizzerà per richiedere le risorse disponibili localmente. Ad esempio, questo server verrà utilizzato per risolvere i nomi host dei client con indirizzi IP privati. Se non impostato, AdGuard Home utilizzerà automaticamente il risolutore DNS predefinito.",
+    "local_ptr_desc": "I server DNS che AdGuard Home utilizzerà per richiedere le risorse PTR disponibili localmente. Ad esempio, questo server verrà utilizzato per risolvere i nomi host dei client con indirizzi IP privati, comò \"192.168.12.34\", utilizzando rDNS. Se non impostato, AdGuard Home utilizzerà automaticamente il risolutore DNS predefinito del tuo sistema operativo.",
     "local_ptr_placeholder": "Inserisci un indirizzo server per riga",
     "resolve_clients_title": "Attiva la risoluzione inversa degli indirizzi IP dei client",
     "resolve_clients_desc": "Se attivo, AdGuard Home tenterà di risolvere inversamente gli indirizzi IP dei client nei relativi nomi host inviando una richiesta PTR a un risolutore corrispondente (server DNS privato per client locali, server upstream per client con IP pubblico).",

client/src/__locales/ja.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "ブートストラップDNSサーバ",
     "bootstrap_dns_desc": "ブートストラップDNSサーバは、上流として指定したDoH／DoTリゾルバのIPアドレスを解決するために使用されます。",
     "local_ptr_title": "プライベートDNSサーバー",
-    "local_ptr_desc": "AdGuard Homeがローカルに提供されるリソースのクエリに使用するDNSサーバーです。例えば、このサーバーは、プライベートIPアドレスを持つクライアントのホスト名を解決するために使用されます。設定されていない場合、AdGuard Homeはお使いのデフォルトDNSリゾルバーを自動的に使用します。",
+    "local_ptr_desc": "AdGuard HomeがローカルPTRクエリに使用するDNSサーバーです。これらのサーバーは、rDNSを使ってプライベートIPアドレス（例えば\"192.168.12.34\"）を持つクライアントのホスト名を解決するために使用されます。設定されていない場合、AdGuard HomeはOSのデフォルトDNSリゾルバーを自動的に使用します。",
     "local_ptr_placeholder": "1行に1つのサーバを入力してください。",
     "resolve_clients_title": "クライアントのIPアドレスの逆解決を有効にする",
     "resolve_clients_desc": "有効にすると、AdGuard Homeは、対応するリゾルバー（ローカルクライアントの場合はプライベートDNSサーバ、パブリックIPを持つクライアントの場合は上流サーバ）にPTRクエリを送信することにより、クライアントのIPアドレスをホスト名に逆解決しようとします。",

client/src/__locales/ko.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "부트스트랩 DNS 서버",
     "bootstrap_dns_desc": "부트스트랩 DNS 서버는 업스트림으로 지정한 DoH/DoT 서버의 IP 주소를 확인하는 데 사용합니다.",
     "local_ptr_title": "프라이빗 DNS 서버",
-    "local_ptr_desc": "AdGuard Home이 로컬 리소스에 대한 쿼리에 사용할 DNS 서버입니다. 예를 들어, 사설 IP 주소가 있는 클라이언트의 호스트명을 확인할 때 사용합니다. 설정하지 않으면 기본으로 설정된 DNS 서버를 사용합니다.",
+    "local_ptr_desc": "AdGuard Home이 로컬 PTR 쿼리에 사용하는 DNS 서버입니다. 이러한 서버는 rDNS를 사용하여 개인 IP 주소(예: '192.168.12.34')가 있는 클라이언트의 호스트 이름을 확인하는 데 사용됩니다. 설정되지 않은 경우, AdGuard Home은 OS의 기본 DNS 리졸버를 사용합니다.",
     "local_ptr_placeholder": "한 줄에 하나씩 서버 주소 입력",
     "resolve_clients_title": "클라이언트 IP 주소에 대한 호스트명 확인 활성화",
     "resolve_clients_desc": "활성화된 경우 AdGuard Home은 PTR 쿼리를 해당 서버(로컬 클라이언트의 경우 프라이빗 DNS 서버, 공용 IP 주소가 있는 클라이언트의 경우 업스트림 서버)로 전송하여 IP 주소로부터 클라이언트의 호스트명을 역으로 확인하려고 시도합니다.",

client/src/__locales/pl.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Serwery DNS Bootstrap",
     "bootstrap_dns_desc": "Serwery DNS Bootstrap są używane do ustalenia adresu IP serwerów DoH/DoT, które oznaczysz jako główne serwery DNS.",
     "local_ptr_title": "Prywatne serwery DNS",
-    "local_ptr_desc": "Serwery DNS, z których AdGuard Home będzie korzystał przy zapytaniach o lokalnie obsługiwane zasoby. Na przykład, ten serwer będzie używany do rozwiązywania nazw hostów klientów z prywatnymi adresami IP. Jeśli nie jest ustawiony, AdGuard Home będzie automatycznie korzystał z domyślnego resolvera DNS.",
+    "local_ptr_desc": "Serwery DNS, których AdGuard Home używa do lokalnych zapytań PTR. Serwery te są używane do rozwiązywania nazw hostów klientów z prywatnymi adresami IP, na przykład \"192.168.12.34\", przy użyciu rDNS. Jeśli nie jest ustawiony, AdGuard Home używa domyślnych resolwerów DNS systemu operacyjnego.",
     "local_ptr_placeholder": "Wprowadź po jednym adresie serwera w każdym wierszu",
     "resolve_clients_title": "Włącz odwrotne rozpoznawanie adresów IP klientów",
     "resolve_clients_desc": "Jeśli jest włączona, AdGuard Home spróbuje odwrócić adresy IP klientów do ich nazw hostów, wysyłając zapytania PTR do odpowiednich resolverów (prywatne serwery DNS dla klientów lokalnych, serwer nadrzędny dla klientów z publicznymi adresami IP).",

client/src/__locales/pt-br.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Servidores DNS de inicialização",
     "bootstrap_dns_desc": "Servidores DNS de inicialização são usados para resolver endereços IP dos resolvedores DoH/DoT que você especifica como upstreams.",
     "local_ptr_title": "Servidores DNS privados",
-    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usará para consultas de recursos servidos localmente. Por exemplo, este servidor será usado para resolver nomes de host de clientes para clientes com endereços IP privados. Se não for definido, o AdGuard Home usará automaticamente seu resolvedor DNS padrão.",
+    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usa para consultas PTR locais. Esses servidores são usados para resolver os nomes de host de clientes com endereços IP privados, por exemplo \"192.168.12.34\", usando rDNS. Se não for definido, o AdGuard Home usa os resolvedores DNS padrão do seu sistema operacional.",
     "local_ptr_placeholder": "Insira um endereço de servidor por linha",
     "resolve_clients_title": "Ativar resolução reversa de endereços IP de clientes",
     "resolve_clients_desc": "Se ativado, o AdGuard Home tentará resolver de forma reversa os endereços IP dos clientes em seus nomes de host, enviando consultas PTR aos resolvedores correspondentes (servidores DNS privados para clientes locais, servidor DNS primário para clientes com endereços IP públicos).",

client/src/__locales/pt-pt.json

@@ -9,9 +9,9 @@
     "bootstrap_dns": "Servidores DNS de arranque",
     "bootstrap_dns_desc": "Servidores DNS de inicialização são usados para resolver endereços IP dos resolvedores DoH/DoT que especifica como upstreams.",
     "local_ptr_title": "Servidores DNS privados",
-    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usará para consultas de recursos servidos localmente. Por exemplo, este servidor será usado para resolver nomes de host de clientes para clientes com endereços IP privados. Se não for definido, o AdGuard Home usará automaticamente seu resolvedor DNS padrão.",
+    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usa para consultas PTR locais. Esses servidores são usados para resolver os nomes de host de clientes com endereços IP privados, por exemplo \"192.168.12.34\", usando rDNS. Se não for definido, o AdGuard Home usa os resolvedores DNS padrão do seu sistema operacional.",
     "local_ptr_placeholder": "Insira um endereço de servidor por linha",
-    "resolve_clients_title": "Activar resolução reversa de endereços IP de clientes",
+    "resolve_clients_title": "Ativar resolução reversa de endereços IP de clientes",
     "resolve_clients_desc": "Se activado, o AdGuard Home tentará resolver de forma reversa os endereços IP dos clientes em seus nomes de host, enviando consultas PTR aos resolvedores correspondentes (servidores DNS privados para clientes locais, servidor DNS primário para clientes com endereços IP públicos).",
     "check_dhcp_servers": "Verificar por servidores DHCP",
     "save_config": "Guardar definição",
@@ -21,10 +21,10 @@
     "unavailable_dhcp_desc": "O AdGuard Home não pode executar um servidor DHCP em seu sistema operacional",
     "dhcp_title": "Servidor DHCP (experimental)",
     "dhcp_description": "Se o seu router não fornecer configurações de DHCP, poderá usar o servidor DHCP integrado do AdGuard.",
-    "dhcp_enable": "Activar servidor DHCP",
-    "dhcp_disable": "Desactivar servidor DHCP",
-    "dhcp_not_found": "É seguro activar o servidor DHCP integrado porque o AdGuard Home não encontrou nenhum servidor DHCP ativo na rede. No entanto, você deve verificar isso manualmente, pois a verificação automática atualmente não oferece 100% de garantia.",
-    "dhcp_found": "Um servidor DHCP activo foi encontrado na rede. Não é seguro activar o servidor DHCP incorporado.",
+    "dhcp_enable": "Ativar servidor DHCP",
+    "dhcp_disable": "Desativar servidor DHCP",
+    "dhcp_not_found": "É seguro ativar o servidor DHCP integrado porque o AdGuard Home não encontrou nenhum servidor DHCP ativo na rede. No entanto, você deve verificar isso manualmente, pois a verificação automática atualmente não oferece 100% de garantia.",
+    "dhcp_found": "Um servidor DHCP ativo foi encontrado na rede. Não é seguro ativar o servidor DHCP incorporado.",
     "dhcp_leases": "Concessões DHCP",
     "dhcp_static_leases": "Concessões de DHCP estático",
     "dhcp_leases_not_found": "Nenhuma concessão DHCP encontrada",
@@ -55,10 +55,10 @@
     "ip": "IP",
     "dhcp_table_hostname": "Nome do servidor",
     "dhcp_table_expires": "Expira",
-    "dhcp_warning": "Se tu quiser activar o servidor DHCP de qualquer maneira, certifique-se de que não haja outro servidor DHCP activo em tua rede, pois isso pode quebrar a conectividade com a Internet para dispositivos na rede!",
+    "dhcp_warning": "Se tu quiser ativar o servidor DHCP de qualquer maneira, certifique-se de que não haja outro servidor DHCP ativo em tua rede, pois isso pode quebrar a conectividade com a Internet para dispositivos na rede!",
     "dhcp_error": "O AdGuard Home não conseguiu determinar se há noutro servidor DHCP ativo na rede.",
     "dhcp_static_ip_error": "Para usar o servidor DHCP, deve definir um endereço IP estático. AdGuard Home não conseguiu determinar se essa interface de rede está configurada usando o endereço de IP estático. Por favor, defina um endereço IP estático manualmente.",
-    "dhcp_dynamic_ip_found": "O seu sistema usa a configuração de endereço IP dinâmico para a interface <0>{{interfaceName}}</0>. Para usar o servidor DHCP, deve definir um endereço de IP estático. O seu endereço IP actual é <0> {{ipAddress}} </ 0>. AdGuard Home irá definir automaticamente este endereço IP como estático se pressionar o botão \"Activar servidor DHCP\".",
+    "dhcp_dynamic_ip_found": "O seu sistema usa a configuração de endereço IP dinâmico para a interface <0>{{interfaceName}}</0>. Para usar o servidor DHCP, deve definir um endereço de IP estático. O seu endereço IP actual é <0> {{ipAddress}} </ 0>. AdGuard Home irá definir automaticamente este endereço IP como estático se pressionar o botão \"Ativar servidor DHCP\".",
     "dhcp_lease_added": "Concessão estática \"{{key}}\" adicionada com sucesso",
     "dhcp_lease_deleted": "Concessão estática \"{{key}}\" excluída com sucesso",
     "dhcp_new_static_lease": "Nova concessão estática",
@@ -92,10 +92,10 @@
     "homepage": "Página inicial",
     "report_an_issue": "Comunicar um problema",
     "privacy_policy": "Política de Privacidade",
-    "enable_protection": "Activar protecção",
-    "enabled_protection": "Activar protecção",
-    "disable_protection": "Desactivar protecção",
-    "disabled_protection": "Desactivar protecção",
+    "enable_protection": "Ativar protecção",
+    "enabled_protection": "Ativar protecção",
+    "disable_protection": "Desativar protecção",
+    "disabled_protection": "Desativar protecção",
     "refresh_statics": "Repor estatísticas",
     "dns_query": "Consultas de DNS",
     "blocked_by": "<0>Bloqueado por filtros</0>",
@@ -236,7 +236,7 @@
     "query_log_updated": "O registro da consulta foi actualizado com sucesso",
     "query_log_clear": "Limpar registos de consulta",
     "query_log_retention": "Retenção de registos de consulta",
-    "query_log_enable": "Activar registo",
+    "query_log_enable": "Ativar registo",
     "query_log_configuration": "Definições do registo",
     "query_log_disabled": "O registo de consulta está desactivado e pode ser configurado em <0>definições</0>",
     "query_log_strict_search": "Usar aspas duplas para uma pesquisa rigorosa",
@@ -267,7 +267,7 @@
     "plain_dns": "DNS simples",
     "form_enter_rate_limit": "Insira o limite de taxa",
     "rate_limit": "Limite de taxa",
-    "edns_enable": "Activar sub-rede do cliente EDNS",
+    "edns_enable": "Ativar sub-rede do cliente EDNS",
     "edns_cs_desc": "Se activado, o AdGuard Home enviará sub-redes dos clientes para os servidores DNS.",
     "rate_limit_desc": "O número de solicitações por segundo permitido por cliente. Configurando para 0 significa sem limite.",
     "blocking_ipv4_desc": "Endereço IP a ser devolvido para uma solicitação A bloqueada",
@@ -359,7 +359,7 @@
     "encryption_expire": "Expira",
     "encryption_key": "Chave privada",
     "encryption_key_input": "Copie/cole aqui a chave privada codificada em PEM para o seu certificado.",
-    "encryption_enable": "Activar criptografia (HTTPS, DNS-sobre-HTTPS e DNS-sobre-TLS)",
+    "encryption_enable": "Ativar criptografia (HTTPS, DNS-sobre-HTTPS e DNS-sobre-TLS)",
     "encryption_enable_desc": "Se a criptografia estiver activada, a interface administrativa do AdGuard Home funcionará em HTTPS, o servidor DNS irá capturar as solicitações por meio do DNS-sobre-HTTPS e DNS-sobre-TLS.",
     "encryption_chain_valid": "Cadeia de certificado válida",
     "encryption_chain_invalid": "A cadeia de certificado é inválida",
@@ -495,7 +495,7 @@
     "interval_hours": "{{count}} hora",
     "interval_hours_plural": "{{count}} horas",
     "filters_configuration": "Definição dos filtros",
-    "filters_enable": "Activar filtros",
+    "filters_enable": "Ativar filtros",
     "filters_interval": "Intervalo de actualização de filtros",
     "disabled": "Desactivado",
     "username_label": "Nome do utilizador",
@@ -523,12 +523,12 @@
     "rewrite_domain_name": "Nome de domínio: adicione um registro CNAME",
     "rewrite_A": "<0>A</0>: valor especial, mantenha <0>A</0> nos registros do upstream",
     "rewrite_AAAA": "<0>AAAA</0>: valor especial, mantenha <0>AAAA</0> nos registros do servidor DNS primário",
-    "disable_ipv6": "Desactivar IPv6",
+    "disable_ipv6": "Desativar IPv6",
     "disable_ipv6_desc": "Se este recurso estiver ativado, todas as consultas de DNS para endereços IPv6 (tipo AAAA) serão ignoradas.",
     "fastest_addr": "Endereço de IP mais rápido",
     "fastest_addr_desc": "Consulta todos os servidores DNS e retorna o endereço IP mais rápido entre todas as respostas. Isso torna as consultas DNS mais lentas, pois o AdGuard Home tem que esperar pelas respostas de todos os servidores DNS, mas melhora a conectividade geral.",
     "autofix_warning_text": "Se clicar em \"Corrigir\", o AdGuardHome irá configurar o seu sistema para utilizar o servidor DNS do AdGuardHome.",
-    "autofix_warning_list": "Ele irá realizar estas tarefas: <0>Desactivar sistema DNSStubListener</0> <0>Definir endereço do servidor DNS para 127.0.0.1</0> <0>Substituir o alvo simbólico do link /etc/resolv.conf para /run/systemd/resolv.conf</0> <0>Parar DNSStubListener (recarregar serviço resolvido pelo sistema)</0>",
+    "autofix_warning_list": "Irá realizar estas tarefas: <0>Desativar sistema DNSStubListener</0> <0>Definir endereço do servidor DNS para 127.0.0.1</0> <0>Substituir o alvo simbólico do link /etc/resolv.conf para /run/systemd/resolv.conf</0> <0>Parar DNSStubListener (recarregar serviço resolvido pelo sistema)</0>",
     "autofix_warning_result": "Como resultado, todos as solicitações DNS do seu sistema serão processadas pelo AdGuard Home por predefinição.",
     "tags_title": "Etiquetas",
     "tags_desc": "Tu podes seleccionar as etiquetas que correspondem ao cliente. As etiquetas podem ser incluídas nas regras de filtragem e permitir que tu as aplique com mais precisão. <0>Saiba mais</0>",
@@ -560,7 +560,7 @@
     "confirm_static_ip": "O AdGuard Home irá configurar {{ip}} para ser seu endereço IP estático. Deseja continuar?",
     "list_updated": "{{count}} lista actualizada",
     "list_updated_plural": "{{count}} listas actualizadas",
-    "dnssec_enable": "Activar DNSSEC",
+    "dnssec_enable": "Ativar DNSSEC",
     "dnssec_enable_desc": "Definir a flag DNSSEC nas consultas de DNS em andamento e verificar o resultado (é necessário um resolvedor DNSSEC ativado)",
     "validated_with_dnssec": "Validado com DNSSEC",
     "all_queries": "Todas as consultas",
@@ -594,7 +594,7 @@
     "filter_category_security_desc": "Listas especializadas em bloquear domínios de malware, phishing ou fraude",
     "filter_category_regional_desc": "Listas focadas em anúncios regionais e servidores de monitorização",
     "filter_category_other_desc": "Outras listas de bloqueio",
-    "setup_config_to_enable_dhcp_server": "Defina a definição para activar o servidor DHCP",
+    "setup_config_to_enable_dhcp_server": "Defina a configuração para ativar o servidor DHCP",
     "original_response": "Resposta original",
     "click_to_view_queries": "Clique para ver as consultas",
     "port_53_faq_link": "A porta 53 é frequentemente ocupada por serviços \"DNSStubListener\" ou \"systemd-resolved\". Por favor leia <0>essa instrução</0> para resolver isso.",

client/src/__locales/ru.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Bootstrap DNS-серверы",
     "bootstrap_dns_desc": "Bootstrap DNS-серверы используются для поиска IP-адресов DoH/DoT серверов, которые вы указали.",
     "local_ptr_title": "Приватные DNS-серверы",
-    "local_ptr_desc": "DNS-серверы, которые AdGuard Home будет использовать для запросов на локальные ресурсы. Например, эти серверы будут использоваться, чтобы получить доменные имена клиентов в приватных сетях. Если список пуст, AdGuard Home будет использовать системный DNS-сервер по умолчанию.",
+    "local_ptr_desc": "DNS-серверы, которые AdGuard Home использует для локальных PTR-запросов. Эти серверы используются, чтобы получить доменные имена клиентов с приватными IP-адресами, например «192.168.12.34», с помощью rDNS. Если список пуст, AdGuard Home использует DNS-серверы по умолчанию вашей ОС.",
     "local_ptr_placeholder": "Введите по одному адресу на строчку",
     "resolve_clients_title": "Включить запрашивание доменных имён для IP-адресов клиентов",
     "resolve_clients_desc": "AdGuard Home будет пытаться определить доменные имена клиентов через PTR-запросы к соответствующим серверам (приватные DNS-серверы для локальных клиентов, upstream-сервер для клиентов с публичным IP-адресом).",

client/src/__locales/sl.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Zagonski DNS strežniki",
     "bootstrap_dns_desc": "Zagonski DNS strežniki se uporabljajo za razreševanje IP naslovov DoH/DoT reševalcev, ki jih določite kot navzgornje.",
     "local_ptr_title": "Zasebni strežniki DNS",
-    "local_ptr_desc": "Strežniki DNS, ki jih bo AdGuard Home uporabil za poizvedbe o lokalno oskrbovanih virih. Ta strežnik bo na primer uporabljen za razreševanje imen gostiteljev odjemalcev z zasebnimi naslovi IP. Če ni nastavljen, bo AdGuard Home samodejno uporabil vaš privzeti razreševalnik DNS.",
+    "local_ptr_desc": "Strežniki DNS, ki jih AdGuard Home uporablja za lokalne poizvedbe PTR. Ti strežniki se uporabljajo za razreševanje imen gostiteljev z zasebnimi naslovi IP, na primer \"192.168.12.34\" uporablja rDNS. Če ni nastavljen, AdGuard Home uporablja privzete rešitve DNS vašega OS.",
     "local_ptr_placeholder": "V vrstico vnesite en naslov strežnika",
     "resolve_clients_title": "Omogoči obratno reševanje naslovov IP gostiteljev",
     "resolve_clients_desc": "Če je omogočeno, bo AdGuard Home poskušal samodejno razrešiti gostiteljska imena odjemalcev iz njihovih naslovov IP tako, da pošlje poizvedbo PTR ustreznemu razreševalniku (zasebni strežniki DNS za lokalne odjemalce, gorvodni strežnik za odjemalce z javnimi naslovi IP).",

client/src/__locales/zh-cn.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Bootstrap DNS 服务器",
     "bootstrap_dns_desc": "Bootstrap DNS 服务器用于解析您指定为上游的 DoH / DoT 解析器的 IP 地址。",
     "local_ptr_title": "私人 DNS 服务器",
-    "local_ptr_desc": "AdGuard Home 用于查询本地服务资源的 DNS 服务器。例如，该服务器将被用作具有私人 IP 地址的客户机解析客户机的主机名。如果没有设置，AdGuard Home 将自动使用您的默认 DNS 解析器",
+    "local_ptr_desc": "AdGuard Home 用于查询本地服务资源的 DNS 服务器。例如，该服务器将被用于解析具有私人 IP 地址的客户机的主机名，比如 \"192.168.12.34\"。如果没有设置，AdGuard Home 将自动使用您的默认 DNS 解析器。",
     "local_ptr_placeholder": "每行输入一个服务器地址",
     "resolve_clients_title": "启用客户端的 IP 地址的反向解析",
     "resolve_clients_desc": "如果启用，AdGuard Home 将尝试通过发送 PTR 查询到对应的解析器 (本地客户端的私人 DNS 服务器，公有 IP 客户端的上游服务器) 将 IP 地址反向解析成其客户端主机名。",

client/src/__locales/zh-tw.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "自我啟動（Bootstrap）DNS 伺服器",
     "bootstrap_dns_desc": "自我啟動（Bootstrap）DNS 伺服器被用於解析您明確指定作為上游的 DoH/DoT 解析器之 IP 位址。",
     "local_ptr_title": "私人 DNS 伺服器",
-    "local_ptr_desc": "AdGuard Home 將用於供在本地服務的資源的查詢之 DNS 伺服器。例如，此伺服器將被用於對於有私人 IP 位址的用戶端解析其主機名稱。如果未被設定，AdGuard Home 將自動地使用您的預設 DNS 解析器。",
+    "local_ptr_desc": "AdGuard Home 用於區域指標（PTR）查詢之 DNS 伺服器。這些伺服器被用於解析含私人 IP 位址的用戶端之主機名稱，例如，\"192.168.12.34\"，使用反向的 DNS（rDNS）。如果未被設定，AdGuard Home 使用您的作業系統之預設 DNS 解析器。",
     "local_ptr_placeholder": "每行輸入一個伺服器位址",
     "resolve_clients_title": "啟用用戶端的 IP 位址之反向的解析",
     "resolve_clients_desc": "如果被啟用，透過傳送指標（PTR）查詢到對應的解析器（私人 DNS 伺服器供區域的用戶端，上游的伺服器供有公共 IP 位址的用戶端），AdGuard Home 將試圖反向地解析用戶端的 IP 位址變為它們的主機名稱。",

client/src/login/Login/Form.js

@@ -27,6 +27,7 @@ const Form = (props) => {
                         component={renderInputField}
                         placeholder={t('username_placeholder')}
                         autoComplete="username"
+                        autocapitalize="none"
                         disabled={processing}
                         validate={[validateRequiredValue]}
                     />

internal/aghnet/addr.go

@@ -48,32 +48,32 @@ const maxDomainLabelLen = 63
 // See https://stackoverflow.com/a/32294443/1892060.
 const maxDomainNameLen = 253
 
-const invalidCharMsg = "invalid char %q at index %d in %q"
-
 // ValidateDomainNameLabel returns an error if label is not a valid label of
 // a domain name.
 func ValidateDomainNameLabel(label string) (err error) {
+	defer agherr.Annotate("validating label %q: %w", &err, label)
+
 	l := len(label)
 	if l > maxDomainLabelLen {
-		return fmt.Errorf("%q is too long, max: %d", label, maxDomainLabelLen)
+		return fmt.Errorf("label is too long, max: %d", maxDomainLabelLen)
 	} else if l == 0 {
 		return agherr.Error("label is empty")
 	}
 
 	if r := label[0]; !IsValidHostOuterRune(rune(r)) {
-		return fmt.Errorf(invalidCharMsg, r, 0, label)
+		return fmt.Errorf("invalid char %q at index %d", r, 0)
 	} else if l == 1 {
 		return nil
 	}
 
 	for i, r := range label[1 : l-1] {
 		if !isValidHostRune(r) {
-			return fmt.Errorf(invalidCharMsg, r, i+1, label)
+			return fmt.Errorf("invalid char %q at index %d", r, i+1)
 		}
 	}
 
 	if r := label[l-1]; !IsValidHostOuterRune(rune(r)) {
-		return fmt.Errorf(invalidCharMsg, r, l-1, label)
+		return fmt.Errorf("invalid char %q at index %d", r, l-1)
 	}
 
 	return nil
@@ -87,6 +87,8 @@ func ValidateDomainNameLabel(label string) (err error) {
 // TODO(a.garipov): After making sure that this works correctly, port this into
 // module golibs.
 func ValidateDomainName(name string) (err error) {
+	defer agherr.Annotate("validating domain name %q: %w", &err, name)
+
 	name, err = idna.ToASCII(name)
 	if err != nil {
 		return err
@@ -96,7 +98,7 @@ func ValidateDomainName(name string) (err error) {
 	if l == 0 {
 		return agherr.Error("domain name is empty")
 	} else if l > maxDomainNameLen {
-		return fmt.Errorf("%q is too long, max: %d", name, maxDomainNameLen)
+		return fmt.Errorf("too long, max: %d", maxDomainNameLen)
 	}
 
 	labels := strings.Split(name, ".")

internal/aghnet/addr_test.go

@@ -95,40 +95,46 @@ func TestValidateDomainName(t *testing.T) {
 	}, {
 		name:       "empty",
 		in:         "",
-		wantErrMsg: `domain name is empty`,
+		wantErrMsg: `validating domain name "": domain name is empty`,
 	}, {
 		name: "bad_symbol",
 		in:   "!!!",
-		wantErrMsg: `invalid domain name label at index 0: ` +
-			`invalid char '!' at index 0 in "!!!"`,
+		wantErrMsg: `validating domain name "!!!": invalid domain name label at index 0: ` +
+			`validating label "!!!": invalid char '!' at index 0`,
 	}, {
 		name:       "bad_length",
 		in:         longDomainName,
-		wantErrMsg: `"` + longDomainName + `" is too long, max: 253`,
+		wantErrMsg: `validating domain name "` + longDomainName + `": too long, max: 253`,
 	}, {
 		name: "bad_label_length",
 		in:   longLabelDomainName,
-		wantErrMsg: `invalid domain name label at index 0: "` + longLabel +
-			`" is too long, max: 63`,
+		wantErrMsg: `validating domain name "` + longLabelDomainName + `": ` +
+			`invalid domain name label at index 0: validating label "` + longLabel +
+			`": label is too long, max: 63`,
 	}, {
-		name:       "bad_label_empty",
-		in:         "example..com",
-		wantErrMsg: `invalid domain name label at index 1: label is empty`,
+		name: "bad_label_empty",
+		in:   "example..com",
+		wantErrMsg: `validating domain name "example..com": ` +
+			`invalid domain name label at index 1: ` +
+			`validating label "": label is empty`,
 	}, {
 		name: "bad_label_first_symbol",
 		in:   "example.-aa.com",
-		wantErrMsg: `invalid domain name label at index 1:` +
-			` invalid char '-' at index 0 in "-aa"`,
+		wantErrMsg: `validating domain name "example.-aa.com": ` +
+			`invalid domain name label at index 1: ` +
+			`validating label "-aa": invalid char '-' at index 0`,
 	}, {
 		name: "bad_label_last_symbol",
 		in:   "example-.aa.com",
-		wantErrMsg: `invalid domain name label at index 0:` +
-			` invalid char '-' at index 7 in "example-"`,
+		wantErrMsg: `validating domain name "example-.aa.com": ` +
+			`invalid domain name label at index 0: ` +
+			`validating label "example-": invalid char '-' at index 7`,
 	}, {
 		name: "bad_label_symbol",
 		in:   "example.a!!!.com",
-		wantErrMsg: `invalid domain name label at index 1:` +
-			` invalid char '!' at index 1 in "a!!!"`,
+		wantErrMsg: `validating domain name "example.a!!!.com": ` +
+			`invalid domain name label at index 1: ` +
+			`validating label "a!!!": invalid char '!' at index 1`,
 	}}
 
 	for _, tc := range testCases {

internal/aghnet/systemresolvers.go

@@ -26,11 +26,15 @@ type SystemResolvers interface {
 }
 
 const (
-	// fakeDialErr is an error which dialFunc is expected to return.
-	fakeDialErr agherr.Error = "this error signals the successful dialFunc work"
+	// errBadAddrPassed is returned when dialFunc can't parse an IP address.
+	errBadAddrPassed agherr.Error = "the passed string is not a valid IP address"
 
-	// badAddrPassedErr is returned when dialFunc can't parse an IP address.
-	badAddrPassedErr agherr.Error = "the passed string is not a valid IP address"
+	// errFakeDial is an error which dialFunc is expected to return.
+	errFakeDial agherr.Error = "this error signals the successful dialFunc work"
+
+	// errUnexpectedHostFormat is returned by validateDialedHost when the host has
+	// more than one percent sign.
+	errUnexpectedHostFormat agherr.Error = "unexpected host format"
 )
 
 // refreshWithTicker refreshes the cache of sr after each tick form tickCh.

internal/aghnet/systemresolvers_others.go

@@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"strings"
 	"sync"
 	"time"
 
@@ -35,7 +36,7 @@ func (sr *systemResolvers) refresh() (err error) {
 
 	_, err = sr.resolver.LookupHost(context.Background(), sr.hostGenFunc())
 	dnserr := &net.DNSError{}
-	if errors.As(err, &dnserr) && dnserr.Err == fakeDialErr.Error() {
+	if errors.As(err, &dnserr) && dnserr.Err == errFakeDial.Error() {
 		return nil
 	}
 
@@ -58,19 +59,43 @@ func newSystemResolvers(refreshIvl time.Duration, hostGenFunc HostGenFunc) (sr S
 	return s
 }
 
+// validateDialedHost validated the host used by resolvers in dialFunc.
+func validateDialedHost(host string) (err error) {
+	defer agherr.Annotate("parsing %q: %w", &err, host)
+
+	var ipStr string
+	parts := strings.Split(host, "%")
+	switch len(parts) {
+	case 1:
+		ipStr = host
+	case 2:
+		// Remove the zone and check the IP address part.
+		ipStr = parts[0]
+	default:
+		return errUnexpectedHostFormat
+	}
+
+	if net.ParseIP(ipStr) == nil {
+		return errBadAddrPassed
+	}
+
+	return nil
+}
+
 // dialFunc gets the resolver's address and puts it into internal cache.
 func (sr *systemResolvers) dialFunc(_ context.Context, _, address string) (_ net.Conn, err error) {
 	// Just validate the passed address is a valid IP.
 	var host string
 	host, err = SplitHost(address)
 	if err != nil {
-		// TODO(e.burkov): Maybe use a structured badAddrPassedErr to
+		// TODO(e.burkov): Maybe use a structured errBadAddrPassed to
 		// allow unwrapping of the real error.
-		return nil, fmt.Errorf("%s: %w", err, badAddrPassedErr)
+		return nil, fmt.Errorf("%s: %w", err, errBadAddrPassed)
 	}
 
-	if net.ParseIP(host) == nil {
-		return nil, fmt.Errorf("parsing %q: %w", host, badAddrPassedErr)
+	err = validateDialedHost(host)
+	if err != nil {
+		return nil, fmt.Errorf("validating dialed host: %w", err)
 	}
 
 	sr.addrsLock.Lock()
@@ -78,7 +103,7 @@ func (sr *systemResolvers) dialFunc(_ context.Context, _, address string) (_ net
 
 	sr.addrs.Add(host)
 
-	return nil, fakeDialErr
+	return nil, errFakeDial
 }
 
 func (sr *systemResolvers) Get() (rs []string) {

internal/aghnet/systemresolvers_others_test.go

@@ -46,21 +46,33 @@ func TestSystemResolvers_DialFunc(t *testing.T) {
 	imp := createTestSystemResolversImp(t, 0, nil)
 
 	testCases := []struct {
+		want    error
 		name    string
 		address string
-		want    error
 	}{{
+		want:    errFakeDial,
 		name:    "valid",
 		address: "127.0.0.1",
-		want:    fakeDialErr,
 	}, {
+		want:    errFakeDial,
+		name:    "valid_ipv6_port",
+		address: "[::1]:53",
+	}, {
+		want:    errFakeDial,
+		name:    "valid_ipv6_zone_port",
+		address: "[::1%lo0]:53",
+	}, {
+		want:    errBadAddrPassed,
 		name:    "invalid_split_host",
 		address: "127.0.0.1::123",
-		want:    badAddrPassedErr,
 	}, {
+		want:    errUnexpectedHostFormat,
+		name:    "invalid_ipv6_zone_port",
+		address: "[::1%%lo0]:53",
+	}, {
+		want:    errBadAddrPassed,
 		name:    "invalid_parse_ip",
 		address: "not-ip",
-		want:    badAddrPassedErr,
 	}}
 
 	for _, tc := range testCases {

internal/dhcpd/dhcpd.go

@@ -27,13 +27,13 @@ var webHandlersRegistered = false
 
 // Lease contains the necessary information about a DHCP lease
 type Lease struct {
+	// Expiry is the expiration time of the lease.  The unix timestamp value
+	// of 1 means that this is a static lease.
+	Expiry time.Time `json:"expires"`
+
+	Hostname string           `json:"hostname"`
 	HWAddr   net.HardwareAddr `json:"mac"`
 	IP       net.IP           `json:"ip"`
-	Hostname string           `json:"hostname"`
-
-	// Lease expiration time
-	// 1: static lease
-	Expiry time.Time `json:"expires"`
 }
 
 // IsStatic returns true if the lease is static.
@@ -133,6 +133,7 @@ type Server struct {
 
 // ServerInterface is an interface for servers.
 type ServerInterface interface {
+	Enabled() (ok bool)
 	Leases(flags int) []Lease
 	SetOnLeaseChanged(onLeaseChanged OnLeaseChangedT)
 }
@@ -207,6 +208,11 @@ func Create(conf ServerConfig) *Server {
 	return s
 }
 
+// Enabled returns true when the server is enabled.
+func (s *Server) Enabled() (ok bool) {
+	return s.conf.Enabled
+}
+
 // server calls this function after DB is updated
 func (s *Server) onNotify(flags uint32) {
 	if flags == LeaseChangedDBStore {

internal/dhcpd/dhcpd_test.go

@@ -37,30 +37,34 @@ func TestDB(t *testing.T) {
 		SubnetMask: net.IP{255, 255, 255, 0},
 		notify:     testNotify,
 	})
-	require.Nil(t, err)
+	require.NoError(t, err)
 
 	s.srv6, err = v6Create(V6ServerConf{})
-	require.Nil(t, err)
+	require.NoError(t, err)
 
 	leases := []Lease{{
-		IP:     net.IP{192, 168, 10, 100},
-		HWAddr: net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
-		Expiry: time.Now().Add(time.Hour),
+		Expiry:   time.Now().Add(time.Hour),
+		Hostname: "static-1.local",
+		HWAddr:   net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+		IP:       net.IP{192, 168, 10, 100},
 	}, {
-		IP:     net.IP{192, 168, 10, 101},
-		HWAddr: net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xBB},
+		Hostname: "static-2.local",
+		HWAddr:   net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xBB},
+		IP:       net.IP{192, 168, 10, 101},
 	}}
 
 	srv4, ok := s.srv4.(*v4Server)
 	require.True(t, ok)
 
 	err = srv4.addLease(&leases[0])
-	require.Nil(t, err)
-	require.Nil(t, s.srv4.AddStaticLease(leases[1]))
+	require.NoError(t, err)
+
+	err = s.srv4.AddStaticLease(leases[1])
+	require.NoError(t, err)
 
 	s.dbStore()
 	t.Cleanup(func() {
-		assert.Nil(t, os.Remove(dbFilename))
+		assert.NoError(t, os.Remove(dbFilename))
 	})
 	s.srv4.ResetLeases(nil)
 	s.dbLoad()

internal/dhcpd/v4.go

@@ -36,7 +36,7 @@ type v4Server struct {
 	// leases contains all dynamic and static leases.
 	leases []*Lease
 
-	// leasesLock protects leases and leasedOffsets.
+	// leasesLock protects leases, leaseHosts, and leasedOffsets.
 	leasesLock sync.Mutex
 }
 
@@ -49,8 +49,72 @@ func (s *v4Server) WriteDiskConfig4(c *V4ServerConf) {
 func (s *v4Server) WriteDiskConfig6(c *V6ServerConf) {
 }
 
+// normalizeHostname normalizes a hostname sent by the client.  If err is not
+// nil, norm is an empty string.
+func normalizeHostname(hostname string) (norm string, err error) {
+	defer agherr.Annotate("normalizing %q: %w", &err, hostname)
+
+	if hostname == "" {
+		return "", nil
+	}
+
+	norm = strings.ToLower(hostname)
+	parts := strings.FieldsFunc(norm, func(c rune) (ok bool) {
+		return c != '.' && !aghnet.IsValidHostOuterRune(c)
+	})
+
+	if len(parts) == 0 {
+		return "", fmt.Errorf("no valid parts")
+	}
+
+	norm = strings.Join(parts, "-")
+	norm = strings.TrimSuffix(norm, "-")
+
+	return norm, nil
+}
+
+// validHostnameForClient accepts the hostname sent by the client and returns
+// either a normalized version of that hostname or a new hostname generated from
+// the client's IP address.  If this new hostname is different from the provided
+// previous hostname, additional uniqueness check is performed.
+//
+// hostname is always a non-empty valid hostname.  If err is not nil, it
+// describes the issues encountered when normalizing cliHostname.
+func (s *v4Server) validHostnameForClient(
+	cliHostname string,
+	prevHostname string,
+	ip net.IP,
+) (hostname string, err error) {
+	hostname, err = normalizeHostname(cliHostname)
+	if err == nil && hostname != "" {
+		err = aghnet.ValidateDomainName(hostname)
+		if err != nil {
+			// Go on and assign a hostname made from the IP below,
+			// returning the error that we've got.
+			hostname = ""
+		} else if hostname != prevHostname && s.leaseHosts.Has(hostname) {
+			// Go on and assign a unique hostname made from the IP
+			// below, returning the error about uniqueness.
+			err = agherr.Error("hostname exists")
+			hostname = ""
+		}
+	}
+
+	if hostname == "" {
+		hostname = aghnet.GenerateHostname(ip)
+	}
+
+	if hostname != cliHostname {
+		log.Info("dhcpv4: normalized hostname %q into %q", cliHostname, hostname)
+	}
+
+	return hostname, err
+}
+
 // ResetLeases - reset leases
 func (s *v4Server) ResetLeases(leases []*Lease) {
+	var err error
+
 	if !s.conf.Enabled {
 		return
 	}
@@ -60,9 +124,18 @@ func (s *v4Server) ResetLeases(leases []*Lease) {
 	s.leases = nil
 
 	for _, l := range leases {
-		err := s.addLease(l)
+		l.Hostname, err = s.validHostnameForClient(l.Hostname, l.Hostname, l.IP)
 		if err != nil {
-			// TODO(a.garipov): Better error handling.
+			log.Info(
+				"dhcpv4: warning: previous hostname %q is invalid: %s",
+				l.Hostname,
+				err,
+			)
+		}
+
+		err = s.addLease(l)
+		if err != nil {
+			// TODO(a.garipov): Wrap and bubble up the error.
 			log.Error(
 				"dhcpv4: reset: re-adding a lease for %s (%s): %s",
 				l.IP,
@@ -197,7 +270,7 @@ func (s *v4Server) rmDynamicLease(lease *Lease) (err error) {
 
 		if bytes.Equal(l.HWAddr, lease.HWAddr) {
 			if l.IsStatic() {
-				return fmt.Errorf("static lease already exists")
+				return agherr.Error("static lease already exists")
 			}
 
 			s.rmLeaseByIndex(i)
@@ -208,9 +281,9 @@ func (s *v4Server) rmDynamicLease(lease *Lease) (err error) {
 			l = s.leases[i]
 		}
 
-		if net.IP.Equal(l.IP, lease.IP) {
+		if l.IP.Equal(lease.IP) {
 			if l.IsStatic() {
-				return fmt.Errorf("static lease already exists")
+				return agherr.Error("static lease already exists")
 			}
 
 			s.rmLeaseByIndex(i)
@@ -220,54 +293,31 @@ func (s *v4Server) rmDynamicLease(lease *Lease) (err error) {
 	return nil
 }
 
-func (s *v4Server) addStaticLease(l *Lease) (err error) {
-	if sn := s.conf.subnet; !sn.Contains(l.IP) {
-		return fmt.Errorf("subnet %s does not contain the ip %q", sn, l.IP)
-	}
-
-	s.leases = append(s.leases, l)
-
+// addLease adds a dynamic or static lease.
+func (s *v4Server) addLease(l *Lease) (err error) {
 	r := s.conf.ipRange
-	offset, ok := r.offset(l.IP)
-	if ok {
-		s.leasedOffsets.set(offset, true)
-	}
+	offset, inOffset := r.offset(l.IP)
 
-	s.leaseHosts.Add(l.Hostname)
-
-	return nil
-}
-
-func (s *v4Server) addDynamicLease(l *Lease) (err error) {
-	r := s.conf.ipRange
-	offset, ok := r.offset(l.IP)
-	if !ok {
+	if l.IsStatic() {
+		if sn := s.conf.subnet; !sn.Contains(l.IP) {
+			return fmt.Errorf("subnet %s does not contain the ip %q", sn, l.IP)
+		}
+	} else if !inOffset {
 		return fmt.Errorf("lease %s (%s) out of range, not adding", l.IP, l.HWAddr)
 	}
 
 	s.leases = append(s.leases, l)
-	s.leaseHosts.Add(l.Hostname)
 	s.leasedOffsets.set(offset, true)
 
+	if l.Hostname != "" {
+		s.leaseHosts.Add(l.Hostname)
+	}
+
 	return nil
 }
 
-// addLease adds a dynamic or static lease.
-func (s *v4Server) addLease(l *Lease) (err error) {
-	err = s.validateLease(l)
-	if err != nil {
-		return err
-	}
-
-	if l.IsStatic() {
-		return s.addStaticLease(l)
-	}
-
-	return s.addDynamicLease(l)
-}
-
-// Remove a lease with the same properties
-func (s *v4Server) rmLease(lease Lease) error {
+// rmLease removes a lease with the same properties.
+func (s *v4Server) rmLease(lease Lease) (err error) {
 	if len(s.leases) == 0 {
 		return nil
 	}
@@ -289,7 +339,7 @@ func (s *v4Server) rmLease(lease Lease) error {
 
 // AddStaticLease adds a static lease.  It is safe for concurrent use.
 func (s *v4Server) AddStaticLease(l Lease) (err error) {
-	defer agherr.Annotate("dhcpv4: %w", &err)
+	defer agherr.Annotate("dhcpv4: adding static lease: %w", &err)
 
 	if ip4 := l.IP.To4(); ip4 == nil {
 		return fmt.Errorf("invalid ip %q, only ipv4 is supported", l.IP)
@@ -297,11 +347,28 @@ func (s *v4Server) AddStaticLease(l Lease) (err error) {
 
 	l.Expiry = time.Unix(leaseExpireStatic, 0)
 
-	l.Hostname, err = normalizeHostname(l.Hostname)
+	err = aghnet.ValidateHardwareAddress(l.HWAddr)
 	if err != nil {
 		return err
 	}
 
+	var hostname string
+	hostname, err = normalizeHostname(l.Hostname)
+	if err != nil {
+		return err
+	}
+
+	err = aghnet.ValidateDomainName(hostname)
+	if err != nil {
+		return fmt.Errorf("validating hostname: %w", err)
+	}
+
+	if s.leaseHosts.Has(hostname) {
+		return agherr.Error("hostname exists")
+	}
+
+	l.Hostname = hostname
+
 	// Perform the following actions in an anonymous function to make sure
 	// that the lock gets unlocked before the notification step.
 	func() {
@@ -365,16 +432,19 @@ func (s *v4Server) RemoveStaticLease(l Lease) (err error) {
 	return nil
 }
 
-// Send ICMP to the specified machine
-// Return TRUE if it doesn't reply, which probably means that the IP is available
-func (s *v4Server) addrAvailable(target net.IP) bool {
+// addrAvailable sends an ICP request to the specified IP address.  It returns
+// true if the remote host doesn't reply, which probably means that the IP
+// address is available.
+//
+// TODO(a.garipov): I'm not sure that this is the best way to do this.
+func (s *v4Server) addrAvailable(target net.IP) (avail bool) {
 	if s.conf.ICMPTimeout == 0 {
 		return true
 	}
 
 	pinger, err := ping.NewPinger(target.String())
 	if err != nil {
-		log.Error("ping.NewPinger(): %v", err)
+		log.Error("dhcpv4: ping.NewPinger(): %s", err)
 
 		return true
 	}
@@ -386,20 +456,24 @@ func (s *v4Server) addrAvailable(target net.IP) bool {
 	pinger.OnRecv = func(_ *ping.Packet) {
 		reply = true
 	}
-	log.Debug("dhcpv4: Sending ICMP Echo to %v", target)
+
+	log.Debug("dhcpv4: sending icmp echo to %s", target)
 
 	err = pinger.Run()
 	if err != nil {
-		log.Error("pinger.Run(): %v", err)
+		log.Error("dhcpv4: pinger.Run(): %s", err)
+
 		return true
 	}
 
 	if reply {
-		log.Info("dhcpv4: IP conflict: %v is already used by another device", target)
+		log.Info("dhcpv4: ip conflict: %s is already used by another device", target)
+
 		return false
 	}
 
-	log.Debug("dhcpv4: ICMP procedure is complete: %v", target)
+	log.Debug("dhcpv4: icmp procedure is complete: %q", target)
+
 	return true
 }
 
@@ -474,58 +548,69 @@ func (s *v4Server) reserveLease(mac net.HardwareAddr) (l *Lease, err error) {
 func (s *v4Server) commitLease(l *Lease) {
 	l.Expiry = time.Now().Add(s.conf.leaseTime)
 
-	s.leasesLock.Lock()
-	s.conf.notify(LeaseChangedDBStore)
-	s.leasesLock.Unlock()
+	func() {
+		s.leasesLock.Lock()
+		defer s.leasesLock.Unlock()
+
+		s.conf.notify(LeaseChangedDBStore)
+		s.leaseHosts.Add(l.Hostname)
+	}()
 
 	s.conf.notify(LeaseChangedAdded)
 }
 
-// Process Discover request and return lease
+// processDiscover is the handler for the DHCP Discover request.
 func (s *v4Server) processDiscover(req, resp *dhcpv4.DHCPv4) (l *Lease, err error) {
 	mac := req.ClientHWAddr
 
+	err = aghnet.ValidateHardwareAddress(mac)
+	if err != nil {
+		return nil, err
+	}
+
 	s.leasesLock.Lock()
 	defer s.leasesLock.Unlock()
 
-	// TODO(a.garipov): Refactor this mess.
 	l = s.findLease(mac)
-	if l == nil {
-		toStore := false
-		for l == nil {
-			l, err = s.reserveLease(mac)
-			if err != nil {
-				return nil, fmt.Errorf("reserving a lease: %w", err)
-			}
-
-			if l == nil {
-				log.Debug("dhcpv4: no more ip addresses")
-				if toStore {
-					s.conf.notify(LeaseChangedDBStore)
-				}
-
-				// TODO(a.garipov): Return a special error?
-				return nil, nil
-			}
-
-			toStore = true
-
-			if !s.addrAvailable(l.IP) {
-				s.blocklistLease(l)
-				l = nil
-
-				continue
-			}
-
-			break
-		}
-
-		s.conf.notify(LeaseChangedDBStore)
-	} else {
+	if l != nil {
 		reqIP := req.RequestedIPAddress()
 		if len(reqIP) != 0 && !reqIP.Equal(l.IP) {
 			log.Debug("dhcpv4: different RequestedIP: %s != %s", reqIP, l.IP)
 		}
+
+		resp.UpdateOption(dhcpv4.OptMessageType(dhcpv4.MessageTypeOffer))
+
+		return l, nil
+	}
+
+	needsUpdate := false
+	defer func() {
+		if needsUpdate {
+			s.conf.notify(LeaseChangedDBStore)
+		}
+	}()
+
+	leaseReady := false
+	for !leaseReady {
+		l, err = s.reserveLease(mac)
+		if err != nil {
+			return nil, fmt.Errorf("reserving a lease: %w", err)
+		}
+
+		if l == nil {
+			log.Debug("dhcpv4: no more ip addresses")
+
+			return nil, nil
+		}
+
+		needsUpdate = true
+
+		if s.addrAvailable(l.IP) {
+			leaseReady = true
+		} else {
+			s.blocklistLease(l)
+			l = nil
+		}
 	}
 
 	resp.UpdateOption(dhcpv4.OptMessageType(dhcpv4.MessageTypeOffer))
@@ -562,83 +647,14 @@ func (o *optFQDN) ToBytes() []byte {
 	return b
 }
 
-// normalizeHostname normalizes a hostname sent by the client.
-func normalizeHostname(name string) (norm string, err error) {
-	if name == "" {
-		return "", nil
-	}
-
-	norm = strings.ToLower(name)
-	parts := strings.FieldsFunc(norm, func(c rune) (ok bool) {
-		return c != '.' && !aghnet.IsValidHostOuterRune(c)
-	})
-
-	if len(parts) == 0 {
-		return "", fmt.Errorf("normalizing hostname %q: no valid parts", name)
-	}
-
-	norm = strings.Join(parts, "-")
-	norm = strings.TrimSuffix(norm, "-")
-
-	return norm, nil
-}
-
-// validateHostname validates a hostname sent by the client.
-func (s *v4Server) validateHostname(name string) (err error) {
-	defer agherr.Annotate("validating hostname: %s", &err)
-
-	if name == "" {
-		return nil
-	}
-
-	err = aghnet.ValidateDomainName(name)
-	if err != nil {
-		return err
-	}
-
-	if s.leaseHosts.Has(name) {
-		return agherr.Error("hostname exists")
-	}
-
-	return nil
-}
-
-// validateLease returns an error if the lease is invalid.
-func (s *v4Server) validateLease(l *Lease) (err error) {
-	defer agherr.Annotate("validating lease: %s", &err)
-
-	if l == nil {
-		return agherr.Error("lease is nil")
-	}
-
-	err = aghnet.ValidateHardwareAddress(l.HWAddr)
-	if err != nil {
-		return err
-	}
-
-	err = s.validateHostname(l.Hostname)
-	if err != nil {
-		return err
-	}
-
-	if sn := s.conf.subnet; !sn.Contains(l.IP) {
-		return fmt.Errorf("subnet %s does not contain the ip %q", sn, l.IP)
-	}
-
-	r := s.conf.ipRange
-	if !l.IsStatic() && !r.contains(l.IP) {
-		return fmt.Errorf("dynamic lease range %s does not contain the ip %q", r, l.IP)
-	}
-
-	return nil
-}
-
-// Process Request request and return lease
-// Return false if we don't need to reply
-func (s *v4Server) processRequest(req, resp *dhcpv4.DHCPv4) (lease *Lease, ok bool) {
-	var err error
-
+// processDiscover is the handler for the DHCP Request request.
+func (s *v4Server) processRequest(req, resp *dhcpv4.DHCPv4) (lease *Lease, needsReply bool) {
 	mac := req.ClientHWAddr
+	err := aghnet.ValidateHardwareAddress(mac)
+	if err != nil {
+		return nil, false
+	}
+
 	reqIP := req.RequestedIPAddress()
 	if reqIP == nil {
 		reqIP = req.ClientIPAddr
@@ -657,68 +673,51 @@ func (s *v4Server) processRequest(req, resp *dhcpv4.DHCPv4) (lease *Lease, ok bo
 		return nil, false
 	}
 
-	s.leasesLock.Lock()
-	for _, l := range s.leases {
-		if bytes.Equal(l.HWAddr, mac) {
-			if !l.IP.Equal(reqIP) {
-				s.leasesLock.Unlock()
-				log.Debug("dhcpv4: mismatched OptionRequestedIPAddress in request message for %s", mac)
+	mismatch := false
+	func() {
+		s.leasesLock.Lock()
+		defer s.leasesLock.Unlock()
 
-				return nil, true
+		for _, l := range s.leases {
+			if !bytes.Equal(l.HWAddr, mac) {
+				continue
 			}
 
-			lease = l
+			if l.IP.Equal(reqIP) {
+				lease = l
+			} else {
+				log.Debug(
+					`dhcpv4: mismatched OptionRequestedIPAddress `+
+						`in request message for %s`,
+					mac,
+				)
+				mismatch = true
+			}
 
-			break
+			return
 		}
+	}()
+	if mismatch {
+		return nil, true
 	}
-	s.leasesLock.Unlock()
 
 	if lease == nil {
-		log.Debug("dhcpv4: no lease for %s", mac)
+		log.Debug("dhcpv4: no reserved lease for %s", mac)
 
 		return nil, true
 	}
 
 	if !lease.IsStatic() {
 		cliHostname := req.HostName()
-
-		var hostname string
-		hostname, err = normalizeHostname(cliHostname)
+		lease.Hostname, err = s.validHostnameForClient(cliHostname, lease.Hostname, reqIP)
 		if err != nil {
-			log.Error("dhcpv4: cannot normalize hostname for %s: %s", mac, err)
-
-			// Go on and assign a hostname made from the IP.
+			log.Info(
+				"dhcpv4: warning: client hostname %q is invalid: %s",
+				cliHostname,
+				err,
+			)
 		}
 
-		if hostname != "" {
-			if cliHostname != hostname {
-				log.Debug(
-					"dhcpv4: normalized hostname %q into %q",
-					cliHostname,
-					hostname,
-				)
-			}
-
-			if lease.Hostname != hostname {
-				// Either a new lease or an old lease with a new
-				// hostname, so validate.
-				err = s.validateHostname(hostname)
-				if err != nil {
-					log.Error("dhcpv4: validating %s: %s", mac, err)
-
-					// Go on and assign a hostname made from
-					// the IP below.
-					hostname = ""
-				}
-			}
-		}
-
-		if hostname == "" {
-			hostname = aghnet.GenerateHostname(reqIP)
-		}
-
-		lease.Hostname = hostname
 		s.commitLease(lease)
 	} else if len(lease.Hostname) != 0 {
 		o := &optFQDN{

internal/dhcpd/v4_test.go

@@ -30,8 +30,9 @@ func TestV4_AddRemove_static(t *testing.T) {
 
 	// Add static lease.
 	l := Lease{
-		IP:     net.IP{192, 168, 10, 150},
-		HWAddr: net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+		Hostname: "static-1.local",
+		HWAddr:   net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+		IP:       net.IP{192, 168, 10, 150},
 	}
 
 	err = s.AddStaticLease(l)
@@ -76,11 +77,13 @@ func TestV4_AddReplace(t *testing.T) {
 	require.True(t, ok)
 
 	dynLeases := []Lease{{
-		IP:     net.IP{192, 168, 10, 150},
-		HWAddr: net.HardwareAddr{0x11, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+		Hostname: "dynamic-1.local",
+		HWAddr:   net.HardwareAddr{0x11, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+		IP:       net.IP{192, 168, 10, 150},
 	}, {
-		IP:     net.IP{192, 168, 10, 151},
-		HWAddr: net.HardwareAddr{0x22, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+		Hostname: "dynamic-2.local",
+		HWAddr:   net.HardwareAddr{0x22, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+		IP:       net.IP{192, 168, 10, 151},
 	}}
 
 	for i := range dynLeases {
@@ -89,11 +92,13 @@ func TestV4_AddReplace(t *testing.T) {
 	}
 
 	stLeases := []Lease{{
-		IP:     net.IP{192, 168, 10, 150},
-		HWAddr: net.HardwareAddr{0x33, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+		Hostname: "static-1.local",
+		HWAddr:   net.HardwareAddr{0x33, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+		IP:       net.IP{192, 168, 10, 150},
 	}, {
-		IP:     net.IP{192, 168, 10, 152},
-		HWAddr: net.HardwareAddr{0x22, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+		Hostname: "static-2.local",
+		HWAddr:   net.HardwareAddr{0x22, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+		IP:       net.IP{192, 168, 10, 152},
 	}}
 
 	for _, l := range stLeases {
@@ -129,8 +134,9 @@ func TestV4StaticLease_Get(t *testing.T) {
 	s.conf.dnsIPAddrs = []net.IP{{192, 168, 10, 1}}
 
 	l := Lease{
-		IP:     net.IP{192, 168, 10, 150},
-		HWAddr: net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+		Hostname: "static-1.local",
+		HWAddr:   net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+		IP:       net.IP{192, 168, 10, 150},
 	}
 	err = s.AddStaticLease(l)
 	require.NoError(t, err)
@@ -269,7 +275,12 @@ func TestV4DynamicLease_Get(t *testing.T) {
 		assert.Equal(t, dhcpv4.MessageTypeAck, resp.MessageType())
 		assert.Equal(t, mac, resp.ClientHWAddr)
 		assert.True(t, s.conf.RangeStart.Equal(resp.YourIPAddr))
-		assert.True(t, s.conf.GatewayIP.Equal(resp.Router()[0]))
+
+		router := resp.Router()
+		require.Len(t, router, 1)
+
+		assert.Equal(t, s.conf.GatewayIP, router[0])
+
 		assert.True(t, s.conf.GatewayIP.Equal(resp.ServerIdentifier()))
 		assert.Equal(t, s.conf.subnet.Mask, resp.SubnetMask())
 		assert.Equal(t, s.conf.leaseTime.Seconds(), resp.IPAddressLeaseTime(-1).Seconds())
@@ -329,12 +340,12 @@ func TestNormalizeHostname(t *testing.T) {
 	}, {
 		name:       "error",
 		hostname:   "!!!",
-		wantErrMsg: `normalizing hostname "!!!": no valid parts`,
+		wantErrMsg: `normalizing "!!!": no valid parts`,
 		want:       "",
 	}, {
 		name:       "error_spaces",
 		hostname:   "! ! !",
-		wantErrMsg: `normalizing hostname "! ! !": no valid parts`,
+		wantErrMsg: `normalizing "! ! !": no valid parts`,
 		want:       "",
 	}}
 

internal/dnsforward/clientid.go

@@ -2,6 +2,7 @@ package dnsforward
 
 import (
 	"crypto/tls"
+	"errors"
 	"fmt"
 	"path"
 	"strings"
@@ -15,7 +16,8 @@ import (
 func ValidateClientID(clientID string) (err error) {
 	err = aghnet.ValidateDomainNameLabel(clientID)
 	if err != nil {
-		return fmt.Errorf("invalid client id: %w", err)
+		// Replace the domain name label wrapper with our own.
+		return fmt.Errorf("invalid client id %q: %w", clientID, errors.Unwrap(err))
 	}
 
 	return nil

internal/dnsforward/clientid_test.go

@@ -117,8 +117,8 @@ func TestProcessClientID(t *testing.T) {
 		hostSrvName:  "example.com",
 		cliSrvName:   "!!!.example.com",
 		wantClientID: "",
-		wantErrMsg: `client id check: invalid client id: invalid char '!' ` +
-			`at index 0 in "!!!"`,
+		wantErrMsg: `client id check: invalid client id "!!!": ` +
+			`invalid char '!' at index 0`,
 		wantRes:   resultCodeError,
 		strictSNI: true,
 	}, {
@@ -128,9 +128,9 @@ func TestProcessClientID(t *testing.T) {
 		cliSrvName: `abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmno` +
 			`pqrstuvwxyz0123456789.example.com`,
 		wantClientID: "",
-		wantErrMsg: `client id check: invalid client id: "abcdefghijklmno` +
-			`pqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789" ` +
-			`is too long, max: 63`,
+		wantErrMsg: `client id check: invalid client id "abcdefghijklmno` +
+			`pqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789": ` +
+			`label is too long, max: 63`,
 		wantRes:   resultCodeError,
 		strictSNI: true,
 	}, {
@@ -238,8 +238,8 @@ func TestProcessClientID_https(t *testing.T) {
 		name:         "invalid_client_id",
 		path:         "/dns-query/!!!",
 		wantClientID: "",
-		wantErrMsg: `client id check: invalid client id: invalid char '!' ` +
-			`at index 0 in "!!!"`,
+		wantErrMsg: `client id check: invalid client id "!!!": ` +
+			`invalid char '!' at index 0`,
 		wantRes: resultCodeError,
 	}}
 

internal/dnsforward/dns.go

@@ -249,6 +249,10 @@ func (s *Server) hostToIP(host string) (ip net.IP, ok bool) {
 //
 // TODO(a.garipov): Adapt to AAAA as well.
 func (s *Server) processInternalHosts(dctx *dnsContext) (rc resultCode) {
+	if !s.dhcpServer.Enabled() {
+		return resultCodeSuccess
+	}
+
 	req := dctx.proxyCtx.Req
 	q := req.Question[0]
 

internal/dnsforward/dns_test.go

@@ -90,6 +90,7 @@ func TestServer_ProcessInternalHosts_localRestriction(t *testing.T) {
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			s := &Server{
+				dhcpServer:        &testDHCP{},
 				localDomainSuffix: defaultLocalDomainSuffix,
 				tableHostToIP: hostToIPTable{
 					"example": knownIP,
@@ -201,6 +202,7 @@ func TestServer_ProcessInternalHosts(t *testing.T) {
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			s := &Server{
+				dhcpServer:        &testDHCP{},
 				localDomainSuffix: tc.suffix,
 				tableHostToIP: hostToIPTable{
 					"example": knownIP,
@@ -318,7 +320,7 @@ func TestLocalRestriction(t *testing.T) {
 		}
 		t.Run(tc.name, func(t *testing.T) {
 			err = s.handleDNSRequest(nil, pctx)
-			require.Nil(t, err)
+			require.NoError(t, err)
 			require.NotNil(t, pctx.Res)
 			require.Len(t, pctx.Res.Answer, tc.wantLen)
 			if tc.wantLen > 0 {

internal/dnsforward/dnsforward_test.go

@@ -75,6 +75,7 @@ func createTestServer(
 	require.NotNil(t, snd)
 
 	s, err = NewServer(DNSCreateParams{
+		DHCPServer:     &testDHCP{},
 		DNSFilter:      f,
 		SubnetDetector: snd,
 	})
@@ -736,6 +737,7 @@ func TestBlockedCustomIP(t *testing.T) {
 
 	var s *Server
 	s, err = NewServer(DNSCreateParams{
+		DHCPServer:     &testDHCP{},
 		DNSFilter:      dnsfilter.New(&dnsfilter.Config{}, filters),
 		SubnetDetector: snd,
 	})
@@ -873,6 +875,7 @@ func TestRewrite(t *testing.T) {
 
 	var s *Server
 	s, err = NewServer(DNSCreateParams{
+		DHCPServer:     &testDHCP{},
 		DNSFilter:      f,
 		SubnetDetector: snd,
 	})
@@ -1016,11 +1019,13 @@ func TestMatchDNSName(t *testing.T) {
 
 type testDHCP struct{}
 
+func (d *testDHCP) Enabled() (ok bool) { return true }
+
 func (d *testDHCP) Leases(flags int) []dhcpd.Lease {
 	l := dhcpd.Lease{
-		IP:       net.IP{127, 0, 0, 1},
+		IP:       net.IP{192, 168, 12, 34},
 		HWAddr:   net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
-		Hostname: "localhost",
+		Hostname: "myhost",
 	}
 
 	return []dhcpd.Lease{l}
@@ -1056,7 +1061,7 @@ func TestPTRResponseFromDHCPLeases(t *testing.T) {
 	})
 
 	addr := s.dnsProxy.Addr(proxy.ProtoUDP)
-	req := createTestMessageWithType("1.0.0.127.in-addr.arpa.", dns.TypePTR)
+	req := createTestMessageWithType("34.12.168.192.in-addr.arpa.", dns.TypePTR)
 
 	resp, err := dns.Exchange(req, addr.String())
 	require.NoError(t, err)
@@ -1064,11 +1069,11 @@ func TestPTRResponseFromDHCPLeases(t *testing.T) {
 	require.Len(t, resp.Answer, 1)
 
 	assert.Equal(t, dns.TypePTR, resp.Answer[0].Header().Rrtype)
-	assert.Equal(t, "1.0.0.127.in-addr.arpa.", resp.Answer[0].Header().Name)
+	assert.Equal(t, "34.12.168.192.in-addr.arpa.", resp.Answer[0].Header().Name)
 
 	ptr, ok := resp.Answer[0].(*dns.PTR)
 	require.True(t, ok)
-	assert.Equal(t, "localhost.", ptr.Ptr)
+	assert.Equal(t, "myhost.", ptr.Ptr)
 }
 
 func TestPTRResponseFromHosts(t *testing.T) {
@@ -1098,6 +1103,7 @@ func TestPTRResponseFromHosts(t *testing.T) {
 
 	var s *Server
 	s, err = NewServer(DNSCreateParams{
+		DHCPServer:     &testDHCP{},
 		DNSFilter:      dnsfilter.New(&c, nil),
 		SubnetDetector: snd,
 	})
@@ -1160,8 +1166,9 @@ func TestNewServer(t *testing.T) {
 		in: DNSCreateParams{
 			LocalDomain: "!!!",
 		},
-		wantErrMsg: `local domain: invalid domain name label at index 0: ` +
-			`invalid char '!' at index 0 in "!!!"`,
+		wantErrMsg: `local domain: validating domain name "!!!": ` +
+			`invalid domain name label at index 0: ` +
+			`validating label "!!!": invalid char '!' at index 0`,
 	}}
 
 	for _, tc := range testCases {

internal/home/clients.go

@@ -29,25 +29,25 @@ var webHandlersRegistered = false
 
 // Client contains information about persistent clients.
 type Client struct {
-	IDs                 []string
-	Tags                []string
-	Name                string
-	UseOwnSettings      bool // false: use global settings
-	FilteringEnabled    bool
-	SafeSearchEnabled   bool
-	SafeBrowsingEnabled bool
-	ParentalEnabled     bool
-
-	UseOwnBlockedServices bool // false: use global settings
-	BlockedServices       []string
-
-	Upstreams []string // list of upstream servers to be used for the client's requests
-
-	// Custom upstream config for this client
-	// nil: not yet initialized
-	// not nil, but empty: initialized, no good upstreams
-	// not nil, not empty: Upstreams ready to be used
+	// upstreamConfig is the custom upstream config for this client.  If
+	// it's nil, it has not been initialized yet.  If it's non-nil and
+	// empty, there are no valid upstreams.  If it's non-nil and non-empty,
+	// these upstream must be used.
 	upstreamConfig *proxy.UpstreamConfig
+
+	Name string
+
+	IDs             []string
+	Tags            []string
+	BlockedServices []string
+	Upstreams       []string
+
+	UseOwnSettings        bool
+	FilteringEnabled      bool
+	SafeSearchEnabled     bool
+	SafeBrowsingEnabled   bool
+	ParentalEnabled       bool
+	UseOwnBlockedServices bool
 }
 
 type clientSource uint
@@ -63,9 +63,9 @@ const (
 
 // RuntimeClient information
 type RuntimeClient struct {
+	WhoisInfo *RuntimeClientWhoisInfo
 	Host      string
 	Source    clientSource
-	WhoisInfo *RuntimeClientWhoisInfo
 }
 
 // RuntimeClientWhoisInfo is the filtered WHOIS data for a runtime client.

internal/home/clientshttp.go

@@ -7,31 +7,38 @@ import (
 	"net/http"
 )
 
+// clientJSON is a common structure used by several handlers to deal with
+// clients.  Some of the fields are only necessary in one or two handlers and
+// are thus made pointers with an omitempty tag.
+//
+// TODO(a.garipov): Consider using nullbool and an optional string here?  Or
+// split into several structs?
 type clientJSON struct {
-	IDs                 []string `json:"ids"`
-	Tags                []string `json:"tags"`
-	Name                string   `json:"name"`
-	UseGlobalSettings   bool     `json:"use_global_settings"`
-	FilteringEnabled    bool     `json:"filtering_enabled"`
-	ParentalEnabled     bool     `json:"parental_enabled"`
-	SafeSearchEnabled   bool     `json:"safesearch_enabled"`
-	SafeBrowsingEnabled bool     `json:"safebrowsing_enabled"`
+	// Disallowed, if non-nil and false, means that the client's IP is
+	// allowed.  Otherwise, the IP is blocked.
+	Disallowed *bool `json:"disallowed,omitempty"`
 
-	UseGlobalBlockedServices bool     `json:"use_global_blocked_services"`
-	BlockedServices          []string `json:"blocked_services"`
+	// DisallowedRule is the rule due to which the client is disallowed.
+	// If Disallowed is true and this string is empty, the client IP is
+	// disallowed by the "allowed IP list", that is it is not included in
+	// the allowlist.
+	DisallowedRule *string `json:"disallowed_rule,omitempty"`
 
-	Upstreams []string `json:"upstreams"`
+	WhoisInfo *RuntimeClientWhoisInfo `json:"whois_info,omitempty"`
 
-	WhoisInfo *RuntimeClientWhoisInfo `json:"whois_info"`
+	Name string `json:"name"`
 
-	// Disallowed - if true -- client's IP is not disallowed
-	// Otherwise, it is blocked.
-	Disallowed bool `json:"disallowed"`
+	BlockedServices []string `json:"blocked_services"`
+	IDs             []string `json:"ids"`
+	Tags            []string `json:"tags"`
+	Upstreams       []string `json:"upstreams"`
 
-	// DisallowedRule - the rule due to which the client is disallowed
-	// If Disallowed is true, and this string is empty - it means that the client IP
-	// is disallowed by the "allowed IP list", i.e. it is not included in allowed.
-	DisallowedRule string `json:"disallowed_rule"`
+	FilteringEnabled         bool `json:"filtering_enabled"`
+	ParentalEnabled          bool `json:"parental_enabled"`
+	SafeBrowsingEnabled      bool `json:"safebrowsing_enabled"`
+	SafeSearchEnabled        bool `json:"safesearch_enabled"`
+	UseGlobalBlockedServices bool `json:"use_global_blocked_services"`
+	UseGlobalSettings        bool `json:"use_global_settings"`
 }
 
 type runtimeClientJSON struct {
@@ -126,8 +133,6 @@ func clientToJSON(c *Client) clientJSON {
 		BlockedServices:          c.BlockedServices,
 
 		Upstreams: c.Upstreams,
-
-		WhoisInfo: &RuntimeClientWhoisInfo{},
 	}
 
 	return cj
@@ -243,7 +248,8 @@ func (clients *clientsContainer) handleFindClient(w http.ResponseWriter, r *http
 			}
 		} else {
 			cj = clientToJSON(c)
-			cj.Disallowed, cj.DisallowedRule = clients.dnsServer.IsBlockedIP(ip)
+			disallowed, rule := clients.dnsServer.IsBlockedIP(ip)
+			cj.Disallowed, cj.DisallowedRule = &disallowed, &rule
 		}
 
 		data = append(data, map[string]clientJSON{
@@ -279,8 +285,8 @@ func (clients *clientsContainer) findRuntime(ip net.IP, idStr string) (cj client
 
 		cj = clientJSON{
 			IDs:            []string{idStr},
-			Disallowed:     disallowed,
-			DisallowedRule: rule,
+			Disallowed:     &disallowed,
+			DisallowedRule: &rule,
 			WhoisInfo:      &RuntimeClientWhoisInfo{},
 		}
 
@@ -288,7 +294,8 @@ func (clients *clientsContainer) findRuntime(ip net.IP, idStr string) (cj client
 	}
 
 	cj = runtimeClientToJSON(idStr, rc)
-	cj.Disallowed, cj.DisallowedRule = clients.dnsServer.IsBlockedIP(ip)
+	disallowed, rule := clients.dnsServer.IsBlockedIP(ip)
+	cj.Disallowed, cj.DisallowedRule = &disallowed, &rule
 
 	return cj, true
 }

internal/home/home.go

@@ -184,6 +184,10 @@ func setupConfig(args options) {
 
 	Context.dhcpServer = dhcpd.Create(config.DHCP)
 	if Context.dhcpServer == nil {
+		// TODO(a.garipov): There are a lot of places in the code right
+		// now which assume that the DHCP server can be nil despite this
+		// condition.  Inspect them and perhaps rewrite them to use
+		// Enabled() instead.
 		log.Fatalf("can't initialize dhcp module")
 	}
 

openapi/CHANGELOG.md

@@ -4,6 +4,15 @@
 
 ## v0.106: API changes
 
+### The field `"supported_tags"` in `GET /control/clients`
+
+* Prefiously undocumented field `"supported_tags"` in the response is now
+  documented.
+
+### The field `"whois_info"` in `GET /control/clients`
+
+* Objects in the `"auto_clients"` array now have the `"whois_info"` field.
+
 ### New response code in `POST /control/login`
 
 * `429` is returned when user is out of login attempts.  It adds the

openapi/openapi.yaml

@@ -2234,6 +2234,10 @@
           'type': 'array'
           'items':
             'type': 'string'
+        'tags':
+          'items':
+            'type': 'string'
+          'type': 'array'
     'ClientAuto':
       'type': 'object'
       'description': 'Auto-Client information'
@@ -2250,6 +2254,8 @@
           'type': 'string'
           'description': 'The source of this information'
           'example': 'etc/hosts'
+        'whois_info':
+          '$ref': '#/components/schemas/WhoisInfo'
     'ClientUpdate':
       'type': 'object'
       'description': 'Client update request'
@@ -2384,6 +2390,10 @@
           '$ref': '#/components/schemas/ClientsArray'
         'auto_clients':
           '$ref': '#/components/schemas/ClientsAutoArray'
+        'supported_tags':
+          'items':
+            'type': 'string'
+          'type': 'array'
     'ClientsArray':
       'type': 'array'
       'items':