cherry-pick: all: prepare changelog for v0.106.3 release

Merge in DNS/adguard-home from changelog to master Squashed commit of the following: commit 126119ecbd9062fcce5dec08a13120c828740e28 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed May 19 14:47:55 2021 +0300 all: prepare changelog for v0.106.3 release
cherry-pick: client: fix query log response status error
2021-05-19 15:01:50 +03:00 · 2021-05-19 15:01:46 +03:00 · 2021-05-19 15:00:58 +03:00 · 2021-05-17 17:20:03 +03:00 · 2021-05-17 15:25:30 +03:00 · 2021-05-17 15:00:10 +03:00
185 changed files with 2857 additions and 3422 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,7 +1,7 @@
 'name': 'build'

 'env':
-  'GO_VERSION': '1.16'
+  'GO_VERSION': '1.15'
  'NODE_VERSION': '14'

 'on':
@@ -46,7 +46,7 @@
        'restore-keys': '${{ runner.os }}-go-'
    - 'name': 'Get npm cache directory'
      'id': 'npm-cache'
-      'run': 'echo "::set-output name=dir::$( npm config get cache )"'
+      'run': 'echo "::set-output name=dir::$(npm config get cache)"'
    - 'name': 'Set up npm cache'
      'uses': 'actions/cache@v2'
      'with':
@@ -62,7 +62,6 @@
      'with':
        'token': '${{ secrets.CODECOV_TOKEN }}'
        'file': './coverage.txt'
-
  'build-release':
    'runs-on': 'ubuntu-latest'
    'needs': 'test'
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -1,8 +1,4 @@
 'name': 'lint'
-
-'env':
-  'GO_VERSION': '1.16'
-
 'on':
  'push':
    'tags':
@@ -10,20 +6,14 @@
    'branches':
    - '*'
  'pull_request':
-
 'jobs':
  'go-lint':
    'runs-on': 'ubuntu-latest'
    'steps':
    - 'uses': 'actions/checkout@v2'
-    - 'name': 'Set up Go'
-      'uses': 'actions/setup-go@v2'
-      'with':
-        'go-version': '${{ env.GO_VERSION }}'
    - 'name': 'run-lint'
      'run': >
        make go-deps go-tools go-lint
-
  'eslint':
    'runs-on': 'ubuntu-latest'
    'steps':
@@ -32,7 +22,6 @@
      'run': 'npm --prefix="./client" ci'
    - 'name': 'Run ESLint'
      'run': 'npm --prefix="./client" run lint'
-
  'notify':
    'needs':
    - 'go-lint'
--- a/.gitignore
+++ b/.gitignore
@@ -4,18 +4,18 @@
 #
 # See https://stackoverflow.com/a/7335487/1892060.
 #
-# Only build, run, and test outputs here.  Sorted.  With negations at the
-# bottom to make sure they take effect.
+# Only build, run, and test outputs here.  Sorted.
+*-packr.go
 *.db
 *.log
 *.snap
 /bin/
-/build/*
-/build2/*
+/build/
+/build2/
 /data/
 /dist/
-/filtering/tests/filtering.TestLotsOfRules*.pprof
-/filtering/tests/top-1m.csv
+/dnsfilter/tests/dnsfilter.TestLotsOfRules*.pprof
+/dnsfilter/tests/top-1m.csv
 /launchpad_credentials
 /querylog.json*
 /snapcraft_login
@@ -23,6 +23,3 @@ AdGuardHome*
 coverage.txt
 leases.db
 node_modules/
-
-!/build/gitkeep
-!/build2/gitkeep
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,53 +13,6 @@ and this project adheres to
 ## [v0.107.0] - 2021-06-28 (APPROX.)
 -->

-### Added
-
- `darwin/arm64` support ([#2443]).
- `freebsd/arm64` support ([#2441]).
- Output of the default addresses of the upstreams used for resolving PTRs for
-  private addresses ([#3136]).
- Detection and handling of recurrent PTR requests for locally-served addresses
-  ([#3185]).
- The ability to completely disable reverse DNS resolving of IPs from
-  locally-served networks ([#3184]).
- New flag `--local-frontend` to serve dinamically changeable frontend files
-  from disk as opposed to the ones that were compiled into the binary.
-
-### Changed
-
- Permissions on filter files are now `0o644` instead of `0o600` ([#3198]).
-
-### Deprecated
-
-<!--
-TODO(a.garipov): Remove the Go 1.16 deprecation message if Go 1.17 is not
-released by then.
-->
-
- Go 1.16 support.  v0.108.0 will require at least Go 1.17 to build.
-
-### Fixed
-
- Domain name case in responses ([#3194]).
- Custom upstreams selection for clients with client IDs in DNS-over-TLS and
-  DNS-over-HTTP ([#3186]).
- Incorrect client-based filtering applying logic ([#2875]).
-
-### Removed
-
- Go 1.15 support.
-
-[#2441]: https://github.com/AdguardTeam/AdGuardHome/issues/2441
-[#2443]: https://github.com/AdguardTeam/AdGuardHome/issues/2443
-[#3184]: https://github.com/AdguardTeam/AdGuardHome/issues/3184
-[#3185]: https://github.com/AdguardTeam/AdGuardHome/issues/3185
-[#3186]: https://github.com/AdguardTeam/AdGuardHome/issues/3186
-[#3194]: https://github.com/AdguardTeam/AdGuardHome/issues/3194
-[#3198]: https://github.com/AdguardTeam/AdGuardHome/issues/3198
-
-
-
 ## [v0.106.3] - 2021-05-19

 ### Added
--- a/HACKING.md
+++ b/HACKING.md
@@ -1,9 +1,9 @@
 #  AdGuard Home Developer Guidelines

-Following this document is obligatory for all new code.  Some of the rules
-aren't enforced as thoroughly or remain broken in old code, but this is still
-the place to find out about what we **want** our code to look like and how to
-improve it.
+As of **March 2021**, following this document is obligatory for all new code.
+Some of the rules aren't enforced as thoroughly or remain broken in old code,
+but this is still the place to find out about what we **want** our code to look
+like and how to improve it.

 The rules are mostly sorted in the alphabetical order.

@@ -21,7 +21,6 @@ The rules are mostly sorted in the alphabetical order.
     *  [Recommended Reading](#recommended-reading)
 *  [Markdown](#markdown)
 *  [Shell Scripting](#shell-scripting)
-     *  [Shell Conditionals](#shell-cond)
 *  [Text, Including Comments](#text-including-comments)
 *  [YAML](#yaml)

@@ -66,11 +65,10 @@ on GitHub and most other Markdown renderers. -->
 ###  <a id="code" href="#code">Code</a>

 *  Always `recover` from panics in new goroutines.  Preferably in the very
-    first statement.  If all you want there is a log message, use `log.OnPanic`.
+    first statement.  If all you want there is a log message, use
+    `agherr.LogPanic`.

- *  Avoid `fallthrough`.  It makes it harder to rearrange `case`s, to reason
-    about the code, and also to switch the code to a handler approach, if that
-    becomes necessary later.
+ *  Avoid `errors.New`, use `aghnet.Error` instead.

 *  Avoid `goto`.

@@ -97,9 +95,6 @@ on GitHub and most other Markdown renderers. -->
 *  Constructors should validate their arguments and return meaningful errors.
    As a corollary, avoid lazy initialization.

- *  Define `MarshalFoo` methods on non-pointer receivers, as pointer receivers
-    [can have surprising results][staticcheck-911].
-
 *  Don't mix horizontal and vertical placement of arguments in function and
    method calls.  That is, either this:

@@ -291,10 +286,9 @@ on GitHub and most other Markdown renderers. -->

 *  <https://go-proverbs.github.io/>

+[constant errors]:          https://dave.cheney.net/2016/04/07/constant-errors
 [Linus said]:               https://www.kernel.org/doc/html/v4.17/process/coding-style.html#indentation
 [Text, Including Comments]: #text-including-comments
-[constant errors]:          https://dave.cheney.net/2016/04/07/constant-errors
-[staticcheck-911]:          https://github.com/dominikh/go-tools/issues/911



@@ -317,26 +311,6 @@ on GitHub and most other Markdown renderers. -->

 *  Avoid spaces between patterns of the same `case` condition.

- *  `export` and `readonly` should be used separately from variable assignment,
-    because otherwise failures in command substitutions won't stop the script.
-    That is, do this:
-
-    ```sh
-    X="$( echo 42 )"
-    export X
-    ```
-
-    And **not** this:
-
-    ```sh
-    # Bad!
-    export X="$( echo 42 )"
-    ```
-
- *  If a binary value is needed, use `0` for `false`, and `1` for `true`.
-
- *  Mark every variable that shouldn't change later as `readonly`.
-
 *  Prefer `'raw strings'` to `"double quoted strings"` whenever possible.

 *  Put spaces within `$( cmd )`, `$(( expr ))`, and `{ cmd; }`.
@@ -352,6 +326,8 @@ on GitHub and most other Markdown renderers. -->
 *  UPPERCASE names for external exported variables, lowercase for local,
    unexported ones.

+ *  Use `readonly` liberally.
+
 *  Use `set -e -f -u` and also `set -x` in verbose mode.

 *  Use the `"$var"` form instead of the `$var` form, unless word splitting is
@@ -375,23 +351,14 @@ on GitHub and most other Markdown renderers. -->
    dir="${TOP_DIR}"/sub
    ```

- ###  <a id="shell-cond" href="#shell-cond">Shell Conditionals</a>
-
-Guidelines and agreements for using command `test`, also known as `[`:
-
- *  Prefer the `!= ''` form instead of using `-n` to check if string is empty.
-
- *  Spell compound conditions with `&&`, `||`, and `!` **outside** of `test`
-    instead of `-a`, `-o`, and `!` **inside** of `test` correspondingly.  The
-    latter ones are pretty much deprecated in POSIX.
-
-    See also: “[Problems With the `test` Builtin: What Does `-a` Mean?][test]”.
-
- *  Use `=` for strings and `-eq` for numbers to catch typing errors.
-
-[test]: https://www.oilshell.org/blog/2017/08/31.html
+ *  When using `test` (aka `[`), spell compound conditions with `&&`, `||`, and
+    `!` **outside** of `test` instead of `-a`, `-o`, and `!` inside of `test`
+    correspondingly.  The latter ones are pretty much deprecated in POSIX.
+    Also, prefer `!= ''` form instead of `-n` to check if string is empty.

+    See also: “[Problems With the `test` Builtin: What Does `-a` Mean?]”.

+    [Problems With the `test` Builtin: What Does `-a` Mean?]: https://www.oilshell.org/blog/2017/08/31.html

 ##  <a id="text-including-comments" href="#text-including-comments">Text, Including Comments</a>

@@ -429,8 +396,6 @@ Guidelines and agreements for using command `test`, also known as `[`:
    // TODO(usr1, usr2): Fix the frobulation issue.
    ```

-
-
 ##  <a id="yaml" href="#yaml">YAML</a>

 *  **TODO(a.garipov):** Define naming conventions for schema names in our
--- a/19
+++ b/19
@@ -33,21 +33,6 @@ YARN_INSTALL_FLAGS = $(YARN_FLAGS) --network-timeout 120000 --silent\
 	--ignore-engines --ignore-optional --ignore-platform\
 	--ignore-scripts

-# Macros for the build-release target.  If FRONTEND_PREBUILT is 0, the
-# default, the macro $(BUILD_RELEASE_DEPS_$(FRONTEND_PREBUILT)) expands
-# into BUILD_RELEASE_DEPS_0, and so both frontend and backend
-# dependencies are fetched and the frontend is built.  Otherwise, if
-# FRONTEND_PREBUILT is 1, only backend dependencies are fetched and the
-# frontend isn't reuilt.
-#
-# TODO(a.garipov): We could probably do that from .../build-release.sh,
-# but that would mean either calling make from inside make or
-# duplicating commands in two places, both of which don't seem to me
-# like nice solutions.
-FRONTEND_PREBUILT = 0
-BUILD_RELEASE_DEPS_0 = deps js-build
-BUILD_RELEASE_DEPS_1 = go-deps
-
 ENV = env\
 	COMMIT='$(COMMIT)'\
 	CHANNEL='$(CHANNEL)'\
@@ -80,7 +65,7 @@ test: js-test go-test
 # expand to something like "C:/Program Files/Git/usr/bin/sh.exe".
 build-docker: ; $(ENV) "$(SHELL)" ./scripts/make/build-docker.sh

-build-release: $(BUILD_RELEASE_DEPS_$(FRONTEND_PREBUILT))
+build-release: deps js-build
 	$(ENV) "$(SHELL)" ./scripts/make/build-release.sh

 clean: ; $(ENV) "$(SHELL)" ./scripts/make/clean.sh
@@ -121,5 +106,3 @@ go-os-check:

 openapi-lint: ; cd ./openapi/ && $(YARN) test
 openapi-show: ; cd ./openapi/ && $(YARN) start
-
-txt-lint:  ; $(ENV) "$(SHELL)" ./scripts/make/txt-lint.sh
--- a/README.md
+++ b/README.md
@@ -185,7 +185,7 @@ Run `make init` to prepare the development environment.

 You will need this to build AdGuard Home:

- * [go](https://golang.org/dl/) v1.16 or later.
+ * [go](https://golang.org/dl/) v1.15 or later.
 * [node.js](https://nodejs.org/en/download/) v10.16.2 or later.
 * [npm](https://www.npmjs.com/) v6.14 or later (temporary requirement, TODO: remove when redesign is finished).
 * [yarn](https://yarnpkg.com/) v1.22.5 or later.
@@ -285,8 +285,7 @@ curl -sSL https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scrip
    * Linux ARM: [32-bit ARMv6](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv6.tar.gz) (recommended for Raspberry Pi), [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv5.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv7.tar.gz)
    * Linux MIPS: [32-bit MIPS](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips_softfloat.tar.gz), [32-bit MIPSLE](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mipsle_softfloat.tar.gz), [64-bit MIPS](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips64_softfloat.tar.gz), [64-bit MIPSLE](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips64le_softfloat.tar.gz)
    * Windows: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_windows_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_windows_386.zip)
-    * macOS: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_386.zip)
-    * macOS ARM: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_arm64.zip)
+    * MacOS: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_386.zip)
    * FreeBSD: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_386.tar.gz)
    * FreeBSD ARM: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv5.tar.gz), [32-bit ARMv6](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv6.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv7.tar.gz)

@@ -295,8 +294,7 @@ curl -sSL https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scrip
    * Linux ARM: [32-bit ARMv6](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_armv6.tar.gz) (recommended for Raspberry Pi), [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_armv5.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_armv7.tar.gz)
    * Linux MIPS: [32-bit MIPS](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mips_softfloat.tar.gz), [32-bit MIPSLE](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mipsle_softfloat.tar.gz), [64-bit MIPS](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mips64_softfloat.tar.gz), [64-bit MIPSLE](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mips64le_softfloat.tar.gz)
    * Windows: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_windows_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_windows_386.zip)
-    * macOS: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_darwin_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_darwin_386.zip)
-    * macOS ARM: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_darwin_arm64.zip)
+    * MacOS: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_darwin_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_darwin_386.zip)
    * FreeBSD: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_386.tar.gz)
    * FreeBSD ARM: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_armv5.tar.gz), [32-bit ARMv6](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_armv6.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_armv7.tar.gz)

@@ -319,7 +317,7 @@ Here is a link to AdGuard Home project: https://crowdin.com/project/adguard-appl
 Here's what you can also do to contribute:

 1. [Look for issues](https://github.com/AdguardTeam/AdGuardHome/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22+) marked as "help wanted".
-2. Actualize the list of *Blocked services*. It can be found in [filtering/blocked.go](https://github.com/AdguardTeam/AdGuardHome/blob/master/internal/filtering/blocked.go).
+2. Actualize the list of *Blocked services*. It it can be found in [dnsfilter/blocked.go](https://github.com/AdguardTeam/AdGuardHome/blob/master/internal/dnsfilter/blocked.go).
 3. Actualize the list of known *trackers*. It it can be found in [client/src/helpers/trackers/adguard.json](https://github.com/AdguardTeam/AdGuardHome/blob/master/client/src/helpers/trackers/adguard.json).
 4. Actualize the list of vetted *blocklists*. It it can be found in [client/src/helpers/filters/filters.json](https://github.com/AdguardTeam/AdGuardHome/blob/master/client/src/helpers/filters/filters.json).

@@ -340,6 +338,7 @@ Here's what you can also do to contribute:
 This software wouldn't have been possible without:

 * [Go](https://golang.org/dl/) and it's libraries:
+   * [packr](https://github.com/gobuffalo/packr)
   * [gcache](https://github.com/bluele/gcache)
   * [miekg's dns](https://github.com/miekg/dns)
   * [go-yaml](https://github.com/go-yaml/yaml)
--- a/bamboo-specs/release.yaml
+++ b/bamboo-specs/release.yaml
@@ -7,7 +7,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
  'channel': 'edge'
-  'dockerGo': 'adguard/golang-ubuntu:3.1'
+  'dockerGo': 'adguard/golang-ubuntu:2.0'

 'stages':
 - 'Make release':
@@ -152,9 +152,7 @@

        cd ./dist/

-        CHANNEL="${bamboo.channel}"
-        export CHANNEL
-
+        export CHANNEL="${bamboo.channel}"
        ../bamboo-deploy-publisher/deploy.sh adguard-home-"$CHANNEL"
  'final-tasks':
  - 'clean'
@@ -266,7 +264,7 @@
    # need to build a few of these.
    'variables':
      'channel': 'beta'
-      'dockerGo': 'adguard/golang-ubuntu:3.1'
+      'dockerGo': 'adguard/golang-ubuntu:2.0'
 # release-vX.Y.Z branches are the branches from which the actual final release
 # is built.
 - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
@@ -276,4 +274,4 @@
    # are the ones that actually get released.
    'variables':
      'channel': 'release'
-      'dockerGo': 'adguard/golang-ubuntu:3.1'
+      'dockerGo': 'adguard/golang-ubuntu:2.0'
--- a/bamboo-specs/test.yaml
+++ b/bamboo-specs/test.yaml
@@ -5,7 +5,7 @@
  'key': 'AHBRTSPECS'
  'name': 'AdGuard Home - Build and run tests'
 'variables':
-  'dockerGo': 'adguard/golang-ubuntu:3.1'
+  'dockerGo': 'adguard/golang-ubuntu:2.0'

 'stages':
 - 'Tests':
--- a/build/gitkeep
+++ b/build/gitkeep
@@ -1 +0,0 @@
-Keep this file non-hidden for Go's embedding to work.
--- a/build2/gitkeep
+++ b/build2/gitkeep
@@ -1 +0,0 @@
-Keep this file non-hidden for Go's embedding to work.
--- a/changelog.config.js
+++ b/changelog.config.js
@@ -18,7 +18,7 @@ module.exports = {
        "",
        "ui",
        "global",
-        "filtering",
+        "dnsfilter",
        "home",
        "dnsforward",
        "dhcpd",
--- a/client/src/__locales/cs.json
+++ b/client/src/__locales/cs.json
@@ -8,13 +8,11 @@
    "load_balancing_desc": "Optimalizovaný dotaz na odchozí server. AdGuard Home použije vážený náhodný algoritmus k výběru serveru, takže nejrychlejší server je používán častěji.",
    "bootstrap_dns": "Bootstrap DNS servery",
    "bootstrap_dns_desc": "Servery Bootstrap DNS se používají k řešení IP adres DoH/DoT, které zadáváte jako upstreamy.",
-    "local_ptr_title": "Soukromé reverzní DNS servery",
+    "local_ptr_title": "Soukromé DNS servery",
    "local_ptr_desc": "Servery DNS, které AdGuard Home používá pro lokální dotazy PTR. Tyto servery se používají k rozlišení názvů hostitelů klientů se soukromými adresami IP, například \"192.168.12.34\" pomocí rDNS. Pokud není nastaveno, AdGuard Home automaticky použije výchozí řešitele vašeho OS.",
    "local_ptr_placeholder": "Zadejte jednu adresu serveru na řádek",
    "resolve_clients_title": "Povolit zpětné řešení IP adres klientů",
    "resolve_clients_desc": "Pokud je povoleno, AdGuard Home se pokusí obráceně vyřešit IP adresy klientů na jejich názvy hostitelů zasláním dotazů PTR příslušným řešitelům (soukromé DNS servery pro místní klienty, odchozí server pro klienty s veřejnou IP adresou).",
-    "use_private_ptr_resolvers_title": "Použít soukromé rDNS řešitele",
-    "use_private_ptr_resolvers_desc": "Realizuje reverzní DNS vyhledávání pro lokální adresy pomocí těchto odchozích serverů. Pokud je funkce vypnuta, Adguard Home reaguje s NXDOMAIN na všechny takové PTR dotazy kromě klientů známých z DHCP, /etc/hosts, atd.",
    "check_dhcp_servers": "Zkontrolovat DHCP servery",
    "save_config": "Uložit konfiguraci",
    "enabled_dhcp": "DHCP server zapnutý",
@@ -309,7 +307,7 @@
    "install_devices_title": "Nakonfigurujte vaše zařízení",
    "install_devices_desc": "Chcete-li začít používat aplikaci AdGuard Home, musíte nakonfigurovat zařízení tak, aby ji mohla používat.",
    "install_submit_title": "Gratulujeme!",
-    "install_submit_desc": "Nastavení je dokončeno a nyní jste připraveni začít používat AdGuard Home.",
+    "install_submit_desc": "Nastavení je dokončeno a jste připraveni začít používat AdGuard Home.",
    "install_devices_router": "Router",
    "install_devices_router_desc": "Toto nastavení automaticky pokryje všechna zařízení připojená k Vašemu domácímu routeru a nebudete je muset konfigurovat ručně.",
    "install_devices_address": "DNS server AdGuard Home používá následujíce adresy",
@@ -331,7 +329,7 @@
    "install_devices_android_list_2": "V nabídce klepněte na Wi-Fi. Zobrazí se obrazovka se seznamem všech dostupných sítí (není možné nastavit vlastní DNS pro mobilní připojení).",
    "install_devices_android_list_3": "Dlouze stiskněte síť, ke které jste připojeni, a klepněte na položku Změnit síť.",
    "install_devices_android_list_4": "V některých zařízeních bude pravděpodobně nutné zaškrtnout políčko Rozšířené a zobrazit další nastavení. Chcete-li upravit nastavení DNS systému Android, budete muset přepnout nastavení IP adresy z DHCP na Statickou.",
-    "install_devices_android_list_5": "Změňte hodnoty DNS 1 a DNS 2 na adresy serveru AdGuard Home.",
+    "install_devices_android_list_5": "Změňte nastavené hodnoty DNS 1 a DNS 2 na adresy serveru AdGuard Home.",
    "install_devices_ios_list_1": "Na domovské obrazovce klepněte na Nastavení.",
    "install_devices_ios_list_2": "V levé nabídce vyberte Wi-Fi (není možné nastavit vlastní DNS pro mobilní připojení).",
    "install_devices_ios_list_3": "Klepněte na název aktuální aktivní sítě.",
@@ -425,7 +423,7 @@
    "access_disallowed_title": "Blokovaní klienti",
    "access_disallowed_desc": "Seznam adres CIDR nebo IP. Pokud je nakonfigurován, AdGuard Home bude odmítat požadavky pouze z těchto IP adres.",
    "access_blocked_title": "Blokované domény",
-    "access_blocked_desc": "Nezaměňujte to s filtry. AdGuard Home odstraní dotazy DNS s těmito doménami v otázce dotazu. Zde můžete určit přesné názvy domén, zástupné znaky a pravidla filtrování URL adres, např. \"example.org\", \"*.example.org\" nabo \"||example.org^\".",
+    "access_blocked_desc": "Nezaměňujte to s filtry. AdGuard Home odstraní dotazy DNS s těmito doménami v otázce dotazu. Zde můžete určit přesné názvy domén, zástupné znaky a pravidla filtrování URL adres, např. 'example.org', '*.example.org' nabo '||example.org^'.",
    "access_settings_saved": "Nastavení přístupu bylo úspěšně uloženo",
    "updates_checked": "Aktualizace úspěšně zkontrolovány",
    "updates_version_equal": "AdGuard Home je aktuální",
@@ -593,7 +591,7 @@
    "filter_category_regional": "Regionální",
    "filter_category_other": "Ostatní",
    "filter_category_general_desc": "Seznamy, které blokují slídiče a reklamu na většině zařízení",
-    "filter_category_security_desc": "Seznamy určené na blokování nebezpečných, zákeřných nebo podvodných domén",
+    "filter_category_security_desc": "Seznamy, které se specializují na blokování škodlivého software, zákeřných útoků nebo podvodných domén",
    "filter_category_regional_desc": "Seznamy, které jsou zaměřené na regionální reklamy a sledovací servery",
    "filter_category_other_desc": "Další seznamy zakázaných",
    "setup_config_to_enable_dhcp_server": "Nastavte konfiguraci pro aktivaci DHCP serveru",
--- a/client/src/__locales/da.json
+++ b/client/src/__locales/da.json
@@ -8,13 +8,11 @@
    "load_balancing_desc": "Forespørg én server ad gangen. AdGuard Home vil bruge en vægtet randomiseringsalgoritme til valg af server, så den hurtigste server oftere anvendes.",
    "bootstrap_dns": "Bootstrap DNS-servere",
    "bootstrap_dns_desc": "Bootstrap DNS-servere bruges til at fortolke IP-adresser for de DoH-/DoT-resolvere, du angiver som upstream.",
-    "local_ptr_title": "Private reverse DNS-servere",
+    "local_ptr_title": "Private DNS-servere",
    "local_ptr_desc": "De DNS-servere, som AdGuard Home bruger til lokale PTR-forespørgsler. Disse servere bruges til at opløse klientværtsnavne med private IP-adresser, f.eks. \"192.168.12.34\", vha. rDNS. Hvis ikke indstillet, bruger AdGuard Home dit operativsystems standard DNS-opløsere.",
    "local_ptr_placeholder": "Indtast en serveradresse pr. Linje",
    "resolve_clients_title": "Aktivér omvendt løsning af klienters IP-adresser",
    "resolve_clients_desc": "Hvis aktiveret, forsøger AdGuard Home automatisk at løse klienters værtsnavne fra deres IP-adresser ved at sende en PTR-forespørgsel til en tilsvarende resolver (privat DNS-server til lokale klienter, upstream-server til klienter med offentlig IP-adresse).",
-    "use_private_ptr_resolvers_title": "Brug private rDNS-opløsere",
-    "use_private_ptr_resolvers_desc": "Udfør reverse DNS-opslag for lokalt leverede adresser vha. disse upstream-servere. Hvis deaktiveret, svarer AdGuard Home med NXDOMAIN på alle sådanne PTR-forespørgsler bortset fra klienter kendt via DHCP, /etc/hosts mv.",
    "check_dhcp_servers": "Søg efter DHCP-servere",
    "save_config": "Gem opsætning",
    "enabled_dhcp": "DHCP-server aktiveret",
@@ -309,9 +307,9 @@
    "install_devices_title": "Opsæt dine enheder",
    "install_devices_desc": "For brug af AdGuard Home, skal dine enheder opsættes til at bruge den.",
    "install_submit_title": "Tillykke!",
-    "install_submit_desc": "Opsætningsproceduren er fuldført, og du nu er klar til at begynde at bruge AdGuard Home.",
+    "install_submit_desc": "Opsætningsproceduren er færdig, og AdGuard Home er nu klar til brug.",
    "install_devices_router": "Router",
-    "install_devices_router_desc": "Denne opsætning dækker automatisk alle enheder tilsluttet din hjemmerouter, ingen manuel opsætning af nogen enhed nødvendig.",
+    "install_devices_router_desc": "Denne opsætning dækker automatisk alle enheder tilsluttet din hjemmerouter, og du behøver ikke at skulle opsætte hver af dem manuelt.",
    "install_devices_address": "AdGuard Home DNS-server lytter på flg. adresser",
    "install_devices_router_list_1": "Åbn præferencerne for din router. Normalt kan du tilgå disse fra din browser via en URL såsom http://192.168.0.1/ eller http://192.168.1.1/. Du anmodes muligvis om at angive en adgangskode. Kan du ikke huske den, kan du ofte nulstille adgangskoden ved hjælp af en knap på selve routeren, men vær opmærksom på, at vælges denne procedure, mister du sandsynligvis hele routerkonfigureringen. Hvis din router kræver en app for at konfigurere den, skal du installere appen på din telefon eller pc og bruge den til at få adgang til routerens indstillinger.",
    "install_devices_router_list_2": "Find DHCP-/DNS-indstillingerne. Kig efter DNS-bogstaverne ved siden af et felt, der tillader input af to eller tre sæt tal, hver opdelt i fire grupper med et til tre cifre.",
@@ -401,7 +399,7 @@
    "client_edit": "Redigér Klient",
    "client_identifier": "Identifikator",
    "ip_address": "IP-adresse",
-    "client_identifier_desc": "Klienter kan identificeres ud fra IP-/MAC-adresser, CIDR eller et særligt klient-ID (kan bruges til DoT/DoH/DoQ). <0>Hér</0> kan du læse mere om, hvordan klienter identificeres.",
+    "client_identifier_desc": "Klienter kan identificeres ud fra IP-adressen, CIDR eller MAC-adressen eller et specielt klient-ID (kan bruges til DoT/DoH/DoQ). <0>Hér</0> kan du læse mere om, hvordan klienter identificeres.",
    "form_enter_ip": "Angiv IP",
    "form_enter_subnet_ip": "Indtast en IP-adresse i subnettet \"{{cidr}}\"",
    "form_enter_mac": "Angiv MAC",
@@ -425,7 +423,7 @@
    "access_disallowed_title": "Ikke tilladte klienter",
    "access_disallowed_desc": "En liste over CIDR- eller IP-adresser. Hvis opsat, dropper AdGuard Home forespørgsler fra disse IP-adresser.",
    "access_blocked_title": "Ikke tilladte domæner",
-    "access_blocked_desc": "Forveksl ikke dette med filtre. AdGuard Home dropper DNS-forespørgsler, hvori der forespørges på disse domæner. Her kan du specificere de præcise domænenavne, jokertegn og URL-filterregler, f.eks. \"eksempel.org\", \"*.eksempel.org\" eller \"||eksempel.org^\".",
+    "access_blocked_desc": "Forveksl ikke dette med filtre. AdGuard Home dropper DNS-forespørgsler, hvori der forespørges på disse domæner. Her kan du specificere de præcisee domænenavne, jokertegn og URL-filterregler, f.eks. 'eksempel.org', '*.eksempel.org' eller '||eksempel.org^'.",
    "access_settings_saved": "Adgangsindstillinger gemt",
    "updates_checked": "Opdateringstjek foretaget",
    "updates_version_equal": "AdGuard Home er opdateret",
@@ -593,7 +591,7 @@
    "filter_category_regional": "Regional",
    "filter_category_other": "Andre",
    "filter_category_general_desc": "Lister, som blokerer sporing og reklamer på de fleste enheder",
-    "filter_category_security_desc": "Lister designet specifikt til at blokere malware-, phishing- eller svindel-domæner",
+    "filter_category_security_desc": "Lister specialdesignet til at blokere malware-, phishing- eller svindel-domæner",
    "filter_category_regional_desc": "Lister målrettet regionale annoncer og sporingsservere",
    "filter_category_other_desc": "Andre blokeringslister",
    "setup_config_to_enable_dhcp_server": "Opsæt indstillinger for at aktivere DHCP-server",
--- a/client/src/__locales/de.json
+++ b/client/src/__locales/de.json
@@ -13,8 +13,6 @@
    "local_ptr_placeholder": "Eine Serveradresse pro Zeile eingeben",
    "resolve_clients_title": "Hostnamenauflösung der Clients aktivieren",
    "resolve_clients_desc": "Wenn aktiviert, versucht AdGuard Home, die Hostnamen der Clients automatisch aus deren IP-Adressen aufzulösen, indem er eine PTR-Abfrage an einen entsprechenden Auflösungsdienst (privater DNS-Server für lokale Clients, Upstream-Server für Clients mit öffentlicher IP) sendet.",
-    "use_private_ptr_resolvers_title": "Private rDNS-Auflöser verwenden",
-    "use_private_ptr_resolvers_desc": "Führt Reverse-DNS-Lookups (inverse DNS-Anfragen) für lokal vergebene Adressen mit diesen Upstream-Servern durch. Wenn deaktiviert, antwortet AdGuard Home mit NXDOMAIN auf alle solchen PTR-Anfragen, außer für Clients, die aus DHCP, /etc/hosts usw. bekannt sind.",
    "check_dhcp_servers": "Auf DHCP-Server prüfen",
    "save_config": "Konfiguration speichern",
    "enabled_dhcp": "DHCP-Server aktiviert",
@@ -196,7 +194,7 @@
    "example_regex_meaning": "Zugriff auf die Domains sperren, die dem <0>angegebenen regulärem Ausdruck</0> entsprechen",
    "example_upstream_regular": "regulärer DNS (über UDP)",
    "example_upstream_dot": "verschlüsseltes <0>DNS-over-TLS</0>",
-    "example_upstream_doh": "verschlüsseltes <0>DNS-over-HTTPS</0>",
+    "example_upstream_doh": "verschlüsseltes <0>DNS_over_HTTPS</0>",
    "example_upstream_doq": "verschlüsseltes <0>DNS-over-QUIC</0>",
    "example_upstream_sdns": "Sie können <0>DNS-Stempel</0> für <1>DNSCrypt</1> oder <2>DNS-over-HTTPS</2> Resolver benutzen",
    "example_upstream_tcp": "regulärer DNS (über TCP)",
@@ -257,8 +255,8 @@
    "blocking_ipv4": "IPv4-Sperren",
    "blocking_ipv6": "IPv6-Sperren",
    "dnscrypt": "DNSCrypt",
-    "dns_over_https": "DNS-over-HTTPS (DNS-Abfrage über HTTPS)",
-    "dns_over_tls": "DNS-over-TLS (DNS-Abfrage über TLS)",
+    "dns_over_https": "DNS-over-HTTPS (DNS-Abrage über HTTPS)",
+    "dns_over_tls": "DNS-over-TLS (DNS-Abrage über TLS)",
    "dns_over_quic": "DNS-over-QUIC",
    "client_id": "Client-ID",
    "client_id_placeholder": "Client-ID eingeben",
@@ -349,7 +347,7 @@
    "encryption_redirect": "Automatisch auf HTTPS umleiten",
    "encryption_redirect_desc": "Wenn aktiviert, leitet AdGuard Home Sie automatisch von HTTP- auf HTTPS-Adressen um.",
    "encryption_https": "HTTPS-Port",
-    "encryption_https_desc": "Wenn der HTTPS-Port konfiguriert ist, ist die AdGuard Home-Administrationsschnittstelle über HTTPS zugänglich und bietet auch DNS-over-HTTPS am Server „/dns-query”.",
+    "encryption_https_desc": "Wenn der HTTPS-Port konfiguriert ist, ist die AdGuard Home-Administrationsschnittstelle über HTTPS zugänglich und bietet auch DNS-over-HTTTPS am Server „/dns-query”.",
    "encryption_dot": "DNS-over-TLS",
    "encryption_dot_desc": "Wenn dieser Port konfiguriert ist, führt AdGuard Home auf diesem Port einen DNS-over-TLS-Server aus.",
    "encryption_doq": "Port für DNS-over-QUIC",
@@ -401,7 +399,7 @@
    "client_edit": "Client bearbeiten",
    "client_identifier": "Bezeichner",
    "ip_address": "IP-Adresse",
-    "client_identifier_desc": "Clients können durch die IP-Adresse, CIDR, MAC-Adresse oder eine spezielle Client-ID (können für DoT/DoH/DoQ verwendet werden) identifiziert werden. <0>Hier</0> erfahren Sie mehr darüber, wie Sie Kunden identifizieren.",
+    "client_identifier_desc": "Clients können durch die IP-Adresse oder MAC-Adresse identifiziert werden. Bitte beachten Sie, dass die Verwendung der MAC-Adresse als Identifikator nur möglich ist, wenn AdGuard Home gleichzeitig als <0>DHCP-Server</0> eingerichtet ist.",
    "form_enter_ip": "IP-Adresse eingeben",
    "form_enter_subnet_ip": "IP-Adresse zum Subnetz „{{cidr}}” hinzufügen",
    "form_enter_mac": "MAC-Adresse eingeben",
@@ -456,7 +454,7 @@
    "rewrite_desc": "Ermöglicht die einfache Konfiguration der benutzerdefinierten DNS-Antwort für einen bestimmten Domainnamen.",
    "rewrite_applied": "Umschreibungsregel ist angewendet",
    "rewrite_hosts_applied": "Von Hostdatei-Regel umgeschrieben",
-    "dns_rewrites": "DNS-Umschreibungen",
+    "dns_rewrites": "DNS-Umscheibungen",
    "form_domain": "Domain eingeben",
    "form_answer": "IP-Adresse oder Domainname eingeben",
    "form_error_domain_format": "Ungültiges Domainformat",
@@ -489,7 +487,7 @@
    "filter_updated": "Der Filter wurde erfolgreich aktualisiert",
    "statistics_configuration": "Statistikkonfiguration",
    "statistics_retention": "Statistiken speichern",
-    "statistics_retention_desc": "Wenn Sie den Zeitraum verringern, werden einige Daten verloren gehen",
+    "statistics_retention_desc": "Wenn Sie Intervallwert verringern, werden einige Daten verloren gehen",
    "statistics_clear": " Statistiken leeren",
    "statistics_clear_confirm": "Möchten Sie die Statistiken wirklich löschen?",
    "statistics_retention_confirm": "Möchten Sie wirklich die Aufbewahrung der Statistiken ändern? Wenn Sie den Zeitabstand verringern, gehen einige Daten verloren.",
@@ -586,7 +584,7 @@
    "enter_cache_ttl_min_override": "TTL-Minimalwert eingeben",
    "enter_cache_ttl_max_override": "TTL-Höchstwert eingeben",
    "cache_ttl_min_override_desc": "Überschreibt den TTL-Minimalwert, der vom vorgeschalteten Server empfangen wurde. Dieser Wert darf nicht mehr als 3600 (Sek.) (≙ 1 Stunde) betragen.",
-    "cache_ttl_max_override_desc": "Überschreibt den TLL-Maximalwert, der vom vorgeschalteten Server empfangen wurde.",
+    "cache_ttl_max_override_desc": "Überschreibt den TLL-Maximalwert, der vom vorgeschalteten Server empfangenen wurde",
    "ttl_cache_validation": "Der minimale Cache des TTL-Wertes muss kleiner oder gleich dem maximalen Wert sein",
    "filter_category_general": "Allgemein",
    "filter_category_security": "Sicherheit",
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -8,15 +8,11 @@
    "load_balancing_desc": "Query one upstream server at a time. AdGuard Home will use the weighted random algorithm to pick the server so that the fastest server is used more often.",
    "bootstrap_dns": "Bootstrap DNS servers",
    "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve IP addresses of the DoH/DoT resolvers you specify as upstreams.",
-    "local_ptr_title": "Private reverse DNS servers",
+    "local_ptr_title": "Private DNS servers",
    "local_ptr_desc": "The DNS servers that AdGuard Home uses for local PTR queries. These servers are used to resolve the hostnames of clients with private IP addresses, for example \"192.168.12.34\", using rDNS. If not set, AdGuard Home uses the default DNS resolvers of your OS.",
-    "local_ptr_default_resolver": "By default, AdGuard Home will use the following DNS resolvers: {{ip}}",
-    "local_ptr_no_default_resolver": "AdGuard Home could not determine suitable private rDNS resolvers for this system.",
    "local_ptr_placeholder": "Enter one server address per line",
    "resolve_clients_title": "Enable reverse resolving of clients' IP addresses",
-    "resolve_clients_desc": "If enabled, AdGuard Home will attempt to reversely resolve clients' IP addresses into their hostnames by sending PTR queries to corresponding resolvers (private DNS servers for local clients, upstream servers for clients with public IP addresses).",
-    "use_private_ptr_resolvers_title": "Use private rDNS resolvers",
-    "use_private_ptr_resolvers_desc": "Perform reverse DNS lookups for locally-served addresses using these upstream servers. If disabled, AdGuard Home responds with NXDOMAIN to all such PTR requests except for clients known from DHCP, /etc/hosts, and so on.",
+    "resolve_clients_desc": "If enabled, AdGuard Home will attempt to reversely resolve clients' IP addresses into their hostnames by sending PTR queries to corresponding resolvers (private DNS servers for local clients, upstream server for clients with public IP addresses).",
    "check_dhcp_servers": "Check for DHCP servers",
    "save_config": "Save configuration",
    "enabled_dhcp": "DHCP server enabled",
@@ -311,9 +307,9 @@
    "install_devices_title": "Configure your devices",
    "install_devices_desc": "To start using AdGuard Home, you need to configure your devices to use it.",
    "install_submit_title": "Congratulations!",
-    "install_submit_desc": "The setup procedure is complete and you're now ready to start using AdGuard Home.",
+    "install_submit_desc": "The setup procedure is finished and you are ready to start using AdGuard Home.",
    "install_devices_router": "Router",
-    "install_devices_router_desc": "This setup automatically covers all devices connected to your home router, no need to configure each of them manually.",
+    "install_devices_router_desc": "This setup will automatically cover all the devices connected to your home router and you will not need to configure each of them manually.",
    "install_devices_address": "AdGuard Home DNS server is listening on the following addresses",
    "install_devices_router_list_1": "Open the preferences for your router. Usually, you can access it from your browser via a URL, such as http://192.168.0.1/ or http://192.168.1.1/. You may be prompted to enter a password. If you don't remember it, you can often reset the password by pressing a button on the router itself, but be aware that if this procedure is chosen, you will probably lose the entire router configuration. If your router requires an app to set it up, please install the app on your phone or PC and use it to access the router’s settings.",
    "install_devices_router_list_2": "Find the DHCP/DNS settings. Look for the DNS letters next to a field which allows two or three sets of numbers, each broken into four groups of one to three digits.",
@@ -333,7 +329,7 @@
    "install_devices_android_list_2": "Tap Wi-Fi on the menu. The screen listing all of the available networks will be shown (it is impossible to set custom DNS for mobile connection).",
    "install_devices_android_list_3": "Long press the network you're connected to, and tap Modify Network.",
    "install_devices_android_list_4": "On some devices, you may need to check the box for Advanced to see further settings. To adjust your Android DNS settings, you will need to switch the IP settings from DHCP to Static.",
-    "install_devices_android_list_5": "Change DNS 1 and DNS 2 values to your AdGuard Home server addresses.",
+    "install_devices_android_list_5": "Change set DNS 1 and DNS 2 values to your AdGuard Home server addresses.",
    "install_devices_ios_list_1": "From the home screen, tap Settings.",
    "install_devices_ios_list_2": "Choose Wi-Fi in the left menu (it is impossible to configure DNS for mobile networks).",
    "install_devices_ios_list_3": "Tap on the name of the currently active network.",
@@ -403,7 +399,7 @@
    "client_edit": "Edit Client",
    "client_identifier": "Identifier",
    "ip_address": "IP address",
-    "client_identifier_desc": "Clients can be identified by the IP address, CIDR, MAC address, or a special client ID (can be used for DoT/DoH/DoQ). <0>Here</0> you can learn more about how to identify clients.",
+    "client_identifier_desc": "Clients can be identified by the IP address, CIDR, MAC address or a special client ID (can be used for DoT/DoH/DoQ). <0>Here</0> you can learn more about how to identify clients.",
    "form_enter_ip": "Enter IP",
    "form_enter_subnet_ip": "Enter an IP address in the subnet \"{{cidr}}\"",
    "form_enter_mac": "Enter MAC",
@@ -427,7 +423,7 @@
    "access_disallowed_title": "Disallowed clients",
    "access_disallowed_desc": "A list of CIDR or IP addresses. If configured, AdGuard Home will drop requests from these IP addresses.",
    "access_blocked_title": "Disallowed domains",
-    "access_blocked_desc": "Don't confuse this with filters. AdGuard Home will drop DNS queries with these domains in queries' questions. Here you can specify the exact domain names, wildcards, and URL filter rules, e.g. \"example.org\", \"*.example.org\", or \"||example.org^\".",
+    "access_blocked_desc": "Don't confuse this with filters. AdGuard Home will drop DNS queries with these domains in queries' questions. Here you can specify the exact domain names, wildcards and URL filter rules, e.g. \"example.org\", \"*.example.org\" or \"||example.org^\".",
    "access_settings_saved": "Access settings successfully saved",
    "updates_checked": "Updates successfully checked",
    "updates_version_equal": "AdGuard Home is up-to-date",
@@ -544,7 +540,7 @@
    "filtered_custom_rules": "Filtered by Custom filtering rules",
    "choose_from_list": "Choose from the list",
    "add_custom_list": "Add a custom list",
-    "host_whitelisted": "The host is allowed",
+    "host_whitelisted": "The host is whitelisted",
    "check_ip": "IP addresses: {{ip}}",
    "check_cname": "CNAME: {{cname}}",
    "check_reason": "Reason: {{reason}}",
@@ -569,7 +565,7 @@
    "validated_with_dnssec": "Validated with DNSSEC",
    "all_queries": "All queries",
    "show_blocked_responses": "Blocked",
-    "show_whitelisted_responses": "Allowed",
+    "show_whitelisted_responses": "Whitelisted",
    "show_processed_responses": "Processed",
    "blocked_safebrowsing": "Blocked by Safebrowsing",
    "blocked_adult_websites": "Blocked Adult Websites",
@@ -595,7 +591,7 @@
    "filter_category_regional": "Regional",
    "filter_category_other": "Other",
    "filter_category_general_desc": "Lists that block tracking and advertising on most of the devices",
-    "filter_category_security_desc": "Lists designed specifically to block malicious, phishing, and scam domains",
+    "filter_category_security_desc": "Lists that specialize on blocking malware, phishing or scam domains",
    "filter_category_regional_desc": "Lists that focus on regional ads and tracking servers",
    "filter_category_other_desc": "Other blocklists",
    "setup_config_to_enable_dhcp_server": "Setup configuration to enable DHCP server",
--- a/client/src/__locales/es.json
+++ b/client/src/__locales/es.json
@@ -8,13 +8,11 @@
    "load_balancing_desc": "Consulta un servidor DNS de subida a la vez. AdGuard Home utilizará el algoritmo aleatorio ponderado para elegir el servidor más rápido y sea utilizado con más frecuencia.",
    "bootstrap_dns": "Servidores DNS de arranque",
    "bootstrap_dns_desc": "Los servidores DNS de arranque se utilizan para resolver las direcciones IP de los resolutores DoH/DoT que especifiques como DNS de subida.",
-    "local_ptr_title": "Servidores DNS inversos y privados",
+    "local_ptr_title": "Servidores DNS privados",
    "local_ptr_desc": "Los servidores DNS que AdGuard Home utiliza para las consultas PTR locales. Estos servidores se utilizan para resolver los nombres de hosts de los clientes a direcciones IP privadas, por ejemplo \"192.168.12.34\", utilizando rDNS. Si no está establecido, AdGuard Home utilizará los resolutores DNS predeterminados de tu sistema operativo.",
    "local_ptr_placeholder": "Ingresa una dirección de servidor por línea",
    "resolve_clients_title": "Habilitar la resolución inversa de las direcciones IP de clientes",
    "resolve_clients_desc": "Si está habilitado, AdGuard Home intentará resolver de manera inversa las direcciones IP de los clientes a sus nombres de hosts enviando consultas PTR a los resolutores correspondientes (servidores DNS privados para clientes locales, servidor DNS de subida para clientes con direcciones IP públicas).",
-    "use_private_ptr_resolvers_title": "Usar resolutores rDNS privados",
-    "use_private_ptr_resolvers_desc": "Realiza búsquedas DNS inversas para direcciones servidas localmente utilizando estos servidores DNS de subida. Si está deshabilitado, AdGuard Home responderá con NXDOMAIN a todas las peticiones PTR de este tipo, excepto para los clientes conocidos por DHCP, /etc/hosts, etc.",
    "check_dhcp_servers": "Comprobar si hay servidores DHCP",
    "save_config": "Guardar configuración",
    "enabled_dhcp": "Servidor DHCP habilitado",
@@ -309,9 +307,9 @@
    "install_devices_title": "Configura tus dispositivos",
    "install_devices_desc": "Para comenzar a utilizar AdGuard Home, debes configurar tus dispositivos para usarlo.",
    "install_submit_title": "¡Felicitaciones!",
-    "install_submit_desc": "El proceso de configuración está completo y ahora estás listo para comenzar a usar AdGuard Home.",
+    "install_submit_desc": "El proceso de configuración ha finalizado y estás listo para comenzar a usar AdGuard Home.",
    "install_devices_router": "Router",
-    "install_devices_router_desc": "Esta configuración cubre automáticamente todos los dispositivos conectados a tu router doméstico y no necesitarás configurar cada uno manualmente.",
+    "install_devices_router_desc": "Esta configuración cubrirá automáticamente todos los dispositivos conectados a tu router doméstico y no necesitarás configurar cada uno de ellos manualmente.",
    "install_devices_address": "El servidor DNS de AdGuard Home está escuchando en las siguientes direcciones",
    "install_devices_router_list_1": "Abre las preferencias de tu router. Por lo general, puedes acceder a él desde tu navegador a través de una URL como http://192.168.0.1/ o http://192.168.1.1/. Es posible que se te pida que ingreses la contraseña. Si no lo recuerdas, a menudo puedes restablecer la contraseña presionando un botón en el router, pero ten en cuenta que si eliges este procedimiento, probablemente se perderá toda la configuración del router. Si tu router requiere una aplicación para configurarlo, instala la aplicación en tu teléfono o PC y utilízala para acceder a la configuración del router.",
    "install_devices_router_list_2": "Busca la configuración de DHCP/DNS. Busca las letras DNS junto a un campo que permita ingresar dos o tres grupos de números, cada uno dividido en cuatro grupos de uno a tres dígitos.",
@@ -593,7 +591,7 @@
    "filter_category_regional": "Regional",
    "filter_category_other": "Otro",
    "filter_category_general_desc": "Listas que bloquean rastreadores y anuncios en la mayoría de los dispositivos",
-    "filter_category_security_desc": "Listas diseñadas específicamente para bloquear dominios de malware, phishing y estafa",
+    "filter_category_security_desc": "Listas que se especializan en bloquear dominios de malware, phishing o estafa",
    "filter_category_regional_desc": "Listas que se centran en anuncios regionales y servidores de rastreo",
    "filter_category_other_desc": "Otras listas de bloqueo",
    "setup_config_to_enable_dhcp_server": "Configuración para habilitar el servidor DHCP",
--- a/client/src/__locales/fr.json
+++ b/client/src/__locales/fr.json
@@ -8,13 +8,11 @@
    "load_balancing_desc": "Interroger un serveur en amont à la fois. AdGuard Home utilisera l’algorithme aléatoire pondéré pour choisir le serveur afin que celui le plus rapide soit utilisé plus souvent.",
    "bootstrap_dns": "Serveurs DNS d'amorçage",
    "bootstrap_dns_desc": "Les serveurs DNS d'amorçage sont utilisés pour résoudre les adresses IP des résolveurs DoH/DoT que vous spécifiez comme upstream.",
-    "local_ptr_title": "Serveurs DNS privés inverses",
+    "local_ptr_title": "Serveurs DNS privés",
    "local_ptr_desc": "Les serveurs DNS utilisés par AdGuard Home pour les requêtes PTR servies localement. Ces serveurs sont utilisés pour résoudre les noms d'hôtes des clients pour les clients avec des adresses IP privées, par exemple \"192.168.12.34\", en utilisant rDNS. S'il n'est pas défini, AdGuard Home utilisera le résolveur DNS de votre OS par défaut automatiquement.",
    "local_ptr_placeholder": "Saisissez une adresse de serveur par ligne",
    "resolve_clients_title": "Activer la résolution inverse des adresses IP des clients",
    "resolve_clients_desc": "Lorsque activé, AdGuard Home tentera de résoudre de manière inverse les adresses IP des clients en leurs noms d'hôtes en envoyant des requêtes PTR aux résolveurs correspondants (serveurs DNS privés pour les clients locaux, serveur en amont pour les clients ayant des adresses IP publiques).",
-    "use_private_ptr_resolvers_title": "Utiliser des résolveurs rDNS privés",
-    "use_private_ptr_resolvers_desc": "Effectuer des recherches DNS inversées pour les adresses servies localement à l’aide de ces serveurs en amont. S’il est désactivé, AdGuard Home répond avec NXDOMAIN à toutes demandes PTR, à l’exception des clients connus du DHCP, /etc/hosts et cetera.",
    "check_dhcp_servers": "Rechercher les serveurs DHCP",
    "save_config": "Sauvegarder la configuration",
    "enabled_dhcp": "Serveur DHCP activé",
@@ -309,9 +307,9 @@
    "install_devices_title": "Configurer vos appareils",
    "install_devices_desc": "Pour commencer à utiliser AdGuard Home, vous devez configurer vos appareils.",
    "install_submit_title": "Félicitations !",
-    "install_submit_desc": "La procédure d'installation est terminée et vous êtes prêt(e) à utiliser AdGuard Home.",
+    "install_submit_desc": "La procédure d'installation est terminée et vous êtes prêt(e) pour commencer à utiliser AdGuard Home.",
    "install_devices_router": "Routeur",
-    "install_devices_router_desc": "Cette installation impactera automatiquement tous les appareils connectés à votre routeur et vous n'aurez pas besoin de configurer manuellement chaque appareil.",
+    "install_devices_router_desc": "Cette installation impactera automatiquement tous les appareils connectés au routeur de votre maison et vous n'aurez pas besoin de configurer manuellement chaque appareil.",
    "install_devices_address": "Le serveur DNS AdGuard Home écoute sur les adresses suivantes",
    "install_devices_router_list_1": "Ouvrez les préférences de votre routeur. Normalement vous pouvez y accéder depuis votre navigateur web via une URL du type http://192.168.0.1/ ou http://192.168.1.1/. Vous devrez peut-être renseigner le mot de passe. Si vous ne vous en rappelez pas, vous pouvez normalement le réinitialiser en appuyant sur le bouton du routeur, mais attention : si vous choisissez cette procédure, toute la configuration de votre routeur sera probablement perdue. Si votre routeur requière une application spécifique, installez-la sur votre ordinateur/téléphone et utilisez-la pour accéder aux paramètres du routeur.",
    "install_devices_router_list_2": "Trouvez les paramètres DHCP/DNS. Recherchez les lettres DNS près d'une zone qui permet la saisie de 2 ou 3 blocs de chiffres, chacun composé de 4 parties de 1 à 3 chiffres.",
@@ -331,7 +329,7 @@
    "install_devices_android_list_2": "Appuyez sur Wi-Fi dans le menu. Tous les réseaux disponibles s'afficheront (il est impossible de définir des DNS personnalisés pour les connexions mobiles).",
    "install_devices_android_list_3": "Faites un appui long sur le réseau auquel vous êtes connecté(e) et appuyez sur Modifier le réseau.",
    "install_devices_android_list_4": "Sur certains appareils, vous avez parfois besoin de cocher la case Avancés pour davantage de paramètres. Pour ajuster vos paramètres DNS Android, vous devrez basculer les paramètres IP de DHCP à Statique.",
-    "install_devices_android_list_5": "Modifiez les valeurs DNS 1 et DNS 2 pour vos adresses de serveur AdGuard Home.",
+    "install_devices_android_list_5": "Modifier les valeurs DNS 1 et DNS 2 pour vos adresses de serveur AdGuard Home.",
    "install_devices_ios_list_1": "Depuis l'écran d'accueil, appuyez sur Paramètres.",
    "install_devices_ios_list_2": "Choisissez Wi-Fi dans le menu de gauche (il est impossible de configurer les DNS pour les réseaux mobiles).",
    "install_devices_ios_list_3": "Appuyez sur le nom de votre réseau actuellement utilisé.",
@@ -593,7 +591,7 @@
    "filter_category_regional": "Régional",
    "filter_category_other": "Autre",
    "filter_category_general_desc": "Listes qui bloquent le pistage et la publicité sur la plupart des appareils",
-    "filter_category_security_desc": "Listes créées exprès pour bloquer les logiciels malveillants, des domaines hameçonneurs ou frauduleux",
+    "filter_category_security_desc": "Listes spécialisées dans le blocage de logiciels malveillants, d’hameçonnage ou de domaines frauduleux",
    "filter_category_regional_desc": "Listes axées sur les annonces régionales et les serveurs de pistage",
    "filter_category_other_desc": "Autres listes noires",
    "setup_config_to_enable_dhcp_server": "Configurer les paramètres pour activer le serveur DHCP",
--- a/client/src/__locales/it.json
+++ b/client/src/__locales/it.json
@@ -8,13 +8,11 @@
    "load_balancing_desc": "Interroga un server upstream per volta. AdGuard Home utilizzerà un algoritmo casuale ponderato per la selezione del server, optando più spesso per il più veloce.",
    "bootstrap_dns": "Server DNS bootstrap",
    "bootstrap_dns_desc": "I server DNS di bootstrap sono utilizzati per risolvere gli indirizzi IP dei risolutori DoH/DoT specificati come upstream.",
-    "local_ptr_title": "Server DNS privati inversi",
+    "local_ptr_title": "Server DNS privati",
    "local_ptr_desc": "I server DNS che AdGuard Home utilizzerà per richiedere le risorse PTR disponibili localmente. Ad esempio, questo server verrà utilizzato per risolvere i nomi host dei client con indirizzi IP privati, comò \"192.168.12.34\", utilizzando rDNS. Se non impostato, AdGuard Home utilizzerà automaticamente il risolutore DNS predefinito del tuo sistema operativo.",
    "local_ptr_placeholder": "Inserisci un indirizzo server per riga",
    "resolve_clients_title": "Attiva la risoluzione inversa degli indirizzi IP dei client",
    "resolve_clients_desc": "Se attivo, AdGuard Home tenterà di risolvere inversamente gli indirizzi IP dei client nei relativi nomi host inviando una richiesta PTR a un risolutore corrispondente (server DNS privato per client locali, server upstream per client con IP pubblico).",
-    "use_private_ptr_resolvers_title": "Utilizza dei resolver rDNS privati",
-    "use_private_ptr_resolvers_desc": "Esegue ricerche DNS inverse per indirizzi locali utilizzando questi server upstream. Se disattivata, AdGuard Home risponderà con NXDOMAIN a tutte le richieste PTR ad eccezione dei client noti da DHCP, /etc/hosts, e così via.",
    "check_dhcp_servers": "Controlla la presenza di server DHCP",
    "save_config": "Salva configurazione",
    "enabled_dhcp": "Server DHCP attivo",
@@ -309,9 +307,9 @@
    "install_devices_title": "Configura i tuoi dispositivi",
    "install_devices_desc": "Affinché AdGuard Home inizi a funzionare, è necessario configurare i dispositivi per utilizzarlo.",
    "install_submit_title": "Congratulazioni!",
-    "install_submit_desc": "La procedura di configurazione è completa e ora sei pronto per iniziare ad utilizzare AdGuard Home.",
+    "install_submit_desc": "La procedura di configurazione è terminata e sei pronto per iniziare a utilizzare AdGuard Home.",
    "install_devices_router": "Router",
-    "install_devices_router_desc": "Questa configurazione copre automaticamente tutti i dispositivi collegati al router di casa, non è necessario configurarli manualmente.",
+    "install_devices_router_desc": "Questa configurazione coprirà automaticamente tutti i dispositivi collegati al router di casa e non sarà necessario configurarli manualmente.",
    "install_devices_address": "Il server DNS di AdGuard Home sta ascoltando sui seguenti indirizzi",
    "install_devices_router_list_1": "Accedi alle preferenze del tuo router. Di solito, puoi farlo dal tuo browser tramite un URL, come http://192.168.0.1/ o http://192.168.1.1/. Potrebbe esserti chiesto di inserire una password. Se non dovessi ricordarla, puoi reimpostare la password premendo un pulsante presente sullo stesso router, ma tieni presente che scegliendo questa procedura, probabilmente perderai l\\'intera configurazione del router. Se il tuo router necessitasse di un\\'app per configurarlo, installala sul tuo telefono o PC e utilizzala per accedere alle impostazioni del router.",
    "install_devices_router_list_2": "Trova le impostazioni DHCP / DNS. Cerca le lettere DNS accanto a un campo che consente due o tre serie di numeri, ciascuno suddiviso in quattro gruppi di 1-3 cifre.",
@@ -593,7 +591,7 @@
    "filter_category_regional": "Regionale",
    "filter_category_other": "Altro",
    "filter_category_general_desc": "Liste per il blocco dei traccianti e degli annunci sulla maggioranza dei dispositivi",
-    "filter_category_security_desc": "Elenchi progettati specificamente per bloccare domini malevoli, di phishing o truffa",
+    "filter_category_security_desc": "Liste specializzate sul blocco di malware, phishing o domini scam",
    "filter_category_regional_desc": "Liste focalizzate su annunci regionali e server traccianti",
    "filter_category_other_desc": "Altre liste di blocco",
    "setup_config_to_enable_dhcp_server": "Configurazione dell\\'installazione per l\\'attivazione del server DHCP",
--- a/client/src/__locales/ja.json
+++ b/client/src/__locales/ja.json
@@ -8,13 +8,11 @@
    "load_balancing_desc": "一度に1つのサーバに処理要求します。 AdGuard Homeは、重み付きランダムアルゴリズム（weighted random algorithm）を使用してサーバを選択するため、最速のサーバがより頻繁に使用されます。",
    "bootstrap_dns": "ブートストラップDNSサーバ",
    "bootstrap_dns_desc": "ブートストラップDNSサーバは、上流として指定したDoH／DoTリゾルバのIPアドレスを解決するために使用されます。",
-    "local_ptr_title": "プライベートリバースDNSサーバー",
+    "local_ptr_title": "プライベートDNSサーバー",
    "local_ptr_desc": "AdGuard HomeがローカルPTRクエリに使用するDNSサーバーです。これらのサーバーは、rDNSを使ってプライベートIPアドレス（例えば\"192.168.12.34\"）を持つクライアントのホスト名を解決するために使用されます。設定されていない場合、AdGuard HomeはOSのデフォルトDNSリゾルバーを自動的に使用します。",
    "local_ptr_placeholder": "1行に1つのサーバを入力してください。",
    "resolve_clients_title": "クライアントのIPアドレスの逆解決を有効にする",
    "resolve_clients_desc": "有効にすると、AdGuard Homeは、対応するリゾルバー（ローカルクライアントの場合はプライベートDNSサーバ、パブリックIPを持つクライアントの場合は上流サーバ）にPTRクエリを送信することにより、クライアントのIPアドレスをホスト名に逆解決しようとします。",
-    "use_private_ptr_resolvers_title": "プライベートrDNSリゾルバを使用",
-    "use_private_ptr_resolvers_desc": "これらの上流サーバを使用して、ローカルで提供されるアドレスのリバースDNSルックアップを実行します。無効にすると、AdGuard Homeは、DHCP, /etc/hosts などから認識されるクライアントを除く、すべてのPTR要求にNXDOMAINで応答します。",
    "check_dhcp_servers": "DHCPサーバをチェックする",
    "save_config": "構成を保存する",
    "enabled_dhcp": "DHCPサーバを有効にしました",
@@ -309,9 +307,9 @@
    "install_devices_title": "あなたのデバイスの設定",
    "install_devices_desc": "AdGuard Homeの利用を開始するには、あなたのデバイスがAdGuard Homeを利用するように設定する必要があります。",
    "install_submit_title": "おめでとうございます！",
-    "install_submit_desc": "セットアップが完了し、AdGuard Homeのご利用を開始する準備が整いました。",
+    "install_submit_desc": "設定手順は完了し、AdGuard Homeの利用を開始する準備が整いました。",
    "install_devices_router": "ルータ",
-    "install_devices_router_desc": "このセットアップは、ルータに接続されているすべてのデバイスを自動的にカバーしますので、各デバイスを手動で設定する必要はありません。",
+    "install_devices_router_desc": "この設定では、ルータに接続されているすべてのデバイスを自動的にカバーしますので、各デバイスを手動で設定する必要はありません。",
    "install_devices_address": "AdGuard HomeのDNSサーバは次のアドレスで待ち受けています",
    "install_devices_router_list_1": "ルーターの設定を開きます（通常、URLの http://192.168.0.1/ または http://192.168.1.1/ などを入力してブラウザからアクセスできます）。\nパスワードの入力を求められることがあります。パスワードを覚えていない場合は、ルータにあるボタンを押してパスワードをリセットできます（※この場合、ルーターで設定されている構成が初期化される可能性が高いのでご注意ください）。\n一部のルーターは設定用アプリを必要とします。その場合、設定用アプリをお使いのコンピュータ/スマホにインストールして、そのアプリからルーターの設定にアクセスしてください。",
    "install_devices_router_list_2": "DHCP／DNSの設定を見つけます。DNSの文字のある入力欄を探します。それは、1〜3桁の数字で4つのグループに分けられた入力欄で、２〜３セットを許可されている欄です。",
@@ -331,7 +329,7 @@
    "install_devices_android_list_2": "メニューの「Wi-Fi」をタップします。利用可能なすべてのネットワークの一覧が表示されます（モバイル接続用にカスタムDNSを設定することは不可能です）。",
    "install_devices_android_list_3": "接続しているネットワークを長押しして、「ネットワークの変更」をタップします。",
    "install_devices_android_list_4": "一部のデバイスでは、詳細設定のボックスをチェックして詳細設定を確認する必要があります。AndroidのDNS設定を調整するには、IP設定を「DHCP」から「静的IP」へ切り替える必要があります。",
-    "install_devices_android_list_5": "DNS 1とDNS 2の値をお使いのAdGuard Homeサーバーのアドレスに変更してください。",
+    "install_devices_android_list_5": "DNS 1とDNS 2の値をAdGuard Homeサーバのアドレスへ変更します。",
    "install_devices_ios_list_1": "ホーム画面から「設定」をタップします。",
    "install_devices_ios_list_2": "左側のメニューで「Wi-Fi」を選択します（モバイルネットワーク用にDNSを設定することは不可能です）。",
    "install_devices_ios_list_3": "現在使用中のネットワークの名前をタップします。",
@@ -401,7 +399,7 @@
    "client_edit": "クライアントの編集",
    "client_identifier": "識別子",
    "ip_address": "IPアドレス",
-    "client_identifier_desc": "クライアントは、IPアドレス、CIDR、MACアドレス、または特別なクライアントID(DoT/DoH/DoQで使用可能)によって識別することができます。<0>ここ</0>では、クライアントの識別方法についてより詳しくご確認いただけます。",
+    "client_identifier_desc": "クライアントは、IPアドレス、CIDR、MACアドレス、または特別なクライアントID(DoT/DoH/DoQで使用可能)によって識別することができます。<0>ここ</0>では、クライアントの識別方法についてより詳しく説明しています。",
    "form_enter_ip": "IPアドレスを入力してください",
    "form_enter_subnet_ip": "サブネット「{{cidr}}」内のIPアドレスを入力してください",
    "form_enter_mac": "MACアドレスを入力してください",
@@ -425,7 +423,7 @@
    "access_disallowed_title": "拒否するクライアント",
    "access_disallowed_desc": "CIDRまたはIPアドレスのリスト。設定されると、AdGuard HomeはこれらのIPアドレスからのリクエストを破棄します。",
    "access_blocked_title": "拒否するドメイン",
-    "access_blocked_desc": "こちらをフィルタと混同しないでください。AdGuard Homeは、クエリクエスチョンにこれらのドメインを含むDNSクエリをドロップします。ここでは、「example.org」、「*.example.org」、「 ||example.org^ 」など、特定のドメイン名、ワイルドカード、URLフィルタルールを指定できます。",
+    "access_blocked_desc": "これをフィルタと混同しないでください。AdGuard Homeは、これらのドメインを含むDNSクエリを破棄します。ここでは、「example.org」、「*.example.org」、「 ||example.org^ 」など、特定のドメイン名、ワイルドカード、URLフィルタルールを指定できます。",
    "access_settings_saved": "アクセス設定の保存に成功しました",
    "updates_checked": "アップデートの確認に成功しました",
    "updates_version_equal": "AdGuard Homeは既に最新です",
@@ -593,7 +591,7 @@
    "filter_category_regional": "地域別",
    "filter_category_other": "その他",
    "filter_category_general_desc": "ほとんどのデバイスにて追跡と広告をブロックするリストです。",
-    "filter_category_security_desc": "マルウェア、フィッシング、詐欺ドメインをブロックするために設計された専用リストです。",
+    "filter_category_security_desc": "マルウェア、フィッシング、詐欺ドメインのブロック専用リストです。",
    "filter_category_regional_desc": "それぞれの地域の広告と追跡サーバをターゲットするリストです。",
    "filter_category_other_desc": "その他のブロックリストです。",
    "setup_config_to_enable_dhcp_server": "DHCPサーバーを有効にするには構成を設定してください",
--- a/client/src/__locales/ko.json
+++ b/client/src/__locales/ko.json
@@ -8,13 +8,11 @@
    "load_balancing_desc": "한 번에 하나의 서버씩 질의합니다. AdGuard Home은 가중 랜덤 알고리즘를 사용해서 가장 빠른 서버가 자주 사용되도록 서버를 선택합니다.",
    "bootstrap_dns": "부트스트랩 DNS 서버",
    "bootstrap_dns_desc": "부트스트랩 DNS 서버는 업스트림으로 지정한 DoH/DoT 서버의 IP 주소를 확인하는 데 사용합니다.",
-    "local_ptr_title": "프라이빗 역방향 DNS 서버",
+    "local_ptr_title": "프라이빗 DNS 서버",
    "local_ptr_desc": "AdGuard Home이 로컬 PTR 쿼리에 사용하는 DNS 서버입니다. 이러한 서버는 rDNS를 사용하여 개인 IP 주소(예: '192.168.12.34')가 있는 클라이언트의 호스트 이름을 확인하는 데 사용됩니다. 설정되지 않은 경우, AdGuard Home은 OS의 기본 DNS 리졸버를 사용합니다.",
    "local_ptr_placeholder": "한 줄에 하나씩 서버 주소 입력",
    "resolve_clients_title": "클라이언트 IP 주소에 대한 호스트명 확인 활성화",
    "resolve_clients_desc": "활성화된 경우 AdGuard Home은 PTR 쿼리를 해당 서버(로컬 클라이언트의 경우 프라이빗 DNS 서버, 공용 IP 주소가 있는 클라이언트의 경우 업스트림 서버)로 전송하여 IP 주소로부터 클라이언트의 호스트명을 역으로 확인하려고 시도합니다.",
-    "use_private_ptr_resolvers_title": "프라이빗 rDNS 리졸버 사용",
-    "use_private_ptr_resolvers_desc": "업스트림 서버를 사용해 로컬로 제공되는 주소의 역방향 DNS를 조회합니다. 끄는 경우, AdGuard Home은 DHCP, /etc/hosts 등에서 알려진 클라이언트를 제외한 모든 PTR 요청에 NXDOMAIN으로 응답합니다.",
    "check_dhcp_servers": "DHCP 서버 체크",
    "save_config": "구성 저장",
    "enabled_dhcp": "DHCP 서버 활성화됨",
@@ -309,9 +307,9 @@
    "install_devices_title": "디바이스를 설정하기",
    "install_devices_desc": "AdGuard Home을 사용하려면, 당신의 기기를 설정해야합니다.",
    "install_submit_title": "축하합니다!",
-    "install_submit_desc": "설치 절차가 완료되었으며 이제 AdGuard Home을 사용할 준비가 되었습니다.",
+    "install_submit_desc": "구축 프로세스가 완료되었으며 이제 AdGuard Home을 사용할 준비가 되었습니다.",
    "install_devices_router": "라우터",
-    "install_devices_router_desc": "이 설정은 이제 홈 라우터에 연결된 모든 기기에 자동으로 적용되므로 각 기기를 수동으로 구성할 필요가 없습니다.",
+    "install_devices_router_desc": "이 설정은 이제 자동으로 당신의 집의 라우터에 연결된 모든 기기에 적용될 것이기에 수동으로 각각의 기기를 설정해줄 필요가 없습니다.",
    "install_devices_address": "AdGuard Home DNS 서버는 다음의 주소를 받고 있습니다.",
    "install_devices_router_list_1": "라우터의 환경 설정을 여세요. 환경 설정은 다음의 주소(http://192.168.0.1/ 혹은 http://192.168.1.1/)를 통해 브라우저로 접근 가능합니다. 비밀번호를 입력해야 할 수 있습니다. 비밀번호를 잊었다면 라우터 기기에 있는 버튼을 눌러 비밀번호를 초기화할 수 있지만 라우터 설정이 손실될 수 있습니다. 라우터 설정에 앱이 필요한 경우, 휴대폰이나 컴퓨터에 앱을 설치하고 이를 사용하여 라우터 설정에 액세스하세요.",
    "install_devices_router_list_2": "각각 1~3자리 숫자의 네 그룹으로 분할된 두 세트의 숫자를 허용하는 필드 옆에 있는 DNS 문자를 찾으세요.",
@@ -331,7 +329,7 @@
    "install_devices_android_list_2": "메뉴에서 Wi-Fi를 클릭하세요. 사용 가능한 모든 네트워크가 나열된 화면이 표시됩니다 (모바일 연결을 위해 사용자 지정 DNS를 설정할 수 없습니다).",
    "install_devices_android_list_3": "연결된 네트워크를 길게 누르고 네트워크 수정을 누르세요.",
    "install_devices_android_list_4": "일부 장치에서는 추가설정을 하려면 고급란을 설정해야합니다. 안드로이드 DNS 설정을 조절하려면 IP설정을 DHCP에서 고정(Static) 으로 전환하세요.",
-    "install_devices_android_list_5": "DNS 1 및 DNS 2 값을 AdGuard Home 서버 주소로 변경하세요.",
+    "install_devices_android_list_5": "설정된 DNS 1 및 DNS 2 값을 AdGuard Home 서버 주소로 변경하세요.",
    "install_devices_ios_list_1": "홈 화면에서 설정을 누르세요.\n",
    "install_devices_ios_list_2": "왼쪽 메뉴에서 Wi-Fi 선택하세요 ( 모바일 네트워크에 대한 DNS를 구성할 수 없습니다).\n",
    "install_devices_ios_list_3": "현재 활성 네트워크의 이름을 누르세요.",
@@ -425,7 +423,7 @@
    "access_disallowed_title": "차단된 클라이언트",
    "access_disallowed_desc": "CIDR 또는 IP 주소 목록입니다. 구성된 경우 AdGuard Home은 이러한 IP 주소의 요청을 삭제합니다.",
    "access_blocked_title": "차단된 도메인",
-    "access_blocked_desc": "이 기능을 필터와 혼동하지 마세요. AdGuard Home은 지정된 도메인의 쿼리 요청에서 DNS 쿼리를 무시합니다. 여기서 특정 도메인을 지정하거나, 와일드 카드 또는 URL 필터규칙을 설정해 보세요. 예) 'example.org', '*.example.org' 또는 '||example.org^'.",
+    "access_blocked_desc": "이 기능을 필터와 혼동하지 마세요. AdGuard Home은 이러한 도메인에 대한 DNS 요청을 무시합니다. 여기서 특정 도메인을 지정하거나, 와일드 카드 또는 URL 필터 규칙을 설정해 보세요. 예) 'example.org', '*.example.org' 또는 '||example.org^'.",
    "access_settings_saved": "액세스 설정이 성공적으로 저장되었습니다.",
    "updates_checked": "업데이트가 성공적으로 확인되었습니다",
    "updates_version_equal": "AdGuard Home 최신 상태입니다.",
@@ -593,7 +591,7 @@
    "filter_category_regional": "지역 목록",
    "filter_category_other": "기타",
    "filter_category_general_desc": "대부분의 기기에서 추적 및 광고를 차단하는 목록",
-    "filter_category_security_desc": "악성 및 피싱 도메인을 차단하는 목록",
+    "filter_category_security_desc": "멀웨어, 피싱 또는 사기 도메인을 차단하는 목록",
    "filter_category_regional_desc": "지역 광고 및 추적 서버에 중점을 둔 목록",
    "filter_category_other_desc": "기타 차단 목록",
    "setup_config_to_enable_dhcp_server": "DHCP 서버를 활성화하기 위한 설정 구성",
--- a/client/src/__locales/nl.json
+++ b/client/src/__locales/nl.json
@@ -8,13 +8,11 @@
    "load_balancing_desc": "Eén server per keer bevragen. AdGuard Home gebruikt hiervoor een gewogen willekeurig algoritme om de server te kiezen zodat de snelste server meer zal gebruikt worden.",
    "bootstrap_dns": "Bootstrap DNS-servers",
    "bootstrap_dns_desc": "Bootstrap DNS-servers worden gebruikt om IP-adressen op te lossen van de DoH / DoT-resolvers die u opgeeft als upstreams.",
-    "local_ptr_title": "Private omgekeerde DNS-servers",
+    "local_ptr_title": "Private DNS-servers",
    "local_ptr_desc": "De DNS-servers die AdGuard Home zal gebruiken voor zoekopdrachten naar lokaal aangeboden bronnen. Deze server zal bijvoorbeeld worden gebruikt om de hostnamen van de clients op te lossen voor de clients met private IP-adressen. Indien niet ingesteld, gebruikt AdGuard Home automatisch je standaard DNS-resolver.",
    "local_ptr_placeholder": "Voer één serveradres per regel in",
    "resolve_clients_title": "Omzetten van hostnamen van clients inschakelen",
    "resolve_clients_desc": "Indien ingeschakeld, zal AdGuard Home proberen om IP-adressen van apparaten te converteren in hun hostnamen door PTR-verzoeken te sturen naar overeenkomstige resolvers (privé-DNS-servers voor lokale apparaten, upstream-server voor apparaten met een openbaar IP-adres).",
-    "use_private_ptr_resolvers_title": "Private rDNS resolvers gebruiken",
-    "use_private_ptr_resolvers_desc": "Omgekeerde DNS opzoekingen uitvoeren voor locale adressen door deze upstream servers te gebruiken. Indien uitgeschakeld, reageert AdGuard Home met NXDOMAIN op al zo'n PTR-verzoeken, uitgezonderd voor apparaten ge’end van DHCP, /etc/hosts, enz.",
    "check_dhcp_servers": "Zoek achter DHCP servers",
    "save_config": "Configuratie opslaan",
    "enabled_dhcp": "DHCP server inschakelen",
@@ -309,9 +307,9 @@
    "install_devices_title": "Configureer uw apparaten",
    "install_devices_desc": "Om AdGuard Home te laten werken, moet u uw apparaten configureren om deze te gebruiken.",
    "install_submit_title": "Gefeliciteerd!",
-    "install_submit_desc": "De installatieprocedure is voltooid en je bent klaar om AdGuard Home te gebruiken.",
+    "install_submit_desc": "De instellingsprocedure is voltooid en u bent klaar om AdGuard Home te gebruiken.",
    "install_devices_router": "Router",
-    "install_devices_router_desc": "Deze installatie zal automatisch alle apparaten die op je thuisrouter zijn aangesloten beschermen en je hoeft ze niet allemaal handmatig te configureren.",
+    "install_devices_router_desc": "Deze setup zal automatisch alle apparaten die op uw thuisrouter zijn aangesloten dekken en u hoeft ze niet allemaal handmatig te configureren.",
    "install_devices_address": "AdGuard Home DNS-server luistert naar de volgende adressen",
    "install_devices_router_list_1": "Open de instellingen van jouw router. Meestal kan je deze vanuit jouw browser openen via een URL, zoals http://192.168.0.1/ of http://192.168.1.1/. Mogelijk wordt er gevraagd om een wachtwoord in te voeren. Als je het niet meer weet, kan je het wachtwoord vaak opnieuw instellen door op een knop op de router zelf te drukken, maar weet wel dat je dan de volledige routerconfiguratie kwijt bent (terug naar fabrieksinstellingen). Voor sommige routers is een specifieke toepassing/app vereist, die in dat geval op jouw computer/smartphone/tablet moet geïnstalleerd zijn.",
    "install_devices_router_list_2": "Zoek de DHCP/DNS-instellingen. Zoek naar de DNS-letters naast een veld dat twee of drie reeksen nummers toestaat, elk verdeeld in vier groepen van één tot drie cijfers.",
@@ -425,7 +423,7 @@
    "access_disallowed_title": "Verworpen gebruikers",
    "access_disallowed_desc": "Een lijst van CIDR of IP adressen. Indien ingesteld, zal AdGuard Home aanvragen van deze IP adressen verwerpen.",
    "access_blocked_title": "Niet toegelaten domeinen",
-    "access_blocked_desc": "Verwar dit niet met filters. AdGuard Home zal deze DNS-zoekopdrachten niet uitvoeren die deze domeinen in de zoekopdracht bevatten. Hier kan je de exacte domeinnamen, wildcards en URL-filter-regels specifiëren, bijv. \"example.org\", \"*.example.org\" of \"||example.org^\".",
+    "access_blocked_desc": "Verwar dit niet met filters. AdGuard Home zal deze DNS-zoekopdrachten niet uitvoeren die deze domeinen in de zoekopdracht bevatten. Hier kan je de exacte domeinnamen, wildcards en url-filter-regels specifiëren, bijv. \"example.org\", \"*.example.org\" of \"||example.org^\".",
    "access_settings_saved": "Toegangsinstellingen succesvol opgeslagen",
    "updates_checked": "Met succes op updates gecontroleerd",
    "updates_version_equal": "AdGuard Home is up-to-date",
@@ -593,7 +591,7 @@
    "filter_category_regional": "Regionaal",
    "filter_category_other": "Overig",
    "filter_category_general_desc": "Lijsten die volgers en advertenties op de meeste apparaten blokkeert",
-    "filter_category_security_desc": "Lijsten gespecialiseerd in het blokkeren van malware, phising of scamdomeinen",
+    "filter_category_security_desc": "Lijsten gespecialiseerd in het blokkeren van malware, phising of scam domeinen",
    "filter_category_regional_desc": "Lijsten die focussen op regionale ads en tracking servers",
    "filter_category_other_desc": "Overige blokkeerlijsten",
    "setup_config_to_enable_dhcp_server": "Configuratie instellen om DHCP-server in te schakelen",
--- a/client/src/__locales/pl.json
+++ b/client/src/__locales/pl.json
@@ -8,13 +8,11 @@
    "load_balancing_desc": "Wysyłaj zapytania do jednego serwera nadrzędnego naraz. AdGuard Home użyje ważonego algorytmu losowego do wybrania serwera, tak aby najszybszy serwer był używany częściej.",
    "bootstrap_dns": "Serwery DNS Bootstrap",
    "bootstrap_dns_desc": "Serwery DNS Bootstrap są używane do ustalenia adresu IP serwerów DoH/DoT, które oznaczysz jako główne serwery DNS.",
-    "local_ptr_title": "Prywatne odwrotne serwery DNS",
+    "local_ptr_title": "Prywatne serwery DNS",
    "local_ptr_desc": "Serwery DNS, których AdGuard Home używa do lokalnych zapytań PTR. Serwery te są używane do rozwiązywania nazw hostów klientów z prywatnymi adresami IP, na przykład \"192.168.12.34\", przy użyciu rDNS. Jeśli nie jest ustawiony, AdGuard Home używa domyślnych resolwerów DNS systemu operacyjnego.",
    "local_ptr_placeholder": "Wprowadź po jednym adresie serwera w każdym wierszu",
    "resolve_clients_title": "Włącz odwrotne rozpoznawanie adresów IP klientów",
    "resolve_clients_desc": "Jeśli jest włączona, AdGuard Home spróbuje odwrócić adresy IP klientów do ich nazw hostów, wysyłając zapytania PTR do odpowiednich resolverów (prywatne serwery DNS dla klientów lokalnych, serwer nadrzędny dla klientów z publicznymi adresami IP).",
-    "use_private_ptr_resolvers_title": "Użyj prywatnych resolwerów rDNS",
-    "use_private_ptr_resolvers_desc": "Wykonaj odwrotne wyszukiwania DNS dla adresów obsługiwanych lokalnie przy użyciu tych serwerów nadrzędnych. Jeśli wyłączone, AdGuard Home odpowiada NXDOMAIN na wszystkie takie żądania PTR, z wyjątkiem klientów znanych z DHCP, /etc/hosts i tak dalej.",
    "check_dhcp_servers": "Sprawdź serwery DHCP",
    "save_config": "Zapisz konfigurację",
    "enabled_dhcp": "Serwer DHCP włączony",
@@ -309,9 +307,9 @@
    "install_devices_title": "Skonfiguruj swoje urządzenia",
    "install_devices_desc": "Aby usługa AdGuard Home mogła zacząć działać, musisz skonfigurować urządzenia, aby z niej korzystać.",
    "install_submit_title": "Gratulacje!",
-    "install_submit_desc": "Procedura konfiguracji została zakończona i możesz teraz rozpocząć korzystanie z AdGuard Home.",
+    "install_submit_desc": "Procedura konfiguracji została zakończona i możesz rozpocząć korzystanie z AdGuard Home.",
    "install_devices_router": "Router",
-    "install_devices_router_desc": "Ta konfiguracja automatycznie obejmuje wszystkie urządzenia podłączone do routera domowego, bez konieczności ręcznego konfigurowania każdego z nich.",
+    "install_devices_router_desc": "To ustawienie automatycznie obejmuje wszystkie urządzenia podłączone do routera domowego i nie trzeba ich konfigurować ręcznie.",
    "install_devices_address": "Serwer DNS AdGuard Home używa następujących adresów",
    "install_devices_router_list_1": "Otwórz preferencje routera. Zazwyczaj można uzyskać do nich dostęp z przeglądarki za pośrednictwem adresu URL, takiego jak http://192.168.0.1/ lub http://192.168.1.1/. Możesz zostać poproszony o podanie hasła. Jeśli go nie pamiętasz, często można zresetować hasło przez naciśnięcie przycisku na samym routerze, ale należy pamiętać, że jeśli ta procedura jest wybrana, prawdopodobnie stracisz całą konfigurację routera. Jeśli Twój router wymaga aplikacji do jego konfiguracji, zainstaluj ją na swoim telefonie lub komputerze i użyj jej, aby uzyskać dostęp do ustawień routera.",
    "install_devices_router_list_2": "Znajdź ustawienia DHCP/DNS. Poszukaj skrótu DNS obok pola, które pozwala wstawić dwa lub trzy zestawy liczb, z których każdy jest podzielony na cztery grupy z jedną do trzech cyfr.",
@@ -425,7 +423,7 @@
    "access_disallowed_title": "Niedozwoleni klienci",
    "access_disallowed_desc": "Lista adresów CIDR lub IP. Po skonfigurowaniu AdGuard Home usunie żądania z tych adresów IP.",
    "access_blocked_title": "Niedozwolone domeny",
-    "access_blocked_desc": "Nie myl tego z filtrami. AdGuard Home będzie odrzucał zapytania DNS z tymi domenami w zapytaniach. Tutaj możesz podać dokładne nazwy domen, symbole wieloznaczne i reguły filtrowania adresów URL, np. \"example.org\", \"*.example.org\" lub \"||example.org^\".",
+    "access_blocked_desc": "Nie myl tego z filtrami. AdGuard Home będzie odrzucał zapytania DNS z tymi domenami w zapytaniach. Tutaj możesz określić dokładne nazwy domen, symbole wieloznaczne i reguły filtrowania adresów URL, np. \"example.org\", \"*.example.org\" lub \"||example.org^\".",
    "access_settings_saved": "Ustawienia dostępu zostały pomyślnie zapisane",
    "updates_checked": "Aktualizacje pomyślnie sprawdzone",
    "updates_version_equal": "AdGuard Home jest aktualny",
@@ -593,7 +591,7 @@
    "filter_category_regional": "Regionalne",
    "filter_category_other": "Inne",
    "filter_category_general_desc": "Listy, które blokują skrypty śledzące i reklamy na większości urządzeń",
-    "filter_category_security_desc": "Listy zaprojektowane specjalnie w celu blokowania złośliwych, phishingowych i oszukańczych domen",
+    "filter_category_security_desc": "Listy, które specjalizują się w blokowaniu domen ze złośliwym oprogramowaniem, phishingiem lub oszustwami",
    "filter_category_regional_desc": "Listy, które koncentrują się na reklamach regionalnych i serwerach ze skryptami śledzącymi",
    "filter_category_other_desc": "Inne listy zablokowanych",
    "setup_config_to_enable_dhcp_server": "Konfiguracja ustawień w celu włączenia serwera DHCP",
--- a/client/src/__locales/pt-br.json
+++ b/client/src/__locales/pt-br.json
@@ -8,13 +8,11 @@
    "load_balancing_desc": "Consulte um servidor DNS primário por vez. O AdGuard Home usará o algoritmo aleatório ponderado para escolher o servidor para que o servidor mais rápido seja usado com mais frequência.",
    "bootstrap_dns": "Servidores DNS de inicialização",
    "bootstrap_dns_desc": "Servidores DNS de inicialização são usados para resolver endereços IP dos resolvedores DoH/DoT que você especifica como upstreams.",
-    "local_ptr_title": "Servidores DNS reversos privados",
+    "local_ptr_title": "Servidores DNS privados",
    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usa para consultas PTR locais. Esses servidores são usados para resolver os nomes de host de clientes com endereços IP privados, por exemplo \"192.168.12.34\", usando rDNS. Se não for definido, o AdGuard Home usa os resolvedores DNS padrão do seu sistema operacional.",
    "local_ptr_placeholder": "Insira um endereço de servidor por linha",
    "resolve_clients_title": "Ativar resolução reversa de endereços IP de clientes",
    "resolve_clients_desc": "Se ativado, o AdGuard Home tentará resolver de forma reversa os endereços IP dos clientes em seus nomes de host, enviando consultas PTR aos resolvedores correspondentes (servidores DNS privados para clientes locais, servidor DNS primário para clientes com endereços IP públicos).",
-    "use_private_ptr_resolvers_title": "Use resolvedores rDNS privados",
-    "use_private_ptr_resolvers_desc": "Execute pesquisas reversas de DNS para endereços servidos localmente usando esses servidores DNS primário. Se desativado, o AdGuard Home responde com NXDOMAIN a todas essas solicitações PTR, exceto para clientes conhecidos de DHCP, /etc/hosts e assim por diante.",
    "check_dhcp_servers": "Verificar por servidores DHCP",
    "save_config": "Salvar configuração",
    "enabled_dhcp": "Servidor DHCP ativado",
@@ -201,7 +199,7 @@
    "example_upstream_sdns": "você pode usar <0>DNS Stamps</0> para o <1>DNSCrypt</1> ou usar os resolvedores <2>DNS-sobre-HTTPS</2>",
    "example_upstream_tcp": "DNS regular (através do TCP)",
    "all_lists_up_to_date_toast": "Todas as listas já estão atualizadas",
-    "updated_upstream_dns_toast": "Atualizado os servidores DNS primário",
+    "updated_upstream_dns_toast": "Atualizado os servidores DNS upstream",
    "dns_test_ok_toast": "Os servidores DNS especificados estão funcionando corretamente",
    "dns_test_not_ok_toast": "O servidor \"{{key}}\": não pôde ser utilizado. Por favor, verifique se você escreveu corretamente",
    "unblock": "Desbloquear",
@@ -309,9 +307,9 @@
    "install_devices_title": "Configure seus dispositivos",
    "install_devices_desc": "Para que o AdGuard Home comece a funcionar, você precisa configurar seus dispositivos para usá-lo.",
    "install_submit_title": "Parabéns!",
-    "install_submit_desc": "O procedimento de configuração está concluído e agora você está pronto para começar a usar o AdGuard Home.",
+    "install_submit_desc": "O procedimento de configuração está concluído e você está pronto para começar a usar o AdGuard Home.",
    "install_devices_router": "Roteador",
-    "install_devices_router_desc": "Esta configuração cobre automaticamente todos os dispositivos conectados ao seu roteador doméstico, não há necessidade de configurar cada um deles manualmente.",
+    "install_devices_router_desc": "Esta configuração cobrirá automaticamente todos os dispositivos conectados ao seu roteador doméstico e você não irá precisar configurar cada um deles manualmente.",
    "install_devices_address": "O servidor de DNS do AdGuard Home está capturando os seguintes endereços",
    "install_devices_router_list_1": "Abra as preferências do seu roteador. Normalmente, você pode acessá-lo de seu navegador por meio de um URL, como http://192.168.0.1/ ou http://192.168.1.1/. Você pode ser solicitado a inserir uma senha. Se você não se lembrar, muitas vezes você pode redefinir a senha pressionando um botão no próprio roteador, mas esteja ciente de que se esse procedimento for escolhido, você provavelmente perderá toda a configuração do roteador. Se o seu roteador requer um aplicativo para configurá-lo, instale o aplicativo no seu telefone ou PC e use-o para acessar as configurações do roteador.",
    "install_devices_router_list_2": "Encontre as Configurações de DNS. Procure as letras DNS ao lado de um campo que permite dois ou três conjuntos de números, cada um dividido em quatro grupos de um a três números.",
@@ -331,7 +329,7 @@
    "install_devices_android_list_2": "Toque em Wi-Fi. A tela listando todas as redes será exibida (não é possível configurar DNS personalizado para uma conexão de dados móveis)",
    "install_devices_android_list_3": "Pressione prolongadamente a rede para a qual você está conectado e toque em Modificar rede",
    "install_devices_android_list_4": "Em alguns dispositivos, talvez seja necessário marcar a caixa Avançado para ver as outras configurações. Para ajustar suas configurações de DNS do Android, você precisará alternar as configurações de IP de DHCP para Estático.",
-    "install_devices_android_list_5": "Altere os valores DNS 1 e DNS 2 para os endereços de servidores do AdGuard Home.",
+    "install_devices_android_list_5": "Altere o conjunto dos valores DNS 1 e DNS 2 para os endereços de servidores do AdGuard Home.",
    "install_devices_ios_list_1": "Na tela incial, toque em Ajustes.",
    "install_devices_ios_list_2": "Selecione Wi-Fi no menu esquerdo (não é possível configurar o DNS em conexões de dados móveis).",
    "install_devices_ios_list_3": "Toque no nome da rede atualmente ativa.",
@@ -593,7 +591,7 @@
    "filter_category_regional": "Regional",
    "filter_category_other": "Outro",
    "filter_category_general_desc": "Listas que bloqueiam o rastreamento e a publicidade na maioria dos dispositivos",
-    "filter_category_security_desc": "Listas projetadas especificamente em bloquear domínios maliciosos, de phishing e fraude",
+    "filter_category_security_desc": "Listas especializadas em bloquear domínios de malware, phishing ou fraude",
    "filter_category_regional_desc": "Listas focadas em anúncios regionais e servidores de rastreamento",
    "filter_category_other_desc": "Outras listas de bloqueio",
    "setup_config_to_enable_dhcp_server": "Configure a configuração para ativar o servidor DHCP",
--- a/client/src/__locales/pt-pt.json
+++ b/client/src/__locales/pt-pt.json
@@ -8,17 +8,15 @@
    "load_balancing_desc": "Consulte um servidor DNS primário por vez. O AdGuard Home usará o algoritmo aleatório ponderado para escolher o servidor para que o servidor mais rápido seja usado com mais frequência.",
    "bootstrap_dns": "Servidores DNS de arranque",
    "bootstrap_dns_desc": "Servidores DNS de inicialização são usados para resolver endereços IP dos resolvedores DoH/DoT que especifica como upstreams.",
-    "local_ptr_title": "Servidores DNS reversos privados",
+    "local_ptr_title": "Servidores DNS privados",
    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usa para consultas PTR locais. Esses servidores são usados para resolver os nomes de host de clientes com endereços IP privados, por exemplo \"192.168.12.34\", usando rDNS. Se não for definido, o AdGuard Home usa os resolvedores DNS padrão do seu sistema operacional.",
    "local_ptr_placeholder": "Insira um endereço de servidor por linha",
    "resolve_clients_title": "Ativar resolução reversa de endereços IP de clientes",
-    "resolve_clients_desc": "Se ativado, o AdGuard Home tentará resolver de forma reversa os endereços IP dos clientes em seus nomes de host, enviando consultas PTR aos resolvedores correspondentes (servidores DNS privados para clientes locais, servidor DNS primário para clientes com endereços IP públicos).",
-    "use_private_ptr_resolvers_title": "Use resolvedores rDNS privados",
-    "use_private_ptr_resolvers_desc": "Execute pesquisas reversas de DNS para endereços servidos localmente usando esses servidores DNS primário. Se desativado, o AdGuard Home responde com NXDOMAIN a todas essas solicitações PTR, exceto para clientes conhecidos de DHCP, /etc/hosts e assim por diante.",
+    "resolve_clients_desc": "Se activado, o AdGuard Home tentará resolver de forma reversa os endereços IP dos clientes em seus nomes de host, enviando consultas PTR aos resolvedores correspondentes (servidores DNS privados para clientes locais, servidor DNS primário para clientes com endereços IP públicos).",
    "check_dhcp_servers": "Verificar por servidores DHCP",
    "save_config": "Guardar definição",
-    "enabled_dhcp": "Servidor DHCP ativado",
-    "disabled_dhcp": "Servidor DHCP desativado",
+    "enabled_dhcp": "Servidor DHCP activado",
+    "disabled_dhcp": "Servidor DHCP desactivado",
    "unavailable_dhcp": "DHCP não está disponível",
    "unavailable_dhcp_desc": "O AdGuard Home não pode executar um servidor DHCP em seu sistema operacional",
    "dhcp_title": "Servidor DHCP (experimental)",
@@ -51,7 +49,7 @@
    "dhcp_form_range_end": "Final da faixa",
    "dhcp_form_lease_title": "Tempo de concessão do DHCP (em segundos)",
    "dhcp_form_lease_input": "Duração da concessão",
-    "dhcp_interface_select": "Selecione a interface DHCP",
+    "dhcp_interface_select": "Seleccione a interface DHCP",
    "dhcp_hardware_address": "Endereço de hardware",
    "dhcp_ip_addresses": "Endereços de IP",
    "ip": "IP",
@@ -60,7 +58,7 @@
    "dhcp_warning": "Se tu quiser ativar o servidor DHCP de qualquer maneira, certifique-se de que não haja outro servidor DHCP ativo em tua rede, pois isso pode quebrar a conectividade com a Internet para dispositivos na rede!",
    "dhcp_error": "O AdGuard Home não conseguiu determinar se há noutro servidor DHCP ativo na rede.",
    "dhcp_static_ip_error": "Para usar o servidor DHCP, deve definir um endereço IP estático. AdGuard Home não conseguiu determinar se essa interface de rede está configurada usando o endereço de IP estático. Por favor, defina um endereço IP estático manualmente.",
-    "dhcp_dynamic_ip_found": "O seu sistema usa a configuração de endereço IP dinâmico para a interface <0>{{interfaceName}}</0>. Para usar o servidor DHCP, deve definir um endereço de IP estático. O seu endereço IP atual é <0> {{ipAddress}} </ 0>. AdGuard Home irá definir automaticamente este endereço IP como estático se pressionar o botão \"Ativar servidor DHCP\".",
+    "dhcp_dynamic_ip_found": "O seu sistema usa a configuração de endereço IP dinâmico para a interface <0>{{interfaceName}}</0>. Para usar o servidor DHCP, deve definir um endereço de IP estático. O seu endereço IP actual é <0> {{ipAddress}} </ 0>. AdGuard Home irá definir automaticamente este endereço IP como estático se pressionar o botão \"Ativar servidor DHCP\".",
    "dhcp_lease_added": "Concessão estática \"{{key}}\" adicionada com sucesso",
    "dhcp_lease_deleted": "Concessão estática \"{{key}}\" excluída com sucesso",
    "dhcp_new_static_lease": "Nova concessão estática",
@@ -147,19 +145,19 @@
    "test_upstream_btn": "Testar DNS primário",
    "upstreams": "DNS primário",
    "apply_btn": "Aplicar",
-    "disabled_filtering_toast": "Filtragem desativada",
-    "enabled_filtering_toast": "Filtragem ativada",
-    "disabled_safe_browsing_toast": "Navegação segura desativada",
-    "enabled_safe_browsing_toast": "Navegação segura ativada",
-    "disabled_parental_toast": "Controlo parental desativado",
-    "enabled_parental_toast": "Controlo parental ativado",
-    "disabled_safe_search_toast": "Pesquisa segura desativada",
-    "enabled_save_search_toast": "Pesquisa segura ativada",
-    "enabled_table_header": "Ativado",
+    "disabled_filtering_toast": "Filtragem desactivada",
+    "enabled_filtering_toast": "Filtragem activada",
+    "disabled_safe_browsing_toast": "Navegação segura desactivada",
+    "enabled_safe_browsing_toast": "Navegação segura activada",
+    "disabled_parental_toast": "Controlo parental desactivado",
+    "enabled_parental_toast": "Controlo parental activado",
+    "disabled_safe_search_toast": "Pesquisa segura desactivada",
+    "enabled_save_search_toast": "Pesquisa segura activada",
+    "enabled_table_header": "Activados",
    "name_table_header": "Nome",
    "list_url_table_header": "URL da lista",
    "rules_count_table_header": "Total de Regras",
-    "last_time_updated_table_header": "Última atualização",
+    "last_time_updated_table_header": "Última actualização",
    "actions_table_header": "Acções",
    "request_table_header": "Solicitação",
    "edit_table_action": "Editar",
@@ -173,7 +171,7 @@
    "cancel_btn": "Cancelar",
    "enter_name_hint": "Insira o nome",
    "enter_url_or_path_hint": "Digite a URL ou o local da lista",
-    "check_updates_btn": "Verificar atualizações",
+    "check_updates_btn": "Verificar actualizações",
    "new_blocklist": "Nova lista de bloqueio",
    "new_allowlist": "Nova lista de permissões",
    "edit_blocklist": "Editar lista de bloqueio",
@@ -201,9 +199,9 @@
    "example_upstream_sdns": "pode usar <0>DNS Stamps</0> para o <1>DNSCrypt</1> ou usar os resolvedores <2>DNS-sobre-HTTPS</2>",
    "example_upstream_tcp": "dNS regular (através do TCP)",
    "all_lists_up_to_date_toast": "Todas as listas já estão atualizadas",
-    "updated_upstream_dns_toast": "A atualizar os servidores DNS primário",
-    "dns_test_ok_toast": "Os servidores DNS especificados estão a funcionar corretamente",
-    "dns_test_not_ok_toast": "O servidor \"{{key}}\": não pôde ser utilizado. Por favor, verifique se o escreveu corretamente",
+    "updated_upstream_dns_toast": "A actualizar os servidores DNS upstream",
+    "dns_test_ok_toast": "Os servidores DNS especificados estão a funcionar correctamente",
+    "dns_test_not_ok_toast": "O servidor \"{{key}}\": não pôde ser utilizado. Por favor, verifique se o escreveu correctamente",
    "unblock": "Desbloquear",
    "block": "Bloquear",
    "disallow_this_client": "Não permitir este cliente",
@@ -222,25 +220,25 @@
    "show_all_filter_type": "Mostrar todos",
    "show_filtered_type": "Mostrar filtrados",
    "no_logs_found": "Nenhum registo encontrado",
-    "refresh_btn": "Atualizar",
+    "refresh_btn": "Actualizar",
    "previous_btn": "Anterior",
    "next_btn": "Seguinte",
    "loading_table_status": "A carregar...",
    "page_table_footer_text": "Página",
    "rows_table_footer_text": "linhas",
-    "updated_custom_filtering_toast": "Regras de filtragem personalizadas atualizadas",
+    "updated_custom_filtering_toast": "Regras de filtragem personalizadas actualizadas",
    "rule_removed_from_custom_filtering_toast": "Regra removida das regras de filtragem personalizadas: {{rule}}",
    "rule_added_to_custom_filtering_toast": "Regra adicionada às regras de filtragem personalizadas: {{rule}}",
    "query_log_response_status": "Status: {{value}}",
    "query_log_filtered": "Filtrado por {{filter}}",
    "query_log_confirm_clear": "Tem a certeza de que deseja limpar todo o registo de consulta?",
    "query_log_cleared": "O registo de consulta foi limpo com sucesso",
-    "query_log_updated": "O registro da consulta foi atualizado com sucesso",
+    "query_log_updated": "O registro da consulta foi actualizado com sucesso",
    "query_log_clear": "Limpar registos de consulta",
    "query_log_retention": "Retenção de registos de consulta",
    "query_log_enable": "Ativar registo",
    "query_log_configuration": "Definições do registo",
-    "query_log_disabled": "O registo de consulta está desativado e pode ser configurado em <0>definições</0>",
+    "query_log_disabled": "O registo de consulta está desactivado e pode ser configurado em <0>definições</0>",
    "query_log_strict_search": "Usar aspas duplas para uma pesquisa rigorosa",
    "query_log_retention_confirm": "Tem a certeza de que deseja alterar a retenção do registo de consulta? Se diminuir o valor do intervalo, alguns dados serão perdidos",
    "anonymize_client_ip": "Tornar anónimo o IP do cliente",
@@ -270,7 +268,7 @@
    "form_enter_rate_limit": "Insira o limite de taxa",
    "rate_limit": "Limite de taxa",
    "edns_enable": "Ativar sub-rede do cliente EDNS",
-    "edns_cs_desc": "Se ativado, o AdGuard Home enviará sub-redes dos clientes para os servidores DNS.",
+    "edns_cs_desc": "Se activado, o AdGuard Home enviará sub-redes dos clientes para os servidores DNS.",
    "rate_limit_desc": "O número de solicitações por segundo permitido por cliente. Configurando para 0 significa sem limite.",
    "blocking_ipv4_desc": "Endereço IP a ser devolvido para uma solicitação A bloqueada",
    "blocking_ipv6_desc": "Endereço IP a ser devolvido para uma solicitação AAAA bloqueada",
@@ -309,9 +307,9 @@
    "install_devices_title": "Configure os seus dispositivos",
    "install_devices_desc": "Para que o AdGuard Home comece a funcionar, precisa de configurar os seus dispositivos para o poder usar.",
    "install_submit_title": "Parabéns!",
-    "install_submit_desc": "O procedimento de configuração está concluído e agora você está pronto para começar a usar o AdGuard Home.",
+    "install_submit_desc": "O procedimento de definição está concluído e está pronto para começar a usar o AdGuard Home.",
    "install_devices_router": "Router",
-    "install_devices_router_desc": "Esta configuração cobre automaticamente todos os dispositivos conectados ao seu router doméstico, sem a necessidade de configurar cada um deles manualmente.",
+    "install_devices_router_desc": "Esta definição cobrirá automaticamente todos os dispositivos ligados ao seu router doméstico e não irá precisar de configurar cada um deles manualmente.",
    "install_devices_address": "O servidor de DNS do AdGuard Home está a capturar os seguintes endereços",
    "install_devices_router_list_1": "Abra as preferências do seu roteador. Normalmente, tu podes acessá-lo de teu navegador por meio de um URL, como http://192.168.0.1/ ou http://192.168.1.1/. Tu podes ser solicitado a inserir uma palavra-passe. Se tu não se lembrar, muitas vezes tu podes repor a palavra-passe pressionando um botão no próprio roteador, mas esteja ciente de que se esse procedimento for escolhido, tu provavelmente perderás toda a definição do roteador. Se o teu roteador requer uma aplicação para configurá-lo, instale a aplicação no seu telefone ou PC e use-o para acessar as definições do roteador.",
    "install_devices_router_list_2": "Encontre as configurações de DNS. Procure as letras DNS ao lado de um campo que permite dois ou três conjuntos de números, cada um dividido em quatro grupos de um a três números.",
@@ -320,21 +318,21 @@
    "install_devices_windows_list_1": "Abra o Painel de Controlo através do Menu Iniciar ou pela Pesquisa do Windows.",
    "install_devices_windows_list_2": "Entre na categoria Rede e Internet e depois clique em Central de Rede e Partilha.",
    "install_devices_windows_list_3": "No lado esquerdo da janela clique em Alterar as definições do adaptador.",
-    "install_devices_windows_list_4": "Selecione sua atual ligação, clique nela com o botão direito do rato e depois clique em Propriedades.",
-    "install_devices_windows_list_5": "Procure na lista por Internet Protocol Version 4 (TCP/IP), selecione e clique novamente em Propriedades.",
+    "install_devices_windows_list_4": "Seleccione sua actual ligação, clique nela com o botão direito do rato e depois clique em Propriedades.",
+    "install_devices_windows_list_5": "Procure na lista por Internet Protocol Version 4 (TCP/IP), seleccione e clique novamente em Propriedades.",
    "install_devices_windows_list_6": "Marque Usar os seguintes endereços de servidor DNS e insira os endereços do servidores do AdGuard Home.",
    "install_devices_macos_list_1": "Clique na ícone da Apple e depois em Preferências do Sistema.",
    "install_devices_macos_list_2": "Clique em Rede.",
-    "install_devices_macos_list_3": "Selecione a primeira ligação da lista e clique em Avançado.",
-    "install_devices_macos_list_4": "Selecione a guia DNS e insira os endereços dos servidores do AdGuard Home.",
+    "install_devices_macos_list_3": "Seleccione a primeira ligação da lista e clique em Avançado.",
+    "install_devices_macos_list_4": "Seleccione a guia DNS e insira os endereços dos servidores do AdGuard Home.",
    "install_devices_android_list_1": "No painel inicial do menu Android, toque em Definições.",
    "install_devices_android_list_2": "Toque em Wi-Fi no menu. O painel com todas as redes será exibida (não é possível configurar DNS personalizado para uma conexão de dados móveis).",
    "install_devices_android_list_3": "Pressione prolongadamente a rede à qual está ligado e toque em Modificar Rede.",
    "install_devices_android_list_4": "Toque em Wi-Fi no menu. O painel com todas as redes será exibida (não é possível configurar DNS personalizado para uma conexão de dados móveis).",
-    "install_devices_android_list_5": "Altere os valores DNS 1 e DNS 2 para os endereços de servidores do AdGuard Home.",
+    "install_devices_android_list_5": "Altere o conjunto dos valores DNS 1 e DNS 2 para os endereços de servidores do AdGuard Home.",
    "install_devices_ios_list_1": "No painel inicial, toque em Definições.",
-    "install_devices_ios_list_2": "Selecione Wi-Fi no menu esquerdo (não é possível configurar o DNS em conexões de dados móveis).",
-    "install_devices_ios_list_3": "Toque no nome da rede atualmente ativa.",
+    "install_devices_ios_list_2": "Seleccione Wi-Fi no menu esquerdo (não é possível configurar o DNS em conexões de dados móveis).",
+    "install_devices_ios_list_3": "Toque no nome da rede actualmente activa.",
    "install_devices_ios_list_4": "No campo DNS, digite os endereços dos servidores do AdGuard Home.",
    "get_started": "Vamos Começar",
    "next": "Seguinte",
@@ -346,8 +344,8 @@
    "encryption_server": "Nome do servidor",
    "encryption_server_enter": "Insira o seu nome de domínio",
    "encryption_server_desc": "Para usar HTTPS, você precisa inserir o nome do servidor que corresponda ao seu certificado SSL ou certificado curinga. Se o campo não estiver definido, ele aceitará conexões TLS para qualquer domínio.",
-    "encryption_redirect": "Redirecionar automaticamente para HTTPS",
-    "encryption_redirect_desc": "Se marcado, o AdGuard Home irá redirecionar automaticamente os endereços HTTP para HTTPS.",
+    "encryption_redirect": "Redireccionar automaticamente para HTTPS",
+    "encryption_redirect_desc": "Se marcado, o AdGuard Home irá redireccionar automaticamente os endereços HTTP para HTTPS.",
    "encryption_https": "Porta HTTPS",
    "encryption_https_desc": "Se a porta HTTPS estiver configurada, a interface administrativa do AdGuard Home será acessível via HTTPS e também fornecerá o DNS-sobre-HTTPS no local '/dns-query'.",
    "encryption_dot": "Porta DNS-sobre-TLS",
@@ -362,7 +360,7 @@
    "encryption_key": "Chave privada",
    "encryption_key_input": "Copie/cole aqui a chave privada codificada em PEM para o seu certificado.",
    "encryption_enable": "Ativar criptografia (HTTPS, DNS-sobre-HTTPS e DNS-sobre-TLS)",
-    "encryption_enable_desc": "Se a criptografia estiver ativada, a interface administrativa do AdGuard Home funcionará em HTTPS, o servidor DNS irá capturar as solicitações por meio do DNS-sobre-HTTPS e DNS-sobre-TLS.",
+    "encryption_enable_desc": "Se a criptografia estiver activada, a interface administrativa do AdGuard Home funcionará em HTTPS, o servidor DNS irá capturar as solicitações por meio do DNS-sobre-HTTPS e DNS-sobre-TLS.",
    "encryption_chain_valid": "Cadeia de certificado válida",
    "encryption_chain_invalid": "A cadeia de certificado é inválida",
    "encryption_key_valid": "Esta é uma chave privada {{type}} válida",
@@ -371,8 +369,8 @@
    "encryption_issuer": "Emissor",
    "encryption_hostnames": "Nomes dos servidores",
    "encryption_reset": "Tem a certeza de que deseja repor a definição de criptografia?",
-    "topline_expiring_certificate": "O seu certificado SSL está prestes a expirar. Atualize as suas <0>definições de criptografia</0>.",
-    "topline_expired_certificate": "O seu certificado SSL está expirado. Atualize as suas <0>definições de criptografia</0>.",
+    "topline_expiring_certificate": "O seu certificado SSL está prestes a expirar. Actualize as suas <0>definições de criptografia</0>.",
+    "topline_expired_certificate": "O seu certificado SSL está expirado. Actualize as suas <0>definições de criptografia</0>.",
    "form_error_port_range": "Digite um numero de porta entre 80 e 65535",
    "form_error_port_unsafe": "Esta porta não é segura",
    "form_error_equal": "Não deve ser igual",
@@ -386,9 +384,9 @@
    "down": "Caiu",
    "fix": "Corrigido",
    "dns_providers": "Aqui está uma <0>lista de provedores de DNS conhecidos</0> para escolher.",
-    "update_now": "Atualizar agora",
-    "update_failed": "A atualização automática falhou. Por favor, <a>siga estes passos</a> para atualizar manualmente.",
-    "processing_update": "Por favor espere, o AdGuard Home está a atualizar-se",
+    "update_now": "Actualizar agora",
+    "update_failed": "A actualização automática falhou. Por favor, <a>siga estes passos</a> para actualizar manualmente.",
+    "processing_update": "Por favor espere, o AdGuard Home está a actualizar-se",
    "clients_title": "Clientes",
    "clients_desc": "Configure os dispositivos ligados ao AdGuard",
    "settings_global": "Global",
@@ -412,7 +410,7 @@
    "client_global_settings": "Usar definições globais",
    "client_deleted": "Cliente \"{{key}}\" excluído com sucesso",
    "client_added": "Cliente \"{{key}}\" adicionado com sucesso",
-    "client_updated": "Cliente \"{{key}}\" atualizado com sucesso",
+    "client_updated": "Cliente \"{{key}}\" actualizado com sucesso",
    "clients_not_found": "Nenhum cliente foi encontrado",
    "client_confirm_delete": "Tem a certeza de que deseja excluir o cliente \"{{key}}\"?",
    "list_confirm_delete": "Você tem certeza de que deseja excluir essa lista?",
@@ -427,9 +425,9 @@
    "access_blocked_title": "Domínios bloqueados",
    "access_blocked_desc": "Não confunda isso com filtros. O AdGuard Home irá descartar as consultas DNS com esses domínios nas questões das consultas. Aqui tu podes especificar os nomes de domínio exatos, caracteres curinga e regras de filtro de URL, por exemplo. \"example.org\", \"*.example.org\" ou \"||example.org^\".",
    "access_settings_saved": "Definições de acesso foram guardadas com sucesso",
-    "updates_checked": "Atualizações verificadas com sucesso",
-    "updates_version_equal": "O AdGuard Home está atualizado",
-    "check_updates_now": "Verificar atualizações",
+    "updates_checked": "Actualizações verificadas com sucesso",
+    "updates_version_equal": "O AdGuard Home está actualizado",
+    "check_updates_now": "Verificar actualizações",
    "dns_privacy": "Privacidade de DNS",
    "setup_dns_privacy_1": "<0>DNS-sobre-TLS:</0> Use <1>{{address}}</1> string.",
    "setup_dns_privacy_2": "<0>DNS-sobre-HTTPS:</0> Use <1>{{address}}</1> string.",
@@ -498,8 +496,8 @@
    "interval_hours_plural": "{{count}} horas",
    "filters_configuration": "Definição dos filtros",
    "filters_enable": "Ativar filtros",
-    "filters_interval": "Intervalo de atualização de filtros",
-    "disabled": "Desativado",
+    "filters_interval": "Intervalo de actualização de filtros",
+    "disabled": "Desactivado",
    "username_label": "Nome do utilizador",
    "username_placeholder": "Insira o nome de utilizador",
    "password_label": "Palavra-passe",
@@ -533,8 +531,8 @@
    "autofix_warning_list": "Irá realizar estas tarefas: <0>Desativar sistema DNSStubListener</0> <0>Definir endereço do servidor DNS para 127.0.0.1</0> <0>Substituir o alvo simbólico do link /etc/resolv.conf para /run/systemd/resolv.conf</0> <0>Parar DNSStubListener (recarregar serviço resolvido pelo sistema)</0>",
    "autofix_warning_result": "Como resultado, todos as solicitações DNS do seu sistema serão processadas pelo AdGuard Home por predefinição.",
    "tags_title": "Etiquetas",
-    "tags_desc": "Tu podes selecionar as etiquetas que correspondem ao cliente. As etiquetas podem ser incluídas nas regras de filtragem e permitir que tu as aplique com mais precisão. <0>Saiba mais</0>",
-    "form_select_tags": "Selecione as tags do cliente",
+    "tags_desc": "Tu podes seleccionar as etiquetas que correspondem ao cliente. As etiquetas podem ser incluídas nas regras de filtragem e permitir que tu as aplique com mais precisão. <0>Saiba mais</0>",
+    "form_select_tags": "Seleccione as tags do cliente",
    "check_title": "Verifique a filtragem",
    "check_desc": "Verificar se o nome do host está sendo filtrado",
    "check": "Verificar",
@@ -560,8 +558,8 @@
    "install_static_error": "O AdGuard Home não pode configurar automaticamente para esta interface de rede. Por favor, procure uma instrução sobre como fazer isso manualmente.",
    "install_static_configure": "O AdGuard Home detectou que o endereço IP dinâmico <0>{{ip}}</0> está sendo usado. Tu desejas que seja definido como teu endereço estático?",
    "confirm_static_ip": "O AdGuard Home irá configurar {{ip}} para ser seu endereço IP estático. Deseja continuar?",
-    "list_updated": "{{count}} lista atualizada",
-    "list_updated_plural": "{{count}} listas atualizadas",
+    "list_updated": "{{count}} lista actualizada",
+    "list_updated_plural": "{{count}} listas actualizadas",
    "dnssec_enable": "Ativar DNSSEC",
    "dnssec_enable_desc": "Definir a flag DNSSEC nas consultas de DNS em andamento e verificar o resultado (é necessário um resolvedor DNSSEC ativado)",
    "validated_with_dnssec": "Validado com DNSSEC",
@@ -593,7 +591,7 @@
    "filter_category_regional": "Regional",
    "filter_category_other": "Noutro",
    "filter_category_general_desc": "Listas que bloqueiam o monitorização e a publicidade na maioria dos dispositivos",
-    "filter_category_security_desc": "Listas projetadas especificamente em bloquear domínios maliciosos, de phishing e fraude",
+    "filter_category_security_desc": "Listas especializadas em bloquear domínios de malware, phishing ou fraude",
    "filter_category_regional_desc": "Listas focadas em anúncios regionais e servidores de monitorização",
    "filter_category_other_desc": "Outras listas de bloqueio",
    "setup_config_to_enable_dhcp_server": "Defina a configuração para ativar o servidor DHCP",
--- a/client/src/__locales/ru.json
+++ b/client/src/__locales/ru.json
@@ -8,13 +8,11 @@
    "load_balancing_desc": "Запрашивайте по одному серверу за раз. AdGuard Home будет использовать случайный алгоритм для выбора сервера, так что самый быстрый сервер будет использоваться чаще.",
    "bootstrap_dns": "Bootstrap DNS-серверы",
    "bootstrap_dns_desc": "Bootstrap DNS-серверы используются для поиска IP-адресов DoH/DoT серверов, которые вы указали.",
-    "local_ptr_title": "Приватные серверы для обратного DNS",
+    "local_ptr_title": "Приватные DNS-серверы",
    "local_ptr_desc": "DNS-серверы, которые AdGuard Home использует для локальных PTR-запросов. Эти серверы используются, чтобы получить доменные имена клиентов с приватными IP-адресами, например «192.168.12.34», с помощью rDNS. Если список пуст, AdGuard Home использует DNS-серверы по умолчанию вашей ОС.",
    "local_ptr_placeholder": "Введите по одному адресу на строчку",
    "resolve_clients_title": "Включить запрашивание доменных имён для IP-адресов клиентов",
    "resolve_clients_desc": "AdGuard Home будет пытаться определить доменные имена клиентов через PTR-запросы к соответствующим серверам (приватные DNS-серверы для локальных клиентов, upstream-сервер для клиентов с публичным IP-адресом).",
-    "use_private_ptr_resolvers_title": "Использовать приватные rDNS-резолверы",
-    "use_private_ptr_resolvers_desc": "Посылать обратные DNS-запросы для локально обслуживаемых адресов на указанные серверы. Если отключено, AdGuard Home будет отвечать NXDOMAIN на все подобные PTR-запросы, кроме запросов о клиентах, уже известных по DHCP, /etc/hosts и так далее.",
    "check_dhcp_servers": "Проверить DHCP-серверы",
    "save_config": "Сохранить конфигурацию",
    "enabled_dhcp": "DHCP-сервер включён",
@@ -309,9 +307,9 @@
    "install_devices_title": "Настройте ваши устройства",
    "install_devices_desc": "Для того, чтобы использовать AdGuard Home, вам нужно настроить ваши устройства на его использование.",
    "install_submit_title": "Поздравляем!",
-    "install_submit_desc": "Процедура настройки завершена, AdGuard Home готов к использованию.",
+    "install_submit_desc": "Процедура настройки завершена и вы готовы начать использование AdGuard Home.",
    "install_devices_router": "Роутер",
-    "install_devices_router_desc": "Эта настройка покроет все устройства, подключенные к вашему домашнему роутеру, и вам не нужно будет настраивать каждое вручную.",
+    "install_devices_router_desc": "Такая настройка автоматически покроет все устройства, использующие ваш домашний роутер, и вам не нужно будет настраивать каждое из них в отдельности.",
    "install_devices_address": "DNS-сервер AdGuard Home доступен по следующим адресам",
    "install_devices_router_list_1": "Откройте настройки вашего роутера. Обычно вы можете открыть их в вашем браузере, например, http://192.168.0.1/ или http://192.168.1.1/. Вас могут попросить ввести пароль. Если вы не помните его, пароль часто можно сбросить, нажав на кнопку на самом роутере, но помните, что эта процедура может привести к потере всей конфигурации роутера. Если вашему роутеру необходимо приложение для настройки, установите его на свой телефон или ПК и воспользуйтесь им для настройки роутера.",
    "install_devices_router_list_2": "Найдите настройки DHCP или DNS. Найдите буквы «DNS» рядом с текстовым полем, в которое можно ввести два или три ряда цифр, разделенных на 4 группы от одной до трёх цифр.",
@@ -331,7 +329,7 @@
    "install_devices_android_list_2": "Выберите пункт «Wi-Fi». Появится экран со списком доступных сетей (настройка DNS недоступна для мобильных сетей).",
    "install_devices_android_list_3": "Долгим нажатием по текущей сети вызовите меню, в котором нажмите «Изменить сеть».",
    "install_devices_android_list_4": "На некоторых устройствах может потребоваться нажать «Расширенные настройки». Чтобы получить возможность изменять настройки DNS, вам потребуется переключить «Настройки IP» на «Пользовательские».",
-    "install_devices_android_list_5": "Замените заданные значения DNS 1 и DNS 2 на адреса серверов AdGuard Home.",
+    "install_devices_android_list_5": "Теперь можно изменить поля «DNS 1» и «DNS 2». Введите в них адреса AdGuard Home.",
    "install_devices_ios_list_1": "Войдите в меню настроек устройства.",
    "install_devices_ios_list_2": "Выберите пункт «Wi-Fi» (для мобильных сетей ручная настройка DNS невозможна).",
    "install_devices_ios_list_3": "Нажмите на название сети, к которой устройство подключено в данный момент.",
@@ -425,7 +423,7 @@
    "access_disallowed_title": "Запрещённые клиенты",
    "access_disallowed_desc": "Список CIDR- или IP-адресов. Если он настроен, AdGuard Home будет игнорировать запросы с этих IP-адресов.",
    "access_blocked_title": "Неразрешённые домены",
-    "access_blocked_desc": "Не путайте это с фильтрами. AdGuard Home будет игнорировать DNS-запросы с этими доменами. Здесь вы можете уточнить точные имена доменов, шаблоны, правила URL-фильтрации, например, «example.org», «*.example.org» или «||example.org».",
+    "access_blocked_desc": "Не путайте это с фильтрами. AdGuard Home будет игнорировать DNS-запросы с этими доменами. Здесь вы можете уточнить точные имена доменов, шаблоны, правила URL-фильтрации, например, «пример.org», «*.пример.org» или «||пример.org».",
    "access_settings_saved": "Настройки доступа успешно сохранены",
    "updates_checked": "Проверка обновлений прошла успешно",
    "updates_version_equal": "Версия AdGuard Home актуальна",
@@ -593,7 +591,7 @@
    "filter_category_regional": "Региональные",
    "filter_category_other": "Другие",
    "filter_category_general_desc": "Списки, которые блокируют отслеживание и рекламу на большинстве устройств",
-    "filter_category_security_desc": "Списки, созданные специально для блокировки вредоносных, фишинговых и мошеннических доменов",
+    "filter_category_security_desc": "Списки, которые специализируются на блокировке вредоносных программ, фишинговых или мошеннических доменов",
    "filter_category_regional_desc": "Списки, которые фокусируются на региональной рекламе и серверах отслеживания",
    "filter_category_other_desc": "Другие списки блокировки",
    "setup_config_to_enable_dhcp_server": "Настроить конфигурацию для включения DHCP-сервера",
--- a/client/src/__locales/sl.json
+++ b/client/src/__locales/sl.json
@@ -8,13 +8,11 @@
    "load_balancing_desc": "Poizvedujte po enem gorvodnem strežniku. AdGuard Home bo uporabil tehtani naključni algoritem za izbiro strežnika, tako da bo najhitrejši strežnik pogosteje uporabljen.",
    "bootstrap_dns": "Zagonski DNS strežniki",
    "bootstrap_dns_desc": "Zagonski DNS strežniki se uporabljajo za razreševanje IP naslovov DoH/DoT reševalcev, ki jih določite kot navzgornje.",
-    "local_ptr_title": "Zasebni povratni strežniki DNS",
+    "local_ptr_title": "Zasebni strežniki DNS",
    "local_ptr_desc": "Strežniki DNS, ki jih AdGuard Home uporablja za lokalne poizvedbe PTR. Ti strežniki se uporabljajo za razreševanje imen gostiteljev z zasebnimi naslovi IP, na primer \"192.168.12.34\" uporablja rDNS. Če ni nastavljen, AdGuard Home uporablja privzete rešitve DNS vašega OS.",
    "local_ptr_placeholder": "V vrstico vnesite en naslov strežnika",
    "resolve_clients_title": "Omogoči obratno reševanje naslovov IP gostiteljev",
    "resolve_clients_desc": "Če je omogočeno, bo AdGuard Home poskušal samodejno razrešiti gostiteljska imena odjemalcev iz njihovih naslovov IP tako, da pošlje poizvedbo PTR ustreznemu razreševalniku (zasebni strežniki DNS za lokalne odjemalce, gorvodni strežnik za odjemalce z javnimi naslovi IP).",
-    "use_private_ptr_resolvers_title": "Uporabi zasebne razreševalnike rDNS",
-    "use_private_ptr_resolvers_desc": "Izvedi povratne preglede DNS za lokalno oskrbljene naslove s pomočjo teh gorvodnih strežnikov. Če je AdGuard onemogočen, se z NXDOMAIN odzove na vse takšne zahteve PTR, razen za odjemalce, znane iz DHCP,/etc/gostiteljev itd.",
    "check_dhcp_servers": "Preveri strežnike DHCP",
    "save_config": "Shrani nastavitve",
    "enabled_dhcp": "Strežnik DHCP je omogočen",
@@ -309,9 +307,9 @@
    "install_devices_title": "Konfigurirajte svoje naprave",
    "install_devices_desc": "Če želite, da AdGuard Home začne delovati, morate konfigurirati vaše naprave, da jih bo uporabljal.",
    "install_submit_title": "Čestitamo!",
-    "install_submit_desc": "Postopek namestitve je končan in zdaj ste pripravljeni na uporabo AdGuard Home.",
+    "install_submit_desc": "Postopek namestitve je končan in pripravljeni ste začeti uporabljati AdGuard Home.",
    "install_devices_router": "Usmerjevalnik",
-    "install_devices_router_desc": "Ta namestitev samodejno pokriva vse naprave, povezane z vašim domačim usmerjevalnikom, zato vam jih ni treba ročno nastaviti.",
+    "install_devices_router_desc": "Ta namestitev bo samodejno pokrila vse naprave, povezane z domačim usmerjevalnikom, zato vam jih ni treba ročno konfigurirati.",
    "install_devices_address": "AdGuard Home strežnik DNS posluša naslednje naslove",
    "install_devices_router_list_1": "Odprite nastavitve vašega usmerjevalnika. Običajno lahko imate dostop do njega iz brskalnika prek URL naslova, kot je http://192.168.0.1/ ali http://192.168.1.1/. Morda boste pozvani, da vnesete geslo. Če se tega ne spomnite, lahko geslo pogosto ponastavite s pritiskom na gumb na samem usmerjevalniku, vendar se zavedajte, da če izberete ta postopek, boste verjetno izgubili celotne nastavitve usmerjevalnika. Nekateri usmerjevalniki zahtevajo posebno aplikacijo, ki mora v tem primeru biti že nameščena v vašem računalniku ali telefonu.",
    "install_devices_router_list_2": "Poiščite nastavitve DHCP/DNS. Poiščite črke DNS poleg polja, ki dovoljuje dva ali tri naborov številk, pri čemer je vsaka razdeljena na štiri skupine z enim do tremi števili.",
@@ -593,7 +591,7 @@
    "filter_category_regional": "Področno",
    "filter_category_other": "Drugo",
    "filter_category_general_desc": "Seznami, ki zavirajo sledenje in oglaševanje na večini naprav",
-    "filter_category_security_desc": "Seznami, posebej zasnovani za onemogočanje zlonamernih domen, domen z lažnim predstavljanjem in prevarami",
+    "filter_category_security_desc": "Seznami, ki so specializirani za onemogočanje domen zlonamernih programov, lažnega predstavljanja ali prevar",
    "filter_category_regional_desc": "Seznami, ki so osredotočeni na področne oglase in strežnike za sledenje",
    "filter_category_other_desc": "Drugi seznami za zaviranje",
    "setup_config_to_enable_dhcp_server": "Nastavite nastavitve, da omogočite strežnik DHCP",
--- a/client/src/__locales/vi.json
+++ b/client/src/__locales/vi.json
@@ -1,19 +1,13 @@
 {
    "client_settings": "Cài đặt máy khách",
-    "example_upstream_reserved": "bạn có thể chỉ định DNS ngược tuyến <0>cho một tên miền cụ thể(hoặc nhiều)</0>",
-    "example_upstream_comment": "Bạn có thể thêm chú thích cụ thể",
-    "upstream_parallel": "Sử dụng truy vấn song song để tăng tốc độ giải quyết bằng cách truy vấn đồng thời tất cả các máy chủ ngược tuyến",
    "parallel_requests": "Yêu cầu song song",
    "load_balancing": "Cân bằng tải",
-    "load_balancing_desc": "Chỉ truy xuất một máy chủ trong cùng thời điểm. AdGuard Home sẽ sử dụng thuật toán trọng số ngẫu nhiên để chọn một máy chủ nhanh nhất và sử dụng máy chủ đó thường xuyên hơn.",
    "bootstrap_dns": "Máy chủ DNS Bootstrap",
    "bootstrap_dns_desc": "Máy chủ DNS Bootstrap được sử dụng để phân giải địa chỉ IP của bộ phân giải DoH/DoT mà bạn chỉ định là ngược tuyến.",
    "local_ptr_desc": "Máy chủ DNS hoặc các máy chủ mà AdGuard Home sẽ sử dụng cho các truy vấn về tài nguyên được phân phối cục bộ. Ví dụ: máy chủ này sẽ được sử dụng để phân giải tên máy khách của máy khách cho các máy khách có địa chỉ IP riêng. Nếu không được cài đặt, AdGuard Home sẽ tự động sử dụng trình phân giải DNS mặc định của bạn.",
    "local_ptr_placeholder": "Nhập một địa chỉ máy chủ trên mỗi dòng",
    "resolve_clients_title": "Kích hoạt cho phép phân giải ngược về địa chỉ IP của máy khách",
-    "resolve_clients_desc": "Nếu được bật, AdGuard Home sẽ cố gắng phân giải ngược lại địa chỉ IP của khách hàng thành tên máy chủ của họ bằng cách gửi các truy vấn PTR tới trình phân giải tương ứng (máy chủ DNS riêng cho máy khách cục bộ, máy chủ ngược dòng cho máy khách có địa chỉ IP công cộng).",
    "check_dhcp_servers": "Kiểm tra máy chủ DHCP",
-    "save_config": "Lưu thiết lập",
    "enabled_dhcp": "Máy chủ DHCP đã kích hoạt",
    "disabled_dhcp": "Máy chủ DHCP đã tắt",
    "unavailable_dhcp": "DHCP không khả dụng",
@@ -22,12 +16,10 @@
    "dhcp_description": "Nếu bộ định tuyến không trợ cài đặt DHCP, bạn có thể dùng máy chủ DHCP dựng sẵn của AdGuard",
    "dhcp_enable": "Bật máy chủ DHCP",
    "dhcp_disable": "Tắt máy chủ DHCP",
-    "dhcp_not_found": "Không  có máy chủ DHCP nào được tìm thấy trong mạng. Có thể bật máy chủ DHCP một cách an toàn",
    "dhcp_found": "Đã tìm thấy máy chủ DHCP trong mạng. Có thể có rủi ro nếu kích hoạt máy chủ DHCP dựng sẵn",
    "dhcp_leases": "Thuê DHCP",
    "dhcp_static_leases": "Thuê DHCP tĩnh",
    "dhcp_leases_not_found": "Không tìm thấy DHCP cho thuê",
-    "dhcp_config_saved": "Đã lưu cấu hình máy chủ DHCP",
    "dhcp_ipv4_settings": "Cài đặt DHCP IPv4",
    "dhcp_ipv6_settings": "Cài đặt DHCP IPv6",
    "form_error_required": "Trường bắt buộc",
@@ -37,7 +29,6 @@
    "form_error_mac_format": "Định dạng MAC không hợp lệ",
    "form_error_client_id_format": "Định dạng client ID không hợp lệ",
    "form_error_server_name": "Tên máy chủ không hợp lệ",
-    "form_error_subnet": "Mạng con \"{{cidr}}\" không chứa địa chỉ IP \"{{ip}}\"",
    "form_error_positive": "Phải lớn hơn 0",
    "form_error_negative": "Phải lớn hơn hoặc bằng 0",
    "range_end_error": "Phải lớn hơn khoảng bắt đầu",
@@ -54,16 +45,11 @@
    "ip": "IP",
    "dhcp_table_hostname": "Tên máy chủ",
    "dhcp_table_expires": "Hết hạn",
-    "dhcp_warning": "Nếu bạn vẫn muốn bật máy chủ DHCP, hãy đảm bảo rằng không có máy chủ DHCP hoạt động nào khác trong mạng của bạn. Nếu không, nó có thể phá vỡ Internet cho các thiết bị được kết nối!",
-    "dhcp_error": "Chúng tôi không thể xác định liệu có một máy chủ DHCP khác trong mạng hay không.",
-    "dhcp_static_ip_error": "Để sử dụng máy chủ DHCP, phải đặt địa chỉ IP tĩnh. Chúng tôi không thể xác định xem giao diện mạng này có được cấu hình bằng địa chỉ IP tĩnh hay không. Vui lòng đặt địa chỉ IP tĩnh theo cách thủ công.",
-    "dhcp_dynamic_ip_found": "Hệ thống của bạn sử dụng cấu hình địa chỉ IP động cho giao diện <0>{{interfaceName}}</0>. Để sử dụng máy chủ DHCP, phải đặt địa chỉ IP tĩnh. Địa chỉ IP hiện tại của bạn là <0>{{ipAddress}}</0>. Chúng tôi sẽ tự động đặt địa chỉ IP này thành tĩnh nếu bạn nhấn nút Bật DHCP.",
    "dhcp_lease_added": "Cho thuê tĩnh \"{{key}}\" đã được thêm thành công",
    "dhcp_lease_deleted": "Cho thuê tĩnh \"{{key}}\" đã xóa thành công",
    "dhcp_new_static_lease": "Cho thuê tĩnh mới",
    "dhcp_static_leases_not_found": "Không tìm thấy DHCP cho thuê tĩnh",
    "dhcp_add_static_lease": "Thêm thuê tĩnh",
-    "dhcp_reset": "Bạn có chắc chắn muốn đặt lại thiết lập DHCP?",
    "country": "Quốc gia",
    "city": "Thành phố",
    "delete_confirm": "Bạn có chắc chắn muốn xóa \"{{key}}\" không?",
@@ -110,14 +96,7 @@
    "top_clients": "Người dùng hàng đầu",
    "no_clients_found": "Không có người dùng",
    "general_statistics": "Thống kê chung",
-    "number_of_dns_query_days": "Một số truy vấn DNS được xử lý trong {{count}} ngày qua",
-    "number_of_dns_query_days_plural": "Một số truy vấn DNS được xử lý trong {{count}} ngày qua",
-    "number_of_dns_query_24_hours": "Số yêu cầu DNS đã xử lý trong 24 giờ qua",
-    "number_of_dns_query_blocked_24_hours": "Số yêu cầu DNS bị chặn bởi bộ lọc quảng cáo và danh sách chặn host",
-    "number_of_dns_query_blocked_24_hours_by_sec": "Số yêu cầu DNS bị chặn bởi chế độ bảo vệ duyệt web AdGuard",
-    "number_of_dns_query_blocked_24_hours_adult": "Số trang web người lớn đã chặn",
    "enforced_save_search": "Bắt buộc tìm kiếm an toàn",
-    "number_of_dns_query_to_safe_search": "Số yêu cầu DNS tới công cụ tìm kiếm đã chuyển thành tìm kiếm an toàn",
    "average_processing_time": "Thời gian xử lý trung bình",
    "average_processing_time_hint": "Thời gian trung bình cho một yêu cầu DNS tính bằng mili giây",
    "block_domain_use_filters_and_hosts": "Chặn tên miền sử dụng các bộ lọc và file hosts",
@@ -127,7 +106,6 @@
    "use_adguard_parental": "Sử dụng dịch vụ quản lý của phụ huynh AdGuard",
    "use_adguard_parental_hint": "AdGuard Home sẽ kiểm tra nếu tên miền chứa từ khoá người lớn. Tính năng sử dụng API thân thiện với quyền riêng tư tương tự với dịch vụ bảo vệ duyệt web",
    "enforce_safe_search": "Bắt buộc tìm kiếm an toàn",
-    "enforce_save_search_hint": "AdGuard Home có thể bắt buộc tìm kiếm an toàn với các dịch vụ tìm kiếm: Google, Youtube, Bing, Yandex.",
    "no_servers_specified": "Không có máy chủ nào được liệt kê",
    "general_settings": "Cài đặt chung",
    "dns_settings": "Cài đặt DNS",
@@ -139,7 +117,6 @@
    "encryption_settings": "Cài đặt mã hóa",
    "dhcp_settings": "Cài đặt DHCP",
    "upstream_dns": "Máy chủ DNS tìm kiếm",
-    "upstream_dns_help": "Nhập địa chỉ máy chủ một trên mỗi dòng. <a>Tìm hiểu thêm</a> về cách định cấu hình máy chủ DNS ngược dòng.",
    "upstream_dns_configured_in_file": "Cấu hình tại {{path}}",
    "test_upstream_btn": "Kiểm tra",
    "upstreams": "Nguồn",
@@ -268,7 +245,6 @@
    "rate_limit": "Giới hạn yêu cầu",
    "edns_enable": "Bật mạng con EDNS Client",
    "edns_cs_desc": "Nếu được bật, AdGuard Home sẽ gửi các mạng con của khách hàng đến các máy chủ DNS.",
-    "rate_limit_desc": "Số lượng yêu cầu mỗi giây mà một khách hàng được phép thực hiện (0: không giới hạn)",
    "blocking_ipv4_desc": "Địa chỉ IP được trả lại cho một yêu cầu A bị chặn",
    "blocking_ipv6_desc": "Địa chỉ IP được trả lại cho một yêu cầu AAA bị chặn",
    "blocking_mode_default": "Mặc định: Trả lời với NXDOMAIN khi bị chặn bởi quy tắc kiểu Adblock; phản hồi với địa chỉ IP được chỉ định trong quy tắc khi bị chặn bởi quy tắc / etc / hosts-style",
@@ -281,7 +257,6 @@
    "source_label": "Nguồn",
    "found_in_known_domain_db": "Tìm thấy trong cơ sở dữ liệu tên miền",
    "category_label": "Thể loại",
-    "rule_label": "Quy tắc",
    "list_label": "Danh sách",
    "unknown_filter": "Bộ lọc không rõ {{filterId}}",
    "known_tracker": "Theo dõi đã biết",
@@ -291,7 +266,6 @@
    "install_settings_listen": "Giao diện nghe",
    "install_settings_port": "Cổng",
    "install_settings_interface_link": "Giao diện web quản trị viên AdGuard Home của bạn sẽ có sẵn trên các địa chỉ sau:",
-    "form_error_port": "Nhập giá trị cổng hợp lệ",
    "install_settings_dns": "Máy chủ DNS",
    "install_settings_dns_desc": "Bạn sẽ cần định cấu hình thiết bị hoặc bộ định tuyến của mình để sử dụng máy chủ DNS trên các địa chỉ sau:",
    "install_settings_all_interfaces": "Tất cả các giao diện",
@@ -306,12 +280,12 @@
    "install_devices_title": "Định cấu hình thiết bị của bạn",
    "install_devices_desc": "Để bắt đầu sử dụng AdGuard Home, bạn cần định cấu hình thiết bị của mình để sử dụng nó.",
    "install_submit_title": "Xin chúc mừng!",
+    "install_submit_desc": "Quy trình thiết lập đã kết thúc và bạn đã sẵn sàng bắt đầu sử dụng AdGuard Home.",
    "install_devices_router": "Bộ định tuyến",
+    "install_devices_router_desc": "Thiết lập này sẽ tự động bao gồm tất cả các thiết bị được kết nối với bộ định tuyến gia đình của bạn và bạn sẽ không cần phải định cấu hình từng thiết bị theo cách thủ công.",
    "install_devices_address": "Máy chủ DNS của AdGuard Home đang lắng nghe các địa chỉ sau",
-    "install_devices_router_list_1": "Mở tùy chọn cho bộ định tuyến của bạn. Thông thường, bạn có thể truy cập nó từ trình duyệt của mình thông qua một URL, chẳng hạn như http://192.168.0.1/ hoặc http://192.168.1.1/. Bạn có thể được nhắc nhập mật khẩu. Nếu bạn không nhớ nó, bạn có thể đặt lại mật khẩu bằng cách nhấn nút khởi động lại trên chính bộ định tuyến, nhưng lưu ý rằng nếu khởi động lại, bạn có thể sẽ mất toàn bộ cấu hình bộ định tuyến. Một số bộ định tuyến sẽ yêu cầu đăng nhập từ một ứng dụng cụ thể đã được cài đặt trên máy tính hoặc điện thoại của bạn.",
    "install_devices_router_list_2": "Tìm cài đặt DHCP/DNS. Tìm các chữ cái DNS bên cạnh một trường cho phép hai hoặc ba bộ số, mỗi bộ được chia thành bốn nhóm từ một đến ba chữ số.",
    "install_devices_router_list_3": "Nhập địa chỉ máy chủ AdGuard Home của bạn ở đó.",
-    "install_devices_router_list_4": "Bạn không thể đặt máy chủ DNS tùy chỉnh trên một số loại bộ định tuyến. Trong trường hợp này, có thể hữu ích nếu bạn thiết lập AdGuard Home làm <0> máy chủ DHCP </0>. Nếu không, bạn nên tìm kiếm hướng dẫn về cách tùy chỉnh máy chủ DNS cho kiểu bộ định tuyến cụ thể của mình.",
    "install_devices_windows_list_1": "Mở Control Panel thông qua Trình đơn Bắt đầu hoặc Tìm kiếm Windows.",
    "install_devices_windows_list_2": "Chuyển đến danh mục Mạng và Internet, sau đó đến Trung tâm Mạng và Chia sẻ.",
    "install_devices_windows_list_3": "Ở bên trái màn hình, tìm Thay đổi cài đặt bộ điều hợp và nhấp vào nó.",
@@ -326,6 +300,7 @@
    "install_devices_android_list_2": "Nhấp Wi-Fi trên trình đơn. Màn hình liệt kê tất cả các mạng khả dụng sẽ được hiển thị (không thể đặt DNS tùy chỉnh cho kết nối di động).",
    "install_devices_android_list_3": "Nhấn và giữ mạng mà bạn đã kết nối và chạm Sửa Đổi Mạng.",
    "install_devices_android_list_4": "Trên một số thiết bị, bạn có thể cần chọn hộp Nâng cao để xem thêm cài đặt. Để điều chỉnh cài đặt DNS Android của bạn, bạn sẽ cần chuyển cài đặt IP từ DHCP sang Tĩnh.",
+    "install_devices_android_list_5": "Thay đổi giá trị DNS 1 và DNS 2 thành địa chỉ máy chủ AdGuard Home của bạn.",
    "install_devices_ios_list_1": "Từ màn hình chính, chạm Cài đặt.",
    "install_devices_ios_list_2": "Chọn Wi-Fi trong trình đơn bên trái (không thể định cấu hình DNS cho mạng di động).",
    "install_devices_ios_list_3": "Chạm vào tên của mạng hiện đang hoạt động.",
@@ -336,10 +311,8 @@
    "install_saved": "Lưu thành công",
    "encryption_title": "Mã hóa",
    "encryption_desc": "Hỗ trợ mã hóa (HTTPS/TLS) cho cả giao diện web quản trị viên và DNS",
-    "encryption_config_saved": "Đã lưu cấu hình mã hóa",
    "encryption_server": "Tên máy chủ",
    "encryption_server_enter": "Nhập tên miền của bạn",
-    "encryption_server_desc": "Để sử dụng HTTPS, bạn cần nhập tên máy chủ phù hợp với chứng chỉ SSL của bạn. Nếu trường này bị bỏ trống, nó sẽ chấp nhận kết nối TLS với tất cả tên miền.",
    "encryption_redirect": "Tự động chuyển hướng đến HTTPS",
    "encryption_redirect_desc": "Nếu được chọn, AdGuard Home sẽ tự động chuyển hướng bạn từ địa chỉ HTTP sang địa chỉ HTTPS.",
    "encryption_https": "Cổng HTTPS",
@@ -367,13 +340,10 @@
    "encryption_reset": "Bạn có chắc chắn muốn đặt lại cài đặt mã hóa?",
    "topline_expiring_certificate": "Chứng chỉ SSL của bạn sắp hết hạn. Cập nhật <0>Cài đặt mã hóa</0>.",
    "topline_expired_certificate": "Chứng chỉ SSL của bạn đã hết hạn. Cập nhật <0>Cài đặt mã hóa</0>.",
-    "form_error_port_range": "Nhập giá trị cổng trong phạm vi 80-65535",
    "form_error_port_unsafe": "Đây là một cổng không an toàn",
-    "form_error_equal": "Không nên bằng nhau",
    "form_error_password": "Mật khẩu không khớp",
    "reset_settings": "Đặt lại cài đặt",
    "update_announcement": "AdGuard Home {{version}} hiện có sẵn! <0>Chạm vào đây</0> để biết thêm thông tin.",
-    "setup_guide": "Hướng dẫn thiết lập",
    "dns_addresses": "Địa chỉ DNS",
    "dns_start": "Máy chủ DNS đang khởi động",
    "dns_status_error": "Có lỗi khi kiểm tra trạng thái máy chủ DNS",
@@ -396,7 +366,6 @@
    "client_identifier": "Định danh",
    "ip_address": "Địa chỉ IP",
    "form_enter_ip": "Nhập IP",
-    "form_enter_subnet_ip": "Nhập địa chỉ IP vào mạng con \"{{cidr}}\"",
    "form_enter_mac": "Nhập MAC",
    "form_enter_id": "Nhập định danh",
    "form_add_id": "Thêm định danh",
@@ -549,7 +518,6 @@
    "set_static_ip": "Thiết lập địa chỉ IP tĩnh",
    "install_static_ok": "Địa chỉ IP tĩnh đã được thiết lập",
    "install_static_error": "AdGuard Home không thể cấu hình tự động cho giao diện mạng này. Vui lòng tìm hướng dẫn về cách thực hiện việc này theo cách thủ công.",
-    "install_static_configure": "Chúng tôi đã phát hiện thấy rằng một địa chỉ IP động được sử dụng - <0> {{ip}} </0>. Bạn có muốn sử dụng nó làm địa chỉ tĩnh của mình không?",
    "confirm_static_ip": "AdGuard Home sẽ lấy {{ip}} làm địa chỉ IP tĩnh. Bạn có muốn tiếp tục?",
    "list_updated": "Đã cập nhật {{count}} bộ lọc",
    "list_updated_plural": "Đã cập nhật {{count}} bộ lọc",
@@ -584,9 +552,9 @@
    "filter_category_regional": "Khu vực",
    "filter_category_other": "Khác",
    "filter_category_general_desc": "Bộ lọc chặn quảng cáo và theo dõi cho hầu hết các thiết bị",
+    "filter_category_security_desc": "Bộ lọc chuyên biệt chặn tên miền chứa mã độc và lừa đảo",
    "filter_category_regional_desc": "Bộ lọc tập trung vào từng khu vực",
    "filter_category_other_desc": "Bộ lọc chặn khác",
-    "setup_config_to_enable_dhcp_server": "Thiết lập cấu hình để bật máy chủ DHCP",
    "original_response": "Phản hồi gốc",
    "click_to_view_queries": "Nhấp để xem truy xuất",
    "port_53_faq_link": "Cổng 53 thường được sử dụng \"DNSStubListener\" hoặc \"systemd-resolved\". Vui lòng đọc <0>hướng dẫn</0> để giải quyết vấn đề này.",
--- a/client/src/__locales/zh-cn.json
+++ b/client/src/__locales/zh-cn.json
@@ -8,13 +8,11 @@
    "load_balancing_desc": "一次查询一台服务器。AdGuard Home 将使用加权随机算法来选择服务器，以便更常使用最快的服务器。",
    "bootstrap_dns": "Bootstrap DNS 服务器",
    "bootstrap_dns_desc": "Bootstrap DNS 服务器用于解析您指定为上游的 DoH / DoT 解析器的 IP 地址。",
-    "local_ptr_title": "私人反向 DNS 服务器",
+    "local_ptr_title": "私人 DNS 服务器",
    "local_ptr_desc": "AdGuard Home 用于本地 PTR 查询的 DNS 服务器。例如，该服务器将被用于解析具有私人 IP 地址的客户机的主机名，比如 \"192.168.12.34\"，使用 rDNS 。如果没有设置，AdGuard Home 将自动使用您的默认 DNS 解析器。",
    "local_ptr_placeholder": "每行输入一个服务器地址",
    "resolve_clients_title": "启用客户端的 IP 地址的反向解析",
    "resolve_clients_desc": "如果启用，AdGuard Home 将尝试通过发送 PTR 查询到对应的解析器 (本地客户端的私人 DNS 服务器，公有 IP 客户端的上游服务器) 将 IP 地址反向解析成其客户端主机名。",
-    "use_private_ptr_resolvers_title": "使用私人 rDNS 解析器",
-    "use_private_ptr_resolvers_desc": "使用这些上游服务器对本地服务的地址执行反向DNS查找。 如果禁用，则AdGuard Home会以NXDOMAIN响应所有此类PTR请求，但从DHCP、/ etc / hosts等获知的客户端除外。",
    "check_dhcp_servers": "检查 DHCP 服务器",
    "save_config": "保存配置",
    "enabled_dhcp": "DHCP 服务器已启用",
--- a/client/src/__locales/zh-tw.json
+++ b/client/src/__locales/zh-tw.json
@@ -8,13 +8,11 @@
    "load_balancing_desc": "每次查詢一個上游伺服器。AdGuard Home 將使用加權隨機的演算法來選擇伺服器，以便最快的伺服器被更常使用。",
    "bootstrap_dns": "自我啟動（Bootstrap）DNS 伺服器",
    "bootstrap_dns_desc": "自我啟動（Bootstrap）DNS 伺服器被用於解析您明確指定作為上游的 DoH/DoT 解析器之 IP 位址。",
-    "local_ptr_title": "私人反向的 DNS 伺服器",
+    "local_ptr_title": "私人 DNS 伺服器",
    "local_ptr_desc": "AdGuard Home 用於區域指標（PTR）查詢之 DNS 伺服器。這些伺服器被用於解析含私人 IP 位址的用戶端之主機名稱，例如，\"192.168.12.34\"，使用反向的 DNS（rDNS）。如果未被設定，AdGuard Home 使用您的作業系統之預設 DNS 解析器。",
    "local_ptr_placeholder": "每行輸入一個伺服器位址",
    "resolve_clients_title": "啟用用戶端的 IP 位址之反向的解析",
    "resolve_clients_desc": "如果被啟用，透過傳送指標（PTR）查詢到對應的解析器（私人 DNS 伺服器供區域的用戶端，上游的伺服器供有公共 IP 位址的用戶端），AdGuard Home 將試圖反向地解析用戶端的 IP 位址變為它們的主機名稱。",
-    "use_private_ptr_resolvers_title": "使用私人反向的 DNS（rDNS）解析器",
-    "use_private_ptr_resolvers_desc": "對於正使用這些上游伺服器之區域服務的位址執行反向的 DNS 查找。如果被禁用，除已知來自 DHCP、/etc/hosts 等等的用戶端之外，AdGuard Home 對於所有此類的區域指標（PTR）請求以 NXDOMAIN 回覆。",
    "check_dhcp_servers": "檢查動態主機設定協定（DHCP）伺服器",
    "save_config": "儲存配置",
    "enabled_dhcp": "動態主機設定協定（DHCP）伺服器被啟用",
@@ -311,7 +309,7 @@
    "install_submit_title": "恭喜！",
    "install_submit_desc": "該設置程序被完成，且您準備好開始使用 AdGuard Home。",
    "install_devices_router": "路由器",
-    "install_devices_router_desc": "此設置將自動地涵蓋所有被連線到您的家庭路由器之裝置，而您將無需手動地配置它們。",
+    "install_devices_router_desc": "此設置將自動地涵蓋所有被連線至您的家庭路由器之裝置，且您將無需手動地配置它們每個。",
    "install_devices_address": "AdGuard Home DNS 伺服器正在監聽下列的位址",
    "install_devices_router_list_1": "開啟用於您的路由器之偏好設定。通常地，您可透過網址，諸如 http://192.168.0.1/ 或 http://192.168.1.1/，從您的瀏覽器中存取它。您可能被提醒輸入密碼。如果您不記得它，您經常可透過按壓於該路由器本身上的按鈕來重置密碼，但請明白如果此步驟被選擇，您將可能失去整個路由器配置。如果您的路由器需要應用程式去設置它，請於您的手機或個人電腦上安裝該應用程式，並使用它來存取該路由器的設定。",
    "install_devices_router_list_2": "找到 DHCP/DNS 設定。尋找緊鄰著允許兩組或三組數字集的欄位之 DNS 字母，每組被拆成四個含有一至三個數字的群集。",
@@ -331,7 +329,7 @@
    "install_devices_android_list_2": "於該選單上輕觸 Wi-Fi。正在列出所有可用的網路之畫面將被顯示（不可能為行動連線設定自訂的 DNS）。",
    "install_devices_android_list_3": "長按您所連線至的網路，然後輕觸修改網路。",
    "install_devices_android_list_4": "於某些裝置上，您可能需要檢查關於進階的方框以查看進一步的設定。為了調整您的 Android DNS 設定，您將需要把 IP 設定從 DHCP 轉換成靜態。",
-    "install_devices_android_list_5": "更改 DNS 1 和 DNS 2 值為您的 AdGuard Home 伺服器位址。",
+    "install_devices_android_list_5": "更改 DNS 1 和 DNS 2 位置的值為您的 AdGuard Home 伺服器位址。",
    "install_devices_ios_list_1": "從主畫面中，輕觸設定。",
    "install_devices_ios_list_2": "在左側的選單中選擇 Wi-Fi（不可能為行動網路配置 DNS）。",
    "install_devices_ios_list_3": "向目前現行的網路之名稱輕觸。",
@@ -593,7 +591,7 @@
    "filter_category_regional": "區域性的",
    "filter_category_other": "其它的",
    "filter_category_general_desc": "封鎖大多數朝向裝置的追蹤和廣告之清單",
-    "filter_category_security_desc": "特別地封鎖惡意、網路釣魚和詐騙的網域之清單",
+    "filter_category_security_desc": "專精於封鎖惡意軟體、網路釣魚或詐騙網域之清單",
    "filter_category_regional_desc": "專注於區域性的廣告和追蹤伺服器之清單",
    "filter_category_other_desc": "其它的封鎖清單",
    "setup_config_to_enable_dhcp_server": "設置配置以啟用 DHCP 伺服器",
--- a/client/src/components/Settings/Dns/Upstream/Form.js
+++ b/client/src/components/Settings/Dns/Upstream/Form.js
@@ -143,9 +143,6 @@ const Form = ({
    const upstream_dns = useSelector((store) => store.form[FORM_NAME.UPSTREAM].values.upstream_dns);
    const processingTestUpstream = useSelector((state) => state.settings.processingTestUpstream);
    const processingSetConfig = useSelector((state) => state.dnsConfig.processingSetConfig);
-    const defaultLocalPtrUpstreams = useSelector(
-        (state) => state.dnsConfig.default_local_ptr_upstreams,
-    );

    const handleUpstreamTest = () => dispatch(testUpstreamWithFormValues());

@@ -181,7 +178,7 @@ const Form = ({
                <Examples />
                <hr />
            </div>
-            <div className="col-12 mb-2">
+            <div className="col-12 mb-4">
                <label
                    className="form__label form__label--with-desc"
                    htmlFor="bootstrap_dns"
@@ -205,7 +202,7 @@ const Form = ({
            <div className="col-12">
                <hr />
            </div>
-            <div className="col-12">
+            <div className="col-12 mb-4">
                <label
                    className="form__label form__label--with-desc"
                    htmlFor="local_ptr"
@@ -215,14 +212,6 @@ const Form = ({
                <div className="form__desc form__desc--top">
                    <Trans>local_ptr_desc</Trans>
                </div>
-                <div className="form__desc form__desc--top">
-                    {/** TODO: Add internazionalization for "" */}
-                    {defaultLocalPtrUpstreams?.length > 0 ? (
-                        <Trans values={{ ip: defaultLocalPtrUpstreams.map((s) => `"${s}"`).join(', ') }}>local_ptr_default_resolver</Trans>
-                    ) : (
-                        <Trans>local_ptr_no_default_resolver</Trans>
-                    )}
-                </div>
                <Field
                    id="local_ptr_upstreams"
                    name="local_ptr_upstreams"
@@ -233,19 +222,6 @@ const Form = ({
                    disabled={processingSetConfig}
                    normalizeOnBlur={removeEmptyLines}
                />
-                <div className="mt-4">
-                    <Field
-                        name="use_private_ptr_resolvers"
-                        type="checkbox"
-                        component={CheckboxField}
-                        placeholder={t('use_private_ptr_resolvers_title')}
-                        subtitle={t('use_private_ptr_resolvers_desc')}
-                        disabled={processingSetConfig}
-                    />
-                </div>
-            </div>
-            <div className="col-12">
-                <hr />
            </div>
            <div className="col-12 mb-4">
                <Field
--- a/client/src/components/Settings/Dns/Upstream/index.js
+++ b/client/src/components/Settings/Dns/Upstream/index.js
@@ -14,7 +14,6 @@ const Upstream = () => {
        upstream_mode,
        resolve_clients,
        local_ptr_upstreams,
-        use_private_ptr_resolvers,
    } = useSelector((state) => state.dnsConfig, shallowEqual);

    const upstream_dns_file = useSelector((state) => state.dnsConfig.upstream_dns_file);
@@ -26,7 +25,6 @@ const Upstream = () => {
            upstream_mode,
            resolve_clients,
            local_ptr_upstreams,
-            use_private_ptr_resolvers,
        } = values;

        const dnsConfig = {
@@ -34,7 +32,6 @@ const Upstream = () => {
            upstream_mode,
            resolve_clients,
            local_ptr_upstreams,
-            use_private_ptr_resolvers,
            ...(upstream_dns_file ? null : { upstream_dns }),
        };

@@ -56,7 +53,6 @@ const Upstream = () => {
                        upstream_mode,
                        resolve_clients,
                        local_ptr_upstreams,
-                        use_private_ptr_resolvers,
                    }}
                    onSubmit={handleSubmit}
                />
--- a/go.mod
+++ b/go.mod
@@ -1,35 +1,43 @@
 module github.com/AdguardTeam/AdGuardHome

-go 1.16
+go 1.15

 require (
 	github.com/AdguardTeam/dnsproxy v0.37.4
-	github.com/AdguardTeam/golibs v0.8.0
+	github.com/AdguardTeam/golibs v0.5.0
 	github.com/AdguardTeam/urlfilter v0.14.5
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.1.3
 	github.com/digineo/go-ipset/v2 v2.2.1
 	github.com/fsnotify/fsnotify v1.4.9
-	github.com/go-ping/ping v0.0.0-20210506233800-ff8be3320020
+	github.com/go-ping/ping v0.0.0-20210216210419-25d1413fb7bb
+	github.com/gobuffalo/envy v1.9.0 // indirect
+	github.com/gobuffalo/packr v1.30.1
+	github.com/gobuffalo/packr/v2 v2.8.1 // indirect
 	github.com/google/go-cmp v0.5.5 // indirect
-	github.com/google/renameio v1.0.1
+	github.com/google/renameio v1.0.1-0.20210406141108-81588dbe0453
 	github.com/insomniacslk/dhcp v0.0.0-20210310193751-cfd4d47082c2
 	github.com/kardianos/service v1.2.0
+	github.com/karrick/godirwalk v1.16.1 // indirect
 	github.com/lucas-clemente/quic-go v0.20.1
 	github.com/mdlayher/netlink v1.4.0
-	github.com/mdlayher/raw v0.0.0-20210412142147-51b895745faf // indirect
-	github.com/miekg/dns v1.1.42
+	github.com/miekg/dns v1.1.40
+	github.com/rogpeppe/go-internal v1.7.0 // indirect
 	github.com/satori/go.uuid v1.2.0
-	github.com/stretchr/objx v0.1.1 // indirect
+	github.com/sirupsen/logrus v1.8.1 // indirect
+	github.com/spf13/cobra v1.1.3 // indirect
 	github.com/stretchr/testify v1.7.0
 	github.com/ti-mo/netfilter v0.4.0
 	go.etcd.io/bbolt v1.3.5
-	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
-	golang.org/x/net v0.0.0-20210510120150-4163338589ed
-	golang.org/x/sys v0.0.0-20210514084401-e8d321eab015
+	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83
+	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
+	golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44
+	golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect
+	golang.org/x/text v0.3.5 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 	gopkg.in/yaml.v2 v2.4.0
 	howett.net/plist v0.0.0-20201203080718-1454fab16a06
 )

-replace github.com/insomniacslk/dhcp => github.com/AdguardTeam/dhcp v0.0.0-20210519141215-51808c73c0bf
+replace github.com/insomniacslk/dhcp => github.com/AdguardTeam/dhcp v0.0.0-20210517101438-550ef4cd8c6e
--- a/go.sum
+++ b/go.sum
@@ -2,59 +2,95 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT
 cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU=
 dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
-github.com/AdguardTeam/dhcp v0.0.0-20210519141215-51808c73c0bf h1:gc042VRSIRSUzZ+Px6xQCRWNJZTaPkomisDfUZmoFNk=
-github.com/AdguardTeam/dhcp v0.0.0-20210519141215-51808c73c0bf/go.mod h1:TKl4jN3Voofo4UJIicyNhWGp/nlQqQkFxmwIFTvBkKI=
+github.com/AdguardTeam/dhcp v0.0.0-20210517101438-550ef4cd8c6e h1:M6YnFP12o0/SjBEPt6b2r8ZkIy/wsV14TK8X9Tb6DEE=
+github.com/AdguardTeam/dhcp v0.0.0-20210517101438-550ef4cd8c6e/go.mod h1:TKl4jN3Voofo4UJIicyNhWGp/nlQqQkFxmwIFTvBkKI=
 github.com/AdguardTeam/dnsproxy v0.37.4 h1:YIoJkIp828LKmmmgxXvZHUKfGLsqTQAK8g+4DXbDbyU=
 github.com/AdguardTeam/dnsproxy v0.37.4/go.mod h1:xkJWEuTr550gPDmB9azsciKZzSXjf9wMn+Ji54PQ4gE=
 github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.4.4/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
-github.com/AdguardTeam/golibs v0.8.0 h1:rHo+yIgT2fivFG0yW2Cwk/DPc2+t/Aw6QvzPpiIFre0=
-github.com/AdguardTeam/golibs v0.8.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
+github.com/AdguardTeam/golibs v0.5.0 h1:qwhEKjDrT0UcwDnHrNU2Yg/DLR9b/GsUncnXYW6VzAU=
+github.com/AdguardTeam/golibs v0.5.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU=
 github.com/AdguardTeam/urlfilter v0.14.5 h1:WyF0hg0MwKevsqNPkoaZFH8f5WRi/yuy/7qePtYt5Ts=
 github.com/AdguardTeam/urlfilter v0.14.5/go.mod h1:klx4JbOfc4EaNb5lWLqOwfg+pVcyRukmoJRvO55lL5U=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d h1:G0m3OIz70MZUWq3EgK3CesDbo8upS2Vm9/P3FtgI+Jk=
 github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635/go.mod h1:lmLxL+FV291OopO93Bwf9fQLQeLyt33VJRUg5VJ30us=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/ameshkov/dnscrypt/v2 v2.1.3 h1:DG4Uf7LSDg6XDj9sp3maxh3Ur26jeGQaP5MeYosn6v0=
 github.com/ameshkov/dnscrypt/v2 v2.1.3/go.mod h1:+8SbPbVXpxxcUsgGi8eodkqWPo1MyNHxKYC8hDpqLSo=
 github.com/ameshkov/dnsstamps v1.0.1/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A=
 github.com/ameshkov/dnsstamps v1.0.3 h1:Srzik+J9mivH1alRACTbys2xOxs0lRH9qnTA7Y1OYVo=
 github.com/ameshkov/dnsstamps v1.0.3/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
+github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
+github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
+github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
+github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/beefsack/go-rate v0.0.0-20200827232406-6cde80facd47 h1:M57m0xQqZIhx7CEJgeLSvRFKEK1RjzRuIXiA3HfYU7g=
 github.com/beefsack/go-rate v0.0.0-20200827232406-6cde80facd47/go.mod h1:6YNgTHLutezwnBvyneBbwvB8C82y3dcoOj5EQJIdGXA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
 github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
 github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cheekybits/genny v1.0.0 h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE=
 github.com/cheekybits/genny v1.0.0/go.mod h1:+tQajlRqAUrPI7DOSpB0XAqZYtQakVtB7wXkRAgjxjQ=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
+github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
+github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/digineo/go-ipset/v2 v2.2.1 h1:k6skY+0fMqeUjjeWO/m5OuWPSZUAn7AucHMnQ1MX77g=
 github.com/digineo/go-ipset/v2 v2.2.1/go.mod h1:wBsNzJlZlABHUITkesrggFnZQtgW5wkqw1uo8Qxe0VU=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/fanliao/go-promise v0.0.0-20141029170127-1890db352a72/go.mod h1:PjfxuH4FZdUyfMdtBio2lsRr1AKEaVPwelzuHuh8Lqc=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
@@ -63,17 +99,39 @@ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-ole/go-ole v1.2.4 h1:nNBDSCOigTSiarFpYE9J/KtEA1IOW4CNeqT9TQDqCxI=
 github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM=
-github.com/go-ping/ping v0.0.0-20210506233800-ff8be3320020 h1:mdi6AbCEoKCA1xKCmp7UtRB5fvGFlP92PvlhxgdvXEw=
-github.com/go-ping/ping v0.0.0-20210506233800-ff8be3320020/go.mod h1:KmHOjTUmJh/l04ukqPoBWPEZr9jwN05h5NXQl5C+DyY=
+github.com/go-ping/ping v0.0.0-20210216210419-25d1413fb7bb h1:2opwLSXqxE0Za64PdpskXuvLYDj/XHQAD8tLcYpSlvY=
+github.com/go-ping/ping v0.0.0-20210216210419-25d1413fb7bb/go.mod h1:35JbSyV/BYqHwwRA6Zr1uVDm1637YlNOU61wI797NPI=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-test/deep v1.0.5 h1:AKODKU3pDH1RzZzm6YZu77YWtEAq6uh1rLIAQlay2qc=
 github.com/go-test/deep v1.0.5/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8=
+github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
+github.com/gobuffalo/envy v1.9.0 h1:eZR0DuEgVLfeIb1zIKt3bT4YovIMf9O9LXQeCZLXpqE=
+github.com/gobuffalo/envy v1.9.0/go.mod h1:FurDp9+EDPE4aIUS3ZLyD+7/9fpx7YRt/ukY6jIHf0w=
+github.com/gobuffalo/logger v1.0.0/go.mod h1:2zbswyIUa45I+c+FLXuWl9zSWEiVuthsk8ze5s8JvPs=
+github.com/gobuffalo/logger v1.0.3 h1:YaXOTHNPCvkqqA7w05A4v0k2tCdpr+sgFlgINbQ6gqc=
+github.com/gobuffalo/logger v1.0.3/go.mod h1:SoeejUwldiS7ZsyCBphOGURmWdwUFXs0J7TCjEhjKxM=
+github.com/gobuffalo/packd v0.3.0/go.mod h1:zC7QkmNkYVGKPw4tHpBQ+ml7W/3tIebgeo1b36chA3Q=
+github.com/gobuffalo/packd v1.0.0 h1:6ERZvJHfe24rfFmA9OaoKBdC7+c9sydrytMg8SdFGBM=
+github.com/gobuffalo/packd v1.0.0/go.mod h1:6VTc4htmJRFB7u1m/4LeMTWjFoYrUiBkU9Fdec9hrhI=
+github.com/gobuffalo/packr v1.30.1 h1:hu1fuVR3fXEZR7rXNW3h8rqSML8EVAf6KNm0NKO/wKg=
+github.com/gobuffalo/packr v1.30.1/go.mod h1:ljMyFO2EcrnzsHsN99cvbq055Y9OhRrIaviy289eRuk=
+github.com/gobuffalo/packr/v2 v2.5.1/go.mod h1:8f9c96ITobJlPzI44jj+4tHnEKNt0xXWSVlXRN9X1Iw=
+github.com/gobuffalo/packr/v2 v2.8.1 h1:tkQpju6i3EtMXJ9uoF5GT6kB+LMTimDWD8Xvbz6zDVA=
+github.com/gobuffalo/packr/v2 v2.8.1/go.mod h1:c/PLlOuTU+p3SybaJATW3H6lX/iK7xEz5OeMf+NnJpg=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/mock v1.5.0 h1:jlYHihg//f7RRwuPfptm04yp4s7O6Kw8EZiVYIGcH0g=
 github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
@@ -87,8 +145,10 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -102,18 +162,52 @@ github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+u
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/renameio v1.0.1 h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU=
-github.com/google/renameio v1.0.1/go.mod h1:t/HQoYBZSsWSNK35C6CO/TpPLDVWvxOHboWUAweKUpk=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/renameio v1.0.1-0.20210406141108-81588dbe0453 h1:vvZyWjAX9oDB+DWpMsZMyv6Q3NZtim2C5Zcdh+H0OmQ=
+github.com/google/renameio v1.0.1-0.20210406141108-81588dbe0453/go.mod h1:t/HQoYBZSsWSNK35C6CO/TpPLDVWvxOHboWUAweKUpk=
 github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
 github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
+github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw=
+github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
+github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
+github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
+github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
+github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
+github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
+github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
+github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
+github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
+github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
+github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8CrSJVmaolDVOxTfS9kc36uB6H40kdbQq8=
 github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714/go.mod h1:2Goc3h8EklBH5mspfHFxBnEoURQCGzQQH1ga9Myjvis=
+github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
+github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
+github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/joomcode/errorx v1.0.1/go.mod h1:kgco15ekB6cs+4Xjzo7SPeXzx38PbJzBwbnu9qfVNHQ=
 github.com/joomcode/errorx v1.0.3 h1:3e1mi0u7/HTPNdg6d6DYyKGBhA5l9XpsfuVE29NxnWw=
 github.com/joomcode/errorx v1.0.3/go.mod h1:eQzdtdlNyN7etw6YCS4W4+lu442waxZYw5yvz0ULrRo=
@@ -131,9 +225,18 @@ github.com/jsimonetti/rtnetlink v0.0.0-20210212075122-66c871082f2b/go.mod h1:8w9
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/kardianos/service v1.2.0 h1:bGuZ/epo3vrt8IPC7mnKQolqFeYJb7Cs8Rk4PSOBB/g=
 github.com/kardianos/service v1.2.0/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
+github.com/karrick/godirwalk v1.10.12/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
+github.com/karrick/godirwalk v1.15.8/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
+github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw=
+github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
+github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@@ -143,12 +246,22 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/lucas-clemente/quic-go v0.20.1 h1:hb5m76V8QS/8Nw/suHvXqo3BMHAozvIkcnzpJdpanSk=
 github.com/lucas-clemente/quic-go v0.20.1/go.mod h1:fZq/HUDIM+mW6X6wtzORjC0E/WDBMKe5Hf9bgjISwLk=
 github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
+github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
+github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI=
+github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc=
+github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY=
+github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI=
+github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=
+github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc=
 github.com/marten-seemann/qtls-go1-15 v0.1.4 h1:RehYMOyRW8hPVEja1KBVsFVNSm35Jj9Mvs5yNoZZ28A=
 github.com/marten-seemann/qtls-go1-15 v0.1.4/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I=
 github.com/marten-seemann/qtls-go1-16 v0.1.3 h1:XEZ1xGorVy9u+lJq+WXNE+hiqRYLNvJGYmwfwKQN2gU=
 github.com/marten-seemann/qtls-go1-16 v0.1.3/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk=
+github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/mdlayher/ethernet v0.0.0-20190606142754-0394541c37b7 h1:lez6TS6aAau+8wXUP3G9I3TGlmPFEq2CTxBaRqY6AGE=
 github.com/mdlayher/ethernet v0.0.0-20190606142754-0394541c37b7/go.mod h1:U6ZQobyTjI/tJyq2HG+i/dfSoFUt8/aZCM+GKtmFk/Y=
@@ -169,22 +282,31 @@ github.com/mdlayher/netlink v1.3.0/go.mod h1:xK/BssKuwcRXHrtN04UBkwQ6dY9VviGGuri
 github.com/mdlayher/netlink v1.4.0 h1:n3ARR+Fm0dDv37dj5wSWZXDKcy+U0zwcXS3zKMnSiT0=
 github.com/mdlayher/netlink v1.4.0/go.mod h1:dRJi5IABcZpBD2A3D0Mv/AiX8I9uDEu5oGkAVrekmf8=
 github.com/mdlayher/raw v0.0.0-20190606142536-fef19f00fc18/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg=
+github.com/mdlayher/raw v0.0.0-20191009151244-50f2db8cc065 h1:aFkJ6lx4FPip+S+Uw4aTegFMct9shDvP+79PsSxpm3w=
 github.com/mdlayher/raw v0.0.0-20191009151244-50f2db8cc065/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg=
-github.com/mdlayher/raw v0.0.0-20210412142147-51b895745faf h1:InctQoB89TIkmgIFQeIL4KXNvWc1iebQXdZggqPSwL8=
-github.com/mdlayher/raw v0.0.0-20210412142147-51b895745faf/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg=
 github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
+github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.35/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
+github.com/miekg/dns v1.1.40 h1:pyyPFfGMnciYUk/mXpKkVmeMQjfXqt3FAJ2hy7tPiLA=
 github.com/miekg/dns v1.1.40/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
-github.com/miekg/dns v1.1.42 h1:gWGe42RGaIqXQZ+r3WUGEKBEtvPHY2SXo4dqixDNxuY=
-github.com/miekg/dns v1.1.42/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
+github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
+github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
+github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
+github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
 github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA=
@@ -193,21 +315,43 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J
 github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
+github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
+github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
+github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.3.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.5.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.7.0 h1:3qqXGV8nn7GJT65debw77Dzrx9sfWYgP0DDo7xcMFRk=
+github.com/rogpeppe/go-internal v1.7.0/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/shirou/gopsutil v2.20.3+incompatible h1:0JVooMPsT7A7HqEYdydp/OfjSOYSjhXV7w1hkKj/NPQ=
 github.com/shirou/gopsutil v2.20.3+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
@@ -231,68 +375,131 @@ github.com/shurcooL/notifications v0.0.0-20181007000457-627ab5aea122/go.mod h1:b
 github.com/shurcooL/octicon v0.0.0-20181028054416-fa4f57f9efb2/go.mod h1:eWdoE5JD4R5UVWDucdOPg1g2fqQRq78IQa9zlOV1vpQ=
 github.com/shurcooL/reactions v0.0.0-20181006231557-f2e0b4ca5b82/go.mod h1:TCR1lToEk4d2s07G3XGfz2QrgHXg4RJBvjrOozvoWfk=
 github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4=
 github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
+github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=
 github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
+github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
+github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
+github.com/spf13/cobra v1.1.3 h1:xghbfqPkxzxP3C/f3n5DdpAbdKLj4ZE4BWQI362l53M=
+github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
+github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
+github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
+github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
 github.com/ti-mo/netfilter v0.2.0/go.mod h1:8GbBGsY/8fxtyIdfwy29JiluNcPK4K7wIT+x42ipqUU=
 github.com/ti-mo/netfilter v0.4.0 h1:rTN1nBYULDmMfDeBHZpKuNKX/bWEXQUhe02a/10orzg=
 github.com/ti-mo/netfilter v0.4.0/go.mod h1:V54q75mUx8CNA2JnFl+wv9iZ5+JP9nCcRlaFS5OZSRM=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/u-root/u-root v7.0.0+incompatible h1:u+KSS04pSxJGI5E7WE4Bs9+Zd75QjFv+REkjy/aoAc8=
 github.com/u-root/u-root v7.0.0+incompatible/go.mod h1:RYkpo8pTHrNjW08opNd/U6p/RJE7K0D8fXO0d47+3YY=
+github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
+github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
 github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
+github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
+github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
 golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191122220453-ac88ee75c92c/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc=
-golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
+golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 h1:/ZScEX8SfEmUGRHs0gxpqteO5nfNW6axyZbBdw9A12g=
+golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190419010253-1f3472d942ba/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
@@ -304,13 +511,13 @@ golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20201216054612-986b41b23924/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210510120150-4163338589ed h1:p9UgmWI9wKpfYmgaV/IZKGdXc5qEK45tDwwwDyjS26I=
-golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -321,9 +528,15 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -331,7 +544,13 @@ golang.org/x/sys v0.0.0-20190322080309-f49334f85ddc/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190411185658-b44545bcd369/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190418153312-f0ce4c0180be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190515120540-06a5c4944438/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606122018-79a91cf218c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -358,32 +577,46 @@ golang.org/x/sys v0.0.0-20210110051926-789bb1bd4061/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210123111255-9b0068b26619/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210216163648-f7da38b97c65/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210514084401-e8d321eab015 h1:hZR0X1kPW+nwyJ9xRxqZk1vx5RUObAPBdKVvXPDUH/E=
-golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44 h1:Bli41pIlzTzf3KEY06n+xnzK/BESIg2ze4Pgfh/aI8c=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE=
+golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ=
+golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190624180213-70d37148ca0c/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200308013534-11ec41452d41/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -392,21 +625,38 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T
 google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
 google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
 google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg=
 google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio=
 google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
@@ -417,17 +667,23 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
+gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -442,8 +698,11 @@ grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJd
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 howett.net/plist v0.0.0-20201203080718-1454fab16a06 h1:QDxUo/w2COstK1wIBYpzQlHX/NqaQTcf9jyz347nI58=
 howett.net/plist v0.0.0-20201203080718-1454fab16a06/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck=
 sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=
--- a/internal/agherr/agherr.go
+++ b/internal/agherr/agherr.go
@@ -0,0 +1,128 @@
+// Package agherr contains AdGuard Home's error handling helpers.
+package agherr
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/AdguardTeam/golibs/log"
+)
+
+// Error is the constant error type.
+type Error string
+
+// Error implements the error interface for Error.
+func (err Error) Error() (msg string) {
+	return string(err)
+}
+
+// manyError is an error containing several wrapped errors.  It is created to be
+// a simpler version of the API provided by github.com/joomcode/errorx.
+type manyError struct {
+	message    string
+	underlying []error
+}
+
+// Many wraps several errors and returns a single error.
+//
+// TODO(a.garipov): Add formatting to message.
+func Many(message string, underlying ...error) (err error) {
+	err = &manyError{
+		message:    message,
+		underlying: underlying,
+	}
+
+	return err
+}
+
+// Error implements the error interface for *manyError.
+func (e *manyError) Error() (msg string) {
+	switch len(e.underlying) {
+	case 0:
+		return e.message
+	case 1:
+		return fmt.Sprintf("%s: %s", e.message, e.underlying[0])
+	default:
+		b := &strings.Builder{}
+
+		// Ignore errors, since strings.(*Buffer).Write never returns
+		// errors.  We don't use aghstrings.WriteToBuilder here since
+		// this package should be importable for any other.
+		_, _ = fmt.Fprintf(b, "%s: %s (hidden: %s", e.message, e.underlying[0], e.underlying[1])
+		for _, u := range e.underlying[2:] {
+			// See comment above.
+			_, _ = fmt.Fprintf(b, ", %s", u)
+		}
+
+		// See comment above.
+		_, _ = b.WriteString(")")
+
+		return b.String()
+	}
+}
+
+// Unwrap implements the hidden errors.wrapper interface for *manyError.
+func (e *manyError) Unwrap() (err error) {
+	if len(e.underlying) == 0 {
+		return nil
+	}
+
+	return e.underlying[0]
+}
+
+// wrapper is a copy of the hidden errors.wrapper interface for tests, linting,
+// etc.
+type wrapper interface {
+	Unwrap() error
+}
+
+// Annotate annotates the error with the message, unless the error is nil.  This
+// is a helper function to simplify code like this:
+//
+//   func (f *foo) doStuff(s string) (err error) {
+//           defer func() {
+//                   if err != nil {
+//                           err = fmt.Errorf("bad foo string %q: %w", s, err)
+//                   }
+//           }()
+//
+//           // …
+//   }
+//
+// Instead, write:
+//
+//   func (f *foo) doStuff(s string) (err error) {
+//           defer agherr.Annotate("bad foo string %q: %w", &err, s)
+//
+//           // …
+//   }
+//
+// msg must contain the final ": %w" verb.
+//
+// TODO(a.garipov): Clearify the function usage.
+func Annotate(msg string, errPtr *error, args ...interface{}) {
+	if errPtr == nil {
+		return
+	}
+
+	err := *errPtr
+	if err != nil {
+		args = append(args, err)
+
+		*errPtr = fmt.Errorf(msg, args...)
+	}
+}
+
+// LogPanic is a convinient helper function to log a panic in a goroutine.  It
+// should not be used where proper error handling is required.
+func LogPanic(prefix string) {
+	if v := recover(); v != nil {
+		if prefix != "" {
+			log.Error("%s: recovered from panic: %v", prefix, v)
+
+			return
+		}
+
+		log.Error("recovered from panic: %v", v)
+	}
+}
--- a/internal/agherr/agherr_test.go
+++ b/internal/agherr/agherr_test.go
@@ -0,0 +1,160 @@
+package agherr
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"testing"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestError_Error(t *testing.T) {
+	testCases := []struct {
+		err  error
+		name string
+		want string
+	}{{
+		err:  Many("a"),
+		name: "simple",
+		want: "a",
+	}, {
+		err:  Many("a", errors.New("b")),
+		name: "wrapping",
+		want: "a: b",
+	}, {
+		err:  Many("a", errors.New("b"), errors.New("c"), errors.New("d")),
+		name: "wrapping several",
+		want: "a: b (hidden: c, d)",
+	}, {
+		err:  Many("a", Many("b", errors.New("c"), errors.New("d"))),
+		name: "wrapping wrapper",
+		want: "a: b: c (hidden: d)",
+	}}
+
+	for _, tc := range testCases {
+		assert.Equal(t, tc.want, tc.err.Error(), tc.name)
+	}
+}
+
+func TestError_Unwrap(t *testing.T) {
+	var _ wrapper = &manyError{}
+
+	const (
+		errSimple = iota
+		errWrapped
+		errNil
+	)
+
+	errs := []error{
+		errSimple:  errors.New("a"),
+		errWrapped: fmt.Errorf("err: %w", errors.New("nested")),
+		errNil:     nil,
+	}
+
+	testCases := []struct {
+		want    error
+		wrapped error
+		name    string
+	}{{
+		want:    errs[errSimple],
+		wrapped: Many("a", errs[errSimple]),
+		name:    "simple",
+	}, {
+		want:    errs[errWrapped],
+		wrapped: Many("b", errs[errWrapped]),
+		name:    "nested",
+	}, {
+		want:    errs[errNil],
+		wrapped: Many("c", errs[errNil]),
+		name:    "nil passed",
+	}, {
+		want:    nil,
+		wrapped: Many("d"),
+		name:    "nil not passed",
+	}}
+
+	for _, tc := range testCases {
+		assert.Equal(t, tc.want, errors.Unwrap(tc.wrapped), tc.name)
+	}
+}
+
+func TestAnnotate(t *testing.T) {
+	const s = "1234"
+	const wantMsg = `bad string "1234": test`
+
+	// Don't use const, because we can't take a pointer of a constant.
+	var errTest error = Error("test")
+
+	t.Run("nil", func(t *testing.T) {
+		var errPtr *error
+		assert.NotPanics(t, func() {
+			Annotate("bad string %q: %w", errPtr, s)
+		})
+	})
+
+	t.Run("non_nil", func(t *testing.T) {
+		errPtr := &errTest
+		assert.NotPanics(t, func() {
+			Annotate("bad string %q: %w", errPtr, s)
+		})
+
+		require.NotNil(t, errPtr)
+
+		err := *errPtr
+		require.Error(t, err)
+
+		assert.Equal(t, wantMsg, err.Error())
+	})
+
+	t.Run("defer", func(t *testing.T) {
+		f := func() (err error) {
+			defer Annotate("bad string %q: %w", &errTest, s)
+
+			return errTest
+		}
+
+		err := f()
+		require.Error(t, err)
+
+		assert.Equal(t, wantMsg, err.Error())
+	})
+}
+
+func TestLogPanic(t *testing.T) {
+	buf := &bytes.Buffer{}
+	aghtest.ReplaceLogWriter(t, buf)
+
+	t.Run("prefix", func(t *testing.T) {
+		const (
+			panicMsg        = "spooky!"
+			prefix          = "packagename"
+			errWithNoPrefix = "[error] recovered from panic: spooky!"
+			errWithPrefix   = "[error] packagename: recovered from panic: spooky!"
+		)
+
+		panicFunc := func(prefix string) {
+			defer LogPanic(prefix)
+
+			panic(panicMsg)
+		}
+
+		panicFunc("")
+		assert.Contains(t, buf.String(), errWithNoPrefix)
+		buf.Reset()
+
+		panicFunc(prefix)
+		assert.Contains(t, buf.String(), errWithPrefix)
+		buf.Reset()
+	})
+
+	t.Run("don't_panic", func(t *testing.T) {
+		require.NotPanics(t, func() {
+			defer LogPanic("")
+		})
+
+		assert.Empty(t, buf.String())
+	})
+}
--- a/internal/aghio/limitedreadcloser.go
+++ b/internal/aghio/limitedreadcloser.go
@@ -0,0 +1,59 @@
+// Package aghio contains extensions for io package's types and methods
+package aghio
+
+import (
+	"fmt"
+	"io"
+)
+
+// LimitReachedError records the limit and the operation that caused it.
+type LimitReachedError struct {
+	Limit int64
+}
+
+// Error implements error interface for LimitReachedError.
+// TODO(a.garipov): Think about error string format.
+func (lre *LimitReachedError) Error() string {
+	return fmt.Sprintf("attempted to read more than %d bytes", lre.Limit)
+}
+
+// limitedReadCloser is a wrapper for io.ReadCloser with limited reader and
+// dealing with agherr package.
+type limitedReadCloser struct {
+	limit int64
+	n     int64
+	rc    io.ReadCloser
+}
+
+// Read implements Reader interface.
+func (lrc *limitedReadCloser) Read(p []byte) (n int, err error) {
+	if lrc.n == 0 {
+		return 0, &LimitReachedError{
+			Limit: lrc.limit,
+		}
+	}
+	if int64(len(p)) > lrc.n {
+		p = p[0:lrc.n]
+	}
+	n, err = lrc.rc.Read(p)
+	lrc.n -= int64(n)
+	return n, err
+}
+
+// Close implements Closer interface.
+func (lrc *limitedReadCloser) Close() error {
+	return lrc.rc.Close()
+}
+
+// LimitReadCloser wraps ReadCloser to make it's Reader stop with
+// ErrLimitReached after n bytes read.
+func LimitReadCloser(rc io.ReadCloser, n int64) (limited io.ReadCloser, err error) {
+	if n < 0 {
+		return nil, fmt.Errorf("aghio: invalid n in LimitReadCloser: %d", n)
+	}
+	return &limitedReadCloser{
+		limit: n,
+		n:     n,
+		rc:    rc,
+	}, nil
+}
--- a/internal/aghio/limitedreadcloser_test.go
+++ b/internal/aghio/limitedreadcloser_test.go
@@ -3,6 +3,7 @@ package aghio
 import (
 	"fmt"
 	"io"
+	"io/ioutil"
 	"strings"
 	"testing"

@@ -10,7 +11,7 @@ import (
 	"github.com/stretchr/testify/require"
 )

-func TestLimitReader(t *testing.T) {
+func TestLimitReadCloser(t *testing.T) {
 	testCases := []struct {
 		want error
 		name string
@@ -24,20 +25,20 @@ func TestLimitReader(t *testing.T) {
 		name: "zero",
 		n:    0,
 	}, {
-		want: fmt.Errorf("aghio: invalid n in LimitReader: -1"),
+		want: fmt.Errorf("aghio: invalid n in LimitReadCloser: -1"),
 		name: "negative",
 		n:    -1,
 	}}

 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			_, err := LimitReader(nil, tc.n)
+			_, err := LimitReadCloser(nil, tc.n)
 			assert.Equal(t, tc.want, err)
 		})
 	}
 }

-func TestLimitedReader_Read(t *testing.T) {
+func TestLimitedReadCloser_Read(t *testing.T) {
 	testCases := []struct {
 		err   error
 		name  string
@@ -74,10 +75,10 @@ func TestLimitedReader_Read(t *testing.T) {

 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			readCloser := io.NopCloser(strings.NewReader(tc.rStr))
+			readCloser := ioutil.NopCloser(strings.NewReader(tc.rStr))
 			buf := make([]byte, tc.limit+1)

-			lreader, err := LimitReader(readCloser, tc.limit)
+			lreader, err := LimitReadCloser(readCloser, tc.limit)
 			require.NoError(t, err)

 			n, err := lreader.Read(buf)
@@ -87,7 +88,7 @@ func TestLimitedReader_Read(t *testing.T) {
 	}
 }

-func TestLimitedReader_LimitReachedError(t *testing.T) {
+func TestLimitedReadCloser_LimitReachedError(t *testing.T) {
 	testCases := []struct {
 		err  error
 		name string
--- a/internal/aghio/limitedreader.go
+++ b/internal/aghio/limitedreader.go
@@ -1,59 +0,0 @@
-// Package aghio contains extensions for io package's types and methods
-package aghio
-
-import (
-	"fmt"
-	"io"
-)
-
-// LimitReachedError records the limit and the operation that caused it.
-type LimitReachedError struct {
-	Limit int64
-}
-
-// Error implements error interface for LimitReachedError.
-//
-// TODO(a.garipov): Think about error string format.
-func (lre *LimitReachedError) Error() string {
-	return fmt.Sprintf("attempted to read more than %d bytes", lre.Limit)
-}
-
-// limitedReader is a wrapper for io.Reader with limited reader and dealing with
-// errors package.
-type limitedReader struct {
-	r     io.Reader
-	limit int64
-	n     int64
-}
-
-// Read implements Reader interface.
-func (lr *limitedReader) Read(p []byte) (n int, err error) {
-	if lr.n == 0 {
-		return 0, &LimitReachedError{
-			Limit: lr.limit,
-		}
-	}
-
-	if int64(len(p)) > lr.n {
-		p = p[0:lr.n]
-	}
-
-	n, err = lr.r.Read(p)
-	lr.n -= int64(n)
-
-	return n, err
-}
-
-// LimitReader wraps Reader to make it's Reader stop with ErrLimitReached after
-// n bytes read.
-func LimitReader(r io.Reader, n int64) (limited io.Reader, err error) {
-	if n < 0 {
-		return nil, fmt.Errorf("aghio: invalid n in LimitReader: %d", n)
-	}
-
-	return &limitedReader{
-		r:     r,
-		limit: n,
-		n:     n,
-	}, nil
-}
--- a/internal/aghnet/addr.go
+++ b/internal/aghnet/addr.go
@@ -6,23 +6,10 @@ import (
 	"strconv"
 	"strings"

-	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/AdGuardHome/internal/agherr"
 	"golang.org/x/net/idna"
 )

-// IPFromAddr returns an IP address from addr.  If addr is neither
-// a *net.TCPAddr nor a *net.UDPAddr, it returns nil.
-func IPFromAddr(addr net.Addr) (ip net.IP) {
-	switch addr := addr.(type) {
-	case *net.TCPAddr:
-		return addr.IP
-	case *net.UDPAddr:
-		return addr.IP
-	}
-
-	return nil
-}
-
 // IsValidHostOuterRune returns true if r is a valid initial or final rune for
 // a hostname label.
 func IsValidHostOuterRune(r rune) (ok bool) {
@@ -39,11 +26,11 @@ func isValidHostRune(r rune) (ok bool) {
 // ValidateHardwareAddress returns an error if hwa is not a valid EUI-48,
 // EUI-64, or 20-octet InfiniBand link-layer address.
 func ValidateHardwareAddress(hwa net.HardwareAddr) (err error) {
-	defer func() { err = errors.Annotate(err, "validating hardware address %q: %w", hwa) }()
+	defer agherr.Annotate("validating hardware address %q: %w", &err, hwa)

 	switch l := len(hwa); l {
 	case 0:
-		return errors.Error("address is empty")
+		return agherr.Error("address is empty")
 	case 6, 8, 20:
 		return nil
 	default:
@@ -55,22 +42,22 @@ func ValidateHardwareAddress(hwa net.HardwareAddr) (err error) {
 // according to RFC 1035.
 const maxDomainLabelLen = 63

-// MaxDomainNameLen is the maximum allowed length of a full domain name
+// maxDomainNameLen is the maximum allowed length of a full domain name
 // according to RFC 1035.
 //
 // See https://stackoverflow.com/a/32294443/1892060.
-const MaxDomainNameLen = 253
+const maxDomainNameLen = 253

 // ValidateDomainNameLabel returns an error if label is not a valid label of
 // a domain name.
 func ValidateDomainNameLabel(label string) (err error) {
-	defer func() { err = errors.Annotate(err, "validating label %q: %w", label) }()
+	defer agherr.Annotate("validating label %q: %w", &err, label)

 	l := len(label)
 	if l > maxDomainLabelLen {
 		return fmt.Errorf("label is too long, max: %d", maxDomainLabelLen)
 	} else if l == 0 {
-		return errors.Error("label is empty")
+		return agherr.Error("label is empty")
 	}

 	if r := label[0]; !IsValidHostOuterRune(rune(r)) {
@@ -100,7 +87,7 @@ func ValidateDomainNameLabel(label string) (err error) {
 // TODO(a.garipov): After making sure that this works correctly, port this into
 // module golibs.
 func ValidateDomainName(name string) (err error) {
-	defer func() { err = errors.Annotate(err, "validating domain name %q: %w", name) }()
+	defer agherr.Annotate("validating domain name %q: %w", &err, name)

 	name, err = idna.ToASCII(name)
 	if err != nil {
@@ -109,9 +96,9 @@ func ValidateDomainName(name string) (err error) {

 	l := len(name)
 	if l == 0 {
-		return errors.Error("domain name is empty")
-	} else if l > MaxDomainNameLen {
-		return fmt.Errorf("too long, max: %d", MaxDomainNameLen)
+		return agherr.Error("domain name is empty")
+	} else if l > maxDomainNameLen {
+		return fmt.Errorf("too long, max: %d", maxDomainNameLen)
 	}

 	labels := strings.Split(name, ".")
--- a/internal/aghnet/addr_test.go
+++ b/internal/aghnet/addr_test.go
@@ -9,14 +9,6 @@ import (
 	"github.com/stretchr/testify/require"
 )

-func TestIPFromAddr(t *testing.T) {
-	ip := net.IP{1, 2, 3, 4}
-	assert.Equal(t, net.IP(nil), IPFromAddr(nil))
-	assert.Equal(t, net.IP(nil), IPFromAddr(struct{ net.Addr }{}))
-	assert.Equal(t, ip, IPFromAddr(&net.TCPAddr{IP: ip}))
-	assert.Equal(t, ip, IPFromAddr(&net.UDPAddr{IP: ip}))
-}
-
 func TestValidateHardwareAddress(t *testing.T) {
 	testCases := []struct {
 		name       string
--- a/internal/aghnet/etchostscontainer.go
+++ b/internal/aghnet/etchostscontainer.go
@@ -2,6 +2,9 @@ package aghnet

 import (
 	"bufio"
+	"errors"
+	"io"
+	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
@@ -10,7 +13,6 @@ import (
 	"sync"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/fsnotify/fsnotify"
 	"github.com/miekg/dns"
@@ -120,9 +122,7 @@ func (ehc *EtcHostsContainer) Close() {
 	if ehc.watcher != nil {
 		_ = ehc.watcher.Close()
 	}
-
-	// Don't close onlyWritesChan here and let onlyWrites close it after
-	// watcher.Events is closed to prevent close races.
+	close(ehc.onlyWritesChan)
 }

 // Process returns the list of IP addresses for the hostname or nil if nothing
@@ -230,53 +230,34 @@ func (ehc *EtcHostsContainer) updateTableRev(tableRev map[string][]string, newHo
 	log.Debug("etchostscontainer: added reverse-address %s -> %s", ipStr, newHost)
 }

-// parseHostsLine parses hosts from the fields.
-func parseHostsLine(fields []string) (hosts []string) {
-	for _, f := range fields {
-		hashIdx := strings.IndexByte(f, '#')
-		if hashIdx == 0 {
-			// The rest of the fields are a part of the comment.
-			// Skip immediately.
-			return
-		} else if hashIdx > 0 {
-			// Only a part of the field is a comment.
-			hosts = append(hosts, f[:hashIdx])
-
-			return hosts
-		}
-
-		hosts = append(hosts, f)
-	}
-
-	return hosts
-}
-
-// load reads IP-hostname pairs from the hosts file.  Multiple hostnames per
-// line for one IP are supported.
-func (ehc *EtcHostsContainer) load(
-	table map[string][]net.IP,
-	tableRev map[string][]string,
-	fn string,
-) {
+// Read IP-hostname pairs from file
+// Multiple hostnames per line (per one IP) is supported.
+func (ehc *EtcHostsContainer) load(table map[string][]net.IP, tableRev map[string][]string, fn string) {
 	f, err := os.Open(fn)
 	if err != nil {
 		log.Error("etchostscontainer: %s", err)
-
 		return
 	}
-
-	defer func() {
-		derr := f.Close()
-		if derr != nil {
-			log.Error("etchostscontainer: closing file: %s", err)
-		}
-	}()
-
+	defer f.Close()
+	r := bufio.NewReader(f)
 	log.Debug("etchostscontainer: loading hosts from file %s", fn)

-	s := bufio.NewScanner(f)
-	for s.Scan() {
-		line := strings.TrimSpace(s.Text())
+	for done := false; !done; {
+		var line string
+		line, err = r.ReadString('\n')
+		if err == io.EOF {
+			done = true
+		} else if err != nil {
+			log.Error("etchostscontainer: %s", err)
+
+			return
+		}
+
+		line = strings.TrimSpace(line)
+		if len(line) == 0 || line[0] == '#' {
+			continue
+		}
+
 		fields := strings.Fields(line)
 		if len(fields) < 2 {
 			continue
@@ -287,17 +268,28 @@ func (ehc *EtcHostsContainer) load(
 			continue
 		}

-		hosts := parseHostsLine(fields[1:])
-		for _, host := range hosts {
+		for i := 1; i != len(fields); i++ {
+			host := fields[i]
+			if len(host) == 0 {
+				break
+			}
+
+			sharp := strings.IndexByte(host, '#')
+			if sharp == 0 {
+				// Skip the comments.
+				break
+			} else if sharp > 0 {
+				host = host[:sharp]
+			}
+
 			ehc.updateTable(table, host, ip)
 			ehc.updateTableRev(tableRev, host, ip)
+			if sharp >= 0 {
+				// Skip the comments again.
+				break
+			}
 		}
 	}
-
-	err = s.Err()
-	if err != nil {
-		log.Error("etchostscontainer: %s", err)
-	}
 }

 // onlyWrites is a filter for (*fsnotify.Watcher).Events.
@@ -307,8 +299,6 @@ func (ehc *EtcHostsContainer) onlyWrites() {
 			ehc.onlyWritesChan <- event
 		}
 	}
-
-	close(ehc.onlyWritesChan)
 }

 // Receive notifications from fsnotify package
@@ -355,7 +345,7 @@ func (ehc *EtcHostsContainer) updateHosts() {
 	ehc.load(table, tableRev, ehc.hostsFn)

 	for _, dir := range ehc.hostsDirs {
-		des, err := os.ReadDir(dir)
+		fis, err := ioutil.ReadDir(dir)
 		if err != nil {
 			if !errors.Is(err, os.ErrNotExist) {
 				log.Error("etchostscontainer: Opening directory: %q: %s", dir, err)
@@ -364,8 +354,8 @@ func (ehc *EtcHostsContainer) updateHosts() {
 			continue
 		}

-		for _, de := range des {
-			ehc.load(table, tableRev, filepath.Join(dir, de.Name()))
+		for _, fi := range fis {
+			ehc.load(table, tableRev, filepath.Join(dir, fi.Name()))
 		}
 	}

--- a/internal/aghnet/etshostscontainer_test.go
+++ b/internal/aghnet/etshostscontainer_test.go
@@ -1,6 +1,7 @@
 package aghnet

 import (
+	"io/ioutil"
 	"net"
 	"os"
 	"strings"
@@ -22,12 +23,11 @@ func prepareTestFile(t *testing.T) (f *os.File) {

 	dir := t.TempDir()

-	f, err := os.CreateTemp(dir, "")
-	require.NoError(t, err)
+	f, err := ioutil.TempFile(dir, "")
+	require.Nil(t, err)
 	require.NotNil(t, f)
-
 	t.Cleanup(func() {
-		assert.NoError(t, f.Close())
+		assert.Nil(t, f.Close())
 	})

 	return f
@@ -38,7 +38,7 @@ func assertWriting(t *testing.T, f *os.File, strs ...string) {

 	for _, str := range strs {
 		n, err := f.WriteString(str)
-		require.NoError(t, err)
+		require.Nil(t, err)
 		assert.Equal(t, n, len(str))
 	}
 }
@@ -78,16 +78,16 @@ func TestEtcHostsContainerResolution(t *testing.T) {
 	t.Run("ptr", func(t *testing.T) {
 		testCases := []struct {
 			wantIP   string
-			wantHost string
 			wantLen  int
+			wantHost string
 		}{
-			{wantIP: "127.0.0.1", wantHost: "host", wantLen: 2},
-			{wantIP: "::1", wantHost: "localhost", wantLen: 1},
+			{wantIP: "127.0.0.1", wantLen: 2, wantHost: "host"},
+			{wantIP: "::1", wantLen: 1, wantHost: "localhost"},
 		}

 		for _, tc := range testCases {
 			a, err := dns.ReverseAddr(tc.wantIP)
-			require.NoError(t, err)
+			require.Nil(t, err)

 			a = strings.TrimSuffix(a, ".")
 			hosts := ehc.ProcessReverse(a, dns.TypePTR)
@@ -115,7 +115,7 @@ func TestEtcHostsContainerFSNotify(t *testing.T) {
 	t.Cleanup(ehc.Close)

 	assertWriting(t, f, "127.0.0.2   newhost\n")
-	require.NoError(t, f.Sync())
+	require.Nil(t, f.Sync())

 	// Wait until fsnotify has triggerred and processed the
 	// file-modification event.
--- a/internal/aghnet/net.go
+++ b/internal/aghnet/net.go
@@ -3,6 +3,7 @@ package aghnet

 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net"
 	"os"
@@ -13,14 +14,14 @@ import (
 	"syscall"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/agherr"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghstrings"
-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 )

 // ErrNoStaticIPInfo is returned by IfaceHasStaticIP when no information about
 // the IP being static is available.
-const ErrNoStaticIPInfo errors.Error = "no information about static ip"
+const ErrNoStaticIPInfo agherr.Error = "no information about static ip"

 // IfaceHasStaticIP checks if interface is configured to have static IP address.
 // If it can't give a definitive answer, it returns false and an error for which
@@ -83,17 +84,17 @@ type NetInterface struct {
 	Subnets []*net.IPNet `json:"-"`
 }

-// MarshalJSON implements the json.Marshaler interface for NetInterface.
-func (iface NetInterface) MarshalJSON() ([]byte, error) {
+// MarshalJSON implements the json.Marshaler interface for *NetInterface.
+func (iface *NetInterface) MarshalJSON() ([]byte, error) {
 	type netInterface NetInterface
 	return json.Marshal(&struct {
 		HardwareAddr string `json:"hardware_address"`
 		Flags        string `json:"flags"`
-		netInterface
+		*netInterface
 	}{
 		HardwareAddr: iface.HardwareAddr.String(),
 		Flags:        iface.Flags.String(),
-		netInterface: netInterface(iface),
+		netInterface: (*netInterface)(iface),
 	})
 }

@@ -105,7 +106,7 @@ func GetValidNetInterfacesForWeb() ([]*NetInterface, error) {
 		return nil, fmt.Errorf("couldn't get interfaces: %w", err)
 	}
 	if len(ifaces) == 0 {
-		return nil, errors.Error("couldn't find any legible interface")
+		return nil, errors.New("couldn't find any legible interface")
 	}

 	var netInterfaces []*NetInterface
--- a/internal/aghnet/net_darwin.go
+++ b/internal/aghnet/net_darwin.go
@@ -1,17 +1,15 @@
 // +build darwin

-//go:build darwin
-
 package aghnet

 import (
+	"errors"
 	"fmt"
-	"os"
+	"io/ioutil"
 	"regexp"
 	"strings"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/golibs/errors"
 )

 // hardwarePortInfo - information obtained using MacOS networksetup
@@ -83,7 +81,7 @@ func getHardwarePortInfo(hardwarePort string) (hardwarePortInfo, error) {

 	match := re.FindStringSubmatch(out)
 	if len(match) == 0 {
-		return h, errors.Error("could not find hardware port info")
+		return h, errors.New("could not find hardware port info")
 	}

 	h.name = hardwarePort
@@ -105,7 +103,7 @@ func ifaceSetStaticIP(ifaceName string) (err error) {
 	}

 	if portInfo.static {
-		return errors.Error("IP address is already static")
+		return errors.New("IP address is already static")
 	}

 	dnsAddrs, err := getEtcResolvConfServers()
@@ -142,7 +140,7 @@ func ifaceSetStaticIP(ifaceName string) (err error) {
 // getEtcResolvConfServers returns a list of nameservers configured in
 // /etc/resolv.conf.
 func getEtcResolvConfServers() ([]string, error) {
-	body, err := os.ReadFile("/etc/resolv.conf")
+	body, err := ioutil.ReadFile("/etc/resolv.conf")
 	if err != nil {
 		return nil, err
 	}
@@ -151,7 +149,7 @@ func getEtcResolvConfServers() ([]string, error) {

 	matches := re.FindAllStringSubmatch(string(body), -1)
 	if len(matches) == 0 {
-		return nil, errors.Error("found no DNS servers in /etc/resolv.conf")
+		return nil, errors.New("found no DNS servers in /etc/resolv.conf")
 	}

 	addrs := make([]string, 0)
--- a/internal/aghnet/net_linux.go
+++ b/internal/aghnet/net_linux.go
@@ -1,19 +1,18 @@
 // +build linux

-//go:build linux
-
 package aghnet

 import (
 	"bufio"
+	"errors"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"net"
 	"os"
 	"strings"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghio"
-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/google/renameio/maybe"
 )

@@ -49,15 +48,16 @@ func ifaceHasStaticIP(ifaceName string) (has bool, err error) {

 			return false, err
 		}
-		defer func() { err = errors.WithDeferred(err, f.Close()) }()
+		defer f.Close()

-		var fileReader io.Reader
-		fileReader, err = aghio.LimitReader(f, maxConfigFileSize)
+		var fileReadCloser io.ReadCloser
+		fileReadCloser, err = aghio.LimitReadCloser(f, maxConfigFileSize)
 		if err != nil {
 			return false, err
 		}
+		defer fileReadCloser.Close()

-		has, err = check.checker(fileReader, ifaceName)
+		has, err = check.checker(fileReadCloser, ifaceName)
 		if err != nil {
 			return false, err
 		}
@@ -68,41 +68,40 @@ func ifaceHasStaticIP(ifaceName string) (has bool, err error) {
 	return false, ErrNoStaticIPInfo
 }

-// findIfaceLine scans s until it finds the line that declares an interface with
-// the given name.  If findIfaceLine can't find the line, it returns false.
-func findIfaceLine(s *bufio.Scanner, name string) (ok bool) {
-	for s.Scan() {
-		line := strings.TrimSpace(s.Text())
-		fields := strings.Fields(line)
-		if len(fields) == 2 && fields[0] == "interface" && fields[1] == name {
-			return true
-		}
-	}
-
-	return false
-}
-
 // dhcpcdStaticConfig checks if interface is configured by /etc/dhcpcd.conf to
 // have a static IP.
 func dhcpcdStaticConfig(r io.Reader, ifaceName string) (has bool, err error) {
 	s := bufio.NewScanner(r)
-	ifaceFound := findIfaceLine(s, ifaceName)
-	if !ifaceFound {
-		return false, s.Err()
-	}
+	var withinInterfaceCtx bool

 	for s.Scan() {
 		line := strings.TrimSpace(s.Text())
-		fields := strings.Fields(line)
-		if len(fields) >= 2 &&
-			fields[0] == "static" &&
-			strings.HasPrefix(fields[1], "ip_address=") {
-			return true, s.Err()
+
+		if withinInterfaceCtx && len(line) == 0 {
+			// An empty line resets our state.
+			withinInterfaceCtx = false
 		}

-		if len(fields) > 0 && fields[0] == "interface" {
-			// Another interface found.
-			break
+		if len(line) == 0 || line[0] == '#' {
+			continue
+		}
+
+		fields := strings.Fields(line)
+
+		if withinInterfaceCtx {
+			if len(fields) >= 2 && fields[0] == "static" && strings.HasPrefix(fields[1], "ip_address=") {
+				return true, nil
+			}
+			if len(fields) > 0 && fields[0] == "interface" {
+				// Another interface found.
+				withinInterfaceCtx = false
+			}
+			continue
+		}
+
+		if len(fields) == 2 && fields[0] == "interface" && fields[1] == ifaceName {
+			// The interface found.
+			withinInterfaceCtx = true
 		}
 	}

@@ -134,13 +133,13 @@ func ifacesStaticConfig(r io.Reader, ifaceName string) (has bool, err error) {
 func ifaceSetStaticIP(ifaceName string) (err error) {
 	ipNet := GetSubnet(ifaceName)
 	if ipNet.IP == nil {
-		return errors.Error("can't get IP address")
+		return errors.New("can't get IP address")
 	}

 	gatewayIP := GatewayIP(ifaceName)
 	add := updateStaticIPdhcpcdConf(ifaceName, ipNet.String(), gatewayIP, ipNet.IP)

-	body, err := os.ReadFile("/etc/dhcpcd.conf")
+	body, err := ioutil.ReadFile("/etc/dhcpcd.conf")
 	if err != nil {
 		return err
 	}
--- a/internal/aghnet/net_linux_test.go
+++ b/internal/aghnet/net_linux_test.go
@@ -1,7 +1,5 @@
 // +build linux

-//go:build linux
-
 package aghnet

 import (
--- a/internal/aghnet/net_others.go
+++ b/internal/aghnet/net_others.go
@@ -1,7 +1,5 @@
 // +build !linux,!darwin

-//go:build !(linux || darwin)
-
 package aghnet

 import (
--- a/internal/aghnet/systemresolvers.go
+++ b/internal/aghnet/systemresolvers.go
@@ -3,6 +3,7 @@ package aghnet
 import (
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/agherr"
 	"github.com/AdguardTeam/golibs/log"
 )

@@ -16,17 +17,29 @@ type HostGenFunc func() (host string)

 // SystemResolvers helps to work with local resolvers' addresses provided by OS.
 type SystemResolvers interface {
-	// Get returns the slice of local resolvers' addresses.  It should be
-	// safe for concurrent use.
+	// Get returns the slice of local resolvers' addresses.
+	// It should be safe for concurrent use.
 	Get() (rs []string)
 	// refresh refreshes the local resolvers' addresses cache.  It should be
 	// safe for concurrent use.
 	refresh() (err error)
 }

+const (
+	// errBadAddrPassed is returned when dialFunc can't parse an IP address.
+	errBadAddrPassed agherr.Error = "the passed string is not a valid IP address"
+
+	// errFakeDial is an error which dialFunc is expected to return.
+	errFakeDial agherr.Error = "this error signals the successful dialFunc work"
+
+	// errUnexpectedHostFormat is returned by validateDialedHost when the host has
+	// more than one percent sign.
+	errUnexpectedHostFormat agherr.Error = "unexpected host format"
+)
+
 // refreshWithTicker refreshes the cache of sr after each tick form tickCh.
 func refreshWithTicker(sr SystemResolvers, tickCh <-chan time.Time) {
-	defer log.OnPanic("systemResolvers")
+	defer agherr.LogPanic("systemResolvers")

 	// TODO(e.burkov): Implement a functionality to stop ticker.
 	for range tickCh {
--- a/internal/aghnet/systemresolvers_others.go
+++ b/internal/aghnet/systemresolvers_others.go
@@ -1,19 +1,18 @@
 // +build !windows

-//go:build !windows
-
 package aghnet

 import (
 	"context"
+	"errors"
 	"fmt"
 	"net"
 	"strings"
 	"sync"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/agherr"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghstrings"
-	"github.com/AdguardTeam/golibs/errors"
 )

 // defaultHostGen is the default method of generating host for Refresh.
@@ -32,20 +31,8 @@ type systemResolvers struct {
 	addrsLock sync.RWMutex
 }

-const (
-	// errBadAddrPassed is returned when dialFunc can't parse an IP address.
-	errBadAddrPassed errors.Error = "the passed string is not a valid IP address"
-
-	// errFakeDial is an error which dialFunc is expected to return.
-	errFakeDial errors.Error = "this error signals the successful dialFunc work"
-
-	// errUnexpectedHostFormat is returned by validateDialedHost when the host has
-	// more than one percent sign.
-	errUnexpectedHostFormat errors.Error = "unexpected host format"
-)
-
 func (sr *systemResolvers) refresh() (err error) {
-	defer func() { err = errors.Annotate(err, "systemResolvers: %w") }()
+	defer agherr.Annotate("systemResolvers: %w", &err)

 	_, err = sr.resolver.LookupHost(context.Background(), sr.hostGenFunc())
 	dnserr := &net.DNSError{}
@@ -74,7 +61,7 @@ func newSystemResolvers(refreshIvl time.Duration, hostGenFunc HostGenFunc) (sr S

 // validateDialedHost validated the host used by resolvers in dialFunc.
 func validateDialedHost(host string) (err error) {
-	defer func() { err = errors.Annotate(err, "parsing %q: %w", host) }()
+	defer agherr.Annotate("parsing %q: %w", &err, host)

 	var ipStr string
 	parts := strings.Split(host, "%")
--- a/internal/aghnet/systemresolvers_others_test.go
+++ b/internal/aghnet/systemresolvers_others_test.go
@@ -1,7 +1,5 @@
 // +build !windows

-//go:build !windows
-
 package aghnet

 import (
--- a/internal/aghnet/systemresolvers_windows.go
+++ b/internal/aghnet/systemresolvers_windows.go
@@ -1,7 +1,5 @@
 // +build windows

-//go:build windows
-
 package aghnet

 import (
@@ -14,9 +12,9 @@ import (
 	"sync"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/agherr"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghio"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 )

@@ -45,57 +43,6 @@ func (sr *systemResolvers) Get() (rs []string) {
 	return rs
 }

-// writeExit writes "exit" to w and closes it.  It is supposed to be run in
-// a goroutine.
-func writeExit(w io.WriteCloser) {
-	defer log.OnPanic("systemResolvers: writeExit")
-
-	defer func() {
-		derr := w.Close()
-		if derr != nil {
-			log.Error("systemResolvers: writeExit: closing: %s", derr)
-		}
-	}()
-
-	_, err := io.WriteString(w, "exit")
-	if err != nil {
-		log.Error("systemResolvers: writeExit: writing: %s", err)
-	}
-}
-
-// scanAddrs scans the DNS addresses from nslookup's output.  The expected
-// output of nslookup looks like this:
-//
-//   Default Server:  192-168-1-1.qualified.domain.ru
-//   Address:  192.168.1.1
-//
-func scanAddrs(s *bufio.Scanner) (addrs []string) {
-	for s.Scan() {
-		line := strings.TrimSpace(s.Text())
-		fields := strings.Fields(line)
-		if len(fields) != 2 || fields[0] != "Address:" {
-			continue
-		}
-
-		// If the address contains port then it is separated with '#'.
-		ipPort := strings.Split(fields[1], "#")
-		if len(ipPort) == 0 {
-			continue
-		}
-
-		addr := ipPort[0]
-		if net.ParseIP(addr) == nil {
-			log.Debug("systemResolvers: %q is not a valid ip", addr)
-
-			continue
-		}
-
-		addrs = append(addrs, addr)
-	}
-
-	return addrs
-}
-
 // getAddrs gets local resolvers' addresses from OS in a special Windows way.
 //
 // TODO(e.burkov): This whole function needs more detailed research on getting
@@ -116,41 +63,83 @@ func (sr *systemResolvers) getAddrs() (addrs []string, err error) {
 		return nil, fmt.Errorf("getting the command's stdout pipe: %w", err)
 	}

-	var stdoutLimited io.Reader
-	stdoutLimited, err = aghio.LimitReader(stdout, aghos.MaxCmdOutputSize)
+	var stdoutLimited io.ReadCloser
+	stdoutLimited, err = aghio.LimitReadCloser(stdout, aghos.MaxCmdOutputSize)
 	if err != nil {
 		return nil, fmt.Errorf("limiting stdout reader: %w", err)
 	}

-	go writeExit(stdin)
+	go func() {
+		defer agherr.LogPanic("systemResolvers")
+		defer func() {
+			derr := stdin.Close()
+			if derr != nil {
+				log.Error("systemResolvers: closing stdin pipe: %s", derr)
+			}
+		}()
+
+		_, werr := io.WriteString(stdin, "exit")
+		if werr != nil {
+			log.Error("systemResolvers: writing to command pipe: %s", werr)
+		}
+	}()

 	err = cmd.Start()
 	if err != nil {
 		return nil, fmt.Errorf("start command executing: %w", err)
 	}

+	// The output of nslookup looks like this:
+	//
+	// Default Server:  192-168-1-1.qualified.domain.ru
+	// Address:  192.168.1.1
+
+	var possibleIPs []string
 	s := bufio.NewScanner(stdoutLimited)
-	addrs = scanAddrs(s)
+	for s.Scan() {
+		line := s.Text()
+		if len(line) == 0 {
+			continue
+		}
+
+		fields := strings.Fields(line)
+		if len(fields) != 2 || fields[0] != "Address:" {
+			continue
+		}
+
+		// If the address contains port then it is separated with '#'.
+		ipStrs := strings.Split(fields[1], "#")
+		if len(ipStrs) == 0 {
+			continue
+		}
+
+		possibleIPs = append(possibleIPs, ipStrs[0])
+	}

 	err = cmd.Wait()
 	if err != nil {
 		return nil, fmt.Errorf("executing the command: %w", err)
 	}

-	err = s.Err()
-	if err != nil {
-		return nil, fmt.Errorf("scanning output: %w", err)
-	}
-
 	// Don't close StdoutPipe since Wait do it for us in ¿most? cases.
 	//
 	// See go doc os/exec.Cmd.StdoutPipe.

+	for _, addr := range possibleIPs {
+		if net.ParseIP(addr) == nil {
+			log.Debug("systemResolvers: %q is not a valid ip", addr)
+
+			continue
+		}
+
+		addrs = append(addrs, addr)
+	}
+
 	return addrs, nil
 }

 func (sr *systemResolvers) refresh() (err error) {
-	defer func() { err = errors.Annotate(err, "systemResolvers: %w") }()
+	defer agherr.Annotate("systemResolvers: %w", &err)

 	got, err := sr.getAddrs()
 	if err != nil {
--- a/internal/aghnet/systemresolvers_windows_test.go
+++ b/internal/aghnet/systemresolvers_windows_test.go
@@ -1,7 +1,5 @@
 // +build windows

-//go:build windows
-
 package aghnet

 // TODO(e.burkov): Write tests for Windows implementation.
--- a/internal/aghos/endian_big.go
+++ b/internal/aghos/endian_big.go
@@ -1,7 +1,5 @@
 // +build mips mips64

-//go:build mips || mips64
-
 // This file is an adapted version of github.com/josharian/native.

 package aghos
--- a/internal/aghos/endian_little.go
+++ b/internal/aghos/endian_little.go
@@ -1,7 +1,5 @@
 // +build amd64 386 arm arm64 mipsle mips64le ppc64le

-//go:build amd64 || 386 || arm || arm64 || mipsle || mips64le || ppc64le
-
 // This file is an adapted version of github.com/josharian/native.

 package aghos
--- a/internal/aghos/os_bsd.go
+++ b/internal/aghos/os_bsd.go
@@ -1,7 +1,5 @@
 // +build darwin netbsd openbsd

-//go:build darwin || netbsd || openbsd
-
 package aghos

 import (
--- a/internal/aghos/os_freebsd.go
+++ b/internal/aghos/os_freebsd.go
@@ -1,7 +1,5 @@
 // +build freebsd

-//go:build freebsd
-
 package aghos

 import (
--- a/internal/aghos/os_linux.go
+++ b/internal/aghos/os_linux.go
@@ -1,11 +1,10 @@
 // +build linux

-//go:build linux
-
 package aghos

 import (
 	"bytes"
+	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -46,7 +45,9 @@ func sendProcessSignal(pid int, sig syscall.Signal) error {
 func isOpenWrt() (ok bool) {
 	const etcDir = "/etc"

-	dirEnts, err := os.ReadDir(etcDir)
+	// TODO(e.burkov): Take care of dealing with fs package after updating
+	// Go version to 1.16.
+	fileInfos, err := ioutil.ReadDir(etcDir)
 	if err != nil {
 		return false
 	}
@@ -55,18 +56,18 @@ func isOpenWrt() (ok bool) {
 	const fNameSubstr = "release"
 	osNameData := []byte("OpenWrt")

-	for _, dirEnt := range dirEnts {
-		if dirEnt.IsDir() {
+	for _, fileInfo := range fileInfos {
+		if fileInfo.IsDir() {
 			continue
 		}

-		fn := dirEnt.Name()
+		fn := fileInfo.Name()
 		if !strings.Contains(fn, fNameSubstr) {
 			continue
 		}

 		var body []byte
-		body, err = os.ReadFile(filepath.Join(etcDir, fn))
+		body, err = ioutil.ReadFile(filepath.Join(etcDir, fn))
 		if err != nil {
 			continue
 		}
--- a/internal/aghos/os_windows.go
+++ b/internal/aghos/os_windows.go
@@ -1,7 +1,5 @@
 // +build windows

-//go:build windows
-
 package aghos

 import (
--- a/internal/aghos/syslog_others.go
+++ b/internal/aghos/syslog_others.go
@@ -1,7 +1,5 @@
 // +build !windows,!plan9

-//go:build !(windows || plan9)
-
 package aghos

 import (
--- a/internal/aghos/syslog_windows.go
+++ b/internal/aghos/syslog_windows.go
@@ -1,7 +1,5 @@
 // +build windows plan9

-//go:build windows || plan9
-
 package aghos

 import (
--- a/internal/aghstrings/strings.go
+++ b/internal/aghstrings/strings.go
@@ -19,19 +19,6 @@ func CloneSlice(a []string) (b []string) {
 	return CloneSliceOrEmpty(a)
 }

-// Coalesce returns the first non-empty string.  It is named after the function
-// COALESCE in SQL except that since strings in Go are non-nullable, it uses an
-// empty string as a NULL value.  If strs is empty, it returns an empty string.
-func Coalesce(strs ...string) (res string) {
-	for _, s := range strs {
-		if s != "" {
-			return s
-		}
-	}
-
-	return ""
-}
-
 // FilterOut returns a copy of strs with all strings for which f returned true
 // removed.
 func FilterOut(strs []string, f func(s string) (ok bool)) (filtered []string) {
--- a/internal/aghstrings/strings_test.go
+++ b/internal/aghstrings/strings_test.go
@@ -36,14 +36,6 @@ func TestCloneSlice_family(t *testing.T) {
 	})
 }

-func TestCoalesce(t *testing.T) {
-	assert.Equal(t, "", Coalesce())
-	assert.Equal(t, "a", Coalesce("a"))
-	assert.Equal(t, "a", Coalesce("", "a"))
-	assert.Equal(t, "a", Coalesce("a", ""))
-	assert.Equal(t, "a", Coalesce("a", "b"))
-}
-
 func TestFilterOut(t *testing.T) {
 	strs := []string{
 		"1.2.3.4",
--- a/internal/aghtest/aghtest.go
+++ b/internal/aghtest/aghtest.go
@@ -3,6 +3,7 @@ package aghtest

 import (
 	"io"
+	"io/ioutil"
 	"os"
 	"testing"

@@ -13,7 +14,7 @@ import (
 func DiscardLogOutput(m *testing.M) {
 	// TODO(e.burkov): Refactor code and tests to not use the global mutable
 	// logger.
-	log.SetOutput(io.Discard)
+	log.SetOutput(ioutil.Discard)

 	os.Exit(m.Run())
 }
@@ -30,7 +31,7 @@ func ReplaceLogWriter(t *testing.T, w io.Writer) {

 // ReplaceLogLevel sets logging level to l and uses Cleanup method of t to
 // revert changes.
-func ReplaceLogLevel(t *testing.T, l log.Level) {
+func ReplaceLogLevel(t *testing.T, l int) {
 	switch l {
 	case log.INFO, log.DEBUG, log.ERROR:
 		// Go on.
--- a/internal/aghtest/upstream.go
+++ b/internal/aghtest/upstream.go
@@ -13,6 +13,8 @@ import (

 // TestUpstream is a mock of real upstream.
 type TestUpstream struct {
+	// Addr is the address for Address method.
+	Addr string
 	// CName is a map of hostname to canonical name.
 	CName map[string]string
 	// IPv4 is a map of hostname to IPv4.
@@ -21,13 +23,9 @@ type TestUpstream struct {
 	IPv6 map[string][]net.IP
 	// Reverse is a map of address to domain name.
 	Reverse map[string][]string
-	// Addr is the address for Address method.
-	Addr string
 }

 // Exchange implements upstream.Upstream interface for *TestUpstream.
-//
-// TODO(a.garipov): Split further into handlers.
 func (u *TestUpstream) Exchange(m *dns.Msg) (resp *dns.Msg, err error) {
 	resp = &dns.Msg{}
 	resp.SetReply(m)
@@ -35,69 +33,70 @@ func (u *TestUpstream) Exchange(m *dns.Msg) (resp *dns.Msg, err error) {
 	if len(m.Question) == 0 {
 		return nil, fmt.Errorf("question should not be empty")
 	}
-
 	name := m.Question[0].Name

 	if cname, ok := u.CName[name]; ok {
-		ans := &dns.CNAME{
+		resp.Answer = append(resp.Answer, &dns.CNAME{
 			Hdr: dns.RR_Header{
 				Name:   name,
 				Rrtype: dns.TypeCNAME,
 			},
 			Target: cname,
-		}
-
-		resp.Answer = append(resp.Answer, ans)
+		})
 	}

-	rrType := m.Question[0].Qtype
-	hdr := dns.RR_Header{
-		Name:   name,
-		Rrtype: rrType,
-	}
-
-	var names []string
+	var hasRec bool
+	var rrType uint16
 	var ips []net.IP
 	switch m.Question[0].Qtype {
 	case dns.TypeA:
-		ips = u.IPv4[name]
+		rrType = dns.TypeA
+		if ipv4addr, ok := u.IPv4[name]; ok {
+			hasRec = true
+			ips = ipv4addr
+		}
 	case dns.TypeAAAA:
-		ips = u.IPv6[name]
+		rrType = dns.TypeAAAA
+		if ipv6addr, ok := u.IPv6[name]; ok {
+			hasRec = true
+			ips = ipv6addr
+		}
 	case dns.TypePTR:
-		names = u.Reverse[name]
+		names, ok := u.Reverse[name]
+		if !ok {
+			break
+		}
+
+		for _, n := range names {
+			resp.Answer = append(resp.Answer, &dns.PTR{
+				Hdr: dns.RR_Header{
+					Name:   n,
+					Rrtype: rrType,
+				},
+				Ptr: n,
+			})
+		}
 	}

 	for _, ip := range ips {
-		var ans dns.RR
-		if rrType == dns.TypeA {
-			ans = &dns.A{
-				Hdr: hdr,
-				A:   ip,
-			}
-
-			resp.Answer = append(resp.Answer, ans)
-
-			continue
-		}
-
-		ans = &dns.AAAA{
-			Hdr:  hdr,
-			AAAA: ip,
-		}
-
-		resp.Answer = append(resp.Answer, ans)
-	}
-
-	for _, n := range names {
-		ans := &dns.PTR{
-			Hdr: hdr,
-			Ptr: n,
-		}
-
-		resp.Answer = append(resp.Answer, ans)
+		resp.Answer = append(resp.Answer, &dns.A{
+			Hdr: dns.RR_Header{
+				Name:   name,
+				Rrtype: rrType,
+			},
+			A: ip,
+		})
 	}

 	if len(resp.Answer) == 0 {
+		if hasRec {
+			// Set no error RCode if there are some records for
+			// given Qname but we didn't apply them.
+			resp.SetRcode(m, dns.RcodeSuccess)
+
+			return resp, nil
+		}
+		// Set NXDomain RCode otherwise.
 		resp.SetRcode(m, dns.RcodeNameError)
 	}

@@ -112,13 +111,10 @@ func (u *TestUpstream) Address() string {
 // TestBlockUpstream implements upstream.Upstream interface for replacing real
 // upstream in tests.
 type TestBlockUpstream struct {
-	Hostname string
-
-	// lock protects reqNum.
-	lock   sync.RWMutex
-	reqNum int
-
-	Block bool
+	Hostname      string
+	Block         bool
+	requestsCount int
+	lock          sync.RWMutex
 }

 // Exchange returns a message unique for TestBlockUpstream's Hostname-Block
@@ -126,7 +122,7 @@ type TestBlockUpstream struct {
 func (u *TestBlockUpstream) Exchange(r *dns.Msg) (*dns.Msg, error) {
 	u.lock.Lock()
 	defer u.lock.Unlock()
-	u.reqNum++
+	u.requestsCount++

 	hash := sha256.Sum256([]byte(u.Hostname))
 	hashToReturn := hex.EncodeToString(hash[:])
@@ -160,7 +156,7 @@ func (u *TestBlockUpstream) RequestsCount() int {
 	u.lock.Lock()
 	defer u.lock.Unlock()

-	return u.reqNum
+	return u.requestsCount
 }

 // TestErrUpstream implements upstream.Upstream interface for replacing real
@@ -172,6 +168,9 @@ type TestErrUpstream struct {

 // Exchange always returns nil Msg and non-nil error.
 func (u *TestErrUpstream) Exchange(*dns.Msg) (*dns.Msg, error) {
+	// We don't use an agherr.Error to avoid the import cycle since aghtests
+	// used to provide the utilities for testing which agherr (and any other
+	// testable package) should be able to use.
 	return nil, fmt.Errorf("errupstream: %w", u.Err)
 }

--- a/internal/dhcpd/checkother.go
+++ b/internal/dhcpd/checkother.go
@@ -1,7 +1,5 @@
 // +build aix darwin dragonfly freebsd linux netbsd openbsd solaris

-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-
 package dhcpd

 import (
@@ -12,7 +10,6 @@ import (
 	"runtime"
 	"time"

-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/insomniacslk/dhcp/dhcpv4"
 	"github.com/insomniacslk/dhcp/dhcpv4/nclient4"
@@ -79,7 +76,7 @@ func CheckIfOtherDHCPServersPresentV4(ifaceName string) (ok bool, err error) {
 		return false, fmt.Errorf("couldn't listen on :68: %w", err)
 	}
 	if c != nil {
-		defer func() { err = errors.WithDeferred(err, c.Close()) }()
+		defer c.Close()
 	}

 	// send to 255.255.255.255:67
@@ -203,7 +200,7 @@ func CheckIfOtherDHCPServersPresentV6(ifaceName string) (ok bool, err error) {
 		return false, fmt.Errorf("dhcpv6: Couldn't listen on :546: %w", err)
 	}
 	if c != nil {
-		defer func() { err = errors.WithDeferred(err, c.Close()) }()
+		defer c.Close()
 	}

 	_, err = c.WriteTo(req.ToBytes(), dstAddr)
--- a/internal/dhcpd/db.go
+++ b/internal/dhcpd/db.go
@@ -4,11 +4,12 @@ package dhcpd

 import (
 	"encoding/json"
+	"errors"
+	"io/ioutil"
 	"net"
 	"os"
 	"time"

-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/google/renameio/maybe"
 )
@@ -37,7 +38,7 @@ func (s *Server) dbLoad() {
 	v6StaticLeases := []*Lease{}
 	v6DynLeases := []*Lease{}

-	data, err := os.ReadFile(s.conf.DBFilePath)
+	data, err := ioutil.ReadFile(s.conf.DBFilePath)
 	if err != nil {
 		if !errors.Is(err, os.ErrNotExist) {
 			log.Error("dhcp: can't read file %q: %v", s.conf.DBFilePath, err)
--- a/internal/dhcpd/dhcpd.go
+++ b/internal/dhcpd/dhcpd.go
@@ -43,8 +43,8 @@ func (l *Lease) IsStatic() (ok bool) {
 	return l != nil && l.Expiry.Unix() == leaseExpireStatic
 }

-// MarshalJSON implements the json.Marshaler interface for Lease.
-func (l Lease) MarshalJSON() ([]byte, error) {
+// MarshalJSON implements the json.Marshaler interface for *Lease.
+func (l *Lease) MarshalJSON() ([]byte, error) {
 	var expiryStr string
 	if !l.IsStatic() {
 		// The front-end is waiting for RFC 3999 format of the time
@@ -59,11 +59,11 @@ func (l Lease) MarshalJSON() ([]byte, error) {
 	return json.Marshal(&struct {
 		HWAddr string `json:"mac"`
 		Expiry string `json:"expires,omitempty"`
-		lease
+		*lease
 	}{
 		HWAddr: l.HWAddr.String(),
 		Expiry: expiryStr,
-		lease:  lease(l),
+		lease:  (*lease)(l),
 	})
 }

@@ -71,8 +71,8 @@ func (l Lease) MarshalJSON() ([]byte, error) {
 func (l *Lease) UnmarshalJSON(data []byte) (err error) {
 	type lease Lease
 	aux := struct {
-		*lease
 		HWAddr string `json:"mac"`
+		*lease
 	}{
 		lease: (*lease)(l),
 	}
--- a/internal/dhcpd/dhcpd_test.go
+++ b/internal/dhcpd/dhcpd_test.go
@@ -1,7 +1,5 @@
 // +build aix darwin dragonfly freebsd linux netbsd openbsd solaris

-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-
 package dhcpd

 import (
--- a/internal/dhcpd/http.go
+++ b/internal/dhcpd/http.go
@@ -2,15 +2,15 @@ package dhcpd

 import (
 	"encoding/json"
+	"errors"
 	"fmt"
-	"io"
+	"io/ioutil"
 	"net"
 	"net/http"
 	"os"
 	"strings"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 )

@@ -369,7 +369,7 @@ type dhcpSearchResult struct {
 // Respond with results
 func (s *Server) handleDHCPFindActiveServer(w http.ResponseWriter, r *http.Request) {
 	// This use of ReadAll is safe, because request's body is now limited.
-	body, err := io.ReadAll(r.Body)
+	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		msg := fmt.Sprintf("failed to read request body: %s", err)
 		log.Error(msg)
--- a/internal/dhcpd/iprange.go
+++ b/internal/dhcpd/iprange.go
@@ -6,7 +6,7 @@ import (
 	"math/big"
 	"net"

-	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/AdGuardHome/internal/agherr"
 )

 // ipRange is an inclusive range of IP addresses.  A nil range is a range that
@@ -28,7 +28,7 @@ const maxRangeLen = math.MaxUint32
 // newIPRange creates a new IP address range.  start must be less than end.  The
 // resulting range must not be greater than maxRangeLen.
 func newIPRange(start, end net.IP) (r *ipRange, err error) {
-	defer func() { err = errors.Annotate(err, "invalid ip range: %w") }()
+	defer agherr.Annotate("invalid ip range: %w", &err)

 	// Make sure that both are 16 bytes long to simplify handling in
 	// methods.
--- a/internal/dhcpd/options.go
+++ b/internal/dhcpd/options.go
@@ -7,7 +7,7 @@ import (
 	"strconv"
 	"strings"

-	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/AdGuardHome/internal/agherr"
 )

 // hexDHCPOptionParserHandler parses a DHCP option as a hex-encoded string.
@@ -32,7 +32,7 @@ func hexDHCPOptionParserHandler(s string) (data []byte, err error) {
 func ipDHCPOptionParserHandler(s string) (data []byte, err error) {
 	ip := net.ParseIP(s)
 	if ip == nil {
-		return nil, errors.Error("invalid ip")
+		return nil, agherr.Error("invalid ip")
 	}

 	// Most DHCP options require IPv4, so do not put the 16-byte
@@ -100,12 +100,12 @@ func newDHCPOptionParser() (p *dhcpOptionParser) {

 // parse parses an option.  See the handlers' documentation for more info.
 func (p *dhcpOptionParser) parse(s string) (code uint8, data []byte, err error) {
-	defer func() { err = errors.Annotate(err, "invalid option string %q: %w", s) }()
+	defer agherr.Annotate("invalid option string %q: %w", &err, s)

 	s = strings.TrimSpace(s)
 	parts := strings.SplitN(s, " ", 3)
 	if len(parts) < 3 {
-		return 0, nil, errors.Error("need at least three fields")
+		return 0, nil, agherr.Error("need at least three fields")
 	}

 	codeStr := parts[0]
--- a/internal/dhcpd/os_windows.go
+++ b/internal/dhcpd/os_windows.go
@@ -1,13 +1,13 @@
 package dhcpd

 import (
+	"errors"
 	"net"

-	"github.com/AdguardTeam/golibs/errors"
 	"golang.org/x/net/ipv4"
 )

 // Create a socket for receiving broadcast packets
 func newBroadcastPacketConn(bindAddr net.IP, port int, ifname string) (*ipv4.PacketConn, error) {
-	return nil, errors.Error("newBroadcastPacketConn(): not supported on Windows")
+	return nil, errors.New("newBroadcastPacketConn(): not supported on Windows")
 }
--- a/internal/dhcpd/v4.go
+++ b/internal/dhcpd/v4.go
@@ -1,7 +1,5 @@
 // +build aix darwin dragonfly freebsd linux netbsd openbsd solaris

-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-
 package dhcpd

 import (
@@ -12,9 +10,9 @@ import (
 	"sync"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/agherr"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghstrings"
-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/go-ping/ping"
 	"github.com/insomniacslk/dhcp/dhcpv4"
@@ -54,7 +52,7 @@ func (s *v4Server) WriteDiskConfig6(c *V6ServerConf) {
 // normalizeHostname normalizes a hostname sent by the client.  If err is not
 // nil, norm is an empty string.
 func normalizeHostname(hostname string) (norm string, err error) {
-	defer func() { err = errors.Annotate(err, "normalizing %q: %w", hostname) }()
+	defer agherr.Annotate("normalizing %q: %w", &err, hostname)

 	if hostname == "" {
 		return "", nil
@@ -248,7 +246,7 @@ func (s *v4Server) rmDynamicLease(lease *Lease) (err error) {

 		if bytes.Equal(l.HWAddr, lease.HWAddr) {
 			if l.IsStatic() {
-				return errors.Error("static lease already exists")
+				return agherr.Error("static lease already exists")
 			}

 			s.rmLeaseByIndex(i)
@@ -261,7 +259,7 @@ func (s *v4Server) rmDynamicLease(lease *Lease) (err error) {

 		if l.IP.Equal(lease.IP) {
 			if l.IsStatic() {
-				return errors.Error("static lease already exists")
+				return agherr.Error("static lease already exists")
 			}

 			s.rmLeaseByIndex(i)
@@ -321,12 +319,12 @@ func (s *v4Server) rmLease(lease Lease) (err error) {
 		}
 	}

-	return errors.Error("lease not found")
+	return agherr.Error("lease not found")
 }

 // AddStaticLease adds a static lease.  It is safe for concurrent use.
 func (s *v4Server) AddStaticLease(l Lease) (err error) {
-	defer func() { err = errors.Annotate(err, "dhcpv4: adding static lease: %w") }()
+	defer agherr.Annotate("dhcpv4: adding static lease: %w", &err)

 	if ip4 := l.IP.To4(); ip4 == nil {
 		return fmt.Errorf("invalid ip %q, only ipv4 is supported", l.IP)
@@ -396,7 +394,7 @@ func (s *v4Server) AddStaticLease(l Lease) (err error) {

 // RemoveStaticLease removes a static lease.  It is safe for concurrent use.
 func (s *v4Server) RemoveStaticLease(l Lease) (err error) {
-	defer func() { err = errors.Annotate(err, "dhcpv4: %w") }()
+	defer agherr.Annotate("dhcpv4: %w", &err)

 	if len(l.IP) != 4 {
 		return fmt.Errorf("invalid IP")
@@ -936,7 +934,7 @@ func (s *v4Server) packetHandler(conn net.PacketConn, peer net.Addr, req *dhcpv4

 // Start starts the IPv4 DHCP server.
 func (s *v4Server) Start() (err error) {
-	defer func() { err = errors.Annotate(err, "dhcpv4: %w") }()
+	defer agherr.Annotate("dhcpv4: %w", &err)

 	if !s.conf.Enabled {
 		return nil
@@ -974,11 +972,16 @@ func (s *v4Server) Start() (err error) {
 	log.Info("dhcpv4: listening")

 	go func() {
-		if serr := s.srv.Serve(); errors.Is(serr, net.ErrClosed) {
-			log.Info("dhcpv4: server is closed")
+		serr := s.srv.Serve()
+		// TODO(a.garipov): Uncomment in Go 1.16.
+		//
+		//   if errors.Is(serr, net.ErrClosed) {
+		//           log.Info("dhcpv4: server is closed")
+		//
+		//           return
+		//   }

-			return
-		} else if serr != nil {
+		if serr != nil {
 			log.Error("dhcpv4: srv.Serve: %s", serr)
 		}
 	}()
--- a/internal/dhcpd/v46.go
+++ b/internal/dhcpd/v46.go
@@ -84,42 +84,40 @@ func ifaceDNSIPAddrs(
 	backoff time.Duration,
 ) (addrs []net.IP, err error) {
 	var n int
+waitForIP:
 	for n = 1; n <= maxAttempts; n++ {
 		addrs, err = ifaceIPAddrs(iface, ipv)
 		if err != nil {
 			return nil, fmt.Errorf("getting ip addrs: %w", err)
 		}

-		if len(addrs) > 0 {
-			break
+		switch len(addrs) {
+		case 0:
+			log.Debug("dhcpv%d: attempt %d: no ip addresses", ipv, n)
+
+			time.Sleep(backoff)
+		case 1:
+			// Some Android devices use 8.8.8.8 if there is not
+			// a secondary DNS server.  Fix that by setting the
+			// secondary DNS address to the same address.
+			//
+			// See https://github.com/AdguardTeam/AdGuardHome/issues/1708.
+			log.Debug("dhcpv%d: setting secondary dns ip to itself", ipv)
+			addrs = append(addrs, addrs[0])
+
+			fallthrough
+		default:
+			break waitForIP
 		}
-
-		log.Debug("dhcpv%d: attempt %d: no ip addresses", ipv, n)
-
-		time.Sleep(backoff)
 	}

-	switch len(addrs) {
-	case 0:
+	if len(addrs) == 0 {
 		// Don't return errors in case the users want to try and enable
 		// the DHCP server later.
-		t := time.Duration(n) * backoff
-		log.Error("dhcpv%d: no ip for iface after %d attempts and %s", ipv, n, t)
-
-		return nil, nil
-	case 1:
-		// Some Android devices use 8.8.8.8 if there is not a secondary
-		// DNS server.  Fix that by setting the secondary DNS address to
-		// the same address.
-		//
-		// See https://github.com/AdguardTeam/AdGuardHome/issues/1708.
-		log.Debug("dhcpv%d: setting secondary dns ip to itself", ipv)
-		addrs = append(addrs, addrs[0])
-	default:
-		// Go on.
+		log.Error("dhcpv%d: no ip address for interface after %d attempts and %s", ipv, n, time.Duration(n)*backoff)
+	} else {
+		log.Debug("dhcpv%d: got addresses %s after %d attempts", ipv, addrs, n)
 	}

-	log.Debug("dhcpv%d: got addresses %s after %d attempts", ipv, addrs, n)
-
 	return addrs, nil
 }
--- a/internal/dhcpd/v46_test.go
+++ b/internal/dhcpd/v46_test.go
@@ -1,10 +1,11 @@
 package dhcpd

 import (
+	"errors"
 	"net"
 	"testing"

-	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/AdGuardHome/internal/agherr"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -24,7 +25,7 @@ func (iface *fakeIface) Addrs() (addrs []net.Addr, err error) {
 }

 func TestIfaceIPAddrs(t *testing.T) {
-	const errTest errors.Error = "test error"
+	const errTest agherr.Error = "test error"

 	ip4 := net.IP{1, 2, 3, 4}
 	addr4 := &net.IPNet{IP: ip4}
@@ -107,7 +108,7 @@ func (iface *waitingFakeIface) Addrs() (addrs []net.Addr, err error) {
 }

 func TestIfaceDNSIPAddrs(t *testing.T) {
-	const errTest errors.Error = "test error"
+	const errTest agherr.Error = "test error"

 	ip4 := net.IP{1, 2, 3, 4}
 	addr4 := &net.IPNet{IP: ip4}
--- a/internal/dhcpd/v46_windows.go
+++ b/internal/dhcpd/v46_windows.go
@@ -1,7 +1,5 @@
 // +build windows

-//go:build windows
-
 package dhcpd

 // 'u-root/u-root' package, a dependency of 'insomniacslk/dhcp' package, doesn't build on Windows
--- a/internal/dhcpd/v4_test.go
+++ b/internal/dhcpd/v4_test.go
@@ -1,7 +1,5 @@
 // +build aix darwin dragonfly freebsd linux netbsd openbsd solaris

-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-
 package dhcpd

 import (
--- a/internal/dhcpd/v6.go
+++ b/internal/dhcpd/v6.go
@@ -1,7 +1,5 @@
 // +build aix darwin dragonfly freebsd linux netbsd openbsd solaris

-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-
 package dhcpd

 import (
@@ -11,8 +9,8 @@ import (
 	"sync"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/agherr"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/insomniacslk/dhcp/dhcpv6"
 	"github.com/insomniacslk/dhcp/dhcpv6/server6"
@@ -66,8 +64,7 @@ func (s *v6Server) ResetLeases(ll []*Lease) {
 		if l.Expiry.Unix() != leaseExpireStatic &&
 			!ip6InRange(s.conf.ipStart, l.IP) {

-			log.Debug("dhcpv6: skipping a lease with IP %v: not within current IP range", l.IP)
-
+			log.Debug("DHCPv6: skipping a lease with IP %v: not within current IP range", l.IP)
 			continue
 		}

@@ -123,7 +120,7 @@ func (s *v6Server) FindMACbyIP(ip net.IP) net.HardwareAddr {
 // Remove (swap) lease by index
 func (s *v6Server) leaseRemoveSwapByIndex(i int) {
 	s.ipAddrs[s.leases[i].IP[15]] = 0
-	log.Debug("dhcpv6: removed lease %s", s.leases[i].HWAddr)
+	log.Debug("DHCPv6: removed lease %s", s.leases[i].HWAddr)

 	n := len(s.leases)
 	if i != n-1 {
@@ -165,7 +162,7 @@ func (s *v6Server) rmDynamicLease(lease Lease) error {

 // AddStaticLease adds a static lease.  It is safe for concurrent use.
 func (s *v6Server) AddStaticLease(l Lease) (err error) {
-	defer func() { err = errors.Annotate(err, "dhcpv6: %w") }()
+	defer agherr.Annotate("dhcpv6: %w", &err)

 	if len(l.IP) != 16 {
 		return fmt.Errorf("invalid IP")
@@ -194,7 +191,7 @@ func (s *v6Server) AddStaticLease(l Lease) (err error) {

 // RemoveStaticLease removes a static lease.  It is safe for concurrent use.
 func (s *v6Server) RemoveStaticLease(l Lease) (err error) {
-	defer func() { err = errors.Annotate(err, "dhcpv6: %w") }()
+	defer agherr.Annotate("dhcpv6: %w", &err)

 	if len(l.IP) != 16 {
 		return fmt.Errorf("invalid IP")
@@ -221,7 +218,7 @@ func (s *v6Server) RemoveStaticLease(l Lease) (err error) {
 func (s *v6Server) addLease(l *Lease) {
 	s.leases = append(s.leases, l)
 	s.ipAddrs[l.IP[15]] = 1
-	log.Debug("dhcpv6: added lease %s <-> %s", l.IP, l.HWAddr)
+	log.Debug("DHCPv6: added lease %s <-> %s", l.IP, l.HWAddr)
 }

 // Remove a lease with the same properties
@@ -322,7 +319,6 @@ func (s *v6Server) checkCID(msg *dhcpv6.Message) error {
 	if msg.Options.ClientID() == nil {
 		return fmt.Errorf("dhcpv6: no ClientID option in request")
 	}
-
 	return nil
 }

@@ -338,14 +334,15 @@ func (s *v6Server) checkSID(msg *dhcpv6.Message) error {
 		if sid != nil {
 			return fmt.Errorf("dhcpv6: drop packet: ServerID option in message %s", msg.Type().String())
 		}
+
 	case dhcpv6.MessageTypeRequest,
 		dhcpv6.MessageTypeRenew,
 		dhcpv6.MessageTypeRelease,
 		dhcpv6.MessageTypeDecline:
+
 		if sid == nil {
 			return fmt.Errorf("dhcpv6: drop packet: no ServerID option in message %s", msg.Type().String())
 		}
-
 		if !sid.Equal(s.sid) {
 			return fmt.Errorf("dhcpv6: drop packet: mismatched ServerID option in message %s: %s",
 				msg.Type().String(), sid.String())
@@ -418,14 +415,13 @@ func (s *v6Server) process(msg *dhcpv6.Message, req, resp dhcpv6.DHCPv6) bool {

 	mac, err := dhcpv6.ExtractMAC(req)
 	if err != nil {
-		log.Debug("dhcpv6: dhcpv6.ExtractMAC: %s", err)
-
+		log.Debug("DHCPv6: dhcpv6.ExtractMAC: %s", err)
 		return false
 	}

 	lease := s.findLease(mac)
 	if lease == nil {
-		log.Debug("dhcpv6: no lease for: %s", mac)
+		log.Debug("DHCPv6: no lease for: %s", mac)

 		switch msg.Type() {

@@ -442,8 +438,7 @@ func (s *v6Server) process(msg *dhcpv6.Message, req, resp dhcpv6.DHCPv6) bool {

 	err = s.checkIA(msg, lease)
 	if err != nil {
-		log.Debug("dhcpv6: %s", err)
-
+		log.Debug("DHCPv6: %s", err)
 		return false
 	}

@@ -500,12 +495,11 @@ func (s *v6Server) process(msg *dhcpv6.Message, req, resp dhcpv6.DHCPv6) bool {
 func (s *v6Server) packetHandler(conn net.PacketConn, peer net.Addr, req dhcpv6.DHCPv6) {
 	msg, err := req.GetInnerMessage()
 	if err != nil {
-		log.Error("dhcpv6: %s", err)
-
+		log.Error("DHCPv6: %s", err)
 		return
 	}

-	log.Debug("dhcpv6: received: %s", req.Summary())
+	log.Debug("DHCPv6: received: %s", req.Summary())

 	err = s.checkCID(msg)
 	if err != nil {
@@ -525,11 +519,10 @@ func (s *v6Server) packetHandler(conn net.PacketConn, peer net.Addr, req dhcpv6.
 	case dhcpv6.MessageTypeSolicit:
 		if msg.GetOneOption(dhcpv6.OptionRapidCommit) == nil {
 			resp, err = dhcpv6.NewAdvertiseFromSolicit(msg)
-
 			break
 		}
+		fallthrough

-		resp, err = dhcpv6.NewReplyFromMessage(msg)
 	case dhcpv6.MessageTypeRequest,
 		dhcpv6.MessageTypeConfirm,
 		dhcpv6.MessageTypeRenew,
@@ -537,14 +530,14 @@ func (s *v6Server) packetHandler(conn net.PacketConn, peer net.Addr, req dhcpv6.
 		dhcpv6.MessageTypeRelease,
 		dhcpv6.MessageTypeInformationRequest:
 		resp, err = dhcpv6.NewReplyFromMessage(msg)
-	default:
-		log.Error("dhcpv6: message type %d not supported", msg.Type())

+	default:
+		log.Error("DHCPv6: message type %d not supported", msg.Type())
 		return
 	}
-	if err != nil {
-		log.Error("dhcpv6: %s", err)

+	if err != nil {
+		log.Error("DHCPv6: %s", err)
 		return
 	}

@@ -552,12 +545,11 @@ func (s *v6Server) packetHandler(conn net.PacketConn, peer net.Addr, req dhcpv6.

 	_ = s.process(msg, req, resp)

-	log.Debug("dhcpv6: sending: %s", resp.Summary())
+	log.Debug("DHCPv6: sending: %s", resp.Summary())

 	_, err = conn.WriteTo(resp.ToBytes(), peer)
 	if err != nil {
-		log.Error("dhcpv6: conn.Write to %s failed: %s", peer, err)
-
+		log.Error("DHCPv6: conn.Write to %s failed: %s", peer, err)
 		return
 	}
 }
@@ -585,7 +577,7 @@ func (s *v6Server) initRA(iface *net.Interface) error {

 // Start starts the IPv6 DHCP server.
 func (s *v6Server) Start() (err error) {
-	defer func() { err = errors.Annotate(err, "dhcpv6: %w") }()
+	defer agherr.Annotate("dhcpv6: %w", &err)

 	if !s.conf.Enabled {
 		return nil
@@ -666,10 +658,10 @@ func (s *v6Server) Stop() {
 		return
 	}

-	log.Debug("dhcpv6: stopping")
+	log.Debug("DHCPv6: stopping")
 	err = s.srv.Close()
 	if err != nil {
-		log.Error("dhcpv6: srv.Close: %s", err)
+		log.Error("DHCPv6: srv.Close: %s", err)
 	}

 	// now server.Serve() will return
--- a/internal/dhcpd/v6_test.go
+++ b/internal/dhcpd/v6_test.go
@@ -1,7 +1,5 @@
 // +build aix darwin dragonfly freebsd linux netbsd openbsd solaris

-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-
 package dhcpd

 import (
--- a/internal/dnsfilter/README.md
+++ b/internal/dnsfilter/README.md
@@ -3,7 +3,7 @@
 Example use:
 ```bash
 [ -z "$GOPATH" ] && export GOPATH=$HOME/go
-go get -d github.com/AdguardTeam/AdGuardHome/filtering
+go get -d github.com/AdguardTeam/AdGuardHome/dnsfilter
 ```

 Create file filter.go
@@ -11,12 +11,12 @@ Create file filter.go
 package main

 import (
-    "github.com/AdguardTeam/AdGuardHome/filtering"
+    "github.com/AdguardTeam/AdGuardHome/dnsfilter"
    "log"
 )

 func main() {
-    filter := filtering.New()
+    filter := dnsfilter.New()
    filter.AddRule("||dou*ck.net^")
    host := "www.doubleclick.net"
    res, err := filter.CheckHost(host)
@@ -48,12 +48,12 @@ You can also enable checking against AdGuard's SafeBrowsing:
 package main

 import (
-    "github.com/AdguardTeam/AdGuardHome/filtering"
+    "github.com/AdguardTeam/AdGuardHome/dnsfilter"
    "log"
 )

 func main() {
-    filter := filtering.New()
+    filter := dnsfilter.New()
    filter.EnableSafeBrowsing()
    host := "wmconvirus.narod.ru" // hostname for testing safebrowsing
    res, err := filter.CheckHost(host)
--- a/internal/dnsfilter/blocked.go
+++ b/internal/dnsfilter/blocked.go
@@ -1,4 +1,4 @@
-package filtering
+package dnsfilter

 import (
 	"encoding/json"
@@ -254,7 +254,7 @@ func BlockedSvcKnown(s string) bool {
 }

 // ApplyBlockedServices - set blocked services settings for this DNS request
-func (d *DNSFilter) ApplyBlockedServices(setts *Settings, list []string, global bool) {
+func (d *DNSFilter) ApplyBlockedServices(setts *FilteringSettings, list []string, global bool) {
 	setts.ServicesRules = []ServiceEntry{}
 	if global {
 		d.confLock.RLock()
--- a/internal/dnsfilter/blocked_test.go
+++ b/internal/dnsfilter/blocked_test.go
@@ -1,8 +1,6 @@
 // +build ignore

-//go:build ignore
-
-package filtering
+package dnsfilter

 import (
 	"fmt"
@@ -16,7 +14,7 @@ import (
 // client/src/components/ui/Icons.js
 //
 // Usage:
-// 1. go run ./internal/filtering/blocked_test.go
+// 1. go run ./internal/dnsfilter/blocked_test.go
 // 2. Use the output to replace `SERVICES` array in "client/src/helpers/constants.js".
 // 3. You'll need to enter services names manually.
 // 4. Don't forget to add missing icons to "client/src/components/ui/Icons.js".
--- a/internal/dnsfilter/dnsfilter.go
+++ b/internal/dnsfilter/dnsfilter.go
@@ -1,9 +1,10 @@
-// Package filtering implements a DNS request and response filter.
-package filtering
+// Package dnsfilter implements a DNS request and response filter.
+package dnsfilter

 import (
 	"context"
 	"fmt"
+	"io/ioutil"
 	"net"
 	"net/http"
 	"os"
@@ -11,7 +12,6 @@ import (
 	"runtime/debug"
 	"strings"
 	"sync"
-	"sync/atomic"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghstrings"
@@ -30,8 +30,8 @@ type ServiceEntry struct {
 	Rules []*rules.NetworkRule
 }

-// Settings are custom filtering settings for a client.
-type Settings struct {
+// FilteringSettings are custom filtering settings for a client.
+type FilteringSettings struct {
 	ClientName string
 	ClientIP   net.IP
 	ClientTags []string
@@ -51,11 +51,6 @@ type Resolver interface {

 // Config allows you to configure DNS filtering with New() or just change variables directly.
 type Config struct {
-	// enabled is used to be returned within Settings.
-	//
-	// It is of type uint32 to be accessed by atomic.
-	enabled uint32
-
 	ParentalEnabled     bool `yaml:"parental_enabled"`
 	SafeSearchEnabled   bool `yaml:"safesearch_enabled"`
 	SafeBrowsingEnabled bool `yaml:"safebrowsing_enabled"`
@@ -107,7 +102,7 @@ type filtersInitializerParams struct {
 }

 type hostChecker struct {
-	check func(host string, qtype uint16, setts *Settings) (res Result, err error)
+	check func(host string, qtype uint16, setts *FilteringSettings) (res Result, err error)
 	name  string
 }

@@ -124,8 +119,7 @@ type DNSFilter struct {
 	parentalUpstream     upstream.Upstream
 	safeBrowsingUpstream upstream.Upstream

-	Config // for direct access by library users, even a = assignment
-	// confLock protects Config.
+	Config   // for direct access by library users, even a = assignment
 	confLock sync.RWMutex

 	// Channel for passing data to filters-initializer goroutine
@@ -230,26 +224,15 @@ func (r Reason) In(reasons ...Reason) bool {
 	return false
 }

-// SetEnabled sets the status of the *DNSFilter.
-func (d *DNSFilter) SetEnabled(enabled bool) {
-	var i int32
-	if enabled {
-		i = 1
-	}
-	atomic.StoreUint32(&d.enabled, uint32(i))
-}
-
 // GetConfig - get configuration
-func (d *DNSFilter) GetConfig() (s Settings) {
-	d.confLock.RLock()
-	defer d.confLock.RUnlock()
-
-	return Settings{
-		FilteringEnabled:    atomic.LoadUint32(&d.Config.enabled) == 1,
-		SafeSearchEnabled:   d.Config.SafeSearchEnabled,
-		SafeBrowsingEnabled: d.Config.SafeBrowsingEnabled,
-		ParentalEnabled:     d.Config.ParentalEnabled,
-	}
+func (d *DNSFilter) GetConfig() FilteringSettings {
+	c := FilteringSettings{}
+	// d.confLock.RLock()
+	c.SafeSearchEnabled = d.Config.SafeSearchEnabled
+	c.SafeBrowsingEnabled = d.Config.SafeBrowsingEnabled
+	c.ParentalEnabled = d.Config.ParentalEnabled
+	// d.confLock.RUnlock()
+	return c
 }

 // WriteDiskConfig - write configuration
@@ -322,14 +305,14 @@ func (d *DNSFilter) reset() {
 	if d.rulesStorage != nil {
 		err = d.rulesStorage.Close()
 		if err != nil {
-			log.Error("filtering: rulesStorage.Close: %s", err)
+			log.Error("dnsfilter: rulesStorage.Close: %s", err)
 		}
 	}

 	if d.rulesStorageAllow != nil {
 		err = d.rulesStorageAllow.Close()
 		if err != nil {
-			log.Error("filtering: rulesStorageAllow.Close: %s", err)
+			log.Error("dnsfilter: rulesStorageAllow.Close: %s", err)
 		}
 	}
 }
@@ -340,7 +323,7 @@ type dnsFilterContext struct {
 	safeSearchCache   cache.Cache
 }

-var gctx dnsFilterContext
+var gctx dnsFilterContext // global dnsfilter context

 // ResultRule contains information about applied rules.
 type ResultRule struct {
@@ -398,7 +381,7 @@ func (r Reason) Matched() bool {
 }

 // CheckHostRules tries to match the host against filtering rules only.
-func (d *DNSFilter) CheckHostRules(host string, qtype uint16, setts *Settings) (Result, error) {
+func (d *DNSFilter) CheckHostRules(host string, qtype uint16, setts *FilteringSettings) (Result, error) {
 	if !setts.FilteringEnabled {
 		return Result{}, nil
 	}
@@ -411,7 +394,7 @@ func (d *DNSFilter) CheckHostRules(host string, qtype uint16, setts *Settings) (
 func (d *DNSFilter) CheckHost(
 	host string,
 	qtype uint16,
-	setts *Settings,
+	setts *FilteringSettings,
 ) (res Result, err error) {
 	// Sometimes clients try to resolve ".", which is a request to get root
 	// servers.
@@ -445,7 +428,7 @@ func (d *DNSFilter) CheckHost(
 func (d *DNSFilter) checkEtcHosts(
 	host string,
 	qtype uint16,
-	_ *Settings,
+	_ *FilteringSettings,
 ) (res Result, err error) {
 	if d.Config.EtcHosts == nil {
 		return Result{}, nil
@@ -541,7 +524,7 @@ func (d *DNSFilter) processRewrites(host string, qtype uint16) (res Result) {
 func matchBlockedServicesRules(
 	host string,
 	_ uint16,
-	setts *Settings,
+	setts *FilteringSettings,
 ) (res Result, err error) {
 	svcs := setts.ServicesRules
 	if len(svcs) == 0 {
@@ -603,16 +586,16 @@ func createFilteringEngine(filters []Filter) (*filterlist.RuleStorage, *urlfilte
 			// On Windows we don't pass a file to urlfilter because
 			// it's difficult to update this file while it's being
 			// used.
-			data, err := os.ReadFile(f.FilePath)
+			data, err := ioutil.ReadFile(f.FilePath)
 			if err != nil {
-				return nil, nil, fmt.Errorf("reading filter content: %w", err)
+				return nil, nil, fmt.Errorf("ioutil.ReadFile(): %s: %w", f.FilePath, err)
 			}
-
 			list = &filterlist.StringRuleList{
 				ID:             int(f.ID),
 				RulesText:      string(data),
 				IgnoreCosmetic: true,
 			}
+
 		} else {
 			var err error
 			list, err = filterlist.NewFileRuleList(int(f.ID), f.FilePath, true)
@@ -733,7 +716,7 @@ func (d *DNSFilter) matchHostProcessDNSResult(
 func (d *DNSFilter) matchHost(
 	host string,
 	qtype uint16,
-	setts *Settings,
+	setts *FilteringSettings,
 ) (res Result, err error) {
 	if !setts.FilteringEnabled {
 		return Result{}, nil
@@ -869,7 +852,7 @@ func New(c *Config, blockFilters []Filter) *DNSFilter {

 	err := d.initSecurityServices()
 	if err != nil {
-		log.Error("filtering: initialize services: %s", err)
+		log.Error("dnsfilter: initialize services: %s", err)
 		return nil
 	}

--- a/internal/dnsfilter/dnsfilter_test.go
+++ b/internal/dnsfilter/dnsfilter_test.go
@@ -1,4 +1,4 @@
-package filtering
+package dnsfilter

 import (
 	"bytes"
@@ -21,7 +21,7 @@ func TestMain(m *testing.M) {
 	aghtest.DiscardLogOutput(m)
 }

-var setts Settings
+var setts FilteringSettings

 // Helpers.

@@ -38,7 +38,7 @@ func purgeCaches() {
 }

 func newForTest(c *Config, filters []Filter) *DNSFilter {
-	setts = Settings{
+	setts = FilteringSettings{
 		FilteringEnabled: true,
 	}
 	setts.FilteringEnabled = true
@@ -699,7 +699,7 @@ func TestWhitelist(t *testing.T) {

 // Client Settings.

-func applyClientSettings(setts *Settings) {
+func applyClientSettings(setts *FilteringSettings) {
 	setts.FilteringEnabled = false
 	setts.ParentalEnabled = false
 	setts.SafeBrowsingEnabled = true
--- a/internal/dnsfilter/dnsrewrite.go
+++ b/internal/dnsfilter/dnsrewrite.go
@@ -1,4 +1,4 @@
-package filtering
+package dnsfilter

 import (
 	"github.com/AdguardTeam/urlfilter/rules"
--- a/internal/dnsfilter/dnsrewrite_test.go
+++ b/internal/dnsfilter/dnsrewrite_test.go
@@ -1,4 +1,4 @@
-package filtering
+package dnsfilter

 import (
 	"net"
@@ -47,7 +47,7 @@ func TestDNSFilter_CheckHostRules_dnsrewrite(t *testing.T) {
 `

 	f := newForTest(nil, []Filter{{ID: 0, Data: []byte(text)}})
-	setts := &Settings{
+	setts := &FilteringSettings{
 		FilteringEnabled: true,
 	}

--- a/internal/dnsfilter/rewrites.go
+++ b/internal/dnsfilter/rewrites.go
@@ -1,6 +1,6 @@
 // DNS Rewrites

-package filtering
+package dnsfilter

 import (
 	"encoding/json"
--- a/internal/dnsfilter/rewrites_test.go
+++ b/internal/dnsfilter/rewrites_test.go
@@ -1,4 +1,4 @@
-package filtering
+package dnsfilter

 import (
 	"net"
--- a/internal/dnsfilter/safebrowsing.go
+++ b/internal/dnsfilter/safebrowsing.go
@@ -1,4 +1,4 @@
-package filtering
+package dnsfilter

 import (
 	"bytes"
@@ -304,7 +304,7 @@ func check(c *sbCtx, r Result, u upstream.Upstream) (Result, error) {
 func (d *DNSFilter) checkSafeBrowsing(
 	host string,
 	_ uint16,
-	setts *Settings,
+	setts *FilteringSettings,
 ) (res Result, err error) {
 	if !setts.SafeBrowsingEnabled {
 		return Result{}, nil
@@ -337,7 +337,7 @@ func (d *DNSFilter) checkSafeBrowsing(
 func (d *DNSFilter) checkParental(
 	host string,
 	_ uint16,
-	setts *Settings,
+	setts *FilteringSettings,
 ) (res Result, err error) {
 	if !setts.ParentalEnabled {
 		return Result{}, nil
--- a/internal/dnsfilter/safebrowsing_test.go
+++ b/internal/dnsfilter/safebrowsing_test.go
@@ -1,4 +1,4 @@
-package filtering
+package dnsfilter

 import (
 	"crypto/sha256"
@@ -116,7 +116,7 @@ func TestSBPC_checkErrorUpstream(t *testing.T) {
 	d.SetSafeBrowsingUpstream(ups)
 	d.SetParentalUpstream(ups)

-	setts := &Settings{
+	setts := &FilteringSettings{
 		SafeBrowsingEnabled: true,
 		ParentalEnabled:     true,
 	}
@@ -134,7 +134,7 @@ func TestSBPC(t *testing.T) {

 	const hostname = "example.org"

-	setts := &Settings{
+	setts := &FilteringSettings{
 		SafeBrowsingEnabled: true,
 		ParentalEnabled:     true,
 	}
@@ -142,7 +142,7 @@ func TestSBPC(t *testing.T) {
 	testCases := []struct {
 		name      string
 		block     bool
-		testFunc  func(host string, _ uint16, _ *Settings) (res Result, err error)
+		testFunc  func(host string, _ uint16, _ *FilteringSettings) (res Result, err error)
 		testCache cache.Cache
 	}{{
 		name:      "sb_no_block",
--- a/internal/dnsfilter/safesearch.go
+++ b/internal/dnsfilter/safesearch.go
@@ -1,4 +1,4 @@
-package filtering
+package dnsfilter

 import (
 	"bytes"
@@ -72,7 +72,7 @@ func (d *DNSFilter) SafeSearchDomain(host string) (string, bool) {
 func (d *DNSFilter) checkSafeSearch(
 	host string,
 	_ uint16,
-	setts *Settings,
+	setts *FilteringSettings,
 ) (res Result, err error) {
 	if !setts.SafeSearchEnabled {
 		return Result{}, nil
--- a/internal/dnsfilter/tests/dns.txt
+++ b/internal/dnsfilter/tests/dns.txt
--- a/internal/dnsforward/access.go
+++ b/internal/dnsforward/access.go
@@ -129,12 +129,10 @@ func (a *accessCtx) IsBlockedIP(ip net.IP) (bool, string) {
 }

 // IsBlockedDomain - return TRUE if this domain should be blocked
-func (a *accessCtx) IsBlockedDomain(host string) (ok bool) {
+func (a *accessCtx) IsBlockedDomain(host string) bool {
 	a.lock.Lock()
-	defer a.lock.Unlock()
-
-	_, ok = a.blockedHostsEngine.Match(strings.ToLower(host))
-
+	_, ok := a.blockedHostsEngine.Match(host)
+	a.lock.Unlock()
 	return ok
 }

@@ -144,19 +142,14 @@ type accessListJSON struct {
 	BlockedHosts      []string `json:"blocked_hosts"`
 }

-func (s *Server) accessListJSON() (j accessListJSON) {
-	s.serverLock.RLock()
-	defer s.serverLock.RUnlock()
-
-	return accessListJSON{
-		AllowedClients:    aghstrings.CloneSlice(s.conf.AllowedClients),
-		DisallowedClients: aghstrings.CloneSlice(s.conf.DisallowedClients),
-		BlockedHosts:      aghstrings.CloneSlice(s.conf.BlockedHosts),
-	}
-}
-
 func (s *Server) handleAccessList(w http.ResponseWriter, r *http.Request) {
-	j := s.accessListJSON()
+	s.RLock()
+	j := accessListJSON{
+		AllowedClients:    s.conf.AllowedClients,
+		DisallowedClients: s.conf.DisallowedClients,
+		BlockedHosts:      s.conf.BlockedHosts,
+	}
+	s.RUnlock()

 	w.Header().Set("Content-Type", "application/json")
 	err := json.NewEncoder(w).Encode(j)
@@ -207,16 +200,14 @@ func (s *Server) handleAccessSet(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	defer log.Debug("Access: updated lists: %d, %d, %d",
-		len(j.AllowedClients), len(j.DisallowedClients), len(j.BlockedHosts))
-
-	defer s.conf.ConfigModified()
-
-	s.serverLock.Lock()
-	defer s.serverLock.Unlock()
-
+	s.Lock()
 	s.conf.AllowedClients = j.AllowedClients
 	s.conf.DisallowedClients = j.DisallowedClients
 	s.conf.BlockedHosts = j.BlockedHosts
 	s.access = a
+	s.Unlock()
+	s.conf.ConfigModified()
+
+	log.Debug("Access: updated lists: %d, %d, %d",
+		len(j.AllowedClients), len(j.DisallowedClients), len(j.BlockedHosts))
 }
--- a/internal/dnsforward/clientid.go
+++ b/internal/dnsforward/clientid.go
@@ -2,13 +2,13 @@ package dnsforward

 import (
 	"crypto/tls"
+	"errors"
 	"fmt"
 	"path"
 	"strings"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/dnsproxy/proxy"
-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/lucas-clemente/quic-go"
 )

--- a/internal/dnsforward/config.go
+++ b/internal/dnsforward/config.go
@@ -3,19 +3,17 @@ package dnsforward
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"errors"
 	"fmt"
+	"io/ioutil"
 	"net"
 	"net/http"
-	"os"
 	"sort"
-	"strings"

-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghstrings"
-	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
+	"github.com/AdguardTeam/AdGuardHome/internal/dnsfilter"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/ameshkov/dnscrypt/v2"
 )
@@ -27,17 +25,18 @@ type FilteringConfig struct {
 	// --

 	// FilterHandler is an optional additional filtering callback.
-	FilterHandler func(clientAddr net.IP, clientID string, settings *filtering.Settings) `yaml:"-"`
+	FilterHandler func(clientAddr net.IP, clientID string, settings *dnsfilter.FilteringSettings) `yaml:"-"`

-	// GetCustomUpstreamByClient is a callback that returns upstreams
-	// configuration based on the client IP address or ClientID.  It returns
-	// nil if there are no custom upstreams for the client.
-	GetCustomUpstreamByClient func(id string) (conf *proxy.UpstreamConfig, err error) `yaml:"-"`
+	// GetCustomUpstreamByClient - a callback function that returns upstreams configuration
+	// based on the client IP address. Returns nil if there are no custom upstreams for the client
+	//
+	// TODO(e.burkov): Replace argument type with net.IP.
+	GetCustomUpstreamByClient func(clientAddr string) *proxy.UpstreamConfig `yaml:"-"`

 	// Protection configuration
 	// --

-	ProtectionEnabled  bool   `yaml:"protection_enabled"`   // whether or not use any of filtering features
+	ProtectionEnabled  bool   `yaml:"protection_enabled"`   // whether or not use any of dnsfilter features
 	BlockingMode       string `yaml:"blocking_mode"`        // mode how to answer filtered requests
 	BlockingIPv4       net.IP `yaml:"blocking_ipv4"`        // IP address to be returned for a blocked A request
 	BlockingIPv6       net.IP `yaml:"blocking_ipv6"`        // IP address to be returned for a blocked AAAA request
@@ -154,10 +153,6 @@ type ServerConfig struct {
 	// ResolveClients signals if the RDNS should resolve clients' addresses.
 	ResolveClients bool

-	// UsePrivateRDNS defines if the PTR requests for unknown addresses from
-	// locally-served networks should be resolved via private PTR resolvers.
-	UsePrivateRDNS bool
-
 	// LocalPTRResolvers is a slice of addresses to be used as upstreams for
 	// resolving PTR queries for local addresses.
 	LocalPTRResolvers []string
@@ -225,7 +220,7 @@ func (s *Server) createProxyConfig() (proxy.Config, error) {

 	// Validate proxy config
 	if proxyConfig.UpstreamConfig == nil || len(proxyConfig.UpstreamConfig.Upstreams) == 0 {
-		return proxyConfig, errors.Error("no default upstream servers configured")
+		return proxyConfig, errors.New("no default upstream servers configured")
 	}

 	return proxyConfig, nil
@@ -280,7 +275,7 @@ func (s *Server) prepareUpstreamSettings() error {
 	// Load upstreams either from the file, or from the settings
 	var upstreams []string
 	if s.conf.UpstreamDNSFileName != "" {
-		data, err := os.ReadFile(s.conf.UpstreamDNSFileName)
+		data, err := ioutil.ReadFile(s.conf.UpstreamDNSFileName)
 		if err != nil {
 			return err
 		}
@@ -385,51 +380,10 @@ func (s *Server) prepareTLS(proxyConfig *proxy.Config) error {
 	return nil
 }

-// isInSorted returns true if s is in the sorted slice strs.
-func isInSorted(strs []string, s string) (ok bool) {
-	i := sort.SearchStrings(strs, s)
-	if i == len(strs) || strs[i] != s {
-		return false
-	}
-
-	return true
-}
-
-// isWildcard returns true if host is a wildcard hostname.
-func isWildcard(host string) (ok bool) {
-	return len(host) >= 2 && host[0] == '*' && host[1] == '.'
-}
-
-// matchesDomainWildcard returns true if host matches the domain wildcard
-// pattern pat.
-func matchesDomainWildcard(host, pat string) (ok bool) {
-	return isWildcard(pat) && strings.HasSuffix(host, pat[1:])
-}
-
-// anyNameMatches returns true if sni, the client's SNI value, matches any of
-// the DNS names and patterns from certificate.  dnsNames must be sorted.
-func anyNameMatches(dnsNames []string, sni string) (ok bool) {
-	if aghnet.ValidateDomainName(sni) != nil {
-		return false
-	}
-
-	if isInSorted(dnsNames, sni) {
-		return true
-	}
-
-	for _, dn := range dnsNames {
-		if matchesDomainWildcard(sni, dn) {
-			return true
-		}
-	}
-
-	return false
-}
-
 // Called by 'tls' package when Client Hello is received
 // If the server name (from SNI) supplied by client is incorrect - we terminate the ongoing TLS handshake.
 func (s *Server) onGetCertificate(ch *tls.ClientHelloInfo) (*tls.Certificate, error) {
-	if s.conf.StrictSNICheck && !anyNameMatches(s.conf.dnsNames, ch.ServerName) {
+	if s.conf.StrictSNICheck && !matchDNSName(s.conf.dnsNames, ch.ServerName) {
 		log.Info("dns: tls: unknown SNI in Client Hello: %s", ch.ServerName)
 		return nil, fmt.Errorf("invalid SNI")
 	}
--- a/internal/dnsforward/config_test.go
+++ b/internal/dnsforward/config_test.go
@@ -1,53 +0,0 @@
-package dnsforward
-
-import (
-	"sort"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestAnyNameMatches(t *testing.T) {
-	dnsNames := []string{"host1", "*.host2", "1.2.3.4"}
-	sort.Strings(dnsNames)
-
-	testCases := []struct {
-		name    string
-		dnsName string
-		want    bool
-	}{{
-		name:    "match",
-		dnsName: "host1",
-		want:    true,
-	}, {
-		name:    "match",
-		dnsName: "a.host2",
-		want:    true,
-	}, {
-		name:    "match",
-		dnsName: "b.a.host2",
-		want:    true,
-	}, {
-		name:    "match",
-		dnsName: "1.2.3.4",
-		want:    true,
-	}, {
-		name:    "mismatch",
-		dnsName: "host2",
-		want:    false,
-	}, {
-		name:    "mismatch",
-		dnsName: "",
-		want:    false,
-	}, {
-		name:    "mismatch",
-		dnsName: "*.host2",
-		want:    false,
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			assert.Equal(t, tc.want, anyNameMatches(dnsNames, tc.dnsName))
-		})
-	}
-}
--- a/internal/dnsforward/dns.go
+++ b/internal/dnsforward/dns.go
@@ -6,9 +6,8 @@ import (
 	"time"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
-	"github.com/AdguardTeam/AdGuardHome/internal/aghstrings"
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
-	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
+	"github.com/AdguardTeam/AdGuardHome/internal/dnsfilter"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/miekg/dns"
@@ -21,9 +20,9 @@ type dnsContext struct {
 	srv      *Server
 	proxyCtx *proxy.DNSContext
 	// setts are the filtering settings for the client.
-	setts     *filtering.Settings
+	setts     *dnsfilter.FilteringSettings
 	startTime time.Time
-	result    *filtering.Result
+	result    *dnsfilter.Result
 	// origResp is the response received from upstream.  It is set when the
 	// response is modified by filters.
 	origResp *dns.Msg
@@ -71,7 +70,7 @@ func (s *Server) handleDNSRequest(_ *proxy.Proxy, d *proxy.DNSContext) error {
 	ctx := &dnsContext{
 		srv:       s,
 		proxyCtx:  d,
-		result:    &filtering.Result{},
+		result:    &dnsfilter.Result{},
 		startTime: time.Now(),
 	}

@@ -83,7 +82,6 @@ func (s *Server) handleDNSRequest(_ *proxy.Proxy, d *proxy.DNSContext) error {
 	// (*proxy.Proxy).handleDNSRequest method performs it before calling the
 	// appropriate handler.
 	mods := []modProcessFunc{
-		s.processRecursion,
 		processInitial,
 		s.processDetermineLocal,
 		s.processInternalHosts,
@@ -92,7 +90,7 @@ func (s *Server) handleDNSRequest(_ *proxy.Proxy, d *proxy.DNSContext) error {
 		processClientID,
 		processFilteringBeforeRequest,
 		s.processLocalPTR,
-		s.processUpstream,
+		processUpstream,
 		processDNSSECAfterResponse,
 		processFilteringAfterResponse,
 		s.ipset.process,
@@ -118,22 +116,6 @@ func (s *Server) handleDNSRequest(_ *proxy.Proxy, d *proxy.DNSContext) error {
 	return nil
 }

-// processRecursion checks the incoming request and halts it's handling if s
-// have tried to resolve it recently.
-func (s *Server) processRecursion(dctx *dnsContext) (rc resultCode) {
-	pctx := dctx.proxyCtx
-
-	if msg := pctx.Req; msg != nil && s.recDetector.check(*msg) {
-		log.Debug("recursion detected resolving %q", msg.Question[0].Name)
-		pctx.Res = s.genNXDomain(pctx.Req)
-
-		return resultCodeFinish
-
-	}
-
-	return resultCodeSuccess
-}
-
 // Perform initial checks;  process WHOIS & rDNS
 func processInitial(ctx *dnsContext) (rc resultCode) {
 	s := ctx.srv
@@ -230,7 +212,7 @@ func (s *Server) processDetermineLocal(dctx *dnsContext) (rc resultCode) {
 	rc = resultCodeSuccess

 	var ip net.IP
-	if ip = aghnet.IPFromAddr(dctx.proxyCtx.Addr); ip == nil {
+	if ip = IPFromAddr(dctx.proxyCtx.Addr); ip == nil {
 		return rc
 	}

@@ -432,26 +414,20 @@ func (s *Server) processLocalPTR(ctx *dnsContext) (rc resultCode) {
 		return resultCodeSuccess
 	}

-	s.serverLock.RLock()
-	defer s.serverLock.RUnlock()
-
 	if !s.subnetDetector.IsLocallyServedNetwork(ip) {
 		return resultCodeSuccess
 	}

-	if s.conf.UsePrivateRDNS {
-		s.recDetector.add(*d.Req)
-		if err := s.localResolvers.Resolve(d); err != nil {
-			ctx.err = err
+	err := s.localResolvers.Resolve(d)
+	if err != nil {
+		ctx.err = err

-			return resultCodeError
-		}
+		return resultCodeError
 	}

 	if d.Res == nil {
 		d.Res = s.genNXDomain(d.Req)

-		// Do not even put into query log.
 		return resultCodeFinish
 	}

@@ -467,20 +443,24 @@ func processFilteringBeforeRequest(ctx *dnsContext) (rc resultCode) {
 		return resultCodeSuccess // response is already set - nothing to do
 	}

-	s.serverLock.RLock()
-	defer s.serverLock.RUnlock()
-
-	ctx.protectionEnabled = s.conf.ProtectionEnabled && s.dnsFilter != nil
-	if !ctx.protectionEnabled {
-		return resultCodeSuccess
-	}
-
-	if ctx.setts == nil {
-		ctx.setts = s.getClientRequestFilteringSettings(ctx)
-	}
+	s.RLock()
+	// Synchronize access to s.dnsFilter so it won't be suddenly uninitialized while in use.
+	// This could happen after proxy server has been stopped, but its workers are not yet exited.
+	//
+	// A better approach is for proxy.Stop() to wait until all its workers exit,
+	//  but this would require the Upstream interface to have Close() function
+	//  (to prevent from hanging while waiting for unresponsive DNS server to respond).

 	var err error
-	ctx.result, err = s.filterDNSRequest(ctx)
+	ctx.protectionEnabled = s.conf.ProtectionEnabled && s.dnsFilter != nil
+	if ctx.protectionEnabled {
+		if ctx.setts == nil {
+			ctx.setts = s.getClientRequestFilteringSettings(ctx)
+		}
+		ctx.result, err = s.filterDNSRequest(ctx)
+	}
+	s.RUnlock()
+
 	if err != nil {
 		ctx.err = err

@@ -490,40 +470,28 @@ func processFilteringBeforeRequest(ctx *dnsContext) (rc resultCode) {
 	return resultCodeSuccess
 }

-// ipStringFromAddr extracts an IP address string from net.Addr.
-func ipStringFromAddr(addr net.Addr) (ipStr string) {
-	if ip := aghnet.IPFromAddr(addr); ip != nil {
-		return ip.String()
-	}
-
-	return ""
-}
-
 // processUpstream passes request to upstream servers and handles the response.
-func (s *Server) processUpstream(ctx *dnsContext) (rc resultCode) {
+func processUpstream(ctx *dnsContext) (rc resultCode) {
+	s := ctx.srv
 	d := ctx.proxyCtx
 	if d.Res != nil {
 		return resultCodeSuccess // response is already set - nothing to do
 	}

 	if d.Addr != nil && s.conf.GetCustomUpstreamByClient != nil {
-		// Use the clientID first, since it has a higher priority.
-		id := aghstrings.Coalesce(ctx.clientID, ipStringFromAddr(d.Addr))
-		upsConf, err := s.conf.GetCustomUpstreamByClient(id)
-		if err != nil {
-			log.Error("dns: getting custom upstreams for client %s: %s", id, err)
-		} else if upsConf != nil {
-			log.Debug("dns: using custom upstreams for client %s", id)
-			d.CustomUpstreamConfig = upsConf
+		clientIP := IPStringFromAddr(d.Addr)
+		upstreamsConf := s.conf.GetCustomUpstreamByClient(clientIP)
+		if upstreamsConf != nil {
+			log.Debug("Using custom upstreams for %s", clientIP)
+			d.CustomUpstreamConfig = upstreamsConf
 		}
 	}

-	req := d.Req
 	if s.conf.EnableDNSSEC {
-		opt := req.IsEdns0()
+		opt := d.Req.IsEdns0()
 		if opt == nil {
-			log.Debug("dns: adding OPT record with DNSSEC flag")
-			req.SetEdns0(4096, true)
+			log.Debug("dns: Adding OPT record with DNSSEC flag")
+			d.Req.SetEdns0(4096, true)
 		} else if !opt.Do() {
 			opt.SetDo(true)
 		} else {
@@ -532,12 +500,13 @@ func (s *Server) processUpstream(ctx *dnsContext) (rc resultCode) {
 	}

 	// request was not filtered so let it be processed further
-	if ctx.err = s.dnsProxy.Resolve(d); ctx.err != nil {
+	err := s.dnsProxy.Resolve(d)
+	if err != nil {
+		ctx.err = err
 		return resultCodeError
 	}

 	ctx.responseFromUpstream = true
-
 	return resultCodeSuccess
 }

@@ -595,8 +564,8 @@ func processFilteringAfterResponse(ctx *dnsContext) (rc resultCode) {
 	var err error

 	switch res.Reason {
-	case filtering.Rewritten,
-		filtering.RewrittenRule:
+	case dnsfilter.Rewritten,
+		dnsfilter.RewrittenRule:

 		if len(ctx.origQuestion.Name) == 0 {
 			// origQuestion is set in case we get only CNAME without IP from rewrites table
@@ -613,7 +582,7 @@ func processFilteringAfterResponse(ctx *dnsContext) (rc resultCode) {
 			d.Res.Answer = answer
 		}

-	case filtering.NotFilteredAllowList:
+	case dnsfilter.NotFilteredAllowList:
 		// nothing

 	default:
@@ -630,7 +599,7 @@ func processFilteringAfterResponse(ctx *dnsContext) (rc resultCode) {
 		if ctx.result != nil {
 			ctx.origResp = origResp2 // matched by response
 		} else {
-			ctx.result = &filtering.Result{}
+			ctx.result = &dnsfilter.Result{}
 		}
 	}

--- a/internal/dnsforward/dns_test.go
+++ b/internal/dnsforward/dns_test.go
@@ -6,7 +6,7 @@ import (

 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
-	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
+	"github.com/AdguardTeam/AdGuardHome/internal/dnsfilter"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/miekg/dns"
@@ -260,14 +260,14 @@ func TestServer_ProcessInternalHosts(t *testing.T) {
 	}
 }

-func TestServer_ProcessRestrictLocal(t *testing.T) {
+func TestLocalRestriction(t *testing.T) {
 	ups := &aghtest.TestUpstream{
 		Reverse: map[string][]string{
 			"251.252.253.254.in-addr.arpa.": {"host1.example.net."},
 			"1.1.168.192.in-addr.arpa.":     {"some.local-client."},
 		},
 	}
-	s := createTestServer(t, &filtering.Config{}, ServerConfig{
+	s := createTestServer(t, &dnsfilter.Config{}, ServerConfig{
 		UDPListenAddrs: []*net.UDPAddr{{}},
 		TCPListenAddrs: []*net.TCPAddr{{}},
 	}, ups)
@@ -318,79 +318,14 @@ func TestServer_ProcessRestrictLocal(t *testing.T) {
 				IP: tc.cliIP,
 			},
 		}
-
 		t.Run(tc.name, func(t *testing.T) {
 			err = s.handleDNSRequest(nil, pctx)
 			require.NoError(t, err)
 			require.NotNil(t, pctx.Res)
 			require.Len(t, pctx.Res.Answer, tc.wantLen)
-
 			if tc.wantLen > 0 {
-				assert.Equal(t, tc.want, pctx.Res.Answer[0].(*dns.PTR).Ptr)
+				assert.Equal(t, tc.want, pctx.Res.Answer[0].Header().Name)
 			}
 		})
 	}
 }
-
-func TestServer_ProcessLocalPTR_usingResolvers(t *testing.T) {
-	const locDomain = "some.local."
-	const reqAddr = "1.1.168.192.in-addr.arpa."
-
-	s := createTestServer(t, &filtering.Config{}, ServerConfig{
-		UDPListenAddrs: []*net.UDPAddr{{}},
-		TCPListenAddrs: []*net.TCPAddr{{}},
-	}, &aghtest.TestUpstream{
-		Reverse: map[string][]string{
-			reqAddr: {locDomain},
-		},
-	})
-
-	var proxyCtx *proxy.DNSContext
-	var dnsCtx *dnsContext
-	setup := func(use bool) {
-		proxyCtx = &proxy.DNSContext{
-			Addr: &net.TCPAddr{
-				IP: net.IP{127, 0, 0, 1},
-			},
-			Req: createTestMessageWithType(reqAddr, dns.TypePTR),
-		}
-		dnsCtx = &dnsContext{
-			proxyCtx:        proxyCtx,
-			unreversedReqIP: net.IP{192, 168, 1, 1},
-		}
-		s.conf.UsePrivateRDNS = use
-	}
-
-	t.Run("enabled", func(t *testing.T) {
-		setup(true)
-
-		rc := s.processLocalPTR(dnsCtx)
-		require.Equal(t, resultCodeSuccess, rc)
-		require.NotEmpty(t, proxyCtx.Res.Answer)
-
-		assert.Equal(t, locDomain, proxyCtx.Res.Answer[0].(*dns.PTR).Ptr)
-	})
-
-	t.Run("disabled", func(t *testing.T) {
-		setup(false)
-
-		rc := s.processLocalPTR(dnsCtx)
-		require.Equal(t, resultCodeFinish, rc)
-		require.Empty(t, proxyCtx.Res.Answer)
-	})
-}
-
-func TestIPStringFromAddr(t *testing.T) {
-	t.Run("not_nil", func(t *testing.T) {
-		addr := net.UDPAddr{
-			IP:   net.ParseIP("1:2:3::4"),
-			Port: 12345,
-			Zone: "eth0",
-		}
-		assert.Equal(t, ipStringFromAddr(&addr), addr.IP.String())
-	})
-
-	t.Run("nil", func(t *testing.T) {
-		assert.Empty(t, ipStringFromAddr(nil))
-	})
-}
--- a/internal/dnsforward/dnsforward.go
+++ b/internal/dnsforward/dnsforward.go
@@ -2,6 +2,7 @@
 package dnsforward

 import (
+	"errors"
 	"fmt"
 	"net"
 	"net/http"
@@ -11,15 +12,15 @@ import (
 	"sync"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/agherr"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghstrings"
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
-	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
+	"github.com/AdguardTeam/AdGuardHome/internal/dnsfilter"
 	"github.com/AdguardTeam/AdGuardHome/internal/querylog"
 	"github.com/AdguardTeam/AdGuardHome/internal/stats"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/miekg/dns"
 )
@@ -63,7 +64,7 @@ type ipToHostTable = map[string]string
 // The zero Server is empty and ready for use.
 type Server struct {
 	dnsProxy   *proxy.Proxy          // DNS proxy instance
-	dnsFilter  *filtering.DNSFilter  // DNS filter instance
+	dnsFilter  *dnsfilter.DNSFilter  // DNS filter instance
 	dhcpServer dhcpd.ServerInterface // DHCP server instance (optional)
 	queryLog   querylog.QueryLog     // Query log instance
 	stats      stats.Stats
@@ -76,8 +77,6 @@ type Server struct {
 	ipset          ipsetCtx
 	subnetDetector *aghnet.SubnetDetector
 	localResolvers *proxy.Proxy
-	sysResolvers   aghnet.SystemResolvers
-	recDetector    *recursionDetector

 	tableHostToIP     hostToIPTable
 	tableHostToIPLock sync.Mutex
@@ -91,9 +90,8 @@ type Server struct {

 	isRunning bool

+	sync.RWMutex
 	conf ServerConfig
-	// serverLock protects Server.
-	serverLock sync.RWMutex
 }

 // defaultLocalDomainSuffix is the default suffix used to detect internal hosts
@@ -104,7 +102,7 @@ const defaultLocalDomainSuffix = ".lan."

 // DNSCreateParams are parameters to create a new server.
 type DNSCreateParams struct {
-	DNSFilter      *filtering.DNSFilter
+	DNSFilter      *dnsfilter.DNSFilter
 	Stats          stats.Stats
 	QueryLog       querylog.QueryLog
 	DHCPServer     dhcpd.ServerInterface
@@ -123,14 +121,6 @@ func domainNameToSuffix(tld string) (suffix string) {
 	return string(b)
 }

-const (
-	// recursionTTL is the time recursive request is cached for.
-	recursionTTL = 1 * time.Second
-	// cachedRecurrentReqNum is the maximum number of cached recurrent
-	// requests.
-	cachedRecurrentReqNum = 1000
-)
-
 // NewServer creates a new instance of the dnsforward.Server
 // Note: this function must be called only once
 func NewServer(p DNSCreateParams) (s *Server, err error) {
@@ -152,14 +142,6 @@ func NewServer(p DNSCreateParams) (s *Server, err error) {
 		queryLog:          p.QueryLog,
 		subnetDetector:    p.SubnetDetector,
 		localDomainSuffix: localDomainSuffix,
-		recDetector:       newRecursionDetector(recursionTTL, cachedRecurrentReqNum),
-	}
-
-	// TODO(e.burkov): Enable the refresher after the actual implementation
-	// passes the public testing.
-	s.sysResolvers, err = aghnet.NewSystemResolvers(0, nil)
-	if err != nil {
-		return nil, fmt.Errorf("initializing system resolvers: %w", err)
 	}

 	if p.DHCPServer != nil {
@@ -178,9 +160,7 @@ func NewServer(p DNSCreateParams) (s *Server, err error) {

 // NewCustomServer creates a new instance of *Server with custom internal proxy.
 func NewCustomServer(internalProxy *proxy.Proxy) *Server {
-	s := &Server{
-		recDetector: newRecursionDetector(0, 1),
-	}
+	s := &Server{}
 	if internalProxy != nil {
 		s.internalProxy = internalProxy
 	}
@@ -188,31 +168,25 @@ func NewCustomServer(internalProxy *proxy.Proxy) *Server {
 	return s
 }

-// Close gracefully closes the server.  It is safe for concurrent use.
-//
-// TODO(e.burkov): A better approach would be making Stop method waiting for all
-// its workers finished.  But it would require the upstream.Upstream to have the
-// Close method to prevent from hanging while waiting for unresponsive server to
-// respond.
+// Close - close object
 func (s *Server) Close() {
-	s.serverLock.Lock()
-	defer s.serverLock.Unlock()
-
+	s.Lock()
 	s.dnsFilter = nil
 	s.stats = nil
 	s.queryLog = nil
 	s.dnsProxy = nil

-	if err := s.ipset.Close(); err != nil {
+	err := s.ipset.Close()
+	if err != nil {
 		log.Error("closing ipset: %s", err)
 	}
+
+	s.Unlock()
 }

 // WriteDiskConfig - write configuration
 func (s *Server) WriteDiskConfig(c *FilteringConfig) {
-	s.serverLock.RLock()
-	defer s.serverLock.RUnlock()
-
+	s.RLock()
 	sc := s.conf.FilteringConfig
 	*c = sc
 	c.RatelimitWhitelist = aghstrings.CloneSlice(sc.RatelimitWhitelist)
@@ -221,16 +195,15 @@ func (s *Server) WriteDiskConfig(c *FilteringConfig) {
 	c.DisallowedClients = aghstrings.CloneSlice(sc.DisallowedClients)
 	c.BlockedHosts = aghstrings.CloneSlice(sc.BlockedHosts)
 	c.UpstreamDNS = aghstrings.CloneSlice(sc.UpstreamDNS)
+	s.RUnlock()
 }

 // RDNSSettings returns the copy of actual RDNS configuration.
-func (s *Server) RDNSSettings() (localPTRResolvers []string, resolveClients, resolvePTR bool) {
-	s.serverLock.RLock()
-	defer s.serverLock.RUnlock()
+func (s *Server) RDNSSettings() (localPTRResolvers []string, resolveClients bool) {
+	s.RLock()
+	defer s.RUnlock()

-	return aghstrings.CloneSlice(s.conf.LocalPTRResolvers),
-		s.conf.ResolveClients,
-		s.conf.UsePrivateRDNS
+	return aghstrings.CloneSlice(s.conf.LocalPTRResolvers), s.conf.ResolveClients
 }

 // Resolve - get IP addresses by host name from an upstream server.
@@ -238,9 +211,8 @@ func (s *Server) RDNSSettings() (localPTRResolvers []string, resolveClients, res
 // Query log and Stats are not updated.
 // This method may be called before Start().
 func (s *Server) Resolve(host string) ([]net.IPAddr, error) {
-	s.serverLock.RLock()
-	defer s.serverLock.RUnlock()
-
+	s.RLock()
+	defer s.RUnlock()
 	return s.internalProxy.LookupIPAddr(host)
 }

@@ -249,25 +221,22 @@ type RDNSExchanger interface {
 	// Exchange tries to resolve the ip in a suitable way, e.g. either as
 	// local or as external.
 	Exchange(ip net.IP) (host string, err error)
-	// ResolvesPrivatePTR returns true if the RDNSExchanger is able to
-	// resolve PTR requests for locally-served addresses.
-	ResolvesPrivatePTR() (ok bool)
 }

 const (
 	// rDNSEmptyAnswerErr is returned by Exchange method when the answer
 	// section of respond is empty.
-	rDNSEmptyAnswerErr errors.Error = "the answer section is empty"
+	rDNSEmptyAnswerErr agherr.Error = "the answer section is empty"

 	// rDNSNotPTRErr is returned by Exchange method when the response is not
 	// of PTR type.
-	rDNSNotPTRErr errors.Error = "the response is not a ptr"
+	rDNSNotPTRErr agherr.Error = "the response is not a ptr"
 )

 // Exchange implements the RDNSExchanger interface for *Server.
 func (s *Server) Exchange(ip net.IP) (host string, err error) {
-	s.serverLock.RLock()
-	defer s.serverLock.RUnlock()
+	s.RLock()
+	defer s.RUnlock()

 	if !s.conf.ResolveClients {
 		return "", nil
@@ -292,21 +261,18 @@ func (s *Server) Exchange(ip net.IP) (host string, err error) {
 		StartTime: time.Now(),
 	}

-	resolver := s.internalProxy
+	var resp *dns.Msg
 	if s.subnetDetector.IsLocallyServedNetwork(ip) {
-		if !s.conf.UsePrivateRDNS {
-			return "", nil
-		}
-
-		resolver = s.localResolvers
-		s.recDetector.add(*req)
+		err = s.localResolvers.Resolve(ctx)
+	} else {
+		err = s.internalProxy.Resolve(ctx)
 	}
-
-	if err = resolver.Resolve(ctx); err != nil {
+	if err != nil {
 		return "", err
 	}

-	resp := ctx.Res
+	resp = ctx.Res
+
 	if len(resp.Answer) == 0 {
 		return "", fmt.Errorf("lookup for %q: %w", arpa, rDNSEmptyAnswerErr)
 	}
@@ -319,19 +285,10 @@ func (s *Server) Exchange(ip net.IP) (host string, err error) {
 	return strings.TrimSuffix(ptr.Ptr, "."), nil
 }

-// ResolvesPrivatePTR implements the RDNSExchanger interface for *Server.
-func (s *Server) ResolvesPrivatePTR() (ok bool) {
-	s.serverLock.RLock()
-	defer s.serverLock.RUnlock()
-
-	return s.conf.UsePrivateRDNS
-}
-
 // Start starts the DNS server.
 func (s *Server) Start() error {
-	s.serverLock.Lock()
-	defer s.serverLock.Unlock()
-
+	s.Lock()
+	defer s.Unlock()
 	return s.startLocked()
 }

@@ -350,7 +307,7 @@ func (s *Server) startLocked() error {
 const defaultLocalTimeout = 1 * time.Second

 // collectDNSIPAddrs returns IP addresses the server is listening on without
-// port numbersю  For internal use only.
+// port numbers as a map.  For internal use only.
 func (s *Server) collectDNSIPAddrs() (addrs []string, err error) {
 	addrs = make([]string, len(s.conf.TCPListenAddrs)+len(s.conf.UDPListenAddrs))
 	var i int
@@ -383,11 +340,28 @@ func (s *Server) collectDNSIPAddrs() (addrs []string, err error) {
 	return addrs[:i], nil
 }

-func (s *Server) filterOurDNSAddrs(addrs []string) (filtered []string, err error) {
+// setupResolvers initializes the resolvers for local addresses.  For internal
+// use only.
+func (s *Server) setupResolvers(localAddrs []string) (err error) {
+	bootstraps := s.conf.BootstrapDNS
+	if len(localAddrs) == 0 {
+		var sysRes aghnet.SystemResolvers
+		// TODO(e.burkov): Enable the refresher after the actual
+		// implementation passes the public testing.
+		sysRes, err = aghnet.NewSystemResolvers(0, nil)
+		if err != nil {
+			return err
+		}
+
+		localAddrs = sysRes.Get()
+		bootstraps = nil
+	}
+	log.Debug("upstreams to resolve PTR for local addresses: %v", localAddrs)
+
 	var ourAddrs []string
 	ourAddrs, err = s.collectDNSIPAddrs()
 	if err != nil {
-		return nil, err
+		return err
 	}

 	ourAddrsSet := aghstrings.NewSet(ourAddrs...)
@@ -396,24 +370,7 @@ func (s *Server) filterOurDNSAddrs(addrs []string) (filtered []string, err error
 	// really applicable here since in case of listening on all network
 	// interfaces we should check the whole interface's network to cut off
 	// all the loopback addresses as well.
-	return aghstrings.FilterOut(addrs, ourAddrsSet.Has), nil
-}
-
-// setupResolvers initializes the resolvers for local addresses.  For internal
-// use only.
-func (s *Server) setupResolvers(localAddrs []string) (err error) {
-	bootstraps := s.conf.BootstrapDNS
-	if len(localAddrs) == 0 {
-		localAddrs = s.sysResolvers.Get()
-		bootstraps = nil
-	}
-
-	localAddrs, err = s.filterOurDNSAddrs(localAddrs)
-	if err != nil {
-		return err
-	}
-
-	log.Debug("upstreams to resolve PTR for local addresses: %v", localAddrs)
+	localAddrs = aghstrings.FilterOut(localAddrs, ourAddrsSet.Has)

 	var upsConfig proxy.UpstreamConfig
 	upsConfig, err = proxy.ParseUpstreamsConfig(localAddrs, upstream.Options{
@@ -511,16 +468,13 @@ func (s *Server) Prepare(config *ServerConfig) error {
 		return fmt.Errorf("setting up resolvers: %w", err)
 	}

-	s.recDetector.clear()
-
 	return nil
 }

 // Stop stops the DNS server.
 func (s *Server) Stop() error {
-	s.serverLock.Lock()
-	defer s.serverLock.Unlock()
-
+	s.Lock()
+	defer s.Unlock()
 	return s.stopLocked()
 }

@@ -537,18 +491,17 @@ func (s *Server) stopLocked() error {
 	return nil
 }

-// IsRunning returns true if the DNS server is running.
+// IsRunning returns true if the DNS server is running
 func (s *Server) IsRunning() bool {
-	s.serverLock.RLock()
-	defer s.serverLock.RUnlock()
-
+	s.RLock()
+	defer s.RUnlock()
 	return s.isRunning
 }

-// Reconfigure applies the new configuration to the DNS server.
+// Reconfigure applies the new configuration to the DNS server
 func (s *Server) Reconfigure(config *ServerConfig) error {
-	s.serverLock.Lock()
-	defer s.serverLock.Unlock()
+	s.Lock()
+	defer s.Unlock()

 	log.Print("Start reconfiguring the server")
 	err := s.stopLocked()
@@ -573,18 +526,12 @@ func (s *Server) Reconfigure(config *ServerConfig) error {
 	return nil
 }

-// ServeHTTP is a HTTP handler method we use to provide DNS-over-HTTPS.
+// ServeHTTP is a HTTP handler method we use to provide DNS-over-HTTPS
 func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	var p *proxy.Proxy
-
-	func() {
-		s.serverLock.RLock()
-		defer s.serverLock.RUnlock()
-
-		p = s.dnsProxy
-	}()
-
-	if p != nil {
+	s.RLock()
+	p := s.dnsProxy
+	s.RUnlock()
+	if p != nil { // an attempt to protect against race in case we're here after Close() was called
 		p.ServeHTTP(w, r)
 	}
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Ainar Garipov	dda513fe82	cherry-pick: all: prepare changelog for v0.106.3 release Merge in DNS/adguard-home from changelog to master Squashed commit of the following: commit 126119ecbd9062fcce5dec08a13120c828740e28 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed May 19 14:47:55 2021 +0300 all: prepare changelog for v0.106.3 release	2021-05-19 15:01:50 +03:00
Ildar Kamalov	13e0124dec	cherry-pick: client: fix query log response status error Closes #3089 Squashed commit of the following: commit c5f3112298b11a73b77a35ea249f24abed221425 Author: Ildar Kamalov <ik@adguard.com> Date: Tue May 18 16:08:56 2021 +0300 client: fix query log response status error	2021-05-19 15:01:46 +03:00
Ainar Garipov	f716b2b3f5	cherry-pick: all: add us to logs Merge in DNS/adguard-home from imp-logs to master Squashed commit of the following: commit b463825196625f59b19977920f828f57e4b87f0d Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue May 18 14:08:24 2021 +0300 all: add us to logs	2021-05-19 15:00:58 +03:00
Ainar Garipov	031e61305d	cherry-pick: all: fix some races Updates #3087. Squashed commit of the following: commit e888ce524f286f3c34e14e0086336b65a95fa020 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon May 17 16:34:10 2021 +0300 all: fix some races	2021-05-17 17:20:03 +03:00
Eugene Burkov	b1b2f4a233	cherry-pick: improve installation script Merge in DNS/adguard-home from 2542-2462-imp-script to master Closes #2462. Updates #2542. Updates #2613. Squashed commit of the following: commit 4a7472200f2ae07aeccc3511a75a94674b655cdb Author: Eugene Burkov <e.burkov@adguard.com> Date: Mon May 17 15:11:08 2021 +0300 scripts: imp naming, docs commit acbb5864a34e81d8c80767dd7ef57dffb189dc64 Author: Eugene Burkov <e.burkov@adguard.com> Date: Mon May 17 15:05:57 2021 +0300 scripts: imp fix commit 64777015b6d50e7330fbe7546de1f436f4cb707f Author: Eugene Burkov <e.burkov@adguard.com> Date: Mon May 17 14:54:05 2021 +0300 scripts: fix bsd commit 3308921f4c253c8670c4be70896c55f7a892ff3e Author: Eugene Burkov <e.burkov@adguard.com> Date: Mon May 17 14:04:04 2021 +0300 scripts: imp requirements checking commit 453cf7a4ce676d2eb09d423304e4d5a8962ac4e5 Author: Eugene Burkov <e.burkov@adguard.com> Date: Mon May 17 13:54:38 2021 +0300 scripts: fix docs commit a2229052f6cf747247c8290cd0de27cc88c14977 Merge: 0852c87b `120ba967` Author: Eugene Burkov <e.burkov@adguard.com> Date: Mon May 17 13:50:45 2021 +0300 Merge branch 'master' into 2542-2462-imp-script commit 0852c87bf33b833095644e649bbcedbf89ad4f82 Author: Eugene Burkov <e.burkov@adguard.com> Date: Mon May 17 13:49:27 2021 +0300 scripts: add os-specific requirements check commit 6313d8fd19f70c41b7091511ca8d979859ddb10c Merge: 1b4092d5 `a031cae4` Author: Eugene Burkov <e.burkov@adguard.com> Date: Fri May 14 19:46:57 2021 +0300 Merge branch 'master' into 2542-2462-imp-script commit 1b4092d5ee1de5b56c6252bf9debe8b90cdf954e Author: Eugene Burkov <e.burkov@adguard.com> Date: Fri May 14 19:46:09 2021 +0300 scripts: imp install.sh a little commit 0584b30b4648b88f542fff6f2879c4a7ae042af4 Merge: 22621c86 `9d788a29` Author: Eugene Burkov <e.burkov@adguard.com> Date: Fri May 14 19:27:47 2021 +0300 Merge branch 'master' into 2542-2462-imp-script commit 22621c86a70e61f98850a10f0c5e450c8aeaa90f Author: Eugene Burkov <e.burkov@adguard.com> Date: Fri May 14 19:25:47 2021 +0300 all: imp code commit a38f4adc4688995ca515f8d0d8d271427365623c Author: Eugene Burkov <e.burkov@adguard.com> Date: Fri May 14 18:40:37 2021 +0300 all: fix url variable commit 238cb859184da4af025137d99216d51d3b481dc0 Author: Eugene Burkov <e.burkov@adguard.com> Date: Fri May 14 18:27:13 2021 +0300 imp code quality commit 0e36c125369d47612fd97c2841a2a688bed5841d Author: Eugene Burkov <e.burkov@adguard.com> Date: Fri May 14 16:34:49 2021 +0300 all: fix typos commit b20f0b72141f5abb5e598324a3f2bd750164e612 Author: Eugene Burkov <e.burkov@adguard.com> Date: Thu Apr 29 14:02:40 2021 +0300 all: imp installation script	2021-05-17 15:25:30 +03:00
Ainar Garipov	4921a325e2	cherry-pick: client: upd i18n Updates #2643. Squashed commit of the following: commit 2a3ae4ce7748954ad957fb22b30eacc2b5cc7b6c Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon May 17 13:26:38 2021 +0300 client: upd i18n	2021-05-17 15:00:10 +03:00
Ainar Garipov	d36f95a2b0	cherry-pick: all: restore netbsd compat Updates #3147. Squashed commit of the following: commit 4e1bcfd1561f9b927755c5024521d5508ef94b1f Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon May 17 13:17:51 2021 +0300 all: restore netbsd compat	2021-05-17 15:00:03 +03:00
Ainar Garipov	1d61f50fc8	cherry-pick: dhcpd: support decline and release msgs Updates #3053. Squashed commit of the following: commit eb68a21436536d67b6d23873e6b6f291912bf3a1 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri May 14 18:58:15 2021 +0300 dhcpd: do not panic commit 423678934e736e842fc90042ee0037d1efa912ee Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri May 14 18:18:49 2021 +0300 dhcpd: support decline and release msgs	2021-05-17 14:59:59 +03:00
Ainar Garipov	d747ae36ca	cherry-pick: dhcpd: refactor validations Updates #3107. Updates #3127. Squashed commit of the following: commit ad64472566ecd1b0864212cd2644a57439aceb85 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 13 14:45:21 2021 +0300 dhcpd: refactor validations	2021-05-17 14:59:53 +03:00
Ainar Garipov	4e31610d7b	cherry-pick: dnsforward: exclude docker dns Updates #3064. Squashed commit of the following: commit 2cfeb830853dffcb26968d0a4d21b623f00da275 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 13 14:02:08 2021 +0300 all: imp code, expose pprof port commit a22656a3fd24253f7327eff5168ea84391c8d758 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 13 13:34:05 2021 +0300 all: imp code, dockerfile commit 35e2145fe061d0d803b46578539499ecfe9d3ea4 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 13 12:34:09 2021 +0300 dnsforward: exclude docker dns	2021-05-17 14:59:05 +03:00
Eugene Burkov	3953ca50e6	cherry-pick: 2875 client settings Merge in DNS/adguard-home from 2875-client-settings to master Updates #2875. Squashed commit of the following: commit 43e5af66acb8ace71a329fe2effae6a78492d73f Author: Eugene Burkov <e.burkov@adguard.com> Date: Wed May 12 18:12:03 2021 +0300 all: fix client settings applying	2021-05-17 14:58:59 +03:00
Eugene Burkov	f7e4e998cf	cherri-pick: 3115 domain case Merge in DNS/adguard-home from 3115-domain-case to master Updates #3115. Squashed commit of the following: commit 02b6d27d862b3e3dc2a17220cec35f0f18e31fb3 Author: Eugene Burkov <e.burkov@adguard.com> Date: Tue May 11 19:56:06 2021 +0300 all: fix typos commit cdd1de64d5f79605b5fdcad5879204194856b083 Author: Eugene Burkov <e.burkov@adguard.com> Date: Tue May 11 19:37:37 2021 +0300 dnsforward: fix disallowed domains case matching	2021-05-17 14:58:53 +03:00
Ainar Garipov	e301480401	cherry-pick: Fix spelling of lighttpd Updates #3095. * commit '23f87dc45e8e58da09df0a8f13f3145554a2f2bb': Fix spelling of lighttpd	2021-05-17 14:58:19 +03:00
Ainar Garipov	caa90b0340	cherry-pick: prepare changelog for v0.106.2 Merge in DNS/adguard-home from changelog to master Squashed commit of the following: commit 8727a97d052d5d89a4a6ff9a56751c167a36e103 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 6 18:06:56 2021 +0300 prepare changelog for v0.106.2	2021-05-06 18:19:38 +03:00
Ainar Garipov	81a5225622	cherry-pick: client: upd i18n Updates #2643. Squashed commit of the following: commit aae8dd9bd79bdd52d754a2dfd3e725088d34cf33 Merge: 7708a7cb `460aa1a5` Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 6 16:41:43 2021 +0300 Merge branch 'master' into 2643-upd-i18n commit 7708a7cb26a1e70dc920c2e5513e6652e67f77d0 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 6 15:46:22 2021 +0300 client: upd i18n	2021-05-06 18:14:25 +03:00
Ainar Garipov	199e1f6a60	cherry-pick: home: imp client http api, docs Updates #3075. Squashed commit of the following: commit c88fd2e24a19474bce736e5b6af7e094b43be390 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 6 16:09:49 2021 +0300 home: imp code, docs commit 8ae7d9001927d56394d2177c22fe114d98f01732 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 6 15:35:49 2021 +0300 home: imp client http api, docs	2021-05-06 18:13:43 +03:00
Ainar Garipov	66d47b1462	cherry-pick: dhcpd: imp normalization, validation Updates #3056. Squashed commit of the following: commit 875954fc8d59980a39b03032007cbc15d87801ea Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed May 5 19:54:24 2021 +0300 all: imp err msgs commit c6ea471038ce28f608084b59d3447ff64124260f Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed May 5 17:55:12 2021 +0300 dhcpd: imp normalization, validation	2021-05-06 18:11:43 +03:00
Ainar Garipov	e1ac2590c9	cherry-pick: Disabled autocapitalize on username field in mobile browsers Updates #3077. * commit 'b2c48d0d3bcb6f8eb1d95af8516e5531b51e1ea5': Disabled autocapitalize on username field in mobile browsers	2021-05-06 18:11:02 +03:00
Ainar Garipov	7696afd03c	cherry-pick: bamboo-specs: add missing vars Merge in DNS/adguard-home from specs-vars to master Squashed commit of the following: commit 25f50e4b8c98edf6a3bd161f62bdf5db49202358 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Apr 30 15:12:28 2021 +0300 bamboo-specs: add missing vars	2021-04-30 15:17:54 +03:00
Ainar Garipov	3d48ec4555	cherry-pick: bamboo-specs: configure release branches Merge in DNS/adguard-home from specs-branch to master Squashed commit of the following: commit 20819ce0d4fc090c3a49d316115b3173300babc4 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Apr 30 14:52:54 2021 +0300 bamboo-specs: configure release branches	2021-04-30 15:08:57 +03:00
Ainar Garipov	e576a23dd1	cherry-pick: all: prepare changelog for v0.106.1 Merge in DNS/adguard-home from changelog-0.106.1 to master Squashed commit of the following: commit f2d1aeba8dc4952bb642e1e223babf6eb1cf3400 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Apr 30 13:53:42 2021 +0300 all: fix date in changelog commit 72c1482d37a10fcf2bdfb7f0b513063e8a350bcd Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Apr 30 13:52:42 2021 +0300 all: prepare changelog for v0.106.1	2021-04-30 14:14:31 +03:00
Ainar Garipov	e0c839f105	cherry-pick: client: upd i18n Updates #2643. Squashed commit of the following: commit 3ffa1870d67de835aa8b473490cbdd482d538ac0 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Apr 30 13:31:27 2021 +0300 client: upd i18n	2021-04-30 14:14:20 +03:00
Ainar Garipov	49a0b90795	cherry-pick: client: imp private dns resolver docs Updates #3028. Squashed commit of the following: commit a44f1b76a2d659a96b485906c933b239f6d109d9 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Apr 29 17:36:20 2021 +0300 client: imp private dns resolver docs	2021-04-30 14:14:04 +03:00
Ainar Garipov	ee3b34ecb1	cherry-pick: all: do not check local domains when dhcp srv is off Updates #3028. Squashed commit of the following: commit 49d3ca5c9de0468ccb1792e9de263fd66e30d79c Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Apr 29 15:35:32 2021 +0300 all: do not check local domains when dhcp srv is off	2021-04-30 14:13:48 +03:00
Ainar Garipov	351d793b96	cherry-pick: dhcpd: normalize hostnames of invalid static leases Updates #3027. Squashed commit of the following: commit 171ebaecb4b96ebeb2d0fa350460c65f244e94ae Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Apr 29 14:45:04 2021 +0300 all: imp docs commit 48b13ed5b435042a0622a66b60407116ae5aa288 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Apr 29 14:34:28 2021 +0300 dhcpd: normalize hostnames of invalid static leases	2021-04-30 14:13:30 +03:00
Ainar Garipov	d59938d254	cherry-pick: aghnet: imp host validation for system resolvers Updates #3022. Squashed commit of the following: commit 2f63b4e1765d9c9bfeadafcfa42c9d8741b628e1 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Apr 28 21:29:28 2021 +0300 aghnet: fix doc commit efdc1bb2c8959a9f888d558c32c415e6f3678b0c Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Apr 28 21:19:54 2021 +0300 all: doc changes commit 8154797095874771bcf04d109644e6ae33fcb470 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Apr 28 21:15:42 2021 +0300 aghnet: imp host validation for system resolvers	2021-04-30 14:13:07 +03:00
Ainar Garipov	5b9bbce55d	cherry-pick: bamboo-specs: add initial support for release branches Merge in DNS/adguard-home from release-branches to master Squashed commit of the following: commit 1041589d63bb7192c31161ab92f6825ff11063b9 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Apr 28 18:51:36 2021 +0300 bamboo-specs: add initial support for release branches	2021-04-30 14:12:16 +03:00
				`@@ -1 +0,0 @@`
				`Keep this file non-hidden for Go's embedding to work.`