all: fix release date in chlog

Squashed commit of the following:

commit 284190f748345c7556e60b67f051ec5f6f080948
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Wed Dec 6 19:36:00 2023 +0300

    all: sync with master; upd chlog

.github/ISSUE_TEMPLATE/bug.yml

@@ -102,6 +102,9 @@
             the best way.  For crashes, please provide a full failure log.
         'label': 'Action'
         'value': |
+            Replace the following command with the one you're calling or a
+            description of the failing action:
+
             ```sh
             nslookup -debug -type=a 'www.example.com' '$YOUR_AGH_ADDRESS'
             ```

.github/workflows/build.yml

@@ -1,7 +1,7 @@
 'name': 'build'
 
 'env':
-  'GO_VERSION': '1.20.11'
+  'GO_VERSION': '1.22.3'
   'NODE_VERSION': '16'
 
 'on':
@@ -53,9 +53,9 @@
         'path': '${{ steps.npm-cache.outputs.dir }}'
         'key': "${{ runner.os }}-node-${{ hashFiles('client/package-lock.json') }}"
         'restore-keys': '${{ runner.os }}-node-'
-    - 'name': 'Run make ci'
+    - 'name': 'Run tests'
       'shell': 'bash'
-      'run': 'make VERBOSE=1 ci'
+      'run': 'make VERBOSE=1 deps test go-bench go-fuzz'
     - 'name': 'Upload coverage'
       'uses': 'codecov/codecov-action@v1'
       'if': "success() && matrix.os == 'ubuntu-latest'"
@@ -101,7 +101,10 @@
     - 'name': 'Set up Docker Buildx'
       'uses': 'docker/setup-buildx-action@v1'
     - 'name': 'Run snapshot build'
-      'run': 'make SIGN=0 VERBOSE=1 build-release build-docker'
+      # Set a custom version string, since the checkout@v2 action does not seem
+      # to know about the master branch, while the version script uses it to
+      # count the number of commits within the branch.
+      'run': 'make SIGN=0 VERBOSE=1 VERSION="v0.0.0-github" build-release build-docker'
 
   'notify':
     'needs':

.github/workflows/lint.yml

@@ -1,7 +1,7 @@
 'name': 'lint'
 
 'env':
-  'GO_VERSION': '1.20.11'
+  'GO_VERSION': '1.22.3'
 
 'on':
   'push':

CHANGELOG.md

@@ -14,20 +14,349 @@ and this project adheres to
 <!--
 ## [v0.108.0] - TBA
 
-## [v0.107.42] - 2023-12-06 (APPROX.)
+## [v0.107.50] - 2024-04-24 (APPROX.)
 
-See also the [v0.107.42 GitHub milestone][ms-v0.107.42].
+See also the [v0.107.50 GitHub milestone][ms-v0.107.50].
 
-[ms-v0.107.42]: https://github.com/AdguardTeam/AdGuardHome/milestone/77?closed=1
+[ms-v0.107.50]: https://github.com/AdguardTeam/AdGuardHome/milestone/85?closed=1
 
 NOTE: Add new changes BELOW THIS COMMENT.
 -->
 
+<!--
+NOTE: Add new changes ABOVE THIS COMMENT.
+-->
+
+
+
+## [v0.107.49] - 2024-05-21
+
+See also the [v0.107.49 GitHub milestone][ms-v0.107.49].
+
+### Security
+
+- Go version has been updated to prevent the possibility of exploiting the Go
+  vulnerabilities fixed in [Go 1.22.3][go-1.22.3].
+
 ### Added
 
-- Ability to set client's custom DNS cache ([#6362], [dnsproxy#169]).
+- Support for comments in the ipset file ([#5345]).
+
+### Changed
+
+- Private rDNS resolution now also affects `SOA` and `NS` requests ([#6882]).
+- Rewrite rules mechanics was changed due to improve resolving in safe search.
+
+### Deprecated
+
+- Currently, AdGuard Home skips persistent clients that have duplicate fields
+  when reading them from the configuration file.  This behaviour is deprecated
+  and will cause errors on startup in a future release.
+
+### Fixed
+
+- Acceptance of duplicate UIDs for persistent clients at startup.  See also the
+  section on client settings on the [Wiki page][wiki-config].
+- Domain specifications for top-level domains not considered for requests to
+  unqualified domains ([#6744]).
+- Support for link-local subnets, i.e. `fe80::/16`, as client identifiers
+  ([#6312]).
+- Issues with QUIC and HTTP/3 upstreams on older Linux kernel versions
+  ([#6422]).
+- YouTube restricted mode is not enforced by HTTPS queries on Firefox.
+- Support for link-local subnets, i.e. `fe80::/16`, in the access settings
+  ([#6192]).
+- The ability to apply an invalid configuration for private rDNS, which led to
+  server not starting.
+- Ignoring query log for clients with ClientID set ([#5812]).
+- Subdomains of `in-addr.arpa` and `ip6.arpa` containing zero-length prefix
+  incorrectly considered invalid when specified for private rDNS upstream
+  servers ([#6854]).
+- Unspecified IP addresses aren't checked when using "Fastest IP address" mode
+  ([#6875]).
+
+[#5345]: https://github.com/AdguardTeam/AdGuardHome/issues/5345
+[#5812]: https://github.com/AdguardTeam/AdGuardHome/issues/5812
+[#6192]: https://github.com/AdguardTeam/AdGuardHome/issues/6192
+[#6312]: https://github.com/AdguardTeam/AdGuardHome/issues/6312
+[#6422]: https://github.com/AdguardTeam/AdGuardHome/issues/6422
+[#6744]: https://github.com/AdguardTeam/AdGuardHome/issues/6744
+[#6854]: https://github.com/AdguardTeam/AdGuardHome/issues/6854
+[#6875]: https://github.com/AdguardTeam/AdGuardHome/issues/6875
+[#6882]: https://github.com/AdguardTeam/AdGuardHome/issues/6882
+
+[go-1.22.3]:    https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
+[ms-v0.107.49]: https://github.com/AdguardTeam/AdGuardHome/milestone/84?closed=1
+
+
+
+## [v0.107.48] - 2024-04-05
+
+See also the [v0.107.48 GitHub milestone][ms-v0.107.48].
+
+### Fixed
+
+- Access settings not being applied to encrypted protocols ([#6890]).
+
+[#6890]: https://github.com/AdguardTeam/AdGuardHome/issues/6890
+
+[ms-v0.107.48]: https://github.com/AdguardTeam/AdGuardHome/milestone/83?closed=1
+
+
+
+## [v0.107.47] - 2024-04-04
+
+See also the [v0.107.47 GitHub milestone][ms-v0.107.47].
+
+### Security
+
+- Go version has been updated to prevent the possibility of exploiting the Go
+  vulnerabilities fixed in [Go 1.22.2][go-1.22.2].
+
+### Changed
+
+- Time Zone Database is now embedded in the binary ([#6758]).
+- Failed authentication attempts show the originating IP address in the logs, if
+  the request came from a trusted proxy ([#5829]).
+
+### Deprecated
+
+- Go 1.22 support.  Future versions will require at least Go 1.23 to build.
+- Currently, AdGuard Home uses a best-effort algorithm to fix invalid IDs of
+  filtering-rule lists on startup.  This feature is deprecated, and invalid IDs
+  will cause errors on startup in a future version.
+- Node.JS 16.  Future versions will require at least Node.JS 18 to build.
+
+### Fixed
+
+- Resetting DNS upstream mode when applying unrelated settings ([#6851]).
+- Symbolic links to the configuration file begin replaced by a copy of the real
+  file upon startup on FreeBSD ([#6717]).
+
+### Removed
+
+- Go 1.21 support.
+
+[#5829]: https://github.com/AdguardTeam/AdGuardHome/issues/5829
+[#6717]: https://github.com/AdguardTeam/AdGuardHome/issues/6717
+[#6758]: https://github.com/AdguardTeam/AdGuardHome/issues/6758
+[#6851]: https://github.com/AdguardTeam/AdGuardHome/issues/6851
+
+[go-1.22.2]:    https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M/
+[ms-v0.107.47]: https://github.com/AdguardTeam/AdGuardHome/milestone/82?closed=1
+
+
+
+## [v0.107.46] - 2024-03-20
+
+See also the [v0.107.46 GitHub milestone][ms-v0.107.46].
+
+### Added
+
+- Ability to disable the use of system hosts file information for query
+  resolution ([#6610]).
+- Ability to define custom directories for storage of query log files and
+  statistics ([#5992]).
+
+### Changed
+
+- Private rDNS resolution (`dns.use_private_ptr_resolvers` in YAML
+  configuration) now requires a valid "Private reverse DNS servers", when
+  enabled ([#6820]).
+
+  **NOTE:** Disabling private rDNS resolution behaves effectively the same as if
+  no private reverse DNS servers provided by user and by the OS.
+
+### Fixed
+
+- Statistics for 7 days displayed by day on the dashboard graph ([#6712]).
+- Missing "served from cache" label on long DNS server strings ([#6740]).
+- Incorrect tracking of the system hosts file's changes ([#6711]).
+
+[#5992]: https://github.com/AdguardTeam/AdGuardHome/issues/5992
+[#6610]: https://github.com/AdguardTeam/AdGuardHome/issues/6610
+[#6711]: https://github.com/AdguardTeam/AdGuardHome/issues/6711
+[#6712]: https://github.com/AdguardTeam/AdGuardHome/issues/6712
+[#6740]: https://github.com/AdguardTeam/AdGuardHome/issues/6740
+[#6820]: https://github.com/AdguardTeam/AdGuardHome/issues/6820
+
+[ms-v0.107.46]: https://github.com/AdguardTeam/AdGuardHome/milestone/81?closed=1
+
+
+
+## [v0.107.45] - 2024-03-06
+
+See also the [v0.107.45 GitHub milestone][ms-v0.107.45].
+
+### Security
+
+- Go version has been updated to prevent the possibility of exploiting the Go
+  vulnerabilities fixed in [Go 1.21.8][go-1.21.8].
+
+### Added
+
+- Context menu item in the Query Log to add a Client to the Persistent client
+  list ([#6679]).
+
+### Changed
+
+- Starting with this release our scripts are using Go's [forward compatibility
+  mechanism][go-toolchain] for updating the Go version.
+
+  **Important note for porters:**  This change means that if your `go` version
+  is 1.21+ but is different from the one required by AdGuard Home, the `go` tool
+  will automatically download the required version.
+
+  If you want to use the version installed on your builder, run:
+
+  ```sh
+  go get go@$YOUR_VERSION
+  go mod tidy
+  ```
+
+  and call `make` with `GOTOOLCHAIN=local`.
+
+### Deprecated
+
+- Go 1.21 support.  Future versions will require at least Go 1.22 to build.
+
+### Fixed
+
+- Missing IP addresses in logs when querying for domain names from the ignore
+  lists.
+- Blank page after resetting access clients ([#6634]).
+- Wrong algorithm for caching bootstrapped upstream addresses ([#6723]).
+
+### Removed
+
+- Go 1.20 support, as it has reached end of life.
+
+[#6634]: https://github.com/AdguardTeam/AdGuardHome/issues/6634
+[#6679]: https://github.com/AdguardTeam/AdGuardHome/issues/6679
+[#6723]: https://github.com/AdguardTeam/AdGuardHome/issues/6723
+
+[go-1.21.8]:    https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
+[go-toolchain]: https://go.dev/blog/toolchain
+[ms-v0.107.45]: https://github.com/AdguardTeam/AdGuardHome/milestone/80?closed=1
+
+
+
+## [v0.107.44] - 2024-02-06
+
+See also the [v0.107.44 GitHub milestone][ms-v0.107.44].
+
+### Added
+
+- Timezones in the Etc/ area to the timezone list ([#6568]).
+- The schema version of the configuration file to the output of running
+  `AdGuardHome` (or `AdGuardHome.exe`) with `-v --version` command-line options
+  ([#6545]).
+- Ability to disable plain-DNS serving via UI if an encrypted protocol is
+  already used ([#1660]).
+
+### Changed
+
+- The bootstrapped upstream addresses are now updated according to the TTL of
+  the bootstrap DNS response ([#6321]).
+- Logging level of timeout errors is now `error` instead of `debug` ([#6574]).
+- The field `"upstream_mode"` in `POST /control/dns_config` and
+  `GET /control/dns_info` HTTP APIs now accepts `load_balance` value.  Check
+  `openapi/CHANGELOG.md` for more details.
+
+#### Configuration changes
+
+In this release, the schema version has changed from 27 to 28.
+
+- The new property `clients.persistent.*.uid`, which is a unique identifier of
+  the persistent client.
+- The properties `dns.all_servers` and `dns.fastest_addr` were removed, their
+  values migrated to newly added field `dns.upstream_mode` that describes the
+  logic through which upstreams will be used.  See also a [Wiki
+  page][wiki-config].
+
+  ```yaml
+  # BEFORE:
+  'dns':
+      # …
+      'all_servers': true
+      'fastest_addr': true
+
+  # AFTER:
+  'dns':
+      # …
+      'upstream_mode': 'parallel'
+  ```
+
+  To rollback this change, remove the new field `upstream_mode`, set back
+  `dns.all_servers` and `dns.fastest_addr` properties in `dns` section, and
+  change the `schema_version` back to `27`.
+
+### Fixed
+
+- “Invalid AddrPort” in the *Private reverse DNS servers* section on the
+  *Settings → DNS settings* page.
+- Panic on using `--no-etc-hosts` flag ([#6644]).
+- Schedule display in the client settings after creating or updating.
+- Zero value in `querylog.size_memory` disables logging ([#6570]).
+- Non-anonymized IP addresses on the dashboard ([#6584]).
+- Maximum cache TTL requirement when editing minimum cache TTL in the Web UI
+  ([#6409]).
+- Load balancing algorithm stuck on a single server ([#6480]).
+- Statistics for 7 days displayed as 168 hours on the dashboard.
+- Pre-filling the Edit static lease window with data ([#6534]).
+- Names defined in the `/etc/hosts` for a single address family wrongly
+  considered undefined for another family ([#6541]).
+- Omitted CNAME records in safe search results, which can cause YouTube to not
+  work on iOS ([#6352]).
+
+[#6321]: https://github.com/AdguardTeam/AdGuardHome/issues/6321
+[#6352]: https://github.com/AdguardTeam/AdGuardHome/issues/6352
+[#6409]: https://github.com/AdguardTeam/AdGuardHome/issues/6409
+[#6480]: https://github.com/AdguardTeam/AdGuardHome/issues/6480
+[#6534]: https://github.com/AdguardTeam/AdGuardHome/issues/6534
+[#6541]: https://github.com/AdguardTeam/AdGuardHome/issues/6541
+[#6545]: https://github.com/AdguardTeam/AdGuardHome/issues/6545
+[#6568]: https://github.com/AdguardTeam/AdGuardHome/issues/6568
+[#6570]: https://github.com/AdguardTeam/AdGuardHome/issues/6570
+[#6574]: https://github.com/AdguardTeam/AdGuardHome/issues/6574
+[#6584]: https://github.com/AdguardTeam/AdGuardHome/issues/6584
+[#6644]: https://github.com/AdguardTeam/AdGuardHome/issues/6644
+
+[ms-v0.107.44]: https://github.com/AdguardTeam/AdGuardHome/milestone/79?closed=1
+[wiki-config]:  https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration
+
+
+
+## [v0.107.43] - 2023-12-11
+
+See also the [v0.107.43 GitHub milestone][ms-v0.107.43].
+
+### Fixed
+
+- Incorrect handling of IPv4-in-IPv6 addresses when binding to an unspecified
+  address on some machines ([#6510]).
+
+[#6510]: https://github.com/AdguardTeam/AdGuardHome/issues/6510
+
+[ms-v0.107.43]: https://github.com/AdguardTeam/AdGuardHome/milestone/78?closed=1
+
+
+
+## [v0.107.42] - 2023-12-07
+
+See also the [v0.107.42 GitHub milestone][ms-v0.107.42].
+
+### Security
+
+- Go version has been updated to prevent the possibility of exploiting the
+  CVE-2023-39326, CVE-2023-45283, and CVE-2023-45285 Go vulnerabilities fixed in
+  [Go 1.20.12][go-1.20.12].
+
+### Added
+
+- Ability to set client's custom DNS cache ([#6263]).
 - Ability to disable plain-DNS serving through configuration file if an
-  encrypted protocol is already used ([#1660]).
+  encrypted protocol is already enabled ([#1660]).
 - Ability to specify rate limiting settings in the Web UI ([#6369]).
 
 ### Changed
@@ -49,16 +378,13 @@ NOTE: Add new changes BELOW THIS COMMENT.
 
 [#1660]: https://github.com/AdguardTeam/AdGuardHome/issues/1660
 [#5759]: https://github.com/AdguardTeam/AdGuardHome/issues/5759
-[#6362]: https://github.com/AdguardTeam/AdGuardHome/issues/6362
+[#6263]: https://github.com/AdguardTeam/AdGuardHome/issues/6263
 [#6369]: https://github.com/AdguardTeam/AdGuardHome/issues/6369
 [#6402]: https://github.com/AdguardTeam/AdGuardHome/issues/6402
 [#6420]: https://github.com/AdguardTeam/AdGuardHome/issues/6420
 
-[dnsproxy#169] https://github.com/AdguardTeam/dnsproxy/issues/169
-
-<!--
-NOTE: Add new changes ABOVE THIS COMMENT.
--->
+[go-1.20.12]:   https://groups.google.com/g/golang-announce/c/iLGK3x6yuNo/m/z6MJ-eB0AQAJ
+[ms-v0.107.42]: https://github.com/AdguardTeam/AdGuardHome/milestone/77?closed=1
 
 
 
@@ -2645,11 +2971,19 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].
 
 
 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.42...HEAD
-[v0.107.42]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.41...v0.107.42
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.50...HEAD
+[v0.107.50]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.49...v0.107.50
 -->
 
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.41...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.49...HEAD
+[v0.107.49]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.48...v0.107.49
+[v0.107.48]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.47...v0.107.48
+[v0.107.47]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.46...v0.107.47
+[v0.107.46]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.45...v0.107.46
+[v0.107.45]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.44...v0.107.45
+[v0.107.44]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.43...v0.107.44
+[v0.107.43]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.42...v0.107.43
+[v0.107.42]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.41...v0.107.42
 [v0.107.41]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.40...v0.107.41
 [v0.107.40]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.39...v0.107.40
 [v0.107.39]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.38...v0.107.39

CONTRIBUTING.md

@@ -1,89 +1,57 @@
- #  Contributing to AdGuard Home
+# Contributing to AdGuard Home
 
-If you want to contribute to AdGuard Home by filing or commenting on an issue or
-opening a pull request, please follow the instructions below.
+If you want to contribute to AdGuard Home by filing or commenting on an issue or opening a pull request, please follow the instructions below.
 
+## General recommendations
 
+Please don’t:
 
-##  General recommendations
+- post comments like “+1” or “this”.  Use the :+1: reaction on the issue instead, as this allows us to actually see the level of support for issues.
 
-Please don't:
+- file issues about localization errors or send localization updates as PRs.  We’re using [CrowdIn] to manage our translations and we generally update them before each Beta and Release build.  You can learn more about translating AdGuard products [in our Knowledge Base][kb-trans].
 
- *  post comments like “+1” or “this”.  Use the :+1: reaction on the issue
-    instead, as this allows us to actually see the level of support for issues.
+- file issues about a particular filtering-rule list misbehaving.  These are tracked through the [separate form for filtering issues][form].
 
- *  file issues about localization errors or send localization updates as PRs.
-    We're using [CrowdIn] to manage our translations and we generally update
-    them before each Beta and Release build.  You can learn more about
-    translating AdGuard products [in our Knowledge Base][kb-trans].
-
- *  file issues about a particular filtering-rule list misbehaving.  These are
-    tracked through the [separate form for filtering issues][form].
-
- *  send updates to filtering-rule lists, such as the ones for the Blocked
-    Services feature or the list of approved filtering-rule lists.  We update
-    them once before each Beta and Release build.
+- send or request updates to filtering-rule lists, such as the ones for the Blocked Services feature or the list of approved filtering-rule lists.  We update them from the [separate repository][hostlist] once before each Beta and Release build.
 
 Please do:
 
- *  follow the template instructions and provide data for reproducing issues.
+- follow the template instructions and provide data for reproducing issues.
 
- *  write the title of your issue or pull request in English.  Any language is
-    fine in the body, but it is important to keep the title in English to make
-    it easier for people and bots to look up duplicated issues.
+- write the title of your issue or pull request in English.  Any language is fine in the body, but it is important to keep the title in English to make it easier for people and bots to look up duplicated issues.
 
 [CrowdIn]:  https://crowdin.com/project/adguard-applications/en#/adguard-home
 [form]:     https://link.adtidy.org/forward.html?action=report&app=home&from=github
+[hostlist]: https://github.com/AdguardTeam/HostlistsRegistry
 [kb-trans]: https://kb.adguard.com/en/general/adguard-translations
 
+## Issues
 
+### Search first
 
-##  Issues
-
-   ###  Search first
-
-Please make sure that the issue is not a duplicate or a question.  If it's a
-duplicate, please react to the original issue with a thumbs up.  If it's a
-question, please look through our [Wiki] and, if you haven't found the answer,
-post it to the GitHub [Discussions] page.
+Please make sure that the issue is not a duplicate or a question.  If it’s a duplicate, please react to the original issue with a thumbs up.  If it’s a question, please look through our [Wiki] and, if you haven’t found the answer, post it to the GitHub [Discussions] page.
 
 [Discussions]: https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a
 [Wiki]:        https://github.com/AdguardTeam/AdGuardHome/wiki
 
+### Follow the issue template
 
+Developers need to be able to reproduce the faulty behavior in order to fix an issue, so please make sure that you follow the instructions in the issue template carefully.
 
-   ###  Follow the issue template
+## Pull requests
 
-Developers need to be able to reproduce the faulty behavior in order to fix an
-issue, so please make sure that you follow the instructions in the issue
-template carefully.
+### Discuss your changes first
 
+Please discuss your changes by opening an issue.  The maintainers should evaluate your proposal, and it’s generally better if that’s done before any code is written.
 
+### Review your changes for style
 
-##  Pull requests
-
-   ###  Discuss your changes first
-
-Please discuss your changes by opening an issue.  The maintainers should
-evaluate your proposal, and it's generally better if that's done before any code
-is written.
-
-
-
-   ###  Review your changes for style
-
-We have a set of [code guidelines][hacking] that we expect the code to follow.
-Please make sure you follow it.
+We have a set of [code guidelines][hacking] that we expect the code to follow.  Please make sure you follow it.
 
 [hacking]: https://github.com/AdguardTeam/CodeGuidelines/blob/master/Go/Go.md
 
+### Test your changes
 
+Make sure that it passes linters and tests by running the corresponding Make targets.  For backend changes, it’s `make go-check`.  For frontend, run `make js-lint`.
 
-   ###  Test your changes
-
-Make sure that it passes linters and tests by running the corresponding Make
-targets.  For backend changes, it's `make go-check`.  For frontend, run
-`make js-lint`.
-
-Additionally, a manual test is often required.  While we're constantly working
-on improving our test suites, they're still not as good as we'd like them to be.
+Additionally, a manual test is often required.  While we’re constantly working on improving our test suites, they’re still not as good as we’d like them to be.

HACKING.md

@@ -1,65 +1,56 @@
- #  AdGuard Home Developer Guidelines
+# AdGuard Home developer guidelines
 
-This document was moved to the [AdGuard Code Guidelines repository][repo].  All
-sections with IDs now only have links to the corresponding files and sections in
-that repository.
+This document was moved to the [AdGuard Code Guidelines repository][repo].  All sections with IDs now only have links to the corresponding files and sections in that repository.
 
-##  <a href="#git" id="git" name="git">Git</a>
+## <a href="#git" id="git" name="git">Git</a>
 
 This section was moved to [its own document][git].
 
-##  <a href="#go" id="go" name="go">Go</a>
+## <a href="#go" id="go" name="go">Go</a>
 
 This section was moved to [its own document][go].
 
-   ###  <a href="#code" id="code" name="code">Code</a>
+### <a href="#code" id="code" name="code">Code</a>
 
-This subsection was moved to the [corresponding section][code] of the Go
-guidelines document.
+This subsection was moved to the [corresponding section][code] of the Go guidelines document.
 
-   ###  <a href="#commenting" id="commenting" name="commenting">Commenting</a>
+### <a href="#commenting" id="commenting" name="commenting">Commenting</a>
 
-This subsection was moved to the [corresponding section][cmnt] of the Go
-guidelines document.
+This subsection was moved to the [corresponding section][cmnt] of the Go guidelines document.
 
-   ###  <a href="#formatting" id="formatting" name="formatting">Formatting</a>
+### <a href="#formatting" id="formatting" name="formatting">Formatting</a>
 
-This subsection was moved to the [corresponding section][fmt] of the Go
-guidelines document.
+This subsection was moved to the [corresponding section][fmt] of the Go guidelines document.
 
-   ###  <a href="#naming" id="naming" name="naming">Naming</a>
+### <a href="#naming" id="naming" name="naming">Naming</a>
 
-This subsection was moved to the [corresponding section][name] of the Go
-guidelines document.
+This subsection was moved to the [corresponding section][name] of the Go guidelines document.
 
-   ###  <a href="#testing" id="testing" name="testing">Testing</a>
+### <a href="#testing" id="testing" name="testing">Testing</a>
 
-This subsection was moved to the [corresponding section][test] of the Go
-guidelines document.
+This subsection was moved to the [corresponding section][test] of the Go guidelines document.
 
-   ###  <a href="#recommended-reading" id="recommended-reading" name="recommended-reading">Recommended Reading</a>
+### <a href="#recommended-reading" id="recommended-reading" name="recommended-reading">Recommended Reading</a>
 
-This subsection was moved to the [corresponding section][read] of the Go
-guidelines document.
+This subsection was moved to the [corresponding section][read] of the Go guidelines document.
 
-##  <a href="#markdown" id="markdown" name="markdown">Markdown</a>
+## <a href="#markdown" id="markdown" name="markdown">Markdown</a>
 
 This section was moved to [its own document][md].
 
-##  <a href="#shell-scripting" id="shell-scripting" name="shell-scripting">Shell Scripting</a>
+## <a href="#shell-scripting" id="shell-scripting" name="shell-scripting">Shell Scripting</a>
 
 This section was moved to [its own document][sh].
 
-   ###  <a href="#shell-conditionals" id="shell-conditionals" name="shell-conditionals">Shell Conditionals</a>
+### <a href="#shell-conditionals" id="shell-conditionals" name="shell-conditionals">Shell Conditionals</a>
 
-This subsection was moved to the [corresponding section][cond] of the Shell
-guidelines document.
+This subsection was moved to the [corresponding section][cond] of the Shell guidelines document.
 
-##  <a href="#text-including-comments" id="text-including-comments" name="text-including-comments">Text, Including Comments</a>
+## <a href="#text-including-comments" id="text-including-comments" name="text-including-comments">Text, Including Comments</a>
 
 This section was moved to [its own document][txt].
 
-##  <a href="#yaml" id="yaml" name="yaml">YAML</a>
+## <a href="#yaml" id="yaml" name="yaml">YAML</a>
 
 This section was moved to [its own document][yaml].
 

Makefile

@@ -8,7 +8,7 @@
 # Makefile.  Bump this number every time a significant change is made to
 # this Makefile.
 #
-# AdGuard-Project-Version: 2
+# AdGuard-Project-Version: 4
 
 # Don't name these macros "GO" etc., because GNU Make apparently makes
 # them exported environment variables with the literal value of
@@ -27,6 +27,7 @@ DIST_DIR = dist
 GOAMD64 = v1
 GOPROXY = https://goproxy.cn|https://proxy.golang.org|direct
 GOSUMDB = sum.golang.google.cn
+GOTOOLCHAIN = go1.22.3
 GPG_KEY = devteam@adguard.com
 GPG_KEY_PASSPHRASE = not-a-real-password
 NPM = npm
@@ -56,15 +57,16 @@ BUILD_RELEASE_DEPS_0 = deps js-build
 BUILD_RELEASE_DEPS_1 = go-deps
 
 ENV = env\
-	COMMIT='$(COMMIT)'\
 	CHANNEL='$(CHANNEL)'\
-	GPG_KEY='$(GPG_KEY)'\
-	GPG_KEY_PASSPHRASE='$(GPG_KEY_PASSPHRASE)'\
+	COMMIT='$(COMMIT)'\
 	DIST_DIR='$(DIST_DIR)'\
 	GO="$(GO.MACRO)"\
 	GOAMD64="$(GOAMD64)"\
 	GOPROXY='$(GOPROXY)'\
 	GOSUMDB='$(GOSUMDB)'\
+	GOTOOLCHAIN='$(GOTOOLCHAIN)'\
+	GPG_KEY='$(GPG_KEY)'\
+	GPG_KEY_PASSPHRASE='$(GPG_KEY_PASSPHRASE)'\
 	PATH="$${PWD}/bin:$$( "$(GO.MACRO)" env GOPATH )/bin:$${PATH}"\
 	RACE='$(RACE)'\
 	SIGN='$(SIGN)'\
@@ -80,8 +82,6 @@ build: deps quick-build
 
 quick-build: js-build go-build
 
-ci: deps test go-bench go-fuzz
-
 deps: js-deps go-deps
 lint: js-lint go-lint
 test: js-test go-test
@@ -96,15 +96,10 @@ build-release: $(BUILD_RELEASE_DEPS_$(FRONTEND_PREBUILT))
 clean: ; $(ENV) "$(SHELL)" ./scripts/make/clean.sh
 init:  ; git config core.hooksPath ./scripts/hooks
 
-js-build:
-	$(NPM) $(NPM_FLAGS) run build-prod
-js-deps:
-	$(NPM) $(NPM_INSTALL_FLAGS) ci
-
-# TODO(a.garipov): Remove the legacy client tasks support once the new
-# client is done and the old one is removed.
-js-lint: ; $(NPM) $(NPM_FLAGS) run lint
-js-test: ; $(NPM) $(NPM_FLAGS) run test
+js-build: ; $(NPM) $(NPM_FLAGS) run build-prod
+js-deps:  ; $(NPM) $(NPM_INSTALL_FLAGS) ci
+js-lint:  ; $(NPM) $(NPM_FLAGS) run lint
+js-test:  ; $(NPM) $(NPM_FLAGS) run test
 
 go-bench: ; $(ENV) "$(SHELL)" ./scripts/make/go-bench.sh
 go-build: ; $(ENV) "$(SHELL)" ./scripts/make/go-build.sh
@@ -117,6 +112,8 @@ go-tools: ; $(ENV) "$(SHELL)" ./scripts/make/go-tools.sh
 # targets.
 go-test:  ; $(ENV) RACE='1' "$(SHELL)" ./scripts/make/go-test.sh
 
+go-upd-tools: ; $(ENV) "$(SHELL)" ./scripts/make/go-upd-tools.sh
+
 go-check: go-tools go-lint go-test
 
 # A quick check to make sure that all supported operating systems can be
@@ -132,10 +129,3 @@ openapi-lint: ; cd ./openapi/ && $(YARN) test
 openapi-show: ; cd ./openapi/ && $(YARN) start
 
 txt-lint: ; $(ENV) "$(SHELL)" ./scripts/make/txt-lint.sh
-
-# TODO(a.garipov): Consider adding to scripts/ and the common project
-# structure.
-go-upd-tools:
-	cd ./internal/tools/ &&\
-		"$(GO.MACRO)" get -u &&\
-		"$(GO.MACRO)" mod tidy

README.md

@@ -1,85 +1,75 @@
  
 <p align="center">
-    <picture>
-        <source media="(prefers-color-scheme: dark)" srcset="doc/adguard_home_darkmode.svg">
-        <img alt="AdGuard Home" src="doc/adguard_home_lightmode.svg" width="300px">
-    </picture>
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="doc/adguard_home_darkmode.svg">
+    <img alt="AdGuard Home" src="doc/adguard_home_lightmode.svg" width="300px">
+  </picture>
 </p>
 <h3 align="center">Privacy protection center for you and your devices</h3>
 <p align="center">
-    Free and open source, powerful network-wide ads & trackers blocking DNS
-    server.
+  Free and open source, powerful network-wide ads & trackers blocking DNS server.
 </p>
 <p align="center">
-    <a href="https://adguard.com/">AdGuard.com</a> |
-    <a href="https://github.com/AdguardTeam/AdGuardHome/wiki">Wiki</a> |
-    <a href="https://reddit.com/r/Adguard">Reddit</a> |
-    <a href="https://twitter.com/AdGuard">Twitter</a> |
-    <a href="https://t.me/adguard_en">Telegram</a>
-    <br/><br/>
-    <a href="https://codecov.io/github/AdguardTeam/AdGuardHome?branch=master">
-      <img src="https://img.shields.io/codecov/c/github/AdguardTeam/AdGuardHome/master.svg" alt="Code Coverage"/>
-    </a>
-    <a href="https://goreportcard.com/report/AdguardTeam/AdGuardHome">
-      <img src="https://goreportcard.com/badge/github.com/AdguardTeam/AdGuardHome" alt="Go Report Card"/>
-    </a>
-    <a href="https://hub.docker.com/r/adguard/adguardhome">
-        <img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/adguard/adguardhome.svg?maxAge=604800"/>
-    </a>
-    <br/>
-    <a href="https://github.com/AdguardTeam/AdGuardHome/releases">
-        <img src="https://img.shields.io/github/release/AdguardTeam/AdGuardHome/all.svg" alt="Latest release"/>
-    </a>
-    <a href="https://snapcraft.io/adguard-home">
-        <img alt="adguard-home" src="https://snapcraft.io/adguard-home/badge.svg"/>
-    </a>
+  <a href="https://adguard.com/">AdGuard.com</a> |
+  <a href="https://github.com/AdguardTeam/AdGuardHome/wiki">Wiki</a> |
+  <a href="https://reddit.com/r/Adguard">Reddit</a> |
+  <a href="https://twitter.com/AdGuard">Twitter</a> |
+  <a href="https://t.me/adguard_en">Telegram</a>
+  <br/><br/>
+  <a href="https://codecov.io/github/AdguardTeam/AdGuardHome?branch=master">
+    <img src="https://img.shields.io/codecov/c/github/AdguardTeam/AdGuardHome/master.svg" alt="Code Coverage"/>
+  </a>
+  <a href="https://goreportcard.com/report/AdguardTeam/AdGuardHome">
+    <img src="https://goreportcard.com/badge/github.com/AdguardTeam/AdGuardHome" alt="Go Report Card"/>
+  </a>
+  <a href="https://hub.docker.com/r/adguard/adguardhome">
+    <img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/adguard/adguardhome.svg?maxAge=604800"/>
+  </a>
+  <br/>
+  <a href="https://github.com/AdguardTeam/AdGuardHome/releases">
+    <img src="https://img.shields.io/github/release/AdguardTeam/AdGuardHome/all.svg" alt="Latest release"/>
+  </a>
+  <a href="https://snapcraft.io/adguard-home">
+    <img alt="adguard-home" src="https://snapcraft.io/adguard-home/badge.svg"/>
+  </a>
 </p>
 <br/>
 <p align="center">
-    <img src="https://cdn.adtidy.org/public/Adguard/Common/adguard_home.gif" width="800"/>
+  <img src="https://cdn.adtidy.org/public/Adguard/Common/adguard_home.gif" width="800"/>
 </p>
 <hr/>
 
-AdGuard Home is a network-wide software for blocking ads and tracking. After you
-set it up, it'll cover ALL your home devices, and you don't need any client-side
-software for that.
+AdGuard Home is a network-wide software for blocking ads and tracking. After you set it up, it'll cover ALL your home devices, and you don't need any client-side software for that.
 
-It operates as a DNS server that re-routes tracking domains to a “black hole”,
-thus preventing your devices from connecting to those servers.  It's based on
-software we use for our public [AdGuard DNS] servers, and both share a lot of
-code.
+It operates as a DNS server that re-routes tracking domains to a “black hole”, thus preventing your devices from connecting to those servers. It's based on software we use for our public [AdGuard DNS] servers, and both share a lot of code.
 
 [AdGuard DNS]: https://adguard-dns.io/
 
+- [Getting Started](#getting-started)
+    - [Automated install (Linux/Unix/MacOS/FreeBSD/OpenBSD)](#automated-install-linux-and-mac)
+    - [Alternative methods](#alternative-methods)
+    - [Guides](#guides)
+    - [API](#api)
+- [Comparing AdGuard Home to other solutions](#comparison)
+    - [How is this different from public AdGuard DNS servers?](#comparison-adguard-dns)
+    - [How does AdGuard Home compare to Pi-Hole](#comparison-pi-hole)
+    - [How does AdGuard Home compare to traditional ad blockers](#comparison-adblock)
+    - [Known limitations](#comparison-limitations)
+- [How to build from source](#how-to-build)
+    - [Prerequisites](#prerequisites)
+    - [Building](#building)
+- [Contributing](#contributing)
+    - [Test unstable versions](#test-unstable-versions)
+    - [Reporting issues](#reporting-issues)
+    - [Help with translations](#translate)
+    - [Other](#help-other)
+- [Projects that use AdGuard Home](#uses)
+- [Acknowledgments](#acknowledgments)
+- [Privacy](#privacy)
 
+## <a href="#getting-started" id="getting-started" name="getting-started">Getting Started</a>
 
- *  [Getting Started](#getting-started)
-     *  [Automated install (Linux/Unix/MacOS/FreeBSD/OpenBSD)](#automated-install-linux-and-mac)
-     *  [Alternative methods](#alternative-methods)
-     *  [Guides](#guides)
-     *  [API](#api)
- *  [Comparing AdGuard Home to other solutions](#comparison)
-     *  [How is this different from public AdGuard DNS servers?](#comparison-adguard-dns)
-     *  [How does AdGuard Home compare to Pi-Hole](#comparison-pi-hole)
-     *  [How does AdGuard Home compare to traditional ad blockers](#comparison-adblock)
-     *  [Known limitations](#comparison-limitations)
- *  [How to build from source](#how-to-build)
-     *  [Prerequisites](#prerequisites)
-     *  [Building](#building)
- *  [Contributing](#contributing)
-     *  [Test unstable versions](#test-unstable-versions)
-     *  [Reporting issues](#reporting-issues)
-     *  [Help with translations](#translate)
-     *  [Other](#help-other)
- *  [Projects that use AdGuard Home](#uses)
- *  [Acknowledgments](#acknowledgments)
- *  [Privacy](#privacy)
-
-
-
-##  <a href="#getting-started" id="getting-started" name="getting-started">Getting Started</a>
-
-   ###  <a href="#automated-install-linux-and-mac" id="automated-install-linux-and-mac" name="automated-install-linux-and-mac">Automated install (Linux/Unix/MacOS/FreeBSD/OpenBSD)</a>
+### <a href="#automated-install-linux-and-mac" id="automated-install-linux-and-mac" name="automated-install-linux-and-mac">Automated install (Linux/Unix/MacOS/FreeBSD/OpenBSD)</a>
 
 To install with `curl` run the following command:
 
@@ -101,95 +91,70 @@ fetch -o - https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scri
 
 The script also accepts some options:
 
- *  `-c <channel>` to use specified channel;
- *  `-r` to reinstall AdGuard Home;
- *  `-u` to uninstall AdGuard Home;
- *  `-v` for verbose output.
+- `-c <channel>` to use specified channel;
+- `-r` to reinstall AdGuard Home;
+- `-u` to uninstall AdGuard Home;
+- `-v` for verbose output.
 
 Note that options `-r` and `-u` are mutually exclusive.
 
+### <a href="#alternative-methods" id="alternative-methods" name="alternative-methods">Alternative methods</a>
 
+#### <a href="#manual-installation" id="manual-installation" name="manual-installation">Manual installation</a>
 
-   ###  <a href="#alternative-methods" id="alternative-methods" name="alternative-methods">Alternative methods</a>
+Please read the **[Getting Started][wiki-start]** article on our Wiki to learn how to install AdGuard Home manually, and how to configure your devices to use it.
 
-  ####  <a href="#manual-installation" id="manual-installation" name="manual-installation">Manual installation</a>
-
-Please read the **[Getting Started][wiki-start]** article on our Wiki to learn
-how to install AdGuard Home manually, and how to configure your devices to use
-it.
-
-  ####  <a href="#docker" id="docker" name="docker">Docker</a>
+#### <a href="#docker" id="docker" name="docker">Docker</a>
 
 You can use our official Docker image on [Docker Hub].
 
-  ####  <a href="#snap-store" id="snap-store" name="snap-store">Snap Store</a>
+#### <a href="#snap-store" id="snap-store" name="snap-store">Snap Store</a>
 
-If you're running **Linux,** there's a secure and easy way to install AdGuard
-Home: get it from the [Snap Store].
+If you're running **Linux,** there's a secure and easy way to install AdGuard Home: get it from the [Snap Store].
 
 [Docker Hub]: https://hub.docker.com/r/adguard/adguardhome
 [Snap Store]: https://snapcraft.io/adguard-home
 [wiki-start]: https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started
 
-
-
-   ###  <a href="#guides" id="guides" name="guides">Guides</a>
+### <a href="#guides" id="guides" name="guides">Guides</a>
 
 See our [Wiki][wiki].
 
 [wiki]: https://github.com/AdguardTeam/AdGuardHome/wiki
 
+### <a href="#api" id="api" name="api">API</a>
 
-
-   ###  <a href="#api" id="api" name="api">API</a>
-
-If you want to integrate with AdGuard Home, you can use our [REST API][openapi].
-Alternatively, you can use this [python client][pyclient], which is used to
-build the [AdGuard Home Hass.io Add-on][hassio].
+If you want to integrate with AdGuard Home, you can use our [REST API][openapi]. Alternatively, you can use this [python client][pyclient], which is used to build the [AdGuard Home Hass.io Add-on][hassio].
 
 [hassio]:   https://www.home-assistant.io/integrations/adguard/
 [openapi]:  https://github.com/AdguardTeam/AdGuardHome/tree/master/openapi
 [pyclient]: https://pypi.org/project/adguardhome/
 
+## <a href="#comparison" id="comparison" name="comparison">Comparing AdGuard Home to other solutions</a>
 
+### <a href="#comparison-adguard-dns" id="comparison-adguard-dns" name="comparison-adguard-dns">How is this different from public AdGuard DNS servers?</a>
 
-##  <a href="#comparison" id="comparison" name="comparison">Comparing AdGuard Home to other solutions</a>
+Running your own AdGuard Home server allows you to do much more than using a public DNS server. It's a completely different level. See for yourself:
 
-   ###  <a href="#comparison-adguard-dns" id="comparison-adguard-dns" name="comparison-adguard-dns">How is this different from public AdGuard DNS servers?</a>
+- Choose what exactly the server blocks and permits.
 
-Running your own AdGuard Home server allows you to do much more than using a
-public DNS server.  It's a completely different level.  See for yourself:
+- Monitor your network activity.
 
- *  Choose what exactly the server blocks and permits.
+- Add your own custom filtering rules.
 
- *  Monitor your network activity.
+- **Most importantly, it's your own server, and you are the only one who's in control.**
 
- *  Add your own custom filtering rules.
+### <a href="#comparison-pi-hole" id="comparison-pi-hole" name="comparison-pi-hole">How does AdGuard Home compare to Pi-Hole</a>
 
- *  **Most importantly, it's your own server, and you are the only one who's in
-    control.**
+At this point, AdGuard Home has a lot in common with Pi-Hole. Both block ads and trackers using the so-called “DNS sinkholing” method and both allow customizing what's blocked.
 
+> [!NOTE]
+> We're not going to stop here. DNS sinkholing is not a bad starting point, but this is just the beginning.
 
+AdGuard Home provides a lot of features out-of-the-box with no need to install and configure additional software. We want it to be simple to the point when even casual users can set it up with minimal effort.
 
-   ###  <a href="#comparison-pi-hole" id="comparison-pi-hole" name="comparison-pi-hole">How does AdGuard Home compare to Pi-Hole</a>
-
-At this point, AdGuard Home has a lot in common with Pi-Hole.  Both block ads
-and trackers using the so-called “DNS sinkholing” method and both allow
-customizing what's blocked.
-
-<aside>
-We're not going to stop here.  DNS sinkholing is not a bad starting point, but
-this is just the beginning.
-</aside>
-
-AdGuard Home provides a lot of features out-of-the-box with no need to install
-and configure additional software.  We want it to be simple to the point when
-even casual users can set it up with minimal effort.
-
-**Disclaimer:** some of the listed features can be added to Pi-Hole by
-installing additional software or by manually using SSH terminal and
-reconfiguring one of the utilities Pi-Hole consists of.  However, in our
-opinion, this cannot be legitimately counted as a Pi-Hole's feature.
+> [!NOTE]
+> Some of the listed features can be added to Pi-Hole by installing additional software or by manually using SSH terminal and reconfiguring one of the utilities Pi-Hole consists of. However, in our opinion, this cannot be legitimately counted as a Pi-Hole's feature.
 
 | Feature                                                                 | AdGuard&nbsp;Home | Pi-Hole                                                   |
 |-------------------------------------------------------------------------|-------------------|-----------------------------------------------------------|
@@ -207,68 +172,45 @@ opinion, this cannot be legitimately counted as a Pi-Hole's feature.
 | Access settings (choose who can use AGH DNS)                            | ✅                | ❌                                                        |
 | Running [without root privileges][wiki-noroot]                          | ✅                | ❌                                                        |
 
-[wiki-noroot]: https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started#running-without-superuser
+[wiki-noroot]: https://adguard-dns.io/kb/adguard-home/getting-started/#running-without-superuser
 
-
-
-   ###  <a href="#comparison-adblock" id="comparison-adblock" name="comparison-adblock">How does AdGuard Home compare to traditional ad blockers</a>
+### <a href="#comparison-adblock" id="comparison-adblock" name="comparison-adblock">How does AdGuard Home compare to traditional ad blockers</a>
 
 It depends.
 
-DNS sinkholing is capable of blocking a big percentage of ads, but it lacks
-the flexibility and the power of traditional ad blockers.  You can get a good
-impression about the difference between these methods by reading [this
-article][blog-adaway], which compares AdGuard for Android (a traditional ad
-blocker) to hosts-level ad blockers (which are almost identical to DNS-based
-blockers in their capabilities).  This level of protection is enough for some
-users.
+DNS sinkholing is capable of blocking a big percentage of ads, but it lacks the flexibility and the power of traditional ad blockers. You can get a good impression about the difference between these methods by reading [this article][blog-adaway], which compares AdGuard for Android (a traditional ad blocker) to hosts-level ad blockers (which are almost identical to DNS-based blockers in their capabilities). This level of protection is enough for some users.
 
-Additionally, using a DNS-based blocker can help to block ads, tracking and
-analytics requests on other types of devices, such as SmartTVs, smart speakers
-or other kinds of IoT devices (on which you can't install traditional ad
-blockers).
+Additionally, using a DNS-based blocker can help to block ads, tracking and analytics requests on other types of devices, such as SmartTVs, smart speakers or other kinds of IoT devices (on which you can't install traditional ad blockers).
 
-
-
-   ###  <a href="#comparison-limitations" id="comparison-limitations" name="comparison-limitations">Known limitations</a>
+### <a href="#comparison-limitations" id="comparison-limitations" name="comparison-limitations">Known limitations</a>
 
 Here are some examples of what cannot be blocked by a DNS-level blocker:
 
- *  YouTube, Twitch ads;
+- YouTube, Twitch ads;
 
- *  Facebook, Twitter, Instagram sponsored posts.
+- Facebook, Twitter, Instagram sponsored posts.
 
-Essentially, any advertising that shares a domain with content cannot be blocked
-by a DNS-level blocker.
+Essentially, any advertising that shares a domain with content cannot be blocked by a DNS-level blocker.
 
-Is there a chance to handle this in the future?  DNS will never be enough to do
-this.  Our only option is to use a content blocking proxy like what we do in the
-standalone AdGuard applications.  We're [going to bring][issue-1228] this
-feature support to AdGuard Home in the future.  Unfortunately, even in this
-case, there still will be cases when this won't be enough or would require quite
-a complicated configuration.
+Is there a chance to handle this in the future?  DNS will never be enough to do this. Our only option is to use a content blocking proxy like what we do in the standalone AdGuard applications. We're [going to bring][issue-1228] this feature support to AdGuard Home in the future. Unfortunately, even in this case, there still will be cases when this won't be enough or would require quite a complicated configuration.
 
 [blog-adaway]: https://adguard.com/blog/adguard-vs-adaway-dns66.html
 [issue-1228]:  https://github.com/AdguardTeam/AdGuardHome/issues/1228
 
+## <a href="#how-to-build" id="how-to-build" name="how-to-build">How to build from source</a>
 
-
-##  <a href="#how-to-build" id="how-to-build" name="how-to-build">How to build from source</a>
-
-   ###  <a href="#prerequisites" id="prerequisites" name="prerequisites">Prerequisites</a>
+### <a href="#prerequisites" id="prerequisites" name="prerequisites">Prerequisites</a>
 
 Run `make init` to prepare the development environment.
 
 You will need this to build AdGuard Home:
 
- *  [Go](https://golang.org/dl/) v1.20 or later;
- *  [Node.js](https://nodejs.org/en/download/) v16 or later;
- *  [npm](https://www.npmjs.com/) v8 or later;
- *  [yarn](https://yarnpkg.com/) v1.22.5 or later.
+- [Go](https://golang.org/dl/) v1.22 or later;
+- [Node.js](https://nodejs.org/en/download/) v16 or later;
+- [npm](https://www.npmjs.com/) v8 or later;
+- [yarn](https://yarnpkg.com/) v1.22.5 or later.
 
-
-
-   ###  <a href="#building" id="building" name="building">Building</a>
+### <a href="#building" id="building" name="building">Building</a>
 
 Open your terminal and execute these commands:
 
@@ -278,18 +220,22 @@ cd AdGuardHome
 make
 ```
 
-**NOTE:**  The non-standard `-j` flag is currently not supported, so building
-with `make -j 4` or setting your `MAKEFLAGS` to include, for example, `-j 4` is
-likely to break the build.  If you do have your `MAKEFLAGS` set to that, and you
-don't want to change it, you can override it by running `make -j 1`.
+#### <a href="#building-node" id="building-node" name="building-node">Building with Node.js 17 and later</a>
+
+In order to build AdGuard Home with Node.js 17 and later, specify `--openssl-legacy-provider` option.
+
+```sh
+export NODE_OPTIONS=--openssl-legacy-provider
+```
+
+> [!WARNING]
+> The non-standard `-j` flag is currently not supported, so building with `make -j 4` or setting your `MAKEFLAGS` to include, for example, `-j 4` is likely to break the build. If you do have your `MAKEFLAGS` set to that, and you don't want to change it, you can override it by running `make -j 1`.
 
 Check the [`Makefile`][src-makefile] to learn about other commands.
 
-  #### <a href="#building-cross" id="building-cross" name="building-cross">Building for a different platform</a>
+#### <a href="#building-cross" id="building-cross" name="building-cross">Building for a different platform</a>
 
-You can build AdGuard Home for any OS/ARCH that Go supports.  In order to do
-this, specify `GOOS` and `GOARCH` environment variables as macros when running
-`make`.
+You can build AdGuard Home for any OS/ARCH that Go supports. In order to do this, specify `GOOS` and `GOARCH` environment variables as macros when running `make`.
 
 For example:
 
@@ -303,10 +249,9 @@ or:
 make GOOS='linux' GOARCH='arm64'
 ```
 
-  ####  <a href="#preparing-releases" id="preparing-releases" name="preparing-releases">Preparing releases</a>
+#### <a href="#preparing-releases" id="preparing-releases" name="preparing-releases">Preparing releases</a>
 
-You'll need [`snapcraft`] to prepare a release build.  Once installed, run the
-following command:
+You'll need [`snapcraft`] to prepare a release build. Once installed, run the following command:
 
 ```sh
 make build-release CHANNEL='...' VERSION='...'
@@ -314,47 +259,39 @@ make build-release CHANNEL='...' VERSION='...'
 
 See the [`build-release` target documentation][targ-release].
 
-  ####  <a href="#docker-image" id="docker-image" name="docker-image">Docker image</a>
+#### <a href="#docker-image" id="docker-image" name="docker-image">Docker image</a>
 
-Run `make build-docker` to build the Docker image locally (the one that we
-publish to DockerHub).  Please note, that we're using [Docker Buildx][buildx] to
-build our official image.
+Run `make build-docker` to build the Docker image locally (the one that we publish to DockerHub). Please note, that we're using [Docker Buildx][buildx] to build our official image.
 
 You may need to prepare before using these builds:
 
- *  (Linux-only) Install Qemu:
+- (Linux-only) Install Qemu:
 
-    ```sh
-    docker run --rm --privileged multiarch/qemu-user-static --reset -p yes --credential yes
-    ```
+  ```sh
+  docker run --rm --privileged multiarch/qemu-user-static --reset -p yes --credential yes
+  ```
 
- *  Prepare the builder:
+- Prepare the builder:
 
-    ```sh
-    docker buildx create --name buildx-builder --driver docker-container --use
-    ```
+  ```sh
+  docker buildx create --name buildx-builder --driver docker-container --use
+  ```
 
 See the [`build-docker` target documentation][targ-docker].
 
-  ####  <a href="#debugging-the-frontend" id="debugging-the-frontend" name="debugging-the-frontend">Debugging the frontend</a>
+#### <a href="#debugging-the-frontend" id="debugging-the-frontend" name="debugging-the-frontend">Debugging the frontend</a>
 
-When you need to debug the frontend without recompiling the production version
-every time, for example to check how your labels would look on a form, you can
-run the frontend build a development environment.
+When you need to debug the frontend without recompiling the production version every time, for example to check how your labels would look on a form, you can run the frontend build a development environment.
 
-1.  In a separate terminal, run:
+1. In a separate terminal, run:
 
-    ```sh
-    ( cd ./client/ && env NODE_ENV='development' npm run watch )
-    ```
+   ```sh
+   ( cd ./client/ && env NODE_ENV='development' npm run watch )
+   ```
 
-2.  Run your `AdGuardHome` binary with the `--local-frontend` flag, which
-    instructs AdGuard Home to ignore the built-in frontend files and use those
-    from the `./build/` directory.
+2. Run your `AdGuardHome` binary with the `--local-frontend` flag, which instructs AdGuard Home to ignore the built-in frontend files and use those from the `./build/` directory.
 
-3.  Now any changes you make in the `./client/` directory should be recompiled
-    and become available on the web UI.  Make sure that you disable the browser
-    cache to make sure that you actually get the recompiled version.
+3. Now any changes you make in the `./client/` directory should be recompiled and become available on the web UI. Make sure that you disable the browser cache to make sure that you actually get the recompiled version.
 
 [`snapcraft`]:  https://snapcraft.io/
 [buildx]:       https://docs.docker.com/buildx/working-with-buildx/
@@ -362,169 +299,120 @@ run the frontend build a development environment.
 [targ-docker]:  https://github.com/AdguardTeam/AdGuardHome/tree/master/scripts#build-dockersh-build-a-multi-architecture-docker-image
 [targ-release]: https://github.com/AdguardTeam/AdGuardHome/tree/master/scripts#build-releasesh-build-a-release-for-all-platforms
 
-
-
 ## <a href="#contributing" id="contributing" name="contributing">Contributing</a>
 
-You are welcome to fork this repository, make your changes and [submit a pull
-request][pr].  Please make sure you follow our [code guidelines][guide] though.
+You are welcome to fork this repository, make your changes and [submit a pull request][pr]. Please make sure you follow our [code guidelines][guide] though.
 
-Please note that we don't expect people to contribute to both UI and backend
-parts of the program simultaneously.  Ideally, the backend part is implemented
-first, i.e. configuration, API, and the functionality itself.  The UI part can
-be implemented later in a different pull request by a different person.
+Please note that we don't expect people to contribute to both UI and backend parts of the program simultaneously. Ideally, the backend part is implemented first, i.e. configuration, API, and the functionality itself. The UI part can be implemented later in a different pull request by a different person.
 
 [guide]: https://github.com/AdguardTeam/CodeGuidelines/
 [pr]:    https://github.com/AdguardTeam/AdGuardHome/pulls
 
-
-
-   ###  <a href="#test-unstable-versions" id="test-unstable-versions" name="test-unstable-versions">Test unstable versions</a>
+### <a href="#test-unstable-versions" id="test-unstable-versions" name="test-unstable-versions">Test unstable versions</a>
 
 There are two update channels that you can use:
 
- *  `beta`: beta versions of AdGuard Home.  More or less stable versions,
-    usually released every two weeks or more often.
+- `beta`: beta versions of AdGuard Home. More or less stable versions, usually released every two weeks or more often.
 
- *  `edge`: the newest version of AdGuard Home from the development branch.  New
-    updates are pushed to this channel daily.
+- `edge`: the newest version of AdGuard Home from the development branch. New updates are pushed to this channel daily.
 
 There are three options how you can install an unstable version:
 
-1.  [Snap Store]: look for the `beta` and `edge` channels.
+1. [Snap Store]: look for the `beta` and `edge` channels.
 
-2.  [Docker Hub]: look for the `beta` and `edge` tags.
+2. [Docker Hub]: look for the `beta` and `edge` tags.
 
-3.  Standalone builds.  Use the automated installation script or look for the
-    available builds [on the Wiki][wiki-platf].
+3. Standalone builds. Use the automated installation script or look for the available builds [on the Wiki][wiki-platf].
 
-    Script to install a beta version:
+   Script to install a beta version:
 
-    ```sh
-    curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -c beta
-    ```
+   ```sh
+   curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -c beta
+   ```
 
-    Script to install an edge version:
+   Script to install an edge version:
+
+   ```sh
+   curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -c edge
+   ```
 
-    ```sh
-    curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -c edge
-    ```
 [wiki-platf]: https://github.com/AdguardTeam/AdGuardHome/wiki/Platforms
 
+### <a href="#reporting-issues" id="reporting-issues" name="reporting-issues">Report issues</a>
 
-
-   ###  <a href="#reporting-issues" id="reporting-issues" name="reporting-issues">Report issues</a>
-
-If you run into any problem or have a suggestion, head to [this page][iss] and
-click on the “New issue” button.  Please follow the instructions in the issue
-form carefully and don't forget to start by searching for duplicates.
+If you run into any problem or have a suggestion, head to [this page][iss] and click on the “New issue” button. Please follow the instructions in the issue form carefully and don't forget to start by searching for duplicates.
 
 [iss]: https://github.com/AdguardTeam/AdGuardHome/issues
 
+### <a href="#translate" id="translate" name="translate">Help with translations</a>
 
-
-   ###  <a href="#translate" id="translate" name="translate">Help with translations</a>
-
-If you want to help with AdGuard Home translations, please learn more about
-translating AdGuard products [in our Knowledge Base][kb-trans].  You can
-contribute to the [AdGuardHome project on CrowdIn][crowdin].
+If you want to help with AdGuard Home translations, please learn more about translating AdGuard products [in our Knowledge Base][kb-trans]. You can contribute to the [AdGuardHome project on CrowdIn][crowdin].
 
 [crowdin]:  https://crowdin.com/project/adguard-applications/en#/adguard-home
 [kb-trans]: https://kb.adguard.com/en/general/adguard-translations
 
+### <a href="#help-other" id="help-other" name="help-other">Other</a>
 
-
-   ###  <a href="#help-other" id="help-other" name="help-other">Other</a>
-
-Another way you can contribute is by [looking for issues][iss-help] marked as
-`help wanted`, asking if the issue is up for grabs, and sending a PR fixing the
-bug or implementing the feature.
+Another way you can contribute is by [looking for issues][iss-help] marked as `help wanted`, asking if the issue is up for grabs, and sending a PR fixing the bug or implementing the feature.
 
 [iss-help]: https://github.com/AdguardTeam/AdGuardHome/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22
 
-
-
 ## <a href="#uses" id="uses" name="uses">Projects that use AdGuard Home</a>
 
-<!--
-    TODO(a.garipov): Use reference links.
--->
+Please note that these projects are not affiliated with AdGuard, but are made by third-party developers and fans.
 
- *  [AdGuard Home Remote](https://apps.apple.com/app/apple-store/id1543143740):
-    iOS app by [Joost](https://rocketscience-it.nl/).
+- [AdGuard Home Remote](https://apps.apple.com/app/apple-store/id1543143740): iOS app by [Joost](https://rocketscience-it.nl/).
 
- *  [Python library](https://github.com/frenck/python-adguardhome) by
-    [@frenck](https://github.com/frenck).
+- [Python library](https://github.com/frenck/python-adguardhome) by [@frenck](https://github.com/frenck).
 
- *  [Home Assistant add-on](https://github.com/hassio-addons/addon-adguard-home)
-    by [@frenck](https://github.com/frenck).
+- [Home Assistant add-on](https://github.com/hassio-addons/addon-adguard-home) by [@frenck](https://github.com/frenck).
 
- *  [OpenWrt LUCI app](https://github.com/kongfl888/luci-app-adguardhome) by
-    [@kongfl888](https://github.com/kongfl888) (originally by
-    [@rufengsuixing](https://github.com/rufengsuixing)).
+- [OpenWrt LUCI app](https://github.com/kongfl888/luci-app-adguardhome) by [@kongfl888](https://github.com/kongfl888) (originally by [@rufengsuixing](https://github.com/rufengsuixing)).
 
- *  [Prometheus exporter for AdGuard
-    Home](https://github.com/ebrianne/adguard-exporter) by
-    [@ebrianne](https://github.com/ebrianne).
+- [AdGuardHome sync](https://github.com/bakito/adguardhome-sync) by [@bakito](https://github.com/bakito).
 
- *  [Terminal-based, real-time traffic monitoring and statistics for your AdGuard Home
-    instance](https://github.com/Lissy93/AdGuardian-Term) by
-    [@Lissy93](https://github.com/Lissy93)
+- [Terminal-based, real-time traffic monitoring and statistics for your AdGuard Home instance](https://github.com/Lissy93/AdGuardian-Term) by [@Lissy93](https://github.com/Lissy93)
 
- *  [AdGuard Home on GLInet
-    routers](https://forum.gl-inet.com/t/adguardhome-on-gl-routers/10664) by
-    [Gl-Inet](https://gl-inet.com/).
+- [AdGuard Home on GLInet routers](https://forum.gl-inet.com/t/adguardhome-on-gl-routers/10664) by [Gl-Inet](https://gl-inet.com/).
 
- *  [Cloudron app](https://git.cloudron.io/cloudron/adguard-home-app) by
-    [@gramakri](https://github.com/gramakri).
+- [Cloudron app](https://git.cloudron.io/cloudron/adguard-home-app) by [@gramakri](https://github.com/gramakri).
 
- *  [Asuswrt-Merlin-AdGuardHome-Installer](https://github.com/jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer)
-    by [@jumpsmm7](https://github.com/jumpsmm7) aka
-    [@SomeWhereOverTheRainBow](https://www.snbforums.com/members/somewhereovertherainbow.64179/).
+- [Asuswrt-Merlin-AdGuardHome-Installer](https://github.com/jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer) by [@jumpsmm7](https://github.com/jumpsmm7) aka [@SomeWhereOverTheRainBow](https://www.snbforums.com/members/somewhereovertherainbow.64179/).
 
- *  [Node.js library](https://github.com/Andrea055/AdguardHomeAPI) by
-    [@Andrea055](https://github.com/Andrea055/).
+- [Node.js library](https://github.com/Andrea055/AdguardHomeAPI) by [@Andrea055](https://github.com/Andrea055/).
 
+- [Browser Extension](https://github.com/satheshshiva/Adguard-Home-Browser-Ext) by [@satheshshiva](https://github.com/satheshshiva/).
 
+- [Zabbix Template for AdGuard Home](https://github.com/diasdmhub/AdGuard_Home_Zabbix_Template) by [@diasdmhub](https://github.com/diasdmhub).
+
+- [Chocolatey package](https://community.chocolatey.org/packages/adguardhome/) by [niks255](https://community.chocolatey.org/profiles/niks255).
 
 ## <a href="#acknowledgments" id="acknowledgments" name="acknowledgments">Acknowledgments</a>
 
-<!--
-    TODO(a.garipov): Use reference links.
--->
-
 This software wouldn't have been possible without:
 
- *  [Go](https://golang.org/dl/) and its libraries:
-     *  [gcache](https://github.com/bluele/gcache)
-     *  [miekg's dns](https://github.com/miekg/dns)
-     *  [go-yaml](https://github.com/go-yaml/yaml)
-     *  [service](https://godoc.org/github.com/kardianos/service)
-     *  [dnsproxy](https://github.com/AdguardTeam/dnsproxy)
-     *  [urlfilter](https://github.com/AdguardTeam/urlfilter)
- *  [Node.js](https://nodejs.org/) and its libraries:
-     *  And many more Node.js packages.
-     *  [React.js](https://reactjs.org)
-     *  [Tabler](https://github.com/tabler/tabler)
- *  [whotracks.me data](https://github.com/cliqz-oss/whotracks.me)
+- [Go](https://golang.org/dl/) and its libraries:
+    - [gcache](https://github.com/bluele/gcache)
+    - [miekg's dns](https://github.com/miekg/dns)
+    - [go-yaml](https://github.com/go-yaml/yaml)
+    - [service](https://godoc.org/github.com/kardianos/service)
+    - [dnsproxy](https://github.com/AdguardTeam/dnsproxy)
+    - [urlfilter](https://github.com/AdguardTeam/urlfilter)
+- [Node.js](https://nodejs.org/) and its libraries:
+    - [React.js](https://reactjs.org)
+    - [Tabler](https://github.com/tabler/tabler)
+    - And many more Node.js packages.
+- [whotracks.me data](https://github.com/cliqz-oss/whotracks.me)
 
-You might have seen that [CoreDNS] was mentioned here before, but we've stopped
-using it in AdGuard Home.
+You might have seen that [CoreDNS] was mentioned here before, but we've stopped using it in AdGuard Home.
 
-For the full list of all Node.js packages in use, please take a look at
-[`client/package.json`][src-packagejson] file.
+For the full list of all Node.js packages in use, please take a look at [`client/package.json`][src-packagejson] file.
 
 [CoreDNS]:         https://coredns.io
 [src-packagejson]: https://github.com/AdguardTeam/AdGuardHome/blob/master/client/package.json
 
+## <a href="#privacy" id="privacy" name="privacy">Privacy</a>
 
-
-##  <a href="#privacy" id="privacy" name="privacy">Privacy</a>
-
-Our main idea is that you are the one, who should be in control of your data.
-So it is only natural, that AdGuard Home does not collect any usage statistics,
-and does not use any web services unless you configure it to do so.  See also
-the [full privacy policy][privacy] with every bit that *could in theory be sent*
-by AdGuard Home is available.
+Our main idea is that you are the one, who should be in control of your data. So it is only natural, that AdGuard Home does not collect any usage statistics, and does not use any web services unless you configure it to do so. See also the [full privacy policy][privacy] with every bit that *could in theory be sent* by AdGuard Home is available.
 
 [privacy]: https://adguard.com/en/privacy/home.html

SECURITY.md

@@ -1,18 +1,13 @@
- #  Security Policy
+# Security Policy
 
-## Reporting a Vulnerability
+## Reporting vulnerabilities
 
-Please send your vulnerability reports to <security@adguard.com>.  To make sure
-that your report reaches us, please:
+Please send your vulnerability reports to <security@adguard.com>.  To make sure that your report reaches us, please:
 
-1.  Include the words “AdGuard Home” and “vulnerability” to the subject line as
-    well as a short description of the vulnerability.  For example:
+1. Include the words “AdGuard Home” and “vulnerability” to the subject line as well as a short description of the vulnerability.  For example:
 
-     >  AdGuard Home API vulnerability: possible XSS attack
+   > AdGuard Home API vulnerability: possible XSS attack
 
-2.  Make sure that the message body contains a clear description of the
-    vulnerability.
+1. Make sure that the message body contains a clear description of the vulnerability.
 
-If you have not received a reply to your email within 7 days, please make sure
-to follow up with us again at <security@adguard.com>.  Once again, make sure
-that the word “vulnerability” is in the subject line.
+If you have not received a reply to your email within 7 days, please make sure to follow up with us again at <security@adguard.com>.  Once again, make sure that the word “vulnerability” is in the subject line.

bamboo-specs/release.yaml

@@ -7,7 +7,8 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
     'channel': 'edge'
-    'dockerGo': 'adguard/golang-ubuntu:7.5'
+    'dockerFrontend': 'adguard/home-js-builder:1.1'
+    'dockerGo': 'adguard/go-builder:1.22.3--1'
 
 'stages':
   - 'Build frontend':
@@ -41,8 +42,13 @@
           - 'Publish to GitHub Releases'
 
 'Build frontend':
+    'artifacts':
+      - 'name': 'AdGuardHome frontend'
+        'pattern': 'build/**'
+        'shared': true
+        'required': true
     'docker':
-        'image': '${bamboo.dockerGo}'
+        'image': '${bamboo.dockerFrontend}'
         'volumes':
             '${system.YARN_DIR}': '${bamboo.cacheYarn}'
     'key': 'BF'
@@ -59,19 +65,21 @@
 
                 set -e -f -u -x
 
-                # Explicitly checkout the revision that we need.
-                git checkout "${bamboo.repository.revision.number}"
-
-                make js-deps js-build
-    'artifacts':
-      - 'name': 'AdGuardHome frontend'
-        'pattern': 'build/**'
-        'shared': true
-        'required': true
+                make\
+                        VERBOSE=1\
+                        js-deps js-build
     'requirements':
       - 'adg-docker': 'true'
 
 'Make release':
+    'artifact-subscriptions':
+      - 'artifact': 'AdGuardHome frontend'
+    # TODO(a.garipov): Use more fine-grained artifact rules.
+    'artifacts':
+      - 'name': 'AdGuardHome dists'
+        'pattern': 'dist/**'
+        'shared': true
+        'required': true
     'docker':
         'image': '${bamboo.dockerGo}'
         'volumes':
@@ -91,9 +99,6 @@
 
                 set -e -f -u -x
 
-                # Explicitly checkout the revision that we need.
-                git checkout "${bamboo.repository.revision.number}"
-
                 # Run the build with the specified channel.
                 echo "${bamboo.gpgSecretKeyPart1}${bamboo.gpgSecretKeyPart2}"\
                         | awk '{ gsub(/\\n/, "\n"); print; }'\
@@ -106,12 +111,6 @@
                         PARALLELISM=1\
                         VERBOSE=2\
                         build-release
-    # TODO(a.garipov): Use more fine-grained artifact rules.
-    'artifacts':
-      - 'name': 'AdGuardHome dists'
-        'pattern': 'dist/**'
-        'shared': true
-        'required': true
     'requirements':
       - 'adg-docker': 'true'
 
@@ -130,13 +129,6 @@
 
                 set -e -f -u -x
 
-                COMMIT="${bamboo.repository.revision.number}"
-                export COMMIT
-                readonly COMMIT
-
-                # Explicitly checkout the revision that we need.
-                git checkout "$COMMIT"
-
                 # Install Qemu, create builder.
                 docker version -f '{{ .Server.Experimental }}'
                 docker buildx rm buildx-builder || :
@@ -157,6 +149,7 @@
                 # Prepare and push the build.
                 env\
                         CHANNEL="${bamboo.channel}"\
+                        COMMIT="${bamboo.repository.revision.number}"\
                         DIST_DIR='dist'\
                         DOCKER_IMAGE_NAME='adguard/adguardhome'\
                         DOCKER_OUTPUT="type=image,name=adguard/adguardhome,push=true"\
@@ -256,7 +249,7 @@
     'recipients':
       - 'webhook':
             'name': 'Build webhook'
-            'url': 'http://prod.jirahub.service.eu.consul/v1/webhook/bamboo?channel=adguard-qa'
+            'url': 'http://prod.jirahub.service.eu.consul/v1/webhook/bamboo?channel=adguard-qa-dns-builds'
 
 'labels': []
 'other':
@@ -272,7 +265,8 @@
         # need to build a few of these.
         'variables':
             'channel': 'beta'
-            'dockerGo': 'adguard/golang-ubuntu:7.5'
+            'dockerFrontend': 'adguard/home-js-builder:1.1'
+            'dockerGo': 'adguard/go-builder:1.22.3--1'
     # release-vX.Y.Z branches are the branches from which the actual final
     # release is built.
   - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
@@ -287,4 +281,5 @@
         # are the ones that actually get released.
         'variables':
             'channel': 'release'
-            'dockerGo': 'adguard/golang-ubuntu:7.5'
+            'dockerFrontend': 'adguard/home-js-builder:1.1'
+            'dockerGo': 'adguard/go-builder:1.22.3--1'

bamboo-specs/snapcraft.yaml

@@ -10,7 +10,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
     'channel': 'edge'
-    'dockerGo': 'adguard/golang-ubuntu:7.5'
+    'dockerSnap': 'adguard/snap-builder:1.1'
     'snapcraftChannel': 'edge'
 
 'stages':
@@ -53,7 +53,7 @@
         'shared': true
         'required': true
     'docker':
-        'image': '${bamboo.dockerGo}'
+        'image': '${bamboo.dockerSnap}'
     'key': 'DR'
     'other':
         'clean-working-dir': true
@@ -99,7 +99,7 @@
         'shared': true
         'required': true
     'docker':
-        'image': '${bamboo.dockerGo}'
+        'image': '${bamboo.dockerSnap}'
     'key': 'BP'
     'other':
         'clean-working-dir': true
@@ -127,7 +127,7 @@
       - 'artifact': 'armhf_snap'
       - 'artifact': 'arm64_snap'
     'docker':
-        'image': '${bamboo.dockerGo}'
+        'image': '${bamboo.dockerSnap}'
     'key': 'PTS'
     'other':
         'clean-working-dir': true
@@ -175,7 +175,7 @@
     'recipients':
       - 'webhook':
             'name': 'Build webhook'
-            'url': 'http://prod.jirahub.service.eu.consul/v1/webhook/bamboo?channel=adguard-qa'
+            'url': 'http://prod.jirahub.service.eu.consul/v1/webhook/bamboo?channel=adguard-qa-dns-builds'
 
 'labels': []
 'other':
@@ -191,7 +191,7 @@
         # need to build a few of these.
         'variables':
             'channel': 'beta'
-            'dockerGo': 'adguard/golang-ubuntu:7.5'
+            'dockerSnap': 'adguard/snap-builder:1.1'
             'snapcraftChannel': 'beta'
     # release-vX.Y.Z branches are the branches from which the actual final
     # release is built.
@@ -207,5 +207,5 @@
         # are the ones that actually get released.
         'variables':
             'channel': 'release'
-            'dockerGo': 'adguard/golang-ubuntu:7.5'
+            'dockerSnap': 'adguard/snap-builder:1.1'
             'snapcraftChannel': 'candidate'

bamboo-specs/test.yaml

@@ -5,14 +5,23 @@
     'key': 'AHBRTSPECS'
     'name': 'AdGuard Home - Build and run tests'
 'variables':
-    'dockerGo': 'adguard/golang-ubuntu:7.5'
+    'dockerFrontend': 'adguard/home-js-builder:1.1'
+    'dockerGo': 'adguard/go-builder:1.22.3--1'
+    'channel': 'development'
 
 'stages':
   - 'Tests':
         'manual': false
         'final': false
         'jobs':
-          - 'Test'
+          - 'Test frontend'
+          - 'Test backend'
+
+  - 'Frontend':
+        manual: false
+        final: false
+        jobs:
+          - 'Build frontend'
 
   - 'Artifact':
         manual: false
@@ -20,14 +29,12 @@
         jobs:
           - 'Artifact'
 
-'Test':
+'Test frontend':
     'docker':
-        'image': '${bamboo.dockerGo}'
+        'image': '${bamboo.dockerFrontend}'
         'volumes':
             '${system.YARN_DIR}': '${bamboo.cacheYarn}'
-            '${system.GO_CACHE_DIR}': '${bamboo.cacheGo}'
-            '${system.GO_PKG_CACHE_DIR}': '${bamboo.cacheGoPkg}'
-    'key': 'TEST'
+    'key': 'JSTEST'
     'other':
         'clean-working-dir': true
     'tasks':
@@ -41,13 +48,91 @@
 
                 set -e -f -u -x
 
-                make VERBOSE=1 ci go-tools lint
+                make VERBOSE=1 js-deps js-lint js-test
     'final-tasks':
       - 'clean'
     'requirements':
       - 'adg-docker': 'true'
 
+'Test backend':
+    'docker':
+        'image': '${bamboo.dockerGo}'
+        'volumes':
+            '${system.GO_CACHE_DIR}': '${bamboo.cacheGo}'
+            '${system.GO_PKG_CACHE_DIR}': '${bamboo.cacheGoPkg}'
+    'key': 'GOTEST'
+    'other':
+        'clean-working-dir': true
+    'tasks':
+      - 'checkout':
+            'force-clean-build': true
+      - 'script':
+            'interpreter': 'SHELL'
+            'scripts':
+              - |
+                #!/bin/sh
+
+                set -e -f -u -x
+
+                make\
+                    GOMAXPROCS=1\
+                    VERBOSE=1\
+                    go-deps go-tools go-lint
+
+                make\
+                    VERBOSE=1\
+                    go-test
+    'final-tasks':
+      - 'clean'
+    'requirements':
+      - 'adg-docker': 'true'
+
+'Build frontend':
+    'artifacts':
+      - 'name': 'AdGuardHome frontend'
+        'pattern': 'build/**'
+        'shared': true
+        'required': true
+    'docker':
+        'image': '${bamboo.dockerFrontend}'
+        'volumes':
+            '${system.YARN_DIR}': '${bamboo.cacheYarn}'
+    'key': 'BF'
+    'other':
+         'clean-working-dir': true
+    'tasks':
+      - 'checkout':
+            'force-clean-build': true
+      - 'script':
+            'interpreter': 'SHELL'
+            'scripts':
+              - |-
+                #!/bin/sh
+
+                set -e -f -u -x
+
+                make\
+                        VERBOSE=1\
+                        js-deps js-build
+    'requirements':
+      - 'adg-docker': 'true'
+
 'Artifact':
+    'artifact-subscriptions':
+      - 'artifact': 'AdGuardHome frontend'
+    'artifacts':
+      - 'name': 'AdGuardHome_windows_amd64'
+        'pattern': 'dist/AdGuardHome_windows_amd64.zip'
+        'shared': true
+        'required': true
+      - 'name': 'AdGuardHome_darwin_amd64'
+        'pattern': 'dist/AdGuardHome_darwin_amd64.zip'
+        'shared': true
+        'required': true
+      - 'name': 'AdGuardHome_linux_amd64'
+        'pattern': 'dist/AdGuardHome_linux_amd64.tar.gz'
+        'shared': true
+        'required': true
     'docker':
         'image': '${bamboo.dockerGo}'
         'volumes':
@@ -67,30 +152,15 @@
 
                 set -e -f -u -x
 
-                # Explicitly checkout the revision that we need.
-                git checkout "${bamboo.repository.revision.number}"
-
                 make\
                         ARCH="amd64"\
+                        CHANNEL=${bamboo.channel}\
+                        FRONTEND_PREBUILT=1\
                         OS="windows darwin linux"\
-                        CHANNEL="development"\
-                        SIGN=0\
                         PARALLELISM=1\
+                        SIGN=0\
                         VERBOSE=2\
                         build-release
-    'artifacts':
-      - 'name': 'AdGuardHome_windows_amd64'
-        'pattern': 'dist/AdGuardHome_windows_amd64.zip'
-        'shared': true
-        'required': true
-      - 'name': 'AdGuardHome_darwin_amd64'
-        'pattern': 'dist/AdGuardHome_darwin_amd64.zip'
-        'shared': true
-        'required': true
-      - 'name': 'AdGuardHome_linux_amd64'
-        'pattern': 'dist/AdGuardHome_linux_amd64.tar.gz'
-        'shared': true
-        'required': true
     'requirements':
       - 'adg-docker': 'true'
 
@@ -115,3 +185,15 @@
 'labels': []
 'other':
     'concurrent-build-plugin': 'system-default'
+
+'branch-overrides':
+    # rc-vX.Y.Z branches are the release candidate branches. They are created
+    # from the release branch and are used to build the release candidate
+    # images.
+  - '^rc-v[0-9]+\.[0-9]+\.[0-9]+':
+        # Set the default release channel on the release branch to beta, as we
+        # may need to build a few of these.
+        'variables':
+            'dockerFrontend': 'adguard/home-js-builder:1.1'
+            'dockerGo': 'adguard/go-builder:1.22.3--1'
+            'channel': 'candidate'

client/package-lock.json

@@ -11,6 +11,7 @@
                 "@nivo/line": "^0.64.0",
                 "axios": "^0.19.2",
                 "classnames": "^2.2.6",
+                "countries-and-timezones": "^3.6.0",
                 "date-fns": "^1.29.0",
                 "i18next": "^19.6.2",
                 "i18next-browser-languagedetector": "^4.2.0",
@@ -37,7 +38,6 @@
                 "redux-actions": "^2.6.5",
                 "redux-form": "^8.3.5",
                 "redux-thunk": "^2.3.0",
-                "timezones-list": "^3.0.2",
                 "url-polyfill": "^1.1.9"
             },
             "devDependencies": {
@@ -5596,6 +5596,15 @@
                 "node": ">=8"
             }
         },
+        "node_modules/countries-and-timezones": {
+            "version": "3.6.0",
+            "resolved": "https://registry.npmjs.org/countries-and-timezones/-/countries-and-timezones-3.6.0.tgz",
+            "integrity": "sha512-8/nHBCs1eKeQ1jnsZVGdqrLYxS8nPcfJn8PnmxdJXWRLZdXsGFR8gnVhRjatGDBjqmPm7H+FtYpBYTPWd0Eiqg==",
+            "engines": {
+                "node": ">=8.x",
+                "npm": ">=5.x"
+            }
+        },
         "node_modules/create-ecdh": {
             "version": "4.0.3",
             "resolved": "https://registry.npmjs.org/create-ecdh/-/create-ecdh-4.0.3.tgz",
@@ -18881,11 +18890,6 @@
                 "node": ">=0.6.0"
             }
         },
-        "node_modules/timezones-list": {
-            "version": "3.0.2",
-            "resolved": "https://registry.npmjs.org/timezones-list/-/timezones-list-3.0.2.tgz",
-            "integrity": "sha512-I698hm6Jp/xxkwyTSOr39pZkYKETL8LDJeSIhjxXBfPUAHM5oZNuQ4o9UK3PSkDBOkjATecSOBb3pR1IkIBUsg=="
-        },
         "node_modules/tiny-invariant": {
             "version": "1.1.0",
             "resolved": "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.1.0.tgz",
@@ -25268,6 +25272,11 @@
                 "yaml": "^1.7.2"
             }
         },
+        "countries-and-timezones": {
+            "version": "3.6.0",
+            "resolved": "https://registry.npmjs.org/countries-and-timezones/-/countries-and-timezones-3.6.0.tgz",
+            "integrity": "sha512-8/nHBCs1eKeQ1jnsZVGdqrLYxS8nPcfJn8PnmxdJXWRLZdXsGFR8gnVhRjatGDBjqmPm7H+FtYpBYTPWd0Eiqg=="
+        },
         "create-ecdh": {
             "version": "4.0.3",
             "resolved": "https://registry.npmjs.org/create-ecdh/-/create-ecdh-4.0.3.tgz",
@@ -35674,11 +35683,6 @@
                 "setimmediate": "^1.0.4"
             }
         },
-        "timezones-list": {
-            "version": "3.0.2",
-            "resolved": "https://registry.npmjs.org/timezones-list/-/timezones-list-3.0.2.tgz",
-            "integrity": "sha512-I698hm6Jp/xxkwyTSOr39pZkYKETL8LDJeSIhjxXBfPUAHM5oZNuQ4o9UK3PSkDBOkjATecSOBb3pR1IkIBUsg=="
-        },
         "tiny-invariant": {
             "version": "1.1.0",
             "resolved": "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.1.0.tgz",

client/package.json

@@ -16,6 +16,7 @@
         "@nivo/line": "^0.64.0",
         "axios": "^0.19.2",
         "classnames": "^2.2.6",
+        "countries-and-timezones": "^3.6.0",
         "date-fns": "^1.29.0",
         "i18next": "^19.6.2",
         "i18next-browser-languagedetector": "^4.2.0",
@@ -42,7 +43,6 @@
         "redux-actions": "^2.6.5",
         "redux-form": "^8.3.5",
         "redux-thunk": "^2.3.0",
-        "timezones-list": "^3.0.2",
         "url-polyfill": "^1.1.9"
     },
     "devDependencies": {

client/src/__locales/ar.json

@@ -1,18 +1,22 @@
 {
     "client_settings": "إعدادات العميل",
-    "example_upstream_reserved": "يمكنك تحديد <0> DNS upstream لنطاق معين (نطاقات) </0>",
-    "example_upstream_comment": "يمكنك تحديد تعليق",
-    "upstream_parallel": "استخدام الاستعلامات المتوازية لتسريع الحل عن طريق الاستعلام في وقت واحد عن جميع خوادم المنبع",
-    "parallel_requests": "طلبات موازية",
-    "load_balancing": "توزيع الحمل",
+    "example_upstream_reserved": "من المنبع <0>لمجالات محددة</0>;",
+    "example_multiple_upstreams_reserved": "منابع متعددة <0>لمجالات محددة</0>;",
+    "example_upstream_comment": "تعليق.",
+    "upstream_parallel": "استخدم الاستعلامات المتوازية لتسريع عملية الحل عن طريق الاستعلام عن جميع الخوادم المنبع في وقت واحد.",
+    "parallel_requests": "الطلبات الموازية",
+    "load_balancing": "موازنة الأحمال",
     "load_balancing_desc": "الاستعلام عن خادم واحد في كل مرة سيستخدم AdGuard  الرئيسية الخوارزمية العشوائية الموزونة لاختيار الخادم بحيث يتم استخدام أسرع خادم في كثير من الأحيان",
     "bootstrap_dns": "خوادم Bootstrap DNS",
     "bootstrap_dns_desc": "عناوين IP لخوادم DNS المستخدمة لحل عناوين IP الخاصة بمحللات DoH/DoT التي تحددها كمصدرين رئيسيين. التعليقات غير مسموح بها.",
+    "fallback_dns_title": "خوادم DNS الاحتياطية",
+    "fallback_dns_desc": "قائمة الخوادم الاحتياطية المستخدمة في حالة عدم الاستجابة من خوادم DNS الرئيسية. تمتلك تلك الخوادم والخوادم الرئيسية نفس الأوامر.",
+    "fallback_dns_placeholder": "أدخل خادم DNS احتياطي واحد لكل سطر",
     "local_ptr_title": "خوادم DNS العكسية الخاصة",
     "local_ptr_desc": "خوادم DNS التي يستخدمها AdGuard Home لاستعلامات PTR المحلية. تُستخدم هذه الخوادم لحل أسماء المضيفين للعملاء بعناوين IP خاصة ، على سبيل المثال \"192.168.12.34\" ، باستخدام DNS العكسي. في حالة عدم التعيين ، يستخدم AdGuard Home عناوين محللات DNS الافتراضية لنظام التشغيل الخاص بك باستثناء عناوين AdGuard Home نفسها.",
     "local_ptr_default_resolver": "بشكل افتراضي ، يستخدم AdGuard Home محللات DNS العكسية التالية: {{ip}}.",
     "local_ptr_no_default_resolver": "لم يتمكن AdGuard Home من تحديد محللات DNS العكسية المناسبة لهذا النظام.",
-    "local_ptr_placeholder": "أدخل عنوان خادم واحد لكل سطر",
+    "local_ptr_placeholder": "أدخل عنوان IP واحد لكل سطر",
     "resolve_clients_title": "تفعيل التحليل العكسي لعناوين IP للعملاء",
     "resolve_clients_desc": "حل عكسيًا لعناوين IP للعملاء في أسماء مضيفيهم عن طريق إرسال استعلامات PTR إلى أدوات الحل المقابلة (خوادم DNS الخاصة للعملاء المحليين ، والخوادم الأولية للعملاء الذين لديهم عناوين IP عامة).",
     "use_private_ptr_resolvers_title": "استخدم محللات DNS العكسية الخاصة",
@@ -34,7 +38,7 @@
     "dhcp_leases_not_found": "لم يتم العثور على عقود إيجار DHCP",
     "dhcp_config_saved": "الإعدادات محفوظة لخادم DHCP",
     "dhcp_ipv4_settings": "DHCP IPv4 إعدادات",
-    "dhcp_ipv6_settings": "DHCP IPv6 إعدادات",
+    "dhcp_ipv6_settings": "إعدادات DHCP IPv6",
     "form_error_required": "الحقل مطلوب",
     "form_error_ip4_format": "عنوان IPv4 غير صالح",
     "form_error_ip4_gateway_format": "عنوان IPv4 غير صالح للبوابة",
@@ -63,14 +67,16 @@
     "dhcp_ip_addresses": "عناوين الـIP",
     "ip": "IP",
     "dhcp_table_hostname": "اسم المضيف",
-    "dhcp_table_expires": "يتنهي في",
+    "dhcp_table_expires": "تنتهي",
     "dhcp_warning": "إذا كنت تريد تمكين خادم DHCP على أي حال ، فتأكد من عدم وجود خادم DHCP نشط آخر في شبكتك. خلاف ذلك ، يمكن أن يعطل خدمة الإنترنت للأجهزة المتصلة!",
     "dhcp_error": "لم نتمكن من تحديد ما إذا كان هناك خادم DHCP آخر في الشبكة.",
     "dhcp_static_ip_error": "من أجل استخدام خادم DHCP ، يجب تعيين عنوان IP ثابت. فشلنا في تحديد ما إذا تم تكوين واجهة الشبكة هذه باستخدام عنوان IP ثابت. يرجى تعيين عنوان IP ثابت يدويًا.",
     "dhcp_dynamic_ip_found": "يستخدم نظامك عنوان IP الديناميكي للواجهة <0>{{interfaceName}}</0>. من أجل استعمال خادم DHCP ، يجب تعيين عنوان IP ثابت. عنوان IP الحالي الخاص بك هو <0>{{ipAddress}}</0>. إذا ضغطت على زر تفعيل DHCP سنقوم تلقائيًا بتعيين عنوان الIP هذا على أنه ثابت.",
     "dhcp_lease_added": "تمت أضافة مدة الايجار \"{{key}}\" بنجاح",
     "dhcp_lease_deleted": "تمت ازالة مدة الايجار \"{{key}}\" بنجاح",
+    "dhcp_lease_updated": "Static lease \"{{key}}\" تمّ التحديث بنجاح",
     "dhcp_new_static_lease": "عقد إيجار ثابت جديد",
+    "dhcp_edit_static_lease": "تحرير عقد الإيجار الثابت",
     "dhcp_static_leases_not_found": "لم يتم العثور على عقود إيجار ثابتة DHCP",
     "dhcp_add_static_lease": "إضافة عقد إيجار ثابت",
     "dhcp_reset_leases": "إعادة تعيين كافة عقود الإيجار",
@@ -83,7 +89,7 @@
     "form_enter_hostname": "أدخل اسم الhostname",
     "error_details": "مزيد من التفاصيل حول الخطأ",
     "response_details": "تفاصيل الاستجابة",
-    "request_details": "تفاصيل الطلب",
+    "request_details": "طلب التفاصيل",
     "client_details": "تفاصيل العميل",
     "details": "التفاصيل",
     "back": "رجوع",
@@ -93,13 +99,13 @@
     "filter": "فلتر",
     "query_log": "سجل الQuery",
     "compact": "المدمج",
-    "nothing_found": "لم يتم العثور علي شيء...",
-    "faq": "أسئلة مكررة",
+    "nothing_found": "لم يتم العثور على شيء",
+    "faq": "الأسئلة المتداولة",
     "version": "الإصدار",
-    "address": "العناوين",
+    "address": "العنوان",
     "protocol": "البروتوكول",
-    "on": "ON",
-    "off": "OFF",
+    "on": "قيد التشغيل",
+    "off": "قيد الإيقاف",
     "copyright": "حقوق النشر",
     "homepage": "الصفحة الرئيسية",
     "report_an_issue": "الإبلاغ عن مشكلة",
@@ -114,7 +120,8 @@
     "stats_malware_phishing": "حسر البرامج الضارة / والتصيّد",
     "stats_adult": "حظر مواقع الويب الخاصة بالبالغين",
     "stats_query_domain": "اعلى النطاقات التي تم الاستعلام عنها",
-    "for_last_24_hours": "لأخر 24 ساعة",
+    "for_last_hours": "لآخر {{count}} ساعة",
+    "for_last_hours_plural": "لآخر {{count}} ساعة",
     "for_last_days": "لآخر {{value}} يوم",
     "for_last_days_plural": "لآخر {{count}} ايام",
     "stats_disabled": "تم تعطيل الإحصائيات. يمكنك تشغيله من <0> صفحة الإعدادات </0>.",
@@ -129,13 +136,16 @@
     "no_upstreams_data_found": "لم يتم العثور على بيانات خوادم upstream",
     "number_of_dns_query_days": "عدد استعلامات DNS التي تمت معالجتها لآخر {{count}} يوم",
     "number_of_dns_query_days_plural": "عدد استعلامات DNS التي تمت معالجتها لآخر {{count}} أيام",
-    "number_of_dns_query_24_hours": "عدد استعلامات DNS التي تمت معالجتها لآخر 24 ساعة",
+    "number_of_dns_query_hours": "عدد استفسارات DNS التي تمت معالجتها لآخر {{count}} ساعة",
+    "number_of_dns_query_hours_plural": "عدد استعلامات DNS التي تمت معالجتها خلال آخر {{count}} ساعة",
     "number_of_dns_query_blocked_24_hours": "عدد طلبات DNS المحظورة بواسطة فلاتر adblock وقوائم حظر المضيفين",
     "number_of_dns_query_blocked_24_hours_by_sec": "عدد طلبات DNS التي تم حظرها من قبل وحدة أمان التصفح AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "عدد من المواقع (الإباحية) للبالغين تم حجبها",
     "enforced_save_search": "فرض البحث الآمن",
     "number_of_dns_query_to_safe_search": "عدد طلبات DNS لمحركات البحث التي تم فرض البحث الآمن عنها",
     "average_processing_time": "متوسط وقت المعالجة",
+    "average_upstream_response_time": "متوسط وقت استجابة المنبع",
+    "response_time": "وقت الاستجابة",
     "average_processing_time_hint": "متوسط الوقت بالمللي ثانية عند معالجة طلب DNS",
     "block_domain_use_filters_and_hosts": "حظر النطاقات باستخدام عوامل التصفية وملفات المضيفين",
     "filters_block_toggle_hint": "يمكنك إعداد قواعد حظر في <a>المرشحات</a> اعدادات.",
@@ -170,8 +180,9 @@
     "enabled_parental_toast": "تفعيل الرقابة الأبوية",
     "disabled_safe_search_toast": "تعطيل البحث الآمن",
     "enabled_save_search_toast": "تفعيل البحث الآمن",
-    "enabled_table_header": "تمكين",
-    "name_table_header": "الاسم",
+    "updated_save_search_toast": "تم تحديث إعدادات البحث الآمن",
+    "enabled_table_header": "قيد التشغيل",
+    "name_table_header": "الاِسْم",
     "list_url_table_header": "قائمة الروابط",
     "rules_count_table_header": "عدد القواعد",
     "last_time_updated_table_header": "آخر تحديث",
@@ -225,6 +236,7 @@
     "updated_upstream_dns_toast": "تم حفظ خوادم Upstream بنجاح",
     "dns_test_ok_toast": "تعمل خوادم DNS المحددة بشكل صحيح",
     "dns_test_not_ok_toast": "خادم \"{{key}}\": لا يمكن استخدامه يرجى التحقق من كتابته بشكل صحيح",
+    "dns_test_parsing_error_toast": "القسم {{section}}: السطر {{line}}: لا يمكن استخدامه، يرجى التحقق من أنك قد كتبته بشكل صحيح",
     "dns_test_warning_toast": "المنبع \"{{key}}\" لا يستجيب لطلبات الاختبار وقد لا يعمل بشكل صحيح",
     "unblock": "إلغاء الحظر",
     "block": "حظر",
@@ -232,7 +244,8 @@
     "allow_this_client": "السماح لهذا العميل",
     "block_for_this_client_only": "احجب هذا العميل فقط",
     "unblock_for_this_client_only": "إلغاء حجب هذا العميل فقط",
-    "time_table_header": "وقت",
+    "add_persistent_client": "إضافة كعميل دائم",
+    "time_table_header": "الوقت",
     "date": "التاريخ",
     "domain_name_table_header": "اسم النطاق",
     "domain_or_client": "الدومين أو العميل",
@@ -247,7 +260,7 @@
     "refresh_btn": "تحديث",
     "previous_btn": "السابق",
     "next_btn": "التالي",
-    "loading_table_status": "جار التحميل...",
+    "loading_table_status": "التحميل جارٍ...",
     "page_table_footer_text": "الصفحة",
     "rows_table_footer_text": "صفوف",
     "updated_custom_filtering_toast": "تحديث قواعد الفلترة المخصصة",
@@ -259,12 +272,12 @@
     "query_log_cleared": "تم مسح سجل الاستعلام بنجاح",
     "query_log_updated": "تم تحديث سجل الاستعلام بنجاح",
     "query_log_clear": "مسح سجلات الاستعلام",
-    "query_log_retention": "الاحتفاظ بسجلات الاستعلام",
+    "query_log_retention": "تناوب سجلات الاستعلام",
     "query_log_enable": "تمكين السجل",
     "query_log_configuration": "تكوين السجلات",
     "query_log_disabled": "سجل الاستعلام معطل ويمكن تهيئته من<0>الاعدادات</0>",
     "query_log_strict_search": "استخدم علامات الاقتباس المزدوجة للبحث الدقيق",
-    "query_log_retention_confirm": "هل أنت متأكد من أنك تريد تغيير الاحتفاظ بسجل الاستعلام؟ إذا قمت بتقليل قيمة الفاصل الزمني سيتم فقدان بعض البيانات",
+    "query_log_retention_confirm": "هل أنت متيقِّن من أنك تريد تغيير دوران سجل الاستعلام؟ إذا قمت بتقليل قيمة الفاصل الزمني، ستفقد بعض البيانات",
     "anonymize_client_ip": "إخفاء عنوان IP العميل",
     "anonymize_client_ip_desc": "لا تقم بحفظ كامل عنوان IP العميل في السجلات والإحصائيات",
     "dns_config": "إعداد خادم DNS",
@@ -279,6 +292,8 @@
     "blocking_ipv4": "حجب عنوان IPv4",
     "blocking_ipv6": "حجب عنوان IPv6",
     "blocked_response_ttl": "زمن حظر الاستجابة",
+    "blocked_response_ttl_desc": "تحديد عدد الثواني التي يجب على العملاء تخزين الاستجابة التي تمت تصفيتها مؤقتًا",
+    "form_enter_blocked_response_ttl": "أدخل وقت الاستجابة المحظورة TTL (بالثواني)",
     "dnscrypt": "DNSCrypt",
     "dns_over_https": "DNS-over-HTTPS",
     "dns_over_tls": "DNS-over-TLS",
@@ -294,7 +309,19 @@
     "rate_limit": "حدود التقييم",
     "edns_enable": "فعل EDNS client subnet",
     "edns_cs_desc": "أضف EDNS الشبكة الفرعية للعميل (ECS) إلى الطلبات الأولية وقم بتسجيل القيم المرسلة من قبل العملاء في سجل الاستعلام.",
+    "edns_use_custom_ip": "استخدام IP مخصص لـ EDNS",
+    "edns_use_custom_ip_desc": "السماح باستخدام IP مخصص لـ EDNS",
     "rate_limit_desc": "عدد الطلبات في الثانية المسموح بها لكل عميل. جعله على 0 يعني عدم وجود حد.",
+    "rate_limit_subnet_len_ipv4": "طول بادئة الشبكة لعناوين IPv4",
+    "rate_limit_subnet_len_ipv4_desc": "طول بادئة الشبكة لعناوين IPv4 المستخدمة لتحديد معدل الحد الأقصى. الافتراضي هو 24",
+    "rate_limit_subnet_len_ipv4_error": "يجب أن يكون طول بادئة الشبكة IPv4 بين 0 و 32",
+    "rate_limit_subnet_len_ipv6": "طول بادئة الشبكة لعناوين IPv6",
+    "rate_limit_subnet_len_ipv6_desc": "طول بادئة الشبكة لعناوين IPv6 المستخدمة لتحديد معدل الحد الأقصى. الافتراضي هو 56",
+    "rate_limit_subnet_len_ipv6_error": "يجب أن يكون طول بادئة الشبكة IPv6 بين 0 و 128",
+    "form_enter_rate_limit_subnet_len": "أدخل طول بادئة الشبكة الفرعية لتحديد معدل الحد الأقصى",
+    "rate_limit_whitelist": "قائمة السماح بتحديد معدل الحد الأقصى",
+    "rate_limit_whitelist_desc": "عناوين IP المستبعدة من تحديد معدل الحد الأقصى",
+    "rate_limit_whitelist_placeholder": "أدخل عنوان IP واحد لكل سطر",
     "blocking_ipv4_desc": "سيتم إرجاع عنوان IP لطلب محظور",
     "blocking_ipv6_desc": "سيتم إرجاع عنوان IP لطلب AAAA محظور",
     "blocking_mode_default": "الافتراضي: الرد بعنوان IP صفري (0.0.0.0 لـ A ؛ :: لـ AAAA) عند حظره بواسطة قاعدة نمط Adblock ؛ الرد بعنوان IP المحدد في القاعدة عند حظره بواسطة / etc / hosts-style rule",
@@ -302,14 +329,15 @@
     "blocking_mode_nxdomain": "NXDOMAIN: الرد باستخدام رمز NXDOMAIN",
     "blocking_mode_null_ip": "IP Null: الاستجابة بعنوان IP صفري (0.0.0.0 لـ A ؛ :: لـ AAAA)",
     "blocking_mode_custom_ip": "استجابة IP مخصصة بعنوان IP تم تعيينه يدويًا",
+    "theme_auto": "تلقائي",
     "theme_light": "فاتح",
-    "theme_dark": "ليلي",
+    "theme_dark": "داكن",
     "upstream_dns_client_desc": "إذا احتفظت بهذا الحقل فارغًا ، فسيستخدم AdGuard Home الخوادم التي تم تكوينها في<0>DNS إعدادات</0>.",
     "tracker_source": "مصدر المتعقب",
     "source_label": "المصدر",
     "found_in_known_domain_db": "تم العثور عليه في قاعدة بيانات دومينات معروفة.",
     "category_label": "الفئة",
-    "rule_label": "قواعد",
+    "rule_label": "قاعدة (قواعد)",
     "list_label": "قائمه",
     "unknown_filter": "فلتر غير معروف {{filterId}}",
     "known_tracker": "متعقب معروف",
@@ -320,14 +348,14 @@
     "install_settings_port": "المنفذ",
     "install_settings_interface_link": "ستكون واجهة الويب الخاصة بمسؤول AdGuard Home متاحة على العناوين التالية:",
     "form_error_port": "أدخل رقم منفذ صالح",
-    "install_settings_dns": "خادم DNS",
+    "install_settings_dns": "خَادِم DNS",
     "install_settings_dns_desc": "ستحتاج إلى ضبط أجهزتك أو جهاز التوجيه الخاص بك لاستخدام خادم DNS على العناوين التالية:",
     "install_settings_all_interfaces": "جميع الواجهات",
     "install_auth_title": "المصادقة",
     "install_auth_desc": "يجب إعداد مصادقة كلمة المرور لواجهة ويب مسؤول AdGuard Home. في حال كان AdGuard Home لا يمكن الوصول إليه إلا في شبكتك المحلية ، فلا يزال من المهم حمايته من الوصول غير المقيد.",
     "install_auth_username": "اسم المستخدم",
     "install_auth_password": "الكلمة السرية",
-    "install_auth_confirm": "تاكيد كلمه المرور",
+    "install_auth_confirm": "تأكيد كلمة المرور",
     "install_auth_username_enter": "أدخل اسم المستخدم",
     "install_auth_password_enter": "أدخل كلمة المرور",
     "install_step": "خطوة",
@@ -397,6 +425,9 @@
     "encryption_hostnames": "اسم المستضيف",
     "encryption_reset": "هل أنت متأكد أنك تريد إعادة تعيين إعدادات التشفير؟",
     "encryption_warning": "تحذير",
+    "encryption_plain_dns_enable": "تمكين DNS العادي",
+    "encryption_plain_dns_desc": "الـDNS العادي مفعل افتراضيًا. يمكنك تعطيله لإجبار جميع الأجهزة على استخدام DNS المشفر. للقيام بذلك، يجب عليك تفعيل بروتوكول DNS المشفر على الأقل",
+    "encryption_plain_dns_error": "لتعطيل DNS العادي، قم بتمكين بروتوكول DNS المشفر على الأقل",
     "topline_expiring_certificate": "شهادة SSL الخاصة بك على وشك الانتهاء. قم بتحديث <0>إعدادات التشفير</0>.",
     "topline_expired_certificate": "انتهت صلاحية شهادة SSL الخاصة بك. قم بتحديث <0>إعدادات التشفير</0>.",
     "form_error_port_range": "أدخل رقم المنفذ في النطاق 80-65535",
@@ -436,6 +467,7 @@
     "form_add_id": "أضافة معّرف",
     "form_client_name": "ادخل اسم العميل",
     "name": "اسم",
+    "client_name": "العميل {{id}}",
     "client_global_settings": "استخدم إعدادات عالمية",
     "client_deleted": "تم حذف العميل \"{{key}}\" بنجاح",
     "client_added": "تم اضافة العميل \"{{key}}\" بنجاح",
@@ -444,7 +476,7 @@
     "client_confirm_delete": "هل أنت متأكد من أنك تريد حذف العميل \"{{key}}\"?",
     "list_confirm_delete": "هل أنت متأكد أنك تريد حذف هذه القائمة؟",
     "auto_clients_title": "Runtime clients",
-    "auto_clients_desc": "الأجهزة غير المدرجة في قائمة العملاء الدائمين الذين قد لا يزالون يستخدمون AdGuard Home",
+    "auto_clients_desc": "معلومات حول عناوين IP للأجهزة التي تستخدم أو قد تستخدم AdGuard Home. يتم جمع هذه المعلومات من عدة مصادر، بما في ذلك ملفات المضيفين، و DNS العكسي، إلخ.",
     "access_title": "إعدادات الوصول",
     "access_desc": "هنا يمكنك ضبط قواعد الوصول لخادم AdGuard Home DNS",
     "access_allowed_title": "العملاء المسموحين",
@@ -457,6 +489,7 @@
     "updates_checked": "يتوفر إصدار جديد من AdGuard Home",
     "updates_version_equal": "AdGuard Home محدث",
     "check_updates_now": "تحقق من وجود تحديثات الآن",
+    "version_request_error": "فشل التحقق من التحديث. يرجى التحقق من اتصالك بالإنترنت.",
     "dns_privacy": "خصوصية DNS",
     "setup_dns_privacy_1": "<0> DNS-over-TLS: </0> استخدم سلسلة <1> {{address}} </1>.",
     "setup_dns_privacy_2": "<0> DNS-over-HTTPS: </0> استخدم سلسلة <1> {{address}} </1>.",
@@ -477,7 +510,9 @@
     "setup_dns_notice": "من أجل استخدام <0> DNS-over-HTTPS </0> أو <1> DNS-over-TLS </1> ، تحتاج إلى <1> تكوين التشفير </1> في إعدادات AdGuard Home.",
     "rewrite_added": "تمت إضافة إعادة كتابة DNS لـ \"{{key}}\" بنجاح",
     "rewrite_deleted": "تم حذف إعادة كتابة DNS لـ \"{{key}}\" بنجاح",
+    "rewrite_updated": "تم تحديث إعادة كتابة DNS بنجاح",
     "rewrite_add": "إضافة إعادة كتابة DNS",
+    "rewrite_edit": "تحرير إعادة كتابة DNS",
     "rewrite_not_found": "لم يتم العثور على إعادة كتابة DNS",
     "rewrite_confirm_delete": "هل أنت متأكد من أنك تريد حذف إعادة كتابة DNS لـ \"{{key}}\"؟",
     "rewrite_desc": "يسمح بتكوين استجابة DNS المخصصة بسهولة لاسم نطاق معين.",
@@ -506,7 +541,7 @@
     "encryption_key_source_content": "الصق محتويات المفتاح الخاص",
     "stats_params": "ضبط الاحصائيات",
     "config_successfully_saved": "تم حفظ الاعدادات بنجاح",
-    "interval_6_hour": "ساعات6",
+    "interval_6_hour": "6 ساعات",
     "interval_24_hour": "24 ساعة",
     "interval_days": "{{count}} يوم",
     "interval_days_plural": "{{count}} الأيام",
@@ -517,14 +552,18 @@
     "filter_added_successfully": "تم إضافة القائمة بنجاح",
     "filter_removed_successfully": "تم ازالته من القائمة بنجاح",
     "filter_updated": "تم تحديث القائمة بنجاح",
-    "statistics_configuration": "ضبط الاحصائيات",
+    "statistics_configuration": "تكوين الإحصائيات",
     "statistics_retention": "الاحتفاظ بالإحصاءات",
     "statistics_retention_desc": "إذا قمت بتقليل قيمة الفاصل الزمني ، فستفقد بعض البيانات",
     "statistics_clear": "إعادة تعيين الإحصائيات",
-    "statistics_clear_confirm": "هل أنت متأكد من أنك تريد مسح الإحصاءات؟",
+    "statistics_clear_confirm": "هل أنت متيقِّن من أنك تريد مسح الإحصائيات؟",
     "statistics_retention_confirm": "هل أنت متأكد أنك تريد تغيير الاحتفاظ بالإحصاءات؟ إذا قمت بتقليل قيمة الفاصل الزمني ، فستفقد بعض البيانات",
     "statistics_cleared": "تم مسح الإحصائيات بنجاح",
     "statistics_enable": "تفعيل الاحصائيات",
+    "ignore_domains": "المجالات التي تم تجاهلها (مفصولة بسطر جديد)",
+    "ignore_domains_title": "نطاقات تم تجاهلها",
+    "ignore_domains_desc_stats": "لا تتم كتابة الاستعلامات المطابقة لهذه القواعد في الإحصائيات",
+    "ignore_domains_desc_query": "لا تتم كتابة الاستعلامات المطابقة لهذه القواعد في سجل الاستعلامات",
     "interval_hours": "{{count}} ساعة",
     "interval_hours_plural": "{{count}} ساعات",
     "filters_configuration": "اضبط الفلاتر",
@@ -597,20 +636,20 @@
     "dnssec_enable_desc": "قم بتعيين علامة DNSSEC في استعلامات DNS الواردة وتحقق من النتيجة (مطلوب محلل يدعم DNSSEC).",
     "validated_with_dnssec": "تم التحقق من صحتها باستخدام DNSSEC",
     "all_queries": "كافة الاستفسارات",
-    "show_blocked_responses": "حظر",
-    "show_whitelisted_responses": "القائمة البيضاء",
-    "show_processed_responses": "معالجة",
+    "show_blocked_responses": "ما تمّ حظره",
+    "show_whitelisted_responses": "المسموح به",
+    "show_processed_responses": "تمت معالجتها",
     "blocked_safebrowsing": "محظور بواسطة التصفح الآمن",
-    "blocked_adult_websites": "محظور بواسطة الرقابة الأبوية",
+    "blocked_adult_websites": "محظور بواسطة الرِّقابة الأبوية",
     "blocked_threats": "التهديدات المحظورة",
-    "allowed": "القائمة البيضاء",
+    "allowed": "المسموح به",
     "filtered": "تمت الفلترة",
     "rewritten": "أعيدت كتابته",
-    "safe_search": "البحث الأمن",
+    "safe_search": "البحث الآمن",
     "blocklist": "قائمة الحظر",
     "milliseconds_abbreviation": "ms",
     "cache_size": "حجم ذاكرة التخزين المؤقت",
-    "cache_size_desc": "حجم ذاكرة التخزين المؤقت لنظام أسماء النطاقات (بالبايت).",
+    "cache_size_desc": "حجم ذاكرة التخزين المؤقت لنظام أسماء النطاق (بالبايت). لتعطيل التخزين المؤقت، اتركه فارغًا.",
     "cache_ttl_min_override": "تجاوز الحد الأدنى من مدة البقاء TTL",
     "cache_ttl_max_override": "تجاوز الحد الاقصى من مدة البقاء TTL",
     "enter_cache_size": "أدخل حجم ذاكرة التخزين المؤقت (بايت)",
@@ -621,14 +660,14 @@
     "ttl_cache_validation": "يجب أن يكون الحد الأدنى لتجاوز TTL لذاكرة التخزين المؤقت أقل من أو يساوي الحد الأقصى",
     "cache_optimistic": "متفائل التخزين المؤقت",
     "cache_optimistic_desc": "اجعل AdGuard Home يستجيب من ذاكرة التخزين المؤقت حتى عندما تنتهي صلاحية الإدخالات وحاول أيضًا تحديثها.",
-    "filter_category_general": "General",
-    "filter_category_security": "الامان",
+    "filter_category_general": "عام",
+    "filter_category_security": "الأمان",
     "filter_category_regional": "إقليمي",
     "filter_category_other": "أخرى",
-    "filter_category_general_desc": "القوائم التي تمنع التتبع والإعلان على معظم الأجهزة",
+    "filter_category_general_desc": "القوائم التي تحظر التتبع والإعلانات على معظم الأجهزة",
     "filter_category_security_desc": "القوائم المصممة خصيصًا لحظر النطاقات الخبيثة والتصيد الاحتيالي والخداع",
     "filter_category_regional_desc": "القوائم التي تركز على الإعلانات الإقليمية وخوادم التتبع",
-    "filter_category_other_desc": "قوائم حظر أخرى",
+    "filter_category_other_desc": "قوائم الحظر الأخرى",
     "setup_config_to_enable_dhcp_server": "أضبط الاعدادات لتمكين خادم DHCP",
     "original_response": "الرد الأصلي",
     "click_to_view_queries": "انقر لعرض الـ queries",
@@ -637,16 +676,72 @@
     "filter_allowlist": "تحذير: سيؤدي هذا الإجراء أيضًا إلى استبعاد القاعدة \"{{disallowed_rule}}\" من قائمة العملاء المسموح لهم.",
     "last_rule_in_allowlist": "لا يمكن منع هذا العميل لأن استبعاد القاعدة \"{{disallowed_rule}}\" سيؤدي إلى تعطيل قائمة \"العملاء المسموح لهم\".",
     "use_saved_key": "استخدم المفتاح المحفوظ مسبقًا",
-    "parental_control": "الرقابة الابويه",
+    "parental_control": "الرِّقابة الأبوية",
     "safe_browsing": "تصفح آمن",
-    "served_from_cache": "{{value}} <i>(يتم تقديمه من ذاكرة التخزين المؤقت)</i>",
-    "form_error_password_length": "يجب أن تتكون كلمة المرور من {{value}} من الأحرف على الأقل",
+    "served_from_cache_label": "يتم تقديمه من ذاكرة التخزين المؤقت",
+    "form_error_password_length": "يجب أن تتكون كلمة المرور من {{min}} إلى {{max}} من الأحرف في الأقل",
+    "anonymizer_notification": "<0>ملاحظة:</0> تم تمكين إخفاء هُوِيَّة IP. يمكنك تعطيله في <1>الإعدادات العامة</1>.",
+    "confirm_dns_cache_clear": "هل تريد بالتأكيد مسح ذاكرة التخزين المؤقت لنظام أسماء النطاقات DNS؟",
+    "cache_cleared": "تم مسح ذاكرة التخزين المؤقت لنظام أسماء النطاق بنجاح",
+    "clear_cache": "مسح ذاكرة التخزين المؤقت",
+    "make_static": "اجعلها ثابتة",
+    "theme_auto_desc": "تلقائي (بناءً على نظام ألوان جهازك)",
+    "theme_dark_desc": "المظهر الداكن",
+    "theme_light_desc": "المظهر فاتح",
+    "disable_for_seconds": "لـ {{count}} ثانية",
+    "disable_for_seconds_plural": "لمدة {{count}} ثانية",
+    "disable_for_minutes": "لمدة {{count}} دقيقة",
+    "disable_for_minutes_plural": "لمدة {{count}} دقيقة",
+    "disable_for_hours": "لمدة {{count}} ساعة",
+    "disable_for_hours_plural": "لمدة {{count}} ساعات",
+    "disable_until_tomorrow": "حتى الغد",
+    "disable_notify_for_seconds": "تعطيل الحماية لـ {{count}} ثانية",
+    "disable_notify_for_seconds_plural": "تعطيل الحماية ل {{count}} ثواني",
+    "disable_notify_for_minutes": "تعطيل الحماية لـ {{count}} دقيقة",
+    "disable_notify_for_minutes_plural": "تعطيل الحماية لـ {{count}} دقائق",
+    "disable_notify_for_hours": "تعطيل الحماية لـ {{count}} ساعة",
+    "disable_notify_for_hours_plural": "تعطيل الحماية لـ {{count}} ساعات",
+    "disable_notify_until_tomorrow": "تعطيل الحماية حتى الغد",
+    "enable_protection_timer": "سيتم تمكين الحماية في {{time}}",
+    "custom_retention_input": "أدخل الاحتفاظ بالساعات",
+    "custom_rotation_input": "أدخل التناوب بالساعات",
     "protection_section_label": "الحماية",
+    "log_and_stats_section_label": "سجل الاستعلام والإحصائيات",
+    "ignore_query_log": "تجاهل هذا العميل في سجل الاستعلام",
+    "ignore_statistics": "تجاهل هذا العميل في الإحصائيات",
+    "schedule_services": "إيقاف حظر الخدمة مؤقتًا",
+    "schedule_services_desc": "تهيئة جدول إيقاف فلتر خدمة الحظر",
+    "schedule_services_desc_client": "تهيئة جدول إيقاف فلتر خدمة الحظر لهذا العميل",
+    "schedule_desc": "تعيين فترات عدم النشاط للخدمات المحظورة",
+    "schedule_invalid_select": "يجب أن يكون وقت البَدْء قبل وقت الانتهاء",
+    "schedule_select_days": "اختر الأيام",
+    "schedule_timezone": "قم باختيار منطقة زمنية",
+    "schedule_current_timezone": "المنطقة الزمنية الحالية: {{value}}",
+    "schedule_time_all_day": "طوال اليوم",
+    "schedule_modal_description": "سيحل هذا الجدول الزمني محل أي جداول موجودة لنفس اليوم من الأسبوع. يمكن أن يكون لكل يوم من أيام الأسبوع مدّة خمول واحدة فقط.",
+    "schedule_modal_time_off": "لا يوجد حظر للخدمة:",
+    "schedule_new": "جدول زمني جديد",
+    "schedule_edit": "تحرير الجدول الزمني",
+    "schedule_save": "حفظ الجدول الزمني",
+    "schedule_add": "إضافة جدول زمني",
+    "schedule_remove": "إزالة الجدول الزمني",
+    "schedule_from": "من",
+    "schedule_to": "إلى",
+    "sunday": "الأحد",
+    "monday": "الإثنين",
+    "tuesday": "الثلاثاء",
+    "wednesday": "الأربعاء",
+    "thursday": "الخميس",
+    "friday": "الجمعة",
+    "saturday": "السبت",
     "sunday_short": "الاحد",
     "monday_short": "الإثنين",
     "tuesday_short": "الثلاثاء",
     "wednesday_short": "الاربعاء",
     "thursday_short": "الخميس",
     "friday_short": "الجمعة",
-    "saturday_short": "السبت"
+    "saturday_short": "السبت",
+    "upstream_dns_cache_configuration": "تهيئة ذاكرة التخزين المؤقت لنظام أسماء النطاقات المستقبلي",
+    "enable_upstream_dns_cache": "تمكين التخزين المؤقت لنظام أسماء النطاقات DNS لتكوين المنبع المخصص لهذا العميل",
+    "dns_cache_size": "حجم ذاكرة التخزين المؤقت لنظام أسماء النطاقات، بالبايت"
 }

client/src/__locales/be.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Налады кліентаў",
     "example_upstream_reserved": "upstream <0>для канкрэтных даменаў</0>;",
+    "example_multiple_upstreams_reserved": "некалькі DNS-сервераў <0>для канкрэтных даменаў</0>;",
     "example_upstream_comment": "каментар.",
     "upstream_parallel": "Ужыць адначасныя запыты да ўсіх сервераў для паскарэння апрацоўкі запыту",
     "parallel_requests": "Паралельныя запыты",
@@ -143,6 +144,8 @@
     "enforced_save_search": "Ужыты бяспечны пошук",
     "number_of_dns_query_to_safe_search": "Колькасць запытаў DNS для пошукавых сістэм, для якіх быў ужыты Бяспечны пошук",
     "average_processing_time": "Сярэдні час апрацоўкі запыту",
+    "average_upstream_response_time": "Сярэдні час водгуку upstream-сервера",
+    "response_time": "Час водгуку",
     "average_processing_time_hint": "Сярэдні час для апрацоўкі запыту DNS  у мілісекундах",
     "block_domain_use_filters_and_hosts": "Блакаваць дамены з выкарыстаннем фільтраў і файлаў хастоў",
     "filters_block_toggle_hint": "Вы можаце наладзіць правілы блакавання ў «<a>Фільтрах</a>».",
@@ -233,6 +236,7 @@
     "updated_upstream_dns_toast": "Upstream DNS-серверы абноўлены",
     "dns_test_ok_toast": "Паказаныя серверы DNS працуюць карэктна",
     "dns_test_not_ok_toast": "Сервер «{{key}}»: немагчыма выкарыстоўваць, праверце слушнасць напісання",
+    "dns_test_parsing_error_toast": "Раздзел {{section}}: радок {{line}}: немагчыма выкарыстоўваць, праверце слушнасць напісання",
     "dns_test_warning_toast": "Upstream «{{key}}» не адказвае на тэставыя запыты і можа не працаваць належным чынам",
     "unblock": "Адблакаваць",
     "block": "Заблакаваць",
@@ -240,6 +244,7 @@
     "allow_this_client": "Дазволіць доступ гэтаму кліенту",
     "block_for_this_client_only": "Заблакаваць толькі для гэтага кліента",
     "unblock_for_this_client_only": "Адблакаваць толькі для гэтага кліента",
+    "add_persistent_client": "Дадаць у захаваныя кліенты",
     "time_table_header": "Час",
     "date": "Дата",
     "domain_name_table_header": "Дамен",
@@ -307,6 +312,15 @@
     "edns_use_custom_ip": "Выкарыстоўваць указаны IP для DNS",
     "edns_use_custom_ip_desc": "Дазволіць выкарыстоўваць уласны IP для DNS",
     "rate_limit_desc": "Абмежаванне на колькасць запытаў у секунду для кожнага кліента (0 — неабмежавана)",
+    "rate_limit_subnet_len_ipv4": "Даўжыня прэфікса падсеткі для адрасоў IPv4",
+    "rate_limit_subnet_len_ipv4_desc": "Даўжыня прэфікса падсеткі для адрасоў IPv4, якія выкарыстоўваюцца для абмежавання хуткасці. Значэнне па змаўчанні 24",
+    "rate_limit_subnet_len_ipv4_error": "Даўжыня прэфікса падсеткі IPv4 павінна быць ад 0 да 32",
+    "rate_limit_subnet_len_ipv6": "Даўжыня прэфікса падсеткі для адрасоў IPv6",
+    "rate_limit_subnet_len_ipv6_desc": "Даўжыня прэфікса падсеткі для адрасоў IPv6, якія выкарыстоўваюцца для абмежавання хуткасці. Значэнне па змаўчанні 56",
+    "rate_limit_subnet_len_ipv6_error": "Даўжыня прэфікса падсеткі IPv6 павінна быць ад 0 да 128",
+    "form_enter_rate_limit_subnet_len": "Увядзіце даўжыню прэфікса падсеткі для абмежавання хуткасці",
+    "rate_limit_whitelist": "Белы спіс з абмежаваннем хуткасці",
+    "rate_limit_whitelist_desc": "IP-адрасы выключаны з абмежавання хуткасці",
     "rate_limit_whitelist_placeholder": "Увядзіце па адным адрасе на радок",
     "blocking_ipv4_desc": "IP-адрас, што вяртаецца пры блакаванню A-запыту",
     "blocking_ipv6_desc": "IP-адрас, што вяртаецца пры блакаванню AAAA-запыту",
@@ -450,6 +464,7 @@
     "form_add_id": "Дадаць ідэнтыфікатар",
     "form_client_name": "Увядзіце імя кліента",
     "name": "Назва",
+    "client_name": "Кліент {{id}}",
     "client_global_settings": "Выкарыстаць глабальныя налады",
     "client_deleted": "Кліент «{{key}}» паспяхова выдалены",
     "client_added": "Кліент «{{key}}» паспяхова дададзены",
@@ -722,5 +737,8 @@
     "wednesday_short": "Ср.",
     "thursday_short": "Чц.",
     "friday_short": "Пт.",
-    "saturday_short": "Сб."
+    "saturday_short": "Сб.",
+    "upstream_dns_cache_configuration": "Канфігурацыя кэша upstream DNS-сервераў",
+    "enable_upstream_dns_cache": "Ўключыць кэшаванне для карыстацкай канфігурацыі upstream-сервераў гэтага кліента",
+    "dns_cache_size": "Памер кэша DNS, у байтах"
 }

client/src/__locales/cs.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "Seznam záložních DNS serverů používaných v případě, že odchozí DNS servery neodpovídají. Syntaxe je stejná jako v hlavním poli pro odchozí servery výše.",
     "fallback_dns_placeholder": "Zadejte jeden záložní DNS server na řádek",
     "local_ptr_title": "Soukromé reverzní DNS servery",
-    "local_ptr_desc": "Servery DNS, které AdGuard Home používá pro lokální dotazy PTR. Tyto servery se používají k řešení požadavků PTR na adresy v soukromých rozmezích IP, například \"192.168.12.34\", pomocí reverzního DNS. Pokud není nastaveno, AdGuard Home automaticky použije výchozí řešitele vašeho OS s výjimkou adres samotného AdGuard Home.",
+    "local_ptr_desc": "DNS servery používané AdGuard Home pro soukromé požadavky PTR, SOA a NS. Požadavek je považován za soukromý, pokud požaduje doménu ARPA obsahující podsíť v rámci soukromých IP rozsahů (například \"192.168.12.34\") a pochází od klienta se soukromou IP adresou. Pokud není nastaveno, budou použity výchozí DNS řešitele vašeho operačního systému, s výjimkou IP adres AdGuard Home.",
     "local_ptr_default_resolver": "Ve výchozím nastavení používá AdGuard Home následující reverzní DNS řešitele: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home nemohl určit vhodné soukromé reverzní DNS řešitele pro tento systém.",
     "local_ptr_placeholder": "Zadejte jednu IP adresu na řádek",
     "resolve_clients_title": "Povolit zpětné řešení IP adres klientů",
     "resolve_clients_desc": "Obráceně vyřešit IP adresy klientů na jejich názvy hostitelů zasláním dotazů PTR příslušným řešitelům (soukromé DNS servery pro místní klienty, odchozí servery pro klienty s veřejnou IP adresou).",
     "use_private_ptr_resolvers_title": "Použít soukromé reverzní rDNS řešitele",
-    "use_private_ptr_resolvers_desc": "Realizuje reverzní DNS vyhledávání pro lokální adresy pomocí těchto odchozích serverů. Pokud je funkce vypnuta, Adguard Home reaguje s NXDOMAIN na všechny takové PTR dotazy kromě klientů známých z DHCP, /etc/hosts, atd.",
+    "use_private_ptr_resolvers_desc": "Řešení požadavků PTR, SOA a NS pro domény ARPA obsahující soukromé IP adresy prostřednictvím soukromých odchozích serverů, DHCP, /etc/hosts atd. Pokud je zakázáno, AdGuard Home bude na všechny takové požadavky odpovídat pomocí NXDOMAIN.",
     "check_dhcp_servers": "Zkontrolovat DHCP servery",
     "save_config": "Uložit konfiguraci",
     "enabled_dhcp": "DHCP server zapnutý",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Odchozí servery byly úspěšně uloženy",
     "dns_test_ok_toast": "Specifikované DNS servery pracují správně",
     "dns_test_not_ok_toast": "Server \"{{key}}\": nemohl být použit, zkontrolujte, zda jste ho správně napsali",
+    "dns_test_parsing_error_toast": "Sekce {{section}}: řádek {{line}}: nelze použít, zkontrolujte prosím, zda jste ho správně napsali",
     "dns_test_warning_toast": "Upstream \"{{key}}\" neodpovídá na testovací požadavky a nemusí fungovat správně",
     "unblock": "Odblokovat",
     "block": "Blokovat",
@@ -243,6 +244,7 @@
     "allow_this_client": "Povolit tohoto klienta",
     "block_for_this_client_only": "Blokovat pouze pro tohoto klienta",
     "unblock_for_this_client_only": "Odblokovat pouze pro tohoto klienta",
+    "add_persistent_client": "Přidat jako trvalého klienta",
     "time_table_header": "Čas",
     "date": "Datum",
     "domain_name_table_header": "Název domény",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Názvy hostitelů",
     "encryption_reset": "Opravdu chcete obnovit nastavení šifrování?",
     "encryption_warning": "Varování",
+    "encryption_plain_dns_enable": "Povolit běžný DNS",
+    "encryption_plain_dns_desc": "Ve výchozím nastavení je povolen běžný DNS. Můžete ho zakázat, aby všechna zařízení používala šifrovaný DNS. Chcete-li to provést, musíte povolit alespoň jeden šifrovaný protokol DNS",
+    "encryption_plain_dns_error": "Chcete-li zakázat běžný DNS, povolte alespoň jeden šifrovaný protokol DNS",
     "topline_expiring_certificate": "Váš SSL certifikát brzy vyprší. Aktualizujte <0>Nastavení šifrování</0>.",
     "topline_expired_certificate": "Váš SSL certifikát vypršel. Aktualizujte <0>Nastavení šifrování</0>.",
     "form_error_port_range": "Zadejte číslo portu v rozmezí 80-65535",
@@ -462,6 +467,7 @@
     "form_add_id": "Přidat identifikátor",
     "form_client_name": "Zadejte název klienta",
     "name": "Název",
+    "client_name": "Klient {{id}}",
     "client_global_settings": "Použít globální nastavení",
     "client_deleted": "Klient \"{{key}}\" byl úspěšně odstraněn",
     "client_added": "Klient \"{{key}}\" byl úspěšně přidán",
@@ -672,7 +678,7 @@
     "use_saved_key": "Použít dříve uložený klíče",
     "parental_control": "Rodičovská ochrana",
     "safe_browsing": "Bezpečné prohlížení",
-    "served_from_cache": "{{value}} <i>(převzato z mezipaměti)</i>",
+    "served_from_cache_label": "Převzato z mezipaměti",
     "form_error_password_length": "Heslo musí obsahovat od {{min}} do {{max}} znaků",
     "anonymizer_notification": "<0>Poznámka:</0> Anonymizace IP je zapnuta. Můžete ji vypnout v <1>Obecných nastaveních</1>.",
     "confirm_dns_cache_clear": "Opravdu chcete vymazat mezipaměť DNS?",
@@ -734,5 +740,8 @@
     "wednesday_short": "Středa",
     "thursday_short": "Čtvrtek",
     "friday_short": "Pátek",
-    "saturday_short": "Sobota"
+    "saturday_short": "Sobota",
+    "upstream_dns_cache_configuration": "Konfigurace mezipaměti odchozího DNS",
+    "enable_upstream_dns_cache": "Povolit ukládání do mezipaměti DNS pro vlastní konfiguraci odchozího připojení tohoto klienta",
+    "dns_cache_size": "Velikost mezipaměti DNS v bajtech"
 }

client/src/__locales/da.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "Liste over reserve (fallback) DNS-servere, som bruges, når upstream DNS-servere ikke reagerer. Samme syntaks som i upstream-hovedfeltet ovenfor.",
     "fallback_dns_placeholder": "Angiv én reserve DNS-server pr. linje",
     "local_ptr_title": "Private reverse DNS-servere",
-    "local_ptr_desc": "DNS-servere brugt af AdGuard Home til lokale PTR-forespørgsler. Disse servere bruges til at opløse PTR-forespørgsler fra private IP-adresseområder, f.eks. \"192.168.12.34\", vha. reverse DNS. Hvis ikke opsat, bruger AdGuard Home operativsystems standard DNS-opløsere undtagen for sine egne adresser.",
+    "local_ptr_desc": "DNS-serverne brugt af AdGuard Home til private PTR-, SOA- og NS-forespørgsler. En forespørgsel anses som privat, hvis den omhandler et ARPA-domæne indeholdende et undernet i et privat IP-områder, (såsom \"192.168.12.34\") og kommer fra en klient med en privat adresse. Hvis ikke opsat, bruger AdGuard Home OS'ets adresser på standard DNS-opløserne, bortset fra AdGuard Home-adresserne.",
     "local_ptr_default_resolver": "AdGuard Home bruger som standard flg. reverse DNS-opløsere: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home kunne ikke fastslå egnede private reverse DNS-opløsere for dette system.",
     "local_ptr_placeholder": "Angiv én IP-adresse pr. linje",
     "resolve_clients_title": "Aktivér omvendt løsning af klienters IP-adresser",
     "resolve_clients_desc": "Opløs klienters IP-adresser reverseret til deres værtsnavne ved at sende PTR-forespørgsler til korresponderende opløsere (private DNS-servere til lokale klienter, upstream-servere til klienter med offentlige IP-adresser).",
     "use_private_ptr_resolvers_title": "Brug private reverse DNS-opløsere",
-    "use_private_ptr_resolvers_desc": "Udfør reverse DNS-opslag for lokalt leverede adresser vha. disse upstream-servere. Hvis deaktiveret, svarer AdGuard Home med NXDOMAIN på alle sådanne PTR-forespørgsler bortset fra for klienter kendt via DHCP, /etc/hosts mv.",
+    "use_private_ptr_resolvers_desc": "Opløs PTR-, SOA- og NS-forespørgsler til ARPA-domæner indeholdende private adresser vha. private upstream-servere, DHCP, /etc/hosts mv. Hvis deaktiveret, besvarer AdGuard Home sådanne forespørgsler med NXDOMAIN.",
     "check_dhcp_servers": "Søg efter DHCP-servere",
     "save_config": "Gem opsætning",
     "enabled_dhcp": "DHCP-server aktiveret",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Upstream-servere er gemt",
     "dns_test_ok_toast": "Angivne DNS-servere fungerer korrekt",
     "dns_test_not_ok_toast": "Server \"{{key}}\": Kunne ikke bruges. Tjek, at du har angivet den korrekt",
+    "dns_test_parsing_error_toast": "Sektion {{section}}: linje {{line}}: kunne ikke anvendes. Tjek at den er angivet korrekt",
     "dns_test_warning_toast": "Upstream \"{{key}}\" svarer ikke på testforespørgsler og fungerer muligvis ikke korrekt",
     "unblock": "Afblokering",
     "block": "Blokering",
@@ -243,6 +244,7 @@
     "allow_this_client": "Tillad denne klient",
     "block_for_this_client_only": "Blokér kun for denne klient",
     "unblock_for_this_client_only": "Afblokér kun for denne klient",
+    "add_persistent_client": "Tilføj som vedvarende klient",
     "time_table_header": "Tid",
     "date": "Dato",
     "domain_name_table_header": "Domænenavn",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Værtsnavne",
     "encryption_reset": "Sikker på, at du vil nulstille krypteringsindstillingerne?",
     "encryption_warning": "Advarsel",
+    "encryption_plain_dns_enable": "Aktivér almindelig DNS",
+    "encryption_plain_dns_desc": "Almindelig DNS er aktiveret som standard. Den kan deaktiveres for at tvinge alle enheder til at bruge krypteret DNS. For at gøre dette, aktivér mindst én krypteret DNS-protokol",
+    "encryption_plain_dns_error": "Aktivér mindst én krypteret DNS-protokol for at deaktivere almindelig DNS",
     "topline_expiring_certificate": "Dit SSL-certifikat er ved at udløbe. Opdatér <0>Krypteringsindstillinger</0>.",
     "topline_expired_certificate": "Dit SSL-certifikat er udløbet. Opdatér <0>Krypteringsindstillinger</0>.",
     "form_error_port_range": "Angiv portnummer i intervallet 80-65535",
@@ -462,6 +467,7 @@
     "form_add_id": "Tilføj identifikator",
     "form_client_name": "Angiv klientnavn",
     "name": "Navn",
+    "client_name": "Klient {{id}}",
     "client_global_settings": "Brug globale indstillinger",
     "client_deleted": "Klient \"{{key}}\" slettet",
     "client_added": "Klient \"{{key}}\" tilføjet",
@@ -672,7 +678,7 @@
     "use_saved_key": "Brug den tidligere gemte nøgle",
     "parental_control": "Forældrekontrol",
     "safe_browsing": "Sikker Browsing",
-    "served_from_cache": "{{value}} <i>(leveret fra cache)</i>",
+    "served_from_cache_label": "Leveret fra cache",
     "form_error_password_length": "Adgangskode skal udgøre fra {{min}} til {{max}} tegn",
     "anonymizer_notification": "<0>Bemærk:</0> IP-anonymisering er aktiveret. Det kan deaktiveres via <1>Generelle indstillinger</1>.",
     "confirm_dns_cache_clear": "Sikker på, at DNS-cache skal ryddes?",
@@ -734,5 +740,8 @@
     "wednesday_short": "Ons",
     "thursday_short": "Tors",
     "friday_short": "Fre",
-    "saturday_short": "Lør"
+    "saturday_short": "Lør",
+    "upstream_dns_cache_configuration": "Upstream DNS-cacheopsætning",
+    "enable_upstream_dns_cache": "Aktivér DNS-cachelagring for denne klients tilpassede upstream-opsætning",
+    "dns_cache_size": "DNS-cachestørrelse i bytes"
 }

client/src/__locales/de.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "Liste der Fallback-DNS-Server, die verwendet werden, wenn die Upstream-DNS-Server nicht antworten. Die Syntax ist die gleiche wie im Hauptfeld für Upstream-Server oben.",
     "fallback_dns_placeholder": "Geben Sie einen Fallback-DNS-Server pro Zeile ein",
     "local_ptr_title": "Private inverse DNS-Server",
-    "local_ptr_desc": "Die DNS-Server, die AdGuard Home für lokale PTR-Abfragen verwendet. Diese Server werden verwendet, um die Hostnamen von Clients mit privaten IP-Adressen, z. B. „192.168.12.34“, per inverse DNS-Anfragen aufzulösen. Wenn nicht festgelegt, verwendet AdGuard Home die Adressen der Standard-DNS-Auflöser Ihres Betriebssystems mit Ausnahme der Adressen von AdGuard Home selbst.",
+    "local_ptr_desc": "Von AdGuard Home verwendete DNS-Server für private PTR-, SOA- und NS-Anfragen. Eine Anfrage gilt als privat, wenn sie nach einer ARPA-Domain fragt, die ein Subnetz innerhalb privater IP-Bereiche enthält (z. B. „192.168.12.34“) und von einem Client mit privater IP-Adresse stammt. Wenn nicht eingestellt, werden die Standard-DNS-Auflöser Ihres Betriebssystems verwendet, außer für die IP-Adressen von AdGuard Home.",
     "local_ptr_default_resolver": "Standardmäßig verwendet AdGuard Home die folgenden inversen DNS-Resolver: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home konnte keine geeigneten privaten Invers-DNS-Resolver für dieses System ermitteln.",
     "local_ptr_placeholder": "Geben Sie eine IP-Adresse pro Zeile ein",
     "resolve_clients_title": "Hostnamenauflösung der Clients aktivieren",
     "resolve_clients_desc": "Inverses Auflösen der IP-Adressen der Clients in ihre Hostnamen durch Senden von PTR-Anfragen an die entsprechenden Resolver (private DNS-Server für lokale Kunden, Upstream-Server für Kunden mit öffentlichen IP-Adressen).",
     "use_private_ptr_resolvers_title": "Private Reverse-DNS-Resolver verwenden",
-    "use_private_ptr_resolvers_desc": "Führt inverse DNS-Abfragen für lokal bereitgestellte Adressen mit diesen Upstream-Servern durch. Wenn deaktiviert, antwortet AdGuard Home mit NXDOMAIN auf alle solchen PTR-Anfragen, außer für Clients, die über DHCP, /etc/hosts usw. bekannt sind.",
+    "use_private_ptr_resolvers_desc": "Löst PTR-, SOA- und NS-Anfragen für ARD-Domains mit privaten IP-Adressen über private Upstream-Server, DHCP, /etc/hosts usw. auf. Ist diese Option deaktiviert, antwortet AdGuard Home auf alle derartigen Anfragen mit NXDOMAIN.",
     "check_dhcp_servers": "Auf DHCP-Server prüfen",
     "save_config": "Konfiguration speichern",
     "enabled_dhcp": "DHCP-Server aktiviert",
@@ -89,7 +89,7 @@
     "form_enter_hostname": "Gerätenamen eingeben",
     "error_details": "Fehlerdetails",
     "response_details": "Einzelheiten der Antwort",
-    "request_details": "Einzelheiten der Anfrage",
+    "request_details": "Informationen zur Anfrage",
     "client_details": "Einzelheiten des Clients",
     "details": "Details",
     "back": "Zurück",
@@ -121,7 +121,7 @@
     "stats_adult": "Gesperrte jugendgefährdende Websites",
     "stats_query_domain": "Am häufigsten angefragte Domains",
     "for_last_hours": "in die letzte {{count}} Stunde",
-    "for_last_hours_plural": "in die letzten {{count}} Stunden",
+    "for_last_hours_plural": "in den letzten {{count}} Stunden",
     "for_last_days": "am letzten {{count}} Tag",
     "for_last_days_plural": "in den letzten {{count}} Tage",
     "stats_disabled": "Die Statistik wurde deaktiviert. Sie können diese in den <0>Einstellungen</0> erneut aktivieren.",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Upstream-Server erfolgreich gespeichert",
     "dns_test_ok_toast": "Angegebene DNS-Server arbeiten ordnungsgemäß",
     "dns_test_not_ok_toast": "Server „{{key}}“: konnte nicht verwendet werden, bitte überprüfen Sie die korrekte Schreibweise",
+    "dns_test_parsing_error_toast": "Abschnitt {{section}}: Zeile {{line}}: konnte nicht verwendet werden, bitte überprüfen Sie, ob alles richtig geschrieben ist",
     "dns_test_warning_toast": "Upstream „{{key}}“ reagiert nicht auf Testanfragen und funktioniert möglicherweise nicht fehlerfrei",
     "unblock": "Entsperren",
     "block": "Sperren",
@@ -243,6 +244,7 @@
     "allow_this_client": "Diesen Client zulassen",
     "block_for_this_client_only": "Nur für diesen Client sperren",
     "unblock_for_this_client_only": "Nur für diesen Client freigeben",
+    "add_persistent_client": "Als dauerhaften Client hinzufügen",
     "time_table_header": "Zeit",
     "date": "Datum",
     "domain_name_table_header": "Domainname",
@@ -260,7 +262,7 @@
     "next_btn": "Nächste",
     "loading_table_status": "Wird geladen …",
     "page_table_footer_text": "Seite",
-    "rows_table_footer_text": "Reihen",
+    "rows_table_footer_text": "Zeilen",
     "updated_custom_filtering_toast": "Benutzerdefinierten Filterregeln erfolgreich gespeichert",
     "rule_removed_from_custom_filtering_toast": "Regel wurde aus den benutzerdefinierten Filterregeln entfernt: {{rule}}",
     "rule_added_to_custom_filtering_toast": "Regel wurde zu den benutzerdefinierten Filterregeln hinzugefügt: {{rule}}",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Hostnamen",
     "encryption_reset": "Möchten Sie die Verschlüsselungseinstellungen wirklich zurücksetzen?",
     "encryption_warning": "Warnhinweis",
+    "encryption_plain_dns_enable": "Einfaches DNS aktivieren",
+    "encryption_plain_dns_desc": "Einfaches DNS ist standardmäßig aktiviert. Sie können es deaktivieren, um alle Geräte zu zwingen, verschlüsseltes DNS zu verwenden. Dazu müssen Sie mindestens ein verschlüsseltes DNS-Protokoll aktivieren",
+    "encryption_plain_dns_error": "Um einfaches DNS zu deaktivieren, aktivieren Sie mindestens ein verschlüsseltes DNS-Protokoll",
     "topline_expiring_certificate": "Ihr SSL-Zertifikat läuft demnächst ab. Aktualisieren Sie Ihre <0>Verschlüsselungseinstellungen</0>.",
     "topline_expired_certificate": "Ihr SSL-Zertifikat ist abgelaufen. Aktualisieren Sie Ihre <0>Verschlüsselungseinstellungen</0>.",
     "form_error_port_range": "Geben Sie die Portnummer zwischen 80 und 65535 ein",
@@ -462,6 +467,7 @@
     "form_add_id": "Kennung hinzufügen",
     "form_client_name": "Clientnamen eingeben",
     "name": "Name",
+    "client_name": "Client {{id}}",
     "client_global_settings": "Allgemeine Einstellungen nutzen",
     "client_deleted": "Client „{{key}}“ erfolgreich entfernt",
     "client_added": "Client „{{key}}“ erfolgreich hinzugefügt",
@@ -672,7 +678,7 @@
     "use_saved_key": "Zuvor gespeicherten Schlüssel verwenden",
     "parental_control": "Kindersicherung",
     "safe_browsing": "Internetsicherheit",
-    "served_from_cache": "{{value}} <i>(aus dem Cache abgerufen)</i>",
+    "served_from_cache_label": "Aus dem Cache abgerufen",
     "form_error_password_length": "Das Passwort muss zwischen {{min}} und {{max}} Zeichen enthalten",
     "anonymizer_notification": "<0>Hinweis:</0> Die IP-Anonymisierung ist aktiviert. Sie können sie in den <1>Allgemeinen Einstellungen</1> deaktivieren.",
     "confirm_dns_cache_clear": "Möchten Sie den DNS-Cache wirklich leeren?",
@@ -680,8 +686,8 @@
     "clear_cache": "Cache leeren",
     "make_static": "Statisch machen",
     "theme_auto_desc": "Automatisch (basierend auf dem Farbschema Ihres Geräts)",
-    "theme_dark_desc": "Dunkles Farbschema",
-    "theme_light_desc": "Helles Farbschema",
+    "theme_dark_desc": "Dunkles Design",
+    "theme_light_desc": "Helles Design",
     "disable_for_seconds": "Für {{count}} Sekunde",
     "disable_for_seconds_plural": "Für {{count}} Sekunden",
     "disable_for_minutes": "Für {{count}} Minute",
@@ -734,5 +740,8 @@
     "wednesday_short": "Mi",
     "thursday_short": "Do",
     "friday_short": "Fr",
-    "saturday_short": "Sa"
+    "saturday_short": "Sa",
+    "upstream_dns_cache_configuration": "Konfiguration des Upstream-DNS-Cache",
+    "enable_upstream_dns_cache": "Caching für die benutzerdefinierte Upstream-Server-Konfiguration dieses Clients aktivieren",
+    "dns_cache_size": "Größe des DNS-Cache, in Bytes"
 }

client/src/__locales/en.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "List of fallback DNS servers used when upstream DNS servers are not responding. The syntax is the same as in the main upstreams field above.",
     "fallback_dns_placeholder": "Enter one fallback DNS server per line",
     "local_ptr_title": "Private reverse DNS servers",
-    "local_ptr_desc": "The DNS servers that AdGuard Home uses for local PTR queries. These servers are used to resolve PTR requests for addresses in private IP ranges, for example \"192.168.12.34\", using reverse DNS. If not set, AdGuard Home uses the addresses of the default DNS resolvers of your OS except for the addresses of AdGuard Home itself.",
+    "local_ptr_desc": "DNS servers used by AdGuard Home for private PTR, SOA, and NS requests. A request is considered private if it asks for an ARPA domain containing a subnet within private IP ranges (such as \"192.168.12.34\") and comes from a client with a private IP address. If not set, the default DNS resolvers of your OS will be used, except for the AdGuard Home IP addresses.",
     "local_ptr_default_resolver": "By default, AdGuard Home uses the following reverse DNS resolvers: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home could not determine suitable private reverse DNS resolvers for this system.",
     "local_ptr_placeholder": "Enter one IP address per line",
     "resolve_clients_title": "Enable reverse resolving of clients' IP addresses",
     "resolve_clients_desc": "Reversely resolve clients' IP addresses into their hostnames by sending PTR queries to corresponding resolvers (private DNS servers for local clients, upstream servers for clients with public IP addresses).",
     "use_private_ptr_resolvers_title": "Use private reverse DNS resolvers",
-    "use_private_ptr_resolvers_desc": "Perform reverse DNS lookups for locally served addresses using these upstream servers. If disabled, AdGuard Home responds with NXDOMAIN to all such PTR requests except for clients known from DHCP, /etc/hosts, and so on.",
+    "use_private_ptr_resolvers_desc": "Resolve PTR, SOA, and NS requests for ARPA domains containing private IP addresses through private upstream servers, DHCP, /etc/hosts, etc. If disabled, AdGuard Home will respond to all such requests with NXDOMAIN.",
     "check_dhcp_servers": "Check for DHCP servers",
     "save_config": "Save configuration",
     "enabled_dhcp": "DHCP server enabled",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Upstream servers successfully saved",
     "dns_test_ok_toast": "Specified DNS servers are working correctly",
     "dns_test_not_ok_toast": "Server \"{{key}}\": could not be used, please check that you've written it correctly",
+    "dns_test_parsing_error_toast": "Section {{section}}: line {{line}}: could not be used, please check that you've written it correctly",
     "dns_test_warning_toast": "Upstream \"{{key}}\" does not respond to test requests and may not work properly",
     "unblock": "Unblock",
     "block": "Block",
@@ -243,6 +244,7 @@
     "allow_this_client": "Allow this client",
     "block_for_this_client_only": "Block for this client only",
     "unblock_for_this_client_only": "Unblock for this client only",
+    "add_persistent_client": "Add as persistent client",
     "time_table_header": "Time",
     "date": "Date",
     "domain_name_table_header": "Domain name",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Hostnames",
     "encryption_reset": "Are you sure you want to reset encryption settings?",
     "encryption_warning": "Warning",
+    "encryption_plain_dns_enable": "Enable plain DNS",
+    "encryption_plain_dns_desc": "Plain DNS is enabled by default. You can disable it to force all devices to use encrypted DNS. To do this, you must enable at least one encrypted DNS protocol",
+    "encryption_plain_dns_error": "To disable plain DNS, enable at least one encrypted DNS protocol",
     "topline_expiring_certificate": "Your SSL certificate is about to expire. Update <0>Encryption settings</0>.",
     "topline_expired_certificate": "Your SSL certificate is expired. Update <0>Encryption settings</0>.",
     "form_error_port_range": "Enter port number in the range of 80-65535",
@@ -462,6 +467,7 @@
     "form_add_id": "Add identifier",
     "form_client_name": "Enter client name",
     "name": "Name",
+    "client_name": "Client {{id}}",
     "client_global_settings": "Use global settings",
     "client_deleted": "Client \"{{key}}\" successfully deleted",
     "client_added": "Client \"{{key}}\" successfully added",
@@ -672,7 +678,7 @@
     "use_saved_key": "Use the previously saved key",
     "parental_control": "Parental Control",
     "safe_browsing": "Safe Browsing",
-    "served_from_cache": "{{value}} <i>(served from cache)</i>",
+    "served_from_cache_label": "Served from cache",
     "form_error_password_length": "Password must be {{min}} to {{max}} characters long",
     "anonymizer_notification": "<0>Note:</0> IP anonymization is enabled. You can disable it in <1>General settings</1>.",
     "confirm_dns_cache_clear": "Are you sure you want to clear DNS cache?",

client/src/__locales/es.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "Lista de servidores DNS alternativos utilizados cuando los servidores DNS de subida no responden. La sintaxis es la misma que en el campo de los principales DNS de subida anterior.",
     "fallback_dns_placeholder": "Ingresa un servidor DNS alternativo por línea",
     "local_ptr_title": "Servidores DNS inversos y privados",
-    "local_ptr_desc": "Los servidores DNS que AdGuard Home utiliza para las consultas PTR locales. Estos servidores se utilizan para resolver las peticiones PTR de direcciones en rangos de IP privadas, por ejemplo \"192.168.12.34\", utilizando DNS inverso. Si no está establecido, AdGuard Home utilizará los resolutores DNS predeterminados de tu sistema operativo, excepto las direcciones del propio AdGuard Home.",
+    "local_ptr_desc": "Los servidores DNS que AdGuard Home utiliza para consultas PTR, SOA y NS privadas. La petición se considera privada si solicita un dominio ARPA que contiene una subred dentro de rangos IP privados, por ejemplo \"192.168.12.34\", y procede de un cliente con dirección privada. Si no se configura, AdGuard Home utiliza las direcciones de los resolvedores DNS predeterminados de tu sistema operativo, excepto las direcciones del propio AdGuard Home.",
     "local_ptr_default_resolver": "Por defecto, AdGuard Home utiliza los siguientes resolutores DNS inversos: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home no pudo determinar los resolutores DNS inversos y privados adecuados para este sistema.",
     "local_ptr_placeholder": "Ingresa una dirección IP por línea",
     "resolve_clients_title": "Habilitar la resolución inversa de las direcciones IP de clientes",
     "resolve_clients_desc": "Resolve de manera inversa las direcciones IP de los clientes a sus nombres de hosts enviando consultas PTR a los resolutores correspondientes (servidores DNS privados para clientes locales, servidores DNS de subida para clientes con direcciones IP públicas).",
     "use_private_ptr_resolvers_title": "Usar resolutores DNS inversos y privados",
-    "use_private_ptr_resolvers_desc": "Realiza búsquedas DNS inversas para direcciones servidas localmente utilizando estos servidores DNS de subida. Si está deshabilitado, AdGuard Home responderá con NXDOMAIN a todas las peticiones PTR de este tipo, excepto para los clientes conocidos por DHCP, /etc/hosts, etc.",
+    "use_private_ptr_resolvers_desc": "Resolver las peticiones PTR, SOA y NS para dominios ARPA que contienen direcciones privadas utilizando servidores upstream privados, DHCP, /etc/hosts, etc. Si se desactiva, AdGuard Home responde a todas estas consultas con NXDOMAIN.",
     "check_dhcp_servers": "Comprobar si hay servidores DHCP",
     "save_config": "Guardar configuración",
     "enabled_dhcp": "Servidor DHCP habilitado",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Servidores DNS de subida guardados correctamente",
     "dns_test_ok_toast": "Los servidores DNS especificados funcionan correctamente",
     "dns_test_not_ok_toast": "Servidor \"{{key}}\": no se puede utilizar, por favor revisa si lo has escrito correctamente",
+    "dns_test_parsing_error_toast": "No se pudo utilizar la sección {{section}}: línea {{line}}:, verifica si la escribiste correctamente",
     "dns_test_warning_toast": "DNS de subida \"{{key}}\" no responde a las peticiones de prueba y es posible que no funcione correctamente",
     "unblock": "Desbloquear",
     "block": "Bloquear",
@@ -243,6 +244,7 @@
     "allow_this_client": "Permitir a este cliente",
     "block_for_this_client_only": "Bloquear solo para este cliente",
     "unblock_for_this_client_only": "Desbloquear solo para este cliente",
+    "add_persistent_client": "Añadir como cliente persistente",
     "time_table_header": "Hora",
     "date": "Fecha",
     "domain_name_table_header": "Nombre del dominio",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Nombres de hosts",
     "encryption_reset": "¿Estás seguro de que deseas restablecer la configuración de cifrado?",
     "encryption_warning": "Advertencia",
+    "encryption_plain_dns_enable": "Activar DNS simple (sin cifrado)",
+    "encryption_plain_dns_desc": "El DNS simple (sin cifrado) está activado de forma predeterminada. Puedes desactivarlo para obligar a todos los dispositivos a utilizar DNS cifrado. Para ello, debes habilitar al menos un protocolo DNS cifrado",
+    "encryption_plain_dns_error": "Para desactivar el DNS simple, activa al menos un protocolo DNS cifrado",
     "topline_expiring_certificate": "Tu certificado SSL está a punto de expirar. Actualiza la <0>configuración de cifrado</0>.",
     "topline_expired_certificate": "Tu certificado SSL ha expirado. Actualiza la <0>configuración de cifrado</0>.",
     "form_error_port_range": "Ingresa el número del puerto en el rango de 80 a 65535",
@@ -462,6 +467,7 @@
     "form_add_id": "Añadir identificador",
     "form_client_name": "Ingresa el nombre del cliente",
     "name": "Nombre",
+    "client_name": "Cliente {{id}}",
     "client_global_settings": "Usar configuración global",
     "client_deleted": "Cliente \"{{key}}\" eliminado correctamente",
     "client_added": "Cliente \"{{key}}\" añadido correctamente",
@@ -672,7 +678,7 @@
     "use_saved_key": "Usar la clave guardada previamente",
     "parental_control": "Control parental",
     "safe_browsing": "Navegación segura",
-    "served_from_cache": "{{value}} <i>(servido desde la caché)</i>",
+    "served_from_cache_label": "Servido desde la caché",
     "form_error_password_length": "La contraseña debe tener entre {{min}} y {{max}} caracteres",
     "anonymizer_notification": "<0>Nota:</0> La anonimización de IP está habilitada. Puedes deshabilitarla en <1>Configuración general</1>.",
     "confirm_dns_cache_clear": "¿Estás seguro de que deseas borrar la caché DNS?",
@@ -734,5 +740,8 @@
     "wednesday_short": "Mié.",
     "thursday_short": "Jue.",
     "friday_short": "Vie.",
-    "saturday_short": "Sáb."
+    "saturday_short": "Sáb.",
+    "upstream_dns_cache_configuration": "Configuración de la caché DNS upstream",
+    "enable_upstream_dns_cache": "Habilitar el almacenamiento en caché de DNS para la configuración personalizada de este cliente",
+    "dns_cache_size": "Tamaño de la caché DNS, en bytes"
 }

client/src/__locales/fa.json

@@ -220,6 +220,7 @@
     "updated_upstream_dns_toast": "سرورهای DNS جریان ارسالی بروز رسانی شده است",
     "dns_test_ok_toast": "سرورهای DNS تعیین شده بدرستی کار می کنند",
     "dns_test_not_ok_toast": "سرور \"{{key}}\": نمیتواند مورد استفاده قرار گیرد،لطفا بررسی کنید آن را بدرستی نوشته اید",
+    "dns_test_parsing_error_toast": "بخش {{section}}: خط {{line}}: نمی‌تواند مورد استفاده قرار گیرد،لطفا بررسی کنید آن را به‌درستی نوشته‌اید",
     "unblock": "رفع انسداد",
     "block": "مسدود کردن",
     "disallow_this_client": "این مشتری را رد کنید",
@@ -420,6 +421,7 @@
     "form_add_id": "افزودن احرازکننده",
     "form_client_name": "نام کلاینت را وارد کنید",
     "name": "نام",
+    "client_name": "مشتری {{id}}",
     "client_global_settings": "استفاده از تنظیمات سراسری",
     "client_deleted": "کلاینت \"{{key}}\" را با موفقیت حذف کرد",
     "client_added": "کلاینت \"{{key}}\" را با موفقیت اضافه کرد",

client/src/__locales/fi.json

@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Ylävirtapalvelimet tallennettiin",
     "dns_test_ok_toast": "Määritetyt DNS-palvelimet toimivat oikein",
     "dns_test_not_ok_toast": "Palvelin \"{{key}}\": Ei voitu käyttää, tarkista oikeinkirjoitus",
+    "dns_test_parsing_error_toast": "Osio {{section}}: rivi {{line}}: Ei voitu käyttää, tarkista oikeinkirjoitus",
     "dns_test_warning_toast": "Datavuon \"{{key}}\" ei vastaa testipyyntöihin eikä välttämättä toimi kunnolla",
     "unblock": "Salli",
     "block": "Estä",
@@ -243,6 +244,7 @@
     "allow_this_client": "Salli tämä päätelaite",
     "block_for_this_client_only": "Estä vain tältä päätelaitteelta",
     "unblock_for_this_client_only": "Salli vain tälle päätelaitteelle",
+    "add_persistent_client": "Lisää pysyvänä päätelaitteena",
     "time_table_header": "Aika",
     "date": "Päiväys",
     "domain_name_table_header": "Verkkotunnus",
@@ -270,12 +272,12 @@
     "query_log_cleared": "Pyyntöhistorian tyhjennys onnistui",
     "query_log_updated": "Pyyntöhistorian päivitys onnistui",
     "query_log_clear": "Tyhjennä pyyntöhistoria",
-    "query_log_retention": "Kyselylokien kierto",
+    "query_log_retention": "Pyyntöhistorian kierto",
     "query_log_enable": "Käytä historiaa",
     "query_log_configuration": "Historian määritys",
-    "query_log_disabled": "Pyyntöhistoria ei ole käytössä. Voit ottaa sen käyttöön <0>asetuksissa</0>",
+    "query_log_disabled": "Pyyntöhistoria ei ole käytössä. Voit ottaa sen käyttöön <0>asetuksista</0>.",
     "query_log_strict_search": "Käytä tarkalle haulle lainausmerkkejä",
-    "query_log_retention_confirm": "Haluatko varmasti muuttaa kyselylokin kiertoa? Jos pienennät intervalliarvoa, osa tiedoista menetetään",
+    "query_log_retention_confirm": "Haluatko varmasti muuttaa pyyntöhistorian kiertoa? Jos pienennät aikaväliä, osa tiedoista menetetään.",
     "anonymize_client_ip": "Piilota päätelaitteen IP-osoite",
     "anonymize_client_ip_desc": "Älä tallenna päätelaitteen täydellistä IP-osoitetta historiaan ja tilastoihin.",
     "dns_config": "DNS-palvelimen määritys",
@@ -303,22 +305,22 @@
     "download_mobileconfig_dot": "Lataa .mobileconfig-tiedosto DNS-over-TLS -käytölle",
     "download_mobileconfig": "Lataa asetustiedosto",
     "plain_dns": "Tavallinen DNS",
-    "form_enter_rate_limit": "Syötä rajoitus",
-    "rate_limit": "Pyyntöjen ajoitus",
+    "form_enter_rate_limit": "Syötä pyyntörajoitus",
+    "rate_limit": "Pyyntöajoitus",
     "edns_enable": "Käytä EDNS-päätelaitealivekkoa",
-    "edns_cs_desc": "Lähetä päätelaitteiden aliverkot DNS-palvelimille.",
+    "edns_cs_desc": "Lisää EDNS Client Subnet (ECS) -valinta ylävirran pyyntöihin ja kirjaa päätelaitteiden lähettämät arvot pyyntöhistoriaan.",
     "edns_use_custom_ip": "Käytä omaa IP-osoitetta EDNS:lle",
     "edns_use_custom_ip_desc": "Salli oman IP-osoitteen käyttö EDNS-mekanismille.",
     "rate_limit_desc": "Päätelaitteelle sallittu pyyntöjen enimmäismäärä sekunnissa. Arvo 0 tarkoittaa rajatonta.",
     "rate_limit_subnet_len_ipv4": "IPv4-osoitteiden aliverkon etuliitteen pituus",
-    "rate_limit_subnet_len_ipv4_desc": "Aliverkon etuliitteen pituus IPv4-osoitteille, joita käytetään nopeuden rajoittamiseen. Oletusarvo on 24",
-    "rate_limit_subnet_len_ipv4_error": "IPv4-aliverkon etuliitteen pituuden tulee olla 0–32",
+    "rate_limit_subnet_len_ipv4_desc": "Pyyntörajoitukseen käytettävien IPv4-osoitteiden aliverkon etuliitteen pituus. Oletusarvo on 24.",
+    "rate_limit_subnet_len_ipv4_error": "IPv4-aliverkon etuliitteen pituuden tulee olla väliltä 0–32.",
     "rate_limit_subnet_len_ipv6": "IPv6-osoitteiden aliverkon etuliitteen pituus",
-    "rate_limit_subnet_len_ipv6_desc": "Aliverkon etuliitteen pituus IPv6-osoitteille, joita käytetään nopeuden rajoittamiseen. Oletusarvo on 56",
-    "rate_limit_subnet_len_ipv6_error": "IPv6-aliverkon etuliitteen pituuden tulee olla 0–128",
-    "form_enter_rate_limit_subnet_len": "Anna aliverkon etuliitteen pituus nopeuden rajoittamista varten",
-    "rate_limit_whitelist": "Nopeutta rajoittava sallittu luettelo",
-    "rate_limit_whitelist_desc": "IP-osoitteet, jotka eivät kuulu nopeusrajoituksen piiriin",
+    "rate_limit_subnet_len_ipv6_desc": "Pyyntörajoitukseen käytettävien IPv6-osoitteiden aliverkon etuliitteen pituus. Oletusarvo on 56.",
+    "rate_limit_subnet_len_ipv6_error": "IPv6-aliverkon etuliitteen pituuden tulee olla väliltä 0–128.",
+    "form_enter_rate_limit_subnet_len": "Syötä pyyntörajoitukseen käytettävä aliverkon etuliitteen pituus",
+    "rate_limit_whitelist": "Pyyntörajoituksen ohituslista",
+    "rate_limit_whitelist_desc": "IP-osoitteet, jotka eivät kuulu pyyntörajoituksen piiriin.",
     "rate_limit_whitelist_placeholder": "Syötä yksi IP-osoite per rivi",
     "blocking_ipv4_desc": "Estettyyn A-pyyntöön palautettava IP-osoite",
     "blocking_ipv6_desc": "Estettyyn AAAA-pyyntöön palautettava IP-osoite",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Isäntänimet",
     "encryption_reset": "Haluatko varmasti palauttaa salausasetukset?",
     "encryption_warning": "Varoitus",
+    "encryption_plain_dns_enable": "Käytä tavallista DNS:ää",
+    "encryption_plain_dns_desc": "Tavallinen DNS on oletusarvoisesti käytössä. Voit poistaa sen käytöstä pakottaaksesi kaikki laitteet käyttämään salattua DNS:ää. Tätä varten sinun on otettava käyttöön ainakin yksi salattu DNS-protokolla.",
+    "encryption_plain_dns_error": "Voit poistaa tavallisen DNS:n käytöstä ottamalla käyttöön ainakin yhden salatun DNS-protokollan.",
     "topline_expiring_certificate": "SSL-varmenteesi on erääntymässä. Päivitä <0>Salausasetukset</0>.",
     "topline_expired_certificate": "SSL-varmenteesi on erääntynyt. Päivitä <0>Salausasetukset</0>.",
     "form_error_port_range": "Syötä portti väliltä 80-65535",
@@ -443,7 +448,7 @@
     "manual_update": "Seuraa <a>näitä ohjeita</a> päivittääksesi manuaalisesti.",
     "processing_update": "Odota kun AdGuard Home päivittyy",
     "clients_title": "Pysyvät päätelaitteet",
-    "clients_desc": "Määritä pysyvät AdGuard Homeen yhdistetyt päätelaitetiedot.",
+    "clients_desc": "Määritä AdGuard Homeen pysyvästi yhdistettyjen päätelaitteiden tiedot.",
     "settings_global": "Yleinen",
     "settings_custom": "Mukautettu",
     "table_client": "Asiakas",
@@ -462,6 +467,7 @@
     "form_add_id": "Lisää tunniste",
     "form_client_name": "Syötä päätelaitteen nimi",
     "name": "Nimi",
+    "client_name": "Päätelaite {{id}}",
     "client_global_settings": "Käytä yleisiä asetuksia",
     "client_deleted": "Päätelaite \"{{key}}\" poistettiin",
     "client_added": "Päätelaite \"{{key}}\" lisättiin",
@@ -475,10 +481,10 @@
     "access_desc": "Tässä voidaan määrittää AdGuard Homen DNS-palvelimen käyttöoikeussääntöjä.",
     "access_allowed_title": "Sallitut päätelaitteet",
     "access_allowed_desc": "Lista CIDR-merkinnöistä, IP-osoitteista tai <a>ClientID</a>-tunnisteista. Jos listalla on kohteita, hyväksyy AdGuard Home pyyntöjä vain näiltä päätelaitteilta.",
-    "access_disallowed_title": "Kielletyt päätelaitteet",
+    "access_disallowed_title": "Estetyt päätelaitteet",
     "access_disallowed_desc": "Lista CIDR-merkinnöistä, IP-osoitteista tai <a>ClientID</a>-tunnisteista. Jos listalla on kohteita, hylkää AdGuard Home näiden päätelaitteiden pyynnöt. Tätä kenttää ei huomioida, jos sallittuja päätelaitteita on määritetty.",
-    "access_blocked_title": "Kielletyt verkkotunnukset",
-    "access_blocked_desc": "Ei pidä sekoittaa suodattimiin. AdGuard Home hylkää näiden verkkotunnusten DNS-pyynnöt, eivätkä nämä pyynnöt näy edes pyyntöhistoriassa. Tähän voidaan syöttää tarkkoja verkkotunnuksia, jokerimerkkejä tai URL-suodatussääntöjä, kuten \"example.org\", \"*.example.org\" tai \"||example.org^\".",
+    "access_blocked_title": "Estetyt verkkotunnukset",
+    "access_blocked_desc": "Ei pidä sekoittaa suodattimiin. AdGuard Home hylkää näiden verkkotunnusten DNS-pyynnöt, eivätkä nämä pyynnöt myöskään näy pyyntöhistoriassa. Tähän voidaan syöttää tarkkoja verkkotunnuksia, jokerimerkkejä tai URL-suodatussääntöjä, kuten \"example.org\", \"*.example.org\" tai \"||example.org^\".",
     "access_settings_saved": "Käytön asetukset tallennettiin",
     "updates_checked": "Uusi versio AdGuard Home -ohjelmasta on saatavana\n",
     "updates_version_equal": "AdGuard Home on ajan tasalla",
@@ -557,7 +563,7 @@
     "ignore_domains": "Ohitettavat verkkotunnukset (erotettu rivinvaihdolla)",
     "ignore_domains_title": "Ohitettavat verkkotunnukset",
     "ignore_domains_desc_stats": "Sääntöihin sopivat kyselyt eivät kirjoitu tilastoihin",
-    "ignore_domains_desc_query": "Sääntöihin sopivat kyselyt eivät tallennu kyselylokiin",
+    "ignore_domains_desc_query": "Näitä sääntöjä vastaavia pyyntöjä ei tallenneta pyyntöhistoriaan.",
     "interval_hours": "{{count}} tunti",
     "interval_hours_plural": "{{count}} tuntia",
     "filters_configuration": "Suodatinten määritys",
@@ -672,7 +678,7 @@
     "use_saved_key": "Käytä aiemmin tallennettua avainta",
     "parental_control": "Lapsilukko",
     "safe_browsing": "Turvallinen selaus",
-    "served_from_cache": "{{value}} <i>(jaettu välimuistista)</i>",
+    "served_from_cache_label": "Toimitettu välimuistista",
     "form_error_password_length": "Salasanan on oltava {{min}} - {{max}} merkkiä pitkä",
     "anonymizer_notification": "<0>Huomioi:</0> IP-osoitteen anonymisointi on käytössä. Voit poistaa sen käytöstä <1>Yleisistä asetuksista</1>.",
     "confirm_dns_cache_clear": "Haluatko varmasti tyhjentää DNS-välimuistin?",
@@ -700,8 +706,8 @@
     "custom_retention_input": "Syötä säilytysaika tunteina",
     "custom_rotation_input": "Syötä uudistusaika tunteina",
     "protection_section_label": "Suojaus",
-    "log_and_stats_section_label": "Kyselyhistoria ja tilastot",
-    "ignore_query_log": "Älä huomioi tätä päätettä kyselyhistoriassa",
+    "log_and_stats_section_label": "Pyyntöhistoria ja tilastot",
+    "ignore_query_log": "Älä huomioi tätä päätelaitetta pyyntöhistoriassa",
     "ignore_statistics": "Älä huomioi tätä päätettä tilastoissa",
     "schedule_services": "Keskeytä palveluesto",
     "schedule_services_desc": "Määritä palvelunestosuodattimen keskeytysajoitus.",
@@ -734,5 +740,8 @@
     "wednesday_short": "Ke",
     "thursday_short": "To",
     "friday_short": "Pe",
-    "saturday_short": "La"
+    "saturday_short": "La",
+    "upstream_dns_cache_configuration": "Ylävirran DNS-välimuistin määritykset",
+    "enable_upstream_dns_cache": "Käytä DNS-välimuistia tämän päätelaitteen mukautetuissa ylävirtamäärityksissä",
+    "dns_cache_size": "DNS-välimuistin koko tavuina"
 }

client/src/__locales/fr.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "Liste des serveurs DNS de repli utilisés lorsque les serveurs DNS en amont ne répondent pas. La syntaxe est la même que dans le champ principal en amont ci-dessus.",
     "fallback_dns_placeholder": "Saisissez un serveur DNS de repli par ligne",
     "local_ptr_title": "Serveurs DNS privés inverses",
-    "local_ptr_desc": "Les serveurs DNS que AdGuard Home utilise pour les requêtes PTR locales. Ces serveurs sont utilisés pour résoudre les noms d'hôte des clients avec des adresses IP privées, par exemple « 192.168.12.34 », en utilisant le DNS inversé. Si ce paramètre n'est pas défini, AdGuard Home utilise les adresses des résolveurs DNS par défaut de votre système d'exploitation, à l'exception des adresses d'AdGuard Home lui-même.",
+    "local_ptr_desc": "Les serveurs DNS utilisés par AdGuard Home pour les requêtes privées PTR, SOA et NS. Une requête est considérée privée si elle demande un domaine ARPA contenant un sous-réseau entre les plages IP privées (par exemple \"192.168.12.34\") et provient d'un client avec une adresse IP privée. Sans réglages additionnels, les résolveurs DNS par défaut de votre système d'exploitation seront utilisés, sauf pour les adresses IP d'AdGuard Home.",
     "local_ptr_default_resolver": "Par défaut, AdGuard Home utilise les résolveurs DNS inversés suivants : {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home n'a pas pu déterminer de résolveurs DNS inversés privés appropriés pour ce système.",
     "local_ptr_placeholder": "Saisissez une adresse IP par ligne",
     "resolve_clients_title": "Activer la résolution inverse des adresses IP des clients",
     "resolve_clients_desc": "Résoudre inversement les adresses IP des clients en leurs noms d'hôtes en envoyant des requêtes PTR aux résolveurs correspondants (serveurs DNS privés pour les clients locaux, serveurs en amont pour les clients ayant une adresse IP publique).",
     "use_private_ptr_resolvers_title": "Utiliser des résolveurs DNS inversés privés",
-    "use_private_ptr_resolvers_desc": "Effectuer des recherches DNS inversées pour les adresses servies localement en utilisant ces serveurs en amont. S'il est désactivé, AdGuard Home répond avec NXDOMAIN à toutes les requêtes PTR de ce type, sauf pour les clients connus par DHCP, /etc/hosts, etc.",
+    "use_private_ptr_resolvers_desc": "Résolvez les requêtes PTR, SOA et NS pour les domaines ARPA contenant des adresses IP privées par aide des serveurs privés en amont, DHCP, /etc/hosts, etc. S'il est désactivé, AdGuard Home répondra à toutes ces requêtes avec NXDOMAIN.",
     "check_dhcp_servers": "Rechercher les serveurs DHCP",
     "save_config": "Sauvegarder la configuration",
     "enabled_dhcp": "Serveur DHCP activé",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Serveurs en amont enregistrés",
     "dns_test_ok_toast": "Les serveurs DNS spécifiés fonctionnent correctement",
     "dns_test_not_ok_toast": "Impossible d'utiliser le serveur « {{key}} »: veuillez vérifier si le nom saisi est bien correct",
+    "dns_test_parsing_error_toast": "La section {{section}}: ligne {{line}}: n'a pas pu être utilisée, veuillez vérifier que vous l'avez écrite correctement",
     "dns_test_warning_toast": "L'amont « {{key}} » ne répond pas aux demandes de test et peut ne pas fonctionner correctement",
     "unblock": "Débloquer",
     "block": "Bloquer",
@@ -243,6 +244,7 @@
     "allow_this_client": "Autoriser ce client",
     "block_for_this_client_only": "Bloquer uniquement pour ce client",
     "unblock_for_this_client_only": "Débloquer uniquement pour ce client",
+    "add_persistent_client": "Ajouter comme client persistant",
     "time_table_header": "Temps",
     "date": "Date",
     "domain_name_table_header": "Nom de domaine",
@@ -310,6 +312,15 @@
     "edns_use_custom_ip": "Utiliser une IP personnalisée pour EDNS",
     "edns_use_custom_ip_desc": "Autoriser l'utilisation d'une adresse IP personnalisée pour EDNS",
     "rate_limit_desc": "Le nombre de requêtes par seconde qu’un seul client est autorisé à faire. Le réglage 0 fait illimité.",
+    "rate_limit_subnet_len_ipv4": "Longueur du préfixe de sous-réseau pour les adresses IPv4",
+    "rate_limit_subnet_len_ipv4_desc": "Longueur du préfixe de sous-réseau pour les adresses IPv4 utilisé pour la limitation de vitesse. La valeur par défaut est 24",
+    "rate_limit_subnet_len_ipv4_error": "La longueur du préfixe du sous-réseau IPv4 doit être entre 0 et 32",
+    "rate_limit_subnet_len_ipv6": "Longueur du préfixe de sous-réseau pour les adresses IPv6",
+    "rate_limit_subnet_len_ipv6_desc": "Longueur du préfixe de sous-réseau pour les adresses IPv6 utilisé pour la limitation de débit. La valeur par défaut est 56",
+    "rate_limit_subnet_len_ipv6_error": "La longueur du préfixe du sous-réseau IPv6 doit être entre 0 et 128",
+    "form_enter_rate_limit_subnet_len": "Saisissez la longueur du préfixe de sous-réseau pour la limitation de débit",
+    "rate_limit_whitelist": "Liste d'autorisation de limitation de débit",
+    "rate_limit_whitelist_desc": "Adresses IP exclues de la limitation du débit",
     "rate_limit_whitelist_placeholder": "Saisissez une adresse IP par ligne",
     "blocking_ipv4_desc": "Adresse IP à renvoyer pour une demande A bloquée",
     "blocking_ipv6_desc": "Adresse IP à renvoyer pour une demande AAAA bloquée",
@@ -414,6 +425,9 @@
     "encryption_hostnames": "Noms d'hôte",
     "encryption_reset": "Voulez-vous vraiment réinitialiser les paramètres de chiffrement ?",
     "encryption_warning": "Attention",
+    "encryption_plain_dns_enable": "Activer le DNS simple",
+    "encryption_plain_dns_desc": "Le DNS simple est activé par défaut. Vous pouvez le désactiver pour forcer tous les appareils à utiliser un DNS crypté. Pour faire ça, vous devez activer au moins un protocole DNS crypté",
+    "encryption_plain_dns_error": "Pour désactiver le DNS simple, activez au moins un protocole DNS crypté",
     "topline_expiring_certificate": "Votre certificat SSL est sur le point d'expirer. Mettez à jour vos <0>Paramètres de chiffrement</0>.",
     "topline_expired_certificate": "Votre certificat SSL a expiré. Mettez à jour vos <0>Paramètres de chiffrement</0>.",
     "form_error_port_range": "Saisissez une valeur de port entre 80 et 65535",
@@ -453,6 +467,7 @@
     "form_add_id": "Ajouter identifiant",
     "form_client_name": "Saisissez le nom du client",
     "name": "Nom",
+    "client_name": "Client {{id}}",
     "client_global_settings": "Utiliser les paramètres généraux",
     "client_deleted": "Le client « {{key}} » a été supprimé",
     "client_added": "Le client « {{key}} » a été ajouté",
@@ -663,7 +678,7 @@
     "use_saved_key": "Utiliser la clef précédemment enregistrée",
     "parental_control": "Contrôle parental",
     "safe_browsing": "Navigation sécurisée",
-    "served_from_cache": "{{value}} <i>(depuis le cache)</i>",
+    "served_from_cache_label": "Servi depuis le cache",
     "form_error_password_length": "Le mot de passe doit comporter entre {{min}} et {{max}}  caractères",
     "anonymizer_notification": "<0>Note :</0> L'anonymisation IP est activée. Vous pouvez la désactiver dans les <1>paramètres généraux</1>.",
     "confirm_dns_cache_clear": "Voulez-vous vraiment vider le cache DNS ?",
@@ -725,5 +740,8 @@
     "wednesday_short": "Mer.",
     "thursday_short": "Jeu.",
     "friday_short": "Ven.",
-    "saturday_short": "Sam."
+    "saturday_short": "Sam.",
+    "upstream_dns_cache_configuration": "Configuration du cache DNS en amont",
+    "enable_upstream_dns_cache": "Activer la mise en cache pour la configuration personnalisée du serveur en amont de ce client",
+    "dns_cache_size": "Taille du cache DNS, en bytes"
 }

client/src/__locales/hr.json

@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Uzvodni poslužitelji uspješno su spremljeni",
     "dns_test_ok_toast": "Odabrani DNS poslužitelji su trenutno aktivni",
     "dns_test_not_ok_toast": "\"{{key}}\" poslužitelja: ne može se upotrijebiti, provjerite jeste li to ispravno napisali",
+    "dns_test_parsing_error_toast": "Odjeljak {{section}}: redak {{line}}: nije moguće koristiti, provjerite jeste li ispravno napisali",
     "dns_test_warning_toast": "Upstream \"{{key}}\" ne odgovara na zahtjeve za testiranje i možda neće raditi ispravno",
     "unblock": "Odblokiraj",
     "block": "Blokiraj",
@@ -243,6 +244,7 @@
     "allow_this_client": "Omogući ovog klijenta",
     "block_for_this_client_only": "Blokiraj samo za ovog klijenta",
     "unblock_for_this_client_only": "Odblokiraj samo za ovog klijenta",
+    "add_persistent_client": "Dodaj u spremljene klijente",
     "time_table_header": "Vrijeme",
     "date": "Datum",
     "domain_name_table_header": "Naziv domene",
@@ -310,6 +312,15 @@
     "edns_use_custom_ip": "Koristi prilagođeni IP za EDNS",
     "edns_use_custom_ip_desc": "Dopusti korištenje prilagođenog IP-a za EDNS",
     "rate_limit_desc": "Broj zahtjeva u sekundi koji su dopušteni po jednom klijentu. Postavljanje na 0 znači neograničeno.",
+    "rate_limit_subnet_len_ipv4": "Duljina prefiksa podmreže za IPv4 adrese",
+    "rate_limit_subnet_len_ipv4_desc": "Duljina prefiksa podmreže za IPv4 adrese koje se koriste za ograničavanje brzine. Zadana vrijednost je 24",
+    "rate_limit_subnet_len_ipv4_error": "Dužina IPv4 prefiksa podmreže trebala bi biti između 0 i 32",
+    "rate_limit_subnet_len_ipv6": "Duljina prefiksa podmreže za IPv6 adrese",
+    "rate_limit_subnet_len_ipv6_desc": "Duljina prefiksa podmreže za IPv6 adrese koje se koriste za ograničavanje brzine. Zadana vrijednost je 56",
+    "rate_limit_subnet_len_ipv6_error": "Dužina IPv6 prefiksa podmreže trebala bi biti između 0 i 128",
+    "form_enter_rate_limit_subnet_len": "Unesite duljinu prefiksa podmreže za ograničenje brzine",
+    "rate_limit_whitelist": "Popis dopuštenih za ograničavanje brzine",
+    "rate_limit_whitelist_desc": "IP adrese isključene iz ograničenja brzine",
     "rate_limit_whitelist_placeholder": "Unesite jednu adresu poslužitelja po retku",
     "blocking_ipv4_desc": "Povratna IP adresa za blokirane A zahtjeve",
     "blocking_ipv6_desc": "Povratna IP adresa za blokirane AAAA zahtjeve",
@@ -453,6 +464,7 @@
     "form_add_id": "Dodaj identifikator",
     "form_client_name": "Unesite naziv klijenta",
     "name": "Naziv",
+    "client_name": "Klijent {{id}}",
     "client_global_settings": "Koristi globalne postavke",
     "client_deleted": "Klijent \"{{key}}\" je uspješno uklonjen",
     "client_added": "Klijent \"{{key}}\" je uspješno dodan",
@@ -725,5 +737,8 @@
     "wednesday_short": "Sri",
     "thursday_short": "Čet",
     "friday_short": "Pet",
-    "saturday_short": "Sub"
+    "saturday_short": "Sub",
+    "upstream_dns_cache_configuration": "Konfiguracija predmemoriranja upstream DNS poslužitelja",
+    "enable_upstream_dns_cache": "Uključite keširanje za korisničku konfiguraciju upstream servera ovog klijenta",
+    "dns_cache_size": "Veličina DNS predmemorije, u bajtovima"
 }

client/src/__locales/hu.json

@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Upstream szerverek sikeresen mentve",
     "dns_test_ok_toast": "A megadott DNS-kiszolgálók megfelelően működnek",
     "dns_test_not_ok_toast": "Szerver \"{{key}}\": nem használható, ellenőrizze, hogy helyesen írta-e be",
+    "dns_test_parsing_error_toast": "Szekció {{section}}: sor {{line}}: nem használható, ellenőrizze, hogy helyesen írta-e be",
     "dns_test_warning_toast": "A \"{{key}}\" feltöltés nem válaszol a tesztkérelmekre, és lehet, hogy nem működik megfelelően",
     "unblock": "Feloldás",
     "block": "Blokkolás",
@@ -243,6 +244,7 @@
     "allow_this_client": "Engedélyezés ennek a kliensnek",
     "block_for_this_client_only": "Tiltás csak ennek a kliensnek",
     "unblock_for_this_client_only": "Feloldás csak ennek a kliensnek",
+    "add_persistent_client": "Hozzáadás állandó ügyfélként",
     "time_table_header": "Idő",
     "date": "Dátum",
     "domain_name_table_header": "Domain név",
@@ -462,6 +464,7 @@
     "form_add_id": "Azonosító hozzáadása",
     "form_client_name": "Adja meg a kliens nevét",
     "name": "Név",
+    "client_name": "Ügyfél {{id}}",
     "client_global_settings": "Globális beállítások használata",
     "client_deleted": "A(z) \"{{key}}\" kliens sikeresen el lett távolítva",
     "client_added": "A(z) \"{{key}}\" kliens sikeresen hozzá lett adva",
@@ -734,5 +737,8 @@
     "wednesday_short": "Szer",
     "thursday_short": "Csüt",
     "friday_short": "Pén",
-    "saturday_short": "Szom"
+    "saturday_short": "Szom",
+    "upstream_dns_cache_configuration": "Upstream DNS gyorsítótár konfigurációja",
+    "enable_upstream_dns_cache": "A DNS gyorsítótárazásának engedélyezése az ügyfél egyéni upstream konfigurációjához",
+    "dns_cache_size": "DNS gyorsítótár mérete, bájtokban"
 }

client/src/__locales/id.json

@@ -10,7 +10,7 @@
     "bootstrap_dns": "Server DNS bootstrap",
     "bootstrap_dns_desc": "Alamat IP server DNS yang digunakan untuk menyelesaikan alamat IP resolver DoH/DoT yang Anda tentukan sebagai upstream. Komentar tidak diizinkan.",
     "fallback_dns_title": "Server DNS cadangan",
-    "fallback_dns_desc": "Daftar server DNS cadangan yang digunakan ketika server DNS hulu tidak merespons. Sintaksnya sama dengan bidang hulu utama di atas.",
+    "fallback_dns_desc": "Daftar server DNS cadangan yang digunakan ketika server hulu DNS tidak merespons. Sintaksnya sama dengan kolom hulu utama di atas.",
     "fallback_dns_placeholder": "Masukkan satu server DNS cadangan per baris",
     "local_ptr_title": "Server pembalik DNS pribadi",
     "local_ptr_desc": "Server DNS yang digunakan AdGuard Home untuk kueri PTR lokal. Server ini digunakan untuk menyelesaikan nama host klien dengan alamat IP pribadi, misalnya \"192.168.12.34\", menggunakan DNS terbalik. Jika tidak disetel, AdGuard Home menggunakan alamat resolver DNS default OS Anda kecuali untuk alamat AdGuard Home itu sendiri.",
@@ -20,7 +20,7 @@
     "resolve_clients_title": "Aktifkan resolusi hostname klien",
     "resolve_clients_desc": "Menyelesaikan alamat IP klien secara terbalik ke nama host mereka dengan mengirimkan kueri PTR ke resolver yang sesuai (server DNS pribadi untuk klien lokal, server upstream untuk klien dengan alamat IP publik).",
     "use_private_ptr_resolvers_title": "Gunakan server pembalik DNS pribadi",
-    "use_private_ptr_resolvers_desc": "Lakukan pencarian DNS terbalik untuk alamat yang disajikan secara lokal menggunakan server upstream ini. Jika dinonaktifkan, Adguard Home merespon dengan NXDOMAIN untuk semua permintaan PTR tersebut kecuali untuk klien yang diketahui dari DHCP, /etc/hosts, dan seterusnya.",
+    "use_private_ptr_resolvers_desc": "Lakukan pencarian DNS terbalik untuk alamat yang disajikan secara lokal menggunakan server hulu ini. Jika dinonaktifkan, Adguard Home merespons dengan NXDOMAIN untuk semua permintaan PTR tersebut kecuali untuk klien yang diketahui dari DHCP, /etc/hosts, dan seterusnya.",
     "check_dhcp_servers": "Cek untuk server DHCP",
     "save_config": "Simpan pengaturan",
     "enabled_dhcp": "Server DHCP diaktifkan",
@@ -68,7 +68,7 @@
     "ip": "IP",
     "dhcp_table_hostname": "Nama host",
     "dhcp_table_expires": "Kadaluwarsa",
-    "dhcp_warning": "Jika anda ingin mengaktifkan server DHCP bawaan, pastikan tidak ada server DHCP lain yang aktif. Jika tidak, akan memutus koneksi internet pada perangkat yang telah terhubung!",
+    "dhcp_warning": "Jika Anda tetap ingin mengaktifkan server DHCP, pastikan tidak ada server DHCP lain yang aktif di jaringan Anda, karena hal ini dapat memutus konektivitas Internet untuk perangkat di jaringan!",
     "dhcp_error": "AdGuard Home tidak dapat menentukan apakah ada server DHCP aktif lain pada jaringan",
     "dhcp_static_ip_error": "Jika ingin menggunakan server DHCP, alamat IP statis harus diatur. AdGuard Home gagal menentukan jika antarmuka jaringan ini dikonfigurasi menggunakan alamat IP statis. Silakan atur alamat IP statis secara manual.",
     "dhcp_dynamic_ip_found": "Sistem Anda menggunakan konfigurasi alamat IP dinamis untuk antarmuka <0>{{interfaceName}}</0>. Untuk menggunakan server DHCP, alamat IP statis harus ditetapkan. Alamat IP Anda saat ini adalah <0>{{ipAddress}}</0>. AdGuard Home akan secara otomatis menetapkan alamat IP ini sebagai statis jika Anda menekan tombol Aktifkan DHCP.",
@@ -117,8 +117,8 @@
     "refresh_statics": "Segarkan statistik",
     "dns_query": "Kueri DNS",
     "blocked_by": "<0>Diblokir oleh</0>",
-    "stats_malware_phishing": "Malware/phishing diblokir",
-    "stats_adult": "Situs dewasa diblokir",
+    "stats_malware_phishing": "Malware/phishing terblokir",
+    "stats_adult": "Situs dewasa terblokir",
     "stats_query_domain": "Kueri domain teratas",
     "for_last_hours": "selama {{count}} jam terakhir",
     "for_last_hours_plural": "selama {{count}} jam terakhir",
@@ -138,17 +138,17 @@
     "number_of_dns_query_days_plural": "Jumlah kueri DNS yang diproses selama {{count}} hari terakhir",
     "number_of_dns_query_hours": "Jumlah kueri DNS diproses selama {{{count}} jam terakhir",
     "number_of_dns_query_hours_plural": "Jumlah kueri DNS diproses selama {{count}} jam terakhir",
-    "number_of_dns_query_blocked_24_hours": "Julah DNS diblokir oleh penyaring adblock dan daftar blokir hosts",
-    "number_of_dns_query_blocked_24_hours_by_sec": "Jumlah perminataan DNS diblokir oleh modul Kemanan Penjelajahan AdGuard",
-    "number_of_dns_query_blocked_24_hours_adult": "Jumlah website dewasa diblokir",
+    "number_of_dns_query_blocked_24_hours": "Jumlah permintaan DNS yang diblokir oleh filter adblock dan daftar hitam host",
+    "number_of_dns_query_blocked_24_hours_by_sec": "Jumlah permintaan DNS yang diblokir oleh modul keamanan penjelajahan AdGuard",
+    "number_of_dns_query_blocked_24_hours_adult": "Jumlah situs web dewasa yang diblokir",
     "enforced_save_search": "Paksa pencarian aman",
     "number_of_dns_query_to_safe_search": "Jumlah perminataan DNS ke mesin pencari yang dipaksa Pencarian Aman",
     "average_processing_time": "Rata-rata waktu pemrosesan",
-    "average_upstream_response_time": "Waktu respons server upstream rata-rata",
+    "average_upstream_response_time": "Rata-rata waktu respons hulu",
     "response_time": "Waktu respons",
     "average_processing_time_hint": "Rata-rata waktu dalam milidetik untuk pemrosesan sebuah permintaan DNS",
     "block_domain_use_filters_and_hosts": "Blokir domain menggunakan filter dan file hosts",
-    "filters_block_toggle_hint": "Anda dapat menyiapkan aturan pemblokiran di pengaturan <a>Penyaringan</a>.",
+    "filters_block_toggle_hint": "Anda dapat menyiapkan aturan pemblokiran dalam pengaturan <a>Filter</a>.",
     "use_adguard_browsing_sec": "Gunakan layanan web Keamanan Penjelajahan AdGuard",
     "use_adguard_browsing_sec_hint": "AdGuard Home akan memeriksa apakah domain diblokir oleh layanan web keamanan penjelajahan. Ini akan menggunakan API pencarian yang ramah privasi untuk melakukan pemeriksaan: hanya awalan singkat dari hash nama domain SHA256 yang dikirim ke server.",
     "use_adguard_parental": "Gunakan layanan web kontrol orang tua AdGuard",
@@ -166,7 +166,7 @@
     "encryption_settings": "Pengaturan enkripsi",
     "dhcp_settings": "Pengaturan DHCP",
     "upstream_dns": "Server DNS hulu",
-    "upstream_dns_help": "Masukkan alamat server per baris. <a>Pelajari lebih</a> mengenai konfigurasi upstream server DNS.",
+    "upstream_dns_help": "Masukkan satu alamat server per baris. <a>Pelajari lebih lanjut</a> mengenai cara mengonfigurasi server DNS hulu.",
     "upstream_dns_configured_in_file": "Diatur dalam {{path}}",
     "test_upstream_btn": "Uji hulu",
     "upstreams": "Upstream",
@@ -192,10 +192,10 @@
     "delete_table_action": "Hapus",
     "elapsed": "Berlalu",
     "filters_and_hosts_hint": "AdGuard Home memahami aturan dasar adblock dan sintak file hosts.",
-    "no_blocklist_added": "Tiada daftar hitam ditambahkan",
-    "no_whitelist_added": "Tiada daftar putih ditambahkan",
-    "add_blocklist": "Tambah daftar hitam",
-    "add_allowlist": "Tambah daftar putih",
+    "no_blocklist_added": "Tidak ada daftar hitam yang ditambahkan",
+    "no_whitelist_added": "Tidak ada daftar putih yang ditambahkan",
+    "add_blocklist": "Tambahkan daftar hitam",
+    "add_allowlist": "Tambahkan daftar putih",
     "cancel_btn": "Batal",
     "enter_name_hint": "Masukkan nama",
     "enter_url_or_path_hint": "Masukan sebuah URL atau jalur absolut dari daftar",
@@ -224,10 +224,10 @@
     "example_upstream_regular": "DNS reguler (melalui UDP);",
     "example_upstream_regular_port": "DNS biasa (lebih dari UDP, dengan port);",
     "example_upstream_udp": "DNS biasa (lebih dari UDP, nama host);",
-    "example_upstream_dot": "terenkripsi <0>DNS-over-TLS</0>;",
-    "example_upstream_doh": "terenkripsi <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doh3": "DNS-over-HTTPS terenkripsi dengan paksa <0>HTTP/3</0> dan tidak ada fallback ke HTTP/2 atau lebih rendah;",
-    "example_upstream_doq": "terenkripsi <0>DNS-over-QUIC</0>;",
+    "example_upstream_dot": "<0>DNS melalui TLS</0> terenkripsi;",
+    "example_upstream_doh": "<0>DNS melalui HTTPS</0> terenkripsi;",
+    "example_upstream_doh3": "DNS melalui HTTPS terenkripsi dengan <0>HTTP/3</0> secara paksa dan tidak ada cadangan ke HTTP/2 atau lebih rendah;",
+    "example_upstream_doq": "<0>DNS melalui QUIC</0> terenkripsi;",
     "example_upstream_sdns": "<0>Stempel DNS</0> untuk <1>DNSCrypt</1> atau pengarah <2>DNS-over-HTTPS</2>;",
     "example_upstream_tcp": "DNS reguler (melalui TCP);",
     "example_upstream_tcp_port": "DNS biasa (melalui TCP, dengan port);",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Server upstream berhasil disimpan",
     "dns_test_ok_toast": "Server DNS yang ditentukan bekerja dengan benar",
     "dns_test_not_ok_toast": "Server \"{{key}}\": tidak dapat digunakan, mohon cek bahwa Anda telah menulisnya dengan benar",
+    "dns_test_parsing_error_toast": "Bagian {{section}}: baris {{line}}: tidak dapat digunakan, mohon cek bahwa Anda telah menulisnya dengan benar",
     "dns_test_warning_toast": "Upstream \"{{key}}\" tidak menanggapi permintaan pengujian dan mungkin tidak berfungsi dengan baik",
     "unblock": "Buka Blokir",
     "block": "Blok",
@@ -243,6 +244,7 @@
     "allow_this_client": "Ijinkan klien ini",
     "block_for_this_client_only": "Blok hanya untuk klien ini",
     "unblock_for_this_client_only": "Jangan diblok hanya untuk klien ini",
+    "add_persistent_client": "Tambahkan sebagai klien persisten",
     "time_table_header": "Waktu",
     "date": "Tanggal",
     "domain_name_table_header": "Nama domain",
@@ -289,7 +291,7 @@
     "custom_ip": "Custom IP",
     "blocking_ipv4": "Blokiran IPv4",
     "blocking_ipv6": "Blokiran IPv6",
-    "blocked_response_ttl": "Respon TLL diblokir",
+    "blocked_response_ttl": "Respons TTL terblokir",
     "blocked_response_ttl_desc": "Menentukan berapa detik klien harus menyimpan respons yang difilter dalam cache",
     "form_enter_blocked_response_ttl": "Masukkan TTL respons yang diblokir (detik)",
     "dnscrypt": "DNSCrypt",
@@ -320,9 +322,9 @@
     "rate_limit_whitelist": "Daftar pembatasan tarif yang diizinkan",
     "rate_limit_whitelist_desc": "Alamat IP dikecualikan dari pembatasan tarif",
     "rate_limit_whitelist_placeholder": "Masukkan satu alamat IP per baris",
-    "blocking_ipv4_desc": "Alamat IP akan dikembalikan untuk permintaan A yang diblokir",
-    "blocking_ipv6_desc": "Alamat IP akan dipulihkan untuk permintaan AAAA yang diblokir",
-    "blocking_mode_default": "Default: Tanggapi dengan alamat IP nol (0.0.0.0 untuk A; :: untuk AAAA) saat diblokir oleh aturan gaya Adblock; tanggapi dengan alamat IP yang ditentukan dalam aturan ketika diblokir oleh aturan gaya host /etc/",
+    "blocking_ipv4_desc": "Alamat IP yang akan dikembalikan untuk permintaan A yang diblokir",
+    "blocking_ipv6_desc": "Alamat IP yang akan dikembalikan untuk permintaan AAAA yang diblokir",
+    "blocking_mode_default": "Standar: Tanggapi dengan alamat IP nol (0.0.0.0 untuk A; :: untuk AAAA) saat diblokir oleh aturan gaya Adblock; tanggapi dengan alamat IP yang ditentukan dalam aturan ketika diblokir oleh aturan /etc/hosts-style",
     "blocking_mode_refused": "DITOLAK: Respon dengan kode DITOLAK",
     "blocking_mode_nxdomain": "NXDOMAIN: Respon pakai kode NXDOMAIN",
     "blocking_mode_null_ip": "Null IP: Respon pakai alamat IP kosong (0.0.0.0 untuk A; :: untuk AAAA)",
@@ -330,7 +332,7 @@
     "theme_auto": "Auto",
     "theme_light": "Terang",
     "theme_dark": "Gelap",
-    "upstream_dns_client_desc": "Jika Anda biarkan bidang ini kosong, AdGuard Home akan memakai server yang dikonfigurasi di<0>Pengaturan DNS</0>.",
+    "upstream_dns_client_desc": "Jika Anda biarkan kolom ini kosong, AdGuard Home akan menggunakan server yang dikonfigurasi di <0>pengaturan DNS</0>.",
     "tracker_source": "Sumber pelacak",
     "source_label": "Sumber",
     "found_in_known_domain_db": "Ditemukan di database domain dikenal",
@@ -340,7 +342,7 @@
     "unknown_filter": "Penyaringan {{filterId}} tidak dikenal",
     "known_tracker": "Pelacak yang dikenal",
     "install_welcome_title": "Selamat datang di AdGuard Home!",
-    "install_welcome_desc": "AdGuard Home adalah sebuah server DNS pemblokiran iklan dan pelacak di jaringan. Tujuannya adalah memungkinkan anda mengkontrol seluruh jaringan dan semua perangkat anda, dan ini tidak membutuhkan aplikasi tambahan di klien",
+    "install_welcome_desc": "AdGuard Home adalah server DNS pemblokir iklan dan pelacak di seluruh jaringan. Tujuannya untuk memungkinkan Anda mengendalikan seluruh jaringan dan semua perangkat Anda, dan tidak perlu menggunakan program sisi klien.",
     "install_settings_title": "Antarmuka Halaman Admin",
     "install_settings_listen": "Antarmuka pengoperasian",
     "install_settings_port": "Port",
@@ -362,10 +364,10 @@
     "install_submit_title": "Selamat!",
     "install_submit_desc": "Prosedur pengaturan telah selesai, dan anda siap untuk mulai menggunakan AdGuard Home.",
     "install_devices_router": "Router",
-    "install_devices_router_desc": "Setelan ini akan secara otomatis mencakup semua perangkat yang terhubung ke router rumah anda dan anda tak perlu mengkonfigurasikan secara manual.",
+    "install_devices_router_desc": "Penyiapan ini secara otomatis mencakup semua perangkat yang terhubung ke router rumah Anda, tidak perlu mengkonfigurasi masing-masing perangkat secara manual.",
     "install_devices_address": "Server DNS AdGuard Home akan menggunakan alamat berikut",
     "install_devices_router_list_1": "Buka preferensi untuk router Anda. Biasanya, Anda dapat mengaksesnya dari browser Anda melalui URL, seperti http://192.168.0.1/ atau http://192.168.1.1/. Anda mungkin diminta untuk memasukkan kata sandi. Jika Anda tidak mengingatnya, Anda sering kali dapat mengatur ulang kata sandi dengan menekan tombol pada perute itu sendiri, tetapi perlu diketahui bahwa jika prosedur ini dipilih, Anda mungkin akan kehilangan seluruh konfigurasi perute. Jika router Anda memerlukan aplikasi untuk menyiapkannya, instal aplikasi tersebut di ponsel atau PC Anda dan gunakan untuk mengakses pengaturan router.",
-    "install_devices_router_list_2": "Temukan pengaturan DHCP / DNS. Cari huruf DNS di sebelah bidang yang memungkinkan dua atau tiga set angka, masing-masing dipecah menjadi empat grup dengan satu hingga tiga digit.",
+    "install_devices_router_list_2": "Temukan pengaturan DHCP / DNS. Cari huruf DNS di sebelah kolom yang memungkinkan dua atau tiga set angka, masing-masing dipecah menjadi empat kelompok dengan satu hingga tiga digit.",
     "install_devices_router_list_3": "Masukkan alamat server AdGuard Home disana",
     "install_devices_router_list_4": "Anda tidak dapat menyetel server DNS kustom pada beberapa tipe router. Dalam hal ini mungkin membantu jika Anda mengatur AdGuard Home sebagai <0>server DHCP</0>. Jika tidak, Anda harus mencari petunjuk tentang cara mengkustomisasi server DNS untuk model router khusus Anda.",
     "install_devices_windows_list_1": "Buka Panel Kontrol melalui menu Start atau pencarian Windows.",
@@ -386,7 +388,7 @@
     "install_devices_ios_list_1": "Dari layar beranda, ketuk Pengaturan.",
     "install_devices_ios_list_2": "Pilih Wi-Fi di menu sebelah kiri (tidak mungkin untuk mengkonfigurasi DNS untuk jaringan seluler).",
     "install_devices_ios_list_3": "Ketuk nama jaringan yang saat ini aktif.",
-    "install_devices_ios_list_4": "Di bidang DNS, masukkan alamat server AdGuard Home anda.",
+    "install_devices_ios_list_4": "Di kolom DNS, masukkan alamat server AdGuard Home Anda.",
     "get_started": "Mari mulai",
     "next": "Selanjutnya",
     "open_dashboard": "Buka Beranda",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Nama host",
     "encryption_reset": "Anda yakin ingin mengatur ulang pengaturan enkripsi?",
     "encryption_warning": "Peringatan",
+    "encryption_plain_dns_enable": "Aktifkan DNS biasa",
+    "encryption_plain_dns_desc": "DNS biasa diaktifkan secara standar. Anda dapat menonaktifkannya untuk memaksa semua perangkat menggunakan DNS terenkripsi. Untuk melakukan ini, Anda harus mengaktifkan setidaknya satu protokol DNS terenkripsi",
+    "encryption_plain_dns_error": "Untuk menonaktifkan DNS biasa, aktifkan setidaknya satu protokol DNS terenkripsi",
     "topline_expiring_certificate": "Sertifikat SSL Anda hampir kedaluwarsa. Perbarui <0>Pengaturan enkripsi</0>.",
     "topline_expired_certificate": "Sertifikat SSL Anda kedaluwarsa. Perbarui <0>Pengaturan enkripsi</0>.",
     "form_error_port_range": "Masukkan nomor port di kisaran 80-65535",
@@ -439,7 +444,7 @@
     "fix": "Perbaiki",
     "dns_providers": "Berikut adalah <0>daftar penyedia DNS yang dikenal</0> untuk dipilih.",
     "update_now": "Perbarui sekarang",
-    "update_failed": "Pembaruan otomatis gagal. Silahkan <a>ikuti petunjuk ini</a> untuk perbarui secara manual.",
+    "update_failed": "Pembaruan otomatis gagal. Silakan <a>ikuti langkah-langkah berikut</a> untuk memperbarui secara manual.",
     "manual_update": "Silakan <a>mengikuti langkah berikut</a> untuk memperbarui secara manual.",
     "processing_update": "Silahkan tunggu, AdGuard Home sedang diperbarui",
     "clients_title": "Klien yang gigih",
@@ -449,7 +454,7 @@
     "table_client": "Klien",
     "table_name": "Nama",
     "save_btn": "Simpan",
-    "client_add": "Tambah Klien",
+    "client_add": "Tambahkan Klien",
     "client_new": "Klien Baru",
     "client_edit": "Ubah Klien",
     "client_identifier": "Identifikasi",
@@ -459,9 +464,10 @@
     "form_enter_subnet_ip": "Masukkan alamat IP di subnet \"{{cidr}}\"",
     "form_enter_mac": "Masukkan MAC",
     "form_enter_id": "Masukkan pengenal",
-    "form_add_id": "Tambah pengenal",
+    "form_add_id": "Tambahkan pengenal",
     "form_client_name": "Masukkan nama klien",
     "name": "Nama",
+    "client_name": "Klien {{id}}",
     "client_global_settings": "Gunakan pengaturan global",
     "client_deleted": "Klien \"{{key}}\" berhasil dihapus",
     "client_added": "Klien \"{{key}}\" berhasil ditambahkan",
@@ -476,7 +482,7 @@
     "access_allowed_title": "Klien yang diizinkan",
     "access_allowed_desc": "Daftar CIDR, alamat IP, atau <a>ClientID</a>. Jika daftar ini memiliki entri, AdGuard Home hanya akan menerima permintaan dari klien ini.",
     "access_disallowed_title": "Klien yang tidak diizinkan",
-    "access_disallowed_desc": "Daftar CIDR, alamat IP, atau <a>ClientID</a>. Jika daftar ini memiliki entri, AdGuard Home akan membatalkan permintaan dari klien ini. Bidang ini diabaikan jika ada entri di klien yang diizinkan.",
+    "access_disallowed_desc": "Daftar CIDR, alamat IP, atau <a>ClientID</a>. Jika daftar ini memiliki entri, AdGuard Home akan membatalkan permintaan dari klien ini. Kolom ini diabaikan jika ada entri di daftar putih klien.",
     "access_blocked_title": "Domain yang diblokir",
     "access_blocked_desc": "Jangan bingung dengan filter. AdGuard Home menghapus kueri DNS yang cocok dengan domain ini, dan kueri ini bahkan tidak muncul di log kueri. Anda dapat menentukan nama domain, karakter pengganti, atau aturan filter URL yang tepat, mis. \"example.org\", \"*.example.org\", atau \"||example.org^\" yang sesuai.",
     "access_settings_saved": "Pengaturan akses berhasil disimpan",
@@ -485,7 +491,7 @@
     "check_updates_now": "Periksa pembaruan sekarang",
     "version_request_error": "Pemeriksaan pembaruan gagal. Harap periksa koneksi internet anda.",
     "dns_privacy": "DNS Privasi",
-    "setup_dns_privacy_1": "<0>DNS-over-TLS:</0> Memakai <1>{{address}}</1> string.",
+    "setup_dns_privacy_1": "<0>DNS melalui TLS:</0> Gunakan <1>{{address}}</1> string.",
     "setup_dns_privacy_2": "<0>DNS-over-TLS:</0> Memakai <1>{{address}}</1> string.",
     "setup_dns_privacy_3": "<0>Berikut daftar perangkat lunak yang dapat Anda gunakan.</0>",
     "setup_dns_privacy_4": "Di perangkat iOS 14 atau macOS Big Sur, Anda dapat mengunduh file '.mobileconfig' khusus yang menambahkan server <highlight>DNS-over-HTTPS</highlight> atau <highlight>DNS-over-TLS</highlight> ke pengaturan DNS.",
@@ -505,7 +511,7 @@
     "rewrite_added": "DNS rewrite untuk \"{{key}}\" berhasil ditambahkan",
     "rewrite_deleted": "DNS rewrite untuk \"{{key}}\" berhasil dihapus",
     "rewrite_updated": "Penulisan ulang DNS berhasil diperbarui",
-    "rewrite_add": "Tambah DNS rewrite",
+    "rewrite_add": "Tambahkan penulisan ulang DNS",
     "rewrite_edit": "Edit penulisan ulang DNS",
     "rewrite_not_found": "Tidak ada DNS rewrite ditemukan",
     "rewrite_confirm_delete": "Apakah anda yakin ingin menghapus DNS rewrite untuk \"{{key}}\"?",
@@ -542,7 +548,7 @@
     "domain": "Domain",
     "ecs": "ECS",
     "punycode": "Kode kecil",
-    "answer": "Jawab",
+    "answer": "Jawaban",
     "filter_added_successfully": "Filter telah berhasil ditambahkan",
     "filter_removed_successfully": "Daftar ini telah sukses dihapus",
     "filter_updated": "Daftar telah sukses diperbarui",
@@ -594,10 +600,10 @@
     "fastest_addr": "Alamat IP tercepat",
     "fastest_addr_desc": "Kuiri semua server DNS dan kembalikan alamat IP tercepat diantara semua tanggapan. Ini memperlambat pencarian DNS Sebagai Rumah AdGuard harus menunggu tanggapan dari semua server DNS, tapi meningkatkan konektivitas keseluruhan.",
     "autofix_warning_text": "Apabila anda menekan \"Perbaiki\", AdGuardHome akan mengatur sistem anda untuk menggunakan server DNS AdGuardHome.",
-    "autofix_warning_list": "Ini akan melakukan tugas berikut: <0>Nonaktifkan sistem DNSStubListener</0> <0> Atur alamat server DNS ke 127.0.0.1</0> <0>Ganti target tautan simbolis /etc/resolv.conf pakai /run/systemd/resolve/resolv.conf</0> <0>Hentikan DNSStubListener (muat ulang layanan sistemd-resolve service)</0>",
+    "autofix_warning_list": "Ini akan melakukan tugas berikut: <0>Nonaktifkan sistem DNSStubListener</0> <0>Atur alamat server DNS ke 127.0.0.1</0> <0>Ganti target tautan simbolis /etc/resolv.conf dengan /run/systemd/resolve/resolv.conf</0> <0>Hentikan DNSStubListener (muat ulang layanan sistemd-resolved)</0>",
     "autofix_warning_result": "Hasilnya, semua permintaan DNS dari sistem anda akan diproses oleh AdGuardHome secara standar.",
     "tags_title": "Tag",
-    "tags_desc": "Anda dapat memilih tag sesuai dengan klien. Tag dapat dimasukkan dalam aturan pemfilteran dan memungkinkan Anda untuk menerapkannya lebih akurat. <0>Pelajari lebih</0>.",
+    "tags_desc": "Anda dapat memilih tag yang sesuai dengan klien. Sertakan tag dalam aturan pemfilteran untuk menerapkannya dengan lebih akurat. <0>Pelajari lebih lanjut</0>.",
     "form_select_tags": "Pilih tag klien",
     "check_title": "Periksa penyaringan",
     "check_desc": "Periksa apakah nama host telah tersaring.",
@@ -605,7 +611,7 @@
     "form_enter_host": "Masukkan nama host",
     "filtered_custom_rules": "Tersaring oleh aturan penyaring Buatan",
     "choose_from_list": "Pilih dari daftar",
-    "add_custom_list": "Tambah daftar buatan",
+    "add_custom_list": "Tambahkan daftar kustom",
     "host_whitelisted": "Host didaftar putihkan",
     "check_ip": "Alamat IP: {{ip}}",
     "check_cname": "CNAME: {{cname}}",
@@ -615,8 +621,8 @@
     "check_not_found": "Tidak di temukan di daftar penyaringan anda",
     "client_confirm_block": "Apa anda yakin ingin mem-blokir klien ini \"{{ip}}\"?",
     "client_confirm_unblock": "Apa anda yakin ingin meng-unblock klien ini \"{{ip}}\"?",
-    "client_blocked": "Klien \"{{ip}}\" sukses di blokir",
-    "client_unblocked": "Klien \"{{ip}}\" sukses di unblock",
+    "client_blocked": "Klien \"{{ip}}\" berhasil diblokir",
+    "client_unblocked": "Klien \"{{ip}}\" berhasil membuka blokir",
     "static_ip": "Alamat IP statis",
     "static_ip_desc": "AdGuard Home adalah server jadi perlu alamat IP statis agar berfungsi dengan benar. Jika tidak, pada titik tertentu, router Anda dapat menetapkan alamat IP yang berbeda untuk perangkat ini.",
     "set_static_ip": "Atur alamat IP statik",
@@ -634,8 +640,8 @@
     "show_whitelisted_responses": "Dalam Daftar Putih",
     "show_processed_responses": "Terproses",
     "blocked_safebrowsing": "Diblokir oleh Penjelajahan Aman",
-    "blocked_adult_websites": "Diblok oleh Kontrol Orang tua",
-    "blocked_threats": "Blokir Ancaman",
+    "blocked_adult_websites": "Diblokir oleh Kontrol Orang Tua",
+    "blocked_threats": "Ancaman terblokir",
     "allowed": "Dibolehkan",
     "filtered": "Tersaring",
     "rewritten": "Tulis ulang",
@@ -649,7 +655,7 @@
     "enter_cache_size": "Masukkan ukuran cache (bytes)",
     "enter_cache_ttl_min_override": "Masukkan TTL minimum (detik)",
     "enter_cache_ttl_max_override": "Masukkan TTL maksimum (detik)",
-    "cache_ttl_min_override_desc": "Perpanjang nilai waktu-online singkat (detik) yang diterima dari server upstream saat menyimpan respons DNS.",
+    "cache_ttl_min_override_desc": "Perpanjang nilai waktu untuk hidup (detik) yang diterima dari server hulu saat menyimpan respons DNS.",
     "cache_ttl_max_override_desc": "Tetapkan nilai waktu-online maksimum (detik) untuk entri di cache DNS.",
     "ttl_cache_validation": "Nilai TTL cache minimum harus kurang dari atau sama dengan nilai maksimum",
     "cache_optimistic": "Caching yang optimis",
@@ -676,7 +682,7 @@
     "form_error_password_length": "Kata sandi harus terdiri dari {{min}} hingga {{max}}",
     "anonymizer_notification": "<0>Catatan:</0> Anonimisasi IP diaktifkan. Anda dapat menonaktifkannya di <1>Pengaturan umum</1> .",
     "confirm_dns_cache_clear": "Apakah Anda yakin ingin menghapus cache DNS?",
-    "cache_cleared": "Cache DNS berhasil dibersihkan",
+    "cache_cleared": "Cache DNS berhasil dihapus",
     "clear_cache": "Hapus cache",
     "make_static": "Jadikan statis",
     "theme_auto_desc": "Otomatis (berdasarkan skema warna perangkat anda)",
@@ -734,5 +740,8 @@
     "wednesday_short": "Rab",
     "thursday_short": "Kam",
     "friday_short": "Jum",
-    "saturday_short": "Sab"
+    "saturday_short": "Sab",
+    "upstream_dns_cache_configuration": "Konfigurasi cache DNS upstream",
+    "enable_upstream_dns_cache": "Aktifkan cache DNS untuk konfigurasi hulu kustom pada klien ini",
+    "dns_cache_size": "Ukuran cache DNS, dalam byte"
 }

client/src/__locales/it.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "Elenco dei server DNS fallback utilizzati quando i server DNS upstream non rispondono. La sintassi è la stessa del campo principale upstream sopra.",
     "fallback_dns_placeholder": "Inserisci un server DNS fallback per riga",
     "local_ptr_title": "Server DNS privati inversi",
-    "local_ptr_desc": "I server DNS che AdGuard Home utilizza per le richieste PTR locali. Questi server vengono utilizzati per risolvere i nomi host dei client con indirizzi IP privati, ad esempio \"192.168.12.34\", utilizzando il DNS inverso. Se non è impostato, AdGuard Home utilizzerà gli indirizzi dei resolutori DNS predefiniti del tuo sistema operativo ad eccezione degli indirizzi di AdGuard Home stesso.",
+    "local_ptr_desc": "I server DNS usati da AdGuard Home per richieste private PTR, SOA e NS. Una richiesta è considerata privata se richiede un dominio ARPA contenente una sottorete all'interno di intervalli IP privati (come \"192.168.12.34\") e proviene da un client con un indirizzo IP privato. Se non impostato, saranno usati i risolutori DNS predefiniti del tuo sistema operativo, ad eccezione degli indirizzi IP di AdGuard Home.",
     "local_ptr_default_resolver": "Per impostazione predefinita, AdGuard Home utilizzerà i seguenti risolutori DNS inversi: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home non è stato in grado di determinare i risolutori DNS inversi privati adatti per questo sistema.",
     "local_ptr_placeholder": "Inserisci un indirizzo IP per riga",
     "resolve_clients_title": "Attiva la risoluzione inversa degli indirizzi IP dei client",
     "resolve_clients_desc": "Risolve inversamente gli indirizzi IP dei client nei loro nomi host inviando richieste PTR ai risolutori corrispondenti (server DNS privati per client locali, server upstream per client con indirizzi IP pubblici).",
     "use_private_ptr_resolvers_title": "Utilizza dei resolver rDNS privati",
-    "use_private_ptr_resolvers_desc": "Esegue ricerche DNS inverse per indirizzi locali utilizzando questi server upstream. Se disattivata, AdGuard Home risponderà con NXDOMAIN a tutte le richieste PTR ad eccezione dei client noti da DHCP, /etc/hosts, e così via.",
+    "use_private_ptr_resolvers_desc": "Risolvi le richieste PTR, SOA e NS per domini ARPA contenenti indirizzi IP privati tramite server upstream privati, DHCP, /etc/hosts, ecc. Se disabilitato, AdGuard Home risponderà a tutte queste richieste con NXDOMAIN.",
     "check_dhcp_servers": "Controlla la presenza di server DHCP",
     "save_config": "Salva configurazione",
     "enabled_dhcp": "Server DHCP attivo",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "I server upstream sono stati salvati correttamente",
     "dns_test_ok_toast": "I server DNS specificati funzionano correttamente",
     "dns_test_not_ok_toast": "Server \"{{key}}\": non può essere utilizzato, assicurati di averlo digitato correttamente",
+    "dns_test_parsing_error_toast": "Sezione {{section}}: riga {{line}}: non può essere usata, controlla se l'hai scritta correttamente",
     "dns_test_warning_toast": "Upstream \"{{key}}\" non risponde alle richieste di test e potrebbe non funzionare correttamente",
     "unblock": "Sblocca",
     "block": "Blocca",
@@ -243,6 +244,7 @@
     "allow_this_client": "Consenti questo client",
     "block_for_this_client_only": "Blocca solo per questo client",
     "unblock_for_this_client_only": "Sblocca solo per questo client",
+    "add_persistent_client": "Aggiungi come client persistente",
     "time_table_header": "Ora",
     "date": "Data",
     "domain_name_table_header": "Nome dominio",
@@ -310,6 +312,15 @@
     "edns_use_custom_ip": "Usa IP personalizzato per EDNS",
     "edns_use_custom_ip_desc": "Consentire l'uso di un IP personalizzato per EDNS",
     "rate_limit_desc": "Il numero di richieste al secondo consentite da un singolo client. Impostare questo valore a 0 rimuove le limitazioni.",
+    "rate_limit_subnet_len_ipv4": "Lunghezza prefisso di sottorete per indirizzi IPv4",
+    "rate_limit_subnet_len_ipv4_desc": "Lunghezza prefisso sottorete per indirizzi IPv4 usati per la limitazione della velocità. Valore predefinito 24",
+    "rate_limit_subnet_len_ipv4_error": "La lunghezza del prefisso di sottorete IPv4 deve essere compresa tra 0 e 32",
+    "rate_limit_subnet_len_ipv6": "Lunghezza prefisso di sottorete per indirizzi IPv6",
+    "rate_limit_subnet_len_ipv6_desc": "Lunghezza prefisso di sottorete per indirizzi IPv6 usati per la limitazione della velocità. Valore predefinito 56",
+    "rate_limit_subnet_len_ipv6_error": "La lunghezza del prefisso di sottorete IPv6 deve essere compresa tra 0 e 128",
+    "form_enter_rate_limit_subnet_len": "Inserisci lunghezza prefisso di sottorete per limitazione velocità",
+    "rate_limit_whitelist": "Lista consentita per limitazione velocità",
+    "rate_limit_whitelist_desc": "Indirizzi IP esclusi dalla limitazione della velocità",
     "rate_limit_whitelist_placeholder": "Inserisci un indirizzo IP per riga",
     "blocking_ipv4_desc": "Indirizzo IP per una richiesta DNS IPv4 bloccata",
     "blocking_ipv6_desc": "Indirizzo IP restituito per una richiesta DNS IPv6 bloccata",
@@ -330,7 +341,7 @@
     "list_label": "Elenco",
     "unknown_filter": "Filtro sconosciuto {{filterId}}",
     "known_tracker": "Tracciatore noto",
-    "install_welcome_title": "Benvenuto nella Home di AdGuard!",
+    "install_welcome_title": "Benvenuto in AdGuard Home!",
     "install_welcome_desc": "AdGuard Home è un server DNS che blocca annunci e tracciatori a livello di rete. Il suo scopo è quello di permetterti il controllo dell'intera rete e di tutti i dispositivi, e non richiede l'utilizzo di un programma lato client.",
     "install_settings_title": "Interfaccia Web dell'Admin",
     "install_settings_listen": "Interfaccia d'ascolto",
@@ -414,6 +425,9 @@
     "encryption_hostnames": "Nomi host",
     "encryption_reset": "Sei sicuro di voler ripristinare le impostazioni di crittografia?",
     "encryption_warning": "Attenzione",
+    "encryption_plain_dns_enable": "Abilita DNS semplice",
+    "encryption_plain_dns_desc": "Il DNS semplice è abilitato per impostazione predefinita. Puoi disabilitarlo per forzare tutti i dispositivi a usare DNS crittografati. Per fare ciò è necessario abilitare almeno un protocollo DNS crittografato",
+    "encryption_plain_dns_error": "Per disabilitare il DNS semplice, abilitare almeno un protocollo DNS crittografato",
     "topline_expiring_certificate": "Il tuo certificato SSL sta per scadere. Aggiorna le<0> Impostazioni di crittografia </ 0>.",
     "topline_expired_certificate": "Il tuo certificato SSL è scaduto. Aggiorna le <0> Impostazioni di crittografia </ 0>.",
     "form_error_port_range": "Immettere il valore della porta nell'intervallo 80-65535",
@@ -432,7 +446,7 @@
     "update_now": "Aggiorna ora",
     "update_failed": "Aggiornamento automatico non riuscito. Ti suggeriamo di <a>seguire questi passaggi</a> per aggiornare manualmente.",
     "manual_update": "Ti invitiamo a <a>seguire questi passaggi</a> per aggiornare manualmente.",
-    "processing_update": "Perfavore aspetta, AdGuard Home si sta aggiornando",
+    "processing_update": "Attendi per favore, AdGuard Home si sta aggiornando",
     "clients_title": "Client persistenti",
     "clients_desc": "Configura le registrazioni dei client persistenti per i dispositivi connessi ad AdGuard Home",
     "settings_global": "Globale",
@@ -453,6 +467,7 @@
     "form_add_id": "Aggiungi identificatore",
     "form_client_name": "Inserisci nome client",
     "name": "Nome",
+    "client_name": "Client {{id}}",
     "client_global_settings": "Utilizza le impostazioni globali",
     "client_deleted": "Client \"{{key}}\" eliminato correttamente",
     "client_added": "Client \"{{key}}\" aggiunto correttamente",
@@ -663,7 +678,7 @@
     "use_saved_key": "Utilizza la chiave salvata in precedenza",
     "parental_control": "Controllo Parentale",
     "safe_browsing": "Navigazione Sicura",
-    "served_from_cache": "{{value}} <i>(fornito dalla cache)</i>",
+    "served_from_cache_label": "Servito dalla cache",
     "form_error_password_length": "La password deve contenere da {{min}} a {{max}} caratteri",
     "anonymizer_notification": "<0>Attenzione:</0> L'anonimizzazione dell'IP è abilitata. Puoi disabilitarla in <1>Impostazioni generali</1>.",
     "confirm_dns_cache_clear": "Sei sicuro di voler cancellare la cache DNS?",
@@ -725,5 +740,8 @@
     "wednesday_short": "Mer",
     "thursday_short": "Gio",
     "friday_short": "Ven",
-    "saturday_short": "Sab"
+    "saturday_short": "Sab",
+    "upstream_dns_cache_configuration": "Configurazione cache DNS upstream",
+    "enable_upstream_dns_cache": "Abilita cache DNS per la configurazione upstream personalizzata del client",
+    "dns_cache_size": "Dimensioni cache DNS (in byte)"
 }

client/src/__locales/ja.json

@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "アップストリームサーバーを保存しました。",
     "dns_test_ok_toast": "指定されたDNSサーバは正しく動作しています",
     "dns_test_not_ok_toast": "サーバ \"{{key}}\": 使用できませんでした。正しく入力されているかどうかを確認してください",
+    "dns_test_parsing_error_toast": "セクション {{section}}: 行 {{line}}: を使用できませんでした。正しく記述されているか確認してください",
     "dns_test_warning_toast": "アップストリーム\"{{key}}\"はテストリクエストに応答せず、正しく動作しない可能性があります。",
     "unblock": "ブロック解除",
     "block": "ブロック",
@@ -243,6 +244,7 @@
     "allow_this_client": "このクライアントを許可する",
     "block_for_this_client_only": "このクライアントに対してのみブロックする",
     "unblock_for_this_client_only": "このクライアントに対してのみブロックを解除する",
+    "add_persistent_client": "永続クライアントとして追加する",
     "time_table_header": "時刻",
     "date": "購入日時",
     "domain_name_table_header": "ドメイン名",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "ホスト名",
     "encryption_reset": "暗号化設定をリセットして良いですか？",
     "encryption_warning": "警告",
+    "encryption_plain_dns_enable": "プレーンDNSを有効にする",
+    "encryption_plain_dns_desc": "プレーンDNSはデフォルトで有効になっています。無効にして、すべてのデバイスに暗号化された DNS の使用を強制適用できます。これを行うには、少なくとも 1 つの暗号化されたDNSプロトコルを有効にする必要があります。",
+    "encryption_plain_dns_error": "プレーンDNSを無効にするには、暗号化DNSプロトコルを少なくとも 1 つ有効にしてください",
     "topline_expiring_certificate": "SSL証明書は期限切れになります。<0>暗号化設定</0>を更新します。",
     "topline_expired_certificate": "SSL証明書は期限切れです。<0>暗号化設定</0>を更新します。",
     "form_error_port_range": "80〜65535 の範囲内でポート番号を入力してください",
@@ -462,6 +467,7 @@
     "form_add_id": "識別子を追加する",
     "form_client_name": "クライアント名を入力してください",
     "name": "名前",
+    "client_name": "クライアント {{id}}",
     "client_global_settings": "グローバル設定を使用する",
     "client_deleted": "クライアント \"{{key}}\" の削除に成功しました",
     "client_added": "クライアント \"{{key}}\" の追加に成功しました",
@@ -672,7 +678,7 @@
     "use_saved_key": "以前に保存したキーを使用する",
     "parental_control": "ペアレンタルコントロール",
     "safe_browsing": "セーフブラウジング",
-    "served_from_cache": "{{value}} <i>(キャッシュから応答)</i>",
+    "served_from_cache_label": "キャッシュからの配信:",
     "form_error_password_length": "パスワードの長さは{{min}}〜{{max}}文字にしてください。",
     "anonymizer_notification": "【<0>注意</0>】IPの匿名化が有効になっています。 <1>一般設定</1>で無効にできます。",
     "confirm_dns_cache_clear": "DNS キャッシュをクリアしてもよろしいですか？",
@@ -734,5 +740,8 @@
     "wednesday_short": "水",
     "thursday_short": "木",
     "friday_short": "金",
-    "saturday_short": "土"
+    "saturday_short": "土",
+    "upstream_dns_cache_configuration": "Upstream DNS cache configuration（アップストリームDNSキャッシュの構成）",
+    "enable_upstream_dns_cache": "このクライアントのカスタムアップストリーム構成に対してDNSキャッシュを有効にする",
+    "dns_cache_size": "DNSキャッシュサイズ（バイト単位）"
 }

client/src/__locales/ko.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "업스트림 DNS 서버가 응답하지 않을 때 사용되는 폴백 DNS 서버 목록입니다. 구문은 위의 기본 업스트림 필드와 동일합니다.",
     "fallback_dns_placeholder": "한 줄에 하나의 폴백 DNS 서버를 입력하세요.",
     "local_ptr_title": "프라이빗 역방향 DNS 서버",
-    "local_ptr_desc": "AdGuard Home이 로컬 PTR 쿼리에 사용하는 DNS 서버입니다. 이러한 서버는 역방향 DNS를 사용하여 개인 IP 주소(예: '192.168.12.34')가 있는 클라이언트의 호스트 이름을 확인하는 데 사용됩니다. 설정되지 않은 경우, AdGuard Home은 AdGuard Home의 주소를 제외하고 운영 체제의 기본 DNS 리졸버의 주소를 사용합니다.",
+    "local_ptr_desc": "AdGuard Home에서 비공개 PTR, SOA 및 NS 요청에 사용하는 DNS 서버입니다. 요청이 비공개 IP 범위 내의 서브넷(예: \"192.168.12.34\")을 포함하는 ARPA 도메인을 요청하고 비공개 IP 주소를 가진 클라이언트로부터 오는 경우 비공개로 간주됩니다. 설정하지 않으면 AdGuard Home IP 주소를 제외한 OS의 기본 DNS 리졸버가 사용됩니다.",
     "local_ptr_default_resolver": "기본적으로 AdGuard Home에서는 {{ip}} 역방향 DNS 서버를 이용합니다.",
     "local_ptr_no_default_resolver": "AdGuard Home에서 이 시스템에 적합한 사설 역방향 프라이빗 DNS 서버를 결정할 수 없습니다.",
     "local_ptr_placeholder": "한 줄에 하나씩 IP 주소를 입력하세요.",
     "resolve_clients_title": "클라이언트 IP 주소에 대한 호스트명 확인 활성화",
     "resolve_clients_desc": "해당 서버에 대한 PTR 쿼리를 통해 클라이언트의 도메인 이름을 정의합니다. (로컬 클라이언트의 경우 프라이빗 DNS 서버, 공용 IP 주소가 있는 클라이언트의 경우 업스트림 서버).",
     "use_private_ptr_resolvers_title": "프라이빗 역방향 DNS 리졸버 사용",
-    "use_private_ptr_resolvers_desc": "업스트림 서버를 사용해 로컬로 제공되는 주소의 역방향 DNS를 조회합니다. 끄는 경우, AdGuard Home은 DHCP, /etc/hosts 등에서 알려진 클라이언트를 제외한 모든 PTR 요청에 NXDOMAIN으로 응답합니다.",
+    "use_private_ptr_resolvers_desc": "사설 업스트림 서버, DHCP, / etc/hosts 등을 통해 사설 IP 주소가 포함된 ARPA 도메인에 대한 PTR, SOA 및 NS 요청을 처리합니다. 비활성화하면 AdGuard Home은 NXDOMAIN을 사용하여 이러한 모든 요청에 응답합니다.",
     "check_dhcp_servers": "DHCP 서버 체크",
     "save_config": "구성 저장",
     "enabled_dhcp": "DHCP 서버 활성화됨",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "업스트림 서버가 성공적으로 저장되었습니다",
     "dns_test_ok_toast": "지정된 DNS 서버가 올바르게 작동하고 있습니다.",
     "dns_test_not_ok_toast": "서버 '{{key}}': 사용할 수 없습니다, 제대로 작성했는지 확인하세요",
+    "dns_test_parsing_error_toast": "섹션 {{section}}: 줄 {{line}}: 사용할 수 없으며, 올바르게 작성했는지 확인하세요.",
     "dns_test_warning_toast": "업스트림 '{{key}}'이(가) 테스트 요청에 응답하지 않으며 제대로 작동하지 않을 수 있습니다",
     "unblock": "차단 해제",
     "block": "차단",
@@ -243,6 +244,7 @@
     "allow_this_client": "클라이언트 허용",
     "block_for_this_client_only": "이 클라이언트에 대해서만 차단",
     "unblock_for_this_client_only": "이 클라이언트에 대해서만 차단 해제",
+    "add_persistent_client": "저장된 클라이언트에 추가",
     "time_table_header": "시간",
     "date": "날짜",
     "domain_name_table_header": "도메인명",
@@ -310,6 +312,15 @@
     "edns_use_custom_ip": "EDNS에 사용자 지정 IP 사용",
     "edns_use_custom_ip_desc": "EDNS에 사용자 지정 IP 사용하도록 허용합니다.",
     "rate_limit_desc": "단일 클라이언트에서 허용 가능한 초 당 요청 생성 숫자 (0: 무제한)",
+    "rate_limit_subnet_len_ipv4": "IPv4 주소의 서브넷 접두사 길이",
+    "rate_limit_subnet_len_ipv4_desc": "속도 제한에 사용되는 IPv4 주소의 서브넷 접두사 길이입니다. 기본값은 24입니다.",
+    "rate_limit_subnet_len_ipv4_error": "IPv4 서브넷 접두사 길이는 0에서 32 사이여야 합니다.",
+    "rate_limit_subnet_len_ipv6": "IPv6 주소의 서브넷 접두사 길이",
+    "rate_limit_subnet_len_ipv6_desc": "속도 제한에 사용되는 IPv6 주소의 서브넷 접두사 길이입니다. 기본값은 56입니다.",
+    "rate_limit_subnet_len_ipv6_error": "IPv6 서브넷 접두사 길이는 0에서 128 사이여야 합니다.",
+    "form_enter_rate_limit_subnet_len": "속도 제한을 위한 서브넷 접두사 길이를 입력하세요",
+    "rate_limit_whitelist": "속도 제한 허용 목록",
+    "rate_limit_whitelist_desc": "속도 제한에서 제외되는 IP 주소",
     "rate_limit_whitelist_placeholder": "한 줄에 하나씩 IP 주소를 입력하세요.",
     "blocking_ipv4_desc": "차단된 A 요청에 대해서 반환할 IP 주소",
     "blocking_ipv6_desc": "차단된 AAAA 요청에 대해서 반환할 IP 주소",
@@ -414,6 +425,9 @@
     "encryption_hostnames": "호스트 이름",
     "encryption_reset": "암호화 설정을 재설정하시겠습니까?",
     "encryption_warning": "주의",
+    "encryption_plain_dns_enable": "평문 DNS 활성화",
+    "encryption_plain_dns_desc": "평문 DNS가 기본으로 설정되어 있습니다. 비활성화해서 모든 기기가 암호화된 DNS를 사용하도록 할 수 있습니다. 그러려면 암호화된 DNS 프로토콜을 하나 이상 활성화해야 합니다.",
+    "encryption_plain_dns_error": "평문 DNS를 비활성화하려면, 암호화된 DNS 프로토콜을 하나 이상 활성화하세요",
     "topline_expiring_certificate": "SSL 인증서가 곧 만료됩니다. 업데이트<0> 암호화 설정</0>.",
     "topline_expired_certificate": "SSL 인증서가 만료되었습니다. 업데이트<0> 암호화 설정</0>.",
     "form_error_port_range": "80-65535 범위의 포트 번호를 입력하세요",
@@ -453,6 +467,7 @@
     "form_add_id": "식별자 추가",
     "form_client_name": "클라이언트 이름 입력",
     "name": "이름",
+    "client_name": "클라이언트 {{id}}",
     "client_global_settings": "글로벌 설정 사용",
     "client_deleted": "클라이언트 '{{key}}'이(가) 정상적으로 삭제되었습니다",
     "client_added": "클라이언트 '{{key}}'이(가) 정상적으로 추가되었습니다",
@@ -663,7 +678,7 @@
     "use_saved_key": "이전에 저장했던 키 사용하기",
     "parental_control": "자녀 보호",
     "safe_browsing": "세이프 브라우징",
-    "served_from_cache": "{{value}} <i>(캐시에서 제공)</i>",
+    "served_from_cache_label": "캐시에서 가져옴",
     "form_error_password_length": "비밀번호는 {{min}}~{{max}}자 길이여야 합니다.",
     "anonymizer_notification": "<0>참고:</0> IP 익명화가 활성화되었습니다. <1>일반 설정</1>에서 비활성화할 수 있습니다.",
     "confirm_dns_cache_clear": "정말로 DNS 캐시를 지우시겠습니까?",
@@ -725,5 +740,8 @@
     "wednesday_short": "수",
     "thursday_short": "목",
     "friday_short": "금",
-    "saturday_short": "토"
+    "saturday_short": "토",
+    "upstream_dns_cache_configuration": "업스트림 DNS 캐시 설정",
+    "enable_upstream_dns_cache": "이 클라이언트의 사용자 지정 업스트림 설정에서 DNS 캐싱 사용",
+    "dns_cache_size": "DNS 캐시 크기(바이트)"
 }

client/src/__locales/nl.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "Lijst met DNS-back-up-noodservers die worden gebruikt wanneer upstream DNS-servers niet reageren. De syntaxis is hetzelfde als in het veld hoofdstroomopwaarts hierboven.",
     "fallback_dns_placeholder": "Voer één DNS-back-upserver per regel in",
     "local_ptr_title": "Private omgekeerde DNS-servers",
-    "local_ptr_desc": "De DNS-servers die AdGuard Home gebruikt voor lokale PTR-zoekopdrachten. Deze servers worden gebruikt om PTR-verzoeken voor adressen in privé-IP-bereiken op te lossen, bijvoorbeeld \"192.168.12.34\", met behulp van reverse DNS. Indien niet ingesteld, gebruikt AdGuard Home de adressen van de standaard DNS-resolvers van uw besturingssysteem, behalve de adressen van AdGuard Home zelf.",
+    "local_ptr_desc": "DNS-servers die door AdGuard Home worden gebruikt voor privé PTR-, SOA- en NS-verzoeken. Een verzoek wordt als privé beschouwd als het vraagt om een ARPA-domein dat een subnet binnen privé-IP-bereiken bevat (zoals \"192.168.12.34\") en afkomstig is van een client met een privé-IP-adres. Indien niet ingesteld, zullen de standaard DNS-resolvers van je besturingssysteem worden gebruikt, behalve de AdGuard Home IP-adressen.",
     "local_ptr_default_resolver": "Standaard gebruikt AdGuard Home de volgende omgekeerde DNS-resolvers: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home kon voor dit systeem geen geschikte private omgekeerde DNS-resolvers bepalen.",
     "local_ptr_placeholder": "Voer één IP-adres per regel in",
     "resolve_clients_title": "Omzetten van hostnamen van clients inschakelen",
     "resolve_clients_desc": "Indien ingeschakeld, zal AdGuard Home proberen om IP-adressen van apparaten te converteren in hun hostnamen door PTR-verzoeken te sturen naar overeenkomstige resolvers (privé-DNS-servers voor lokale apparaten, upstream-server voor apparaten met een openbaar IP-adres).",
     "use_private_ptr_resolvers_title": "Private omgekeerde DNS-resolvers gebruiken",
-    "use_private_ptr_resolvers_desc": "Omgekeerde DNS opzoekingen uitvoeren voor locale adressen door deze upstream servers te gebruiken. Indien uitgeschakeld, reageert AdGuard Home met NXDOMAIN op al dergelijke PTR-verzoeken, uitgezonderd voor apparaten gekend van DHCP, /etc/hosts, enz.",
+    "use_private_ptr_resolvers_desc": "PTR-, SOA- en NS-verzoeken voor ARPA-domeinen die privé-IP-adressen bevatten oplossen via privé-upstreamservers, DHCP, /etc/hosts, enz. Indien uitgeschakeld, zal AdGuard Home op al dergelijke verzoeken reageren met NXDOMAIN.",
     "check_dhcp_servers": "Zoek achter DHCP servers",
     "save_config": "Configuratie opslaan",
     "enabled_dhcp": "DHCP server inschakelen",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Upstream-servers succesvol opgeslagen",
     "dns_test_ok_toast": "Opgegeven DNS-servers werken correct",
     "dns_test_not_ok_toast": "Server \"{{key}}\": kon niet worden gebruikt, controleer of je het correct hebt geschreven",
+    "dns_test_parsing_error_toast": "Sectie {{section}}: regel {{line}}: kan niet worden gebruikt. Controleer of je het correct hebt geschreven",
     "dns_test_warning_toast": "Upstream \"{{key}}\" reageert niet op testverzoeken en werkt mogelijk niet goed",
     "unblock": "Deblokkeren",
     "block": "Blokkeren",
@@ -243,6 +244,7 @@
     "allow_this_client": "Toepassing/systeem toelaten",
     "block_for_this_client_only": "Alleen voor deze cliënt blokkeren",
     "unblock_for_this_client_only": "Alleen voor deze cliënt deblokkeren",
+    "add_persistent_client": "Toevoegen als permanente client",
     "time_table_header": "Tijd",
     "date": "Datum",
     "domain_name_table_header": "Domein naam",
@@ -252,8 +254,8 @@
     "response_code": "Reactiecode",
     "client_table_header": "Gebruiker",
     "empty_response_status": "Leeg",
-    "show_all_filter_type": "Toon alles",
-    "show_filtered_type": "Toon gefilterde",
+    "show_all_filter_type": "Alles weergeven",
+    "show_filtered_type": "Gefilterde weergeven",
     "no_logs_found": "Geen logboeken gevonden",
     "refresh_btn": "Verversen",
     "previous_btn": "Vorige",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Hostnamen",
     "encryption_reset": "Ben je zeker dat je de encryptie instellingen wil resetten?",
     "encryption_warning": "Waarschuwing",
+    "encryption_plain_dns_enable": "Gewone DNS inschakelen",
+    "encryption_plain_dns_desc": "Gewone DNS is standaard ingeschakeld. Je kunt het uitschakelen om alle apparaten te dwingen versleutelde DNS te gebruiken. Om dit te doen, moet je ten minste één versleuteld DNS-protocol inschakelen",
+    "encryption_plain_dns_error": "Als je gewone DNS wilt uitschakelen, schakel je ten minste één versleuteld DNS-protocol in",
     "topline_expiring_certificate": "Jouw SSL-certificaat vervalt binnenkort. Werk de <0>encryptie-instellingen</0> bij.",
     "topline_expired_certificate": "Jouw SSL-certificaat is vervallen. Werk de <0>encryptie-instellingen</0> bij.",
     "form_error_port_range": "Poortnummer invoeren tussen 80 en 65535",
@@ -462,6 +467,7 @@
     "form_add_id": "ID toevoegen",
     "form_client_name": "Vul gebruikersnaam in",
     "name": "Naam",
+    "client_name": "Client {{id}}",
     "client_global_settings": "Gebruik globale instelling",
     "client_deleted": "Gebruiker \"{{key}}\" met succes verwijderd",
     "client_added": "Gebruiker \"{{key}}\" met succes toegevoegd",
@@ -526,7 +532,7 @@
     "blocked_services_global": "Gebruik algemeen geblokkeerde services",
     "blocked_service": "Geblokkeerde service",
     "block_all": "Blokkeer alles",
-    "unblock_all": "Deblokkeer alles",
+    "unblock_all": "Alles deblokkeren",
     "encryption_certificate_path": "Certificaat pad",
     "encryption_private_key_path": "Privé sleutel pad",
     "encryption_certificates_source_path": "Certificaten bestandspad instellen",
@@ -672,7 +678,7 @@
     "use_saved_key": "De eerder opgeslagen sleutel gebruiken",
     "parental_control": "Ouderlijk toezicht",
     "safe_browsing": "Veilig browsen",
-    "served_from_cache": "{{value}} <i>(geleverd vanuit cache)</i>",
+    "served_from_cache_label": "Geleverd vanuit cache",
     "form_error_password_length": "Wachtwoord moet {{min}} tot {{max}} tekens lang zijn",
     "anonymizer_notification": "<0>Opmerking:</0> IP-anonimisering is ingeschakeld. Je kunt het uitschakelen in <1>Algemene instellingen</1>.",
     "confirm_dns_cache_clear": "Weet je zeker dat je de DNS-cache wilt wissen?",
@@ -734,5 +740,8 @@
     "wednesday_short": "wo",
     "thursday_short": "do",
     "friday_short": "vr",
-    "saturday_short": "za"
+    "saturday_short": "za",
+    "upstream_dns_cache_configuration": "Upstream DNS-cacheconfiguratie",
+    "enable_upstream_dns_cache": "DNS-caching inschakelen voor de aangepaste upstream-configuratie van deze client",
+    "dns_cache_size": "DNS-cachegrootte, in bytes"
 }

client/src/__locales/no.json

@@ -212,6 +212,7 @@
     "updated_upstream_dns_toast": "Oppdaterte oppstrøms-DNS-tjenerne",
     "dns_test_ok_toast": "De spesifiserte DNS-tjenerne fungerer riktig",
     "dns_test_not_ok_toast": "Tjeneren «{{key}}» kunne ikke brukes, vennligst dobbeltsjekk at du har skrevet den riktig",
+    "dns_test_parsing_error_toast": "Seksjon {{section}}: linje {{line}}: kunne ikke brukes, vennligst sjekk at du har skrevet det riktig",
     "unblock": "Tillat",
     "block": "Blokker",
     "disallow_this_client": "Ikke tillat denne klienten",

client/src/__locales/pl.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "Lista rezerwowych serwerów DNS używanych, gdy nadrzędne serwery DNS nie odpowiadają. Składnia jest taka sama jak w głównym polu powyżej.",
     "fallback_dns_placeholder": "Wprowadź jeden rezerwowy serwer DNS w każdym wierszu",
     "local_ptr_title": "Prywatne odwrotne serwery DNS",
-    "local_ptr_desc": "Serwery DNS, których AdGuard Home używa do lokalnych zapytań PTR. Serwery te są używane do rozpoznawania nazw hostów klientów z prywatnymi adresami IP, na przykład „192.168.12.34”, przy użyciu odwrotnego DNS. Jeśli nie jest ustawiona, AdGuard Home używa adresów domyślnych resolwerów DNS systemu operacyjnego, z wyjątkiem adresów samego AdGuard Home.",
+    "local_ptr_desc": "Serwery DNS używane przez AdGuard Home do prywatnych żądań PTR, SOA i NS. Żądanie jest uważane za prywatne, jeśli prosi o domenę ARPA zawierającą podsieć w prywatnym zakresie adresów IP (np. „192.168.12.34”) i pochodzi od klienta z prywatnym adresem IP. Jeśli nie zostanie ustawione, zostaną użyte domyślne programy rozpoznawania nazw DNS Twojego systemu operacyjnego, z wyjątkiem domowych adresów IP AdGuard.",
     "local_ptr_default_resolver": "Domyślnie AdGuard Home używa następujących odwrotnych resolwerów DNS: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home nie mógł określić odpowiednich prywatnych resolwerów DNS dla tego systemu.",
     "local_ptr_placeholder": "Wprowadź po jednym adresie IP w każdym wierszu",
     "resolve_clients_title": "Włącz odwrotne rozpoznawanie adresów IP klientów",
     "resolve_clients_desc": "Odwróć adresy IP klientów na ich nazwy hostów, wysyłając zapytania PTR do odpowiednich programów tłumaczących (prywatne serwery DNS dla klientów lokalnych, serwery nadrzędne dla klientów z publicznymi adresami IP).",
     "use_private_ptr_resolvers_title": "Użyj prywatnych odwrotnych resolwerów DNS",
-    "use_private_ptr_resolvers_desc": "Wykonuj odwrotne wyszukiwania DNS dla adresów obsługiwanych lokalnie przy użyciu tych serwerów nadrzędnych. Po wyłączeniu AdGuard Home odpowiada za pomocą NXDOMAIN na wszystkie takie żądania PTR, z wyjątkiem klientów znanych z DHCP, /etc/hosts i tak dalej.",
+    "use_private_ptr_resolvers_desc": "Rozwiązuj żądania PTR, SOA i NS dla domen ARPA zawierających prywatne adresy IP za pośrednictwem prywatnych serwerów nadrzędnych, DHCP, /etc/hosts itp. Jeśli ta opcja jest wyłączona, AdGuard Home będzie odpowiadać na wszystkie takie żądania za pomocą NXDOMAIN.",
     "check_dhcp_servers": "Sprawdź serwery DHCP",
     "save_config": "Zapisz konfigurację",
     "enabled_dhcp": "Serwer DHCP włączony",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Serwery nadrzędne zostały pomyślnie zapisane",
     "dns_test_ok_toast": "Określone serwery DNS działają poprawnie",
     "dns_test_not_ok_toast": "Serwer \"{{key}}\": nie może być użyte, sprawdź, czy zapisano go poprawnie",
+    "dns_test_parsing_error_toast": "Sekcja {{section}}: linia {{line}}: nie może być użyte, sprawdź, czy zapisano go poprawnie",
     "dns_test_warning_toast": "Upstream \"{{key}}\" nie odpowiada na zapytania testowe i może nie działać prawidłowo",
     "unblock": "Odblokuj",
     "block": "Zablokuj",
@@ -243,6 +244,7 @@
     "allow_this_client": "Pozwól temu klientowi",
     "block_for_this_client_only": "Zablokuj tylko tego klienta",
     "unblock_for_this_client_only": "Odblokuj tylko tego klienta",
+    "add_persistent_client": "Dodaj do zapisanych klientów",
     "time_table_header": "Czas",
     "date": "Data",
     "domain_name_table_header": "Nazwa domeny",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Nazwy hostów",
     "encryption_reset": "Czy na pewno chcesz zresetować ustawienia szyfrowania?",
     "encryption_warning": "Ostrzeżenie",
+    "encryption_plain_dns_enable": "Włącz zwykły DNS",
+    "encryption_plain_dns_desc": "Zwykły DNS jest domyślnie włączony. Możesz go wyłączyć, aby zmusić wszystkie urządzenia do korzystania z szyfrowanego DNS. Aby to zrobić, musisz włączyć co najmniej jeden szyfrowany protokół DNS",
+    "encryption_plain_dns_error": "Aby wyłączyć zwykły DNS, włącz co najmniej jeden szyfrowany protokół DNS",
     "topline_expiring_certificate": "Twój certyfikat SSL wkrótce wygaśnie. Zaktualizuj <0>Ustawienia szyfrowania</0>.",
     "topline_expired_certificate": "Twój certyfikat SSL wygasł. Zaktualizuj <0>Ustawienia szyfrowania</0>.",
     "form_error_port_range": "Wpisz numer portu z zakresu 80-65535",
@@ -462,6 +467,7 @@
     "form_add_id": "Dodaj identyfikator",
     "form_client_name": "Wpisz nazwę klienta",
     "name": "Nazwa",
+    "client_name": "Klient {{id}}",
     "client_global_settings": "Użyj ustawień globalnych",
     "client_deleted": "Klient \"{{key}}\" został pomyślnie usunięty",
     "client_added": "Klient \"{{key}}\" został pomyślnie dodany",
@@ -672,7 +678,7 @@
     "use_saved_key": "Użyj wcześniej zapisanego klucza",
     "parental_control": "Kontrola rodzicielska",
     "safe_browsing": "Bezpieczne przeglądanie",
-    "served_from_cache": "{{value}} <i>(podawane z pamięci podręcznej)</i>",
+    "served_from_cache_label": "Podano z pamięci podręcznej",
     "form_error_password_length": "Hasło musi zawierać od {{min}} do {{max}} znaków",
     "anonymizer_notification": "<0>Uwaga:</0> Anonimizacja IP jest włączona. Możesz ją wyłączyć w <1>Ustawieniach ogólnych</1>.",
     "confirm_dns_cache_clear": "Czy na pewno chcesz wyczyścić pamięć podręczną DNS?",
@@ -734,5 +740,8 @@
     "wednesday_short": "Śro",
     "thursday_short": "Czw",
     "friday_short": "Pt",
-    "saturday_short": "Sob"
+    "saturday_short": "Sob",
+    "upstream_dns_cache_configuration": "Konfiguracja pamięci podręcznej upstream serwerów DNS",
+    "enable_upstream_dns_cache": "Włącz pamięć podręczną dla niestandardowej konfiguracji serwera upstream tego klienta",
+    "dns_cache_size": "Rozmiar pamięci podręcznej DNS, w bajtach"
 }

client/src/__locales/pt-br.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "Lista de servidores DNS Fallback usados quando os servidores DNS primários não estão respondendo. A sintaxe é a mesma dos campos de servidores principais na seção acima.",
     "fallback_dns_placeholder": "Insira um servidor DNS fallback por linha",
     "local_ptr_title": "Servidores DNS reversos privados",
-    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usa para consultas PTR locais. Esses servidores são usados para resolver solicitações de PTR para endereços em intervalos de IP privados, por exemplo \"192.168.12.34\", usando DNS reverso. Se não estiver definido, o AdGuard Home usa os endereços dos resolvedores de DNS padrão do seu sistema operacional, exceto os endereços do próprio AdGuard Home.",
+    "local_ptr_desc": "Os servidores DNS que o AdGuard Home utiliza para consultas privadas de PTR, SOA e NS. A solicitação é considerada privada se solicitar um domínio ARPA contendo uma sub-rede dentro de intervalos de IP privados, por exemplo \"192.168.12.34\", e vier de um cliente com endereço privado. Se não for definido, o AdGuard Home usará os endereços dos resolvedores DNS padrão do seu sistema operacional, exceto os endereços do próprio AdGuard Home.",
     "local_ptr_default_resolver": "Por padrão, o AdGuard Home usa os seguintes resolvedores de DNS reverso: {{ip}}.",
     "local_ptr_no_default_resolver": "A página inicial do AdGuard não conseguiu determinar resolvedores DNS reversos privados adequados para este sistema.",
     "local_ptr_placeholder": "Insira um endereço IP por linha",
     "resolve_clients_title": "Ativar resolução reversa de endereços IP de clientes",
     "resolve_clients_desc": "Resolva reversamente os endereços IP dos clientes em seus nomes de host, enviando consultas PTR aos resolvedores correspondentes (servidores DNS privados para clientes locais, servidores upstream para clientes com endereços IP públicos).",
     "use_private_ptr_resolvers_title": "Usar resolvedores DNS reversos privados",
-    "use_private_ptr_resolvers_desc": "Execute pesquisas reversas de DNS para endereços servidos localmente usando esses servidores DNS primário. Se desativado, o AdGuard Home responde com NXDOMAIN a todas essas solicitações PTR, exceto para clientes conhecidos de DHCP, /etc/hosts e assim por diante.",
+    "use_private_ptr_resolvers_desc": "Resolver solicitações PTR, SOA e NS para domínios ARPA contendo endereços privados usando servidores upstream privados, DHCP, /etc/hosts e assim por diante. Se desativado, o AdGuard Home responde a todas essas consultas com NXDOMAIN.",
     "check_dhcp_servers": "Verificar por servidores DHCP",
     "save_config": "Salvar configuração",
     "enabled_dhcp": "Servidor DHCP ativado",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Servidores DNS primário salvos com sucesso",
     "dns_test_ok_toast": "Os servidores DNS especificados estão funcionando corretamente",
     "dns_test_not_ok_toast": "O servidor \"{{key}}\": não pôde ser utilizado. Por favor, verifique se você escreveu corretamente",
+    "dns_test_parsing_error_toast": "A seção {{section}}: linha {{line}}: não pôde ser usada. Verifique se foi escrita corretamente",
     "dns_test_warning_toast": "Servidor DNS primário \"{{key}}\" não responde aos Solicitações de teste e pode não funcionar corretamente",
     "unblock": "Desbloquear",
     "block": "Bloquear",
@@ -243,6 +244,7 @@
     "allow_this_client": "Permitir este cliente",
     "block_for_this_client_only": "Bloquear apenas para este cliente",
     "unblock_for_this_client_only": "Desbloquear apenas para este cliente",
+    "add_persistent_client": "Adicionar como cliente persistente",
     "time_table_header": "Data",
     "date": "Data",
     "domain_name_table_header": "Nome de domínio",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Nomes dos servidores",
     "encryption_reset": "Você tem certeza de que deseja redefinir a configuração de criptografia?",
     "encryption_warning": "Aviso",
+    "encryption_plain_dns_enable": "Ativar DNS simples (sem criptografia)",
+    "encryption_plain_dns_desc": "O DNS simples (sem criptografia) está ativado por padrão. Você pode desativá-lo para forçar todos os dispositivos a usar DNS criptografado. Para fazer isso, você deve ativar pelo menos um protocolo DNS criptografado",
+    "encryption_plain_dns_error": "Para desativar o DNS simples, ative pelo menos um protocolo DNS criptografado",
     "topline_expiring_certificate": "Seu certificado SSL está prestes a expirar. Atualize suas <0>configurações de criptografia</]0>",
     "topline_expired_certificate": "Seu certificado SSL está expirado. Atualize suas <0>configurações de criptografia</0>",
     "form_error_port_range": "Digite um número de porta entre 80 e 65535",
@@ -462,6 +467,7 @@
     "form_add_id": "Adicionar identificador",
     "form_client_name": "Digite o nome do cliente",
     "name": "Nome",
+    "client_name": "Cliente {{id}}",
     "client_global_settings": "Usar configurações global",
     "client_deleted": "Cliente \"{{key}}\" excluído com sucesso",
     "client_added": "Cliente \"{{key}}\" adicionado com sucesso",
@@ -672,7 +678,7 @@
     "use_saved_key": "Use a chave salva anteriormente",
     "parental_control": "Controle parental",
     "safe_browsing": "Navegação segura",
-    "served_from_cache": "{{value}} <i>(servido do cache)</i>",
+    "served_from_cache_label": "Servido a partir do cache",
     "form_error_password_length": "A senha deve ter entre {{min}} e {{max}} caracteres",
     "anonymizer_notification": "<0>Observação:</0> A anonimização de IP está ativada. Você pode desativá-lo em <1>Configurações gerais</1>.",
     "confirm_dns_cache_clear": "Tem certeza de que deseja limpar o cache DNS?",
@@ -734,5 +740,8 @@
     "wednesday_short": "Quar",
     "thursday_short": "Qui",
     "friday_short": "Sex",
-    "saturday_short": "Sab"
+    "saturday_short": "Sab",
+    "upstream_dns_cache_configuration": "Configuração do cache de DNS upstream",
+    "enable_upstream_dns_cache": "Ativar o armazenamento em cache do DNS para a configuração de upstream personalizada deste cliente",
+    "dns_cache_size": "Tamanho do cache do DNS, em bytes"
 }

client/src/__locales/pt-pt.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "Lista de servidores DNS de fallback usados quando os servidores DNS upstream não estão respondendo. A sintaxe é a mesma do campo principal de upstreams acima.",
     "fallback_dns_placeholder": "Insira um servidor DNS de fallback por linha",
     "local_ptr_title": "Servidores DNS reversos privados",
-    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usa para consultas PTR locais. Esses servidores são usados para resolver solicitações de PTR para endereços em intervalos de IP privados, por exemplo \"192.168.12.34\", usando DNS reverso. Se não estiver definido, o AdGuard Home usa os endereços dos resolvedores de DNS padrão do seu sistema operacional, exceto os endereços do próprio AdGuard Home.",
+    "local_ptr_desc": "Os servidores DNS que o AdGuard Home utiliza para consultas privadas de PTR, SOA e NS. A solicitação é considerada privada se solicitar um domínio ARPA contendo uma sub-rede dentro de intervalos de IP privados, por exemplo \"192.168.12.34\", e vier de um cliente com endereço privado. Se não for definido, o AdGuard Home usará os endereços dos resolvedores DNS padrão do seu sistema operacional, exceto os endereços do próprio AdGuard Home.",
     "local_ptr_default_resolver": "Por predefinição, o AdGuard Home usa os seguintes resolvedores de DNS reverso: {{ip}}.",
     "local_ptr_no_default_resolver": "A página inicial do AdGuard não conseguiu determinar resolvedores DNS reversos privados adequados para este sistema.",
     "local_ptr_placeholder": "Insira um endereço IP por linha",
     "resolve_clients_title": "Ativar resolução reversa de endereços IP de clientes",
     "resolve_clients_desc": "Resolva reversamente os endereços IP dos clientes em seus nomes de host, enviando consultas PTR aos resolvedores correspondentes (servidores DNS privados para clientes locais, servidores upstream para clientes com endereços IP públicos).",
     "use_private_ptr_resolvers_title": "Usar resolvedores DNS reversos privados",
-    "use_private_ptr_resolvers_desc": "Execute pesquisas reversas de DNS para endereços servidos localmente usando esses servidores DNS primário. Se desativado, o AdGuard Home responde com NXDOMAIN a todas essas solicitações PTR, exceto para clientes conhecidos de DHCP, /etc/hosts e assim por diante.",
+    "use_private_ptr_resolvers_desc": "Resolver solicitações PTR, SOA e NS para domínios ARPA contendo endereços privados usando servidores upstream privados, DHCP, /etc/hosts e assim por diante. Se desativado, o AdGuard Home responde a todas essas consultas com NXDOMAIN.",
     "check_dhcp_servers": "Verificar por servidores DHCP",
     "save_config": "Guardar definição",
     "enabled_dhcp": "Servidor DHCP ativado",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Servidores DNS primário guardados com sucesso",
     "dns_test_ok_toast": "Os servidores DNS especificados estão a funcionar corretamente",
     "dns_test_not_ok_toast": "O servidor \"{{key}}\": não pôde ser utilizado. Por favor, verifique se o escreveu corretamente",
+    "dns_test_parsing_error_toast": "A seção {{section}}: linha {{line}}: não pôde ser usada. Verifique se foi escrita corretamente",
     "dns_test_warning_toast": "Servidor DNS primário \"{{key}}\" não responde aos solicitações de teste e pode não funcionar corretamente",
     "unblock": "Desbloquear",
     "block": "Bloquear",
@@ -243,6 +244,7 @@
     "allow_this_client": "Permitir este cliente",
     "block_for_this_client_only": "Bloquear apenas para este cliente",
     "unblock_for_this_client_only": "Desbloquear apenas para este cliente",
+    "add_persistent_client": "Adicionar como cliente persistente",
     "time_table_header": "Data",
     "date": "Data",
     "domain_name_table_header": "Nome do domínio",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Nomes dos servidores",
     "encryption_reset": "Tem a certeza de que deseja repor a definição de criptografia?",
     "encryption_warning": "Cuidado",
+    "encryption_plain_dns_enable": "Habilitar DNS simples (sem criptografia)",
+    "encryption_plain_dns_desc": "O DNS simples (sem criptografia) está ativado por padrão. Pode desativá-lo para forçar todos os dispositivos a usar DNS criptografado. Para isso, deve ativar pelo menos um protocolo DNS criptografado",
+    "encryption_plain_dns_error": "Para desabilitar o DNS simples, habilite pelo menos um protocolo DNS criptografado",
     "topline_expiring_certificate": "O seu certificado SSL está prestes a expirar. Atualize as suas <0>definições de criptografia</0>.",
     "topline_expired_certificate": "O seu certificado SSL está expirado. Atualize as suas <0>definições de criptografia</0>.",
     "form_error_port_range": "Digite um numero de porta entre 80 e 65535",
@@ -462,6 +467,7 @@
     "form_add_id": "Adicionar identificador",
     "form_client_name": "Insira o nome do cliente",
     "name": "Nome",
+    "client_name": "Cliente {{id}}",
     "client_global_settings": "Usar definições globais",
     "client_deleted": "Cliente \"{{key}}\" excluído com sucesso",
     "client_added": "Cliente \"{{key}}\" adicionado com sucesso",
@@ -672,7 +678,7 @@
     "use_saved_key": "Use a chave guardada anteriormente",
     "parental_control": "Controlo parental",
     "safe_browsing": "Navegação segura",
-    "served_from_cache": "{{value}} <i>(servido do cache)</i>",
+    "served_from_cache_label": "Servido a partir do cache",
     "form_error_password_length": "A palavra-passe deve ter {{min}} a {{max}} caracteres",
     "anonymizer_notification": "<0>Observação:</0> A anonimização de IP está ativada. Você pode desativá-la em <1>Definições gerais</1>.",
     "confirm_dns_cache_clear": "Tem certeza de que quer limpar a cache DNS?",
@@ -734,5 +740,8 @@
     "wednesday_short": "Quarta",
     "thursday_short": "Quinta",
     "friday_short": "Sexta",
-    "saturday_short": "Sábado"
+    "saturday_short": "Sábado",
+    "upstream_dns_cache_configuration": "Configuração da cache do DNS upstream",
+    "enable_upstream_dns_cache": "Ativar o armazenamento em cache do DNS para a configuração de upstream personalizada deste cliente",
+    "dns_cache_size": "Tamanho da cache DNS, em bytes"
 }

client/src/__locales/ro.json

@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Serverele din amonte au fost salvate cu succes",
     "dns_test_ok_toast": "Serverele DNS specificate funcționează corect",
     "dns_test_not_ok_toast": "Serverul \"{{key}}\": nu a putut fi utilizat, verificați dacă l-ați scris corect",
+    "dns_test_parsing_error_toast": "Secțiune {{section}}: linie {{line}}: nu a putut fi folosit, vă rugăm să verificați dacă l-ați scris corect",
     "dns_test_warning_toast": "„{{key}}” în amonte nu răspunde la solicitările de testare și s-ar putea să nu funcționeze corect",
     "unblock": "Deblocați",
     "block": "Blocați",
@@ -243,6 +244,7 @@
     "allow_this_client": "Permiteți acest client",
     "block_for_this_client_only": "Blocați numai pentru acest client",
     "unblock_for_this_client_only": "Deblocați numai pentru acest client",
+    "add_persistent_client": "Adăugați ca client persistent",
     "time_table_header": "Ora",
     "date": "Data",
     "domain_name_table_header": "Nume domeniu",
@@ -310,6 +312,15 @@
     "edns_use_custom_ip": "Utilizați IP personalizat pentru EDNS",
     "edns_use_custom_ip_desc": "Permiteți utilizarea IP-ului personalizat pentru EDNS",
     "rate_limit_desc": "Numărul de interogări pe secundă permise pe client. Setarea la 0 înseamnă că nu există limită.",
+    "rate_limit_subnet_len_ipv4": "Lungimea prefixului de subrețea pentru adrese IPv4",
+    "rate_limit_subnet_len_ipv4_desc": "Lungimea prefixului de subrețea pentru adresele IPv4 utilizate pentru limitarea ratei. Valoarea implicită este 24",
+    "rate_limit_subnet_len_ipv4_error": "Lungimea prefixului de subrețea IPv4 ar trebui să fie între 0 și 32",
+    "rate_limit_subnet_len_ipv6": "Lungimea prefixului de subrețea pentru adrese IPv6",
+    "rate_limit_subnet_len_ipv6_desc": "Lungimea prefixului de subrețea pentru adresele IPv6 utilizate pentru limitarea ratei. Valoarea implicită este 56",
+    "rate_limit_subnet_len_ipv6_error": "Lungimea prefixului de subrețea IPv6 ar trebui să fie între 0 și 128",
+    "form_enter_rate_limit_subnet_len": "Introduceți lungimea prefixului de subrețea pentru limitarea ratei",
+    "rate_limit_whitelist": "Lista permisă pentru limitarea ratei",
+    "rate_limit_whitelist_desc": "Adresele IP excluse de la limitarea ratei",
     "rate_limit_whitelist_placeholder": "Introduceți o adresă IP per linie",
     "blocking_ipv4_desc": "Adresa IP de returnat pentru o cerere A de blocare",
     "blocking_ipv6_desc": "Adresa IP de returnat pentru o cerere AAAA de blocare",
@@ -453,6 +464,7 @@
     "form_add_id": "Adăugați identificator",
     "form_client_name": "Introduceți nume client",
     "name": "Nume",
+    "client_name": "Client {{id}}",
     "client_global_settings": "Folosiți setări globale",
     "client_deleted": "Clientul \"{{key}}\" a fost șters cu succes",
     "client_added": "Clientul \"{{key}}\" a fost adăugat cu succes",
@@ -725,5 +737,8 @@
     "wednesday_short": "mi",
     "thursday_short": "jo",
     "friday_short": "vi",
-    "saturday_short": "sa"
+    "saturday_short": "sa",
+    "upstream_dns_cache_configuration": "Configurarea cache-ului DNS în amonte",
+    "enable_upstream_dns_cache": "Activați memoria cache DNS pentru configurația personalizată în amonte a acestui client",
+    "dns_cache_size": "Dimensiunea cache-ului DNS, în octeți"
 }

client/src/__locales/ru.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "Список резервных DNS-серверов, используемых в тех случаях, когда вышестоящие DNS-серверы недоступны. Синтаксис такой же, как и в поле Upstream DNS-серверы выше.",
     "fallback_dns_placeholder": "Введите один резервный DNS-сервер в каждой строке",
     "local_ptr_title": "Приватные серверы для обратного DNS",
-    "local_ptr_desc": "DNS-серверы, которые AdGuard Home использует для локальных PTR-запросов. Эти серверы используются, чтобы получить доменные имена клиентов с приватными IP-адресами, например «192.168.12.34», с помощью обратного DNS. Если список пуст, AdGuard Home использует DNS-серверы по умолчанию вашей ОС.",
+    "local_ptr_desc": "DNS-серверы, которые AdGuard Home использует для локальных PTR, SOA и NS-запросов. Запрос считается локальным, если он запрашивает информацию об ARPA-домене, подсеть которого в локальном IP-диапазоне (например, «192.168.12.34»), и если при этом запрос пришел от клиента с локальным адресом. Если значение не установлено, AdGuard Home использует адреса DNS-серверы по умолчанию в вашей ОС, за исключением адресов самого AdGuard Home.",
     "local_ptr_default_resolver": "По умолчанию AdGuard Home использует следующие обратные DNS-резолверы: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home не смог определить подходящие приватные обратные DNS-резолверы для этой системы.",
     "local_ptr_placeholder": "Введите по одному адресу на строчку",
     "resolve_clients_title": "Включить запрашивание доменных имён для IP-адресов клиентов",
     "resolve_clients_desc": "Определять доменные имена клиентов через PTR-запросы к соответствующим серверам (приватные DNS-серверы для локальных клиентов, upstream-серверы для клиентов с публичным IP-адресом).",
     "use_private_ptr_resolvers_title": "Использовать приватные обратные DNS-резолверы",
-    "use_private_ptr_resolvers_desc": "Посылать обратные DNS-запросы для локально обслуживаемых адресов на указанные серверы. Если отключено, AdGuard Home будет отвечать NXDOMAIN на все подобные PTR-запросы, кроме запросов о клиентах, уже известных по DHCP, /etc/hosts и так далее.",
+    "use_private_ptr_resolvers_desc": "Посылать PTR, SOA и NS-запросы для ARPA-доменов, содержащих локальные адреса, с помощью указанных upstream-серверов, DHCP, /etc/hosts и так далее. Если отключено, AdGuard Home отвечает NXDOMAIN на все подобные запросы.",
     "check_dhcp_servers": "Проверить DHCP-серверы",
     "save_config": "Сохранить конфигурацию",
     "enabled_dhcp": "DHCP-сервер включён",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "DNS-серверы успешно обновлены",
     "dns_test_ok_toast": "Указанные серверы DNS работают корректно",
     "dns_test_not_ok_toast": "Сервер «{{key}}»: невозможно использовать, проверьте правильность написания",
+    "dns_test_parsing_error_toast": "Раздел {{section}}: строка {{line}}: невозможно использовать, проверьте правильность написания",
     "dns_test_warning_toast": "Upstream «{{key}}» не отвечает на тестовые запросы и может работать некорректно",
     "unblock": "Разблокировать",
     "block": "Заблокировать",
@@ -243,6 +244,7 @@
     "allow_this_client": "Разрешить доступ клиенту",
     "block_for_this_client_only": "Заблокировать только для этого клиента",
     "unblock_for_this_client_only": "Разблокировать только для этого клиента",
+    "add_persistent_client": "Добавить в сохранённые клиенты",
     "time_table_header": "Время",
     "date": "Дата",
     "domain_name_table_header": "Домен",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Имена хостов",
     "encryption_reset": "Вы уверены, что хотите сбросить настройки шифрования?",
     "encryption_warning": "Предупреждение",
+    "encryption_plain_dns_enable": "Включить незашифрованный DNS",
+    "encryption_plain_dns_desc": "Незашифрованный DNS включён по умолчанию. Вы можете отключить его, чтобы заставить все устройства использовать зашифрованный DNS. Для этого необходимо включить хотя бы один зашифрованный протокол DNS",
+    "encryption_plain_dns_error": "Чтобы отключить незашифрованный DNS, включите хотя бы один зашифрованный протокол DNS",
     "topline_expiring_certificate": "Ваш SSL-сертификат скоро истекает. Обновите <0>Настройки шифрования</0>.",
     "topline_expired_certificate": "Ваш SSL-сертификат истёк. Обновите <0>Настройки шифрования</0>.",
     "form_error_port_range": "Введите номер порта из интервала 80-65535",
@@ -462,6 +467,7 @@
     "form_add_id": "Добавить идентификатор",
     "form_client_name": "Введите имя клиента",
     "name": "Имя",
+    "client_name": "Клиент {{id}}",
     "client_global_settings": "Использовать глобальные настройки",
     "client_deleted": "Клиент «{{key}}» успешно удалён",
     "client_added": "Клиент «{{key}}» успешно добавлен",
@@ -672,7 +678,7 @@
     "use_saved_key": "Использовать сохранённый ранее ключ",
     "parental_control": "Родительский контроль",
     "safe_browsing": "Безопасный интернет",
-    "served_from_cache": "{{value}} <i>(получено из кеша)</i>",
+    "served_from_cache_label": "Получено из кеша",
     "form_error_password_length": "Пароль должен содержать от {{min}} до {{max}} символов",
     "anonymizer_notification": "<0>Внимание:</0> включена анонимизация IP-адресов. Вы можете отключить её в разделе <1>Основные настройки</1>.",
     "confirm_dns_cache_clear": "Вы уверены, что хотите очистить кеш DNS?",
@@ -734,5 +740,8 @@
     "wednesday_short": "Ср",
     "thursday_short": "Чт",
     "friday_short": "Пт",
-    "saturday_short": "Сб"
+    "saturday_short": "Сб",
+    "upstream_dns_cache_configuration": "Конфигурация кеша upstream DNS-серверов",
+    "enable_upstream_dns_cache": "Включить кеширование для пользовательской конфигурации upstream-серверов этого клиента",
+    "dns_cache_size": "Размер DNS-кеша в байтах"
 }

client/src/__locales/si-lk.json

@@ -208,9 +208,9 @@
     "dns_test_not_ok_toast": "\"{{key}}\" සේවාදායක(ය): භාවිතා කිරීමට නොහැකි විය, ඔබ එය නිවැරදිව ලියා ඇතිදැයි පරීක්‍ෂා කරන්න",
     "unblock": "අනවහිර",
     "block": "අවහිර",
-    "disallow_this_client": "මෙම අනුග්‍රාහකයට නොඉඩ දෙන්න",
+    "disallow_this_client": "මෙම අනුග්‍රාහකයට ඉඩ නොදෙන්න",
     "allow_this_client": "මෙම අනුග්‍රාහකයට ඉඩ දෙන්න",
-    "block_for_this_client_only": "මෙම අනුග්‍රාහකයට පමණක් අවහිර කරන්න",
+    "block_for_this_client_only": "මෙම අනුග්‍රාහකයට අවහිර කරන්න",
     "unblock_for_this_client_only": "මෙම අනුග්‍රාහකයට පමණක් අනවහිර කරන්න",
     "time_table_header": "වේලාව",
     "date": "දිනය",

client/src/__locales/sk.json

@@ -13,20 +13,20 @@
     "fallback_dns_desc": "Zoznam záložných serverov DNS, ktoré sa používajú, keď nadradený servery DNS neodpovedajú. Syntax je rovnaká ako v hlavnom poli vyššie.",
     "fallback_dns_placeholder": "Zadajte jeden záložný server DNS na riadok",
     "local_ptr_title": "Súkromné reverzné DNS servery",
-    "local_ptr_desc": "DNS servery, ktoré AdGuard Home používa pre miestne PTR dopyty. Tieto servery sa používajú na rozlíšenie názvov hostiteľov klientov so súkromnými adresami IP, napríklad \"192.168.12.34\", pomocou reverzného DNS. Ak nie je nastavené inak, AdGuard Home použije adresy predvolených prekladačov DNS Vášho operačného systému okrem adries samotného AdGuard Home.",
+    "local_ptr_desc": "Servery DNS, ktoré používa AdGuard Home na súkromné dopyty PTR, SOA a NS. Dopyt sa považuje za súkromný, ak požaduje doménu ARPA obsahujúcu podsieť v rozsahu súkromnej IP adresy (napríklad „192.168.12.34“) a pochádza od klienta so súkromnou IP adresou. Ak nie je nastavené, použijú sa predvolené DNS resolvery Vášho operačného systému, okrem AdGuard Home IP adries.",
     "local_ptr_default_resolver": "V predvolenom nastavení používa AdGuard Home nasledujúce reverzné DNS prekladače: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home nemohol určiť vhodné súkromné reverzné DNS prekladače pre tento systém.",
     "local_ptr_placeholder": "Na každý riadok zadajte IP adresu jedného servera",
     "resolve_clients_title": "Povoliť spätný preklad IP adries klientov",
     "resolve_clients_desc": "Reverzne rozlišuje adresy IP klientov na ich názvy hostiteľov odosielaním PTR dopytov príslušným prekladačom (súkromné DNS servery pre miestnych klientov, servery typu upstream pre klientov s verejnými IP adresami).",
     "use_private_ptr_resolvers_title": "Použiť súkromné reverzné DNS resolvery",
-    "use_private_ptr_resolvers_desc": "Realizuje reverzné vyhľadávanie DNS pre lokálne adresy pomocou týchto upstream serverov. Ak je funkcia vypnutá, Adguard Home reaguje s NXDOMAIN na všetky takéto PTR dopyty okrem klientov známych z DHCP, /etc/hosts, a tak ďalej.",
+    "use_private_ptr_resolvers_desc": "Riešenie dopytov PTR, SOA a NS pre domény ARPA obsahujúce súkromné IP adresy prostredníctvom súkromných upstream serverov, DHCP, /etc/hosts atď. Ak je vypnuté, AdGuard Home bude na všetky takéto dopyty odpovedať pomocou NXDOMAIN.",
     "check_dhcp_servers": "Skontrolovať DHCP servery",
     "save_config": "Uložiť konfiguráciu",
     "enabled_dhcp": "DHCP server zapnutý",
     "disabled_dhcp": "DHCP server vypnutý",
     "unavailable_dhcp": "DHCP nie je dostupné",
-    "unavailable_dhcp_desc": "AdGuard Home nemôže vo vašom OS prevádzkovať DHCP server",
+    "unavailable_dhcp_desc": "AdGuard Home nemôže vo Vašom OS prevádzkovať DHCP server",
     "dhcp_title": "DHCP server (experimentálne!)",
     "dhcp_description": "Ak Váš smerovač neposkytuje možnosť nastaviť DHCP, môžete použiť vlastný zabudovaný DHCP server AdGuard.",
     "dhcp_enable": "Zapnúť DHCP server",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Upstream servery boli úspešne uložené",
     "dns_test_ok_toast": "Špecifikované DNS servery pracujú korektne",
     "dns_test_not_ok_toast": "Server \"{{key}}\": nemohol byť použitý, skontrolujte, či ste ho správne napísali",
+    "dns_test_parsing_error_toast": "Sekcia {{section}}: riadok {{line}}: nepodarilo sa použiť, skontrolujte, či ste ho napísali správne",
     "dns_test_warning_toast": "Upstream \"{{key}}\" neodpovedá na testovacie dopyty a nemusí fungovať správne",
     "unblock": "Odblokovať",
     "block": "Blokovať",
@@ -243,6 +244,7 @@
     "allow_this_client": "Povoliť tohto klienta",
     "block_for_this_client_only": "Blokovať len pre tohto klienta",
     "unblock_for_this_client_only": "Odblokovať len pre tohto klienta",
+    "add_persistent_client": "Pridať ako trvalého klienta",
     "time_table_header": "Čas",
     "date": "Dátum",
     "domain_name_table_header": "Meno domény",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Názvy hostiteľov",
     "encryption_reset": "Naozaj chcete obnoviť nastavenia šifrovania?",
     "encryption_warning": "Varovanie",
+    "encryption_plain_dns_enable": "Zapnúť jednoduchý DNS",
+    "encryption_plain_dns_desc": "Jednoduchý DNS je predvolene zapnutý. Môžete ho vypnúť, aby ste prinútili všetky zariadenia používať šifrovaný DNS. Ak to chcete urobiť, musíte zapnúť aspoň jeden šifrovaný DNS protokol",
+    "encryption_plain_dns_error": "Ak chcete vypnúť jednoduchý DNS protokol, zapnite aspoň jeden šifrovaný DNS protokol",
     "topline_expiring_certificate": "Váš SSL certifikát čoskoro vyprší. Aktualizujte <0>Nastavenia šifrovania</0>.",
     "topline_expired_certificate": "Váš SSL certifikát vypršal. Aktualizujte <0>Nastavenia šifrovania</0>.",
     "form_error_port_range": "Zadajte číslo portu v rozsahu 80-65535",
@@ -462,6 +467,7 @@
     "form_add_id": "Pridajte identifikátor",
     "form_client_name": "Zadajte meno klienta",
     "name": "Meno",
+    "client_name": "Klient {{id}}",
     "client_global_settings": "Použiť globálne nastavenia",
     "client_deleted": "\"{{key}}\" klienta bol úspešne vymazaný",
     "client_added": "\"{{key}}\" klienta bol úspešne pridaný",
@@ -672,7 +678,7 @@
     "use_saved_key": "Použiť predtým uložený kľúč",
     "parental_control": "Rodičovská kontrola",
     "safe_browsing": "Bezpečné prehliadanie",
-    "served_from_cache": "{{value}} <i>(prevzatá z cache pamäte)</i>",
+    "served_from_cache_label": "Prevzaté z cache pamäte",
     "form_error_password_length": "Heslo musí mať od {{min}} do {{max}} znakov",
     "anonymizer_notification": "<0>Poznámka:</0> Anonymizácia IP je zapnutá. Môžete ju vypnúť vo <1>Všeobecných nastaveniach</1>.",
     "confirm_dns_cache_clear": "Naozaj chcete vymazať vyrovnávaciu pamäť DNS?",
@@ -734,5 +740,8 @@
     "wednesday_short": "Str",
     "thursday_short": "Štr",
     "friday_short": "Pia",
-    "saturday_short": "Sob"
+    "saturday_short": "Sob",
+    "upstream_dns_cache_configuration": "Konfigurácia cache pamäte DNS pre upstream",
+    "enable_upstream_dns_cache": "Zapnúť ukladanie DNS do cache pamäte pre vlastnú konfiguráciu odosielania tohto klienta",
+    "dns_cache_size": "Veľkosť cache pamäte DNS v bajtoch"
 }

client/src/__locales/sl.json

@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Gorvodni trežniki so uspešno shranjeni",
     "dns_test_ok_toast": "Navedeni strežniki DNS delujejo pravilno",
     "dns_test_not_ok_toast": "Ni mogoče uporabiti: strežnika \"{{key}}\". Preverite, ali ste ga pravilno napisali",
+    "dns_test_parsing_error_toast": "Razdelek {{section}}: vrstica {{line}}: ni bilo mogoče uporabiti, preverite, ali ste ga pravilno zapisali",
     "dns_test_warning_toast": "Upstream \"{{key}}\" se ne odziva na testne zahteve in morda ne deluje pravilno",
     "unblock": "Omogoči",
     "block": "Onemogoči",
@@ -243,6 +244,7 @@
     "allow_this_client": "Dovoli tega odjemalca",
     "block_for_this_client_only": "Onemogoči samo za tega odjemalca",
     "unblock_for_this_client_only": "Omogoči samo za tega odjemalca",
+    "add_persistent_client": "Dodaj kot vztrajnega odjemalca",
     "time_table_header": "Čas",
     "date": "Datum",
     "domain_name_table_header": "Ime domene",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Imena gostiteljev",
     "encryption_reset": "Ali ste prepričani, da želite ponastaviti nastavitve šifriranja?",
     "encryption_warning": "Opozorilo",
+    "encryption_plain_dns_enable": "Omogoči navaden DNS",
+    "encryption_plain_dns_desc": "Navaden DNS je privzeto omogočen. Lahko ga onemogočite, da vse naprave prisilite k uporabi šifriranega DNS-ja. Če želite to narediti, morate omogočiti vsaj en šifriran protokol DNS",
+    "encryption_plain_dns_error": "Da onemogočite navaden DNS, omogočite vsaj en šifriran protokol DNS",
     "topline_expiring_certificate": "Vaš e digitalno potrdilo SSL bo kmalu poteklol. Posodobite <0>Nastavitve šifriranja</0>.",
     "topline_expired_certificate": "Vaše digitalno potrdilo SSL je poteklo. Posodobi <0>Nastavitve šifriranja</0>.",
     "form_error_port_range": "Vnesite številko vrat v razponu med 80-65535",
@@ -462,6 +467,7 @@
     "form_add_id": "Dodaj identifikatorja",
     "form_client_name": "Vnesite ime odjemalca",
     "name": "Ime",
+    "client_name": "Odjemalec {{id}}",
     "client_global_settings": "Uporabi splošne nastavitve",
     "client_deleted": "Odjemalec \"{{key}}\" je bil uspešno izbrisan",
     "client_added": "Odjemalec \"{{key}}\" je bil uspešno dodan",
@@ -672,7 +678,7 @@
     "use_saved_key": "Uporabi prej shranjeni ključ",
     "parental_control": "Starševski nadzor",
     "safe_browsing": "Varno brskanje",
-    "served_from_cache": "{{value}} <i>(postreženo iz predpomnilnika)</i>",
+    "served_from_cache_label": "Dostavljeno iz predpomnilnika",
     "form_error_password_length": "Geslo mora vsebovati od {{min}} do {{max}} znakov",
     "anonymizer_notification": "<0>Opomba:</0> Anonimizacija IP je omogočena. Onemogočite ga lahko v <1>Splošnih nastavitvah</1>.",
     "confirm_dns_cache_clear": "Ali ste prepričani, da želite počistiti predpomnilnik DNS?",
@@ -734,5 +740,8 @@
     "wednesday_short": "Sre",
     "thursday_short": "Čet",
     "friday_short": "Pet",
-    "saturday_short": "Sob"
+    "saturday_short": "Sob",
+    "upstream_dns_cache_configuration": "Nastavitve predpomnilnika gorvodnega DNS",
+    "enable_upstream_dns_cache": "Omogoči predpomnjenje nastavitev gorvodnega DNS po meri tega odjemalca",
+    "dns_cache_size": "Velikost predpomnilnika DNS, v bajtih"
 }

client/src/__locales/sr-cs.json

@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Upstream serveri su uspešno sačuvani",
     "dns_test_ok_toast": "Dati DNS serveri rade ispravno",
     "dns_test_not_ok_toast": "Server \"{{key}}\": se ne može koristiti. Proverite da li ste ga ispravno uneli",
+    "dns_test_parsing_error_toast": "Odeljak {{section}}: linija {{line}}: ne može se koristiti, molimo proverite da li ste ga ispravno napisali",
     "dns_test_warning_toast": "Apstrim \"{{key}}\" ne odgovara na zahteve za testiranje i možda neće raditi kako treba",
     "unblock": "Odblokiraj",
     "block": "Blokiraj",
@@ -243,6 +244,7 @@
     "allow_this_client": "Dozvoli ovaj klijent",
     "block_for_this_client_only": "Blokiraj samo za ovaj klijent",
     "unblock_for_this_client_only": "Odblokiraj samo za ovaj klijent",
+    "add_persistent_client": "Dodati u sačuvane klijente",
     "time_table_header": "Vreme",
     "date": "Datum",
     "domain_name_table_header": "Ime domena",
@@ -462,6 +464,7 @@
     "form_add_id": "Dodaj identifikator",
     "form_client_name": "Unesite ime klijenta",
     "name": "Ime",
+    "client_name": "Klijent {{id}}",
     "client_global_settings": "Koristi globalne postavke",
     "client_deleted": "Klijent \"{{key}}\" uspešno izbrisan",
     "client_added": "Klijent \"{{key}}\" uspešno dodat",
@@ -734,5 +737,8 @@
     "wednesday_short": "Sre",
     "thursday_short": "Čet",
     "friday_short": "Pet",
-    "saturday_short": "Sub"
+    "saturday_short": "Sub",
+    "upstream_dns_cache_configuration": "Konfiguracija keša upstream DNS servera",
+    "enable_upstream_dns_cache": "Uključite keširanje za korisničku konfiguraciju upstream servera ovog klijenta",
+    "dns_cache_size": "Veličina DNS keša, u bajtovima"
 }

client/src/__locales/sv.json

@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Sparade uppströms dns-servrar",
     "dns_test_ok_toast": "Angivna DNS servrar fungerar korrekt",
     "dns_test_not_ok_toast": "Server \"{{key}}\": kunde inte användas. Var snäll och kolla att du skrivit in rätt",
+    "dns_test_parsing_error_toast": "Avsnitt {{section}}: rad {{line}}: kunde inte användas, kontrollera att du har skrivit det korrekt",
     "dns_test_warning_toast": "Uppströms \"{{key}}\" svarar inte på testförfrågningar och kanske inte fungerar korrekt",
     "unblock": "Avblockera",
     "block": "Blockera",
@@ -243,6 +244,7 @@
     "allow_this_client": "Tillåt den här klienten",
     "block_for_this_client_only": "Blockera endast för denna klient",
     "unblock_for_this_client_only": "Avblockera endast för denna klient",
+    "add_persistent_client": "Lägg till som beständig klient",
     "time_table_header": "Tid",
     "date": "Datum",
     "domain_name_table_header": "Domännamn",
@@ -310,6 +312,14 @@
     "edns_use_custom_ip": "Använd anpassad IP för EDNS",
     "edns_use_custom_ip_desc": "Tillåt att använda anpassad IP för EDNS",
     "rate_limit_desc": "Antalet förfrågningar per sekund som tillåts per klient. Att sätta den till 0 innebär ingen gräns.",
+    "rate_limit_subnet_len_ipv4": "Prefixlängd för subnät för IPv4-adresser",
+    "rate_limit_subnet_len_ipv4_desc": "Subnätprefixlängd för IPv4-adresser som används för hastighetsbegränsning. Standard är 24",
+    "rate_limit_subnet_len_ipv4_error": "IPv4-subnätets prefixlängd ska vara mellan 0 och 32",
+    "rate_limit_subnet_len_ipv6": "Prefixlängd för subnät för IPv6-adresser",
+    "rate_limit_subnet_len_ipv6_desc": "Subnätprefixlängd för IPv6-adresser som används för hastighetsbegränsning. Standard är 56",
+    "rate_limit_subnet_len_ipv6_error": "IPv6-subnätets prefixlängd ska vara mellan 0 och 128",
+    "form_enter_rate_limit_subnet_len": "Ange subnätprefixlängd för hastighetsbegränsning",
+    "rate_limit_whitelist_desc": "IP-adresser uteslutna från hastighetsbegränsning",
     "rate_limit_whitelist_placeholder": "Ange en IP-adress per rad",
     "blocking_ipv4_desc": "IP adress som ska returneras för en blockerad A förfrågan",
     "blocking_ipv6_desc": "IP adress som ska returneras för en blockerad AAAA förfrågan",
@@ -453,6 +463,7 @@
     "form_add_id": "Lägg till identifierare",
     "form_client_name": "Skriv in klientnamn",
     "name": "Namn",
+    "client_name": "Klient {{id}}",
     "client_global_settings": "Använda globala inställningar",
     "client_deleted": "Klient \"{{key}}\" har raderats",
     "client_added": "Klient \"{{key}}\" har lagts till",
@@ -725,5 +736,8 @@
     "wednesday_short": "Ons",
     "thursday_short": "Tor",
     "friday_short": "Fre",
-    "saturday_short": "Lör"
+    "saturday_short": "Lör",
+    "upstream_dns_cache_configuration": "Konfiguration av uppströms DNS-cache",
+    "enable_upstream_dns_cache": "Aktivera DNS-cachelagring för den här klientens anpassade uppströmskonfiguration",
+    "dns_cache_size": "DNS-cachestorlek, i byte"
 }

client/src/__locales/tr.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "Yukarı akış DNS sunucuları yanıt vermediğinde kullanılan yedek DNS sunucularının listesi. Söz dizimi yukarıdaki ana üst kaynak alanıyla aynıdır.",
     "fallback_dns_placeholder": "Her satıra bir yedek DNS sunucusu girin",
     "local_ptr_title": "Özel ters DNS sunucuları",
-    "local_ptr_desc": "AdGuard Home'un yerel PTR sorguları için kullandığı DNS sunucuları. Bu sunucular, rDNS kullanarak, örneğin \"192.168.12.34\" gibi özel IP aralıklarındaki adresler için PTR isteklerini çözmek için kullanılır. Ayarlanmadığı durumda AdGuard Home, işletim sisteminizin varsayılan DNS çözümleme adreslerini kullanır.",
+    "local_ptr_desc": "AdGuard Home tarafından özel PTR, SOA ve NS istekleri için kullanılan DNS sunucuları. Bir istek, özel IP aralıkları (\"192.168.12.34\" gibi) içinde bir alt ağ içeren bir ARPA alan adı ister ve özel IP adresine sahip bir istemciden gelirse özel olarak kabul edilir. Ayarlanmadığı durumda AdGuard Home, IP adresleri dışında işletim sisteminizin varsayılan DNS çözümleyicileri kullanılır.",
     "local_ptr_default_resolver": "AdGuard Home, varsayılan olarak aşağıdaki ters DNS çözümleyicilerini kullanır: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home, bu sistem için uygun olan özel ters DNS çözümleyicilerini belirleyemedi.",
     "local_ptr_placeholder": "Her satıra bir IP adresi girin",
     "resolve_clients_title": "İstemcilerin IP adreslerinin ters çözümlenmesini etkinleştir",
     "resolve_clients_desc": "Karşılık gelen çözümleyicilere (yerel istemciler için özel DNS sunucuları, genel IP adresleri olan istemciler için üst sunucuları) PTR sorguları göndererek istemcilerin IP adreslerini ana makine adlarının tersine çözün.",
     "use_private_ptr_resolvers_title": "Özel ters DNS çözümleyicileri kullan",
-    "use_private_ptr_resolvers_desc": "Bu üst kaynak sunucularını kullanarak yerel olarak sunulan adresler için ters DNS aramaları yapın. Devre dışı bırakılırsa, AdGuard Home, DHCP, /etc/hosts, vb. tarafından bilinen istemciler dışında bu tür tüm PTR isteklerine NXDOMAIN ile yanıt verir.",
+    "use_private_ptr_resolvers_desc": "Özel üst kaynak sunucuları, DHCP, /etc/hosts, vb. aracılığıyla özel IP adresleri içeren ARPA alan adları için PTR, SOA ve NS isteklerini çözümleyin. Devre dışı bırakılırsa, AdGuard Home bu tür tüm isteklere NXDOMAIN ile yanıt verir.",
     "check_dhcp_servers": "DHCP sunucularını denetle",
     "save_config": "Yapılandırmayı kaydet",
     "enabled_dhcp": "DHCP sunucusu etkinleştirildi",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Üst sunucular başarıyla kaydedildi",
     "dns_test_ok_toast": "Belirtilen DNS sunucuları düzgün çalışıyor",
     "dns_test_not_ok_toast": "Sunucu \"{{key}}\": kullanılamıyor, lütfen doğru yazdığınızdan emin olun",
+    "dns_test_parsing_error_toast": "{{section}} bölümü: {{line}}. satır: kullanılamadı, lütfen doğru yazdığınızı kontrol edin",
     "dns_test_warning_toast": "Üst kaynak \"{{key}}\", test isteklerine yanıt vermiyor ve düzgün çalışmayabilir",
     "unblock": "Engeli kaldır",
     "block": "Engelle",
@@ -243,6 +244,7 @@
     "allow_this_client": "Bu istemciye izin ver",
     "block_for_this_client_only": "Yalnızca bu istemci için engelle",
     "unblock_for_this_client_only": "Yalnızca bu istemci için engellemeyi kaldır",
+    "add_persistent_client": "Kalıcı istemci olarak ekle",
     "time_table_header": "Saat",
     "date": "Tarih",
     "domain_name_table_header": "Alan adı",
@@ -322,7 +324,7 @@
     "rate_limit_whitelist_placeholder": "Her satıra bir IP adresi girin",
     "blocking_ipv4_desc": "Engellenen bir A isteği için geri döndürülecek IP adresi",
     "blocking_ipv6_desc": "Engellenen bir AAAA isteği için geri döndürülecek IP adresi",
-    "blocking_mode_default": "Varsayılan: Reklam engelleme tarzı kural tarafından engellendiğinde sıfır IP adresiyle (A için 0.0.0.0; :: AAAA için) yanıt verin; /etc/hosts-tarzı kural tarafından engellendiğinde, kuralda belirtilen IP adresiyle yanıt verin",
+    "blocking_mode_default": "Varsayılan: Reklam engelleme stili kuralı tarafından engellendiğinde sıfır IP adresiyle (A için 0.0.0.0; :: AAAA için) yanıt verin; /etc/hosts-tarzı kural tarafından engellendiğinde, kuralda belirtilen IP adresiyle yanıt verin",
     "blocking_mode_refused": "REFUSED: REFUSED koduyla yanıt verin",
     "blocking_mode_nxdomain": "NXDOMAIN: NXDOMAIN koduyla yanıt verin",
     "blocking_mode_null_ip": "Boş IP: Sıfır IP adresiyle yanıt verin (A için 0.0.0.0; :: AAAA için)",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Ana makine adları",
     "encryption_reset": "Şifreleme ayarlarını sıfırlamak istediğinizden emin misiniz?",
     "encryption_warning": "Uyarı",
+    "encryption_plain_dns_enable": "Düz DNS'i etkinleştir",
+    "encryption_plain_dns_desc": "Düz DNS varsayılan olarak etkindir. Tüm aygıtları şifrelenmiş DNS kullanmaya zorlamak için bunu devre dışı bırakabilirsiniz. Bunu yapmak için en az bir şifrelenmiş DNS protokolünü etkinleştirmeniz gerekir",
+    "encryption_plain_dns_error": "Düz DNS'i devre dışı bırakmak için en az bir şifrelenmiş DNS protokolünü etkinleştirin",
     "topline_expiring_certificate": "SSL sertifikanızın süresi sona üzere. <0>Şifreleme ayarlarını</0> güncelleyin.",
     "topline_expired_certificate": "SSL sertifikanızın süresi sona erdi. <0>Şifreleme ayarlarını</0> güncelleyin.",
     "form_error_port_range": "80-65535 aralığında geçerli bir bağlantı noktası değeri girin",
@@ -462,6 +467,7 @@
     "form_add_id": "Tanımlayıcı ekle",
     "form_client_name": "İstemci ismi girin",
     "name": "Adı",
+    "client_name": "İstemci {{id}}",
     "client_global_settings": "Genel ayarları kullan",
     "client_deleted": "\"{{key}}\" istemcisi başarıyla silindi",
     "client_added": "\"{{key}}\" istemcisi başarıyla eklendi",
@@ -672,7 +678,7 @@
     "use_saved_key": "Önceden kaydedilmiş anahtarı kullan",
     "parental_control": "Ebeveyn Denetimi",
     "safe_browsing": "Güvenli Gezinti",
-    "served_from_cache": "{{value}} <i>(önbellekten kullanıldı)</i>",
+    "served_from_cache_label": "Önbellekten kullanıldı",
     "form_error_password_length": "Parola {{min}} ila {{max}} karakter uzunluğunda olmalıdır",
     "anonymizer_notification": "<0>Not:</0> IP anonimleştirme etkinleştirildi. Bunu <1>Genel ayarlardan</1> devre dışı bırakabilirsiniz.",
     "confirm_dns_cache_clear": "DNS önbelleğini temizlemek istediğinizden emin misiniz?",
@@ -734,5 +740,8 @@
     "wednesday_short": "Çar",
     "thursday_short": "Per",
     "friday_short": "Cum",
-    "saturday_short": "Cmt"
+    "saturday_short": "Cmt",
+    "upstream_dns_cache_configuration": "Üst kaynak DNS önbellek yapılandırması",
+    "enable_upstream_dns_cache": "Bu istemcinin özel üst kaynak yapılandırması için DNS önbelleğe almayı etkinleştir",
+    "dns_cache_size": "DNS önbellek boyutu, bayt cinsinden"
 }

client/src/__locales/uk.json

@@ -68,7 +68,7 @@
     "ip": "IP",
     "dhcp_table_hostname": "Назва вузла",
     "dhcp_table_expires": "Закінчується",
-    "dhcp_warning": "Якщо ви однаково хочете увімкнути DHCP-сервер, переконайтеся, що у вашій мережі немає інших активних DHCP-серверів. Інакше, це може порушити роботу інтернету на під'єднаних пристроях!",
+    "dhcp_warning": "Якщо ви однаково хочете увімкнути DHCP-сервер, переконайтеся, що у вашій мережі немає інших активних DHCP-серверів. Інакше, це може порушити роботу інтернету на підʼєднаних пристроях!",
     "dhcp_error": "AdGuard Home не зміг визначити, чи є в мережі інший DHCP-сервер",
     "dhcp_static_ip_error": "Для використання DHCP-сервера необхідно встановити статичну IP-адресу. Нам не вдалося визначити, чи цей мережевий інтерфейс налаштовано для використання статичної IP-адреси. Встановіть статичну IP-адресу вручну.",
     "dhcp_dynamic_ip_found": "Ваша система використовує конфігурацію з динамічною IP-адресою для інтерфейсу <0>{{interfaceName}}</0>. Для використання DHCP-сервера необхідно встановити статичну IP-адресу. Ваша поточна IP-адреса <0>{{ipAddress}}</0>. Ми автоматично встановимо цю IP-адресу як статичну, якщо ви натиснете кнопку «Увімкнути DHCP-сервер».",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "DNS-сервери успішно збережено",
     "dns_test_ok_toast": "Вказані DNS сервери працюють правильно",
     "dns_test_not_ok_toast": "Сервер «{{key}}»: неможливо використати. Перевірте правильність введення",
+    "dns_test_parsing_error_toast": "Розділ {{section}}: рядок {{line}}: неможливо використати. Перевірте правильність введення",
     "dns_test_warning_toast": "Upstream «{{key}}» не відповідає на тестові запити та може працювати не правильно",
     "unblock": "Дозволити",
     "block": "Заборонити",
@@ -243,6 +244,7 @@
     "allow_this_client": "Дозволити цей клієнт",
     "block_for_this_client_only": "Заборонити тільки цей клієнт",
     "unblock_for_this_client_only": "Дозволити тільки цей клієнт",
+    "add_persistent_client": "Додати в збережені клієнти",
     "time_table_header": "Час",
     "date": "Дата",
     "domain_name_table_header": "Назва домену",
@@ -362,7 +364,7 @@
     "install_submit_title": "Вітаємо!",
     "install_submit_desc": "Процедура налаштування завершена і тепер все готово, аби почати користуватися AdGuard Home.",
     "install_devices_router": "Роутер",
-    "install_devices_router_desc": "Це налаштування буде автоматично охоплювати всі пристрої, що під'єднано до домашнього маршрутизатора. Вам не потрібно буде налаштовувати кожен з них вручну.",
+    "install_devices_router_desc": "Це налаштування буде автоматично охоплювати всі пристрої, що підʼєднано до домашнього маршрутизатора. Вам не потрібно буде налаштовувати кожен з них вручну.",
     "install_devices_address": "DNS-сервер AdGuard Home прослуховує наступні адреси",
     "install_devices_router_list_1": "Відкрийте налаштування маршрутизатора. Зазвичай ви можете отримати до нього доступ із браузера за допомогою URL-адреси, наприклад, http://192.168.0.1/ або http://192.168.1.1/. Можливо, треба буде ввести пароль. Якщо ви його не знаєте, часто можна скинути пароль, натиснувши кнопку на самому маршрутизаторі. Для деяких маршрутизаторів потрібна спеціальна програма, яка в такому випадку повинна бути вже встановлена на вашому комп’ютері чи телефоні.",
     "install_devices_router_list_2": "Знайдіть налаштування DHCP/DNS. Шукайте літери DNS поруч із полем, в яке можна ввести два або три набори чисел, кожен з яких розбитий на чотири групи від однієї до трьох цифр.",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "Назви вузлів",
     "encryption_reset": "Ви впевнені, що хочете скинути налаштування шифрування?",
     "encryption_warning": "Попередження",
+    "encryption_plain_dns_enable": "Увімкнути звичайний DNS",
+    "encryption_plain_dns_desc": "Звичайний DNS усталено увімкнений. Ви можете вимкнути його, щоб змусити всі пристрої використовувати зашифрований DNS. Для цього необхідно увімкнути хоча б один зашифрований протокол DNS",
+    "encryption_plain_dns_error": "Щоб вимкнути звичайний DNS, увімкніть принаймні один зашифрований протокол DNS",
     "topline_expiring_certificate": "Ваш сертифікат SSL скоро закінчиться. Оновіть <0>Налаштування шифрування</0>.",
     "topline_expired_certificate": "Термін дії вашого сертифіката SSL закінчився. Оновіть <0>Налаштування шифрування</0>.",
     "form_error_port_range": "Введіть значення порту в діапазоні 80−65535",
@@ -443,7 +448,7 @@
     "manual_update": "Щоб оновити самостійно, <a>виконайте ці кроки</a>.",
     "processing_update": "Зачекайте будь ласка, AdGuard Home оновлюється",
     "clients_title": "Постійні клієнти",
-    "clients_desc": "Налаштуйте пристрої, під'єднані до AdGuard Home",
+    "clients_desc": "Налаштуйте пристрої, які підʼєднано до AdGuard Home",
     "settings_global": "Загальні",
     "settings_custom": "Власні",
     "table_client": "Клієнт",
@@ -462,6 +467,7 @@
     "form_add_id": "Додати ідентифікатор",
     "form_client_name": "Введіть ім'я клієнта",
     "name": "Ім'я",
+    "client_name": "Клієнт {{id}}",
     "client_global_settings": "Використати загальні налаштування",
     "client_deleted": "Клієнта «{{key}}» успішно видалено",
     "client_added": "Клієнта «{{key}}» успішно додано",
@@ -672,7 +678,7 @@
     "use_saved_key": "Використати раніше збережений ключ",
     "parental_control": "Батьківський контроль",
     "safe_browsing": "Безпечний перегляд",
-    "served_from_cache": "{{value}} <i>(отримано з кешу)</i>",
+    "served_from_cache_label": "Отримано з кешу",
     "form_error_password_length": "Пароль має містити від {{min}} до {{max}} символів",
     "anonymizer_notification": "<0>Примітка:</0> IP-анонімізацію ввімкнено. Ви можете вимкнути його в <1>Загальні налаштування</1> .",
     "confirm_dns_cache_clear": "Ви впевнені, що бажаєте очистити кеш DNS?",
@@ -734,5 +740,8 @@
     "wednesday_short": "СР",
     "thursday_short": "ЧТ",
     "friday_short": "ПТ",
-    "saturday_short": "СБ"
+    "saturday_short": "СБ",
+    "upstream_dns_cache_configuration": "Конфігурація кешу upstream DNS-серверів",
+    "enable_upstream_dns_cache": "Увімкнути кешування для користувацької конфігурації upstream-серверів цього клієнта",
+    "dns_cache_size": "Розмір кешу DNS, у байтах"
 }

client/src/__locales/vi.json

@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "Các máy chủ thượng nguồn đã được lưu thành công",
     "dns_test_ok_toast": "Máy chủ DNS có thể sử dụng",
     "dns_test_not_ok_toast": "Máy chủ \"{{key}}\"': không thể sử dụng, vui lòng kiểm tra lại",
+    "dns_test_parsing_error_toast": "Phần {{section}}: dòng {{line}}: không thể sử dụng được, vui lòng kiểm tra xem bạn đã viết đúng chưa",
     "dns_test_warning_toast": "Ngược lại \"{{key}}\" không phản hồi các yêu cầu kiểm tra và có thể không hoạt động bình thường",
     "unblock": "Bỏ chặn",
     "block": "Chặn",
@@ -243,6 +244,7 @@
     "allow_this_client": "Cho phép ứng dụng khách này",
     "block_for_this_client_only": "Chỉ chặn ứng dụng khách này",
     "unblock_for_this_client_only": "Chỉ hủy chặn ứng dụng khách này",
+    "add_persistent_client": "Thêm làm ứng dụng khách liên tục",
     "time_table_header": "Thời gian",
     "date": "Ngày",
     "domain_name_table_header": "Tên miền",
@@ -462,6 +464,7 @@
     "form_add_id": "Thêm định danh",
     "form_client_name": "Nhập tên máy khách",
     "name": "Tên",
+    "client_name": "Khách hàng {{id}}",
     "client_global_settings": "Sử dụng cài đặt toàn cầu",
     "client_deleted": "Máy khách \"{{key}}\" đã xóa thành công",
     "client_added": "Máy khách \"{{key}}\" đã thêm thành công",
@@ -734,5 +737,8 @@
     "wednesday_short": "Thứ 4",
     "thursday_short": "Thứ 5",
     "friday_short": "Thứ 6",
-    "saturday_short": "Thứ 7"
+    "saturday_short": "Thứ 7",
+    "upstream_dns_cache_configuration": "Cấu hình bộ nhớ đệm upstream của các máy chủ DNS",
+    "enable_upstream_dns_cache": "Bật bộ nhớ cache cho cấu hình ngược dòng của máy chủ upstream của khách hàng này",
+    "dns_cache_size": "Kích thước bộ nhớ cache DNS, tính bằng byte"
 }

client/src/__locales/zh-cn.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "当上游 DNS 服务器没有响应时使用的后备 DNS 服务器列表。语法与上面的「主要上游」字段相同。",
     "fallback_dns_placeholder": "每行输入一个后备 DNS 服务器",
     "local_ptr_title": "私人反向 DNS 服务器",
-    "local_ptr_desc": "AdGuard Home 用于本地 PTR 查询的 DNS 服务器。这些服务器将使用反向 DNS 解析具有私人 IP 地址的客户机的主机名，比如 \"192.168.12.34\"。如果没有设置，除非是 AdGuard Home 里设置的地址，AdGuard Home 都将自动使用您的操作系统的默认 DNS 解析器。",
+    "local_ptr_desc": "AdGuard Home 用于私人 PTR、SOA 和 NS 请求的 DNS 服务器。如果请求的 ARPA 域名包含私有 IP 范围内的子网（如 \"192.168.12.34\"），且请求来自具有私有 IP 地址的客户端，该请求被视为私有请求。如果未设置，将使用操作系统的默认 DNS 解析器，AdGuard Home IP 地址除外。",
     "local_ptr_default_resolver": "AdGuard Home 默认使用下列反向 DNS 解析器: {{ip}}",
     "local_ptr_no_default_resolver": "AdGuard Home 无法为这个系统确定合适的私人反向 DNS 解析器。",
     "local_ptr_placeholder": "每行输入一个 IP 地址",
     "resolve_clients_title": "启用客户端的 IP 地址的反向解析",
     "resolve_clients_desc": "通过发送 PTR 查询到对应的解析器 (本地客户端的私人 DNS 服务器，公共 IP 客户端的上游服务器) 将 IP 地址反向解析成其客户端主机名。",
     "use_private_ptr_resolvers_title": "使用私人反向 DNS 解析器",
-    "use_private_ptr_resolvers_desc": "使用这些上游服务器对本地服务的地址执行反向 DNS 查找。 如果禁用，则 AdGuard Home 会以 NXDOMAIN 响应所有此类 PTR 请求，从 DHCP、/etc/hosts 等获知的客户端除外。",
+    "use_private_ptr_resolvers_desc": "使用私有上游服务器、DHCP、/etc/hosts 等解决包含私有 IP 地址的 ARPA 域名的 PTR、SOA 和 NS 请求。如果禁用，AdGuard Home 将以 NXDOMAIN 回应所有此类请求。",
     "check_dhcp_servers": "检查 DHCP 服务器",
     "save_config": "保存配置",
     "enabled_dhcp": "DHCP 服务器已启用",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "上游服务器保存成功",
     "dns_test_ok_toast": "指定的 DNS 服务器现已正常运行",
     "dns_test_not_ok_toast": "服务器 \"{{key}}\"：无法使用，请检查你输入的是否正确",
+    "dns_test_parsing_error_toast": "第 {{section}} 节：第 {{line}} 行：无法使用，请检查您输入的是否正确",
     "dns_test_warning_toast": "上游 “{{key}}” 不响应测试请求，可能无法正常工作",
     "unblock": "放行",
     "block": "拦截",
@@ -243,6 +244,7 @@
     "allow_this_client": "允许这个客户端",
     "block_for_this_client_only": "仅对此客户端拦截",
     "unblock_for_this_client_only": "仅解除对此客户端的拦截",
+    "add_persistent_client": "添加为持久客户端",
     "time_table_header": "时间",
     "date": "日期",
     "domain_name_table_header": "域名",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "主机名",
     "encryption_reset": "您确定想要重置加密设置？",
     "encryption_warning": "警告",
+    "encryption_plain_dns_enable": "启用无加密 DNS",
+    "encryption_plain_dns_desc": "默认情况下启用无加密 DNS。用户可以禁用它，强制所有设备使用加密 DNS。为此，必须至少启用一个加密 DNS 协议",
+    "encryption_plain_dns_error": "要禁用无加密 DNS，请至少启用一个加密 DNS 协议",
     "topline_expiring_certificate": "您的 SSL 证书即将过期。请更新 <0>加密设置</0> 。",
     "topline_expired_certificate": "您的 SSL 证书已过期。请更新 <0>加密设置</0> 。",
     "form_error_port_range": "输入 80 - 65535 范围内的端口值",
@@ -462,6 +467,7 @@
     "form_add_id": "添加标识符",
     "form_client_name": "输入客户端名称",
     "name": "名称",
+    "client_name": "客户端 {{id}}",
     "client_global_settings": "使用全局设置",
     "client_deleted": "客户端 \"{{key}}\" 删除成功",
     "client_added": "客户端 \"{{key}}\" 添加成功",
@@ -672,7 +678,7 @@
     "use_saved_key": "使用之前保存的密钥",
     "parental_control": "家长控制",
     "safe_browsing": "安全浏览",
-    "served_from_cache": "{{value}}<i>(由缓存提供)</i>",
+    "served_from_cache_label": "从缓存中",
     "form_error_password_length": "密码长度必须为 {{min}} 到 {{max}} 个字符",
     "anonymizer_notification": "<0>注意：</0> IP 匿名化已启用。您可以在<1>常规设置</1>中禁用它。",
     "confirm_dns_cache_clear": "您确定要清除 DNS 缓存吗？",
@@ -734,5 +740,8 @@
     "wednesday_short": "周三",
     "thursday_short": "周四",
     "friday_short": "周五",
-    "saturday_short": "周六"
+    "saturday_short": "周六",
+    "upstream_dns_cache_configuration": "上游 DNS 缓存配置",
+    "enable_upstream_dns_cache": "为该客户端的自定义上游配置启用 DNS 缓存",
+    "dns_cache_size": "DNS 缓存大小，单位：字节"
 }

client/src/__locales/zh-hk.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "用戶端設定",
     "example_upstream_reserved": "您可以<0>指定網域</0>使用特定 DNS 查詢",
+    "example_multiple_upstreams_reserved": "多個上游 <0>for 特定網域</0>;",
     "example_upstream_comment": "您可以指定註解",
     "upstream_parallel": "使用平行查詢，同時查詢所有上游伺服器來加速解析結果",
     "parallel_requests": "平行處理",
@@ -8,6 +9,9 @@
     "load_balancing_desc": "一次只查詢一個伺服器。AdGuard Home 會使用加權隨機取樣來選擇使用的查詢結果，以確保速度最快的伺服器能被充分運用。",
     "bootstrap_dns": "引導（Boostrap） DNS 伺服器",
     "bootstrap_dns_desc": "Bootstrap DNS 伺服器用於解析您所設定的上游 DoH/DoT 解析器的 IP 地址",
+    "fallback_dns_title": "備用 DNS 伺服器",
+    "fallback_dns_desc": "備用 DNS 伺服器列表：於主要 DNS 伺服器沒有回應時使用。語法與主要 DNS 伺服器設定欄位相同。",
+    "fallback_dns_placeholder": "每行輸入一個備用 DNS 伺服器",
     "local_ptr_title": "私人 DNS 伺服器",
     "local_ptr_desc": "AdGuard Home 用於區域 PTR 查詢的 DNS 伺服器。這些伺服器將用於解析具有私人 IP 位址的用戶端的主機名稱，例如  \"192.168.12.34\"，使用 rDNS。如果沒有設定，AdGuard Home 將自動使用您的系統預設 DNS 解析。",
     "local_ptr_default_resolver": "AdGuard Home 預設使用以下作為 DNS 反解器：{{ip}}",
@@ -37,17 +41,19 @@
     "dhcp_ipv6_settings": "DHCP IPv6 設定",
     "form_error_required": "必要欄位",
     "form_error_ip4_format": "無效的 IPv4 格式",
-    "form_error_ip6_format": "無效的 IPv6 格式",
     "form_error_ip4_gateway_format": "閘道的 IPv4 位址無效",
-    "form_error_ip_format": "無效的 IP 位址",
+    "form_error_ip6_format": "無效的 IPv6 格式",
+    "form_error_ip_format": "無效的 IP 格式",
     "form_error_mac_format": "無效的 「MAC 位址」格式",
     "form_error_client_id_format": "無效的「客戶端 ID」格式",
     "form_error_server_name": "無效伺服器名稱",
     "form_error_subnet": "子網路 \"{{cidr}}\" 不包含 IP 位址 \"{{ip}}\"",
     "form_error_positive": "數值必須大於 0",
+    "form_error_gateway_ip": "租約不能使用閘道器的 IP 位址",
     "out_of_range_error": "必須介於 \"{{start}}\" - \"{{end}}\" 範圍之外",
     "lower_range_start_error": "必須小於起始值",
     "greater_range_start_error": "必須大於起始值",
+    "subnet_error": "地址必須在同一個子網路中",
     "gateway_or_subnet_invalid": "無效子網路",
     "dhcp_form_gateway_input": "閘道 IP 位址",
     "dhcp_form_subnet_input": "子網路遮罩",
@@ -68,7 +74,9 @@
     "dhcp_dynamic_ip_found": "您的網路介面  <0>{{interfaceName}}</0> 正在使用動態 IP，要使用 DHCP 伺服器必須指定靜態 IP 給 AdGuard。\n目前您的 IP 位址  <0>{{ipAddress}}</0>，啟用 DHCP 後此 IP 將自動設定為靜態 IP 位址。",
     "dhcp_lease_added": "靜態租用 \"{{key}}\" 已新增成功",
     "dhcp_lease_deleted": "靜態租用 \"{{key}}\" 已刪除成功",
+    "dhcp_lease_updated": "靜態租約 \"{{key}}\" 已成功更新",
     "dhcp_new_static_lease": "新增靜態租用",
+    "dhcp_edit_static_lease": "編輯靜態租約",
     "dhcp_static_leases_not_found": "找不到 DHCP 靜態租用",
     "dhcp_add_static_lease": "新增靜態租用",
     "dhcp_reset_leases": "重置所有 DHCP 租約",
@@ -112,7 +120,8 @@
     "stats_malware_phishing": "已封鎖惡意軟體/網路釣魚",
     "stats_adult": "已封鎖成人網站",
     "stats_query_domain": "熱門查詢網域排行",
-    "for_last_24_hours": "過去 24 小時",
+    "for_last_hours": "在過去 {{count}} 小時",
+    "for_last_hours_plural": "在過去 {{count}} 小時裡",
     "for_last_days": "最近 {{count}} 天內",
     "for_last_days_plural": "最近 {{count}} 天內",
     "stats_disabled": "已禁用統計資料。您可以從<0>設定頁面</0>打開它。",
@@ -123,15 +132,20 @@
     "top_clients": "熱門用戶端排行",
     "no_clients_found": "找不到用戶端",
     "general_statistics": "一般統計資料",
+    "top_upstreams": "熱門上游伺服器",
+    "no_upstreams_data_found": "找不到上游數據",
     "number_of_dns_query_days": "過去 {{count}} 天內 DNS 查詢總數",
     "number_of_dns_query_days_plural": "過去 {{count}} 天內 DNS 查詢總數",
-    "number_of_dns_query_24_hours": "過去 24小時內 DNS 查詢總數",
+    "number_of_dns_query_hours": "過去 {{count}} 小時處理的 DNS 查詢數量",
+    "number_of_dns_query_hours_plural": "過去 {{count}} 小時處理的 DNS 查詢數量",
     "number_of_dns_query_blocked_24_hours": "已被廣告過濾器與主機黑名單封鎖 DNS 查詢總數",
     "number_of_dns_query_blocked_24_hours_by_sec": "已被 AdGuard 瀏覽安全模組封鎖的 DNS 查詢總數",
     "number_of_dns_query_blocked_24_hours_adult": "已封鎖成人網站總數",
     "enforced_save_search": "強制使用安全搜尋",
     "number_of_dns_query_to_safe_search": "已強制使用安全搜尋總數",
     "average_processing_time": "平均的處理時間",
+    "average_upstream_response_time": "平均上游伺服器回應時間",
+    "response_time": "回應時間",
     "average_processing_time_hint": "處理 DNS 請求的平均時間(毫秒)",
     "block_domain_use_filters_and_hosts": "使用過濾器與 hosts 檔案阻擋網域查詢",
     "filters_block_toggle_hint": "您可在<a>過濾器</a>設定中設定封鎖規則。",
@@ -156,6 +170,7 @@
     "upstream_dns_configured_in_file": "設定在 {{path}}",
     "test_upstream_btn": "測試上游 DNS",
     "upstreams": "上游",
+    "upstream": "上游伺服器",
     "apply_btn": "套用",
     "disabled_filtering_toast": "已停用過濾",
     "enabled_filtering_toast": "已啟用過濾",
@@ -164,6 +179,7 @@
     "disabled_parental_toast": "已停用家長監護",
     "enabled_parental_toast": "已啟用家長監護",
     "disabled_safe_search_toast": "已停用安全搜尋",
+    "enabled_save_search_toast": "已啟用安全搜尋",
     "updated_save_search_toast": "已更新安全搜尋設定",
     "enabled_table_header": "啟用",
     "name_table_header": "名稱",
@@ -206,24 +222,29 @@
     "example_comment_hash": "# Also a comment",
     "example_regex_meaning": "使用正規表示式（Regular Expression）來阻止對應的網域查詢",
     "example_upstream_regular": "一般 DNS（透過 UDP）",
+    "example_upstream_regular_port": "一般 DNS（透過 UDP，連接埠）",
+    "example_upstream_udp": "一般 DNS（透過 UDP，主機名稱）",
     "example_upstream_dot": "<0>DNS-over-TLS</0>（流量加密）",
     "example_upstream_doh": "<0>DNS-over-HTTPS</0>（流量加密）",
+    "example_upstream_doh3": "使 DNS-over-HTTPS 強制使用 <0>HTTP/3</0> ，並禁止使用後備 HTTP/2 或更低版本；",
     "example_upstream_doq": "加密 <0>DNS-over-QUIC</0>",
     "example_upstream_sdns": "您可以使透過 <0>DNS Stamps</0> 來解析  <1>DNSCrypt</1> 或 <2>DNS-over-HTTPS</2>",
     "example_upstream_tcp": "一般 DNS（透過 TCP）",
-    "example_upstream_regular_port": "一般 DNS（透過 UDP，連接埠）",
-    "example_upstream_udp": "一般 DNS（透過 UDP，主機名稱）",
     "example_upstream_tcp_port": "一般 DNS（透過 TCP，連接埠）",
     "example_upstream_tcp_hostname": "一般 DNS（透過 TCP，主機名稱）",
     "all_lists_up_to_date_toast": "所有清單已更新至最新",
+    "updated_upstream_dns_toast": "已更新上游 DNS 伺服器",
     "dns_test_ok_toast": "設定中的 DNS 上游運作正常",
     "dns_test_not_ok_toast": "DNS 設定中的 \"{{key}}\" 出現錯誤，請確認是否正確輸入",
+    "dns_test_parsing_error_toast": "在 {{section}} 部分中：第 {{line}} 行：無法使用，請檢查您是否有正確地填寫",
+    "dns_test_warning_toast": "上游伺服器 \"{{key}}\" 沒有回應測試請求，可能無法正常運作",
     "unblock": "解除封鎖",
     "block": "封鎖",
     "disallow_this_client": "不允許此用戶端",
     "allow_this_client": "允許此用戶端",
     "block_for_this_client_only": "僅封鎖此用戶端",
     "unblock_for_this_client_only": "僅解除封鎖此用戶端",
+    "add_persistent_client": "加入到用戶端",
     "time_table_header": "時間",
     "date": "日期",
     "domain_name_table_header": "域名",
@@ -270,6 +291,9 @@
     "custom_ip": "自訂 IP 位址",
     "blocking_ipv4": "封鎖 IPv4",
     "blocking_ipv6": "封鎖 IPv6",
+    "blocked_response_ttl": "阻塞響應 TTL",
+    "blocked_response_ttl_desc": "指定客戶端應快取過濾回應的秒數",
+    "form_enter_blocked_response_ttl": "輸入已封鎖的回應 TTL（秒）",
     "dnscrypt": "DNSCrypt",
     "dns_over_https": "DNS-over-HTTPS",
     "dns_over_tls": "DNS-over-TLS",
@@ -288,6 +312,16 @@
     "edns_use_custom_ip": "使用自訂 EDNS IP",
     "edns_use_custom_ip_desc": "允許使用自訂 EDNS IP",
     "rate_limit_desc": "限制單一裝置每秒發出的查詢次數（設定為 0 即表示無限制）",
+    "rate_limit_subnet_len_ipv4": "IPv4 位址的子網路前綴長度",
+    "rate_limit_subnet_len_ipv4_desc": "用於速率限制的 IPv4 位址的子網路前綴長度。 預設為 24",
+    "rate_limit_subnet_len_ipv4_error": "IPv4 子網路前綴長度應介於 0 到 32 之間",
+    "rate_limit_subnet_len_ipv6": "IPv6 位址的子網路前綴長度",
+    "rate_limit_subnet_len_ipv6_desc": "用於速率限制的 IPv6 位址的子網路前綴長度。 預設為 56",
+    "rate_limit_subnet_len_ipv6_error": "IPv6 子網路前綴長度應介於 0 到 128 之間",
+    "form_enter_rate_limit_subnet_len": "輸入速率限制的子網路前綴長度",
+    "rate_limit_whitelist": "速率限制白名單",
+    "rate_limit_whitelist_desc": "排除在速率限制之外的 IP 位址",
+    "rate_limit_whitelist_placeholder": "每行輸入一個 IP 地址",
     "blocking_ipv4_desc": "回覆指定 IPv4 位址給被封鎖的網域的 A 紀錄查詢",
     "blocking_ipv6_desc": "回覆指定 IPv6 位址給被封鎖的網域的 AAAA 紀錄查詢",
     "blocking_mode_default": "預設：被 Adblock 規則封鎖時回應零值的 IP 位址（A 紀錄回應 0.0.0.0 ，AAAA 紀錄回應 ::）；被 /etc/hosts 規則封鎖時回應規則中指定 IP 位址",
@@ -391,6 +425,9 @@
     "encryption_hostnames": "主機名稱",
     "encryption_reset": "您確定要重設加密設定嗎？",
     "encryption_warning": "警告",
+    "encryption_plain_dns_enable": "啟用一般 DNS",
+    "encryption_plain_dns_desc": "預設情況下已啟用一般 DNS。您可以將其停用以強制所有裝置使用加密 DNS。要執行此操作，您必須啟用至少一個加密的 DNS 協定。",
+    "encryption_plain_dns_error": "若要停用一般 DNS，請啟用至少一個加密的 DNS 協定",
     "topline_expiring_certificate": "您的 SSL 憑證即將到期。請前往<0>加密設定</0>更新。",
     "topline_expired_certificate": "您的 SSL 憑證已到期。請前往<0>加密設定</0>更新。",
     "form_error_port_range": "輸入範圍 80-65535 中的值",
@@ -430,6 +467,7 @@
     "form_add_id": "新增識別碼",
     "form_client_name": "輸入用戶端名稱",
     "name": "名稱",
+    "client_name": "客戶端 {{id}}",
     "client_global_settings": "使用全域設定",
     "client_deleted": "已刪除「{{key}}」",
     "client_added": "已新增「{{key}}」",
@@ -451,6 +489,7 @@
     "updates_checked": "檢查更新成功",
     "updates_version_equal": "AdGuard Home 是最新的版本",
     "check_updates_now": "立即檢查更新",
+    "version_request_error": "更新檢查失敗。請檢查您的網絡連線。",
     "dns_privacy": "DNS 隱私",
     "setup_dns_privacy_1": "<0>DNS-over-TLS：</0>使用 <1>{{address}}</1>。",
     "setup_dns_privacy_2": "<0>DNS-over-HTTPS：</0>使用 <1>{{address}}</1>。",
@@ -471,6 +510,7 @@
     "setup_dns_notice": "要使用  <1>DNS-over-HTTPS</1> 或 <1>DNS-over-TLS</1>，您必須先在 AdGuard Home 完成 <0>加密設定</0>。",
     "rewrite_added": "「{{key}}」的 DNS 覆寫新增成功",
     "rewrite_deleted": "「{{key}}」的 DNS 覆寫刪除成功",
+    "rewrite_updated": "已更新 DNS 覆寫",
     "rewrite_add": "新增 DNS 覆寫",
     "rewrite_edit": "編輯 DNS 覆寫",
     "rewrite_not_found": "找不到 DNS 覆寫",
@@ -522,6 +562,8 @@
     "statistics_enable": "啟用統計數據",
     "ignore_domains": "已忽略網域（每行一個）",
     "ignore_domains_title": "已忽略網域",
+    "ignore_domains_desc_stats": "符合這些規則的查詢不會被計入統計資料中",
+    "ignore_domains_desc_query": "符合這些規則的查詢不會被寫入查詢記錄中",
     "interval_hours": "{{count}} 小時",
     "interval_hours_plural": "{{count}} 小時",
     "filters_configuration": "過濾器設定",
@@ -631,10 +673,19 @@
     "click_to_view_queries": "按一下以檢視查詢結果",
     "port_53_faq_link": "連接埠 53 經常被「DNSStubListener」或「systemd-resolved」服務佔用。請閱讀下列有關解決<0>這個問題</0>的說明",
     "adg_will_drop_dns_queries": "AdGuard Home 將停止回應此用戶端的所有 DNS 查詢。",
+    "filter_allowlist": "警告：此操作同時會將規則 \"{{disallowed_rule}}\" 從允許的客戶端清單中排除。",
+    "last_rule_in_allowlist": "無法停用此客戶端，因為排除規則「{{disallowed_rule}}」會導致「允許的用戶端」清單停用。",
+    "use_saved_key": "使用先前儲存的鍵",
+    "parental_control": "家長監護",
     "safe_browsing": "安全瀏覽",
-    "served_from_cache": "{{value}} <i>(由快取回應)</i>",
+    "served_from_cache_label": "由快取回應",
     "form_error_password_length": "密碼必須至少 {{value}} 個字元長度",
+    "anonymizer_notification": "<0>注意</0>: 已啟用 IP 去識別化。您可以在<1>一般設定</1>中停用它。",
+    "confirm_dns_cache_clear": "您確定要清除 DNS 快取嗎？",
+    "cache_cleared": "DNS 快取成功清除",
+    "clear_cache": "清除快取",
     "make_static": "新增為靜態",
+    "theme_auto_desc": "自動（根據裝置調整）",
     "theme_dark_desc": "深色主題",
     "theme_light_desc": "淺色主題",
     "disable_for_seconds": "{{count}} 秒",
@@ -649,11 +700,48 @@
     "disable_notify_for_minutes": "暫停防護 {{count}} 分鐘",
     "disable_notify_for_minutes_plural": "暫停防護 {{count}} 分鐘",
     "disable_notify_for_hours": "暫停防護 {{count}} 小時",
+    "disable_notify_for_hours_plural": "停用保護 {{count}} 小時",
+    "disable_notify_until_tomorrow": "停用保護直至明天",
+    "enable_protection_timer": "保護功能將在 {{time}} 啟用",
+    "custom_retention_input": "輸入保存時長（單位：小時）",
+    "custom_rotation_input": "請輸入輪替週期（單位：小時）",
+    "protection_section_label": "保護",
+    "log_and_stats_section_label": "查詢日誌與統計資料",
+    "ignore_query_log": "在查詢日誌中忽略此客戶端",
+    "ignore_statistics": "在統計資料中忽略此客戶端",
+    "schedule_services": "暫停服務封鎖",
+    "schedule_services_desc": "設定服務封鎖過濾器的暫停排程",
+    "schedule_services_desc_client": "針對此用戶端，設定服務阻擋的暫停排程",
+    "schedule_desc": "設定已封鎖服務的閒置時段",
+    "schedule_invalid_select": "開始時間必須在結束時間之前",
+    "schedule_select_days": "選擇天數",
+    "schedule_timezone": "選擇時區",
+    "schedule_current_timezone": "目前時區：{{value}}",
+    "schedule_time_all_day": "全天",
+    "schedule_modal_description": "這個排程將會取代同一星期中所有現有的排程。每一天只能有一個閒置時段。",
+    "schedule_modal_time_off": "沒有封鎖服務：",
+    "schedule_new": "新排程",
+    "schedule_edit": "編輯排程",
+    "schedule_save": "儲存排程",
+    "schedule_add": "新增排程",
+    "schedule_remove": "移除排程",
+    "schedule_from": "從",
+    "schedule_to": "至",
+    "sunday": "星期日",
+    "monday": "星期一",
+    "tuesday": "星期二",
+    "wednesday": "星期三",
+    "thursday": "星期四",
+    "friday": "星期五",
+    "saturday": "星期六",
     "sunday_short": "週日",
     "monday_short": "週一",
     "tuesday_short": "週二",
     "wednesday_short": "週三",
     "thursday_short": "週四",
     "friday_short": "週五",
-    "saturday_short": "週六"
+    "saturday_short": "週六",
+    "upstream_dns_cache_configuration": "上游 DNS 快取設定",
+    "enable_upstream_dns_cache": "為此客戶端的自訂上游設定啟用 DNS 快取",
+    "dns_cache_size": "DNS 快取大小（bytes）"
 }

client/src/__locales/zh-tw.json

@@ -13,14 +13,14 @@
     "fallback_dns_desc": "當上游 DNS 伺服器未回覆時被使用的應變 DNS 伺服器之清單。此語法與在上面主要上游欄位中的相同。",
     "fallback_dns_placeholder": "每行輸入一個應變 DNS 伺服器",
     "local_ptr_title": "私人反向的 DNS 伺服器",
-    "local_ptr_desc": "AdGuard Home 用於區域指標（PTR）查詢之 DNS 伺服器。這些伺服器被用於解析有關在私人 IP 範圍的位址之區域指標查詢，例如，\"192.168.12.34\"，使用反向的 DNS。如果未被設定，AdGuard Home 使用您的作業系統之預設 DNS 解析器的位址。",
+    "local_ptr_desc": "AdGuard Home 使用的 DNS 伺服器用於私人 PTR、SOA 和 NS 請求。如果請求要求包含私人 IP 範圍內的子網域的 ARPA 網域（例如 \"192.168.12.34\"），並來自具有私人 IP 位址的用戶端，該請求被視為私人。如果未設定，將使用您的作業系統的預設 DNS 解析器，但不包括 AdGuard Home 的 IP 位址。",
     "local_ptr_default_resolver": "預設下，AdGuard Home 使用以下反向的 DNS 解析器：{{ip}}。",
     "local_ptr_no_default_resolver": "AdGuard Home 無法為此系統決定合適的私人反向的 DNS 解析器。",
     "local_ptr_placeholder": "每行輸入一個 IP 位址",
     "resolve_clients_title": "啟用用戶端的 IP 位址之反向的解析",
     "resolve_clients_desc": "透過傳送指標（PTR）查詢到對應的解析器（私人 DNS 伺服器供區域的用戶端，上游的伺服器供有公共 IP 位址的用戶端），反向地解析用戶端的 IP 位址變為它們的主機名稱。",
     "use_private_ptr_resolvers_title": "使用私人反向的 DNS 解析器",
-    "use_private_ptr_resolvers_desc": "對於正使用這些上游伺服器之區域服務的位址執行反向的 DNS 查找。如果被禁用，除已知來自 DHCP、/etc/hosts 等等的用戶端之外，AdGuard Home 對於所有此類的區域指標（PTR）請求以 NXDOMAIN 回覆。",
+    "use_private_ptr_resolvers_desc": "使用私人上游伺服器、DHCP、/etc/hosts 等方式解析包含私人 IP 位址的 ARPA 網域的 PTR、SOA 和 NS 請求。如果禁用，AdGuard Home 將對所有此類請求以 NXDOMAIN 回應。",
     "check_dhcp_servers": "檢查動態主機設定協定（DHCP）伺服器",
     "save_config": "儲存配置",
     "enabled_dhcp": "動態主機設定協定（DHCP）伺服器被啟用",
@@ -236,6 +236,7 @@
     "updated_upstream_dns_toast": "上游的伺服器被成功地儲存",
     "dns_test_ok_toast": "已明確指定的 DNS 伺服器正在正確地運作",
     "dns_test_not_ok_toast": "伺服器 \"{{key}}\"：無法被使用，請檢查您已正確地填寫它",
+    "dns_test_parsing_error_toast": "第 {{section}} 節：第 {{line}} 行：無法使用，請檢查您輸入的是否正確",
     "dns_test_warning_toast": "上游 “{{key}}” 不回應測試請求，可能無法正常工作",
     "unblock": "解除封鎖",
     "block": "封鎖",
@@ -243,6 +244,7 @@
     "allow_this_client": "允許此用戶端",
     "block_for_this_client_only": "僅對此用戶端封鎖",
     "unblock_for_this_client_only": "僅對此用戶端解除封鎖",
+    "add_persistent_client": "新增為永久性客戶端",
     "time_table_header": "時間",
     "date": "日期",
     "domain_name_table_header": "域名",
@@ -310,15 +312,15 @@
     "edns_use_custom_ip": "為 EDNS 使用自訂的 IP",
     "edns_use_custom_ip_desc": "允許為 EDNS 使用自訂的 IP",
     "rate_limit_desc": "每個用戶端被允許的每秒請求之數量。設定它為 0 表示無限制。",
-    "rate_limit_subnet_len_ipv4": "IPv4 位址的子網路前綴長度",
+    "rate_limit_subnet_len_ipv4": "用於 IPv4 位址的子網路前綴長度",
     "rate_limit_subnet_len_ipv4_desc": "用於速率限制的 IPv4 位址的子網路前綴長度。預設值為 24",
     "rate_limit_subnet_len_ipv4_error": "IPv4 子網路前綴長度應在 0 至 32 之間",
-    "rate_limit_subnet_len_ipv6": "IPv6 位址的子網路前綴長度",
+    "rate_limit_subnet_len_ipv6": "用於 IPv6 位址的子網路前綴長度",
     "rate_limit_subnet_len_ipv6_desc": "用於速率限制的 IPv6 位址的子網路前綴長度。預設值為 56",
     "rate_limit_subnet_len_ipv6_error": "IPv6 子網路前綴長度應在 0 至 128 之間",
     "form_enter_rate_limit_subnet_len": "輸入用於速率限制的子網路前綴長度",
     "rate_limit_whitelist": "速率限制允許清單",
-    "rate_limit_whitelist_desc": "從速率限制中排除的 IP 位址",
+    "rate_limit_whitelist_desc": "從速率限制被排除的 IP 位址",
     "rate_limit_whitelist_placeholder": "每行輸入一個 IP 位址",
     "blocking_ipv4_desc": "要被返回給已封鎖的 A 請求之 IP 位址",
     "blocking_ipv6_desc": "要被返回給已封鎖的 AAAA 請求之 IP 位址",
@@ -423,6 +425,9 @@
     "encryption_hostnames": "主機名稱",
     "encryption_reset": "您確定您想要重置加密設定嗎？",
     "encryption_warning": "警告",
+    "encryption_plain_dns_enable": "啟用一般的 DNS",
+    "encryption_plain_dns_desc": "預設情況下啟用一般的 DNS。使用者可以禁用它，強制所有裝置使用一般的 DNS。為此，必須至少啟用一個一般的 DNS 協定。",
+    "encryption_plain_dns_error": "要禁用一般的 DNS，請至少啟用一個一般的 DNS 協定",
     "topline_expiring_certificate": "您的安全通訊端層（SSL）憑證即將到期。更新<0>加密設定</0>。",
     "topline_expired_certificate": "您的安全通訊端層（SSL）憑證為已到期的。更新<0>加密設定</0>。",
     "form_error_port_range": "輸入在 80-65535 之範圍內的連接埠號碼",
@@ -462,6 +467,7 @@
     "form_add_id": "新增識別碼",
     "form_client_name": "輸入用戶端名稱",
     "name": "名稱",
+    "client_name": "用戶端 {{id}}",
     "client_global_settings": "使用全域的設定",
     "client_deleted": "用戶端 \"{{key}}\" 被成功地刪除",
     "client_added": "用戶端 \"{{key}}\" 被成功地加入",
@@ -672,7 +678,7 @@
     "use_saved_key": "使用該先前已儲存的金鑰",
     "parental_control": "家長控制",
     "safe_browsing": "安全瀏覽",
-    "served_from_cache": "{{value}} <i>(由快取提供)</i>",
+    "served_from_cache_label": "從快取中",
     "form_error_password_length": "密碼長度必須為 {{min}} 到 {{max}} 個字符",
     "anonymizer_notification": "<0>注意：</0>IP 匿名化被啟用。您可在<1>一般設定</1>中禁用它。",
     "confirm_dns_cache_clear": "您確定您想要清除 DNS 快取嗎？",
@@ -734,5 +740,8 @@
     "wednesday_short": "週三",
     "thursday_short": "週四",
     "friday_short": "週五",
-    "saturday_short": "週六"
+    "saturday_short": "週六",
+    "upstream_dns_cache_configuration": "上游 DNS 快取設定",
+    "enable_upstream_dns_cache": "啟用本用戶端自訂上游配置的 DNS 快取",
+    "dns_cache_size": "DNS 快取大小，單位：位元"
 }

client/src/actions/index.js

@@ -403,6 +403,11 @@ export const testUpstream = (
                 const message = upstreamResponse[key];
                 if (message.startsWith('WARNING:')) {
                     dispatch(addErrorToast({ error: i18next.t('dns_test_warning_toast', { key }) }));
+                } else if (message.endsWith(': parsing error')) {
+                    const info = message.substring(0, message.indexOf(':'));
+                    const [sectionKey, line] = info.split(' ');
+                    const section = i18next.t(sectionKey);
+                    dispatch(addErrorToast({ error: i18next.t('dns_test_parsing_error_toast', { section, line }) }));
                 } else if (message !== 'OK') {
                     dispatch(addErrorToast({ error: i18next.t('dns_test_not_ok_toast', { key }) }));
                 }

client/src/components/Dashboard/index.js

@@ -55,6 +55,12 @@ const Dashboard = ({
             return t('stats_disabled_short');
         }
 
+        const msIn7Days = 604800000;
+
+        if (stats.timeUnits === TIME_UNITS.HOURS && stats.interval === msIn7Days) {
+            return t('for_last_days', { count: msToDays(stats.interval) });
+        }
+
         return stats.timeUnits === TIME_UNITS.HOURS
             ? t('for_last_hours', { count: msToHours(stats.interval) })
             : t('for_last_days', { count: msToDays(stats.interval) });

client/src/components/Filters/Examples.js

@@ -36,7 +36,7 @@ const Examples = () => (
             <Trans
                 components={[
                     <a
-                        href="https://github.com/AdguardTeam/AdGuardHome/wiki/Hosts-Blocklists"
+                        href="https://link.adtidy.org/forward.html?action=dns_kb_filtering_syntax&from=ui&app=home"
                         target="_blank"
                         rel="noopener noreferrer"
                         key="0"

client/src/components/Filters/Modal.js

@@ -13,6 +13,8 @@ ReactModal.setAppElement('#root');
 const MODAL_TYPE_TO_TITLE_TYPE_MAP = {
     [MODAL_TYPE.EDIT_FILTERS]: 'edit',
     [MODAL_TYPE.ADD_FILTERS]: 'new',
+    [MODAL_TYPE.EDIT_CLIENT]: 'edit',
+    [MODAL_TYPE.ADD_CLIENT]: 'new',
     [MODAL_TYPE.SELECT_MODAL_TYPE]: 'new',
     [MODAL_TYPE.CHOOSE_FILTERING_LIST]: 'choose',
 };

client/src/components/Filters/Services/ScheduleForm/Timezone.js

@@ -1,5 +1,5 @@
 import React from 'react';
-import timezones from 'timezones-list';
+import ct from 'countries-and-timezones';
 import { useTranslation } from 'react-i18next';
 import PropTypes from 'prop-types';
 
@@ -15,6 +15,8 @@ export const Timezone = ({
         setTimezone(event.target.value);
     };
 
+    const timezones = ct.getAllTimezones();
+
     return (
         <div className="schedule__timezone">
             <label className="form__label form__label--with-desc mb-2">
@@ -30,9 +32,9 @@ export const Timezone = ({
                     {t('schedule_timezone')}
                 </option>
                 {/* TODO: get timezones from backend method when the method is ready */}
-                {timezones.map((zone) => (
-                    <option key={zone.name} value={zone.tzCode}>
-                        {zone.label}
+                {Object.keys(timezones).map((zone) => (
+                    <option key={zone} value={zone}>
+                        {zone} (GMT{timezones[zone].utcOffsetStr})
                     </option>
                 ))}
             </select>

client/src/components/Filters/Services/ScheduleForm/index.js

@@ -1,4 +1,4 @@
-import React, { useState, useMemo } from 'react';
+import React, { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import PropTypes from 'prop-types';
 import cn from 'classnames';
@@ -21,10 +21,7 @@ export const ScheduleForm = ({
     const onModalOpen = () => setModalOpen(true);
     const onModalClose = () => setModalOpen(false);
 
-    const filteredScheduleKeys = useMemo(() => (
-        schedule ? Object.keys(schedule).filter((v) => v !== 'time_zone') : []
-    ), [schedule]);
-
+    const filteredScheduleKeys = schedule ? Object.keys(schedule).filter((v) => v !== 'time_zone') : [];
     const scheduleMap = new Map();
     filteredScheduleKeys.forEach((day) => scheduleMap.set(day, schedule[day]));
 

client/src/components/Logs/Cells/ClientCell.js

@@ -3,7 +3,7 @@ import { shallowEqual, useDispatch, useSelector } from 'react-redux';
 import { nanoid } from 'nanoid';
 import classNames from 'classnames';
 import { useTranslation } from 'react-i18next';
-import { Link } from 'react-router-dom';
+import { Link, useHistory } from 'react-router-dom';
 import propTypes from 'prop-types';
 
 import { checkFiltered, getBlockingClientName } from '../../../helpers/helpers';
@@ -25,12 +25,14 @@ const ClientCell = ({
 }) => {
     const { t } = useTranslation();
     const dispatch = useDispatch();
+    const history = useHistory();
     const autoClients = useSelector((state) => state.dashboard.autoClients, shallowEqual);
     const isDetailed = useSelector((state) => state.queryLogs.isDetailed);
     const allowedСlients = useSelector((state) => state.access.allowed_clients, shallowEqual);
     const [isOptionsOpened, setOptionsOpened] = useState(false);
 
     const autoClient = autoClients.find((autoClient) => autoClient.name === client);
+    const clients = useSelector((state) => state.dashboard.clients);
     const source = autoClient?.source;
     const whoisAvailable = client_info && Object.keys(client_info.whois).length > 0;
     const clientName = client_info?.name || client_id;
@@ -55,6 +57,8 @@ const ClientCell = ({
 
     const isFiltered = checkFiltered(reason);
 
+    const clientIds = clients.map((c) => c.ids).flat();
+
     const nameClass = classNames('w-90 o-hidden d-flex flex-column', {
         'mt-2': isDetailed && !client_info?.name && !whoisAvailable,
         'white-space--nowrap': isDetailed,
@@ -66,7 +70,6 @@ const ClientCell = ({
 
     const renderBlockingButton = (isFiltered, domain) => {
         const buttonType = isFiltered ? BLOCK_ACTIONS.UNBLOCK : BLOCK_ACTIONS.BLOCK;
-        const clients = useSelector((state) => state.dashboard.clients);
 
         const {
             confirmMessage,
@@ -118,6 +121,15 @@ const ClientCell = ({
             },
         ];
 
+        if (!clientIds.includes(client)) {
+            BUTTON_OPTIONS.push({
+                name: 'add_persistent_client',
+                onClick: () => {
+                    history.push(`/#clients?clientId=${client}`);
+                },
+            });
+        }
+
         const getOptions = (options) => {
             if (options.length === 0) {
                 return null;

client/src/components/Logs/Cells/ResponseCell.js

@@ -38,9 +38,6 @@ const ResponseCell = ({
 
     const statusLabel = t(isBlockedByResponse ? 'blocked_by_cname_or_ip' : FILTERED_STATUS_TO_META_MAP[reason]?.LABEL || reason);
     const boldStatusLabel = <span className="font-weight-bold">{statusLabel}</span>;
-    const upstreamString = cached
-        ? t('served_from_cache', { value: upstream, i: <i /> })
-        : upstream;
 
     const renderResponses = (responseArr) => {
         if (!responseArr || responseArr.length === 0) {
@@ -58,7 +55,16 @@ const ResponseCell = ({
 
     const COMMON_CONTENT = {
         encryption_status: boldStatusLabel,
-        install_settings_dns: upstreamString,
+        install_settings_dns: upstream,
+        ...(cached
+            && {
+                served_from_cache_label: (
+                    <svg className="icons icon--20 icon--green mb-1">
+                        <use xlinkHref="#check" />
+                    </svg>
+                ),
+            }
+        ),
         elapsed: formattedElapsedMs,
         response_code: status,
         ...(service_name && services.allServices

client/src/components/Logs/Cells/index.js

@@ -118,9 +118,6 @@ const Row = memo(({
 
         const blockingForClientKey = isFiltered ? 'unblock_for_this_client_only' : 'block_for_this_client_only';
         const clientNameBlockingFor = getBlockingClientName(clients, client);
-        const upstreamString = cached
-            ? t('served_from_cache', { value: upstream, i: <i /> })
-            : upstream;
 
         const onBlockingForClientClick = () => {
             dispatch(toggleBlockingForClient(buttonType, domain, clientNameBlockingFor));
@@ -192,7 +189,16 @@ const Row = memo(({
                             className="link--green">{sourceData.name}
                     </a>,
             response_details: 'title',
-            install_settings_dns: upstreamString,
+            install_settings_dns: upstream,
+            ...(cached
+                && {
+                    served_from_cache_label: (
+                        <svg className="icons icon--20 icon--green">
+                            <use xlinkHref="#check" />
+                        </svg>
+                    ),
+                }
+            ),
             elapsed: formattedElapsedMs,
             ...(rules.length > 0
                     && { rule_label: getRulesToFilterList(rules, filters, whitelistFilters) }

client/src/components/Settings/Clients/ClientsTable/ClientsTable.js

@@ -4,6 +4,7 @@ import React, { useEffect } from 'react';
 import PropTypes from 'prop-types';
 import { Trans, useTranslation } from 'react-i18next';
 import { useDispatch, useSelector } from 'react-redux';
+import { useHistory, useLocation } from 'react-router-dom';
 import ReactTable from 'react-table';
 
 import { getAllBlockedServices, getBlockedServices } from '../../../../actions/services';
@@ -39,8 +40,12 @@ const ClientsTable = ({
 }) => {
     const [t] = useTranslation();
     const dispatch = useDispatch();
+    const location = useLocation();
+    const history = useHistory();
     const services = useSelector((store) => store?.services);
     const globalSettings = useSelector((store) => store?.settings.settingsList) || {};
+    const params = new URLSearchParams(location.search);
+    const clientId = params.get('clientId');
 
     const { safesearch } = globalSettings;
 
@@ -48,6 +53,12 @@ const ClientsTable = ({
         dispatch(getAllBlockedServices());
         dispatch(getBlockedServices());
         dispatch(initSettings());
+
+        if (clientId) {
+            toggleClientModal({
+                type: MODAL_TYPE.ADD_CLIENT,
+            });
+        }
     }, []);
 
     const handleFormAdd = (values) => {
@@ -85,11 +96,15 @@ const ClientsTable = ({
             }
         }
 
-        if (modalType === MODAL_TYPE.EDIT_FILTERS) {
+        if (modalType === MODAL_TYPE.EDIT_CLIENT) {
             handleFormUpdate(config, modalClientName);
         } else {
             handleFormAdd(config);
         }
+
+        if (clientId) {
+            history.push('/#clients');
+        }
     };
 
     const getOptionsWithLabels = (options) => (
@@ -133,6 +148,14 @@ const ClientsTable = ({
         }
     };
 
+    const handleClose = () => {
+        toggleClientModal();
+
+        if (clientId) {
+            history.push('/#clients');
+        }
+    };
+
     const columns = [
         {
             Header: t('table_client'),
@@ -298,7 +321,7 @@ const ClientsTable = ({
                             type="button"
                             className="btn btn-icon btn-outline-primary btn-sm mr-2"
                             onClick={() => toggleClientModal({
-                                type: MODAL_TYPE.EDIT_FILTERS,
+                                type: MODAL_TYPE.EDIT_CLIENT,
                                 name: clientName,
                             })
                             }
@@ -371,12 +394,13 @@ const ClientsTable = ({
                 <Modal
                     isModalOpen={isModalOpen}
                     modalType={modalType}
-                    toggleClientModal={toggleClientModal}
+                    handleClose={handleClose}
                     currentClientData={currentClientData}
                     handleSubmit={handleSubmit}
                     processingAdding={processingAdding}
                     processingUpdating={processingUpdating}
                     tagsOptions={tagsOptions}
+                    clientId={clientId}
                 />
             </>
         </Card>

client/src/components/Settings/Clients/Form.js

@@ -147,7 +147,7 @@ let Form = (props) => {
         useGlobalSettings,
         useGlobalServices,
         blockedServicesSchedule,
-        toggleClientModal,
+        handleClose,
         processingAdding,
         processingUpdating,
         invalid,
@@ -162,7 +162,7 @@ let Form = (props) => {
     const [activeTabLabel, setActiveTabLabel] = useState('settings');
 
     const handleScheduleSubmit = (values) => {
-        change('blocked_services_schedule', values);
+        change('blocked_services_schedule', { ...values });
     };
 
     const tabs = {
@@ -371,7 +371,7 @@ let Form = (props) => {
                         </div>
                         <div className="form__desc mt-0 mb-2">
                             <Trans components={[
-                                <a target="_blank" rel="noopener noreferrer" href="https://github.com/AdguardTeam/AdGuardHome/wiki/Hosts-Blocklists#ctag"
+                                <a target="_blank" rel="noopener noreferrer" href="https://link.adtidy.org/forward.html?action=dns_kb_filtering_syntax_ctag&from=ui&app=home"
                                    key="0">link</a>,
                             ]}>
                                 tags_desc
@@ -427,7 +427,7 @@ let Form = (props) => {
                         disabled={submitting}
                         onClick={() => {
                             reset();
-                            toggleClientModal();
+                            handleClose();
                         }}
                     >
                         <Trans>cancel_btn</Trans>
@@ -456,7 +456,7 @@ Form.propTypes = {
     reset: PropTypes.func.isRequired,
     change: PropTypes.func.isRequired,
     submitting: PropTypes.bool.isRequired,
-    toggleClientModal: PropTypes.func.isRequired,
+    handleClose: PropTypes.func.isRequired,
     useGlobalSettings: PropTypes.bool,
     useGlobalServices: PropTypes.bool,
     blockedServicesSchedule: PropTypes.object,

client/src/components/Settings/Clients/Modal.js

@@ -6,7 +6,9 @@ import ReactModal from 'react-modal';
 import { MODAL_TYPE } from '../../../helpers/constants';
 import Form from './Form';
 
-const getInitialData = (initial) => {
+const getInitialData = ({
+    initial, modalType, clientId, clientName,
+}) => {
     if (initial && initial.blocked_services) {
         const { blocked_services } = initial;
         const blocked = {};
@@ -21,46 +23,60 @@ const getInitialData = (initial) => {
         };
     }
 
+    if (modalType !== MODAL_TYPE.EDIT_CLIENT && clientId) {
+        return {
+            ...initial,
+            name: clientName,
+            ids: [clientId],
+        };
+    }
+
     return initial;
 };
 
-const Modal = (props) => {
-    const {
-        isModalOpen,
+const Modal = ({
+    isModalOpen,
+    modalType,
+    currentClientData,
+    handleSubmit,
+    handleClose,
+    processingAdding,
+    processingUpdating,
+    tagsOptions,
+    clientId,
+    t,
+}) => {
+    const initialData = getInitialData({
+        initial: currentClientData,
         modalType,
-        currentClientData,
-        handleSubmit,
-        toggleClientModal,
-        processingAdding,
-        processingUpdating,
-        tagsOptions,
-    } = props;
-    const initialData = getInitialData(currentClientData);
+        clientId,
+        clientName: t('client_name', { id: clientId }),
+    });
 
     return (
         <ReactModal
             className="Modal__Bootstrap modal-dialog modal-dialog-centered modal-dialog--clients"
             closeTimeoutMS={0}
             isOpen={isModalOpen}
-            onRequestClose={() => toggleClientModal()}
+            onRequestClose={handleClose}
         >
             <div className="modal-content">
                 <div className="modal-header">
                     <h4 className="modal-title">
-                        {modalType === MODAL_TYPE.EDIT_FILTERS ? (
+                        {modalType === MODAL_TYPE.EDIT_CLIENT ? (
                             <Trans>client_edit</Trans>
                         ) : (
                             <Trans>client_new</Trans>
                         )}
                     </h4>
-                    <button type="button" className="close" onClick={() => toggleClientModal()}>
+                    <button type="button" className="close" onClick={handleClose}>
                         <span className="sr-only">Close</span>
                     </button>
                 </div>
                 <Form
                     initialValues={{ ...initialData }}
                     onSubmit={handleSubmit}
-                    toggleClientModal={toggleClientModal}
+                    handleClose={handleClose}
                     processingAdding={processingAdding}
                     processingUpdating={processingUpdating}
                     tagsOptions={tagsOptions}
@@ -75,10 +91,12 @@ Modal.propTypes = {
     modalType: PropTypes.string.isRequired,
     currentClientData: PropTypes.object.isRequired,
     handleSubmit: PropTypes.func.isRequired,
-    toggleClientModal: PropTypes.func.isRequired,
+    handleClose: PropTypes.func.isRequired,
     processingAdding: PropTypes.bool.isRequired,
     processingUpdating: PropTypes.bool.isRequired,
     tagsOptions: PropTypes.array.isRequired,
+    t: PropTypes.func.isRequired,
+    clientId: PropTypes.string,
 };
 
 export default withTranslation()(Modal);

client/src/components/Settings/Dhcp/Leases.js

@@ -3,7 +3,7 @@ import { connect } from 'react-redux';
 import PropTypes from 'prop-types';
 import ReactTable from 'react-table';
 import { Trans, withTranslation } from 'react-i18next';
-import { LEASES_TABLE_DEFAULT_PAGE_SIZE } from '../../../helpers/constants';
+import { LEASES_TABLE_DEFAULT_PAGE_SIZE, MODAL_TYPE } from '../../../helpers/constants';
 import { sortIp } from '../../../helpers/helpers';
 import { toggleLeaseModal } from '../../../actions';
 
@@ -18,7 +18,10 @@ class Leases extends Component {
 
     convertToStatic = (data) => () => {
         const { dispatch } = this.props;
-        dispatch(toggleLeaseModal(data));
+        dispatch(toggleLeaseModal({
+            type: MODAL_TYPE.ADD_LEASE,
+            config: data,
+        }));
     }
 
     makeStatic = ({ row }) => {

client/src/components/Settings/Dns/Cache/Form.js

@@ -41,7 +41,7 @@ const Form = ({
         cache_ttl_max, cache_ttl_min,
     } = useSelector((state) => state.form[FORM_NAME.CACHE].values, shallowEqual);
 
-    const minExceedsMax = cache_ttl_min > cache_ttl_max;
+    const minExceedsMax = cache_ttl_min > 0 && cache_ttl_max > 0 && cache_ttl_min > cache_ttl_max;
 
     const handleClearCache = () => {
         if (window.confirm(t('confirm_dns_cache_clear'))) {

client/src/components/Settings/Encryption/Form.js

@@ -12,7 +12,7 @@ import {
     toNumber,
 } from '../../../helpers/form';
 import {
-    validateServerName, validateIsSafePort, validatePort, validatePortQuic, validatePortTLS,
+    validateServerName, validateIsSafePort, validatePort, validatePortQuic, validatePortTLS, validatePlainDns,
 } from '../../../helpers/validators';
 import i18n from '../../../i18n';
 import KeyStatus from './KeyStatus';
@@ -47,6 +47,7 @@ const clearFields = (change, setTlsConfig, validateTlsConfig, t) => {
         force_https: false,
         enabled: false,
         private_key_saved: false,
+        serve_plain_dns: true,
     };
     // eslint-disable-next-line no-alert
     if (window.confirm(t('encryption_reset'))) {
@@ -83,6 +84,7 @@ let Form = (props) => {
         handleSubmit,
         handleChange,
         isEnabled,
+        servePlainDns,
         certificateChain,
         privateKey,
         certificatePath,
@@ -109,21 +111,24 @@ let Form = (props) => {
         privateKeySaved,
     } = props;
 
-    const isSavingDisabled = invalid
-        || submitting
-        || processingConfig
-        || processingValidate
-        || !valid_key
-        || !valid_cert
-        || !valid_pair;
+    const isSavingDisabled = () => {
+        const processing = submitting || processingConfig || processingValidate;
 
+        if (servePlainDns && !isEnabled) {
+            return invalid || processing;
+        }
+
+        return invalid || processing || !valid_key || !valid_cert || !valid_pair;
+    };
+
+    const isDisabled = isSavingDisabled();
     const isWarning = valid_key && valid_cert && valid_pair;
 
     return (
         <form onSubmit={handleSubmit}>
             <div className="row">
                 <div className="col-12">
-                    <div className="form__group form__group--settings">
+                    <div className="form__group form__group--settings mb-3">
                         <Field
                             name="enabled"
                             type="checkbox"
@@ -135,6 +140,19 @@ let Form = (props) => {
                     <div className="form__desc">
                         <Trans>encryption_enable_desc</Trans>
                     </div>
+                    <div className="form__group mb-3 mt-5">
+                        <Field
+                            name="serve_plain_dns"
+                            type="checkbox"
+                            component={CheckboxField}
+                            placeholder={t('encryption_plain_dns_enable')}
+                            onChange={handleChange}
+                            validate={validatePlainDns}
+                        />
+                    </div>
+                    <div className="form__desc">
+                        <Trans>encryption_plain_dns_desc</Trans>
+                    </div>
                     <hr />
                 </div>
                 <div className="col-12">
@@ -227,16 +245,16 @@ let Form = (props) => {
                             <Trans>encryption_doq</Trans>
                         </label>
                         <Field
-                                id="port_dns_over_quic"
-                                name="port_dns_over_quic"
-                                component={renderInputField}
-                                type="number"
-                                className="form-control"
-                                placeholder={t('encryption_doq')}
-                                validate={[validatePortQuic]}
-                                normalize={toNumber}
-                                onChange={handleChange}
-                                disabled={!isEnabled}
+                            id="port_dns_over_quic"
+                            name="port_dns_over_quic"
+                            component={renderInputField}
+                            type="number"
+                            className="form-control"
+                            placeholder={t('encryption_doq')}
+                            validate={[validatePortQuic]}
+                            normalize={toNumber}
+                            onChange={handleChange}
+                            disabled={!isEnabled}
                         />
                         <div className="form__desc">
                             <Trans>encryption_doq_desc</Trans>
@@ -412,8 +430,8 @@ let Form = (props) => {
             <div className="btn-list mt-2">
                 <button
                     type="submit"
+                    disabled={isDisabled}
                     className="btn btn-success btn-standart"
-                    disabled={isSavingDisabled}
                 >
                     <Trans>save_config</Trans>
                 </button>
@@ -434,6 +452,7 @@ Form.propTypes = {
     handleSubmit: PropTypes.func.isRequired,
     handleChange: PropTypes.func,
     isEnabled: PropTypes.bool.isRequired,
+    servePlainDns: PropTypes.bool.isRequired,
     certificateChain: PropTypes.string.isRequired,
     privateKey: PropTypes.string.isRequired,
     certificatePath: PropTypes.string.isRequired,
@@ -467,6 +486,7 @@ const selector = formValueSelector(FORM_NAME.ENCRYPTION);
 
 Form = connect((state) => {
     const isEnabled = selector(state, 'enabled');
+    const servePlainDns = selector(state, 'serve_plain_dns');
     const certificateChain = selector(state, 'certificate_chain');
     const privateKey = selector(state, 'private_key');
     const certificatePath = selector(state, 'certificate_path');
@@ -476,6 +496,7 @@ Form = connect((state) => {
     const privateKeySaved = selector(state, 'private_key_saved');
     return {
         isEnabled,
+        servePlainDns,
         certificateChain,
         privateKey,
         certificatePath,

client/src/components/Settings/Encryption/index.js

@@ -25,7 +25,8 @@ class Encryption extends Component {
 
     handleFormChange = debounce((values) => {
         const submitValues = this.getSubmitValues(values);
-        if (submitValues.enabled) {
+
+        if (submitValues.enabled || submitValues.serve_plain_dns) {
             this.props.validateTlsConfig(submitValues);
         }
     }, DEBOUNCE_TIMEOUT);
@@ -85,6 +86,7 @@ class Encryption extends Component {
             certificate_path,
             private_key_path,
             private_key_saved,
+            serve_plain_dns,
         } = encryption;
 
         const initialValues = this.getInitialValues({
@@ -99,6 +101,7 @@ class Encryption extends Component {
             certificate_path,
             private_key_path,
             private_key_saved,
+            serve_plain_dns,
         });
 
         return (

client/src/components/Settings/LogsConfig/index.js

@@ -62,7 +62,7 @@ class LogsConfig extends Component {
                             interval,
                             customInterval,
                             anonymize_client_ip,
-                            ignored: ignored.join('\n'),
+                            ignored: ignored?.join('\n'),
                         }}
                         onSubmit={this.handleFormSubmit}
                         processing={processing}

client/src/components/ui/Icons.js

@@ -245,6 +245,10 @@ const Icons = () => (
             <path fillRule="evenodd" clipRule="evenodd" d="M12 13.5C11.1716 13.5 10.5 12.8284 10.5 12C10.5 11.1716 11.1716 10.5 12 10.5C12.8284 10.5 13.5 11.1716 13.5 12C13.5 12.8284 12.8284 13.5 12 13.5Z" fill="currentColor" />
             <path fillRule="evenodd" clipRule="evenodd" d="M12 20C11.1716 20 10.5 19.3284 10.5 18.5C10.5 17.6716 11.1716 17 12 17C12.8284 17 13.5 17.6716 13.5 18.5C13.5 19.3284 12.8284 20 12 20Z" fill="currentColor" />
         </symbol>
+
+        <symbol id="check" fill="none" viewBox="0 0 24 24" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
+            <path d="M5 11.7665L10.5878 17L19 8" />
+        </symbol>
     </svg>
 );
 

client/src/helpers/constants.js

@@ -181,6 +181,9 @@ export const MODAL_TYPE = {
     ADD_REWRITE: 'ADD_REWRITE',
     EDIT_REWRITE: 'EDIT_REWRITE',
     EDIT_LEASE: 'EDIT_LEASE',
+    ADD_LEASE: 'ADD_LEASE',
+    ADD_CLIENT: 'ADD_CLIENT',
+    EDIT_CLIENT: 'EDIT_CLIENT',
 };
 
 export const CLIENT_ID = {
@@ -435,7 +438,7 @@ export const SCHEME_TO_PROTOCOL_MAP = {
 export const DNS_REQUEST_OPTIONS = {
     PARALLEL: 'parallel',
     FASTEST_ADDR: 'fastest_addr',
-    LOAD_BALANCING: '',
+    LOAD_BALANCING: 'load_balance',
 };
 
 export const DHCP_FORM_NAMES = {

client/src/helpers/filters/filters.js

@@ -142,11 +142,17 @@ export default {
             "homepage": "https://github.com/AdguardTeam/AdGuardSDNSFilter",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt"
         },
-        "adway_default_blocklist": {
-            "name": "AdAway Default Blocklist",
+        "adguard_popup_filter": {
+            "name": "AdGuard DNS Popup Hosts filter",
             "categoryId": "general",
-            "homepage": "https://github.com/AdAway/adaway.github.io/",
-            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt"
+            "homepage": "https://github.com/AdguardTeam/AdGuardSDNSFilter",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt"
+        },
+        "awavenue_ads_rule": {
+            "name": "AWAvenue Ads Rule",
+            "categoryId": "general",
+            "homepage": "https://awavenue.top/",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_53.txt"
         },
         "curben_phishing_filter": {
             "name": "Phishing URL Blocklist (PhishTank and OpenPhish)",
@@ -190,6 +196,18 @@ export default {
             "homepage": "https://github.com/hagezi/dns-blocklists#piracy",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_46.txt"
         },
+        "hagezi_badware_hoster_blocklist": {
+            "name": "HaGeZi's Badware Hoster Blocklist",
+            "categoryId": "security",
+            "homepage": "https://github.com/hagezi/dns-blocklists",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_55.txt"
+        },
+        "hagezi_dyndns_blocklist": {
+            "name": "HaGeZi's DynDNS Blocklist",
+            "categoryId": "security",
+            "homepage": "https://github.com/hagezi/dns-blocklists",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_54.txt"
+        },
         "hagezi_encrypted_dns_vpn_tor_proxy_bypass": {
             "name": "HaGeZi's Encrypted DNS/VPN/TOR/Proxy Bypass",
             "categoryId": "security",
@@ -203,7 +221,7 @@ export default {
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt"
         },
         "hagezi_multinormal": {
-            "name": "HaGeZi Multi NORMAL",
+            "name": "HaGeZi's Normal Blocklist",
             "categoryId": "general",
             "homepage": "https://github.com/hagezi/dns-blocklists",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_34.txt"
@@ -220,6 +238,12 @@ export default {
             "homepage": "https://github.com/hagezi/dns-blocklists",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_51.txt"
         },
+        "hagezi_the_worlds_most_abused_tlds": {
+            "name": "HaGeZi's The World's Most Abused TLDs",
+            "categoryId": "security",
+            "homepage": "https://github.com/hagezi/dns-blocklists",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_56.txt"
+        },
         "hagezi_threat_intelligence_feeds": {
             "name": "HaGeZi's Threat Intelligence Feeds",
             "categoryId": "security",
@@ -280,6 +304,12 @@ export default {
             "homepage": "https://github.com/durablenapkin/scamblocklist",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt"
         },
+        "shadowwhisperers_dating_list": {
+            "name": "ShadowWhisperer's Dating List",
+            "categoryId": "other",
+            "homepage": "https://github.com/ShadowWhisperer/BlockLists",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_57.txt"
+        },
         "shadowwhisperers_malware_list": {
             "name": "ShadowWhisperer's Malware List",
             "categoryId": "security",

client/src/helpers/form.js

@@ -180,7 +180,7 @@ export const CheckboxField = ({
     {!disabled
     && touched
     && error
-    && <span className="form__message form__message--error"><Trans>{error}</Trans></span>}
+    && <div className="form__message form__message--error mt-1"><Trans>{error}</Trans></div>}
 </>;
 
 CheckboxField.propTypes = {

client/src/helpers/trackers/trackers.json

@@ -1,5 +1,5 @@
 {
-    "timeUpdated": "2023-11-10T12:55:56.663Z",
+    "timeUpdated": "2024-03-01T00:10:14.031Z",
     "categories": {
         "0": "audio_video_player",
         "1": "comments",
@@ -640,7 +640,8 @@
             "name": "AdChina",
             "categoryId": 4,
             "url": "http://www.adchina.com/",
-            "companyId": "alibaba"
+            "companyId": null,
+            "source": "AdGuard"
         },
         "adcito": {
             "name": "Adcito",
@@ -1321,6 +1322,13 @@
             "companyId": "adobe",
             "source": "AdGuard"
         },
+        "adobe_experience_league": {
+            "name": "Adobe Experience League",
+            "categoryId": 6,
+            "url": "https://experienceleague.adobe.com/",
+            "companyId": "adobe",
+            "source": "AdGuard"
+        },
         "adobe_login": {
             "name": "Adobe Login",
             "categoryId": 2,
@@ -2281,27 +2289,29 @@
             "name": "Alibaba",
             "categoryId": 8,
             "url": "http://www.alibaba.com/",
-            "companyId": "alibaba"
+            "companyId": "softbank",
+            "source": "AdGuard"
         },
         "alibaba_cloud": {
             "name": "Alibaba Cloud",
             "categoryId": 10,
             "url": "https://www.alibabacloud.com/",
-            "companyId": "alibaba",
+            "companyId": "softbank",
             "source": "AdGuard"
         },
         "alibaba_ucbrowser": {
             "name": "UC Browser",
             "categoryId": 8,
             "url": "https://ucweb.com/",
-            "companyId": "alibaba",
+            "companyId": "softbank",
             "source": "AdGuard"
         },
         "alipay.com": {
             "name": "Alipay",
             "categoryId": 2,
-            "url": "https://www.alipay.com/",
-            "companyId": "alibaba"
+            "url": "https://global.alipay.com/",
+            "companyId": "softbank",
+            "source": "AdGuard"
         },
         "alivechat": {
             "name": "AliveChat",
@@ -2722,6 +2732,13 @@
             "url": "https://www.microsoft.com/",
             "companyId": "microsoft"
         },
+        "assemblyexchange": {
+            "name": "Assembly Exchange",
+            "categoryId": 4,
+            "url": "https://www.medialab.la/",
+            "companyId": "medialab",
+            "source": "AdGuard"
+        },
         "astronomer": {
             "name": "Astronomer",
             "categoryId": 6,
@@ -3767,10 +3784,11 @@
             "companyId": "branica"
         },
         "braze": {
-            "name": "Braze",
+            "name": "Braze, Inc.",
             "categoryId": 6,
             "url": "https://www.braze.com/",
-            "companyId": "braze_inc"
+            "companyId": "braze",
+            "source": "AdGuard"
         },
         "brealtime": {
             "name": "EMX Digital",
@@ -10747,9 +10765,10 @@
         },
         "localytics": {
             "name": "Localytics",
-            "categoryId": 6,
-            "url": "http://www.localytics.com/",
-            "companyId": "localytics"
+            "categoryId": 101,
+            "url": "https://uplandsoftware.com/localytics/",
+            "companyId": "upland",
+            "source": "AdGuard"
         },
         "lockerdome": {
             "name": "LockerDome",
@@ -12534,7 +12553,7 @@
             "name": "Network Time Protocol",
             "categoryId": 5,
             "url": "https://ntp.org/",
-            "companyId": "ntppool",
+            "companyId": "network_time_foundation",
             "source": "AdGuard"
         },
         "nttcom_online_marketing_solutions": {
@@ -15602,10 +15621,11 @@
             "companyId": "sharecompany"
         },
         "sharepoint": {
-            "name": "Microsoft SharePoint",
-            "categoryId": 2,
-            "url": "https://products.office.com/en-us/sharepoint/sharepoint-online-collaboration-software",
-            "companyId": "microsoft"
+            "name": "SharePoint",
+            "categoryId": 8,
+            "url": "https://www.microsoft.com/microsoft-365/sharepoint/collaboration",
+            "companyId": "microsoft",
+            "source": "AdGuard"
         },
         "sharethis": {
             "name": "ShareThis",
@@ -17062,7 +17082,8 @@
             "name": "Taobao",
             "categoryId": 4,
             "url": "https://world.taobao.com/",
-            "companyId": "alibaba"
+            "companyId": "softbank",
+            "source": "AdGuard"
         },
         "tapad": {
             "name": "Tapad",
@@ -20431,6 +20452,7 @@
         "nedstat.com": "adobe_experience_cloud",
         "omtrdc.net": "adobe_experience_cloud",
         "sitestat.com": "adobe_experience_cloud",
+        "adobedc.net": "adobe_experience_league",
         "adobelogin.com": "adobe_login",
         "adobetag.com": "adobe_tagmanager",
         "typekit.com": "adobe_typekit",
@@ -20816,6 +20838,7 @@
         "asambeauty.com": "asambeauty.com",
         "ask.com": "ask.com",
         "aspnetcdn.com": "aspnetcdn",
+        "ads.assemblyexchange.com": "assemblyexchange",
         "cdn.astronomer.io": "astronomer",
         "ati-host.net": "at_internet",
         "aticdn.net": "at_internet",
@@ -21046,6 +21069,7 @@
         "brandwire.tv": "brandwire.tv",
         "branica.com": "branica",
         "appboycdn.com": "braze",
+        "braze.com": "braze",
         "brealtime.com": "brealtime",
         "bridgetrack.com": "bridgetrack",
         "brightcove.com": "brightcove",
@@ -22944,6 +22968,7 @@
         "loadercdn.com": "loadercdn.com",
         "loadsource.org": "loadsource.org",
         "web.localytics.com": "localytics",
+        "localytics.com": "localytics",
         "cdn2.lockerdome.com": "lockerdome",
         "addtoany.com": "lockerz_share",
         "pixel.loganmedia.mobi": "logan_media",
@@ -23140,8 +23165,11 @@
         "s-microsoft.com": "microsoft",
         "trouter.io": "microsoft",
         "windows.net": "microsoft",
+        "aka.ms": "microsoft",
+        "microsoftazuread-sso.com": "microsoft",
         "bingapis.com": "microsoft",
         "msauth.net": "microsoft",
+        "msauthimages.net": "microsoft",
         "msftauth.net": "microsoft",
         "msftstatic.com": "microsoft",
         "msidentity.com": "microsoft",
@@ -23232,10 +23260,14 @@
         "mrpdata.net": "mrpdata",
         "mrskincash.com": "mrskincash",
         "a-msedge.net": "msedge",
+        "b-msedge.net": "msedge",
         "e-msedge.net": "msedge",
+        "k-msedge.net": "msedge",
         "l-msedge.net": "msedge",
         "s-msedge.net": "msedge",
+        "spo-msedge.net": "msedge",
         "t-msedge.net": "msedge",
+        "wac-msedge.net": "msedge",
         "msn.com": "msn",
         "s-msn.com": "msn",
         "musculahq.appspot.com": "muscula",
@@ -23501,8 +23533,10 @@
         "outbrain.com": "outbrain",
         "outbrainimg.com": "outbrain",
         "live.com": "outlook",
+        "cloud.microsoft": "outlook",
         "hotmail.com": "outlook",
         "outlook.com": "outlook",
+        "svc.ms": "outlook",
         "overheat.it": "overheat.it",
         "oewabox.at": "owa",
         "owneriq.net": "owneriq",
@@ -23770,6 +23804,7 @@
         "rcsmediagroup.it": "rcs.it",
         "d335luupugsy2.cloudfront.net": "rd_station",
         "rea-group.com": "rea_group",
+        "reagroupdata.com.au": "rea_group",
         "reastatic.net": "rea_group",
         "d12ulf131zb0yj.cloudfront.net": "reachforce",
         "reachforce.com": "reachforce",
@@ -24089,6 +24124,8 @@
         "quintrics.nl": "sharecompany",
         "sharecompany.nl": "sharecompany",
         "sharepointonline.com": "sharepoint",
+        "onmicrosoft.com": "sharepoint",
+        "sharepoint.com": "sharepoint",
         "sharethis.com": "sharethis",
         "shareth.ru": "sharethrough",
         "sharethrough.com": "sharethrough",

client/src/helpers/validators.js

@@ -389,3 +389,18 @@ export const validateIPv6Subnet = (value) => {
     }
     return undefined;
 };
+
+/**
+ * @returns {undefined|string}
+ * @param value
+ * @param allValues
+ */
+export const validatePlainDns = (value, allValues) => {
+    const { enabled } = allValues;
+
+    if (!enabled && !value) {
+        return 'encryption_plain_dns_error';
+    }
+
+    return undefined;
+};

client/src/reducers/dhcp.js

@@ -128,7 +128,8 @@ const dhcp = handleActions(
             const newState = {
                 ...state,
                 isModalOpen: !state.isModalOpen,
-                leaseModalConfig: payload,
+                modalType: payload?.type || '',
+                leaseModalConfig: payload?.config,
             };
             return newState;
         },

client/src/reducers/dnsConfig.js

@@ -1,7 +1,7 @@
 import { handleActions } from 'redux-actions';
 
 import * as actions from '../actions/dnsConfig';
-import { ALL_INTERFACES_IP, BLOCKING_MODES } from '../helpers/constants';
+import { ALL_INTERFACES_IP, BLOCKING_MODES, DNS_REQUEST_OPTIONS } from '../helpers/constants';
 
 const DEFAULT_BLOCKING_IPV4 = ALL_INTERFACES_IP;
 const DEFAULT_BLOCKING_IPV6 = '::';
@@ -15,6 +15,7 @@ const dnsConfig = handleActions(
                 blocking_ipv4,
                 blocking_ipv6,
                 upstream_dns,
+                upstream_mode,
                 fallback_dns,
                 bootstrap_dns,
                 local_ptr_upstreams,
@@ -33,6 +34,7 @@ const dnsConfig = handleActions(
                 local_ptr_upstreams: (local_ptr_upstreams && local_ptr_upstreams.join('\n')) || '',
                 ratelimit_whitelist: (ratelimit_whitelist && ratelimit_whitelist.join('\n')) || '',
                 processingGetConfig: false,
+                upstream_mode: upstream_mode === '' ? DNS_REQUEST_OPTIONS.LOAD_BALANCING : upstream_mode,
             };
         },
 

client/src/reducers/encryption.js

@@ -62,6 +62,7 @@ const encryption = handleActions({
     processingConfig: false,
     processingValidate: false,
     enabled: false,
+    serve_plain_dns: false,
     dns_names: null,
     force_https: false,
     issuer: '',

go.mod

@@ -1,14 +1,15 @@
 module github.com/AdguardTeam/AdGuardHome
 
-go 1.20
+go 1.22.3
 
 require (
-	github.com/AdguardTeam/dnsproxy v0.59.1
-	github.com/AdguardTeam/golibs v0.17.2
-	github.com/AdguardTeam/urlfilter v0.17.3
+	github.com/AdguardTeam/dnsproxy v0.71.1
+	github.com/AdguardTeam/golibs v0.23.2
+	github.com/AdguardTeam/urlfilter v0.18.0
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.2.7
 	github.com/bluele/gcache v0.0.2
+	github.com/c2h5oh/datasize v0.0.0-20231215233829-aa82cc1e6500
 	github.com/digineo/go-ipset/v2 v2.2.1
 	github.com/dimfeld/httptreemux/v5 v5.5.0
 	github.com/fsnotify/fsnotify v1.7.0
@@ -16,8 +17,8 @@ require (
 	github.com/google/go-cmp v0.6.0
 	github.com/google/gopacket v1.1.19
 	github.com/google/renameio/v2 v2.0.0
-	github.com/google/uuid v1.4.0
-	github.com/insomniacslk/dhcp v0.0.0-20231016090811-6a2c8fbdcc1c
+	github.com/google/uuid v1.6.0
+	github.com/insomniacslk/dhcp v0.0.0-20240227161007-c728f5dd21c8
 	github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86
 	github.com/kardianos/service v1.2.2
 	github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118
@@ -26,18 +27,19 @@ require (
 	// TODO(a.garipov): This package is deprecated; find a new one or use our
 	// own code for that.  Perhaps, use gopacket.
 	github.com/mdlayher/raw v0.1.0
-	github.com/miekg/dns v1.1.56
-	github.com/quic-go/quic-go v0.40.0
-	github.com/stretchr/testify v1.8.4
+	github.com/miekg/dns v1.1.58
+	// TODO(a.garipov): Use release version.
+	github.com/quic-go/quic-go v0.42.1-0.20240424141022-12aa63824c7f
+	github.com/stretchr/testify v1.9.0
 	github.com/ti-mo/netfilter v0.5.1
-	go.etcd.io/bbolt v1.3.8
-	golang.org/x/crypto v0.15.0
-	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa
-	golang.org/x/net v0.18.0
-	golang.org/x/sys v0.14.0
+	go.etcd.io/bbolt v1.3.9
+	golang.org/x/crypto v0.22.0
+	golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8
+	golang.org/x/net v0.24.0
+	golang.org/x/sys v0.19.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gopkg.in/yaml.v3 v3.0.1
-	howett.net/plist v1.0.0
+	howett.net/plist v1.0.1
 )
 
 require (
@@ -47,20 +49,19 @@ require (
 	github.com/beefsack/go-rate v0.0.0-20220214233405-116f4ca011a0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
-	github.com/google/pprof v0.0.0-20231101202521-4ca4178f5c7a // indirect
-	// TODO(a.garipov): Upgrade to v0.5.0 once we switch to Go 1.21+.
-	github.com/mdlayher/socket v0.4.1 // indirect
-	github.com/onsi/ginkgo/v2 v2.13.1 // indirect
+	github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7 // indirect
+	github.com/mdlayher/socket v0.5.0 // indirect
+	github.com/onsi/ginkgo/v2 v2.16.0 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
-	github.com/pierrec/lz4/v4 v4.1.18 // indirect
+	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/quic-go/qpack v0.4.0 // indirect
-	github.com/quic-go/qtls-go1-20 v0.4.1 // indirect
-	github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 // indirect
-	go.uber.org/mock v0.3.0 // indirect
-	golang.org/x/mod v0.14.0 // indirect
-	golang.org/x/sync v0.5.0 // indirect
+	github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 // indirect
+	go.uber.org/mock v0.4.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/tools v0.15.0 // indirect
+	golang.org/x/tools v0.20.0 // indirect
+	gonum.org/v1/gonum v0.14.0 // indirect
 )

go.sum

@@ -1,9 +1,9 @@
-github.com/AdguardTeam/dnsproxy v0.59.1 h1:G/6T32EuPF0rhRkACkLFwD0pajI9351a1LACpuA2UcE=
-github.com/AdguardTeam/dnsproxy v0.59.1/go.mod h1:ZvkbM71HwpilgkCnTubDiR4Ba6x5Qvnhy2iasMWaTDM=
-github.com/AdguardTeam/golibs v0.17.2 h1:vg6wHMjUKscnyPGRvxS5kAt7Uw4YxcJiITZliZ476W8=
-github.com/AdguardTeam/golibs v0.17.2/go.mod h1:DKhCIXHcUYtBhU8ibTLKh1paUL96n5zhQBlx763sj+U=
-github.com/AdguardTeam/urlfilter v0.17.3 h1:fg/ObbnO0Cv6aw0tW6N/ETDMhhNvmcUUOZ7HlmKC3rw=
-github.com/AdguardTeam/urlfilter v0.17.3/go.mod h1:Jru7jFfeH2CoDf150uDs+rRYcZBzHHBz05r9REyDKyE=
+github.com/AdguardTeam/dnsproxy v0.71.1 h1:R8jKmoE9HwqdTt7bm8irpvrQEOSmD+iGdNXbOg/uM8Y=
+github.com/AdguardTeam/dnsproxy v0.71.1/go.mod h1:rCaCL4m4n63sgwTOyUVdc7MC42PlUYBt11Fz/UjD+kM=
+github.com/AdguardTeam/golibs v0.23.2 h1:rMjYantwtQ39e8G4zBQ6ZLlm4s3XH30Bc9VxhoOHwao=
+github.com/AdguardTeam/golibs v0.23.2/go.mod h1:o9i55Sx6v7qogRQeqaBfmLbC/pZqeMBWi015U5PTDY0=
+github.com/AdguardTeam/urlfilter v0.18.0 h1:ZZzwODC/ADpjJSODxySrrUnt/fvOCfGFaCW6j+wsGfQ=
+github.com/AdguardTeam/urlfilter v0.18.0/go.mod h1:IXxBwedLiZA2viyHkaFxY/8mjub0li2PXRg8a3d9Z1s=
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
@@ -18,6 +18,8 @@ github.com/beefsack/go-rate v0.0.0-20220214233405-116f4ca011a0 h1:0b2vaepXIfMsG+
 github.com/beefsack/go-rate v0.0.0-20220214233405-116f4ca011a0/go.mod h1:6YNgTHLutezwnBvyneBbwvB8C82y3dcoOj5EQJIdGXA=
 github.com/bluele/gcache v0.0.2 h1:WcbfdXICg7G/DGBh1PFfcirkWOQV+v077yF1pSy3DGw=
 github.com/bluele/gcache v0.0.2/go.mod h1:m15KV+ECjptwSPxKhOhQoAFQVtUFjTVkc3H8o0t/fp0=
+github.com/c2h5oh/datasize v0.0.0-20231215233829-aa82cc1e6500 h1:6lhrsTEnloDPXyeZBvSYvQf8u86jbKehZPVDDlkgDl4=
+github.com/c2h5oh/datasize v0.0.0-20231215233829-aa82cc1e6500/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -27,13 +29,16 @@ github.com/dimfeld/httptreemux/v5 v5.5.0 h1:p8jkiMrCuZ0CmhwYLcbNbl7DDo21fozhKHQ2
 github.com/dimfeld/httptreemux/v5 v5.5.0/go.mod h1:QeEylH57C0v3VO0tkKraVz9oD3Uu93CKPnTLbsidvSw=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
-github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-ping/ping v1.1.0 h1:3MCGhVX4fyEUuhsfwPrsEdQw6xspHkv5zHsiSoDFZYw=
 github.com/go-ping/ping v1.1.0/go.mod h1:xIFjORFzTxqIV/tDVGO4eDy/bLuSyawEeojSm3GfRGk=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
@@ -41,25 +46,27 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
 github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
-github.com/google/pprof v0.0.0-20231101202521-4ca4178f5c7a h1:fEBsGL/sjAuJrgah5XqmmYsTLzJp/TO9Lhy39gkverk=
-github.com/google/pprof v0.0.0-20231101202521-4ca4178f5c7a/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
+github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7 h1:y3N7Bm7Y9/CtpiVkw/ZWj6lSlDF3F74SfKwfTCer72Q=
+github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
 github.com/google/renameio/v2 v2.0.0 h1:UifI23ZTGY8Tt29JbYFiuyIU3eX+RNFtUwefq9qAhxg=
 github.com/google/renameio/v2 v2.0.0/go.mod h1:BtmJXm5YlszgC+TD4HOEEUFgkJP3nLxehU6hfe7jRt4=
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
-github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8CrSJVmaolDVOxTfS9kc36uB6H40kdbQq8=
-github.com/insomniacslk/dhcp v0.0.0-20231016090811-6a2c8fbdcc1c h1:PgxFEySCI41sH0mB7/2XswdXbUykQsRUGod8Rn+NubM=
-github.com/insomniacslk/dhcp v0.0.0-20231016090811-6a2c8fbdcc1c/go.mod h1:3A9PQ1cunSDF/1rbTq99Ts4pVnycWg+vlPkfeD2NLFI=
+github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714/go.mod h1:2Goc3h8EklBH5mspfHFxBnEoURQCGzQQH1ga9Myjvis=
+github.com/insomniacslk/dhcp v0.0.0-20240227161007-c728f5dd21c8 h1:V3plQrMHRWOB5zMm3yNqvBxDQVW1+/wHBSok5uPdmVs=
+github.com/insomniacslk/dhcp v0.0.0-20240227161007-c728f5dd21c8/go.mod h1:izxuNQZeFrbx2nK2fAyN5iNUB34Fe9j0nK4PwLzAkKw=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
-github.com/josharian/native v1.0.1-0.20221213033349-c1e37c09b531/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
 github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 h1:elKwZS1OcdQ0WwEDBeqxKwb7WB62QX8bvZ/FJnVXIfk=
 github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86/go.mod h1:aFAMtuldEgx/4q7iSGazk22+IcgvtiC+HIimFO9XlS8=
 github.com/kardianos/service v1.2.2 h1:ZvePhAHfvo0A7Mftk/tEzqEZ7Q4lgnR8sGz4xu1YX60=
 github.com/kardianos/service v1.2.2/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
+github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
 github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118 h1:2oDp6OOhLxQ9JBoUuysVz9UZ9uI6oLUbvAZu0x8o+vE=
 github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118/go.mod h1:ZFUnHIVchZ9lJoWoEGUg8Q3M4U8aNNWA3CVSUTkW4og=
 github.com/mdlayher/netlink v0.0.0-20190313131330-258ea9dff42c/go.mod h1:eQB3mZE4aiYnlUsyGGCOpPETfdQq4Jhsgf1fk3cwQaA=
@@ -71,73 +78,79 @@ github.com/mdlayher/packet v1.1.2/go.mod h1:GEu1+n9sG5VtiRE4SydOmX5GTwyyYlteZiFU
 github.com/mdlayher/raw v0.1.0 h1:K4PFMVy+AFsp0Zdlrts7yNhxc/uXoPVHi9RzRvtZF2Y=
 github.com/mdlayher/raw v0.1.0/go.mod h1:yXnxvs6c0XoF/aK52/H5PjsVHmWBCFfZUfoh/Y5s9Sg=
 github.com/mdlayher/socket v0.2.1/go.mod h1:QLlNPkFR88mRUNQIzRBMfXxwKal8H7u1h3bL1CV+f0E=
-github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U=
-github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA=
-github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE=
-github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY=
+github.com/mdlayher/socket v0.5.0 h1:ilICZmJcQz70vrWVes1MFera4jGiWNocSkykwwoy3XI=
+github.com/mdlayher/socket v0.5.0/go.mod h1:WkcBFfvyG8QENs5+hfQPl1X6Jpd2yeLIYgrGFmJiJxI=
+github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
+github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
-github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU=
-github.com/onsi/ginkgo/v2 v2.13.1/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM=
-github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/onsi/ginkgo/v2 v2.16.0 h1:7q1w9frJDzninhXxjZd+Y/x54XNjG/UlRLIYPZafsPM=
+github.com/onsi/ginkgo/v2 v2.16.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs=
+github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8=
+github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
-github.com/pierrec/lz4/v4 v4.1.14/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
-github.com/pierrec/lz4/v4 v4.1.18 h1:xaKrnTkyoqfh1YItXl56+6KJNVYWlEEPuAQW9xsplYQ=
-github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
+github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
+github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
+github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
 github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
 github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
-github.com/quic-go/qtls-go1-20 v0.4.1 h1:D33340mCNDAIKBqXuAvexTNMUByrYmFYVfKfDN5nfFs=
-github.com/quic-go/qtls-go1-20 v0.4.1/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k=
-github.com/quic-go/quic-go v0.40.0 h1:GYd1iznlKm7dpHD7pOVpUvItgMPo/jrMgDWZhMCecqw=
-github.com/quic-go/quic-go v0.40.0/go.mod h1:PeN7kuVJ4xZbxSv/4OX6S1USOX8MJvydwpTx31vx60c=
+github.com/quic-go/quic-go v0.42.1-0.20240424141022-12aa63824c7f h1:L7x60Z6AW2giF/SvbDpMglGHJxtmFJV03khPwXLDScU=
+github.com/quic-go/quic-go v0.42.1-0.20240424141022-12aa63824c7f/go.mod h1:132kz4kL3F9vxhW3CtQJLDVwcFe5wdWeJXXijhsO57M=
 github.com/shirou/gopsutil/v3 v3.23.7 h1:C+fHO8hfIppoJ1WdsVm1RoI0RwXoNdfTK7yWXV0wVj4=
+github.com/shirou/gopsutil/v3 v3.23.7/go.mod h1:c4gnmoRC0hQuaLqvxnx1//VXQ0Ms/X9UnJF8pddY5z4=
 github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
+github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/ti-mo/netfilter v0.2.0/go.mod h1:8GbBGsY/8fxtyIdfwy29JiluNcPK4K7wIT+x42ipqUU=
 github.com/ti-mo/netfilter v0.5.1 h1:cqamEd1c1zmpfpqvInLOro0Znq/RAfw2QL5wL2rAR/8=
 github.com/ti-mo/netfilter v0.5.1/go.mod h1:h9UPQ3ZrTZGBitay+LETMxZvNgWGK/efTUcqES2YiLw=
 github.com/tklauser/go-sysconf v0.3.11 h1:89WgdJhk5SNwJfu+GKyYveZ4IaJ7xAkecBo+KdJV0CM=
+github.com/tklauser/go-sysconf v0.3.11/go.mod h1:GqXfhXY3kiPa0nAXPDIQIWzJbMCB7AmcWpGR8lSZfqI=
 github.com/tklauser/numcpus v0.6.0 h1:kebhY2Qt+3U6RNK7UqpYNA+tJ23IBEGKkB7JQBfDYms=
-github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 h1:YcojQL98T/OO+rybuzn2+5KrD5dBwXIvYBvQ2cD3Avg=
-github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63/go.mod h1:eLL9Nub3yfAho7qB0MzZizFhTU2QkLeoVsWdHtDW264=
+github.com/tklauser/numcpus v0.6.0/go.mod h1:FEZLMke0lhOUG6w2JadTzp0a+Nl8PF/GFkQ5UVIcaL4=
+github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 h1:pyC9PaHYZFgEKFdlp3G8RaCKgVpHZnecvArXvPXcFkM=
+github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701/go.mod h1:P3a5rG4X7tI17Nn3aOIAYr5HbIMukwXG0urG0WuL8OA=
 github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFiw=
-go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA=
-go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
-go.uber.org/mock v0.3.0 h1:3mUxI1No2/60yUYax92Pt8eNOEecx2D3lcXZh2NEZJo=
-go.uber.org/mock v0.3.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
+github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
+go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI=
+go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE=
+go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
+go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
-golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
-golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ=
-golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE=
+golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
+golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
+golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 h1:ESSUROHIBHg7USnszlcdmjBEwdMj9VUvU+OPk4yl2mc=
+golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
-golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg=
-golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
-golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190322080309-f49334f85ddc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -147,29 +160,34 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
-golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8=
-golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk=
+golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY=
+golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gonum.org/v1/gonum v0.14.0 h1:2NiG67LD1tEH0D7kM+ps2V+fXmsAnpUeec7n8tcr4S0=
+gonum.org/v1/gonum v0.14.0/go.mod h1:AoWeoz0becf9QMWtE8iWXNXc27fK4fNeHNf/oMejGfU=
 google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
 gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=
-howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=
+howett.net/plist v1.0.1 h1:37GdZ8tP09Q35o9ych3ehygcsL+HqKSwzctveSlarvM=
+howett.net/plist v1.0.1/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=

internal/aghalg/aghalg.go

@@ -5,34 +5,13 @@ package aghalg
 
 import (
 	"fmt"
+	"slices"
 
 	"golang.org/x/exp/constraints"
-	"golang.org/x/exp/slices"
 )
 
-// Coalesce returns the first non-zero value.  It is named after function
-// COALESCE in SQL.  If values or all its elements are empty, it returns a zero
-// value.
-//
-// T is comparable, because Go currently doesn't have a comparableWithZeroValue
-// constraint.
-//
-// TODO(a.garipov): Think of ways to merge with [CoalesceSlice].
-func Coalesce[T comparable](values ...T) (res T) {
-	var zero T
-	for _, v := range values {
-		if v != zero {
-			return v
-		}
-	}
-
-	return zero
-}
-
 // CoalesceSlice returns the first non-zero value.  It is named after function
 // COALESCE in SQL.  If values or all its elements are empty, it returns nil.
-//
-// TODO(a.garipov): Think of ways to merge with [Coalesce].
 func CoalesceSlice[E any, S []E](values ...S) (res S) {
 	for _, v := range values {
 		if v != nil {

internal/aghalg/ringbuffer.go

@@ -1,23 +1,15 @@
 package aghalg
 
-import (
-	"github.com/AdguardTeam/golibs/errors"
-)
-
 // RingBuffer is the implementation of ring buffer data structure.
 type RingBuffer[T any] struct {
 	buf  []T
-	cur  int
+	cur  uint
 	full bool
 }
 
 // NewRingBuffer initializes the new instance of ring buffer.  size must be
 // greater or equal to zero.
-func NewRingBuffer[T any](size int) (rb *RingBuffer[T]) {
-	if size < 0 {
-		panic(errors.Error("ring buffer: size must be greater or equal to zero"))
-	}
-
+func NewRingBuffer[T any](size uint) (rb *RingBuffer[T]) {
 	return &RingBuffer[T]{
 		buf: make([]T, size),
 	}
@@ -30,7 +22,7 @@ func (rb *RingBuffer[T]) Append(e T) {
 	}
 
 	rb.buf[rb.cur] = e
-	rb.cur = (rb.cur + 1) % cap(rb.buf)
+	rb.cur = (rb.cur + 1) % uint(cap(rb.buf))
 	if rb.cur == 0 {
 		rb.full = true
 	}
@@ -87,12 +79,12 @@ func (rb *RingBuffer[T]) splitCur() (before, after []T) {
 }
 
 // Len returns a length of the buffer.
-func (rb *RingBuffer[T]) Len() (l int) {
+func (rb *RingBuffer[T]) Len() (l uint) {
 	if !rb.full {
 		return rb.cur
 	}
 
-	return cap(rb.buf)
+	return uint(cap(rb.buf))
 }
 
 // Clear clears the buffer.

internal/aghalg/ringbuffer_test.go

@@ -1,21 +1,21 @@
 package aghalg_test
 
 import (
+	"slices"
 	"testing"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/stretchr/testify/assert"
-	"golang.org/x/exp/slices"
 )
 
 // elements is a helper function that returns n elements of the buffer.
-func elements(b *aghalg.RingBuffer[int], n int, reverse bool) (es []int) {
+func elements(b *aghalg.RingBuffer[int], n uint, reverse bool) (es []int) {
 	fn := b.Range
 	if reverse {
 		fn = b.ReverseRange
 	}
 
-	i := 0
+	var i uint
 	fn(func(e int) (cont bool) {
 		if i >= n {
 			return false
@@ -33,7 +33,7 @@ func elements(b *aghalg.RingBuffer[int], n int, reverse bool) (es []int) {
 func TestNewRingBuffer(t *testing.T) {
 	t.Run("success_and_clear", func(t *testing.T) {
 		b := aghalg.NewRingBuffer[int](5)
-		for i := 0; i < 10; i++ {
+		for i := range 10 {
 			b.Append(i)
 		}
 		assert.Equal(t, []int{5, 6, 7, 8, 9}, elements(b, b.Len(), false))
@@ -42,29 +42,25 @@ func TestNewRingBuffer(t *testing.T) {
 		assert.Zero(t, b.Len())
 	})
 
-	t.Run("negative_size", func(t *testing.T) {
-		assert.PanicsWithError(t, "ring buffer: size must be greater or equal to zero", func() {
-			aghalg.NewRingBuffer[int](-5)
-		})
-	})
-
 	t.Run("zero", func(t *testing.T) {
 		b := aghalg.NewRingBuffer[int](0)
-		for i := 0; i < 10; i++ {
+		for i := range 10 {
 			b.Append(i)
-			assert.Equal(t, 0, b.Len())
-			assert.Empty(t, elements(b, b.Len(), false))
-			assert.Empty(t, elements(b, b.Len(), true))
+			bufLen := b.Len()
+			assert.EqualValues(t, 0, bufLen)
+			assert.Empty(t, elements(b, bufLen, false))
+			assert.Empty(t, elements(b, bufLen, true))
 		}
 	})
 
 	t.Run("single", func(t *testing.T) {
 		b := aghalg.NewRingBuffer[int](1)
-		for i := 0; i < 10; i++ {
+		for i := range 10 {
 			b.Append(i)
-			assert.Equal(t, 1, b.Len())
-			assert.Equal(t, []int{i}, elements(b, b.Len(), false))
-			assert.Equal(t, []int{i}, elements(b, b.Len(), true))
+			bufLen := b.Len()
+			assert.EqualValues(t, 1, bufLen)
+			assert.Equal(t, []int{i}, elements(b, bufLen, false))
+			assert.Equal(t, []int{i}, elements(b, bufLen, true))
 		}
 	})
 }
@@ -78,7 +74,7 @@ func TestRingBuffer_Range(t *testing.T) {
 		name   string
 		want   []int
 		count  int
-		length int
+		length uint
 	}{{
 		name:   "three",
 		count:  3,
@@ -98,7 +94,7 @@ func TestRingBuffer_Range(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			for i := 0; i < tc.count; i++ {
+			for i := range tc.count {
 				b.Append(i)
 			}
 
@@ -163,11 +159,11 @@ func TestRingBuffer_Range_increment(t *testing.T) {
 	for i, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			b.Append(i)
-
-			assert.Equal(t, tc.want, elements(b, b.Len(), false))
+			bufLen := b.Len()
+			assert.Equal(t, tc.want, elements(b, bufLen, false))
 
 			slices.Reverse(tc.want)
-			assert.Equal(t, tc.want, elements(b, b.Len(), true))
+			assert.Equal(t, tc.want, elements(b, bufLen, true))
 		})
 	}
 }

internal/aghalg/sortedmap.go

@@ -0,0 +1,86 @@
+package aghalg
+
+import (
+	"slices"
+)
+
+// SortedMap is a map that keeps elements in order with internal sorting
+// function.  Must be initialised by the [NewSortedMap].
+type SortedMap[K comparable, V any] struct {
+	vals map[K]V
+	cmp  func(a, b K) (res int)
+	keys []K
+}
+
+// NewSortedMap initializes the new instance of sorted map.  cmp is a sort
+// function to keep elements in order.
+//
+// TODO(s.chzhen):  Use cmp.Compare in Go 1.21.
+func NewSortedMap[K comparable, V any](cmp func(a, b K) (res int)) SortedMap[K, V] {
+	return SortedMap[K, V]{
+		vals: map[K]V{},
+		cmp:  cmp,
+	}
+}
+
+// Set adds val with key to the sorted map.  It panics if the m is nil.
+func (m *SortedMap[K, V]) Set(key K, val V) {
+	m.vals[key] = val
+
+	i, has := slices.BinarySearchFunc(m.keys, key, m.cmp)
+	if has {
+		m.keys[i] = key
+	} else {
+		m.keys = slices.Insert(m.keys, i, key)
+	}
+}
+
+// Get returns val by key from the sorted map.
+func (m *SortedMap[K, V]) Get(key K) (val V, ok bool) {
+	if m == nil {
+		return
+	}
+
+	val, ok = m.vals[key]
+
+	return val, ok
+}
+
+// Del removes the value by key from the sorted map.
+func (m *SortedMap[K, V]) Del(key K) {
+	if m == nil {
+		return
+	}
+
+	if _, has := m.vals[key]; !has {
+		return
+	}
+
+	delete(m.vals, key)
+	i, _ := slices.BinarySearchFunc(m.keys, key, m.cmp)
+	m.keys = slices.Delete(m.keys, i, i+1)
+}
+
+// Clear removes all elements from the sorted map.
+func (m *SortedMap[K, V]) Clear() {
+	if m == nil {
+		return
+	}
+
+	m.keys = nil
+	clear(m.vals)
+}
+
+// Range calls cb for each element of the map, sorted by m.cmp.  If cb returns
+// false it stops.
+func (m *SortedMap[K, V]) Range(cb func(K, V) (cont bool)) {
+	if m == nil {
+		return
+	}
+
+	for _, k := range m.keys {
+		if !cb(k, m.vals[k]) {
+			return
+		}
+	}
+}

internal/aghalg/sortedmap_test.go

@@ -0,0 +1,95 @@
+package aghalg
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNewSortedMap(t *testing.T) {
+	var m SortedMap[string, int]
+
+	letters := []string{}
+	for i := range 10 {
+		r := string('a' + rune(i))
+		letters = append(letters, r)
+	}
+
+	t.Run("create_and_fill", func(t *testing.T) {
+		m = NewSortedMap[string, int](strings.Compare)
+
+		nums := []int{}
+		for i, r := range letters {
+			m.Set(r, i)
+			nums = append(nums, i)
+		}
+
+		gotLetters := []string{}
+		gotNums := []int{}
+		m.Range(func(k string, v int) bool {
+			gotLetters = append(gotLetters, k)
+			gotNums = append(gotNums, v)
+
+			return true
+		})
+
+		assert.Equal(t, letters, gotLetters)
+		assert.Equal(t, nums, gotNums)
+
+		n, ok := m.Get(letters[0])
+		assert.True(t, ok)
+		assert.Equal(t, nums[0], n)
+	})
+
+	t.Run("clear", func(t *testing.T) {
+		lastLetter := letters[len(letters)-1]
+		m.Del(lastLetter)
+
+		_, ok := m.Get(lastLetter)
+		assert.False(t, ok)
+
+		m.Clear()
+
+		gotLetters := []string{}
+		m.Range(func(k string, _ int) bool {
+			gotLetters = append(gotLetters, k)
+
+			return true
+		})
+
+		assert.Len(t, gotLetters, 0)
+	})
+}
+
+func TestNewSortedMap_nil(t *testing.T) {
+	const (
+		key = "key"
+		val = "val"
+	)
+
+	var m SortedMap[string, string]
+
+	assert.Panics(t, func() {
+		m.Set(key, val)
+	})
+
+	assert.NotPanics(t, func() {
+		_, ok := m.Get(key)
+		assert.False(t, ok)
+	})
+
+	assert.NotPanics(t, func() {
+		m.Range(func(_, _ string) (cont bool) {
+			return true
+		})
+	})
+
+	assert.NotPanics(t, func() {
+		m.Del(key)
+	})
+
+	assert.NotPanics(t, func() {
+		m.Clear()
+	})
+}

internal/aghchan/aghchan.go

@@ -1,33 +0,0 @@
-// Package aghchan contains channel utilities.
-package aghchan
-
-import (
-	"fmt"
-	"time"
-)
-
-// Receive returns an error if it cannot receive a value form c before timeout
-// runs out.
-func Receive[T any](c <-chan T, timeout time.Duration) (v T, ok bool, err error) {
-	var zero T
-	timeoutCh := time.After(timeout)
-	select {
-	case <-timeoutCh:
-		// TODO(a.garipov): Consider implementing [errors.Aser] for
-		// os.ErrTimeout.
-		return zero, false, fmt.Errorf("did not receive after %s", timeout)
-	case v, ok = <-c:
-		return v, ok, nil
-	}
-}
-
-// MustReceive panics if it cannot receive a value form c before timeout runs
-// out.
-func MustReceive[T any](c <-chan T, timeout time.Duration) (v T, ok bool) {
-	v, ok, err := Receive(c, timeout)
-	if err != nil {
-		panic(err)
-	}
-
-	return v, ok
-}

internal/aghnet/addr.go

@@ -1,10 +1,7 @@
 package aghnet
 
 import (
-	"fmt"
 	"strings"
-
-	"github.com/AdguardTeam/golibs/stringutil"
 )
 
 // NormalizeDomain returns a lowercased version of host without the final dot,
@@ -19,25 +16,3 @@ func NormalizeDomain(host string) (norm string) {
 
 	return strings.ToLower(strings.TrimSuffix(host, "."))
 }
-
-// NewDomainNameSet returns nil and error, if list has duplicate or empty domain
-// name.  Otherwise returns a set, which contains domain names normalized using
-// [NormalizeDomain].
-func NewDomainNameSet(list []string) (set *stringutil.Set, err error) {
-	set = stringutil.NewSet()
-
-	for i, host := range list {
-		if host == "" {
-			return nil, fmt.Errorf("at index %d: hostname is empty", i)
-		}
-
-		host = NormalizeDomain(host)
-		if set.Has(host) {
-			return nil, fmt.Errorf("duplicate hostname %q at index %d", host, i)
-		}
-
-		set.Add(host)
-	}
-
-	return set, nil
-}

internal/aghnet/addr_test.go

@@ -1,59 +0,0 @@
-package aghnet_test
-
-import (
-	"testing"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
-	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestNewDomainNameSet(t *testing.T) {
-	t.Parallel()
-
-	testCases := []struct {
-		name       string
-		wantErrMsg string
-		in         []string
-	}{{
-		name:       "nil",
-		wantErrMsg: "",
-		in:         nil,
-	}, {
-		name:       "success",
-		wantErrMsg: "",
-		in: []string{
-			"Domain.Example",
-			".",
-		},
-	}, {
-		name:       "dups",
-		wantErrMsg: `duplicate hostname "domain.example" at index 1`,
-		in: []string{
-			"Domain.Example",
-			"domain.example",
-		},
-	}, {
-		name:       "bad_domain",
-		wantErrMsg: "at index 0: hostname is empty",
-		in: []string{
-			"",
-		},
-	}}
-
-	for _, tc := range testCases {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			t.Parallel()
-			set, err := aghnet.NewDomainNameSet(tc.in)
-			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
-			if err != nil {
-				return
-			}
-
-			for _, host := range tc.in {
-				assert.Truef(t, set.Has(aghnet.NormalizeDomain(host)), "%q not matched", host)
-			}
-		})
-	}
-}

internal/aghnet/hostscontainer.go

@@ -1,65 +1,23 @@
 package aghnet
 
 import (
-	"context"
 	"fmt"
 	"io"
 	"io/fs"
 	"net/netip"
 	"path"
-	"strings"
 	"sync/atomic"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/hostsfile"
 	"github.com/AdguardTeam/golibs/log"
-	"golang.org/x/exp/maps"
-	"golang.org/x/exp/slices"
 )
 
-// DefaultHostsPaths returns the slice of paths default for the operating system
-// to files and directories which are containing the hosts database.  The result
-// is intended to be used within fs.FS so the initial slash is omitted.
-func DefaultHostsPaths() (paths []string) {
-	return defaultHostsPaths()
-}
-
-// MatchAddr returns the records for the IP address.
-func (hc *HostsContainer) MatchAddr(ip netip.Addr) (recs []*hostsfile.Record) {
-	cur := hc.current.Load()
-	if cur == nil {
-		return nil
-	}
-
-	return cur.addrs[ip]
-}
-
-// MatchName returns the records for the hostname.
-func (hc *HostsContainer) MatchName(name string) (recs []*hostsfile.Record) {
-	cur := hc.current.Load()
-	if cur != nil {
-		recs = cur.names[name]
-	}
-
-	return recs
-}
-
 // hostsContainerPrefix is a prefix for logging and wrapping errors in
 // HostsContainer's methods.
 const hostsContainerPrefix = "hosts container"
 
-// Hosts is a map of IP addresses to the records, as it primarily stored in the
-// [HostsContainer].  It should not be accessed for writing since it may be read
-// concurrently, users should clone it before modifying.
-//
-// The order of records for each address is preserved from original files, but
-// the order of the addresses, being a map key, is not.
-//
-// TODO(e.burkov):  Probably, this should be a sorted slice of records.
-type Hosts map[netip.Addr][]*hostsfile.Record
-
 // HostsContainer stores the relevant hosts database provided by the OS and
 // processes both A/AAAA and PTR DNS requests for those.
 type HostsContainer struct {
@@ -67,10 +25,10 @@ type HostsContainer struct {
 	done chan struct{}
 
 	// updates is the channel for receiving updated hosts.
-	updates chan Hosts
+	updates chan *hostsfile.DefaultStorage
 
 	// current is the last set of hosts parsed.
-	current atomic.Pointer[hostsIndex]
+	current atomic.Pointer[hostsfile.DefaultStorage]
 
 	// fsys is the working file system to read hosts files from.
 	fsys fs.FS
@@ -111,7 +69,7 @@ func NewHostsContainer(
 
 	hc = &HostsContainer{
 		done:     make(chan struct{}, 1),
-		updates:  make(chan Hosts, 1),
+		updates:  make(chan *hostsfile.DefaultStorage, 1),
 		fsys:     fsys,
 		watcher:  w,
 		patterns: patterns,
@@ -152,11 +110,25 @@ func (hc *HostsContainer) Close() (err error) {
 	return err
 }
 
-// Upd returns the channel into which the updates are sent.
-func (hc *HostsContainer) Upd() (updates <-chan Hosts) {
+// Upd returns the channel into which the updates are sent.  The updates
+// themselves must not be modified.
+func (hc *HostsContainer) Upd() (updates <-chan *hostsfile.DefaultStorage) {
 	return hc.updates
 }
 
+// type check
+var _ hostsfile.Storage = (*HostsContainer)(nil)
+
+// ByAddr implements the [hostsfile.Storage] interface for *HostsContainer.
+func (hc *HostsContainer) ByAddr(addr netip.Addr) (names []string) {
+	return hc.current.Load().ByAddr(addr)
+}
+
+// ByName implements the [hostsfile.Storage] interface for *HostsContainer.
+func (hc *HostsContainer) ByName(name string) (addrs []netip.Addr) {
+	return hc.current.Load().ByName(name)
+}
+
 // pathsToPatterns converts paths into patterns compatible with fs.Glob.
 func pathsToPatterns(fsys fs.FS, paths []string) (patterns []string, err error) {
 	for i, p := range paths {
@@ -167,7 +139,7 @@ func pathsToPatterns(fsys fs.FS, paths []string) (patterns []string, err error)
 				continue
 			}
 
-			// Don't put a filename here since it's already added by fs.Stat.
+			// Don't put a filename here since it's already added by [fs.Stat].
 			return nil, fmt.Errorf("path at index %d: %w", i, err)
 		}
 
@@ -182,8 +154,8 @@ func pathsToPatterns(fsys fs.FS, paths []string) (patterns []string, err error)
 }
 
 // handleEvents concurrently handles the file system events.  It closes the
-// update channel of HostsContainer when finishes.  It's used to be called
-// within a separate goroutine.
+// update channel of HostsContainer when finishes.  It is intended to be used as
+// a goroutine.
 func (hc *HostsContainer) handleEvents() {
 	defer log.OnPanic(fmt.Sprintf("%s: handling events", hostsContainerPrefix))
 
@@ -209,7 +181,7 @@ func (hc *HostsContainer) handleEvents() {
 }
 
 // sendUpd tries to send the parsed data to the ch.
-func (hc *HostsContainer) sendUpd(recs Hosts) {
+func (hc *HostsContainer) sendUpd(recs *hostsfile.DefaultStorage) {
 	log.Debug("%s: sending upd", hostsContainerPrefix)
 
 	ch := hc.updates
@@ -226,67 +198,6 @@ func (hc *HostsContainer) sendUpd(recs Hosts) {
 	}
 }
 
-// hostsIndex is a [hostsfile.Set] to enumerate all the records.
-type hostsIndex struct {
-	// addrs maps IP addresses to the records.
-	addrs Hosts
-
-	// names maps hostnames to the records.
-	names map[string][]*hostsfile.Record
-}
-
-// walk is a file walking function for hostsIndex.
-func (idx *hostsIndex) walk(r io.Reader) (patterns []string, cont bool, err error) {
-	return nil, true, hostsfile.Parse(idx, r, nil)
-}
-
-// type check
-var _ hostsfile.Set = (*hostsIndex)(nil)
-
-// Add implements the [hostsfile.Set] interface for *hostsIndex.
-func (idx *hostsIndex) Add(rec *hostsfile.Record) {
-	idx.addrs[rec.Addr] = append(idx.addrs[rec.Addr], rec)
-	for _, name := range rec.Names {
-		idx.names[name] = append(idx.names[name], rec)
-	}
-}
-
-// type check
-var _ hostsfile.HandleSet = (*hostsIndex)(nil)
-
-// HandleInvalid implements the [hostsfile.HandleSet] interface for *hostsIndex.
-func (idx *hostsIndex) HandleInvalid(src string, _ []byte, err error) {
-	lineErr := &hostsfile.LineError{}
-	if !errors.As(err, &lineErr) {
-		// Must not happen if idx passed to [hostsfile.Parse].
-		return
-	} else if errors.Is(lineErr, hostsfile.ErrEmptyLine) {
-		// Ignore empty lines.
-		return
-	}
-
-	log.Info("%s: warning: parsing %q: %s", hostsContainerPrefix, src, lineErr)
-}
-
-// equalRecs is an equality function for [*hostsfile.Record].
-func equalRecs(a, b *hostsfile.Record) (ok bool) {
-	return a.Addr == b.Addr && a.Source == b.Source && slices.Equal(a.Names, b.Names)
-}
-
-// equalRecSlices is an equality function for slices of [*hostsfile.Record].
-func equalRecSlices(a, b []*hostsfile.Record) (ok bool) { return slices.EqualFunc(a, b, equalRecs) }
-
-// Equal returns true if indexes are equal.
-func (idx *hostsIndex) Equal(other *hostsIndex) (ok bool) {
-	if idx == nil {
-		return other == nil
-	} else if other == nil {
-		return false
-	}
-
-	return maps.EqualFunc(idx.addrs, other.addrs, equalRecSlices)
-}
-
 // refresh gets the data from specified files and propagates the updates if
 // needed.
 //
@@ -294,63 +205,22 @@ func (idx *hostsIndex) Equal(other *hostsIndex) (ok bool) {
 func (hc *HostsContainer) refresh() (err error) {
 	log.Debug("%s: refreshing", hostsContainerPrefix)
 
-	var addrLen, nameLen int
-	last := hc.current.Load()
-	if last != nil {
-		addrLen, nameLen = len(last.addrs), len(last.names)
-	}
-	idx := &hostsIndex{
-		addrs: make(Hosts, addrLen),
-		names: make(map[string][]*hostsfile.Record, nameLen),
-	}
-
-	_, err = aghos.FileWalker(idx.walk).Walk(hc.fsys, hc.patterns...)
+	// The error is always nil here since no readers passed.
+	strg, _ := hostsfile.NewDefaultStorage()
+	_, err = aghos.FileWalker(func(r io.Reader) (patterns []string, cont bool, err error) {
+		// Don't wrap the error since it's already informative enough as is.
+		return nil, true, hostsfile.Parse(strg, r, nil)
+	}).Walk(hc.fsys, hc.patterns...)
 	if err != nil {
 		// Don't wrap the error since it's informative enough as is.
 		return err
 	}
 
-	// TODO(e.burkov):  Serialize updates using time.
-	if !last.Equal(idx) {
-		hc.current.Store(idx)
-		hc.sendUpd(idx.addrs)
+	// TODO(e.burkov):  Serialize updates using [time.Time].
+	if !hc.current.Load().Equal(strg) {
+		hc.current.Store(strg)
+		hc.sendUpd(strg)
 	}
 
 	return nil
 }
-
-// type check
-var _ upstream.Resolver = (*HostsContainer)(nil)
-
-// LookupNetIP implements the [upstream.Resolver] interface for *HostsContainer.
-func (hc *HostsContainer) LookupNetIP(
-	ctx context.Context,
-	network string,
-	hostname string,
-) (addrs []netip.Addr, err error) {
-	// TODO(e.burkov):  Think of extracting this logic to a golibs function if
-	// needed anywhere else.
-	var isDesiredProto func(ip netip.Addr) (ok bool)
-	switch network {
-	case "ip4":
-		isDesiredProto = (netip.Addr).Is4
-	case "ip6":
-		isDesiredProto = (netip.Addr).Is6
-	case "ip":
-		isDesiredProto = func(ip netip.Addr) (ok bool) { return true }
-	default:
-		return nil, fmt.Errorf("unsupported network: %q", network)
-	}
-
-	idx := hc.current.Load()
-	recs := idx.names[strings.ToLower(hostname)]
-
-	addrs = make([]netip.Addr, 0, len(recs))
-	for _, rec := range recs {
-		if isDesiredProto(rec.Addr) {
-			addrs = append(addrs, rec.Addr)
-		}
-	}
-
-	return slices.Clip(addrs), nil
-}

internal/aghnet/hostscontainer_linux.go

@@ -1,17 +0,0 @@
-//go:build linux
-
-package aghnet
-
-import (
-	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-)
-
-func defaultHostsPaths() (paths []string) {
-	paths = []string{"etc/hosts"}
-
-	if aghos.IsOpenWrt() {
-		paths = append(paths, "tmp/hosts")
-	}
-
-	return paths
-}

internal/aghnet/hostscontainer_others.go

@@ -1,7 +0,0 @@
-//go:build !(windows || linux)
-
-package aghnet
-
-func defaultHostsPaths() (paths []string) {
-	return []string{"etc/hosts"}
-}

internal/aghnet/hostscontainer_test.go

@@ -3,13 +3,11 @@ package aghnet_test
 import (
 	"net/netip"
 	"path"
-	"path/filepath"
 	"sync/atomic"
 	"testing"
 	"testing/fstest"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghchan"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
 	"github.com/AdguardTeam/golibs/errors"
@@ -20,139 +18,6 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-// nl is a newline character.
-const nl = "\n"
-
-// Variables mirroring the etc_hosts file from testdata.
-var (
-	addr1000 = netip.MustParseAddr("1.0.0.0")
-	addr1001 = netip.MustParseAddr("1.0.0.1")
-	addr1002 = netip.MustParseAddr("1.0.0.2")
-	addr1003 = netip.MustParseAddr("1.0.0.3")
-	addr1004 = netip.MustParseAddr("1.0.0.4")
-	addr1357 = netip.MustParseAddr("1.3.5.7")
-	addr4216 = netip.MustParseAddr("4.2.1.6")
-	addr7531 = netip.MustParseAddr("7.5.3.1")
-
-	addr0  = netip.MustParseAddr("::")
-	addr1  = netip.MustParseAddr("::1")
-	addr2  = netip.MustParseAddr("::2")
-	addr3  = netip.MustParseAddr("::3")
-	addr4  = netip.MustParseAddr("::4")
-	addr42 = netip.MustParseAddr("::42")
-	addr13 = netip.MustParseAddr("::13")
-	addr31 = netip.MustParseAddr("::31")
-
-	hostsSrc = "./" + filepath.Join("./testdata", "etc_hosts")
-
-	testHosts = map[netip.Addr][]*hostsfile.Record{
-		addr1000: {{
-			Addr:   addr1000,
-			Source: hostsSrc,
-			Names:  []string{"hello", "hello.world"},
-		}, {
-			Addr:   addr1000,
-			Source: hostsSrc,
-			Names:  []string{"hello.world.again"},
-		}, {
-			Addr:   addr1000,
-			Source: hostsSrc,
-			Names:  []string{"hello.world"},
-		}},
-		addr1001: {{
-			Addr:   addr1001,
-			Source: hostsSrc,
-			Names:  []string{"simplehost"},
-		}, {
-			Addr:   addr1001,
-			Source: hostsSrc,
-			Names:  []string{"simplehost"},
-		}},
-		addr1002: {{
-			Addr:   addr1002,
-			Source: hostsSrc,
-			Names:  []string{"a.whole", "lot.of", "aliases", "for.testing"},
-		}},
-		addr1003: {{
-			Addr:   addr1003,
-			Source: hostsSrc,
-			Names:  []string{"*"},
-		}},
-		addr1004: {{
-			Addr:   addr1004,
-			Source: hostsSrc,
-			Names:  []string{"*.com"},
-		}},
-		addr1357: {{
-			Addr:   addr1357,
-			Source: hostsSrc,
-			Names:  []string{"domain4", "domain4.alias"},
-		}},
-		addr7531: {{
-			Addr:   addr7531,
-			Source: hostsSrc,
-			Names:  []string{"domain4.alias", "domain4"},
-		}},
-		addr4216: {{
-			Addr:   addr4216,
-			Source: hostsSrc,
-			Names:  []string{"domain", "domain.alias"},
-		}},
-		addr0: {{
-			Addr:   addr0,
-			Source: hostsSrc,
-			Names:  []string{"hello", "hello.world"},
-		}, {
-			Addr:   addr0,
-			Source: hostsSrc,
-			Names:  []string{"hello.world.again"},
-		}, {
-			Addr:   addr0,
-			Source: hostsSrc,
-			Names:  []string{"hello.world"},
-		}},
-		addr1: {{
-			Addr:   addr1,
-			Source: hostsSrc,
-			Names:  []string{"simplehost"},
-		}, {
-			Addr:   addr1,
-			Source: hostsSrc,
-			Names:  []string{"simplehost"},
-		}},
-		addr2: {{
-			Addr:   addr2,
-			Source: hostsSrc,
-			Names:  []string{"a.whole", "lot.of", "aliases", "for.testing"},
-		}},
-		addr3: {{
-			Addr:   addr3,
-			Source: hostsSrc,
-			Names:  []string{"*"},
-		}},
-		addr4: {{
-			Addr:   addr4,
-			Source: hostsSrc,
-			Names:  []string{"*.com"},
-		}},
-		addr42: {{
-			Addr:   addr42,
-			Source: hostsSrc,
-			Names:  []string{"domain.alias", "domain"},
-		}},
-		addr13: {{
-			Addr:   addr13,
-			Source: hostsSrc,
-			Names:  []string{"domain6", "domain6.alias"},
-		}},
-		addr31: {{
-			Addr:   addr31,
-			Source: hostsSrc,
-			Names:  []string{"domain6.alias", "domain6"},
-		}},
-	}
-)
-
 func TestNewHostsContainer(t *testing.T) {
 	const dirname = "dir"
 	const filename = "file1"
@@ -202,6 +67,7 @@ func TestNewHostsContainer(t *testing.T) {
 			}
 
 			hc, err := aghnet.NewHostsContainer(testFS, &aghtest.FSWatcher{
+				OnStart:  func() (_ error) { panic("not implemented") },
 				OnEvents: onEvents,
 				OnAdd:    onAdd,
 				OnClose:  func() (err error) { return nil },
@@ -228,6 +94,7 @@ func TestNewHostsContainer(t *testing.T) {
 	t.Run("nil_fs", func(t *testing.T) {
 		require.Panics(t, func() {
 			_, _ = aghnet.NewHostsContainer(nil, &aghtest.FSWatcher{
+				OnStart: func() (_ error) { panic("not implemented") },
 				// Those shouldn't panic.
 				OnEvents: func() (e <-chan struct{}) { return nil },
 				OnAdd:    func(name string) (err error) { return nil },
@@ -246,6 +113,7 @@ func TestNewHostsContainer(t *testing.T) {
 		const errOnAdd errors.Error = "error"
 
 		errWatcher := &aghtest.FSWatcher{
+			OnStart:  func() (_ error) { panic("not implemented") },
 			OnEvents: func() (e <-chan struct{}) { panic("not implemented") },
 			OnAdd:    func(name string) (err error) { return errOnAdd },
 			OnClose:  func() (err error) { return nil },
@@ -267,7 +135,21 @@ func TestHostsContainer_refresh(t *testing.T) {
 	anotherIPStr := "1.2.3.4"
 	anotherIP := netip.MustParseAddr(anotherIPStr)
 
-	testFS := fstest.MapFS{"dir/file1": &fstest.MapFile{Data: []byte(ipStr + ` hostname` + nl)}}
+	r1 := &hostsfile.Record{
+		Addr:   ip,
+		Source: "file1",
+		Names:  []string{"hostname"},
+	}
+	r2 := &hostsfile.Record{
+		Addr:   anotherIP,
+		Source: "file2",
+		Names:  []string{"alias"},
+	}
+
+	r1Data, _ := r1.MarshalText()
+	r2Data, _ := r2.MarshalText()
+
+	testFS := fstest.MapFS{"dir/file1": &fstest.MapFile{Data: r1Data}}
 
 	// event is a convenient alias for an empty struct{} to emit test events.
 	type event = struct{}
@@ -276,6 +158,7 @@ func TestHostsContainer_refresh(t *testing.T) {
 	t.Cleanup(func() { close(eventsCh) })
 
 	w := &aghtest.FSWatcher{
+		OnStart:  func() (_ error) { panic("not implemented") },
 		OnEvents: func() (e <-chan event) { return eventsCh },
 		OnAdd: func(name string) (err error) {
 			assert.Equal(t, "dir", name)
@@ -289,172 +172,47 @@ func TestHostsContainer_refresh(t *testing.T) {
 	require.NoError(t, err)
 	testutil.CleanupAndRequireSuccess(t, hc.Close)
 
-	checkRefresh := func(t *testing.T, want aghnet.Hosts) {
-		t.Helper()
-
-		upd, ok := aghchan.MustReceive(hc.Upd(), 1*time.Second)
-		require.True(t, ok)
-
-		assert.Equal(t, want, upd)
-	}
+	strg, _ := hostsfile.NewDefaultStorage()
+	strg.Add(r1)
 
 	t.Run("initial_refresh", func(t *testing.T) {
-		checkRefresh(t, aghnet.Hosts{
-			ip: {{
-				Addr:   ip,
-				Source: "file1",
-				Names:  []string{"hostname"},
-			}},
-		})
+		upd, ok := testutil.RequireReceive(t, hc.Upd(), 1*time.Second)
+		require.True(t, ok)
+
+		assert.True(t, strg.Equal(upd))
 	})
 
+	strg.Add(r2)
+
 	t.Run("second_refresh", func(t *testing.T) {
-		testFS["dir/file2"] = &fstest.MapFile{Data: []byte(anotherIPStr + ` alias` + nl)}
+		testFS["dir/file2"] = &fstest.MapFile{Data: r2Data}
 		eventsCh <- event{}
 
-		checkRefresh(t, aghnet.Hosts{
-			ip: {{
-				Addr:   ip,
-				Source: "file1",
-				Names:  []string{"hostname"},
-			}},
-			anotherIP: {{
-				Addr:   anotherIP,
-				Source: "file2",
-				Names:  []string{"alias"},
-			}},
-		})
+		upd, ok := testutil.RequireReceive(t, hc.Upd(), 1*time.Second)
+		require.True(t, ok)
+
+		assert.True(t, strg.Equal(upd))
 	})
 
 	t.Run("double_refresh", func(t *testing.T) {
 		// Make a change once.
-		testFS["dir/file1"] = &fstest.MapFile{Data: []byte(ipStr + ` alias` + nl)}
+		testFS["dir/file1"] = &fstest.MapFile{Data: []byte(ipStr + " alias\n")}
 		eventsCh <- event{}
 
 		// Require the changes are written.
-		require.Eventually(t, func() bool {
-			ips := hc.MatchName("hostname")
+		current, ok := testutil.RequireReceive(t, hc.Upd(), 1*time.Second)
+		require.True(t, ok)
 
-			return len(ips) == 0
-		}, 5*time.Second, time.Second/2)
+		require.Empty(t, current.ByName("hostname"))
 
 		// Make a change again.
-		testFS["dir/file2"] = &fstest.MapFile{Data: []byte(ipStr + ` hostname` + nl)}
+		testFS["dir/file2"] = &fstest.MapFile{Data: []byte(ipStr + " hostname\n")}
 		eventsCh <- event{}
 
 		// Require the changes are written.
-		require.Eventually(t, func() bool {
-			ips := hc.MatchName("hostname")
+		current, ok = testutil.RequireReceive(t, hc.Upd(), 1*time.Second)
+		require.True(t, ok)
 
-			return len(ips) > 0
-		}, 5*time.Second, time.Second/2)
-
-		assert.Len(t, hc.Upd(), 1)
+		require.NotEmpty(t, current.ByName("hostname"))
 	})
 }
-
-func TestHostsContainer_MatchName(t *testing.T) {
-	require.NoError(t, fstest.TestFS(testdata, "etc_hosts"))
-
-	stubWatcher := aghtest.FSWatcher{
-		OnEvents: func() (e <-chan struct{}) { return nil },
-		OnAdd:    func(name string) (err error) { return nil },
-		OnClose:  func() (err error) { return nil },
-	}
-
-	testCases := []struct {
-		req  string
-		name string
-		want []*hostsfile.Record
-	}{{
-		req:  "simplehost",
-		name: "simple",
-		want: append(testHosts[addr1001], testHosts[addr1]...),
-	}, {
-		req:  "hello.world",
-		name: "hello_alias",
-		want: []*hostsfile.Record{
-			testHosts[addr1000][0],
-			testHosts[addr1000][2],
-			testHosts[addr0][0],
-			testHosts[addr0][2],
-		},
-	}, {
-		req:  "hello.world.again",
-		name: "other_line_alias",
-		want: []*hostsfile.Record{
-			testHosts[addr1000][1],
-			testHosts[addr0][1],
-		},
-	}, {
-		req:  "say.hello",
-		name: "hello_subdomain",
-		want: nil,
-	}, {
-		req:  "say.hello.world",
-		name: "hello_alias_subdomain",
-		want: nil,
-	}, {
-		req:  "for.testing",
-		name: "lots_of_aliases",
-		want: append(testHosts[addr1002], testHosts[addr2]...),
-	}, {
-		req:  "nonexistent.example",
-		name: "non-existing",
-		want: nil,
-	}, {
-		req:  "domain",
-		name: "issue_4216_4_6",
-		want: append(testHosts[addr4216], testHosts[addr42]...),
-	}, {
-		req:  "domain4",
-		name: "issue_4216_4",
-		want: append(testHosts[addr1357], testHosts[addr7531]...),
-	}, {
-		req:  "domain6",
-		name: "issue_4216_6",
-		want: append(testHosts[addr13], testHosts[addr31]...),
-	}}
-
-	hc, err := aghnet.NewHostsContainer(testdata, &stubWatcher, "etc_hosts")
-	require.NoError(t, err)
-	testutil.CleanupAndRequireSuccess(t, hc.Close)
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			recs := hc.MatchName(tc.req)
-			assert.Equal(t, tc.want, recs)
-		})
-	}
-}
-
-func TestHostsContainer_MatchAddr(t *testing.T) {
-	require.NoError(t, fstest.TestFS(testdata, "etc_hosts"))
-
-	stubWatcher := aghtest.FSWatcher{
-		OnEvents: func() (e <-chan struct{}) { return nil },
-		OnAdd:    func(name string) (err error) { return nil },
-		OnClose:  func() (err error) { return nil },
-	}
-
-	hc, err := aghnet.NewHostsContainer(testdata, &stubWatcher, "etc_hosts")
-	require.NoError(t, err)
-	testutil.CleanupAndRequireSuccess(t, hc.Close)
-
-	testCases := []struct {
-		req  netip.Addr
-		name string
-		want []*hostsfile.Record
-	}{{
-		req:  netip.AddrFrom4([4]byte{1, 0, 0, 1}),
-		name: "reverse",
-		want: testHosts[addr1001],
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			recs := hc.MatchAddr(tc.req)
-			assert.Equal(t, tc.want, recs)
-		})
-	}
-}

internal/aghnet/hostscontainer_windows.go

@@ -1,32 +0,0 @@
-//go:build windows
-
-package aghnet
-
-import (
-	"os"
-	"path"
-	"path/filepath"
-	"strings"
-
-	"github.com/AdguardTeam/golibs/log"
-	"golang.org/x/sys/windows"
-)
-
-func defaultHostsPaths() (paths []string) {
-	sysDir, err := windows.GetSystemDirectory()
-	if err != nil {
-		log.Error("aghnet: getting system directory: %s", err)
-
-		return []string{}
-	}
-
-	// Split all the elements of the path to join them afterwards.  This is
-	// needed to make the Windows-specific path string returned by
-	// windows.GetSystemDirectory to be compatible with fs.FS.
-	pathElems := strings.Split(sysDir, string(os.PathSeparator))
-	if len(pathElems) > 0 && pathElems[0] == filepath.VolumeName(sysDir) {
-		pathElems = pathElems[1:]
-	}
-
-	return []string{path.Join(append(pathElems, "drivers/etc/hosts")...)}
-}

internal/aghnet/ignore.go

@@ -1,11 +1,11 @@
 package aghnet
 
 import (
+	"slices"
 	"strings"
 
 	"github.com/AdguardTeam/urlfilter"
 	"github.com/AdguardTeam/urlfilter/filterlist"
-	"golang.org/x/exp/slices"
 )
 
 // IgnoreEngine contains the list of rules for ignoring hostnames and matches

internal/aghnet/net.go

@@ -17,6 +17,7 @@ import (
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/osutil"
 )
 
 // DialContextFunc is the semantic alias for dialing functions, such as
@@ -32,7 +33,7 @@ var (
 	netInterfaceAddrs = net.InterfaceAddrs
 
 	// rootDirFS is the filesystem pointing to the root directory.
-	rootDirFS = aghos.RootDirFS()
+	rootDirFS = osutil.RootDirFS()
 )
 
 // ErrNoStaticIPInfo is returned by IfaceHasStaticIP when no information about

internal/aghnet/net_test.go

@@ -1,11 +1,9 @@
 package aghnet_test
 
 import (
-	"io/fs"
 	"net"
 	"net/netip"
 	"net/url"
-	"os"
 	"testing"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
@@ -18,9 +16,6 @@ func TestMain(m *testing.M) {
 	testutil.DiscardLogOutput(m)
 }
 
-// testdata is the filesystem containing data for testing the package.
-var testdata fs.FS = os.DirFS("./testdata")
-
 func TestParseAddrPort(t *testing.T) {
 	const defaultPort = 1
 

internal/aghnet/testdata/etc_hosts

@@ -1,38 +0,0 @@
-#
-# Test /etc/hosts file
-#
-
-1.0.0.1 simplehost
-1.0.0.0 hello hello.world
-
-# See https://github.com/AdguardTeam/AdGuardHome/issues/3846.
-1.0.0.2 a.whole lot.of aliases for.testing
-
-# See https://github.com/AdguardTeam/AdGuardHome/issues/3946.
-1.0.0.3 *
-1.0.0.4 *.com
-
-# See https://github.com/AdguardTeam/AdGuardHome/issues/4079.
-1.0.0.0 hello.world.again
-
-# Duplicates of a main host and an alias.
-1.0.0.1 simplehost
-1.0.0.0 hello.world
-
-# Same for IPv6.
-::1 simplehost
-::  hello hello.world
-::2 a.whole lot.of aliases for.testing
-::3 *
-::4 *.com
-::  hello.world.again
-::1 simplehost
-::  hello.world
-
-# See https://github.com/AdguardTeam/AdGuardHome/issues/4216.
-4.2.1.6 domain domain.alias
-::42    domain.alias domain
-1.3.5.7 domain4 domain4.alias
-7.5.3.1 domain4.alias domain4
-::13    domain6 domain6.alias
-::31    domain6.alias domain6

internal/aghnet/testdata/ifaces

@@ -1 +0,0 @@
-iface sample_name inet static

internal/aghnet/testdata/include-subsources

@@ -1,5 +0,0 @@
-# The "testdata" part is added here because the test is actually run from the
-# parent directory.  Real interface files usually contain only absolute paths.
-
-source ./testdata/ifaces
-source ./testdata/*

internal/aghos/filewalker.go

@@ -5,8 +5,8 @@ import (
 	"io"
 	"io/fs"
 
+	"github.com/AdguardTeam/golibs/container"
 	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/stringutil"
 )
 
 // FileWalker is the signature of a function called for files in the file tree.
@@ -56,7 +56,7 @@ func checkFile(
 // srcSet.  srcSet must be non-nil.
 func handlePatterns(
 	fsys fs.FS,
-	srcSet *stringutil.Set,
+	srcSet *container.MapSet[string],
 	patterns ...string,
 ) (sub []string, err error) {
 	sub = make([]string, 0, len(patterns))
@@ -87,7 +87,7 @@ func handlePatterns(
 func (fw FileWalker) Walk(fsys fs.FS, initial ...string) (ok bool, err error) {
 	// The slice of sources keeps the order in which the files are walked since
 	// srcSet.Values() returns strings in undefined order.
-	srcSet := stringutil.NewSet()
+	srcSet := container.NewMapSet[string]()
 	var src []string
 	src, err = handlePatterns(fsys, srcSet, initial...)
 	if err != nil {
@@ -97,6 +97,8 @@ func (fw FileWalker) Walk(fsys fs.FS, initial ...string) (ok bool, err error) {
 	var filename string
 	defer func() { err = errors.Annotate(err, "checking %q: %w", filename) }()
 
+	// TODO(e.burkov):  Redo this loop, as it modifies the very same slice it
+	// iterates over.
 	for i := 0; i < len(src); i++ {
 		var patterns []string
 		var cont bool

internal/aghos/fswatcher.go

@@ -6,8 +6,10 @@ import (
 	"io/fs"
 	"path/filepath"
 
+	"github.com/AdguardTeam/golibs/container"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/osutil"
 	"github.com/fsnotify/fsnotify"
 )
 
@@ -18,31 +20,38 @@ type event = struct{}
 // FSWatcher tracks all the fyle system events and notifies about those.
 //
 // TODO(e.burkov, a.garipov): Move into another package like aghfs.
+//
+// TODO(e.burkov):  Add tests.
 type FSWatcher interface {
+	// Start starts watching the added files.
+	Start() (err error)
+
+	// Close stops watching the files and closes an update channel.
 	io.Closer
 
-	// Events should return a read-only channel which notifies about events.
+	// Events returns the channel to notify about the file system events.
 	Events() (e <-chan event)
 
-	// Add should check if the file named name is accessible and starts tracking
-	// it.
+	// Add starts tracking the file.  It returns an error if the file can't be
+	// tracked.  It must not be called after Start.
 	Add(name string) (err error)
 }
 
 // osWatcher tracks the file system provided by the OS.
 type osWatcher struct {
-	// w is the actual notifier that is handled by osWatcher.
-	w *fsnotify.Watcher
+	// watcher is the actual notifier that is handled by osWatcher.
+	watcher *fsnotify.Watcher
 
 	// events is the channel to notify.
 	events chan event
+
+	// files is the set of tracked files.
+	files *container.MapSet[string]
 }
 
-const (
-	// osWatcherPref is a prefix for logging and wrapping errors in osWathcer's
-	// methods.
-	osWatcherPref = "os watcher"
-)
+// osWatcherPref is a prefix for logging and wrapping errors in osWathcer's
+// methods.
+const osWatcherPref = "os watcher"
 
 // NewOSWritesWatcher creates FSWatcher that tracks the real file system of the
 // OS and notifies only about writing events.
@@ -55,25 +64,27 @@ func NewOSWritesWatcher() (w FSWatcher, err error) {
 		return nil, fmt.Errorf("creating watcher: %w", err)
 	}
 
-	fsw := &osWatcher{
-		w:      watcher,
-		events: make(chan event, 1),
-	}
-
-	go fsw.handleErrors()
-	go fsw.handleEvents()
-
-	return fsw, nil
+	return &osWatcher{
+		watcher: watcher,
+		events:  make(chan event, 1),
+		files:   container.NewMapSet[string](),
+	}, nil
 }
 
-// handleErrors handles accompanying errors.  It used to be called in a separate
-// goroutine.
-func (w *osWatcher) handleErrors() {
-	defer log.OnPanic(fmt.Sprintf("%s: handling errors", osWatcherPref))
+// type check
+var _ FSWatcher = (*osWatcher)(nil)
 
-	for err := range w.w.Errors {
-		log.Error("%s: %s", osWatcherPref, err)
-	}
+// Start implements the FSWatcher interface for *osWatcher.
+func (w *osWatcher) Start() (err error) {
+	go w.handleErrors()
+	go w.handleEvents()
+
+	return nil
+}
+
+// Close implements the FSWatcher interface for *osWatcher.
+func (w *osWatcher) Close() (err error) {
+	return w.watcher.Close()
 }
 
 // Events implements the FSWatcher interface for *osWatcher.
@@ -81,34 +92,42 @@ func (w *osWatcher) Events() (e <-chan event) {
 	return w.events
 }
 
-// Add implements the FSWatcher interface for *osWatcher.
+// Add implements the [FSWatcher] interface for *osWatcher.
 //
 // TODO(e.burkov):  Make it accept non-existing files to detect it's creating.
 func (w *osWatcher) Add(name string) (err error) {
 	defer func() { err = errors.Annotate(err, "%s: %w", osWatcherPref) }()
 
-	if _, err = fs.Stat(RootDirFS(), name); err != nil {
+	fi, err := fs.Stat(osutil.RootDirFS(), name)
+	if err != nil {
 		return fmt.Errorf("checking file %q: %w", name, err)
 	}
 
-	return w.w.Add(filepath.Join("/", name))
-}
+	name = filepath.Join("/", name)
+	w.files.Add(name)
 
-// Close implements the FSWatcher interface for *osWatcher.
-func (w *osWatcher) Close() (err error) {
-	return w.w.Close()
+	// Watch the directory and filter the events by the file name, since the
+	// common recomendation to the fsnotify package is to watch the directory
+	// instead of the file itself.
+	//
+	// See https://pkg.go.dev/github.com/fsnotify/fsnotify@v1.7.0#readme-watching-a-file-doesn-t-work-well.
+	if !fi.IsDir() {
+		name = filepath.Dir(name)
+	}
+
+	return w.watcher.Add(name)
 }
 
 // handleEvents notifies about the received file system's event if needed.  It
-// used to be called in a separate goroutine.
+// is intended to be used as a goroutine.
 func (w *osWatcher) handleEvents() {
 	defer log.OnPanic(fmt.Sprintf("%s: handling events", osWatcherPref))
 
 	defer close(w.events)
 
-	ch := w.w.Events
+	ch := w.watcher.Events
 	for e := range ch {
-		if e.Op&fsnotify.Write == 0 {
+		if e.Op&fsnotify.Write == 0 || !w.files.Has(e.Name) {
 			continue
 		}
 
@@ -131,3 +150,13 @@ func (w *osWatcher) handleEvents() {
 		}
 	}
 }
+
+// handleErrors handles accompanying errors.  It used to be called in a separate
+// goroutine.
+func (w *osWatcher) handleErrors() {
+	defer log.OnPanic(fmt.Sprintf("%s: handling errors", osWatcherPref))
+
+	for err := range w.watcher.Errors {
+		log.Error("%s: %s", osWatcherPref, err)
+	}
+}

internal/aghos/os.go

@@ -7,18 +7,16 @@ import (
 	"bufio"
 	"fmt"
 	"io"
-	"io/fs"
 	"os"
 	"os/exec"
 	"path"
 	"runtime"
+	"slices"
 	"strconv"
 	"strings"
 
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
-	"github.com/AdguardTeam/golibs/mathutil"
-	"golang.org/x/exp/slices"
 )
 
 // UnsupportedError is returned by functions and methods when a particular
@@ -63,7 +61,7 @@ func RunCommand(command string, arguments ...string) (code int, output []byte, e
 	cmd := exec.Command(command, arguments...)
 	out, err := cmd.Output()
 
-	out = out[:mathutil.Min(len(out), MaxCmdOutputSize)]
+	out = out[:min(len(out), MaxCmdOutputSize)]
 
 	if err != nil {
 		if eerr := new(exec.ExitError); errors.As(err, &eerr) {
@@ -142,7 +140,7 @@ func parsePSOutput(r io.Reader, cmdName string, ignore []int) (largest, instNum
 		}
 
 		instNum++
-		largest = mathutil.Max(largest, cur)
+		largest = max(largest, cur)
 	}
 	if err = s.Err(); err != nil {
 		return 0, 0, fmt.Errorf("scanning stdout: %w", err)
@@ -156,33 +154,16 @@ func IsOpenWrt() (ok bool) {
 	return isOpenWrt()
 }
 
-// RootDirFS returns the [fs.FS] rooted at the operating system's root.  On
-// Windows it returns the fs.FS rooted at the volume of the system directory
-// (usually, C:).
-func RootDirFS() (fsys fs.FS) {
-	return rootDirFS()
-}
-
 // NotifyReconfigureSignal notifies c on receiving reconfigure signals.
 func NotifyReconfigureSignal(c chan<- os.Signal) {
 	notifyReconfigureSignal(c)
 }
 
-// NotifyShutdownSignal notifies c on receiving shutdown signals.
-func NotifyShutdownSignal(c chan<- os.Signal) {
-	notifyShutdownSignal(c)
-}
-
 // IsReconfigureSignal returns true if sig is a reconfigure signal.
 func IsReconfigureSignal(sig os.Signal) (ok bool) {
 	return isReconfigureSignal(sig)
 }
 
-// IsShutdownSignal returns true if sig is a shutdown signal.
-func IsShutdownSignal(sig os.Signal) (ok bool) {
-	return isShutdownSignal(sig)
-}
-
 // SendShutdownSignal sends the shutdown signal to the channel.
 func SendShutdownSignal(c chan<- os.Signal) {
 	sendShutdownSignal(c)

internal/aghos/os_linux.go

@@ -7,6 +7,7 @@ import (
 	"os"
 	"syscall"
 
+	"github.com/AdguardTeam/golibs/osutil"
 	"github.com/AdguardTeam/golibs/stringutil"
 )
 
@@ -40,7 +41,7 @@ func isOpenWrt() (ok bool) {
 		}
 
 		return nil, !stringutil.ContainsFold(string(data), osNameData), nil
-	}).Walk(RootDirFS(), etcReleasePattern)
+	}).Walk(osutil.RootDirFS(), etcReleasePattern)
 
 	return err == nil && ok
 }

internal/aghos/os_unix.go

@@ -3,41 +3,20 @@
 package aghos
 
 import (
-	"io/fs"
 	"os"
 	"os/signal"
 
 	"golang.org/x/sys/unix"
 )
 
-func rootDirFS() (fsys fs.FS) {
-	return os.DirFS("/")
-}
-
 func notifyReconfigureSignal(c chan<- os.Signal) {
 	signal.Notify(c, unix.SIGHUP)
 }
 
-func notifyShutdownSignal(c chan<- os.Signal) {
-	signal.Notify(c, unix.SIGINT, unix.SIGQUIT, unix.SIGTERM)
-}
-
 func isReconfigureSignal(sig os.Signal) (ok bool) {
 	return sig == unix.SIGHUP
 }
 
-func isShutdownSignal(sig os.Signal) (ok bool) {
-	switch sig {
-	case
-		unix.SIGINT,
-		unix.SIGQUIT,
-		unix.SIGTERM:
-		return true
-	default:
-		return false
-	}
-}
-
 func sendShutdownSignal(_ chan<- os.Signal) {
 	// On Unix we are already notified by the system.
 }