Pull request: client: upd i18n

Merge in DNS/adguard-home from upd-i18n to master Squashed commit of the following: commit e3dfb6cd66813d45591f74c9cdddab8b61143db3 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Jan 24 14:52:19 2022 +0300 client: upd i18n
Pull request: 2846 cover aghnet vol.1
2022-01-24 15:02:47 +03:00 · 2022-01-21 19:21:38 +03:00 · 2022-01-20 18:24:21 +03:00 · 2022-01-20 17:19:09 +03:00 · 2022-01-20 17:05:59 +03:00 · 2022-01-20 12:23:59 +03:00
105 changed files with 2344 additions and 1553 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,7 +1,7 @@
 'name': 'build'

 'env':
-  'GO_VERSION': '1.16'
+  'GO_VERSION': '1.17'
  'NODE_VERSION': '14'

 'on':
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -1,7 +1,7 @@
 'name': 'lint'

 'env':
-  'GO_VERSION': '1.16'
+  'GO_VERSION': '1.17'

 'on':
  'push':
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,12 +7,94 @@ The format is based on
 and this project adheres to
 [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+
+
 ## [Unreleased]

 <!--
-## [v0.107.1] - 2022-01-25 (APPROX.)
+## [v0.108.0] - 2022-06-01 (APPROX.)
 -->

+### Added
+
+- Support for a `$dnsrewrite` modifier with an empty `NOERROR` response
+  ([#4133]).
+- `windows/arm64` support ([#3057]).
+
+### Deprecated
+
+<!--
+TODO(a.garipov): Remove this deprecation, if v0.108.0 is released before the Go
+1.18 release.
+-->
+- Go 1.17 support.  v0.109.0 will require at least Go 1.18 to build.
+
+### Fixed
+
+- Wrong set of ports checked for duplicates during the initial setup ([#4095]).
+- Incorrectly invalidated service domains ([#4120]).
+- Poor testing of domain-specific upstream servers ([#4074]).
+- Omitted aliases of hosts specified by another line within the OS's hosts file
+  ([#4079]).
+
+### Removed
+
+- Go 1.16 support.
+
+[#3057]: https://github.com/AdguardTeam/AdGuardHome/issues/3057
+[#4074]: https://github.com/AdguardTeam/AdGuardHome/issues/4074
+[#4079]: https://github.com/AdguardTeam/AdGuardHome/issues/4079
+[#4095]: https://github.com/AdguardTeam/AdGuardHome/issues/4095
+[#4120]: https://github.com/AdguardTeam/AdGuardHome/issues/4120
+[#4133]: https://github.com/AdguardTeam/AdGuardHome/issues/4133
+
+
+
+<!--
+## [v0.107.3] - 2022-02-08 (APPROX.)
+-->
+
+
+
+## [v0.107.2] - 2021-12-29
+
+### Fixed
+
+- Infinite loops when TCP connections time out ([#4042]).
+
+[#4042]: https://github.com/AdguardTeam/AdGuardHome/issues/4042
+
+
+
+## [v0.107.1] - 2021-12-29
+
+### Changed
+
+- The validation error message for duplicated allow- and blocklists in DNS
+  settings now shows the duplicated elements ([#3975]).
+
+### Fixed
+
+- `ipset` initialization bugs ([#4027]).
+- Legacy DNS rewrites from a wildcard pattern to a subdomain ([#4016]).
+- Service not being stopped before running the `uninstall` service action
+  ([#3868]).
+- Broken `reload` service action on FreeBSD.
+- Legacy DNS rewrites responding from upstream when a request other than `A` or
+  `AAAA` is received ([#4008]).
+- Panic on port availability check during installation ([#3987]).
+- Incorrect application of rules from the OS's hosts files ([#3998]).
+
+[#3868]: https://github.com/AdguardTeam/AdGuardHome/issues/3868
+[#3975]: https://github.com/AdguardTeam/AdGuardHome/issues/3975
+[#3987]: https://github.com/AdguardTeam/AdGuardHome/issues/3987
+[#3998]: https://github.com/AdguardTeam/AdGuardHome/issues/3998
+[#4008]: https://github.com/AdguardTeam/AdGuardHome/issues/4008
+[#4016]: https://github.com/AdguardTeam/AdGuardHome/issues/4016
+[#4027]: https://github.com/AdguardTeam/AdGuardHome/issues/4027
+
+
+
 ## [v0.107.0] - 2021-12-21

 ### Added
@@ -613,11 +695,13 @@ In this release, the schema version has changed from 10 to 12.


 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.1...HEAD
-[v0.107.1]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.0...v0.107.1
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.3...HEAD
+[v0.107.3]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.2...v0.107.3
 -->

-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.0...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.2...HEAD
+[v0.107.2]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.1...v0.107.2
+[v0.107.1]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.0...v0.107.1
 [v0.107.0]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.3...v0.107.0
 [v0.106.3]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.2...v0.106.3
 [v0.106.2]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.106.1...v0.106.2
--- a/README.md
+++ b/README.md
@@ -185,7 +185,7 @@ Run `make init` to prepare the development environment.

 You will need this to build AdGuard Home:

- * [go](https://golang.org/dl/) v1.16 or later.
+ * [go](https://golang.org/dl/) v1.17 or later.
 * [node.js](https://nodejs.org/en/download/) v10.16.2 or later.
 * [npm](https://www.npmjs.com/) v6.14 or later (temporary requirement, TODO: remove when redesign is finished).
 * [yarn](https://yarnpkg.com/) v1.22.5 or later.
--- a/bamboo-specs/release.yaml
+++ b/bamboo-specs/release.yaml
@@ -7,7 +7,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
  'channel': 'edge'
-  'dockerGo': 'adguard/golang-ubuntu:3.8'
+  'dockerGo': 'adguard/golang-ubuntu:4.0'

 'stages':
 - 'Make release':
@@ -266,14 +266,19 @@
    # need to build a few of these.
    'variables':
      'channel': 'beta'
-      'dockerGo': 'adguard/golang-ubuntu:3.8'
+      'dockerGo': 'adguard/golang-ubuntu:4.0'
 # release-vX.Y.Z branches are the branches from which the actual final release
 # is built.
 - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
+    # Disable integration branches for release branches.
+    'branch-config':
+      'integration':
+        'push-on-success': false
+        'merge-from': 'beta-v0.107'
    # Build final releases on release branches manually.
    'triggers': []
    # Set the default release channel on the final branch to release, as these
    # are the ones that actually get released.
    'variables':
      'channel': 'release'
-      'dockerGo': 'adguard/golang-ubuntu:3.8'
+      'dockerGo': 'adguard/golang-ubuntu:4.0'
--- a/bamboo-specs/test.yaml
+++ b/bamboo-specs/test.yaml
@@ -5,7 +5,7 @@
  'key': 'AHBRTSPECS'
  'name': 'AdGuard Home - Build and run tests'
 'variables':
-  'dockerGo': 'adguard/golang-ubuntu:3.8'
+  'dockerGo': 'adguard/golang-ubuntu:4.0'

 'stages':
 - 'Tests':
--- a/client/src/__locales/be.json
+++ b/client/src/__locales/be.json
@@ -163,8 +163,8 @@
    "apply_btn": "Ужыць",
    "disabled_filtering_toast": "Фільтрацыя выкл.",
    "enabled_filtering_toast": "Фільтрацыя ўкл.",
-    "disabled_safe_browsing_toast": "Бяспечная навігацыя выкл.",
-    "enabled_safe_browsing_toast": "Бяспечная навігацыя ўкл.",
+    "disabled_safe_browsing_toast": "Бяспечная навігацыя выключана",
+    "enabled_safe_browsing_toast": "Бяспечная навігацыя ўключана",
    "disabled_parental_toast": "Бацькоўскі кантроль выкл.",
    "enabled_parental_toast": "Бацькоўскі кантроль укл.",
    "disabled_safe_search_toast": "Бяспечны пошук выкл.",
@@ -200,6 +200,7 @@
    "form_error_url_or_path_format": "Няслушны URL ці абсалютны шлях да спіса",
    "custom_filter_rules": "Карыстацкае рэдагавала фільтрацыі",
    "custom_filter_rules_hint": "Уводзьце па адным правіле на радок. Вы можаце выкарыстоўваць правілы блакавання ці сінтаксіс файлаў hosts.",
+    "system_host_files": "Сістэмныя hosts-файлы",
    "examples_title": "Прыклады",
    "example_meaning_filter_block": "заблакаваць доступ да дамена example.org і ўсім яго паддаменам",
    "example_meaning_filter_whitelist": "адблакаваць доступ да дамена example.org і ўсім яго паддаменам",
@@ -586,8 +587,8 @@
    "show_blocked_responses": "Заблакавана",
    "show_whitelisted_responses": "Белы спіс",
    "show_processed_responses": "Апрацавана",
-    "blocked_safebrowsing": "Заблакавана згодна базе дадзеных Safebrowsing",
-    "blocked_adult_websites": "Заблакаваныя \"дарослыя\" сайты",
+    "blocked_safebrowsing": "Заблакавана згодна базе дадзеных Safe Browsing",
+    "blocked_adult_websites": "Заблакавана Бацькоўскім кантролем",
    "blocked_threats": "Заблакавана пагроз",
    "allowed": "Дазволены",
    "filtered": "Адфільтраваныя",
@@ -624,5 +625,7 @@
    "last_rule_in_allowlist": "Няможна заблакаваць гэтага кліента, бо вынятак правіла «{{disallowed_rule}}» АДКЛЮЧЫЦЬ рэжым белага спіса.",
    "experimental": "Эксперыментальны",
    "use_saved_key": "Скарыстаць захаваны раней ключ",
-    "parental_control": "Бацькоўскі кантроль"
+    "parental_control": "Бацькоўскі кантроль",
+    "safe_browsing": "Бяспечны інтэрнэт",
+    "served_from_cache": "{{value}} <i>(атрымана з кэша)</i>"
 }
--- a/client/src/__locales/bg.json
+++ b/client/src/__locales/bg.json
@@ -110,7 +110,6 @@
    "example_upstream_doh": "криптиран <a href='https://en.wikipedia.org/wiki/DNS_over_HTTPS' target='_blank'>DNS-върху-HTTPS</a>",
    "example_upstream_sdns": "може да ползвате <a href='https://dnscrypt.info/stamps/' target='_blank'>DNS Подписване</a> за <a href='https://dnscrypt.info/' target='_blank'>DNSCrypt</a> или <a href='https://en.wikipedia.org/wiki/DNS_over_HTTPS' target='_blank'>DNS-върху-HTTPS</a> сървъри",
    "example_upstream_tcp": "класически DNS (TCP протокол)",
-    "updated_upstream_dns_toast": "Глобалните DNS сървъри са обновени",
    "dns_test_ok_toast": "Въведените DNS сървъри работят коректно",
    "dns_test_not_ok_toast": "Сървър \"{{key}}\": не работи, моля проверете дали е въведен коректно",
    "unblock": "Отблокирай",
@@ -245,5 +244,6 @@
    "allowed": "В белия списък",
    "filter_category_general": "General",
    "filter_category_security": "Сигурност",
-    "port_53_faq_link": "Порт 53 често е зает от \"DNSStubListener\" или \"systemd-resolved\" услуги. Моля, прочетете <0>тази инструкция</0> как да решите това."
+    "port_53_faq_link": "Порт 53 често е зает от \"DNSStubListener\" или \"systemd-resolved\" услуги. Моля, прочетете <0>тази инструкция</0> как да решите това.",
+    "parental_control": "Родителски контрол"
 }
--- a/client/src/__locales/cs.json
+++ b/client/src/__locales/cs.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "Neplatná adresa IPv6",
    "form_error_ip_format": "Neplatná adresa IP",
    "form_error_mac_format": "Neplatná adresa MAC",
-    "form_error_client_id_format": "Neplatné ID klienta",
+    "form_error_client_id_format": "ID klienta musí obsahovat pouze čísla, malá písmena a spojovníky",
    "form_error_server_name": "Neplatný název serveru",
    "form_error_subnet": "Podsíť \"{{cidr}}\" neobsahuje IP adresu \"{{ip}}\"",
    "form_error_positive": "Musí být větší než 0",
@@ -587,8 +587,8 @@
    "show_blocked_responses": "Zablokované",
    "show_whitelisted_responses": "Povolené",
    "show_processed_responses": "Zpracovaný",
-    "blocked_safebrowsing": "Blokované bezpečné prohlížení",
-    "blocked_adult_websites": "Blokované stránky pro dospělé",
+    "blocked_safebrowsing": "Blokováno modulem Bezpečné prohlížení",
+    "blocked_adult_websites": "Blokováno modulem Rodičovská kontrola",
    "blocked_threats": "Blokované hrozby",
    "allowed": "Povoleno",
    "filtered": "Filtrováno",
@@ -625,7 +625,7 @@
    "last_rule_in_allowlist": "Nelze zakázat tohoto klienta, protože vyloučení pravidla \"{{disallowed_rule}}\" ZRUŠÍ seznam \"Povolených klientů\".",
    "experimental": "Experimentální",
    "use_saved_key": "Použít dříve uložený klíče",
-    "parental_control": "Rodičovská kontrola",
+    "parental_control": "Rodičovská ochrana",
    "safe_browsing": "Bezpečné prohlížení",
    "served_from_cache": "{{value}} <i>(převzato z mezipaměti)</i>"
 }
--- a/client/src/__locales/da.json
+++ b/client/src/__locales/da.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "Ugyldig IPv6-adresse",
    "form_error_ip_format": "Ugyldig IP-adresse",
    "form_error_mac_format": "Ugyldig MAC-adresse",
-    "form_error_client_id_format": "Ugyldigt klient-ID",
+    "form_error_client_id_format": "Klient-ID må kun indeholde cifre, minuskler og bindestreger",
    "form_error_server_name": "Ugyldigt servernavn",
    "form_error_subnet": "Subnet \"{{cidr}}\" indeholder ikke IP-adressen \"{{ip}}\"",
    "form_error_positive": "Skal være større end 0",
@@ -587,8 +587,8 @@
    "show_blocked_responses": "Blokeret",
    "show_whitelisted_responses": "Hvidlistet",
    "show_processed_responses": "Behandlet",
-    "blocked_safebrowsing": "Blokeret af Safebrowsing",
-    "blocked_adult_websites": "Blokerede Voksen Websteder",
+    "blocked_safebrowsing": "Blokeret af Safe Browsing",
+    "blocked_adult_websites": "Blokeret af Forælderkontrol",
    "blocked_threats": "Blokerede Trusler",
    "allowed": "Tilladt",
    "filtered": "Filtreret",
@@ -626,6 +626,6 @@
    "experimental": "Eksperimentel",
    "use_saved_key": "Brug den tidligere gemte nøgle",
    "parental_control": "Forældrekontrol",
-    "safe_browsing": "Sikker browsing",
+    "safe_browsing": "Sikker Browsing",
    "served_from_cache": "{{value}} <i>(leveret fra cache)</i>"
 }
--- a/client/src/__locales/de.json
+++ b/client/src/__locales/de.json
@@ -588,7 +588,7 @@
    "show_whitelisted_responses": "Auf der Positivliste",
    "show_processed_responses": "Verarbeitet",
    "blocked_safebrowsing": "Gesperrt durch Internetsicherheit",
-    "blocked_adult_websites": "Gesperrte jugendgefährdende Websites",
+    "blocked_adult_websites": "Gesperrt durch Kindersicherung",
    "blocked_threats": "Gesperrte Bedrohungen",
    "allowed": "Zugelassen",
    "filtered": "Gefiltert",
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "Invalid IPv6 address",
    "form_error_ip_format": "Invalid IP address",
    "form_error_mac_format": "Invalid MAC address",
-    "form_error_client_id_format": "Invalid client ID",
+    "form_error_client_id_format": "Client ID must contain only numbers, lowercase letters, and hyphens",
    "form_error_server_name": "Invalid server name",
    "form_error_subnet": "Subnet \"{{cidr}}\" does not contain the IP address \"{{ip}}\"",
    "form_error_positive": "Must be greater than 0",
@@ -163,8 +163,8 @@
    "apply_btn": "Apply",
    "disabled_filtering_toast": "Disabled filtering",
    "enabled_filtering_toast": "Enabled filtering",
-    "disabled_safe_browsing_toast": "Disabled safebrowsing",
-    "enabled_safe_browsing_toast": "Enabled safebrowsing",
+    "disabled_safe_browsing_toast": "Disabled Safe Browsing",
+    "enabled_safe_browsing_toast": "Enabled Safe Browsing",
    "disabled_parental_toast": "Disabled parental control",
    "enabled_parental_toast": "Enabled parental control",
    "disabled_safe_search_toast": "Disabled safe search",
@@ -587,8 +587,8 @@
    "show_blocked_responses": "Blocked",
    "show_whitelisted_responses": "Allowed",
    "show_processed_responses": "Processed",
-    "blocked_safebrowsing": "Blocked by Safebrowsing",
-    "blocked_adult_websites": "Blocked Adult Websites",
+    "blocked_safebrowsing": "Blocked by Safe Browsing",
+    "blocked_adult_websites": "Blocked by Parental Control",
    "blocked_threats": "Blocked Threats",
    "allowed": "Allowed",
    "filtered": "Filtered",
@@ -625,7 +625,7 @@
    "last_rule_in_allowlist": "Cannot disallow this client because excluding the rule \"{{disallowed_rule}}\" will DISABLE \"Allowed clients\" list.",
    "experimental": "Experimental",
    "use_saved_key": "Use the previously saved key",
-    "parental_control": "Parental control",
-    "safe_browsing": "Safe browsing",
+    "parental_control": "Parental Control",
+    "safe_browsing": "Safe Browsing",
    "served_from_cache": "{{value}} <i>(served from cache)</i>"
 }
--- a/client/src/__locales/es.json
+++ b/client/src/__locales/es.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "Dirección IPv6 no válida",
    "form_error_ip_format": "Dirección IP no válida",
    "form_error_mac_format": "Dirección MAC no válida",
-    "form_error_client_id_format": "ID de cliente no válido",
+    "form_error_client_id_format": "El ID de cliente debe contener solo números, letras minúsculas y guiones",
    "form_error_server_name": "Nombre de servidor no válido",
    "form_error_subnet": "La subred \"{{cidr}}\" no contiene la dirección IP \"{{ip}}\"",
    "form_error_positive": "Debe ser mayor que 0",
@@ -588,7 +588,7 @@
    "show_whitelisted_responses": "Permitido",
    "show_processed_responses": "Procesado",
    "blocked_safebrowsing": "Bloqueado por navegación segura",
-    "blocked_adult_websites": "Sitios web para adultos bloqueado",
+    "blocked_adult_websites": "Bloqueado por control parental",
    "blocked_threats": "Amenazas bloqueadas",
    "allowed": "Permitido",
    "filtered": "Filtrado",
--- a/client/src/__locales/fa.json
+++ b/client/src/__locales/fa.json
@@ -17,7 +17,7 @@
    "form_error_required": "فیلد مورد نیاز",
    "form_error_ip4_format": "فرمت نامعتبر IPv4",
    "form_error_ip6_format": "فرمت نامعتبر IPv6",
-    "form_error_ip_format": "فرمت IPv4 نامعتبر است",
+    "form_error_ip_format": "آدرس آی پی نامعتبر است",
    "form_error_mac_format": "فرمت مَک نامعتبر است",
    "form_error_client_id_format": "فرمت شناسه کلاینت نامعتبر است",
    "form_error_positive": "باید بزرگتر از 0 باشد",
@@ -159,7 +159,6 @@
    "example_upstream_sdns": "شما میتوانید از <a href='https://dnscrypt.info/stamps/' target='_blank'>DNS Stamps</a> برای <a href='https://dnscrypt.info/' target='_blank'>DNSCrypt</a> یا <a href='https://en.wikipedia.org/wiki/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS</a> resolvers استفاده کنید",
    "example_upstream_tcp": "DNS عادی (بر TCP)",
    "all_lists_up_to_date_toast": "همه لیست ها از قبل بروز اند",
-    "updated_upstream_dns_toast": "سرورهای DNS جریان ارسالی بروز رسانی شده است",
    "dns_test_ok_toast": "سرورهای DNS تعیین شده بدرستی کار می کنند",
    "dns_test_not_ok_toast": "سرور \"{{key}}\": نمیتواند مورد استفاده قرار گیرد،لطفا بررسی کنید آن را بدرستی نوشته اید",
    "unblock": "رفع انسداد",
@@ -478,7 +477,7 @@
    "show_whitelisted_responses": "لیست سفید",
    "show_processed_responses": "پردازش شده",
    "blocked_safebrowsing": "بستن وب گردی اَمن",
-    "blocked_adult_websites": "وبسایت غیراخلاقی مسدود شده",
+    "blocked_adult_websites": "مسدود شده با نظارت والدین",
    "blocked_threats": "تهدیدات مسدود شده",
    "allowed": "اجازه داده شده",
    "filtered": "فیلتر شده",
--- a/client/src/__locales/fi.json
+++ b/client/src/__locales/fi.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "Virheellinen IPv6-osoite",
    "form_error_ip_format": "Virheellinen IP-osoite",
    "form_error_mac_format": "Virheellinen MAC-osoite",
-    "form_error_client_id_format": "Virheellinen päätelaitteen ID",
+    "form_error_client_id_format": "Päätelaitteen tunniste voi sisältää ainoastaan numeroita, pieniä kirjaimia sekä yhdysviivoja",
    "form_error_server_name": "Virheellinen palvelimen nimi",
    "form_error_subnet": "Aliverkko \"{{cidr}}\" ei sisällä IP-osoitetta \"{{ip}}\"",
    "form_error_positive": "Oltava suurempi kuin 0",
@@ -588,7 +588,7 @@
    "show_whitelisted_responses": "Sallitut",
    "show_processed_responses": "Käsitelty",
    "blocked_safebrowsing": "Turvallisen selauksen estämät",
-    "blocked_adult_websites": "Estetyt aikuisille tarkoitetut sivustot",
+    "blocked_adult_websites": "Lapsilukon estämät",
    "blocked_threats": "Estetyt uhat",
    "allowed": "Sallitut",
    "filtered": "Suodatetut",
@@ -603,9 +603,9 @@
    "enter_cache_size": "Syötä välimuistin koko (tavuina)",
    "enter_cache_ttl_min_override": "Syötä vähimmäis-TTL (sekunteina)",
    "enter_cache_ttl_max_override": "Syötä enimmäis-TTL (sekunteina)",
-    "cache_ttl_min_override_desc": "Pidennä ylävirran palvelimelta vastaanotettuja, lyhyitä time-to-live -arvoja (sekunteina) tallennettaessa DNS-vastauksia välimuistiin.",
-    "cache_ttl_max_override_desc": "Määritä DNS-välimuistin kohteiden suurin time-to-live -arvo (sekunteina)",
-    "ttl_cache_validation": "Välimuistin TTL-vähimmäisarvon tulee olla pienempi tai sama kuin enimmäisarvon",
+    "cache_ttl_min_override_desc": "Pidennä ylävirran palvelimelta vastaanotettuja, lyhyitä elinaika-arvoja (sekunteina) tallennettaessa DNS-vastauksia välimuistiin.",
+    "cache_ttl_max_override_desc": "Määritä DNS-välimuistin kohteiden suurin elinaika-arvo (sekunteina)",
+    "ttl_cache_validation": "Välimuistin elinajan vähimmäisarvon tulee olla pienempi tai sama kuin enimmäisarvon",
    "cache_optimistic": "Optimistinen välimuisti",
    "cache_optimistic_desc": "Pakota AdGuard Home vastaamaan välimuistista vaikka sen tiedot olisivat vanhentuneet. Pyri samalla myös päivittämään tiedot.",
    "filter_category_general": "Yleiset",
--- a/client/src/__locales/fr.json
+++ b/client/src/__locales/fr.json
@@ -588,7 +588,7 @@
    "show_whitelisted_responses": "Ajouté à la liste blanche",
    "show_processed_responses": "Traité",
    "blocked_safebrowsing": "Navigation sécurisée bloquée",
-    "blocked_adult_websites": "Sites à contenu adulte bloqués",
+    "blocked_adult_websites": "Bloqué par le Contrôle Parental",
    "blocked_threats": "Menaces bloquées",
    "allowed": "Autorisé",
    "filtered": "Filtré",
--- a/client/src/__locales/hr.json
+++ b/client/src/__locales/hr.json
@@ -163,7 +163,7 @@
    "apply_btn": "Primijeni",
    "disabled_filtering_toast": "Onemogućeno filtriranje",
    "enabled_filtering_toast": "Omogućeno filtriranje",
-    "disabled_safe_browsing_toast": "Onemogućena sigurna pretraga",
+    "disabled_safe_browsing_toast": "Onemogućena Sigurna pretraga",
    "enabled_safe_browsing_toast": "Omogućena sigurna pretraga",
    "disabled_parental_toast": "Onemogućen roditeljski nadzor",
    "enabled_parental_toast": "Omogućen roditeljski nadzor",
@@ -588,7 +588,7 @@
    "show_whitelisted_responses": "Na popisu dopuštenih",
    "show_processed_responses": "Obrađeno",
    "blocked_safebrowsing": "Blokirano s Sigurnom pretragom",
-    "blocked_adult_websites": "Blokirane web stranice za odrasle",
+    "blocked_adult_websites": "Blokirala roditeljska zaštita",
    "blocked_threats": "Blokirane prijetnje",
    "allowed": "Dopušteno",
    "filtered": "Filtrirano",
--- a/client/src/__locales/hu.json
+++ b/client/src/__locales/hu.json
@@ -36,9 +36,9 @@
    "dhcp_ipv4_settings": "DHCP IPv4 Beállítások",
    "dhcp_ipv6_settings": "DHCP IPv6 Beállítások",
    "form_error_required": "Kötelező mező",
-    "form_error_ip4_format": "Érvénytelen IPv4 formátum",
+    "form_error_ip4_format": "Érvénytelen IPv4 cím",
    "form_error_ip6_format": "Érvénytelen IPv6 formátum",
-    "form_error_ip_format": "Érvénytelen IP formátum",
+    "form_error_ip_format": "Érvénytelen IP-cím",
    "form_error_mac_format": "Érvénytelen MAC formátum",
    "form_error_client_id_format": "Érvénytelen kliens ID formátum",
    "form_error_server_name": "Érvénytelen szervernév",
@@ -578,7 +578,7 @@
    "show_whitelisted_responses": "Kivételezett",
    "show_processed_responses": "Feldolgozva",
    "blocked_safebrowsing": "Blokkolva a biztonságos böngészés által",
-    "blocked_adult_websites": "Blokkolva a felnőtt tartalmak által",
+    "blocked_adult_websites": "Szülői felügyelet által blokkolva",
    "blocked_threats": "Blokkolt fenyegetések",
    "allowed": "Engedve",
    "filtered": "Megszűrt",
--- a/client/src/__locales/id.json
+++ b/client/src/__locales/id.json
@@ -571,7 +571,7 @@
    "show_whitelisted_responses": "Dalam Daftar Putih",
    "show_processed_responses": "Terproses",
    "blocked_safebrowsing": "Terblokir oleh Safebrowsing",
-    "blocked_adult_websites": "Situs Dewasa Terblokir",
+    "blocked_adult_websites": "Diblok oleh Kontrol Orang tua",
    "blocked_threats": "Blokir Ancaman",
    "allowed": "Dibolehkan",
    "filtered": "Tersaring",
@@ -606,5 +606,5 @@
    "adg_will_drop_dns_queries": "AdGuard Home akan menghapus semua permintaan DNS dari klien ini.",
    "experimental": "Eksperimental",
    "use_saved_key": "Gunakan kunci yang disimpan sebelumnya",
-    "parental_control": "Kontrol orang tua"
+    "parental_control": "Kontrol Orang Tua"
 }
--- a/client/src/__locales/it.json
+++ b/client/src/__locales/it.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "Indirizzo IPv6 non valido",
    "form_error_ip_format": "Indirizzo IP non valido",
    "form_error_mac_format": "Indirizzo MAC non valido",
-    "form_error_client_id_format": "ID cliente non valido",
+    "form_error_client_id_format": "Il client ID deve contenere solo numeri, lettere minuscole e trattini",
    "form_error_server_name": "Nome server non valido",
    "form_error_subnet": "La subnet \"{{cidr}}\" non contiene l'indirizzo IP \"{{ip}}\"",
    "form_error_positive": "Deve essere maggiore di 0",
@@ -163,8 +163,8 @@
    "apply_btn": "Applica",
    "disabled_filtering_toast": "Disattiva filtri",
    "enabled_filtering_toast": "Attiva filtri",
-    "disabled_safe_browsing_toast": "Disattiva navigazione sicura",
-    "enabled_safe_browsing_toast": "Attiva navigazione sicura",
+    "disabled_safe_browsing_toast": "Disattiva Navigazione Sicura",
+    "enabled_safe_browsing_toast": "Attiva Navigazione Sicura",
    "disabled_parental_toast": "Disattiva il Controllo Parentale",
    "enabled_parental_toast": "Attiva Controllo Parentale",
    "disabled_safe_search_toast": "Ricerca sicura disattivata",
@@ -295,16 +295,16 @@
    "blocking_mode_null_ip": "IP nullo: Rispondi con indirizzo IP zero (0.0.0.0 per A; :: per AAAA)",
    "blocking_mode_custom_ip": "IP personalizzato: Rispondi con un indirizzo IP impostato manualmente",
    "upstream_dns_client_desc": "Se lasci questo spazio vuoto, AdGuard Home utilizzerà i server configurati nelle <0>impostazioni DNS</0>.",
-    "tracker_source": "Origine tracker",
+    "tracker_source": "Origine del tracciatore",
    "source_label": "Fonte",
-    "found_in_known_domain_db": "Trovato nel database dei domini conosciuti.",
+    "found_in_known_domain_db": "Trovato nel database dei domini noti.",
    "category_label": "Categoria",
    "rule_label": "Regola(e)",
    "list_label": "Elenco",
    "unknown_filter": "Filtro sconosciuto {{filterId}}",
-    "known_tracker": "Tracker conosciuto",
+    "known_tracker": "Tracciatore noto",
    "install_welcome_title": "Benvenuto nella Home di AdGuard!",
-    "install_welcome_desc": "AdGuard Home è un server DNS che blocca annunci e tracker in tutta la rete. Il suo scopo è quello di consentire di controllare l'intera rete e tutti i dispositivi, e non richiede l'utilizzo di un programma sul lato client.",
+    "install_welcome_desc": "AdGuard Home è un server DNS che blocca annunci e tracciatori a livello di rete. Il suo scopo è quello di permetterti il controllo dell'intera rete e di tutti i dispositivi, e non richiede l'utilizzo di un programma lato client.",
    "install_settings_title": "Interfaccia Web dell'Admin",
    "install_settings_listen": "Interfaccia d'ascolto",
    "install_settings_port": "Porta",
@@ -400,7 +400,7 @@
    "dns_status_error": "Errore nel recupero dello stato del server DNS",
    "down": "Spenta",
    "fix": "Risolvi",
-    "dns_providers": "Qui c'è un <0>elenco di fornitori DNS conosciuti</0> da cui scegliere.",
+    "dns_providers": "Qui c'è un <0>elenco di fornitori DNS noti</0> da cui scegliere.",
    "update_now": "Aggiorna ora",
    "update_failed": "Aggiornamento automatico non riuscito. Ti suggeriamo di <a>seguire questi passaggi</a> per aggiornare manualmente.",
    "processing_update": "Perfavore aspetta, AdGuard Home si sta aggiornando",
@@ -587,8 +587,8 @@
    "show_blocked_responses": "Bloccato",
    "show_whitelisted_responses": "Consentito",
    "show_processed_responses": "Processato",
-    "blocked_safebrowsing": "Blocco Navigazione sicura",
-    "blocked_adult_websites": "Siti per adulti bloccati",
+    "blocked_safebrowsing": "Bloccato da Navigazione Sicura",
+    "blocked_adult_websites": "Bloccato da Controllo Parentale",
    "blocked_threats": "Minacce bloccate",
    "allowed": "Consentito",
    "filtered": "Filtrato",
@@ -612,9 +612,9 @@
    "filter_category_security": "Sicurezza",
    "filter_category_regional": "Regionale",
    "filter_category_other": "Altro",
-    "filter_category_general_desc": "Elenchi per il blocco dei traccianti e degli annunci sulla maggioranza dei dispositivi",
+    "filter_category_general_desc": "Elenchi per il blocco dei tracciatori e degli annunci sulla maggioranza dei dispositivi",
    "filter_category_security_desc": "Elenchi progettati specificamente per bloccare domini malevoli, di phishing o truffa",
-    "filter_category_regional_desc": "Elenchi focalizzati su annunci regionali e server traccianti",
+    "filter_category_regional_desc": "Elenchi focalizzati su annunci regionali e server tracciatori",
    "filter_category_other_desc": "Altre liste nere",
    "setup_config_to_enable_dhcp_server": "Configurazione dell'installazione per l'attivazione del server DHCP",
    "original_response": "Responso originale",
@@ -625,7 +625,7 @@
    "last_rule_in_allowlist": "Impossibile bloccare questo client perché escludere la regola \"{{disallowed_rule}}\" DISATIVERÁ l'elenco \"Clienti consentiti\".",
    "experimental": "Sperimentale",
    "use_saved_key": "Utilizza la chiave salvata in precedenza",
-    "parental_control": "Controllo parentale",
-    "safe_browsing": "Navigazione sicura",
+    "parental_control": "Controllo Parentale",
+    "safe_browsing": "Navigazione Sicura",
    "served_from_cache": "{{value}} <i>(fornito dalla cache)</i>"
 }
--- a/client/src/__locales/ja.json
+++ b/client/src/__locales/ja.json
@@ -588,7 +588,7 @@
    "show_whitelisted_responses": "ホワイトリストにあり",
    "show_processed_responses": "処理済",
    "blocked_safebrowsing": "ブロックされたセーフブラウジング",
-    "blocked_adult_websites": "ブロックされたアダルトウェブサイト",
+    "blocked_adult_websites": "ペアレンタルコントロールによってブロックされました",
    "blocked_threats": "ブロックされた脅威",
    "allowed": "許可",
    "filtered": "フィルタで処理",
--- a/client/src/__locales/ko.json
+++ b/client/src/__locales/ko.json
@@ -588,7 +588,7 @@
    "show_whitelisted_responses": "예외 적용됨",
    "show_processed_responses": "처리됨",
    "blocked_safebrowsing": "차단된 세이프 브라우징",
-    "blocked_adult_websites": "차단된 성인 웹사이트",
+    "blocked_adult_websites": "자녀 보호로 차단됨",
    "blocked_threats": "차단된 위협",
    "allowed": "허용됨",
    "filtered": "필터링됨",
--- a/client/src/__locales/nl.json
+++ b/client/src/__locales/nl.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "Ongeldig IPv6-adres",
    "form_error_ip_format": "Ongeldig IP-adres",
    "form_error_mac_format": "Ongeldig MAC-adres",
-    "form_error_client_id_format": "Ongeldige cliënt-ID",
+    "form_error_client_id_format": "Client-ID mag alleen cijfers, kleine letters en koppeltekens bevatten",
    "form_error_server_name": "Ongeldige servernaam",
    "form_error_subnet": "Subnet “{{cidr}}” bevat niet het IP-adres “{{ip}}”",
    "form_error_positive": "Moet groter zijn dan 0",
@@ -587,8 +587,8 @@
    "show_blocked_responses": "Geblokkeerd",
    "show_whitelisted_responses": "Op toestemmingslijst",
    "show_processed_responses": "Verwerkt",
-    "blocked_safebrowsing": "Geblokkeerd door Veilig Browsen",
-    "blocked_adult_websites": "Geblokkeerde 18+ websites",
+    "blocked_safebrowsing": "Geblokkeerd door Veilig browsen",
+    "blocked_adult_websites": "Geblokkeerd door ouderlijk toezicht",
    "blocked_threats": "Geblokkeerde bedreigingen",
    "allowed": "Toegestaan",
    "filtered": "Gefilterd",
@@ -626,6 +626,6 @@
    "experimental": "Experimenteel",
    "use_saved_key": "De eerder opgeslagen sleutel gebruiken",
    "parental_control": "Ouderlijk toezicht",
-    "safe_browsing": "Veilig surfen",
+    "safe_browsing": "Veilig browsen",
    "served_from_cache": "{{value}} <i>(geleverd vanuit cache)</i>"
 }
--- a/client/src/__locales/no.json
+++ b/client/src/__locales/no.json
@@ -23,7 +23,7 @@
    "form_error_required": "Påkrevd felt",
    "form_error_ip4_format": "Ugyldig IPv4-format",
    "form_error_ip6_format": "Ugyldig IPv6-format",
-    "form_error_ip_format": "Ugyldig IPv4-format",
+    "form_error_ip_format": "Ugyldig IP-adresse",
    "form_error_mac_format": "Ugyldig MAC-format",
    "form_error_client_id_format": "Ugyldig ID-klientformat",
    "form_error_server_name": "Ugyldig tjenernavn",
@@ -171,7 +171,6 @@
    "example_upstream_sdns": "du kan bruke <0>DNS-stempler</0> med <1>DNSCrypt</1> eller <2>DNS-over-HTTPS</2>-behandlere",
    "example_upstream_tcp": "vanlig DNS (over TCP)",
    "all_lists_up_to_date_toast": "Alle listene er allerede oppdatert",
-    "updated_upstream_dns_toast": "Oppdaterte oppstrøms-DNS-tjenerne",
    "dns_test_ok_toast": "De spesifiserte DNS-tjenerne fungerer riktig",
    "dns_test_not_ok_toast": "Tjeneren «{{key}}» kunne ikke brukes, vennligst dobbeltsjekk at du har skrevet den riktig",
    "unblock": "Tillat",
@@ -524,7 +523,7 @@
    "show_whitelisted_responses": "Hvitelistet",
    "show_processed_responses": "Bearbeidet",
    "blocked_safebrowsing": "Blokkert av barnevennlig nettlesing",
-    "blocked_adult_websites": "Blokkerte voksennettsteder",
+    "blocked_adult_websites": "Blokkert av foreldrekontroll",
    "blocked_threats": "Blokkerte trusler",
    "allowed": "Unntak",
    "filtered": "Filtrert",
--- a/client/src/__locales/pl.json
+++ b/client/src/__locales/pl.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "Nieprawidłowy adres IPv6",
    "form_error_ip_format": "Nieprawidłowy adres IP",
    "form_error_mac_format": "Nieprawidłowy adres MAC",
-    "form_error_client_id_format": "Nieprawidłowy ID klienta",
+    "form_error_client_id_format": "ID klienta musi zawierać tylko cyfry, małe litery i myślniki",
    "form_error_server_name": "Nieprawidłowa nazwa serwera",
    "form_error_subnet": "Podsieć \"{{cidr}}\" nie zawiera adresu IP \"{{ip}}\"",
    "form_error_positive": "Musi być większa niż 0",
@@ -163,8 +163,8 @@
    "apply_btn": "Zastosuj",
    "disabled_filtering_toast": "Wyłączone filtrowanie",
    "enabled_filtering_toast": "Włączone filtrowanie",
-    "disabled_safe_browsing_toast": "Bezpieczne przeglądanie zostało wyłączone",
-    "enabled_safe_browsing_toast": "Bezpieczne przeglądanie zostało włączone",
+    "disabled_safe_browsing_toast": "Wyłączone Bezpieczne przeglądanie",
+    "enabled_safe_browsing_toast": "Włączone Bezpieczne przeglądanie",
    "disabled_parental_toast": "Wyłączona Kontrola Rodzicielska",
    "enabled_parental_toast": "Włączona Kontrola Rodzicielska",
    "disabled_safe_search_toast": "Bezpieczne wyszukiwanie zostało włączone",
@@ -587,8 +587,8 @@
    "show_blocked_responses": "Zablokowane",
    "show_whitelisted_responses": "Biała lista",
    "show_processed_responses": "Przetworzono",
-    "blocked_safebrowsing": "Zablokowane przez bezpieczne przeglądanie",
-    "blocked_adult_websites": "Zablokowane witryny dla dorosłych",
+    "blocked_safebrowsing": "Zablokowane przez Bezpieczne przeglądanie",
+    "blocked_adult_websites": "Zablokowane przez Kontrolę rodzicielską",
    "blocked_threats": "Zablokowane zagrożenia",
    "allowed": "Dozwolone",
    "filtered": "Filtrowane",
--- a/client/src/__locales/pt-br.json
+++ b/client/src/__locales/pt-br.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "Endereço de IPv6 inválido",
    "form_error_ip_format": "Endereço de IP inválido",
    "form_error_mac_format": "Endereço de MAC inválido",
-    "form_error_client_id_format": "ID de cliente inválido",
+    "form_error_client_id_format": "O ID do cliente deve conter apenas números, letras minúsculas e hifens",
    "form_error_server_name": "Nome de servidor inválido",
    "form_error_subnet": "A sub-rede \"{{cidr}}\" não contém o endereço IP \"{{ip}}\"",
    "form_error_positive": "Deve ser maior que 0",
@@ -588,7 +588,7 @@
    "show_whitelisted_responses": "Na lista branca",
    "show_processed_responses": "Processado",
    "blocked_safebrowsing": "Bloqueado pela navegação segura",
-    "blocked_adult_websites": "Sites adultos bloqueados",
+    "blocked_adult_websites": "Bloqueado pelo controle parental",
    "blocked_threats": "Ameaças bloqueadas",
    "allowed": "Permitido",
    "filtered": "Filtrado",
--- a/client/src/__locales/pt-pt.json
+++ b/client/src/__locales/pt-pt.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "Endereço de IPv6 inválido",
    "form_error_ip_format": "Endereço de IP inválido",
    "form_error_mac_format": "Endereço de MAC inválido",
-    "form_error_client_id_format": "ID de cliente inválido",
+    "form_error_client_id_format": "O ID do cliente deve conter apenas números, letras minúsculas e hifens",
    "form_error_server_name": "Nome de servidor inválido",
    "form_error_subnet": "A sub-rede \"{{cidr}}\" não contém o endereço IP \"{{ip}}\"",
    "form_error_positive": "Deve ser maior que 0",
@@ -588,7 +588,7 @@
    "show_whitelisted_responses": "Na lista branca",
    "show_processed_responses": "Processado",
    "blocked_safebrowsing": "Bloqueado pela navegação segura",
-    "blocked_adult_websites": "Sítios adultos bloqueados",
+    "blocked_adult_websites": "Bloqueado pelo controlo parental",
    "blocked_threats": "Ameaças bloqueadas",
    "allowed": "Permitido",
    "filtered": "Filtrado",
@@ -625,7 +625,7 @@
    "last_rule_in_allowlist": "Não é possível desautorizar este cliente porque excluir a regra \"{{disallowed_rule}}\" DESATIVARÁ a lista de \"Clientes permitidos\".",
    "experimental": "Experimental",
    "use_saved_key": "Use a chave guardada anteriormente",
-    "parental_control": "Controle parental",
+    "parental_control": "Controlo parental",
    "safe_browsing": "Navegação segura",
    "served_from_cache": "{{value}} <i>(servido do cache)</i>"
 }
--- a/client/src/__locales/ro.json
+++ b/client/src/__locales/ro.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "Adresa IPv6 nevalidă",
    "form_error_ip_format": "Adresă IP nevalidă",
    "form_error_mac_format": "Adresă MAC nevalidă",
-    "form_error_client_id_format": "ID client nevalid",
+    "form_error_client_id_format": "ID-ul clientului trebuie să conțină numai numere, litere minuscule și liniuțe.",
    "form_error_server_name": "Nume de server nevalid",
    "form_error_subnet": "Subrețeaua „{{cidr}}” nu conține adresa IP „{{ip}}”",
    "form_error_positive": "Trebuie să fie mai mare de 0",
@@ -149,9 +149,9 @@
    "general_settings": "Setări Generale",
    "dns_settings": "Setări DNS",
    "dns_blocklists": "Liste de blocări DNS",
-    "dns_allowlists": "Listă de DNS-uri autorizate",
+    "dns_allowlists": "Listă de autorizări DNS",
    "dns_blocklists_desc": "AdGuard Home blochează domenii incluse în liste de blocări.",
-    "dns_allowlists_desc": "Domeniile DNS autorizate vor fi permise, chiar dacă se află pe orice listă de blocări.",
+    "dns_allowlists_desc": "Domeniile din listele de autorizări DNS vor fi permise chiar dacă se află în oricare dintre listele de blocări.",
    "custom_filtering_rules": "Reguli filtrare personale",
    "encryption_settings": "Setări de criptare",
    "dhcp_settings": "Setări DHCP",
@@ -163,10 +163,10 @@
    "apply_btn": "Aplică",
    "disabled_filtering_toast": "Filtrare dezactivată",
    "enabled_filtering_toast": "Filtrare activată",
-    "disabled_safe_browsing_toast": "Navigare securitară dezactivată",
-    "enabled_safe_browsing_toast": "Navigare securitară activată",
-    "disabled_parental_toast": "Control parental dezactivat",
-    "enabled_parental_toast": "Control parental activat",
+    "disabled_safe_browsing_toast": "Navigare în siguranță dezactivată",
+    "enabled_safe_browsing_toast": "Navigare în siguranță activată",
+    "disabled_parental_toast": "Control Parental dezactivat",
+    "enabled_parental_toast": "Control Parental activat",
    "disabled_safe_search_toast": "Căutare protejată dezactivată",
    "enabled_save_search_toast": "Căutare protejată activată",
    "enabled_table_header": "Activat",
@@ -181,7 +181,7 @@
    "elapsed": "Scurs",
    "filters_and_hosts_hint": "AdGuard Home înțelege regulile de bază de blocare cât și sintaxa fișierelor hosts.",
    "no_blocklist_added": "Listă blocări goală",
-    "no_whitelist_added": "Listă autorizări goală",
+    "no_whitelist_added": "Nu s-au adăugat autorizări",
    "add_blocklist": "Adăugați blocaj",
    "add_allowlist": "Adăugați autorizare",
    "cancel_btn": "Anulare",
@@ -193,7 +193,7 @@
    "edit_blocklist": "Editare blocare",
    "edit_allowlist": "Editare autorizare",
    "choose_blocklist": "Alegeți liste de blocări",
-    "choose_allowlist": "Alegeți liste de autorizări",
+    "choose_allowlist": "Selectați liste de autorizări",
    "enter_valid_blocklist": "Introduceți un URL valid pentru blocare.",
    "enter_valid_allowlist": "Introduceți un URL valid pentru autorizare.",
    "form_error_url_format": "Format URL invalid",
@@ -585,9 +585,9 @@
    "validated_with_dnssec": "Validat cu DNSSEC",
    "all_queries": "Toate interogările",
    "show_blocked_responses": "Blocat",
-    "show_whitelisted_responses": "Pe lista albă",
+    "show_whitelisted_responses": "Autorizate",
    "show_processed_responses": "Tratat",
-    "blocked_safebrowsing": "Blocat de Navigarea securitară",
+    "blocked_safebrowsing": "Blocat de Navigarea în siguranță",
    "blocked_adult_websites": "Site-uri pentru adulți blocate",
    "blocked_threats": "Amenințări blocate",
    "allowed": "Permise",
@@ -625,6 +625,7 @@
    "last_rule_in_allowlist": "Acest client nu poate fi exclus deoarece excluderea regulii „{{disallowed_rule}}” va DEZACTIVA lista „Clienți acceptați”.",
    "experimental": "Experimental",
    "use_saved_key": "Folosiți cheia salvată anterior",
-    "parental_control": "Control parental",
-    "safe_browsing": "Navigare sigura"
+    "parental_control": "Control Parental",
+    "safe_browsing": "Navigare în siguranță",
+    "served_from_cache": "{{value}} <i>(furnizat din cache)</i>"
 }
--- a/client/src/__locales/ru.json
+++ b/client/src/__locales/ru.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "Некорректный IPv6-адрес",
    "form_error_ip_format": "Некорректный IP-адрес",
    "form_error_mac_format": "Некорректный MAC-адрес",
-    "form_error_client_id_format": "Некорректный ID клиента",
+    "form_error_client_id_format": "ID клиента может содержать только цифры, строчные латинские буквы и дефисы",
    "form_error_server_name": "Некорректное имя сервера",
    "form_error_subnet": "Подсеть «{{cidr}}» не содержит IP-адрес «{{ip}}»",
    "form_error_positive": "Должно быть больше 0",
@@ -163,8 +163,8 @@
    "apply_btn": "Применить",
    "disabled_filtering_toast": "Фильтрация выкл.",
    "enabled_filtering_toast": "Фильтрация вкл.",
-    "disabled_safe_browsing_toast": "Безопасная навигация выкл.",
-    "enabled_safe_browsing_toast": "Безопасная навигация вкл.",
+    "disabled_safe_browsing_toast": "Антифишинг отключен",
+    "enabled_safe_browsing_toast": "Антифишинг включен",
    "disabled_parental_toast": "Родительский контроль выкл.",
    "enabled_parental_toast": "Родительский контроль вкл.",
    "disabled_safe_search_toast": "Безопасный поиск выкл.",
@@ -587,8 +587,8 @@
    "show_blocked_responses": "Заблокировано",
    "show_whitelisted_responses": "В белом списке",
    "show_processed_responses": "Обработан",
-    "blocked_safebrowsing": "Заблокировано согласно базе данных Safebrowsing",
-    "blocked_adult_websites": "Заблокированные «взрослые» сайты",
+    "blocked_safebrowsing": "Заблокировано согласно базе данных Safe Browsing",
+    "blocked_adult_websites": "Заблокировано Родительским контролем",
    "blocked_threats": "Заблокировано угроз",
    "allowed": "Разрешённые",
    "filtered": "Отфильтрованные",
--- a/client/src/__locales/si-lk.json
+++ b/client/src/__locales/si-lk.json
@@ -3,14 +3,14 @@
    "example_upstream_comment": "ඔබට අදහසක් සඳහන් කළ හැකිය",
    "parallel_requests": "සමාන්තර ඉල්ලීම්",
    "load_balancing": "ධාරිතාව තුලනය",
-    "local_ptr_title": "පෞද්ගලික ප්‍රතිවර්ත ව.නා.ප. සේවාදායකයන්",
+    "local_ptr_title": "පෞද්ගලික ප්‍රතිවර්ත ව.නා.ප. සේවාදායක",
    "local_ptr_placeholder": "පේළියකට එක් සේවාදායක ලිපිනය බැගින් යොදන්න",
-    "resolve_clients_title": "අනුග්‍රාහකවල අ.ජා. කෙ. ලිපින ප්‍රතිවර්ත විසඳීම සබල කරන්න",
-    "check_dhcp_servers": "ග.ධා.වි.කෙ. සේවාදායකයන්  සඳහා පරීක්ෂා කරන්න",
+    "resolve_clients_title": "අනුග්‍රාහකවල අ.ජා.කෙ. ලිපින ප්‍රතිවර්ත විසඳීම සබල කරන්න",
+    "check_dhcp_servers": "ග.ධා.වි.කෙ. සේවාදායක සඳහා පරීක්‍ෂා කරන්න",
    "save_config": "වින්‍යාසය සුරකින්න",
-    "enabled_dhcp": "ග.ධා.වි.කෙ. සේවාදායකය සබල කර ඇත",
-    "disabled_dhcp": "ග.ධා.වි.කෙ. සේවාදායකය අබල කර ඇත",
-    "unavailable_dhcp_desc": "ඇඩ්ගාර්ඩ් හෝම් හට ඔබගේ මෙහෙයුම් පද්ධතියේ ග.ධා.වි.කෙ. සේවාදායකයක් ධාවනය කළ නොහැක",
+    "enabled_dhcp": "ග.ධා.වි.කෙ. සේවාදායකය සබල කෙරිණි",
+    "disabled_dhcp": "ග.ධා.වි.කෙ. සේවාදායකය අබල කෙරිණි",
+    "unavailable_dhcp_desc": "ඇඩ්ගාර්ඩ් හෝම් හට ඔබගේ මෙහෙයුම් පද්ධතියේ ග.ධා.වි.කෙ. සේවාදායකයක් ධාවනය කිරීමට නොහැකිය",
    "dhcp_title": "ග.ධා.වි.කෙ. සේවාදායකය (පර්යේෂණාත්මක!)",
    "dhcp_description": "ඔබගේ මාර්ගකාරකය ග.ධා.වි.කෙ. (DHCP) සැකසුම් ලබා නොදෙන්නේ නම්, ඔබට ඇඩ්ගාර්ඩ් හි ඇති ග.ධා.වි.කෙ. සේවාදායකය භාවිතා කළ හැකිය.",
    "dhcp_enable": "ග.ධා.වි.කෙ. සේවාදායකය සබල කරන්න",
@@ -19,24 +19,25 @@
    "dhcp_ipv4_settings": "ග.ධා.වි.කෙ. අ.ජා.කෙ. 4 සැකසුම්",
    "dhcp_ipv6_settings": "ග.ධා.වි.කෙ. අ.ජා.කෙ. 6 සැකසුම්",
    "form_error_required": "අවශ්‍ය ක්ෂේත්‍රයකි",
-    "form_error_ip4_format": "වලංගු නොවන IPv4 ආකෘතියකි",
-    "form_error_ip6_format": "වලංගු නොවන IPv6 ආකෘතියකි",
-    "form_error_ip_format": "වලංගු නොවන අ.ජා. කෙ. (IP) ආකෘතියකි",
-    "form_error_mac_format": "වලංගු නොවන මා.ප්‍ර.පා. ආකෘතියකි",
-    "form_error_client_id_format": "වලංගු නොවන අනුග්‍රාහක හැඳුනුම් ආකෘතියකි",
+    "form_error_ip4_format": "වලංගු නොවන IPv4 ලිපිනයකි",
+    "form_error_ip4_range_start_format": "පරාසය ආරම්භයේ අ.ජා.කෙ.4 ලිපිනය වලංගු නොවේ",
+    "form_error_ip4_range_end_format": "පරාසය අවසානයේ අ.ජා.කෙ.4 ලිපිනය වලංගු නොවේ",
+    "form_error_ip6_format": "වලංගු නොවන අ.ජා.කෙ.6 ලිපිනයකි",
+    "form_error_ip_format": "අ.ජා.කෙ. (IP) ලිපිනය වලංගු නොවේ",
+    "form_error_mac_format": "මා.ප්‍ර.පා. ලිපිනය වලංගු නොවේ",
+    "form_error_client_id_format": "අනුග්‍රාහකයේ හැඳු. වලංගු නොවේ",
    "form_error_server_name": "වලංගු නොවන සේවාදායක නාමයකි",
    "form_error_positive": "0 ට වඩා වැඩි විය යුතුය",
-    "form_error_negative": "0 හෝ ඊට වැඩි විය යුතුය",
    "dhcp_form_range_title": "අ.ජා. කෙ. (IP) ලිපින පරාසය",
    "dhcp_form_range_start": "පරාසය ආරම්භය",
    "dhcp_form_range_end": "පරාසය අවසානය",
    "dhcp_interface_select": "ග.ධා.වි.කෙ. අතුරුමුහුණත තෝරන්න",
    "dhcp_hardware_address": "දෘඩාංග ලිපිනය",
-    "dhcp_ip_addresses": "අ.ජා. කෙ. (IP) ලිපින",
-    "ip": "අ.ජා. කෙ. (IP)",
+    "dhcp_ip_addresses": "අ.ජා.කෙ. (IP) ලිපින",
+    "ip": "අ.ජා.කෙ. (IP)",
    "dhcp_table_hostname": "ධාරක නාමය",
    "dhcp_table_expires": "කල් ඉකුත් වීම",
-    "dhcp_warning": "ඔබට කෙසේ හෝ ග.ධා.වි.කෙ. සේවාදායකය සබල කිරීමට අවශ්‍ය නම්, ඔබේ ජාලයේ වෙනත් ක්‍රියාකාරී ග.ධා.වි.කෙ. සේවාදායකයක් නොමැති බව තහවුරු කරගන්න. මෙය සම්බන්ධිත උපාංග සඳහා අන්තර්ජාලය බිඳ දැමිය හැකිය!",
+    "dhcp_warning": "ඔබට කෙසේ හෝ ග.ධා.වි.කෙ. සේවාදායකය සබල කිරීමට අවශ්‍ය නම්, ඔබගේ ජාලයේ වෙනත් ක්‍රියාකාරී ග.ධා.වි.කෙ. සේවාදායකයක් නැති බව තහවුරු කරගන්න. මෙය සම්බන්ධිත උපාංග සඳහා අන්තර්ජාලය බිඳ දැමිය හැකිය!",
    "dhcp_error": "ජාලයේ තවත් ග.ධා.වි.කෙ. සේවාදායකයක් තිබේද යන්න නිශ්චය කළ නොහැකි විය.",
    "dhcp_static_ip_error": "ග.ධා.වි.කෙ. සේවාදායකය භාවිතා කිරීම සඳහා ස්ථිතික අන්තර්ජාල කෙටුම්පත් (IP) ලිපිනයක් සැකසිය යුතුය. මෙම ජාල අතුරුමුහුණත ස්ථිතික අ.ජා. කෙ. ලිපිනයක් භාවිතයෙන් වින්‍යාසගත කර තිබේද යන්න තීරණය කිරීමට ඇඩ්ගාර්ඩ් හෝම් අසමත් විය. කරුණාකර ස්ථිතික අ.ජා. කෙ. ලිපිනයක් අතින් සකසන්න.",
    "dhcp_dynamic_ip_found": "ඔබගේ පද්ධතිය <0>{{interfaceName}}</0> අතුරු මුහුණත සඳහා ගතික අන්තර්ජාල කෙටුම්පත් (IP) ලිපින වින්‍යාසය භාවිතා කරයි. ග.ධා.වි.කෙ. සේවාදායකය භාවිතා කිරීම සඳහා ස්ථිතික අ.ජා. කෙ. ලිපිනයක් සැකසිය යුතුය. ඔබගේ වර්තමාන අ.ජා. කෙ. ලිපිනය <0>{{ipAddress}}</0> වේ. ඔබ \"ග.ධා.වි.කෙ. සබල කරන්න\" බොත්තම එබුවහොත් ඇඩ්ගාර්ඩ් හෝම් ස්වයංක්‍රීයව මෙම අ.ජා. කෙ. ලිපිනය ස්ථිතික ලෙස සකසනු ඇත.",
@@ -46,7 +47,7 @@
    "delete_confirm": "\"{{key}}\" මකා දැමීමට අවශ්‍ය බව ඔබට විශ්වාසද?",
    "form_enter_hostname": "ධාරක නාමය ඇතුල් කරන්න",
    "error_details": "දෝෂ විස්තර",
-    "response_details": "ප්‍රතිචාරය‌ෙහි විස්තර",
+    "response_details": "ප්‍රතිචාරයෙහි විස්තර",
    "request_details": "ඉල්ලීමෙහි විස්තර",
    "client_details": "අනුග්‍රාහකයේ විස්තර",
    "details": "විස්තර",
@@ -57,8 +58,8 @@
    "filter": "පෙරහන",
    "query_log": "විමසුම් ලොගය",
    "compact": "සංක්ෂිප්ත",
-    "nothing_found": "කිසිවක් සොයාගත නොහැක",
-    "faq": "නිති අසන පැණ",
+    "nothing_found": "කිසිවක් හමු නොවිණි",
+    "faq": "නිති පැණ",
    "version": "අනුවාදය",
    "address": "ලිපිනය",
    "protocol": "කෙටුම්පත",
@@ -68,87 +69,89 @@
    "homepage": "මුල්  පිටුව",
    "report_an_issue": "ගැටලුවක් වාර්තා කරන්න",
    "privacy_policy": "රහස්‍යතා ප්‍රතිපත්තිය",
-    "enable_protection": "ආරක්ෂණය සබල කරන්න",
-    "enabled_protection": "ආරක්ෂණය සබල කර ඇත",
-    "disable_protection": "ආරක්ෂණය අබල කරන්න",
-    "disabled_protection": "ආරක්ෂණය අබල කර ඇත",
+    "enable_protection": "රැකවරණය සබල කරන්න",
+    "enabled_protection": "රැකවරණය සබල කෙරිණි",
+    "disable_protection": "රැකවරණය අබල කරන්න",
+    "disabled_protection": "රැකවරණය අබල කෙරිණි",
    "refresh_statics": "සංඛ්‍යාලේඛන නැවුම් කරන්න",
    "dns_query": "ව.නා.ප. (DNS) විමසුම්",
-    "blocked_by": "<0>පෙරහන් මගින් අවහිර කරන ලද</0>",
+    "blocked_by": "<0>පෙරහන් මගින් අවහිර කළ</0>",
    "stats_malware_phishing": "අවහිර කළ ද්වේශාංග/තතුබෑම්",
    "stats_adult": "අවහිර කළ වැඩිහිටි වියමන අඩවි",
    "stats_query_domain": "ජනප්‍රිය විමසන ලද වසම්",
    "for_last_24_hours": "පසුගිය පැය 24 සඳහා",
-    "for_last_days": "පසුගිය දින {{count}} සඳහා",
-    "for_last_days_plural": "පසුගිය දින {{count}} සඳහා",
-    "no_domains_found": "වසම් කිසිවක් සොයා ගත නොහැකි විය",
+    "for_last_days": "පසුගිය දවස් {{count}} සඳහා",
+    "for_last_days_plural": "පසුගිය දවස් {{count}} සඳහා",
+    "stats_disabled": "සංඛ්‍යාලේඛන අබල කර ඇත. එය <0>සැකසුම් පිටුවෙන්</0> සබල කළ හැකිය.",
+    "stats_disabled_short": "සංඛ්‍යාලේඛන අබල කර ඇත",
+    "no_domains_found": "වසම් කිසිවක් හමු නොවිණි",
    "requests_count": "ඉල්ලීම් ගණන",
    "top_blocked_domains": "ජනප්‍රිය අවහිර කළ වසම්",
-    "top_clients": "ජනප්‍රිය අනුග්‍රාහකයන්",
-    "no_clients_found": "අනුග්‍රාහකයින් හමු නොවිණි",
+    "top_clients": "ජනප්‍රිය අනුග්‍රාහක",
+    "no_clients_found": "අනුග්‍රාහක හමු නොවිණි",
    "general_statistics": "පොදු සංඛ්‍යාලේඛන",
-    "number_of_dns_query_days": "පසුගිය දින {{count}} සඳහා සැකසූ ව.නා.ප. විමසුම් ගණන",
-    "number_of_dns_query_days_plural": "පසුගිය දින {{count}} සඳහා සැකසූ ව.නා.ප. විමසුම් ගණන",
-    "number_of_dns_query_24_hours": "පසුගිය හෝරා 24 සඳහා සැකසූ ව.නා.ප. විමසුම් ගණන",
-    "number_of_dns_query_blocked_24_hours": "දැන්වීම් වාරණ පෙරහන් සහ ධාරක වාරණ ලැයිස්තු මගින් අවහිර කරන ලද ව.නා.ප. ඉල්ලීම් ගණන",
-    "number_of_dns_query_blocked_24_hours_by_sec": "ඇඩ්ගාර්ඩ් පිරික්සුම් ආරක්ෂණ ඒකකය මගින් අවහිර කරන ලද ව.නා.ප. ඉල්ලීම් ගණන",
+    "number_of_dns_query_days": "පසුගිය දවස් {{count}} සඳහා සැකසූ ව.නා.ප. විමසුම් ගණන",
+    "number_of_dns_query_days_plural": "පසුගිය දවස් {{count}} සඳහා සැකසූ ව.නා.ප. විමසුම් ගණන",
+    "number_of_dns_query_24_hours": "පසුගිය පැය 24 සඳහා සැකසූ ව.නා.ප. විමසුම් ගණන",
+    "number_of_dns_query_blocked_24_hours": "දැන්වීම් වාරණ පෙරහන් සහ ධාරක වාරණ ලැයිස්තු මගින් අවහිර කළ ව.නා.ප. ඉල්ලීම් ගණන",
+    "number_of_dns_query_blocked_24_hours_by_sec": "ඇඩ්ගාර්ඩ් පිරික්සුම් ආරක්‍ෂණ ඒකකය මගින් අවහිර කළ ව.නා.ප. ඉල්ලීම් ගණන",
    "number_of_dns_query_blocked_24_hours_adult": "අවහිර කළ වැඩිහිටි වියමන අඩවි ගණන",
-    "enforced_save_search": "ආරක්ෂිත සෙවීම බලාත්මක කරන ලද",
+    "enforced_save_search": "ආරක්ෂිත සෙවීම බලාත්මක කළ",
    "number_of_dns_query_to_safe_search": "ආරක්ෂිත සෙවීම බලාත්මක කළ සෙවුම් යන්ත්‍ර සඳහා ව.නා.ප. ඉල්ලීම් ගණන",
    "average_processing_time": "සාමාන්‍ය සැකසුම් කාලය",
    "average_processing_time_hint": "ව.නා.ප. ඉල්ලීමක් සැකසීමේ සාමාන්‍ය කාලය මිලි තත්පර වලින්",
    "block_domain_use_filters_and_hosts": "පෙරහන් සහ ධාරක ගොනු භාවිතා කරමින් වසම් අවහිර කරන්න",
    "filters_block_toggle_hint": "ඔබට අවහිර කිරීමේ නීති <a>පෙරහන්</a> තුළ පිහිටුවිය හැකිය.",
-    "use_adguard_browsing_sec": "ඇඩ්ගාර්ඩ් පිරික්සුම් ආරක්ෂණ වියමන සේවාව භාවිතා කරන්න",
+    "use_adguard_browsing_sec": "ඇඩ්ගාර්ඩ් පිරික්සුම් ආරක්‍ෂණ වියමන සේවාව භාවිතා කරන්න",
    "use_adguard_parental": "ඇඩ්ගාර්ඩ් දෙමාපිය පාලන වියමන සේවාව භාවිතා කරන්න",
-    "use_adguard_parental_hint": "වසමේ වැඩිහිටියන්ට අදාල කරුණු අඩංගු දැයි ඇඩ්ගාර්ඩ් හෝම් විසින් පරීක්ෂා කරනු ඇත. එය පිරික්සුම් ආරක්ෂණ වියමන සේවාව මෙන් රහස්‍යතා හිතකාමී යෙ.ක්‍ර. අ.මු. (API) භාවිතා කරයි.",
-    "enforce_safe_search": "ආරක්ෂිත සෙවීම භාවිතා කරන්න",
-    "enforce_save_search_hint": "ඇඩ්ගාර්ඩ් හෝම් පහත සෙවුම් යන්ත්‍ර තුළ ආරක්ෂිත සෙවීම බලාත්මක කරනු ඇත: ගූගල්, යූටියුබ්, බින්ග්, ඩක්ඩක්ගෝ, යාන්ඩෙක්ස් සහ පික්සාබේ.",
+    "use_adguard_parental_hint": "වසමේ වැඩිහිටියන්ට අදාල කරුණු අඩංගු දැයි ඇඩ්ගාර්ඩ් හෝම් විසින් පරීක්ෂා කරනු ඇත. එය පිරික්සුම් ආරක්‍ෂණ වියමන සේවාව මෙන් රහස්‍යතා හිතකාමී යෙ.ක්‍ර. අ.මු. (API) භාවිතා කරයි.",
+    "enforce_safe_search": "ආරක්‍ෂිත සෙවුම භාවිතා කරන්න",
+    "enforce_save_search_hint": "ඇඩ්ගාර්ඩ් හෝම් පහත සෙවුම් යන්ත්‍ර තුළ ආරක්‍ෂිත සෙවුම බලාත්මක කරනු ඇත: ගූගල්, යූටියුබ්, බින්ග්, ඩක්ඩක්ගෝ, යාන්ඩෙක්ස් සහ පික්සාබේ.",
    "no_servers_specified": "සේවාදායක කිසිවක් නිශ්චිතව දක්වා නැත",
    "general_settings": "පොදු සැකසුම්",
    "dns_settings": "ව.නා.ප. සැකසුම්",
    "dns_blocklists": "ව.නා.ප. අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තු",
    "dns_allowlists": "ව.නා.ප. ඉඩ දීමේ ලැයිස්තු",
-    "dns_blocklists_desc": "ඇඩ්ගාර්ඩ් හෝම් විසින් අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තු වලට ගැලපෙන වසම් අවහිර කරනු ඇත.",
+    "dns_blocklists_desc": "ඇඩ්ගාර්ඩ් හෝම් විසින් අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තු වලට ගැළපෙන වසම් අවහිර කරනු ඇත.",
    "dns_allowlists_desc": "ඉඩ දීමේ ව.නා.ප. ලැයිස්තුවල වසම් කිසියම් අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තුවක අඩංගු වුවද එය නොසලකා හැර ඉඩ දෙනු ලැබේ.",
    "custom_filtering_rules": "අභිරුචි පෙරීමේ නීති",
-    "encryption_settings": "සංකේතාංකන සැකසුම්",
+    "encryption_settings": "සංකේතන සැකසුම්",
    "dhcp_settings": "ග.ධා.වි.කෙ. සැකසුම්",
-    "upstream_dns": "Upstream ව.නා.ප. සේවාදායකයන්",
-    "upstream_dns_help": "පේළියකට එක් සේවාදායක ලිපිනය බැගින් ඇතුල් කරන්න. upstream ව.නා.ප. (DNS) \n සේවාදායකයන් වින්‍යාසගත කිරීම ගැන <a>තව දැනගන්න</a>.",
+    "upstream_dns": "Upstream ව.නා.ප. සේවාදායක",
+    "upstream_dns_help": "පේළියකට එක් සේවාදායක ලිපිනය බැගින් ඇතුල් කරන්න. upstream ව.නා.ප. (DNS) \n සේවාදායක වින්‍යාසගත කිරීම ගැන <a>තව දැනගන්න</a>.",
    "upstream_dns_configured_in_file": "{{path}} හි වින්‍යාසගත කර ඇත",
    "apply_btn": "යොදන්න",
-    "disabled_filtering_toast": "පෙරීම අබල කර ඇත",
-    "enabled_filtering_toast": "පෙරීම සබල කර ඇත",
-    "disabled_safe_browsing_toast": "ආරක්ෂිත සෙවීම අබල කර ඇත",
-    "enabled_safe_browsing_toast": "ආරක්ෂිත සෙවීම සබල කර ඇත",
-    "disabled_parental_toast": "Parental control අබල කර ඇත",
-    "enabled_parental_toast": "Parental control සබල කර ඇත",
-    "disabled_safe_search_toast": "ආරක්ෂිත සෙවීම අබල කර ඇත",
-    "enabled_save_search_toast": "ආරක්ෂිත සෙවීම සබල කර ඇත",
-    "enabled_table_header": "සබල කර ඇත",
+    "disabled_filtering_toast": "පෙරීම අබල කෙරිණි",
+    "enabled_filtering_toast": "පෙරීම සබල කෙරිණි",
+    "disabled_safe_browsing_toast": "ආරක්‍ෂිත පිරික්සුම අබල කෙරිණි",
+    "enabled_safe_browsing_toast": "ආරක්‍ෂිත පිරික්සුම සබල කෙරිණි",
+    "disabled_parental_toast": "දෙමාපිය පාලනය අබල කෙරිණි",
+    "enabled_parental_toast": "දෙමාපිය පාලනය සබල කෙරිණි",
+    "disabled_safe_search_toast": "ආරක්‍ෂිත සෙවුම අබල කෙරිණි",
+    "enabled_save_search_toast": "ආරක්‍ෂිත සෙවුම සබල කෙරිණි",
+    "enabled_table_header": "සබලයි",
    "name_table_header": "නම",
    "list_url_table_header": "ඒ.ස.නි.(URL) ලැයිස්තුව",
    "rules_count_table_header": "නීති ගණන",
-    "last_time_updated_table_header": "අවසන් වරට යාවත්කාලීන කරන ලද",
+    "last_time_updated_table_header": "අවසන් යාවත්කාල වීම",
    "actions_table_header": "ක්‍රියාමාර්ග",
    "request_table_header": "ඉල්ලීම",
    "edit_table_action": "සංස්කරණය කරන්න",
    "delete_table_action": "මකන්න",
-    "elapsed": "ගත වූූූ කාලය",
+    "elapsed": "ගත වූ කාලය",
    "filters_and_hosts_hint": "ඇඩ්ගාර්ඩ් හෝම් මූලික දැන්වීම් වාරණ නීති සහ ධාරක ගොනු පද ගැලපුම් තේරුම් ගනී.",
    "no_blocklist_added": "අවහිර කිරීමේ ලැයිස්තු එකතු කර නැත",
    "no_whitelist_added": "ඉඩ දීමේ ලැයිස්තු එකතු කර නැත",
    "add_blocklist": "අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තුවක් එකතු කරන්න",
    "add_allowlist": "ඉඩ දීමේ ලැයිස්තුවක් එකතු කරන්න",
-    "cancel_btn": "අහෝසි කරන්න",
+    "cancel_btn": "අවලංගු",
    "enter_name_hint": "නම ඇතුල් කරන්න",
    "enter_url_or_path_hint": "ලැයිස්තුවක ඒ.ස.නි.(URL) හෝ ස්ථීර මාර්ගයක් ඇතුල් කරන්න",
-    "check_updates_btn": "යාවත්කාල පරීක්ෂා කරන්න",
+    "check_updates_btn": "යාවත්කාල පරීක්‍ෂා කරන්න",
    "new_blocklist": "නව අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තුව",
    "new_allowlist": "නව ඉඩ දීමේ ලැයිස්තුව",
-    "edit_blocklist": "අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තුව සංස්කරණය කරන්න",
-    "edit_allowlist": "ඉඩ දීමේ ලැයිස්තුව සංස්කරණය කරන්න",
+    "edit_blocklist": "අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තුව සංස්කරණය",
+    "edit_allowlist": "ඉඩ දීමේ ලැයිස්තුව සංස්කරණය",
    "choose_blocklist": "අවහිර කීරීමේ ලැයිස්තුවක් තෝරන්න",
    "choose_allowlist": "ඉඩ දීමේ ලැයිස්තු තෝරන්න",
    "enter_valid_blocklist": "අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තුවට වලංගු ඒ.ස.නි.(URL) ලිපිනයක් ඇතුල් කරන්න.",
@@ -157,22 +160,23 @@
    "form_error_url_or_path_format": "ලැයිස්තුවක වලංගු නොවන ඒ.ස.නි.(URL) හෝ ස්ථීර මාර්ගයකි",
    "custom_filter_rules": "අභිරුචි පෙරීමේ නීති",
    "custom_filter_rules_hint": "පේළියකට එක් නීතියක් බැගින් ඇතුල් කරන්න. ඔබට දැන්වීම් අවහිර කිරීමේ නීති හෝ ධාරක ගොනු පද ගැලපුම් භාවිතා කළ හැකිය.",
+    "system_host_files": "පද්ධතියේ සත්කාරක ගොනු",
    "examples_title": "උදාහරණ",
-    "example_meaning_filter_block": "example.org වසමට සහ එහි සියලුම උප වසම් වලට පිවිසීම අවහිර කරයි",
-    "example_meaning_filter_whitelist": "example.org වසමට සහ එහි සියලුම උප වසම් වලට ප්‍රවේශය අවහිර නොකරයි",
-    "example_meaning_host_block": "ඇඩ්ගාර්ඩ් හෝම් දැන් example.org වසම සඳහා 127.0.0.1 ලිපිනය ලබා දෙනු ඇත (නමුත් එහි උප ලිපින නොවේ).",
+    "example_meaning_filter_block": "උදාහරණය.ලංකා වසමට සහ එහි සියළුම උප වසම් වලට ප්‍රවේශය අවහිර කරයි",
+    "example_meaning_filter_whitelist": "උදාහරණය.ලංකා වසමට සහ එහි සියළුම උප වසම් වලට ප්‍රවේශය අනවහිර කරයි",
+    "example_meaning_host_block": "ඇඩ්ගාර්ඩ් හෝම් දැන් උදාහරණය.ලංකා වසම සඳහා 127.0.0.1 ලිපිනය ලබා දෙනු ඇත (නමුත් එහි උප ලිපින නොවේ).",
    "example_comment": "! මෙතැන අදහස් දැක්වීමක්",
-    "example_comment_meaning": "විස්තර කිරීමක්",
+    "example_comment_meaning": "අදහසක්",
    "example_comment_hash": "# එසේම අදහස් දැක්වීමක්",
-    "example_regex_meaning": "නිශ්චිතව දක්වා ඇති නිත්‍ය වාක්‍යවිධියට ගැලපෙන වසම් වෙත පිවිසීම අවහිර කරයි",
+    "example_regex_meaning": "නිශ්චිතව දක්වා ඇති නිත්‍ය වාක්‍යවිධියට ගැලපෙන වසම් වෙත ප්‍රවේශය අවහිර කරයි",
    "example_upstream_regular": "සාමාන්‍ය ව.නා.ප. (UDP හරහා)",
-    "example_upstream_dot": "සංකේතාංකනය කළ <0>DNS-over-TLS</0>",
-    "example_upstream_doh": "සංකේතාංකනය කළ <0>DNS-over-HTTPS</0>",
-    "example_upstream_doq": "සංකේතාංකනය කළ <0>DNS-over-QUIC</0>",
+    "example_upstream_dot": "සංකේතිත <0>DNS-over-TLS</0>",
+    "example_upstream_doh": "සංකේතිත <0>DNS-over-HTTPS</0>",
+    "example_upstream_doq": "සංකේතිත <0>DNS-over-QUIC</0>",
    "example_upstream_tcp": "සාමාන්‍ය ව.නා.ප. (TCP/ස.පා.කෙ. හරහා) ",
-    "all_lists_up_to_date_toast": "සියලුම ලැයිස්තු දැනටමත් යාවත්කාලීනයි",
-    "dns_test_ok_toast": "සඳහන් කළ ව.නා.ප. සේවාදායකයන් නිවැරදිව ක්‍රියා කරයි",
-    "dns_test_not_ok_toast": "සේවාදායක \"{{key}}\": භාවිතා කළ නොහැකි විය, කරුණාකර ඔබ එය නිවැරදිව ලියා ඇත්දැයි පරීක්ෂා කරන්න",
+    "all_lists_up_to_date_toast": "සියළුම ලැයිස්තු දැනටමත් යාවත්කාලීනයි",
+    "dns_test_ok_toast": "සඳහන් කළ ව.නා.ප. සේවාදායක නිවැරදිව ක්‍රියා කරයි",
+    "dns_test_not_ok_toast": "\"{{key}}\" සේවාදායක(ය): භාවිතා කිරීමට නොහැකි විය, ඔබ එය නිවැරදිව ලියා ඇතිදැයි පරීක්‍ෂා කරන්න",
    "unblock": "අනවහිර",
    "block": "අවහිර",
    "disallow_this_client": "මෙම අනුග්‍රාහකයට නොඉඩ දෙන්න",
@@ -196,11 +200,11 @@
    "loading_table_status": "පූරණය ‌වෙමින්...",
    "page_table_footer_text": "පිටුව",
    "rows_table_footer_text": "පේළි",
-    "updated_custom_filtering_toast": "අභිරුචි පෙරීමේ නීති යාවත්කාල කරන ලදි",
-    "rule_removed_from_custom_filtering_toast": "අභිරුචි පෙරීමේ නීති තුළින් නීතියක් ඉවත් කරන ලදි {{rule}}",
-    "rule_added_to_custom_filtering_toast": "අභිරුචි පෙරීමේ නීති තුළට මෙම නීතිය එකතු කරන ලදි {{rule}}",
-    "query_log_response_status": "තත්ත්වය: {{value}}",
-    "query_log_filtered": "{{filter}} මගින් පෙරහන් කරන ලදි",
+    "updated_custom_filtering_toast": "අභිරුචි නීති සාර්ථකව සුරකින ලදි",
+    "rule_removed_from_custom_filtering_toast": "අභිරුචි පෙරීමේ නීති තුළින් නීතියක් ඉවත් කෙරිණි: {{rule}}",
+    "rule_added_to_custom_filtering_toast": "අභිරුචි පෙරීමේ නීති තුළට මෙම නීතිය එකතු කෙරිණි: {{rule}}",
+    "query_log_response_status": "තත්වය: {{value}}",
+    "query_log_filtered": "{{filter}} මගින් පෙරිණි",
    "query_log_confirm_clear": "සම්පූර්ණ විමසුම් ලොගය ඉවත් කිරීමට අවශ්‍ය යැයි ඔබට විශ්වාසද?",
    "query_log_updated": "විමසුම් ලොගය සාර්ථකව යාවත්කාලීන කරන ලදි",
    "query_log_clear": "විමසුම් ලොග ඉවත් කරන්න",
@@ -208,10 +212,10 @@
    "query_log_enable": "ලොගය සබල කරන්න",
    "query_log_configuration": "ලොග වින්‍යාසය",
    "query_log_disabled": "විමසුම් ලොගය අබල කර ඇති අතර එය <0>සැකසුම්</0> තුළ වින්‍යාසගත කළ හැකිය",
-    "query_log_strict_search": "ඉතා නිවැරදිව සෙවීම සඳහා ද්විත්ව උද්ධෘතය භාවිතා කරන්න",
+    "query_log_strict_search": "ඉතා නිවැරදිව සෙවීමට ද්විත්ව උද්ධෘතය භාවිතා කරන්න",
    "query_log_retention_confirm": "විමසුම් ලොගය රඳවා තබා ගැනීම වෙනස් කිරීමට අවශ්‍ය බව ඔබට විශ්වාසද? ඔබ කාල පරතරයෙහි අගය අඩු කළහොත් සමහර දත්ත නැති වී යනු ඇත",
-    "anonymize_client_ip": "අනුග්‍රාහකයෙහි අ.ජා. කෙ. (IP) නිර්නාමික කරන්න",
-    "anonymize_client_ip_desc": "ලොග සහ සංඛ්‍යාලේඛන තුළ අනුග්‍රාහකයේ සම්පූර්ණ අ.ජා. කෙ. ලිපිනය සුරකීමෙන් වලකින්න",
+    "anonymize_client_ip": "අනුග්‍රාහකයෙහි අ.ජා.කෙ. (IP) නිර්නාමික කරන්න",
+    "anonymize_client_ip_desc": "ලොග සහ සංඛ්‍යාලේඛන තුළ අනුග්‍රාහකයේ සම්පූර්ණ අ.ජා.කෙ. ලිපිනය සුරැකීමෙන් වලකින්න",
    "dns_config": "ව.නා.ප. සේවාදායක වින්‍යාසය",
    "dns_cache_config": "ව.නා.ප. නිහිත වින්‍යාසය",
    "dns_cache_config_desc": "මෙහිදී ඔබට ව.නා.ප. නිහිතය වින්‍යාසගත කළ හැකිය",
@@ -219,8 +223,8 @@
    "default": "සුපුරුදු",
    "nxdomain": "නොපවතින වසම",
    "refused": "REFUSED",
-    "null_ip": "අභිශූන්‍යය අ.ජා. කෙ.",
-    "custom_ip": "අභිරුචි අ.ජා. කෙ.",
+    "null_ip": "අභිශූන්‍යය අ.ජා.කෙ.",
+    "custom_ip": "අභිරුචි අ.ජා.කෙ.",
    "blocking_ipv4": "අ.ජා.කෙ.4 අවහිර කිරීම",
    "blocking_ipv6": "අ.ජා.කෙ.6 අවහිර කිරීම",
    "client_id": "අනුග්‍රාහකයේ හැඳුනුම",
@@ -229,15 +233,16 @@
    "plain_dns": "සරල ව.නා.ප.",
    "form_enter_rate_limit": "අනුපාත සීමාව ඇතුල් කරන්න",
    "rate_limit": "අනුපාත සීමාව",
+    "edns_enable": "EDNS අනුග්‍රාහක අනුජාලය සබල කරන්න",
    "rate_limit_desc": "එක් අනුග්‍රාහකයකට ඉඩ දී ඇති තත්පරයට ඉල්ලීම් ගණන. එය 0 ලෙස සැකසීම යනුවෙන් අදහස් කරන්නේ සීමාවක් නැති බවයි.",
    "blocking_ipv4_desc": "අවහිර කළ A ඉල්ලීමක් සඳහා ආපසු එවිය යුතු අ.ජා.කෙ. (IP) ලිපිනය",
    "blocking_ipv6_desc": "අවහිර කළ AAAA ඉල්ලීමක් සඳහා ආපසු එවිය යුතු අ.ජා.කෙ. (IP) ලිපිනය",
    "blocking_mode_default": "පොදු: දැන්වීම් අවහිර කරන ආකාරයේ නීතියක් මගින් අවහිර කළ විට REFUSED සමඟ ප්‍රතිචාර දක්වයි; /etc/host-style ආකාරයේ නීතියක් මගින් අවහිර කළ විට නීතියේ දක්වා ඇති අ.ජා. කෙ. ලිපිනය සමඟ ප්‍රතිචාර දක්වයි",
    "blocking_mode_refused": "REFUSED: REFUSED කේතය සමඟ ප්‍රතිචාර දක්වයි",
-    "blocking_mode_nxdomain": "නොපවතින වසම (NXDOMAIN): NXDOMAIN කේතය සමඟ ප්‍රතිචාර දක්වයි",
-    "blocking_mode_null_ip": "අභිශූන්‍යය අ.ජා. කෙ. : ශුන්‍ය අ.ජා. කෙ. ලිපිනය සමඟ ප්‍රතිචාර දක්වයි (A සඳහා 0.0.0.0; AAAA සඳහා ::)",
+    "blocking_mode_nxdomain": "නොපවතින වසම: NXDOMAIN කේතය සමඟ ප්‍රතිචාර දක්වයි",
+    "blocking_mode_null_ip": "අභිශූන්‍යය අ.ජා.කෙ.: ශුන්‍ය අ.ජා.කෙ. ලිපිනය සමඟ ප්‍රතිචාර දක්වයි (A සඳහා 0.0.0.0; AAAA සඳහා ::)",
    "blocking_mode_custom_ip": "අභිරුචි අන්තර්ජාල කෙටුම්පත: අතින් සැකසූ අ.ජා. කෙ. ලිපිනයක් සමඟ ප්‍රතිචාර දක්වයි",
-    "upstream_dns_client_desc": "ඔබ මෙම ක්ෂේත්‍රය හිස්ව තබා ගන්නේ නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් <0>ව.නා.ප. සැකසුම්</0> හි වින්‍යාසගත කර ඇති සේවාදායකයන් භාවිතා කරනු ඇත.",
+    "upstream_dns_client_desc": "ඔබ මෙම ක්ෂේත්‍රය හිස්ව තබා ගන්නේ නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් <0>ව.නා.ප. සැකසුම්</0> හි වින්‍යාසගත කර ඇති සේවාදායක භාවිතා කරනු ඇත.",
    "tracker_source": "ලුහුබැඳීම් මූලාශ්‍රය",
    "source_label": "මූලාශ්‍රය",
    "found_in_known_domain_db": "දැනුවත් වසම් දත්ත ගබඩාවේ හමු විය.",
@@ -245,61 +250,60 @@
    "rule_label": "නීති(ය)",
    "list_label": "ලැයිස්තුව",
    "unknown_filter": "{{filterId}} නොදන්නා පෙරහනකි",
-    "known_tracker": "දැනුවත් ලුහුබැඳීමක්",
+    "known_tracker": "දැනුවත් ලුහුබැඳීමකි",
    "install_welcome_title": "ඇඩ්ගාර්ඩ් හෝම් වෙත සාදරයෙන් පිළිගනිමු!",
-    "install_welcome_desc": "ඇඩ්ගාර්ඩ් හෝම් යනු ජාලය පුරා ඇති දැන්වීම් සහ ලුහුබැඳීම අවහිර කරන ව.නා.ප. සේවාදායකි. ඔබගේ මුළු ජාලය සහ සියලුම උපාංග පාලනය කිරීමට ඉඩ සලසා දීම එහි පරමාර්ථය යි, එයට අනුග්‍රාහක පාර්ශවීය වැඩසටහනක් භාවිතා කිරීම අවශ්‍ය නොවේ.",
+    "install_welcome_desc": "ඇඩ්ගාර්ඩ් හෝම් යනු ජාලය පුරා ඇති දැන්වීම් සහ ලුහුබැඳීම අවහිර කරන ව.නා.ප. සේවාදායකයකි. ඔබගේ මුළු ජාලය සහ සියළුම උපාංග පාලනය කිරීමට ඉඩ සලසා දීම එහි පරමාර්ථය යි, එයට අනුග්‍රාහක පාර්ශවීය වැඩසටහනක් භාවිතා කිරීම අවශ්‍ය නොවේ.",
    "install_settings_title": "පරිපාලක වියමන අතුරු මුහුණත",
    "install_settings_listen": "සවන් දෙන අතුරු මුහුණත",
    "install_settings_port": "කෙවෙනිය",
-    "install_settings_interface_link": "ඔබගේ ඇඩ්ගාර්ඩ් හෝම් පරිපාලක වියමන අතුරු මුහුණත පහත ලිපිනයන්ගෙන් ප්‍රවේශ විය හැකිය:",
+    "install_settings_interface_link": "ඔබගේ ඇඩ්ගාර්ඩ් හෝම් පරිපාලක වියමන අතුරු මුහුණතට පහත ලිපින වලින් ප්‍රවේශ වීමට හැකිය:",
    "form_error_port": "වලංගු කෙවෙනියක අගයක් යොදන්න",
    "install_settings_dns": "ව.නා.ප. සේවාදායකය",
    "install_settings_dns_desc": "පහත ලිපිනයන්හි ව.නා.ප. සේවාදායකය භාවිතා කිරීම සඳහා ඔබගේ උපාංග හෝ මාර්ගකාරකය වින්‍යාසගත කිරීමට අවශ්‍ය වනු ඇත:",
    "install_settings_all_interfaces": "සියලුම අතුරුමුහුණත්",
    "install_auth_title": "සත්‍යාපනය",
-    "install_auth_desc": "ඔබගේ ඇඩ්ගාර්ඩ් හෝම් පරිපාලක වියමන අතුරු මුහුණතට මුරපද සත්‍යාපනය වින්‍යාසගත කිරීම අතිශයින් නිර්දේශ කෙරේ. එය ඔබගේ ස්ථානීය ජාල‌යෙන් පමණක් ප්‍රවේශ විය හැකි වුවද, එය තව දුරටත් සීමා රහිත ප්‍රවේශයකින් ආරක්ෂා කර ගැනීම වැදගත් ය.",
+    "install_auth_desc": "ඔබගේ ඇඩ්ගාර්ඩ් හෝම් පරිපාලන වියමන අතුරු මුහුණතට මුරපද සත්‍යාපනය වින්‍යාසගත කළ යුතුය. එය ඔබගේ ස්ථානීය ජාල‌යෙන් පමණක් ප්‍රවේශ විය හැකි වුවද, එය තව දුරටත් සීමා රහිත ප්‍රවේශයකින් ආරක්ෂා කර ගැනීම වැදගත් ය.",
    "install_auth_username": "පරිශීලක නාමය",
    "install_auth_password": "මුරපදය",
    "install_auth_confirm": "මුරපදය තහවුරු කරන්න",
-    "install_auth_username_enter": "පරිශීලක නාමය ඇතුල් කරන්න",
+    "install_auth_username_enter": "පරිශීලක නාමය යොදන්න",
    "install_auth_password_enter": "මුරපදය ඇතුල් කරන්න",
    "install_step": "පියවර",
    "install_devices_title": "ඔබගේ උපාංග වින්‍යාසගත කරන්න",
-    "install_devices_desc": "ඇඩ්ගාර්ඩ් හෝම් භාවිතා කිරීම ආරම්භයට, ඔබගේ උපාංග එය පරිශ්‍රීලනයට වින්‍යාසගත කිරීම අවශ්‍ය වේ.",
+    "install_devices_desc": "ඇඩ්ගාර්ඩ් හෝම් භාවිතා කිරීම ආරම්භයට, ඔබගේ උපාංග එය පරිශ්‍රීලනයට වින්‍යාසගත කළ යුතුය.",
    "install_submit_title": "සුභ පැතුම්!",
    "install_submit_desc": "පිහිටුවීමේ ක්‍රියා පටිපාටිය අවසන් වී ඇති අතර ඔබ දැන් ඇඩ්ගාර්ඩ් හෝම් භාවිතය ආරම්භ කිරීමට සූදානම්ය.",
    "install_devices_router": "මාර්ගකාරකය",
    "install_devices_router_desc": "මෙම පිහිටුම ඔබගේ නිවසේ මාර්ගකාරකයට සම්බන්ධ සියලුම උපාංග ස්වයංක්‍රීයව ආවරණය කරන අතර ඔබට ඒ සෑම එකක්ම අතින් වින්‍යාසගත කිරීමට අවශ්‍ය නොවේ.",
    "install_devices_address": "ඇඩ්ගාර්ඩ් හෝම් ව.නා.ප. සේවාදායකය පහත ලිපිනයන්ට සවන් දෙමින් පවතී",
-    "install_devices_router_list_2": "ග.ධා.වි.කෙ. (DHCP)/ ව.නා.ප. (DNS) සැකසුම් සොයා ගන්න. ඉලක්කම් කට්ටල දෙකකට හෝ තුනකට ඉඩ දෙන ක්ෂේත්‍රයක් අසල ඇති ව.නා.ප. අක්ෂර සොයන්න, සෑම එකක්ම ඉලක්කම් එකේ සිට තුන දක්වා කාණ්ඩ හතරකට බෙදා ඇත.",
+    "install_devices_router_list_2": "ග.ධා.වි.කෙ. (DHCP)/ ව.නා.ප. (DNS) සැකසුම් සොයා ගන්න. අංක කට්ටල දෙකකට හෝ තුනකට ඉඩ දෙන ක්ෂේත්‍රයක් අසල ඇති ව.නා.ප. අකුරු බලන්න, සෑම එකක්ම ඉලක්කම් එකේ සිට තුන දක්වා කාණ්ඩ හතරකට බෙදා ඇත.",
    "install_devices_router_list_3": "ඔබගේ ඇඩ්ගාර්ඩ් හෝම් සේවාදායක ලිපින එහි ඇතුල් කරන්න.",
-    "install_devices_router_list_4": "ඔබට සමහර වර්ගයේ මාර්ගකාරකය වල අභිරුචි ව.නා.ප. සේවාදායකයක් සැකසිය නොහැක. මෙම අවස්ථාවේදී ඇඩ්ගාර්ඩ් හෝම් <0>ග.ධා.වි.කෙ. සේවාදායකයක්</0> ලෙස පිහිටුවන්නේ නම් එය උපකාර වනු ඇත. එසේ නොමැතිනම්, ඔබගේ විශේෂිත මාර්ගකාරක මාදිළිය සඳහා වූ ව.නා.ප. සේවාදායකයන් රිසිකරණය කරන්නේ කෙසේද යන්න පිළිබඳ අත්පොත පරීක්ෂා කළ යුතුය.",
-    "install_devices_windows_list_1": "ආරම්භක මෙනුව හෝ වින්ඩෝස් සෙවුම හරහා පාලක පැනලය විවෘත කරන්න.",
+    "install_devices_router_list_4": "සමහර වර්ගයේ මාර්ගකාරක වල අභිරුචි ව.නා.ප. සේවාදායකයක් සැකසීමට නොහැකිය. මෙම අවස්ථාවේදී ඇඩ්ගාර්ඩ් හෝම් <0>ග.ධා.වි.කෙ. සේවාදායකයක්</0> ලෙස පිහිටුවන්නේ නම් එය උපකාර වනු ඇත. එසේ නැතිනම්, ඔබගේ විශේෂිත මාර්ගකාරකය සඳහා වූ ව.නා.ප. සේවාදායක රිසිකරණය කරන්නේ කෙසේද යන්න පිළිබඳ අත්පොත පරීක්‍ෂා කළ යුතුය.",
    "install_devices_windows_list_2": "ජාල සහ අන්තර්ජාල ප්‍රවර්ගයට ගොස් පසුව ජාල සහ බෙදාගැනීමේ මධ්‍යස්ථානය වෙත යන්න.",
-    "install_devices_windows_list_3": "උපයුක්තක‌‌‌යෙහි සැකසුම් වෙනස් කිරීම තිරයේ වම් පසින් සොයාගෙන එය මත ක්ලික් කරන්න.",
+    "install_devices_windows_list_3": "\"උපයුක්තක‌‌‌යෙහි සැකසුම් වෙනස් කිරීම\" තිරයේ වම් පසින් සොයාගෙන එය මත ඔබන්න.",
    "install_devices_windows_list_4": "ඔබගේ ක්‍රියාකාරී සම්බන්ධතාවය තෝරන්න, එය මත දකුණු-ක්ලික් කර ගුණාංග තෝරන්න.",
-    "install_devices_windows_list_5": "ලැයිස්තුවේ ඇති අන්තර්ජාල කෙටුම්පත් අනුවාදය 4 (TCP/IP) සොයාගෙන එය තෝරා ඉන්පසු ගුණාංග මත නැවත ක්ලික් කරන්න.",
-    "install_devices_windows_list_6": "'පහත සඳහන් ව.නා.ප. සේවාදායක ලිපින භාවිතා කරන්න' යන්න තෝරා ඔබගේ ඇඩ්ගාර්ඩ් හෝම් සේවාදායක ලිපින ඇතුළත් කරන්න.",
-    "install_devices_macos_list_1": "ඇපල් අයිකනය මත ක්ලික් කර පද්ධති මනාපයන් වෙත යන්න.",
-    "install_devices_macos_list_2": "ජාලය මත ක්ලික් කරන්න.",
-    "install_devices_macos_list_3": "ඔබගේ ලැයිස්තුවේ පළමු සම්බන්ධතාවය තෝරා උසස් මත ක්ලික් කරන්න.",
+    "install_devices_windows_list_5": "ලැයිස්තුවෙන් \"අන්තර්ජාල කෙටුම්පත් අනුවාදය 4 (TCP/IPv4)\" (හෝ, IPv6 සඳහා, \"අන්තර්ජාල කෙටුම්පත් අනුවාදය 6 (TCP/IPv6)\") සොයාගෙන එය තෝරා ඉන්පසු ගුණාංග මත නැවත ඔබන්න.",
+    "install_devices_windows_list_6": "'පහත සඳහන් ව.නා.ප. සේවාදායක ලිපින භාවිතා කරන්න' යන්න තෝරා ඔබගේ ඇඩ්ගාර්ඩ් හෝම් සේවාදායක ලිපින ඇතුල් කරන්න.",
+    "install_devices_macos_list_1": "ඇපල් නිරූපකය එබීමෙන් පසු පද්ධතියේ මනාප වෙත යන්න.",
+    "install_devices_macos_list_2": "ජාලය මත ඔබන්න.",
+    "install_devices_macos_list_3": "ඔබගේ ලැයිස්තුවේ පළමු සම්බන්ධතාවය තෝරා වැඩිදුර යන්න ඔබන්න.",
    "install_devices_macos_list_4": "ව.නා.ප. (DNS) තීරුව තෝරා ඔබගේ ඇඩ්ගාර්ඩ් හෝම් සේවාදායක ලිපින ඇතුල් කරන්න.",
    "install_devices_android_list_1": "ඇන්ඩ්‍රොයිඩ් මෙනුවෙහි මුල් තිරයෙන්, සැකසීම් මත තට්ටු කරන්න.",
    "install_devices_android_list_2": "මෙනුවේ වයි-ෆයි මත තට්ටු කරන්න. පවතින සියලුම ජාල ලැයිස්තුගත කර ඇති තිරය පෙන්වනු ඇත (ජංගම සම්බන්ධතාවය සඳහා අභිරුචි ව.නා.ප. සැකසිය නොහැක).",
-    "install_devices_android_list_3": "ඔබ සම්බන්ධ වී ඇති ජාලය මත දිගු වේලාවක් ඔබන්න, ඉන්පසුව ජාලය වෙනස් කිරීම මත තට්ටු කරන්න.",
-    "install_devices_android_list_4": "ඔබට සමහර උපාංගවල වැඩිදුර සැකසුම් බැලීමට \"උසස්\" සඳහා වූ කොටුව සලකුණු කිරීමට අවශ්‍ය විය හැකිය. එමෙන්ම ඔබගේ ඇන්ඩ්‍රොයිඩ් ව.නා.ප. (DNS) සැකසුම් වෙනස් කිරීමට අ.ජා. කෙ. (IP) සැකසුම්, ග.ධා.වි.කෙ. (DHCP) සිට ස්ථිතික වෙත මාරු කළ යුතුය.",
+    "install_devices_android_list_3": "සම්බන්ධිත ජාලය මත දිගු වේලාවක් ඔබන්න, ඉන්පසුව ජාලය වෙනස් කිරීම මත තට්ටු කරන්න.",
+    "install_devices_android_list_4": "ඔබට සමහර උපාංගවල සියළු සැකසුම් බැලීමට \"වැඩිදුර\" සඳහා වූ කොටුව සලකුණු කිරීමට අවශ්‍ය විය හැකිය. එමෙන්ම ඔබගේ ඇන්ඩ්‍රොයිඩ් ව.නා.ප. (DNS) සැකසුම් වෙනස් කිරීමට අ.ජා.කෙ. (IP) සැකසුම්, ග.ධා.වි.කෙ. (DHCP) සිට ස්ථිතික වෙත මාරු කළ යුතුය.",
    "install_devices_android_list_5": "ව.නා.ප. 1 සහ ව.නා.ප. 2 පිහිටුවීම් අගයන් ඔබගේ ඇඩ්ගාර්ඩ් හෝම් සේවාදායක ලිපින වලට වෙනස් කරන්න.",
    "install_devices_ios_list_1": "මුල් තිරයේ සිට, සැකසුම් මත තට්ටු කරන්න.",
-    "install_devices_ios_list_2": "වම්පස මෙනුවෙහි වයි-ෆයි තෝරන්න (ජංගම දුරකථන සඳහා ව.නා.ප. වින්‍යාසගත කිරීමට නොහැකිය).",
+    "install_devices_ios_list_2": "වම්පස මෙනුවෙහි වයි-ෆයි තෝරන්න (ජං. දු.ක. සඳහා ව.නා.ප. වින්‍යාසගත කිරීමට නොහැකිය).",
    "install_devices_ios_list_3": "දැනට ක්‍රියාකාරී ජාලයයහෙි නම මත තට්ටු කරන්න.",
    "install_devices_ios_list_4": "ව.නා.ප. (DNS) ක්ෂේත්‍රය තුළ ඔබගේ ඇඩ්ගාර්ඩ් හෝම් සේවාදායක ලිපින ඇතුල් කරන්න.",
-    "get_started": "ආරම්භ කර ගන්න",
+    "get_started": "පටන් ගන්න",
    "next": "ඊළඟ",
    "open_dashboard": "උපකරණ පුවරුව විවෘත කරන්න",
    "install_saved": "සාර්ථකව සුරකින ලදි",
-    "encryption_title": "සංකේතාංකනය",
+    "encryption_title": "සංකේතනය",
    "encryption_desc": "ගුප්තකේතනය (HTTPS/TLS) සඳහා ව.නා.ප. සහ පරිපාලක වියමන අතුරු මුහුණත සහය දක්වයි",
-    "encryption_config_saved": "සංකේතාංකන වින්‍යාසය සුරකින ලදි",
+    "encryption_config_saved": "සංකේතන වින්‍යාසය සුරකින ලදි",
    "encryption_server": "සේවාදායක‌‌‌‌යේ නම",
    "encryption_server_enter": "ඔබගේ වසම් නාමය ඇතුල් කරන්න",
    "encryption_redirect": "ස්වයංක්‍රීයව HTTPS වෙත හරවා යවන්න",
@@ -311,13 +315,13 @@
    "encryption_doq": "DNS-over-QUIC කෙවෙනිය",
    "encryption_doq_desc": "මෙම කෙවෙනිය වින්‍යාසගත කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් මෙම කෙවෙනිය හරහා DNS-over-QUIC සේවාදායකයක් ධාවනය කරනු ඇත. එය පර්යේෂණාත්මක වන අතර විශ්වාසදායක නොවිය හැකිය. එසේම, මේ වන විට එයට සහාය දක්වන බොහෝ අනුග්‍රාහකයින් නැත.",
    "encryption_certificates": "සහතික",
-    "encryption_certificates_input": "ඔබගේ PEM-කේතාංකනය කළ සහතික පිටපත් කර මෙහි අලවන්න.",
-    "encryption_status": "තත්ත්වය",
+    "encryption_certificates_input": "ඔබගේ PEM-කේතනය කළ සහතික පිටපත් කර මෙහි අලවන්න.",
+    "encryption_status": "තත්වය",
    "encryption_expire": "කල් ඉකුත් වීම",
    "encryption_key": "පුද්ගලික යතුර",
-    "encryption_key_input": "ඔබගේ සහතිකය සඳහා PEM-කේතාංකනය කළ පුද්ගලික යතුර පිටපත් කර මෙහි අලවන්න.",
-    "encryption_enable": "සංකේතාංකනය සබල කරන්න (HTTPS, DNS-over-HTTPS සහ DNS-over-TLS)",
-    "encryption_enable_desc": "සංකේතාංකනය සබල කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් පරිපාලක අතුරුමුහුණත HTTPS හරහා ක්‍රියා කරනු ඇති අතර ව.නා.ප. සේවාදායකය DNS-over-HTTPS සහ DNS-over-TLS හරහා ලැබෙන ඉල්ලීම් සඳහා සවන් දෙනු ඇත.",
+    "encryption_key_input": "ඔබගේ සහතිකය සඳහා PEM-කේතනය කළ පුද්ගලික යතුර පිටපත් කර මෙහි අලවන්න.",
+    "encryption_enable": "සංකේතනය සබල කරන්න (HTTPS, DNS-over-HTTPS සහ DNS-over-TLS)",
+    "encryption_enable_desc": "සංකේතනය සබල කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් පරිපාලක අතුරුමුහුණත HTTPS හරහා ක්‍රියා කරනු ඇති අතර ව.නා.ප. සේවාදායකය DNS-over-HTTPS සහ DNS-over-TLS හරහා ලැබෙන ඉල්ලීම් සඳහා සවන් දෙනු ඇත.",
    "encryption_chain_valid": "සහතික දාමය වලංගු ය",
    "encryption_chain_invalid": "සහතික දාමය වලංගු නොවේ",
    "encryption_key_valid": "මෙය වලංගු {{type}} පුද්ගලික යතුරකි",
@@ -326,26 +330,26 @@
    "encryption_issuer": "නිකුත් කරන්නා",
    "encryption_hostnames": "ධාරක නාම",
    "encryption_reset": "සංකේතාංකන සැකසුම් යළි පිහිටුවීමට අවශ්‍ය බව ඔබට විශ්වාස ද?",
-    "topline_expiring_certificate": "ඔබගේ SSL සහතිකය කල් ඉකුත්වීමට ආසන්න වී ඇත. <0>සංකේතාංකන සැකසුම්</0> යාවත්කාල කරන්න.",
-    "topline_expired_certificate": "ඔබගේ SSL සහතිකය කල් ඉකුත් වී ඇත. <0>සංකේතාංකන සැකසුම්</0> යාවත්කාල කරන්න.",
+    "topline_expiring_certificate": "ඔබගේ SSL සහතිකය කල් ඉකුත්වීමට ආසන්න වී ඇත. <0>සංකේතන සැකසුම්</0> යාවත්කාල කරන්න.",
+    "topline_expired_certificate": "ඔබගේ SSL සහතිකය කල් ඉකුත් වී ඇත. <0>සංකේතන සැකසුම්</0> යාවත්කාල කරන්න.",
    "form_error_port_range": "80-65535 පරාසය හි කෙවෙනියක අගයක් ඇතුල් කරන්න",
    "form_error_port_unsafe": "මෙය අනාරක්ෂිත කෙවෙනියකි",
    "form_error_equal": "සමාන නොවිය යුතුය",
-    "form_error_password": "මුරපදය නොගැලපුුුුුුණි",
+    "form_error_password": "මුරපදය නොගැලපුණි",
    "reset_settings": "සැකසුම් යළි පිහිටුවන්න",
-    "update_announcement": "ඇඩ්ගාර්ඩ් හෝම් {{version}} දැන් ලබා ගත හැකිය! වැඩි විස්තර සඳහා <0>මෙහි ක්ලික් කරන්න</0>.",
+    "update_announcement": "ඇඩ්ගාර්ඩ් හෝම් {{version}} දැන් ලබා ගත හැකිය! වැඩි විස්තර සඳහා <0>මෙය ඔබන්න</0>.",
    "setup_guide": "පිහිටුවීමේ මාර්ගෝපදේශය",
    "dns_addresses": "ව.නා.ප. ලිපින",
-    "dns_start": "ව.නා.ප. සේවාදායකය ආරම්භ වෙමින් පවතී",
-    "dns_status_error": "ව.නා.ප. සේවාදායකයේ තත්වය පරීක්ෂා කිරීමේදී දෝෂයකි",
-    "down": "පහත",
-    "fix": "නිරාකරණය කරන්න",
+    "dns_start": "ව.නා.ප. සේවාදායකය ආරම්භ වෙමින්",
+    "dns_status_error": "ව.නා.ප. සේවාදායකයේ තත්වය පරීක්‍ෂා කිරීමේදී දෝෂයකි",
+    "down": "බිඳ වැටී",
+    "fix": "නිරාකරණය",
    "dns_providers": "මෙහි තෝරා ගැනීමට <0>දැනුවත් ව.නා.ප. සපයන්නන්ගේ ලැයිස්තුවක්</0> ඇත.",
-    "update_now": "දැන් \tයාවත්කාල කරන්න",
-    "update_failed": "ස්වයංක්‍රීය යාවත්කාල කිරීම අසාර්ථක විය. අතින් යාවත්කාල කිරීමට කරුණාකර <a>පියවර අනුගමනය කරන්න</a>.",
-    "processing_update": "කරුණාකර රැඳී සිටින්න, ඇඩ්ගාර්ඩ් හෝම් යාවත්කාලීන වෙමින් පවතී",
-    "clients_title": "අනුග්‍රාහකයන්",
-    "clients_desc": "ඇඩ්ගාර්ඩ් හෝම් වෙත සම්බන්ධ කර ඇති උපාංග වින්‍යාසගත කරන්න",
+    "update_now": "යාවත්කාල කරන්න",
+    "update_failed": "ස්වයං යාවත්කාලය අසමත් විය. අතින් යාවත්කාල කිරීමට කරුණාකර <a>පියවර අනුගමනය කරන්න</a>.",
+    "processing_update": "රැඳී සිටින්න, ඇඩ්ගාර්ඩ් හෝම් යාවත්කාල වෙමින්",
+    "clients_title": "අනුග්‍රාහක",
+    "clients_desc": "ඇඩ්ගාර්ඩ් හෝම් වෙත සම්බන්ධිත උපාංග වින්‍යාසගත කරන්න",
    "settings_global": "ගෝලීය",
    "settings_custom": "අභිරුචි",
    "table_client": "අනුග්‍රාහකය",
@@ -353,24 +357,24 @@
    "save_btn": "සුරකින්න",
    "client_add": "අනුග්‍රාහකයක් එකතු කරන්න",
    "client_new": "නව අනුග්‍රාහකය",
-    "client_edit": "අනුග්‍රාහකය සංස්කරණය කරන්න",
+    "client_edit": "අනුග්‍රාහකය සංස්කරණය",
    "client_identifier": "හඳුන්වනය",
-    "ip_address": "අ.ජා. කෙ. (IP) ලිපිනය",
-    "form_enter_ip": "අ.ජා. කෙ. (IP) ඇතුල් කරන්න",
-    "form_enter_subnet_ip": "\"{{cidr}}\" අනුජාලයෙහි අ.ජා. කෙ. ලිපිනයක් යොදන්න.",
-    "form_enter_mac": "මා.ප්‍ර.පා. (MAC) ඇතුල් කරන්න",
+    "ip_address": "අ.ජා.කෙ. ලිපිනය",
+    "form_enter_ip": "අ.ජා.කෙ. (IP) ඇතුල් කරන්න",
+    "form_enter_subnet_ip": "\"{{cidr}}\" අනුජාලයෙහි අ.ජා.කෙ. ලිපිනයක් යොදන්න.",
+    "form_enter_mac": "මා.ප්‍ර.පා. (MAC) යොදන්න",
    "form_enter_id": "හඳුන්වනය ඇතුල් කරන්න",
    "form_add_id": "හඳුන්වනයක් එකතු කරන්න",
    "form_client_name": "අනුග්‍රාහකයේ නම ඇතුල් කරන්න",
    "name": "නම",
    "client_global_settings": "ගෝලීය සැකසුම් භාවිතා කරන්න",
-    "client_deleted": "\"{{key}}\" අනුග්‍රාහකය සාර්ථකව ඉවත් කරන ලදි",
-    "client_added": "\"{{key}}\" අනුග්‍රාහකය සාර්ථකව එකතු කරන ලදි",
-    "client_updated": "\"{{key}}\" අනුග්‍රාහකය සාර්ථකව යාවත්කාල කරන ලදි",
-    "clients_not_found": "අනුග්‍රාහකයින් හමු නොවිණි",
+    "client_deleted": "\"{{key}}\" අනුග්‍රාහකය සාර්ථකව ඉවත් කෙරිණි",
+    "client_added": "\"{{key}}\" අනුග්‍රාහකය සාර්ථකව එකතු කෙරිණි",
+    "client_updated": "\"{{key}}\" අනුග්‍රාහකය සාර්ථකව යාවත්කාල කෙරිණි",
+    "clients_not_found": "අනුග්‍රාහක හමු නොවිණි",
    "client_confirm_delete": "\"{{key}}\" අනුග්‍රාහකය ඉවත් කිරීමට අවශ්‍ය බව ඔබට විශ්වාසද?",
    "list_confirm_delete": "මෙම ලැයිස්තුව ඉවත් කිරීමට අවශ්‍ය බව ඔබට විශ්වාස ද?",
-    "auto_clients_desc": "ඇඩ්ගාර්ඩ් හෝම් භාවිතා කරන අනුග්‍රාහකයන්‌ගේ දත්ත, නමුත් වින්‍යාසය තුළ ගබඩා කර නොමැති",
+    "auto_clients_desc": "ඇඩ්ගාර්ඩ් හෝම් භාවිතා කරන අනුග්‍රාහක දත්ත, නමුත් වින්‍යාසය තුළ ගබඩා කර නැති",
    "access_title": "ප්‍රවේශවීමට සැකසුම්",
    "access_desc": "මෙහිදී ඔබට ඇඩ්ගාර්ඩ් හෝම් ව.නා.ප. සේවාදායකය සඳහා ප්‍රවේශ වී‌‌‌‌මේ නීති වින්‍යාසගත කළ හැකිය.",
    "access_allowed_title": "ඉඩ ලත් අනුග්‍රාහකයින්",
@@ -379,42 +383,42 @@
    "access_disallowed_desc": "CIDR හෝ අ.ජා. කෙ. ලිපින ලැයිස්තුවක් වින්‍යාසගත කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් එම අ.ජා. කෙ. ලිපින වලින් ඉල්ලීම් අත්හරිනු ඇත.",
    "access_blocked_title": "නොඉඩ ලත් වසම්",
    "access_settings_saved": "ප්‍රවේශ වීමේ සැකසුම් සාර්ථකව සුරකින ලදි",
-    "updates_checked": "යාවත්කාලීන කිරීම් සාර්ථකව පරික්ෂා කර ඇත",
+    "updates_checked": "යාවත්කාල සාර්ථකව පරික්‍ෂා කෙරිණි",
    "updates_version_equal": "ඇඩ්ගාර්ඩ් හෝම් යාවත්කාලීනයි",
-    "check_updates_now": "යාවත්කාල කිරීම සඳහා දැන් පරීක්ෂා කරන්න",
+    "check_updates_now": "දැන් යාවත්කාල පරීක්‍ෂා කරන්න",
    "dns_privacy": "ව.නා.ප. රහස්‍යතා",
    "setup_dns_privacy_3": "<0>මෙහි ඔබට භාවිතා කළ හැකි මෘදුකාංග ලැයිස්තුවක් ඇත.</0>",
    "setup_dns_privacy_other_title": "වෙනත් ක්‍රියාවට නැංවූ දෑ",
-    "setup_dns_privacy_other_2": "<0>ඩීඑන්එස්ප්‍රොක්සි</0> දන්නා සියලුම ආරක්ෂිත ව.නා.ප. කෙටුම්පත් සඳහා සහාය දක්වයි.",
+    "setup_dns_privacy_other_2": "<0>ඩීඑන්එස්ප්‍රොක්සි</0> දන්නා සියලුම ආරක්‍ෂිත ව.නා.ප. කෙටුම්පත් සඳහා සහාය දක්වයි.",
    "setup_dns_privacy_other_3": "<1>DNS-over-HTTPS</1> සඳහා <0>dnscrypt-පෙරකලාසිය</0> සහාය දක්වයි.",
    "setup_dns_privacy_other_4": "<1>DNS-over-HTTPS</1> සඳහා <0>මොසිල්ලා ෆයර්ෆොක්ස්</0> සහාය දක්වයි.",
    "setup_dns_privacy_other_5": "<0>මෙහි</0> සහ <1>මෙහි</1> තවත් ක්‍රියාවට නැංවූ දෑ ඔබට හමුවනු ඇත.",
    "setup_dns_privacy_ioc_mac": "අයිඕඑස් සහ මැක්ඕඑස් වින්‍යාසය",
-    "setup_dns_notice": "ඔබට <1>DNS-over-HTTPS</1> හෝ <1>DNS-over-TLS</1> භාවිතා කිරීම සඳහා ඇඩ්ගාර්ඩ් හෝම් සැකසුම් තුළ <0>සංකේතාංකනය වින්‍යාසගත</0> කිරීමට අවශ්‍ය වේ.",
-    "rewrite_added": "\"{{key}}\" සඳහා ව.නා.ප. නැවත ලිවීම සාර්ථකව එකතු කරන ලදි",
+    "setup_dns_notice": "ඔබට <1>DNS-over-HTTPS</1> හෝ <1>DNS-over-TLS</1> භාවිතයට ඇඩ්ගාර්ඩ් හෝම් සැකසුම් තුළ <0>සංකේතනය වින්‍යාසගත</0> කිරීමට ඇවැසිය.",
+    "rewrite_added": "\"{{key}}\" සඳහා ව.නා.ප. නැවත ලිවීම සාර්ථකව එකතු කෙරිණි",
    "rewrite_add": "ව.නා.ප. නැවත ලිවීමක් එකතු කරන්න",
-    "rewrite_not_found": "ව.නා.ප. නැවත ලිවීම් හමු නොවීය",
+    "rewrite_not_found": "ව.නා.ප. නැවත ලිවීම් හමු නොවිණි",
    "rewrite_confirm_delete": "\"{{key}}\" සඳහා ව.නා.ප. නැවත ලිවීම ඉවත් කිරීමට අවශ්‍ය බව ඔබට විශ්වාසද?",
-    "rewrite_desc": "විශේෂිත වසම් නාමයක් සඳහා අභිරුචි ව.නා.ප. ප්‍රතිචාර පහසුවෙන් වින්‍යාසගත කිරීමට ඉඩ දෙයි.",
+    "rewrite_desc": "නිශ්චිත වසම් නාමයක් සඳහා අභිරුචි ව.නා.ප. ප්‍රතිචාර පහසුවෙන් වින්‍යාසගත කිරීමට ඉඩ දෙයි.",
    "rewrite_applied": "නැවත ලිවීමේ නීතිය යොදා ඇත",
    "rewrite_hosts_applied": "ධාරක ගොනු නීතිය මගින් නැවත ලියා ඇත",
    "dns_rewrites": "ව.නා.ප. නැවත ලිවීම්",
-    "form_answer": "අ.ජා. කෙ. (IP) ලිපිනය ‌හෝ වසම ඇතුල් කරන්න ",
+    "form_answer": "අ.ජා.කෙ. (IP) ලිපිනය ‌හෝ වසම ඇතුල් කරන්න ",
    "form_error_domain_format": "වලංගු නොවන වසම් ආකෘතියකි",
-    "form_error_answer_format": "වලංගු නොවන පිළිතුරු ආකෘතියකි",
+    "form_error_answer_format": "වලංගු නොවන උත්තර ආකෘතියකි",
    "configure": "වින්‍යාසගත කරන්න",
    "main_settings": "ප්‍රධාන සැකසුම්",
-    "block_services": "විශේෂිත සේවාවන් අවහිර කරන්න",
-    "blocked_services": "අවහිර කළ සේවාවන්",
-    "blocked_services_desc": "ජනප්‍රිය අඩවි සහ සේවාවන් ඉක්මනින් අවහිර කිරීමට ඉඩ දෙයි.",
-    "blocked_services_saved": "අවහිර කළ සේවාවන් සාර්ථකව සුරකින ලදි",
-    "blocked_services_global": "ගෝලීය අවහිර කළ සේවාවන් භාවිතා කරන්න",
+    "block_services": "නිශ්චිත සේවා අවහිර කරන්න",
+    "blocked_services": "අවහිර කළ සේවා",
+    "blocked_services_desc": "ජනප්‍රිය අඩවි සහ සේවා ඉක්මනින් අවහිර කිරීමට ඉඩ දෙයි.",
+    "blocked_services_saved": "අවහිර කළ සේවා සාර්ථකව සුරකින ලදි",
+    "blocked_services_global": "ගෝලීය අවහිර කළ සේවා භාවිතා කරන්න",
    "blocked_service": "අවහිර කළ සේවාව",
    "block_all": "සියල්ල අවහිර",
    "unblock_all": "සියල්ල අනවහිර",
    "encryption_certificate_path": "සහතිකයේ මාර්ගය",
    "encryption_private_key_path": "පුද්ගලික යතුරෙහි මාර්ගය",
-    "encryption_certificates_source_path": "සහතික ගොනු‌ව‌ෙහි මාර්ගය සකසන්න",
+    "encryption_certificates_source_path": "සහතික ගොනු‌ව‌ක මාර්ගය සකසන්න",
    "encryption_certificates_source_content": "සහතිකවල අන්තර්ගත අලවන්න",
    "encryption_key_source_path": "පුද්ගලික යතුරක ගොනුවක් සකසන්න",
    "encryption_key_source_content": "පුද්ගලික යතු‌රෙහි අන්තර්ගත අලවන්න",
@@ -422,20 +426,21 @@
    "config_successfully_saved": "වින්‍යාසය සාර්ථකව සුරකින ලදි",
    "interval_6_hour": "පැය 6",
    "interval_24_hour": "පැය 24",
-    "interval_days": "{{count}} දිනය",
-    "interval_days_plural": "දින {{count}}",
+    "interval_days": "දවස් {{count}}",
+    "interval_days_plural": "දවස් {{count}}",
    "domain": "වසම",
-    "answer": "පිළිතුර",
-    "filter_added_successfully": "පෙරහන සාර්ථකව එකතු කරන ලදි",
-    "filter_removed_successfully": "ලැයිස්තුව සාර්ථකව ඉවත් කරන ලදි",
-    "filter_updated": "ලැයිස්තුව සාර්ථකව යාවත්කාලීන කර ඇත",
+    "answer": "උත්තරය",
+    "filter_added_successfully": "පෙරහන සාර්ථකව එකතු කෙරිණි",
+    "filter_removed_successfully": "ලැයිස්තුව සාර්ථකව ඉවත් කෙරිණි",
+    "filter_updated": "ලැයිස්තුව සාර්ථකව යාවත්කාල කෙරිණි",
    "statistics_configuration": "සංඛ්‍යාලේඛන වින්‍යාසය",
    "statistics_retention": "සංඛ්‍යාලේඛන රඳවා තබා ගැනීම",
    "statistics_retention_desc": "ඔබ කාල පරතරය අඩු කළහොත් සමහර දත්ත නැති වනු ඇත",
    "statistics_clear": " සංඛ්‍යාලේඛන ඉවත් කරන්න",
    "statistics_clear_confirm": "සංඛ්‍යාලේඛන ඉවත් කිරීමට අවශ්‍ය බව ඔබට විශ්වාස ද?",
    "statistics_retention_confirm": "සංඛ්‍යාලේඛන රඳවා තබා ගැනීම වෙනස් කිරීමට අවශ්‍ය බව ඔබට විශ්වාසද? ඔබ කාල පරතරයෙහි අගය අඩු කළහොත් සමහර දත්ත නැති වී යනු ඇත",
-    "statistics_cleared": "සංඛ්‍යාලේඛන සාර්ථකව ඉවත් කරන ලදි",
+    "statistics_cleared": "සංඛ්‍යාලේඛන සාර්ථකව ඉවත් කෙරිණි",
+    "statistics_enable": "සංඛ්‍යාලේඛන සබල කරන්න",
    "interval_hours": "පැය {{count}}",
    "interval_hours_plural": "පැය {{count}}",
    "filters_configuration": "පෙරහන් වින්‍යාසය",
@@ -443,7 +448,7 @@
    "filters_interval": "පෙරහන් යාවත්කාල කාල පරතරය",
    "disabled": "අබල කර ඇත",
    "username_label": "පරිශීලක නාමය",
-    "username_placeholder": "පරිශීලක නාමය ඇතුල් කරන්න",
+    "username_placeholder": "පරිශීලක නාමය යොදන්න",
    "password_label": "මුරපදය",
    "password_placeholder": "මුරපදය ඇතුල් කරන්න",
    "sign_in": "පුරන්න",
@@ -454,89 +459,91 @@
    "orgname": "සංවිධානයේ නම",
    "netname": "ජාල‌යේ  නම",
    "network": "ජාලය",
-    "descr": "විස්තරය",
+    "descr": "සවිස්තරය",
    "whois": "Whois",
    "filtering_rules_learn_more": "ඔබගේ ම ධාරක ලැයිස්තු සෑදීම පිළිබඳව <0>තව දැනගන්න</0>.",
-    "blocked_by_response": "ප්‍රතිචාරය අන්. නාමයක් (CNAME) හෝ අ.ජා. කෙ. මගින් අවහිර කර ඇත",
-    "blocked_by_cname_or_ip": "අන්. නාමයක් (CNAME) හෝ අ.ජා. කෙ. මගින් අවහිර කර ඇත",
-    "try_again": "නැවත උත්සහා කරන්න",
+    "blocked_by_response": "ප්‍රතිචාරය අන්. නාමයක් (CNAME) හෝ අ.ජා.කෙ. මගින් අවහිර කර ඇත",
+    "blocked_by_cname_or_ip": "අන්. නාමයක් (CNAME) හෝ අ.ජා.කෙ. මගින් අවහිර කර ඇත",
+    "try_again": "යළි උත්සාහය",
    "example_rewrite_domain": "මෙම වසම් නාමය සඳහා පමණක් ප්‍රතිචාර නැවත ලියන්න.",
-    "example_rewrite_wildcard": "<0>example.org</0> සහ එහි සියලුම උප වසම් සඳහා ප්‍රතිචාර නැවත ලියයි.",
-    "rewrite_ip_address": "අ.ජා. කෙ. ලිපිනය: මෙම අ.ජා. කෙටුම්පත A හෝ AAAA ප්‍රතිචාරයකට භාවිතා කරන්න",
-    "rewrite_domain_name": "වසම් නාමය: අන්. නා. (CNAME) වාර්තාවක් එක් කරන්න",
-    "disable_ipv6": "IPv6 ලිපින විසඳීම අබල කරන්න",
-    "disable_ipv6_desc": "අ.ජා.කෙ. අනු. 6 ලිපින (AAAA වර්ගය) සඳහා වන සියලුම ව.නා.ප. විමසුම් අතහැර දමනු ලැබේ.",
+    "example_rewrite_wildcard": "<0>උදාහරණය.ලංකා</0> සහ එහි සියළුම උප වසම් සඳහා ප්‍රතිචාර නැවත ලියයි.",
+    "rewrite_ip_address": "අ.ජා.කෙ. ලිපිනය: මෙම අ.ජා.කෙ. A හෝ AAAA ප්‍රතිචාරයකට ගන්න",
+    "rewrite_domain_name": "වසම් නාමය: අන්. නාම (CNAME) වාර්තාවක් එක්කරන්න",
+    "disable_ipv6": "අයිපීවී6 ලිපින විසඳීම අබල කරන්න",
+    "disable_ipv6_desc": "අ.ජා.කෙ. අනු.6 ලිපින (AAAA වර්ගය) සඳහා වන සියළුම ව.නා.ප. විමසුම් අතහැර දමයි.",
    "fastest_addr": "වේගවත්ම අන්තර්ජාල කෙටුම්පත් (IP) ලිපිනය",
-    "fastest_addr_desc": "සියලුම ව.නා.ප. සේවාදායකයන්ගෙන් විමසා සියලු ප්‍රතිචාර අතරින් වේගවත්ම අ.ජා. කෙ. ලිපිනය ලබා දෙයි. සියලුම ව.නා.ප. සේවාදායකයන්ගේ ප්‍රතිචාර සඳහා ඇඩ්ගාර්ඩ් හෝම් රැඳී සිටිය යුතු බැවින් මෙය ව.නා.ප. විමසුම් මන්දගාමී කරන නමුත් සමස්ත සම්බන්ධතාවය වැඩි දියුණු කරයි.",
-    "autofix_warning_text": "ඔබ \"නිරාකරණය කරන්න\" බොත්තම එබුවහොත්, ඔබගේ පද්ධතිය ඇඩ්ගාර්ඩ් හෝම් ව.නා.ප. සේවාදායකය භාවිතා කිරීමට වින්‍යාසගත කරනු ඇත.",
-    "autofix_warning_result": "ප්‍රතිඵලයක් ලෙස ඔබගේ පද්ධතියෙන් ලැබෙන සියලුම ව.නා.ප. ඉල්ලීම් මූලිකවම ඇඩ්ගාර්ඩ් හෝම් විසින් සකසනු ඇත.",
+    "fastest_addr_desc": "සියළුම ව.නා.ප. සේවාදායක වලින් විමසා සියළු ප්‍රතිචාර අතරින් වේගවත්ම අ.ජා.කෙ. ලිපිනය ලබා දෙයි. සියළුම ව.නා.ප. ප්‍රතිචාර සඳහා ඇඩ්ගාර්ඩ් හෝම් රැඳී සිටිය යුතු බැවින් මෙය ව.නා.ප. විමසුම් මන්දගාමී කරන නමුත් සමස්ත සම්බන්ධතාවය වැඩි දියුණු කරයි.",
+    "autofix_warning_text": "ඔබ \"නිරාකරණය\" යන්න එබුවහොත්, ඔබගේ පද්ධතිය ඇඩ්ගාර්ඩ් හෝම් ව.නා.ප. සේවාදායකය භාවිතයට වින්‍යාසගත කෙරෙනු ඇත.",
+    "autofix_warning_result": "ප්‍රතිඵලයක් ලෙස ඔබගේ පද්ධතියෙන් ලැබෙන සියළුම ව.නා.ප. ඉල්ලීම් මූලිකවම ඇඩ්ගාර්ඩ් හෝම් විසින් සකසනු ඇත.",
    "tags_title": "හැඳුනුම් සංකේත",
    "tags_desc": "අනුග්‍රාහකයට අනුරූප වන හැඳුනුම් සංකේත ඔබට තෝරා ගත හැකිය. පෙරහන් නීති වලට හැඳුනුම් සංකේත ඇතුළත් කළ හැකි අතර ඒවා වඩාත් නිවැරදිව යෙදීමට ඔබට ඉඩ සලසයි. <0>තව දැන ගන්න</0>",
    "form_select_tags": "අනුග්‍රාහක හැඳුනුම් සංකේත",
-    "check_title": "පෙරීම පරීක්ෂා කරන්න",
-    "check_desc": "ධාරක නාමය පෙරහන් කර ඇත්දැයි පරීක්ෂා කරන්න",
-    "check": "පරීක්ෂා කරන්න",
+    "check_title": "පෙරීම පරීක්‍ෂා කරන්න",
+    "check_desc": "ධාරක නාමය පෙරහන් වේ දැයි පරීක්‍ෂා කරන්න",
+    "check": "පරීක්‍ෂාව",
    "form_enter_host": "ධාරක නාමයක් ඇතුල් කරන්න",
    "filtered_custom_rules": "අභිරුචි පෙරීමේ නීති මගින් පෙරහන් කරන ලදි",
    "choose_from_list": "ලැයිස්තුවෙන් තෝරන්න",
-    "add_custom_list": "අභිරුචි ලැයිස්තුවක් එකතු කරන්න",
+    "add_custom_list": "අභිරුචි ලැයිස්තුවක් එක්කරන්න",
    "host_whitelisted": "ධාරකයට ඉඩ දී ඇත",
-    "check_ip": "අ.ජා. කෙ. (IP) ලිපින: {{ip}}",
+    "check_ip": "අ.ජා.කෙ. ලිපින: {{ip}}",
    "check_cname": "අන්. නාමය (CNAME): {{cname}}",
    "check_reason": "හේතුව: {{reason}}",
    "check_service": "සේවාවෙහි නම: {{service}}",
    "service_name": "සේවාවේ නම",
-    "check_not_found": "ඔබගේ පෙරහන් ලැයිස්තු තුළ සොයා ගත නොහැක",
-    "client_confirm_block": "{{ip}} අනුග්‍රාහකය අවහිර කිරීමට අවශ්‍ය බව ඔබට විශ්වාසද?",
-    "client_confirm_unblock": "{{ip}} අනුග්‍රාහකය අනවහිර කිරීමට අවශ්‍ය බව ඔබට විශ්වාසද?",
-    "client_blocked": "අනුග්‍රාහකය \"{{ip}}\" සාර්ථකව අවහිර කරන ලදි",
-    "client_unblocked": "අනුග්‍රාහකය \"{{ip}}\" සාර්ථකව අනවහිර කරන ලදි",
+    "check_not_found": "ඔබගේ පෙරහන් ලැයිස්තු තුළ නැත",
+    "client_confirm_block": "{{ip}} අනුග්‍රාහකය අවහිර කිරීමට ඇවැසි බව ඔබට විශ්වාසද?",
+    "client_confirm_unblock": "{{ip}} අනුග්‍රාහකය අනවහිර කිරීමට ඇවැසි බව ඔබට විශ්වාසද?",
+    "client_blocked": "අනුග්‍රාහකය \"{{ip}}\" සාර්ථකව අවහිර කෙරිණි",
+    "client_unblocked": "අනුග්‍රාහකය \"{{ip}}\" සාර්ථකව අනවහිර කෙරිණි",
    "static_ip": "ස්ථිතික අ.ජා. කෙ. ලිපිනය",
-    "static_ip_desc": "ඇඩ්ගාර්ඩ් හෝම් යනු සේවාදායකයක් බැවින් එය නිසි ලෙස ක්‍රියා කිරීමට ස්ථිතික අන්තර්ජාල කෙටුම්පත් (IP) ලිපිනයක් අවශ්‍ය වේ. එසේ නොමැතිනම්, යම් අවස්ථාවක දී ඔබගේ මාර්ගකාරකය මෙම උපාංගයට වෙනත් අ.ජා. කෙ. ලිපිනයක් ලබා දිය හැකිය.",
-    "set_static_ip": "ස්ථිතික අ.ජා. කෙ. (IP) ලිපිනයක් සකසන්න",
+    "static_ip_desc": "ඇඩ්ගාර්ඩ් හෝම් යනු සේවාදායකයක් බැවින් එය නිසි ලෙස ක්‍රියා කිරීමට ස්ථිතික අන්තර්ජාල කෙටුම්පත් (IP) ලිපිනයක් ඇවැසිය. එසේ නැතිනම්, යම් අවස්ථාවක දී ඔබගේ මාර්ගකාරකය මෙම උපාංගයට වෙනත් අ.ජා. කෙ. ලිපිනයක් ලබා දිය හැකිය.",
+    "set_static_ip": "ස්ථිතික අ.ජා.කෙ. (IP) ලිපිනයක් සකසන්න",
    "install_static_ok": "සුභ තොරතුරක්! ස්ථිතික අන්තර්ජාල කෙටුම්පත් (IP) ලිපිනය දැනටමත් වින්‍යාසගත කර ඇත",
-    "install_static_error": "මෙම ජාල අතුරුමුහුණත සඳහා ඇඩ්ගාර්ඩ් හෝම් හට එය ස්වයංක්‍රීයව වින්‍යාසගත කළ නොහැක. කරුණාකර මෙය අතින් කරන්නේ කෙසේද යන්න පිළිබඳ උපදෙස් සොයා ගන්න.",
-    "install_static_configure": "ගතික අ.ජා. කෙ. (IP) ලිපිනයක් භාවිතා කරන බව ඇඩ්ගාර්ඩ් හෝම් හඳුනාගෙන ඇත - <0>{{ip}}</0>. එය ඔබගේ ස්ථිතික ලිපිනය ලෙස භාවිතා කිරීමට අවශ්‍යද?",
-    "confirm_static_ip": "ඇඩ්ගාර්ඩ් හෝම් ඔබේ ස්ථිතික අ.ජා. කෙ. (IP) ලිපිනය ලෙස {{ip}} වින්‍යාසගත කරනු ඇත. ඔබට ඉදිරියට යාමට අවශ්‍යද?",
-    "list_updated": "{{count}} ලැයිස්තුව යාවත්කාලීන කරන ලදි",
-    "list_updated_plural": "ලැයිස්තු {{count}} ක් යාවත්කාලීන කරන ලදි",
-    "all_queries": "සියලුම විමසුම්",
+    "install_static_error": "මෙම ජාල අතුරුමුහුණත සඳහා ඇඩ්ගාර්ඩ් හෝම් හට එය ස්වයංක්‍රීයව වින්‍යාසගත කිරීමට නොහැකිය. මෙය අතින් කරන්නේ කෙසේද යන්න පිළිබඳ උපදෙස් සොයා ගන්න.",
+    "install_static_configure": "ගතික අ.ජා.කෙ. (IP) ලිපිනයක් භාවිතා කරන බව ඇඩ්ගාර්ඩ් හෝම් හඳුනාගෙන ඇත - <0>{{ip}}</0>. එය ඔබගේ ස්ථිතික ලිපිනය ලෙස භාවිතා කිරීමට අවශ්‍යද?",
+    "confirm_static_ip": "ඇඩ්ගාර්ඩ් හෝම් ඔබගේ ස්ථිතික අ.ජා.කෙ. (IP) ලිපිනය ලෙස {{ip}} වින්‍යාසගත කරනු ඇත. ඔබට ඉදිරියට යාමට අවශ්‍යද?",
+    "list_updated": "ලැයිස්තු {{count}} ක් යාවත්කාල කෙරිණි",
+    "list_updated_plural": "ලැයිස්තු {{count}} ක් යාවත්කාල කෙරිණි",
+    "all_queries": "සියළුම විමසුම්",
    "show_blocked_responses": "අවහිර කර ඇත",
    "show_whitelisted_responses": "ඉඩ දී ඇත",
    "show_processed_responses": "සකසා ඇත",
-    "blocked_safebrowsing": "ආරක්ෂිත සෙවීම මගින් අවහිර කරන ලද",
-    "blocked_adult_websites": "අවහිර කළ වැඩිහිටි වියමන අඩවි",
+    "blocked_safebrowsing": "ආරක්‍ෂිත පිරික්සුම මගින් අවහිර කළ",
+    "blocked_adult_websites": "දෙමාපිය පාලනය මගින් අවහිර කළ",
    "blocked_threats": "අවහිර කළ තර්ජන",
    "allowed": "ඉඩ දී ඇත",
    "filtered": "පෙරහන් කරන ලද",
    "rewritten": "නැවත ලියන ලද",
-    "safe_search": "ආරක්ෂිත සෙවීම",
+    "safe_search": "ආරක්‍ෂිත සෙවීම",
    "blocklist": "අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තුව",
    "milliseconds_abbreviation": "මිලි තත්.",
    "cache_size": "නිහිතයෙහි ප්‍රමාණය",
    "cache_size_desc": "ව.නා.ප. නිහිතයෙහි ප්‍රමාණය (බයිට වලින්)",
    "cache_ttl_min_override": "අවම පව. කා. අභිබවන්න",
    "cache_ttl_max_override": "උපරිම පව. කා. අභිබවන්න",
-    "enter_cache_size": "ව.නා.ප. නිහිතයෙහි ප්‍රමාණය ඇතුල් කරන්න (බයිට)",
+    "enter_cache_size": "ව.නා.ප. නිහිතයෙහි ප්‍රමාණය යොදන්න (බයිට)",
    "enter_cache_ttl_min_override": "අවම පව. කා. (TTL) ඇතුල් කරන්න",
    "enter_cache_ttl_max_override": "උපරිම පව. කා. (TTL) ඇතුල් කරන්න",
-    "cache_ttl_max_override_desc": "ව.නා.ප. නිහිතයෙහි ඇති ඇතුළත් කිරීම් සඳහා ඉතා වැඩි පවත්නා කාලයක අගයක් (තත්පර) සකසන්න",
+    "cache_ttl_max_override_desc": "ව.නා.ප. නිහිතයෙහි නිවේශිත සඳහා ඉතා වැඩි පවත්නා කාලයක අගයක් (තත්.) සකසන්න",
    "ttl_cache_validation": "නිහිතයෙහි අවම පව. කා. (TTL) අගය උපරිම අගයට වඩා අඩු හෝ සමාන විය යුතුය",
    "cache_optimistic_desc": "නිවේශිත කල් ඉකුත් වූ විට පවා ඇඩ්ගාර්ඩ් හෝම් ට නිහිතයෙන් ප්‍රතිචාර දැක්වීමට සලස්වයි එමෙන්ම ඒවා නැවත නැවුම් කිරීමට ද උත්සාහ කරයි.",
    "filter_category_general": "පොදු",
-    "filter_category_security": "ආරක්ෂණ",
-    "filter_category_regional": "ප්‍රාදේශ්‍රීය",
+    "filter_category_security": "ආරක්‍ෂණ",
+    "filter_category_regional": "ප්‍රාදේශීය",
    "filter_category_other": "වෙනත්",
    "filter_category_general_desc": "බොහෝ උපාංගවල ලුහුබැඳීම් සහ දැන්වීම් අවහිර කරන ලැයිස්තු",
    "filter_category_security_desc": "ද්වේෂසහගත, තතුබෑම් සහ වංචනික වසම් අවහිර කිරීමට නිර්මාණය කළ ලැයිස්තු",
-    "filter_category_regional_desc": "ප්‍රාදේශ්‍රීය දැන්වීම් සහ ලුහුබැඳීමේ සේවාදායකයන් කෙරෙහි අවධානය යොමු කරන ලැයිස්තු",
+    "filter_category_regional_desc": "ප්‍රාදේශීය දැන්වීම් සහ ලුහුබැඳීමේ සේවාදායක කෙරෙහි අවධානය යොමු කරන ලැයිස්තු",
    "filter_category_other_desc": "වෙනත් අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තු",
-    "setup_config_to_enable_dhcp_server": "ග.ධා.වි.කෙ. සේවාදායකය සක්‍රීය කිරීම සඳහා වින්‍යාසය පිහිටුවන්න",
+    "setup_config_to_enable_dhcp_server": "ග.ධා.වි.කෙ. සේවාදායකය සබල කිරීමට වින්‍යාසය පිහිටුවන්න",
    "original_response": "මුල් ප්‍රතිචාරය",
    "click_to_view_queries": "විමසුම් බැලීමට ඔබන්න",
-    "port_53_faq_link": "53 වන කෙවෙනිය බොහෝ විට \"DNSStubListener\" හෝ \"systemd-resolved\" සේවාවන් භාවිතයට ගනු ලැබේ. කරුණාකර මෙය විසඳන්නේ කෙසේද යන්න පිළිබඳ <0>මෙම උපදෙස්</0> කියවන්න.",
-    "adg_will_drop_dns_queries": "ඇඩ්ගාර්ඩ් හෝම් විසින් මෙම අනුග්‍රාහකයේ සියලුම ව.නා.ප. විමසුම් අතහැර දමනු ඇත.",
-    "client_not_in_allowed_clients": "\"ඉඩ දුන් අනුග්‍රාහකයින්\" ලැයිස්තුවේ නැති නිසා අනුග්‍රාහකයට ඉඩ දී නැත.",
-    "experimental": "පරීක්ෂණාත්මක",
-    "use_saved_key": "පෙර සුරැකි යතුර භාවිතා කරන්න"
+    "port_53_faq_link": "53 වන කෙවෙනිය බොහෝ විට \"DNSStubListener\" හෝ \"systemd-resolved\" සේවා භාවිතයට ගනු ලැබේ. කරුණාකර මෙය විසඳන්නේ කෙසේද යන්න පිළිබඳ <0>මෙම උපදෙස්</0> කියවන්න.",
+    "adg_will_drop_dns_queries": "ඇඩ්ගාර්ඩ් හෝම් මෙම අනුග්‍රාහකයේ සියළුම ව.නා.ප. විමසුම් අතහැර දමනු ඇත.",
+    "experimental": "පරීක්‍ෂාත්මක",
+    "use_saved_key": "පෙර සුරැකි යතුර භාවිතා කරන්න",
+    "parental_control": "දෙමාපිය පාලනය",
+    "safe_browsing": "ආරක්‍ෂිත පිරික්සුම",
+    "served_from_cache": "{{value}} <i>(නිහිතයෙන් ගැනිණි)</i>"
 }
--- a/client/src/__locales/sk.json
+++ b/client/src/__locales/sk.json
@@ -163,8 +163,8 @@
    "apply_btn": "Použiť",
    "disabled_filtering_toast": "Vypnutá filtrácia",
    "enabled_filtering_toast": "Zapnutá filtrácia",
-    "disabled_safe_browsing_toast": "Vypnuté Bezpečné prehliadanie",
-    "enabled_safe_browsing_toast": "Zapnuté Bezpečné prehliadanie",
+    "disabled_safe_browsing_toast": "Bezpečné prehliadanie vypnuté",
+    "enabled_safe_browsing_toast": "Bezpečné prehliadanie zapnuté",
    "disabled_parental_toast": "Vypnutá Rodičovská kontrola",
    "enabled_parental_toast": "Zapnutá Rodičovská kontrola",
    "disabled_safe_search_toast": "Vypnuté bezpečné vyhľadávanie",
--- a/client/src/__locales/sl.json
+++ b/client/src/__locales/sl.json
@@ -588,7 +588,7 @@
    "show_whitelisted_responses": "Na seznamu dovoljenih",
    "show_processed_responses": "Obdelana",
    "blocked_safebrowsing": "Onemogočeno z 'Varnim brskanjem'",
-    "blocked_adult_websites": "Onemogočeno spletnih strani za odrasle",
+    "blocked_adult_websites": "Onemogočeno s Starševskim nadzorom",
    "blocked_threats": "Onemogočeno groženj",
    "allowed": "Dovoljeno",
    "filtered": "Filtrirano",
--- a/client/src/__locales/sr-cs.json
+++ b/client/src/__locales/sr-cs.json
@@ -22,7 +22,7 @@
    "form_error_required": "Obavezno polje",
    "form_error_ip4_format": "Nevažeći IPv4 format",
    "form_error_ip6_format": "Nevažeći IPv6 format",
-    "form_error_ip_format": "Nevažeći IPv4 oblik",
+    "form_error_ip_format": "Pogrešna IP adresa",
    "form_error_mac_format": "Nevažeći MAC format",
    "form_error_client_id_format": "Nevažeći format klijenta",
    "form_error_positive": "Mora biti veće od 0",
@@ -169,7 +169,6 @@
    "example_upstream_sdns": "možete koristiti <0>DNS brojeve</0> za <1>DNSCrypt</1> ili <2>DNS-over-HTTPS</2>",
    "example_upstream_tcp": "uobičajeni DNS (preko TCP)",
    "all_lists_up_to_date_toast": "Sve liste su već ažurirane",
-    "updated_upstream_dns_toast": "Ažurirani upstream DNS serveri",
    "dns_test_ok_toast": "Dati DNS serveri rade ispravno",
    "dns_test_not_ok_toast": "Server \"{{key}}\": se ne može koristiti. Proverite da li ste ga ispravno uneli",
    "unblock": "Odblokiraj",
@@ -520,7 +519,7 @@
    "show_whitelisted_responses": "Na beloj listi",
    "show_processed_responses": "Obrađeno",
    "blocked_safebrowsing": "Blokiralo bezbedno pregledanje",
-    "blocked_adult_websites": "Blokiraj sajtove za odrasle",
+    "blocked_adult_websites": "Blokirala roditeljska kontrola",
    "blocked_threats": "Blokiranih pretnji",
    "allowed": "Dozvoljeno",
    "filtered": "Filtrirano",
--- a/client/src/__locales/sv.json
+++ b/client/src/__locales/sv.json
@@ -16,6 +16,8 @@
    "dhcp_static_leases": "Statiska DHCP-leases",
    "dhcp_leases_not_found": "Ingen DHCP-lease hittad",
    "form_error_required": "Obligatoriskt fält",
+    "form_error_ip4_format": "Ogiltig IPv4-adress",
+    "form_error_ip6_format": "Ogiltig IPv6-adress",
    "form_error_ip_format": "Ogiltig IP-adress",
    "form_error_mac_format": "Ogiltig MAC-adress",
    "form_error_positive": "Måste vara större än noll",
@@ -129,7 +131,6 @@
    "example_upstream_doh": "krypterat <0>DNS-over-HTTPS</0>",
    "example_upstream_sdns": "Du kan använda <0>DNS-stamps</0> för <1>DNSCrypt</1> eller <2>DNS-over-HTTPS</2>-resolvers",
    "example_upstream_tcp": "vanlig DNS (över UDP)",
-    "updated_upstream_dns_toast": "Uppdaterade uppströms-dns-servrar",
    "dns_test_ok_toast": "Angivna DNS servrar fungerar korrekt",
    "dns_test_not_ok_toast": "Server \"{{key}}\": kunde inte användas. Var snäll och kolla att du skrivit in rätt",
    "unblock": "Avblockera",
@@ -352,7 +353,7 @@
    "show_blocked_responses": "Blockerade",
    "show_whitelisted_responses": "Vitlistade",
    "show_processed_responses": "Utförda",
-    "blocked_adult_websites": "Blockerade vuxensajter",
+    "blocked_adult_websites": "Blockerad av Föräldrakontroll",
    "blocked_threats": "Blockerade hot",
    "allowed": "Vitlistade",
    "safe_search": "Säker surf",
--- a/client/src/__locales/th.json
+++ b/client/src/__locales/th.json
@@ -128,7 +128,6 @@
    "example_upstream_doh": "เข้ารหัส <0>DNS-over-HTTPS</0> แล้ว",
    "example_upstream_sdns": "คุณสามรถใช้ <0>DNS Stamps</0> กับ <1>DNSCrypt</1> หรือ <2>DNS-over-HTTPS</2> ตัวแก้ปัญหา",
    "example_upstream_tcp": "dNS ปกติ (ผ่าน TCP)",
-    "updated_upstream_dns_toast": "อัปเดตเซิร์ฟเวอร์ DNS ต้นทาง",
    "dns_test_ok_toast": "เซิร์ฟเวอร์ DNS ที่ระบุทำงานอย่างถูกต้อง",
    "dns_test_not_ok_toast": "เซิร์ฟเวอร์ \"{{key}}\": ไม่สามารถใช้งานได้ โปรดตรวจสอบว่าคุณเขียนถูกต้อง",
    "unblock": "เลิกปิดกั้น",
@@ -390,6 +389,7 @@
    "check_desc": "ตรวจสอบว่าชื่อโฮสต์ถูกกรอง",
    "form_enter_host": "ป้อนชื่อโฮสต์",
    "show_processed_responses": "การประมวลผล",
+    "blocked_adult_websites": "ถูกปิดกั้นโดยการควบคุมของผู้ปกครอง",
    "safe_search": "ค้นหาอย่างปลอดภัย",
    "filter_category_other": "อื่น ๆ",
    "parental_control": "ควบคุมโดยผู้ปกครอง"
--- a/client/src/__locales/tr.json
+++ b/client/src/__locales/tr.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "IPv6 adresi geçersiz",
    "form_error_ip_format": "IP adresi geçersiz",
    "form_error_mac_format": "MAC adresi geçersiz",
-    "form_error_client_id_format": "İstemci kimliği geçersiz",
+    "form_error_client_id_format": "İstemci kimliği yalnızca sayılar, küçük harfler ve kısa çizgiler içermelidir",
    "form_error_server_name": "Sunucu adı geçersiz",
    "form_error_subnet": "\"{{cidr}}\" alt ağı, \"{{ip}}\" IP adresini içermiyor",
    "form_error_positive": "0'dan büyük olmalıdır",
@@ -53,7 +53,7 @@
    "greater_range_end_error": "Bitiş aralığından daha büyük olmalıdır",
    "subnet_error": "Adresler bir alt ağda olmalıdır",
    "gateway_or_subnet_invalid": "Alt ağ maskesi geçersiz",
-    "dhcp_form_gateway_input": "Ağ Geçidi IP'si",
+    "dhcp_form_gateway_input": "Ağ geçidi IP",
    "dhcp_form_subnet_input": "Alt ağ maskesi",
    "dhcp_form_range_title": "IP adresi aralığı",
    "dhcp_form_range_start": "Başlangıç aralığı",
@@ -138,7 +138,7 @@
    "average_processing_time": "Ortalama işlem süresi",
    "average_processing_time_hint": "Bir DNS isteğinin milisaniye cinsinden ortalama işlem süresi",
    "block_domain_use_filters_and_hosts": "Filtre ve ana bilgisayar listelerini kullanarak alan adlarını engelle",
-    "filters_block_toggle_hint": "<a>Filtreler</a> sayfasından engelleme kurallarını ayarlayabilirsiniz.",
+    "filters_block_toggle_hint": "<a>Filtreler</a> ayarlarında engelleme kuralları oluşturabilirsiniz.",
    "use_adguard_browsing_sec": "AdGuard gezinti koruması web hizmetini kullan",
    "use_adguard_browsing_sec_hint": "AdGuard Home, alan adının gezinti koruması web hizmeti tarafından engellenip engellenmediğini kontrol eder. Kontrolü gerçekleştirmek için gizlilik dostu arama API'sini kullanır: sunucuya yalnızca SHA256 karma alan adının kısa bir ön eki gönderilir.",
    "use_adguard_parental": "AdGuard ebeveyn denetimi web hizmetini kullan",
@@ -163,12 +163,12 @@
    "apply_btn": "Uygula",
    "disabled_filtering_toast": "Filtreleme devre dışı",
    "enabled_filtering_toast": "Filtreleme etkin",
-    "disabled_safe_browsing_toast": "Güvenli gezinti devre dışı",
-    "enabled_safe_browsing_toast": "Güvenli gezinti etkin",
-    "disabled_parental_toast": "Ebeveyn denetimi devre dışı",
-    "enabled_parental_toast": "Ebeveyn denetimi etkin",
-    "disabled_safe_search_toast": "Güvenli arama devre dışı",
-    "enabled_save_search_toast": "Güvenli arama etkin",
+    "disabled_safe_browsing_toast": "Güvenli Gezinti devre dışı bırakıldı",
+    "enabled_safe_browsing_toast": "Güvenli Gezinti etkinleştirildi",
+    "disabled_parental_toast": "Ebeveyn denetimi devre dışı bırakıldı",
+    "enabled_parental_toast": "Ebeveyn denetimi etkinleştirildi",
+    "disabled_safe_search_toast": "Güvenli arama devre dışı bırakıldı",
+    "enabled_save_search_toast": "Güvenli arama etkinleştirildi",
    "enabled_table_header": "Etkin",
    "name_table_header": "İsim",
    "list_url_table_header": "Liste URL'si",
@@ -178,7 +178,7 @@
    "request_table_header": "İstek",
    "edit_table_action": "Düzenle",
    "delete_table_action": "Sil",
-    "elapsed": "Geçen zaman",
+    "elapsed": "Geçen süre",
    "filters_and_hosts_hint": "AdGuard Home, temel reklam engelleme kurallarını ve ana bilgisayar engelleme dosyalarının söz dizimini anlar.",
    "no_blocklist_added": "Engel listesi eklenmedi",
    "no_whitelist_added": "İzin listesi eklenmedi",
@@ -327,10 +327,10 @@
    "install_submit_desc": "Yükleme işlemi tamamlandı ve artık AdGuard Home'u kullanmaya hazırsınız.",
    "install_devices_router": "Yönlendirici",
    "install_devices_router_desc": "Bu kurulum, ev yönlendiricinize bağlı tüm cihazları otomatik olarak kapsar ve her birini elle yapılandırmanıza gerek yoktur.",
-    "install_devices_address": "AdGuard Home DNS sunucusu şu adresi dinleyecektir",
+    "install_devices_address": "AdGuard Home DNS sunucusu aşağıdaki adresleri dinliyor",
    "install_devices_router_list_1": "Yönlendiricinizin ayarlarına gidin. Genellikle tarayıcınızdan http://192.168.0.1/ veya http://192.168.1.1/ gibi bir URL aracılığıyla erişebilirsiniz. Bir parola girmeniz istenebilir. Hatırlamıyorsanız, genellikle yönlendiricinin üzerindeki bir düğmeye basarak parolayı sıfırlayabilirsiniz, ancak bu işlemin seçilmesi durumunda yüksek ihtimalle tüm yönlendirici yapılandırmasını kaybedeceğinizi unutmayın. Yönlendiricinizin kurulumu için bir uygulama gerekiyorsa, lütfen uygulamayı telefonunuza veya PC'nize yükleyin ve yönlendiricinin ayarlarına erişmek için kullanın.",
    "install_devices_router_list_2": "DHCP/DNS ayarlarını bulun. DNS satırlarını arayın, genelde iki veya üç tanedir, üç rakam girilebilen dört ayrı grup içeren satırdır.",
-    "install_devices_router_list_3": "AdGuard Home sunucusunun adresini o kısma yazın.",
+    "install_devices_router_list_3": "AdGuard Home sunucu adreslerinizi oraya girin.",
    "install_devices_router_list_4": "Bazı yönlendirici türlerinde özel bir DNS sunucusu ayarlanamaz. Bu durumda, AdGuard Home'u <0>DHCP sunucusu</0> olarak ayarlamak yardımcı olabilir. Aksi takdirde, yönlendirici modeliniz için DNS sunucularını nasıl ayarlayacağınız konusunda yönlendirici kılavuzuna bakmalısınız.",
    "install_devices_windows_list_1": "Başlat menüsünden veya Windows araması aracılığıyla Denetim Masası'nı açın.",
    "install_devices_windows_list_2": "Ağ ve İnternet kategorisine girin ve ardından Ağ ve Paylaşım Merkezi'ne girin.",
@@ -339,15 +339,15 @@
    "install_devices_windows_list_5": "Listede \"İnternet Protokolü Sürüm 4 (TCP/IPv4)\" (veya IPv6 için \"İnternet Protokolü Sürüm 6 (TCP/IPv6)\") öğesini bulun, seçin ve ardından tekrar Özellikler'e tıklayın.",
    "install_devices_windows_list_6": "\"Aşağıdaki DNS sunucu adreslerini kullan\"ı seçin ve AdGuard Home sunucu adreslerinizi girin.",
    "install_devices_macos_list_1": "Apple simgesinde bulunan Sistem Tercihleri'ne tıklayın.",
-    "install_devices_macos_list_2": "Ağ seçeneğine tıklayın.",
+    "install_devices_macos_list_2": "Ağ'a tıklayın.",
    "install_devices_macos_list_3": "Listedeki ilk bağlantıyı seçin ve Gelişmiş öğesine tıklayın.",
    "install_devices_macos_list_4": "DNS sekmesini seçin ve AdGuard Home sunucunuzun adreslerini girin.",
-    "install_devices_android_list_1": "Android cihazınızda Ayarlar simgesine dokunun.",
+    "install_devices_android_list_1": "Android Menüsü ana ekranından Ayarlar'a dokunun.",
    "install_devices_android_list_2": "Menüde bulunan Wi-Fi seçeneğine dokunun. Mevcut tüm ağlar listelenecektir (mobil ağlar için özel DNS sunucusu ayarlanamaz).",
    "install_devices_android_list_3": "Bağlı olduğunuz ağın üzerine basılı tutun ve Ağı Değiştir'e dokunun.",
    "install_devices_android_list_4": "Bazı cihazlarda, diğer ayarları görmek için \"Gelişmiş\" seçeneğini seçmeniz gerekebilir. Android DNS ayarlarınızı yapmak için IP ayarlarını DHCP modundan Statik moda almanız gerekecektir.",
    "install_devices_android_list_5": "DNS 1 ve DNS 2 değerlerini AdGuard Home sunucunuzun adresleriyle değiştirin.",
-    "install_devices_ios_list_1": "Ana ekrandaki Ayarlar simgesine dokunun.",
+    "install_devices_ios_list_1": "Ana ekrandan Ayarlar'a dokunun.",
    "install_devices_ios_list_2": "Sol menüde bulunan Wi-Fi bölümüne girin (mobil ağlar için özel DNS sunucusu ayarlanamaz).",
    "install_devices_ios_list_3": "Bağlı olduğunuz ağın ismine dokunun.",
    "install_devices_ios_list_4": "DNS alanına AdGuard Home sunucunuzun adreslerini girin.",
@@ -386,8 +386,8 @@
    "encryption_issuer": "Sağlayan",
    "encryption_hostnames": "Ana bilgisayar adları",
    "encryption_reset": "Şifreleme ayarlarını sıfırlamak istediğinizden emin misiniz?",
-    "topline_expiring_certificate": "SSL sertifikanızın süresi dolmak üzere. <0>Şifreleme ayarlarını</0> güncelleyin.",
-    "topline_expired_certificate": "SSL sertifikanızın süresi doldu. <0>Şifreleme ayarlarını</0> güncelleyin.",
+    "topline_expiring_certificate": "SSL sertifikanızın süresi sona erdi. <0>Şifreleme ayarlarını</0> güncelleyin.",
+    "topline_expired_certificate": "SSL sertifikanızın süresi sona erdi. <0>Şifreleme ayarlarını</0> güncelleyin.",
    "form_error_port_range": "80-65535 aralığında geçerli bir bağlantı noktası değeri girin",
    "form_error_port_unsafe": "Bu bağlantı noktası güvenli değil",
    "form_error_equal": "Aynı olmamalı",
@@ -417,7 +417,7 @@
    "client_identifier": "Tanımlayıcı",
    "ip_address": "IP adresi",
    "client_identifier_desc": "İstemciler IP adresi, CIDR, MAC adresi veya özel bir istemci kimliği ile tanımlanabilir (DoT/DoH/DoQ için kullanılabilir). İstemcileri nasıl tanımlayacağınız hakkında daha fazla bilgiyi <0>burada</0> bulabilirsiniz.",
-    "form_enter_ip": "IP adresi girin",
+    "form_enter_ip": "IP girin",
    "form_enter_subnet_ip": "\"{{cidr}}\" alt ağına bir IP adresi girin",
    "form_enter_mac": "MAC adresi girin",
    "form_enter_id": "Tanımlayıcı girin",
@@ -439,7 +439,7 @@
    "access_allowed_desc": "CIDR'lerin, IP adreslerinin veya istemci kimliklerinin listesi. Yapılandırılırsa, AdGuard Home yalnızca bu istemcilerden gelen istekleri kabul eder.",
    "access_disallowed_title": "İzin verilmeyen istemciler",
    "access_disallowed_desc": "CIDR'lerin, IP adreslerinin veya istemci kimliklerinin listesi. Yapılandırılırsa, AdGuard Home bu istemcilerden gelen istekleri keser. İzin verilen istemciler yapılandırılırsa, bu alan yok sayılır.",
-    "access_blocked_title": "Engellenen alan adları",
+    "access_blocked_title": "İzin verilmeyen alan adları",
    "access_blocked_desc": "Bu işlem filtrelerle ilgili değildir. AdGuard Home, bu alan adlarından gelen DNS sorgularını yanıtsız bırakır ve bu sorgular sorgu günlüğünde görünmez. Tam alan adlarını, joker karakterleri veya URL filtre kurallarını belirtebilirsiniz, ör. \"example.org\", \"*.example.org\" veya \"||example.org^\".",
    "access_settings_saved": "Erişim ayarları başarıyla kaydedildi!",
    "updates_checked": "Güncelleme kontrolü başarılı",
@@ -587,8 +587,8 @@
    "show_blocked_responses": "Engellenen",
    "show_whitelisted_responses": "İzin verilen",
    "show_processed_responses": "İşlenen",
-    "blocked_safebrowsing": "Güvenli gezinti tarafından engellendi",
-    "blocked_adult_websites": "Engellenen yetişkin içerikli siteler",
+    "blocked_safebrowsing": "Güvenli Gezinti tarafından engellendi",
+    "blocked_adult_websites": "Ebeveyn Denetimi tarafından engellendi",
    "blocked_threats": "Engellenen tehditler",
    "allowed": "İzin verilen",
    "filtered": "Filtrelenen",
@@ -601,8 +601,8 @@
    "cache_ttl_min_override": "Minimum TTL'i değiştir",
    "cache_ttl_max_override": "Maksimum TTL'i değiştir",
    "enter_cache_size": "Önbellek boyutunu girin (bayt)",
-    "enter_cache_ttl_min_override": "Minimum TTL değerini girin (saniye)",
-    "enter_cache_ttl_max_override": "Maksimum TTL değerini girin (saniye)",
+    "enter_cache_ttl_min_override": "Minimum TTL değerini girin (saniye olarak)",
+    "enter_cache_ttl_max_override": "Maksimum TTL değerini girin (saniye olarak)",
    "cache_ttl_min_override_desc": "DNS yanıtlarını önbelleğe alırken üst sunucudan alınan kullanım süresi değerini uzatın (saniye olarak)",
    "cache_ttl_max_override_desc": "DNS önbelleğindeki girişler için maksimum kullanım süresi değerini ayarlayın (saniye olarak)",
    "ttl_cache_validation": "Minimum önbellek TTL değeri, maksimum değerden küçük veya bu değere eşit olmalıdır",
@@ -625,6 +625,7 @@
    "last_rule_in_allowlist": "\"{{disallowed_rule}}\" kuralı hariç tutulduğunda \"İzin verilen istemciler\" listesi DEVRE DIŞI bırakılacağı için bu istemciye izin verilemez.",
    "experimental": "Deneysel",
    "use_saved_key": "Önceden kaydedilmiş anahtarı kullan",
-    "parental_control": "Ebeveyn denetimi",
-    "safe_browsing": "Güvenli gezinti"
+    "parental_control": "Ebeveyn Denetimi",
+    "safe_browsing": "Güvenli Gezinti",
+    "served_from_cache": "{{value}} <i>(önbellekten kullanıldı)</i>"
 }
--- a/client/src/__locales/uk.json
+++ b/client/src/__locales/uk.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "Неправильна IPv6-адреса",
    "form_error_ip_format": "Неправильна IP-адреса",
    "form_error_mac_format": "Неправильна MAC-адреса",
-    "form_error_client_id_format": "Неправильний ID клієнта",
+    "form_error_client_id_format": "ID клієнта має містити лише цифри, малі букви та дефіси",
    "form_error_server_name": "Неправильна назва сервера",
    "form_error_subnet": "Підмережа «{{cidr}}» не містить IP-адресу «{{ip}}»",
    "form_error_positive": "Повинно бути більше 0",
@@ -587,8 +587,8 @@
    "show_blocked_responses": "Заблоковані",
    "show_whitelisted_responses": "Дозволені",
    "show_processed_responses": "Оброблені",
-    "blocked_safebrowsing": "Безпечний перегляд заблоковано",
-    "blocked_adult_websites": "Заблоковані вебсайти для дорослих",
+    "blocked_safebrowsing": "Заблоковано Безпечним переглядом",
+    "blocked_adult_websites": "Заблоковано Батьківським контролем",
    "blocked_threats": "Заблоковано загроз",
    "allowed": "Дозволено",
    "filtered": "Відфільтровано",
@@ -626,6 +626,6 @@
    "experimental": "Експериментальний",
    "use_saved_key": "Використати раніше збережений ключ",
    "parental_control": "Батьківський контроль",
-    "safe_browsing": "Безпечний інтернет",
+    "safe_browsing": "Безпечний перегляд",
    "served_from_cache": "{{value}} <i>(отримано з кешу)</i>"
 }
--- a/client/src/__locales/vi.json
+++ b/client/src/__locales/vi.json
@@ -38,7 +38,7 @@
    "form_error_required": "Trường bắt buộc",
    "form_error_ip4_format": "Định dạng IPv4 không hợp lệ",
    "form_error_ip6_format": "Định dạng IPv6 không hợp lệ",
-    "form_error_ip_format": "Định dạng IPv4 không hợp lệ",
+    "form_error_ip_format": "Địa chỉ IP không hợp lệ",
    "form_error_mac_format": "Định dạng MAC không hợp lệ",
    "form_error_client_id_format": "Định dạng client ID không hợp lệ",
    "form_error_server_name": "Tên máy chủ không hợp lệ",
@@ -578,7 +578,7 @@
    "show_whitelisted_responses": "Đã thêm vào danh sách cho phép",
    "show_processed_responses": "Đã xử lý",
    "blocked_safebrowsing": "Chặn bởi Safebrowsing",
-    "blocked_adult_websites": "Website người lớn đã chặn",
+    "blocked_adult_websites": "Bị chặn bởi Quản lý của Phụ huynh",
    "blocked_threats": "Mối nguy hiểm đã chặn",
    "allowed": "Được phép",
    "filtered": "Đã lọc",
--- a/client/src/__locales/zh-cn.json
+++ b/client/src/__locales/zh-cn.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "无效的 IPv6 地址",
    "form_error_ip_format": "无效的 IP 地址",
    "form_error_mac_format": "无效的 MAC 地址",
-    "form_error_client_id_format": "无效的客户端 ID",
+    "form_error_client_id_format": "无效的客户端 ID 格式客户 ID 必须只包含数字、小写字母和连字符",
    "form_error_server_name": "无效的服务器名",
    "form_error_subnet": "子网 \"{{cidr}}\" 不包含 IP 地址 \"{{ip}}\"",
    "form_error_positive": "必须大于 0",
@@ -588,7 +588,7 @@
    "show_whitelisted_responses": "已列入白名单",
    "show_processed_responses": "已处理",
    "blocked_safebrowsing": "被安全浏览阻止",
-    "blocked_adult_websites": "拦截的成人网站",
+    "blocked_adult_websites": "被家长控制阻止",
    "blocked_threats": "拦截的威胁",
    "allowed": "允许项",
    "filtered": "已过滤",
--- a/client/src/__locales/zh-hk.json
+++ b/client/src/__locales/zh-hk.json
@@ -38,7 +38,7 @@
    "form_error_required": "必要欄位",
    "form_error_ip4_format": "無效的 IPv4 格式",
    "form_error_ip6_format": "無效的 IPv6 格式",
-    "form_error_ip_format": "無效的 IP 格式",
+    "form_error_ip_format": "無效的 IP 位址",
    "form_error_mac_format": "無效的 「MAC 位址」格式",
    "form_error_client_id_format": "無效的「客戶端 ID」格式",
    "form_error_server_name": "無效伺服器名稱",
@@ -206,7 +206,6 @@
    "example_upstream_sdns": "您可以使透過 <0>DNS Stamps</0> 來解析  <1>DNSCrypt</1> 或 <2>DNS-over-HTTPS</2>",
    "example_upstream_tcp": "一般 DNS（透過 TCP）",
    "all_lists_up_to_date_toast": "所有清單已更新至最新",
-    "updated_upstream_dns_toast": "已更新上游 DNS 伺服器",
    "dns_test_ok_toast": "設定中的 DNS 上游運作正常",
    "dns_test_not_ok_toast": "DNS 設定中的 \"{{key}}\" 出現錯誤，請確認是否正確輸入",
    "unblock": "解除封鎖",
--- a/client/src/__locales/zh-tw.json
+++ b/client/src/__locales/zh-tw.json
@@ -43,7 +43,7 @@
    "form_error_ip6_format": "無效的 IPv6 位址",
    "form_error_ip_format": "無效的 IP 位址",
    "form_error_mac_format": "無效的媒體存取控制（MAC）位址",
-    "form_error_client_id_format": "無效的用戶端 ID",
+    "form_error_client_id_format": "用戶端 ID 必須只包含數值、小寫字母和連字號",
    "form_error_server_name": "無效的伺服器名稱",
    "form_error_subnet": "子網路 \"{{cidr}}\" 不包含該 IP 位址 \"{{ip}}\"",
    "form_error_positive": "必須大於 0",
@@ -141,12 +141,12 @@
    "filters_block_toggle_hint": "您可在<a>過濾器</a>設定中設置封鎖規則。",
    "use_adguard_browsing_sec": "使用 AdGuard 瀏覽安全網路服務",
    "use_adguard_browsing_sec_hint": "AdGuard Home 將檢查該網域是否被瀏覽安全網路服務封鎖。它將使用友好的隱私查找應用程式介面（API）以執行檢查：僅域名 SHA256 雜湊的短前綴被傳送到該伺服器。",
-    "use_adguard_parental": "使用 AdGuard 家長監控之網路服務",
+    "use_adguard_parental": "使用 AdGuard 家長控制之網路服務",
    "use_adguard_parental_hint": "AdGuard Home 將檢查網域是否包含成人資料。它使用如同瀏覽安全網路服務一樣之友好的隱私應用程式介面（API）。",
    "enforce_safe_search": "使用安全搜尋",
    "enforce_save_search_hint": "AdGuard Home 將在下列的搜尋引擎：Google、YouTube、Bing、DuckDuckGo、Yandex 和 Pixabay 中強制執行安全搜尋。",
    "no_servers_specified": "無已明確指定的伺服器",
-    "general_settings": "一般的設定",
+    "general_settings": "一般設定",
    "dns_settings": "DNS 設定",
    "dns_blocklists": "DNS 封鎖清單",
    "dns_allowlists": "DNS 允許清單",
@@ -165,8 +165,8 @@
    "enabled_filtering_toast": "已啟用過濾",
    "disabled_safe_browsing_toast": "已禁用安全瀏覽",
    "enabled_safe_browsing_toast": "已啟用安全瀏覽",
-    "disabled_parental_toast": "已禁用家長監控",
-    "enabled_parental_toast": "已啟用家長監控",
+    "disabled_parental_toast": "已禁用家長控制",
+    "enabled_parental_toast": "已啟用家長控制",
    "disabled_safe_search_toast": "已禁用安全搜尋",
    "enabled_save_search_toast": "已啟用安全搜尋",
    "enabled_table_header": "已啟用",
@@ -548,7 +548,7 @@
    "fastest_addr": "最快的 IP 位址",
    "fastest_addr_desc": "查詢所有的 DNS 伺服器並返回在所有的回應之中最快的 IP 位址。因為 AdGuard Home 必須等待來自所有的 DNS 伺服器之回應，這使 DNS 查詢變慢，但改善總體的連線。",
    "autofix_warning_text": "如果您點擊\"修復\"，AdGuard Home 將配置您的系統使用 AdGuard Home DNS 伺服器。",
-    "autofix_warning_list": "它將執行這些任務：<0>撤銷系統 DNSStubListener</0> <0>設定 DNS 伺服器位址為 127.0.0.1</0> <0>用 /run/systemd/resolve/resolv.conf 取代 /etc/resolv.conf 的符號連結目標</0> <0>停止 DNSStubListener（重新載入 systemd 已解析的服務）</0>",
+    "autofix_warning_list": "它將執行這些任務：<0>撤銷系統 DNSStubListener</0> <0>設定 DNS 伺服器位址為 127.0.0.1</0> <0>用 /run/systemd/resolve/resolv.conf 取代 /etc/resolv.conf 的符號連結目標</0> <0>停止 DNSStubListener（重新載入 systemd-resolved 服務）</0>",
    "autofix_warning_result": "因此，預設下，來自您的系統之所有的 DNS 請求將被 AdGuard Home 處理。",
    "tags_title": "標記",
    "tags_desc": "您可選擇對應該用戶端的標記。標記可被包括在過濾規則中並允許您更準確地套用它們。<0>了解更多</0>",
@@ -566,7 +566,7 @@
    "check_reason": "原因：{{reason}}",
    "check_service": "服務名稱：{{service}}",
    "service_name": "服務名稱",
-    "check_not_found": "未在您的過濾器中被找到",
+    "check_not_found": "未在您的過濾器清單中被找到",
    "client_confirm_block": "您確定您想要封鎖該用戶端 \"{{ip}}\" 嗎？",
    "client_confirm_unblock": "您確定您想要解除封鎖該用戶端 \"{{ip}}\" 嗎？",
    "client_blocked": "用戶端 \"{{ip}}\" 被成功地封鎖",
@@ -588,7 +588,7 @@
    "show_whitelisted_responses": "已允許的",
    "show_processed_responses": "已處理的",
    "blocked_safebrowsing": "被安全瀏覽封鎖",
-    "blocked_adult_websites": "已封鎖的成人網站",
+    "blocked_adult_websites": "被家長控制封鎖",
    "blocked_threats": "已封鎖的威脅",
    "allowed": "已允許的",
    "filtered": "受過濾的",
@@ -613,7 +613,7 @@
    "filter_category_regional": "區域性的",
    "filter_category_other": "其它的",
    "filter_category_general_desc": "封鎖大多數朝向裝置的追蹤和廣告之清單",
-    "filter_category_security_desc": "專門地封鎖惡意、網路釣魚和詐騙的網域之清單",
+    "filter_category_security_desc": "專門地旨在封鎖惡意、網路釣魚和詐騙的網域之清單",
    "filter_category_regional_desc": "專注於區域性的廣告和追蹤伺服器之清單",
    "filter_category_other_desc": "其它的封鎖清單",
    "setup_config_to_enable_dhcp_server": "設置配置以啟用 DHCP 伺服器",
@@ -625,7 +625,7 @@
    "last_rule_in_allowlist": "無法禁止此用戶端，因為排除 “{{disallowed_rule}}” 規則將禁用“已允許用戶端”的清單。",
    "experimental": "實驗性的",
    "use_saved_key": "使用該先前已儲存的金鑰",
-    "parental_control": "家長監控",
+    "parental_control": "家長控制",
    "safe_browsing": "安全瀏覽",
    "served_from_cache": "{{value}} <i>（由快取提供）</i>"
 }
--- a/client/src/components/Settings/Clients/ClientsTable.js
+++ b/client/src/components/Settings/Clients/ClientsTable.js
@@ -4,7 +4,7 @@ import { Trans, withTranslation } from 'react-i18next';
 import ReactTable from 'react-table';

 import { MODAL_TYPE } from '../../../helpers/constants';
-import { splitByNewLine, countClientsStatistics } from '../../../helpers/helpers';
+import { splitByNewLine, countClientsStatistics, sortIp } from '../../../helpers/helpers';
 import Card from '../../ui/Card';
 import Modal from './Modal';
 import CellWrap from '../../ui/CellWrap';
@@ -106,6 +106,7 @@ class ClientsTable extends Component {
                    </div>
                );
            },
+            sortMethod: sortIp,
        },
        {
            Header: this.props.t('table_name'),
--- a/client/src/components/ui/Version.js
+++ b/client/src/components/ui/Version.js
@@ -13,6 +13,12 @@ const Version = () => {
        checkUpdateFlag,
    } = useSelector((state) => state?.dashboard ?? {}, shallowEqual);

+    const {
+        dnsVersion: installDnsVersion,
+    } = useSelector((state) => state?.install ?? {}, shallowEqual);
+
+    const version = dnsVersion || installDnsVersion;
+
    const onClick = () => {
        dispatch(getVersion(true));
    };
@@ -20,11 +26,12 @@ const Version = () => {
    return (
        <div className="version">
            <div className="version__text">
-                {dnsVersion
-                && <>
-                    <Trans>version</Trans>:&nbsp;
-                    <span className="version__value" title={dnsVersion}>{dnsVersion}</span>
-                </>}
+                {version && (
+                    <>
+                        <Trans>version</Trans>:&nbsp;
+                        <span className="version__value" title={version}>{version}</span>
+                    </>
+                )}
                {checkUpdateFlag && <button
                    type="button"
                    className="btn btn-icon btn-icon-sm btn-outline-primary btn-sm ml-2"
--- a/client/src/helpers/helpers.js
+++ b/client/src/helpers/helpers.js
@@ -754,8 +754,10 @@ const getAddressesComparisonBytes = (item) => {
 */
 export const sortIp = (a, b) => {
    try {
-        const comparisonBytesA = getAddressesComparisonBytes(a);
-        const comparisonBytesB = getAddressesComparisonBytes(b);
+        const comparisonBytesA = Array.isArray(a)
+            ? getAddressesComparisonBytes(a[0]) : getAddressesComparisonBytes(a);
+        const comparisonBytesB = Array.isArray(b)
+            ? getAddressesComparisonBytes(b[0]) : getAddressesComparisonBytes(b);

        for (let i = 0; i < comparisonBytesA.length; i += 1) {
            const byteA = comparisonBytesA[i];
--- a/client/src/reducers/install.js
+++ b/client/src/reducers/install.js
@@ -12,13 +12,19 @@ const install = handleActions({
    [actions.getDefaultAddressesRequest]: (state) => ({ ...state, processingDefault: true }),
    [actions.getDefaultAddressesFailure]: (state) => ({ ...state, processingDefault: false }),
    [actions.getDefaultAddressesSuccess]: (state, { payload }) => {
-        const { interfaces } = payload;
+        const { interfaces, version } = payload;
        const web = { ...state.web, port: payload.web_port };
        const dns = { ...state.dns, port: payload.dns_port };

        const newState = {
-            ...state, web, dns, interfaces, processingDefault: false,
+            ...state,
+            web,
+            dns,
+            interfaces,
+            processingDefault: false,
+            dnsVersion: version,
        };
+
        return newState;
    },

@@ -64,6 +70,7 @@ const install = handleActions({
        error: '',
    },
    interfaces: {},
+    dnsVersion: '',
 });

 export default combineReducers({
--- a/go.mod
+++ b/go.mod
@@ -1,42 +1,65 @@
 module github.com/AdguardTeam/AdGuardHome

-go 1.16
+go 1.17

 require (
-	github.com/AdguardTeam/dnsproxy v0.39.13
-	github.com/AdguardTeam/golibs v0.10.3
-	github.com/AdguardTeam/urlfilter v0.15.1
+	github.com/AdguardTeam/dnsproxy v0.40.5
+	github.com/AdguardTeam/golibs v0.10.4
+	github.com/AdguardTeam/urlfilter v0.15.2
 	github.com/NYTimes/gziphandler v1.1.1
-	github.com/ameshkov/dnscrypt/v2 v2.2.2
+	github.com/ameshkov/dnscrypt/v2 v2.2.3
 	github.com/digineo/go-ipset/v2 v2.2.1
-	github.com/fsnotify/fsnotify v1.4.9
-	github.com/go-ping/ping v0.0.0-20210506233800-ff8be3320020
-	github.com/google/go-cmp v0.5.5
+	github.com/fsnotify/fsnotify v1.5.1
+	github.com/go-ping/ping v0.0.0-20211130115550-779d1e919534
+	github.com/google/go-cmp v0.5.6
 	github.com/google/gopacket v1.1.19
 	github.com/google/renameio v1.0.1
-	github.com/insomniacslk/dhcp v0.0.0-20210310193751-cfd4d47082c2
+	github.com/insomniacslk/dhcp v0.0.0-20211214070828-5297eed8f489
 	github.com/kardianos/service v1.2.0
-	github.com/lucas-clemente/quic-go v0.21.1
+	github.com/lucas-clemente/quic-go v0.24.0
 	github.com/mdlayher/ethernet v0.0.0-20190606142754-0394541c37b7
-	github.com/mdlayher/netlink v1.4.0
-	github.com/mdlayher/raw v0.0.0-20210412142147-51b895745faf
-	github.com/miekg/dns v1.1.43
+	github.com/mdlayher/netlink v1.5.0
+	github.com/mdlayher/raw v0.0.0-20211126142749-4eae47f3d54b
+	github.com/miekg/dns v1.1.45
 	github.com/satori/go.uuid v1.2.0
 	github.com/stretchr/testify v1.7.0
 	github.com/ti-mo/netfilter v0.4.0
 	go.etcd.io/bbolt v1.3.6
-	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
-	golang.org/x/net v0.0.0-20210929193557-e81a3d93ecf6
-	golang.org/x/sys v0.0.0-20210909193231-528a39cd75f3
+	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
+	golang.org/x/net v0.0.0-20211216030914-fe4d6282115f
+	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 	gopkg.in/yaml.v2 v2.4.0
-	howett.net/plist v0.0.0-20201203080718-1454fab16a06
+	howett.net/plist v1.0.0
 )

-require github.com/stretchr/objx v0.1.1 // indirect
-
-// TODO(e.burkov):  Get rid of the fork in v0.108.0.
-replace github.com/insomniacslk/dhcp => github.com/AdguardTeam/dhcp v0.0.0-20210519141215-51808c73c0bf
-
-// TODO(a.garipov): Return to the main repo once miekg/dns#1317 is merged.
-replace github.com/miekg/dns => github.com/ameshkov/dns v1.1.32-0.20211214123418-7a5e0dc5f1b0
+require (
+	github.com/BurntSushi/toml v0.4.1 // indirect
+	github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect
+	github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 // indirect
+	github.com/ameshkov/dnsstamps v1.0.3 // indirect
+	github.com/beefsack/go-rate v0.0.0-20200827232406-6cde80facd47 // indirect
+	github.com/cheekybits/genny v1.0.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 // indirect
+	github.com/marten-seemann/qtls-go1-16 v0.1.4 // indirect
+	github.com/marten-seemann/qtls-go1-17 v0.1.0 // indirect
+	github.com/mdlayher/socket v0.1.1 // indirect
+	github.com/nxadm/tail v1.4.8 // indirect
+	github.com/onsi/ginkgo v1.16.5 // indirect
+	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/objx v0.1.1 // indirect
+	github.com/u-root/uio v0.0.0-20210528151154-e40b768296a7 // indirect
+	golang.org/x/mod v0.5.1 // indirect
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
+	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/tools v0.1.8 // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+	honnef.co/go/tools v0.2.2 // indirect
+)
--- a/go.sum
+++ b/go.sum
@@ -7,20 +7,19 @@ dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBr
 dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
-github.com/AdguardTeam/dhcp v0.0.0-20210519141215-51808c73c0bf h1:gc042VRSIRSUzZ+Px6xQCRWNJZTaPkomisDfUZmoFNk=
-github.com/AdguardTeam/dhcp v0.0.0-20210519141215-51808c73c0bf/go.mod h1:TKl4jN3Voofo4UJIicyNhWGp/nlQqQkFxmwIFTvBkKI=
-github.com/AdguardTeam/dnsproxy v0.39.13 h1:7YM5Mr4EpFZ8UO4/4xd6zBG3lZ6AzZO6Xq29Cr4ydOY=
-github.com/AdguardTeam/dnsproxy v0.39.13/go.mod h1:g7zjF1TWpKNeDVh6h3YrjQN8565zsWRd7zo++C/935c=
+github.com/AdguardTeam/dnsproxy v0.40.5 h1:727KSGRmzq2DB5dMm093g0Guhc3dzzzMbfB0C9hK0s8=
+github.com/AdguardTeam/dnsproxy v0.40.5/go.mod h1:PZ9l22h3Er+5mxFQB7oHZMTvx+aa9R6LbzA/ikXQlS0=
 github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
-github.com/AdguardTeam/golibs v0.9.2/go.mod h1:fCAMwPBJ8S7YMYbTWvYS+eeTLblP5E04IDtNAo7y7IY=
-github.com/AdguardTeam/golibs v0.10.3 h1:FBgk17zf35ESVWQKIqEUiqqB2bDaCBC8X5vMU760yB4=
 github.com/AdguardTeam/golibs v0.10.3/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
+github.com/AdguardTeam/golibs v0.10.4 h1:TMBkablZC0IZOpRgg9fzAKlxxNhSN2YJq7qbgtuZ7PQ=
+github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
 github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU=
-github.com/AdguardTeam/urlfilter v0.15.1 h1:dP6S7J6eFAk8MN4IDpUq2fZoBo8K8fmc6pXpxNIv84M=
-github.com/AdguardTeam/urlfilter v0.15.1/go.mod h1:EwXwrYhowP7bedqmOrmKKmQtpBYFyDNEBFQ+lxdUgQU=
-github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
+github.com/AdguardTeam/urlfilter v0.15.2 h1:LZGgrm4l4Ys9eAqB+UUmZfiC6vHlDlYFhx0WXqo6LtQ=
+github.com/AdguardTeam/urlfilter v0.15.2/go.mod h1:46YZDOV1+qtdRDuhZKVPSSp7JWWes0KayqHrKAFBdEI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw=
+github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDOSA=
@@ -29,10 +28,8 @@ github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmH
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635/go.mod h1:lmLxL+FV291OopO93Bwf9fQLQeLyt33VJRUg5VJ30us=
-github.com/ameshkov/dns v1.1.32-0.20211214123418-7a5e0dc5f1b0 h1:a6ca3WlDG4zvUWqVFpVu48b9NZJ0fUFlRhiZKKkq+aw=
-github.com/ameshkov/dns v1.1.32-0.20211214123418-7a5e0dc5f1b0/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
-github.com/ameshkov/dnscrypt/v2 v2.2.2 h1:lxtS1iSA2EjTOMToSi+2+rwspNA+b/wG5/JpccvE9CU=
-github.com/ameshkov/dnscrypt/v2 v2.2.2/go.mod h1:+8SbPbVXpxxcUsgGi8eodkqWPo1MyNHxKYC8hDpqLSo=
+github.com/ameshkov/dnscrypt/v2 v2.2.3 h1:X9UP5AHtwp46Ji+sGFfF/1Is6OPI/SjxLqhKpx0P5UI=
+github.com/ameshkov/dnscrypt/v2 v2.2.3/go.mod h1:xJB9cE1/GF+NB6EEQqRlkoa4bjcV2w7VYn1G+zVq7Bs=
 github.com/ameshkov/dnsstamps v1.0.1/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A=
 github.com/ameshkov/dnsstamps v1.0.3 h1:Srzik+J9mivH1alRACTbys2xOxs0lRH9qnTA7Y1OYVo=
 github.com/ameshkov/dnsstamps v1.0.3/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A=
@@ -44,6 +41,8 @@ github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBT
 github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
 github.com/cheekybits/genny v1.0.0 h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE=
 github.com/cheekybits/genny v1.0.0/go.mod h1:+tQajlRqAUrPI7DOSpB0XAqZYtQakVtB7wXkRAgjxjQ=
+github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
+github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -56,17 +55,20 @@ github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25Kn
 github.com/fanliao/go-promise v0.0.0-20141029170127-1890db352a72/go.mod h1:PjfxuH4FZdUyfMdtBio2lsRr1AKEaVPwelzuHuh8Lqc=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
+github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
+github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-ole/go-ole v1.2.5 h1:t4MGB5xEDZvXI+0rMjjsfBsD7yAgp/s9ZDkL1JndXwY=
 github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
-github.com/go-ping/ping v0.0.0-20210506233800-ff8be3320020 h1:mdi6AbCEoKCA1xKCmp7UtRB5fvGFlP92PvlhxgdvXEw=
-github.com/go-ping/ping v0.0.0-20210506233800-ff8be3320020/go.mod h1:KmHOjTUmJh/l04ukqPoBWPEZr9jwN05h5NXQl5C+DyY=
-github.com/go-test/deep v1.0.5/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8=
+github.com/go-ping/ping v0.0.0-20211130115550-779d1e919534 h1:dhy9OQKGBh4zVXbjwbxxHjRxMJtLXj3zfgpBYQaR4Q4=
+github.com/go-ping/ping v0.0.0-20211130115550-779d1e919534/go.mod h1:xIFjORFzTxqIV/tDVGO4eDy/bLuSyawEeojSm3GfRGk=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
@@ -83,6 +85,9 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -90,8 +95,9 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
@@ -100,6 +106,9 @@ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXi
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/renameio v1.0.1 h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU=
 github.com/google/renameio v1.0.1/go.mod h1:t/HQoYBZSsWSNK35C6CO/TpPLDVWvxOHboWUAweKUpk=
+github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
 github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -108,10 +117,11 @@ github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpg
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8CrSJVmaolDVOxTfS9kc36uB6H40kdbQq8=
 github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714/go.mod h1:2Goc3h8EklBH5mspfHFxBnEoURQCGzQQH1ga9Myjvis=
+github.com/insomniacslk/dhcp v0.0.0-20211214070828-5297eed8f489 h1:jhdHqd7DxBrzfuFSoPxjD6nUVaV/1RIn9aHA0WCf/as=
+github.com/insomniacslk/dhcp v0.0.0-20211214070828-5297eed8f489/go.mod h1:h+MxyHxRg9NH3terB1nfRIUaQEcI0XOVkdR9LNBlp8E=
 github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/joomcode/errorx v1.0.3 h1:3e1mi0u7/HTPNdg6d6DYyKGBhA5l9XpsfuVE29NxnWw=
-github.com/joomcode/errorx v1.0.3/go.mod h1:eQzdtdlNyN7etw6YCS4W4+lu442waxZYw5yvz0ULrRo=
+github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
 github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 h1:uhL5Gw7BINiiPAo24A2sxkcDI0Jt/sqp1v5xQCniEFA=
 github.com/josharian/native v0.0.0-20200817173448-b6b71def0850/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
 github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw=
@@ -121,8 +131,10 @@ github.com/jsimonetti/rtnetlink v0.0.0-20201110080708-d2c240429e6c/go.mod h1:huN
 github.com/jsimonetti/rtnetlink v0.0.0-20201216134343-bde56ed16391/go.mod h1:cR77jAZG3Y3bsb8hF6fHJbFoyFukLFOkQ98S0pQz3xw=
 github.com/jsimonetti/rtnetlink v0.0.0-20201220180245-69540ac93943/go.mod h1:z4c53zj6Eex712ROyh8WI0ihysb5j2ROyV42iNogmAs=
 github.com/jsimonetti/rtnetlink v0.0.0-20210122163228-8d122574c736/go.mod h1:ZXpIyOK59ZnN7J0BV99cZUPmsqDRZ3eq5X+st7u/oSA=
-github.com/jsimonetti/rtnetlink v0.0.0-20210212075122-66c871082f2b h1:c3NTyLNozICy8B4mlMXemD3z/gXgQzVXZS/HqT+i3do=
 github.com/jsimonetti/rtnetlink v0.0.0-20210212075122-66c871082f2b/go.mod h1:8w9Rh8m+aHZIG69YPGGem1i5VzoyRC8nw2kA8B+ik5U=
+github.com/jsimonetti/rtnetlink v0.0.0-20210525051524-4cc836578190/go.mod h1:NmKSdU4VGSiv1bMsdqNALI4RSvvjtz65tTMCnD05qLo=
+github.com/jsimonetti/rtnetlink v0.0.0-20211022192332-93da33804786 h1:N527AHMa793TP5z5GNAn/VLPzlc0ewzWdeP/25gDfgQ=
+github.com/jsimonetti/rtnetlink v0.0.0-20211022192332-93da33804786/go.mod h1:v4hqbTdfQngbVSZJVWUhGE/lbTFf9jb+ygmNUDQMuOs=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
@@ -130,27 +142,28 @@ github.com/kardianos/service v1.2.0 h1:bGuZ/epo3vrt8IPC7mnKQolqFeYJb7Cs8Rk4PSOBB
 github.com/kardianos/service v1.2.0/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/lucas-clemente/quic-go v0.21.1 h1:uuhCcu885TE9u/piPYMChI/yqA1lXfaLUEx8uCMxf8w=
-github.com/lucas-clemente/quic-go v0.21.1/go.mod h1:U9kFi5LKbNIlU30dkuM9vxmTxWq4Bvzee/MjBI+07UA=
+github.com/lucas-clemente/quic-go v0.24.0 h1:ToR7SIIEdrgOhgVTHvPgdVRJfgVy+N0wQAagH7L4d5g=
+github.com/lucas-clemente/quic-go v0.24.0/go.mod h1:paZuzjXCE5mj6sikVLMvqXk8lJV2AsqtJ6bDhjEfxx0=
 github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
 github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc=
-github.com/marten-seemann/qtls-go1-15 v0.1.4 h1:RehYMOyRW8hPVEja1KBVsFVNSm35Jj9Mvs5yNoZZ28A=
 github.com/marten-seemann/qtls-go1-15 v0.1.4/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I=
-github.com/marten-seemann/qtls-go1-16 v0.1.3 h1:XEZ1xGorVy9u+lJq+WXNE+hiqRYLNvJGYmwfwKQN2gU=
-github.com/marten-seemann/qtls-go1-16 v0.1.3/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk=
-github.com/marten-seemann/qtls-go1-17 v0.1.0-beta.1.2 h1:SficYjyOthSrliKI+EaFuXS6HqSsX3dkY9AqxAAjBjw=
-github.com/marten-seemann/qtls-go1-17 v0.1.0-beta.1.2/go.mod h1:fz4HIxByo+LlWcreM4CZOYNuz3taBQ8rN2X6FqvaWo8=
+github.com/marten-seemann/qtls-go1-16 v0.1.4 h1:xbHbOGGhrenVtII6Co8akhLEdrawwB2iHl5yhJRpnco=
+github.com/marten-seemann/qtls-go1-16 v0.1.4/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk=
+github.com/marten-seemann/qtls-go1-17 v0.1.0 h1:P9ggrs5xtwiqXv/FHNwntmuLMNq3KaSIG93AtAZ48xk=
+github.com/marten-seemann/qtls-go1-17 v0.1.0/go.mod h1:fz4HIxByo+LlWcreM4CZOYNuz3taBQ8rN2X6FqvaWo8=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/mdlayher/ethernet v0.0.0-20190606142754-0394541c37b7 h1:lez6TS6aAau+8wXUP3G9I3TGlmPFEq2CTxBaRqY6AGE=
 github.com/mdlayher/ethernet v0.0.0-20190606142754-0394541c37b7/go.mod h1:U6ZQobyTjI/tJyq2HG+i/dfSoFUt8/aZCM+GKtmFk/Y=
-github.com/mdlayher/ethtool v0.0.0-20210210192532-2b88debcdd43 h1:WgyLFv10Ov49JAQI/ZLUkCZ7VJS3r74hwFIGXJsgZlY=
 github.com/mdlayher/ethtool v0.0.0-20210210192532-2b88debcdd43/go.mod h1:+t7E0lkKfbBsebllff1xdTmyJt8lH37niI6kwFk9OTo=
+github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60 h1:tHdB+hQRHU10CfcK0furo6rSNgZ38JT8uPh70c/pFD8=
+github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60/go.mod h1:aYbhishWc4Ai3I2U4Gaa2n3kHWSwzme6EsG/46HRQbE=
 github.com/mdlayher/genetlink v1.0.0 h1:OoHN1OdyEIkScEmRgxLEe2M9U8ClMytqA5niynLtfj0=
 github.com/mdlayher/genetlink v1.0.0/go.mod h1:0rJ0h4itni50A86M2kHcgS85ttZazNt7a8H2a2cw0Gc=
 github.com/mdlayher/netlink v0.0.0-20190313131330-258ea9dff42c/go.mod h1:eQB3mZE4aiYnlUsyGGCOpPETfdQq4Jhsgf1fk3cwQaA=
@@ -163,28 +176,45 @@ github.com/mdlayher/netlink v1.2.0/go.mod h1:kwVW1io0AZy9A1E2YYgaD4Cj+C+GPkU6klX
 github.com/mdlayher/netlink v1.2.1/go.mod h1:bacnNlfhqHqqLo4WsYeXSqfyXkInQ9JneWI68v1KwSU=
 github.com/mdlayher/netlink v1.2.2-0.20210123213345-5cc92139ae3e/go.mod h1:bacnNlfhqHqqLo4WsYeXSqfyXkInQ9JneWI68v1KwSU=
 github.com/mdlayher/netlink v1.3.0/go.mod h1:xK/BssKuwcRXHrtN04UBkwQ6dY9VviGGuriDdoPSWys=
-github.com/mdlayher/netlink v1.4.0 h1:n3ARR+Fm0dDv37dj5wSWZXDKcy+U0zwcXS3zKMnSiT0=
 github.com/mdlayher/netlink v1.4.0/go.mod h1:dRJi5IABcZpBD2A3D0Mv/AiX8I9uDEu5oGkAVrekmf8=
+github.com/mdlayher/netlink v1.4.1/go.mod h1:e4/KuJ+s8UhfUpO9z00/fDZZmhSrs+oxyqAS9cNgn6Q=
+github.com/mdlayher/netlink v1.5.0 h1:r4fa439+SsMarM0rMONU3iSshSV3ArVqJl6H/zjrhh4=
+github.com/mdlayher/netlink v1.5.0/go.mod h1:1Kr8BBFxGyUyNmztC9WLOayqYVAd2wsgOZm18nqGuzQ=
 github.com/mdlayher/raw v0.0.0-20190606142536-fef19f00fc18/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg=
 github.com/mdlayher/raw v0.0.0-20191009151244-50f2db8cc065/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg=
-github.com/mdlayher/raw v0.0.0-20210412142147-51b895745faf h1:InctQoB89TIkmgIFQeIL4KXNvWc1iebQXdZggqPSwL8=
-github.com/mdlayher/raw v0.0.0-20210412142147-51b895745faf/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg=
+github.com/mdlayher/raw v0.0.0-20211126142749-4eae47f3d54b h1:MHcTarUMC4sFA7eiyR8IEJ6j2PgmgXR+B9X2IIMjh7A=
+github.com/mdlayher/raw v0.0.0-20211126142749-4eae47f3d54b/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg=
+github.com/mdlayher/socket v0.0.0-20210307095302-262dc9984e00/go.mod h1:GAFlyu4/XV68LkQKYzKhIo/WW7j3Zi0YRAz/BOoanUc=
+github.com/mdlayher/socket v0.0.0-20211007213009-516dcbdf0267/go.mod h1:nFZ1EtZYK8Gi/k6QNu7z7CgO20i/4ExeQswwWuPmG/g=
+github.com/mdlayher/socket v0.1.0/go.mod h1:mYV5YIZAfHh4dzDVzI8x8tWLWCliuX8Mon5Awbj+qDs=
+github.com/mdlayher/socket v0.1.1 h1:q3uOGirUPfAV2MUoaC7BavjQ154J7+JOkTWyiV+intI=
+github.com/mdlayher/socket v0.1.1/go.mod h1:mYV5YIZAfHh4dzDVzI8x8tWLWCliuX8Mon5Awbj+qDs=
 github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
+github.com/miekg/dns v1.1.40/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
+github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
+github.com/miekg/dns v1.1.44/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
+github.com/miekg/dns v1.1.45 h1:g5fRIhm9nx7g8osrAvgb16QJfmyMsyOCb+J7LSv+Qzk=
+github.com/miekg/dns v1.1.45/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
 github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
+github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA=
 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
+github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E=
+github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/onsi/gomega v1.13.0 h1:7lLHu94wT9Ij0o6EWWclhu0aOh32VxhkwEJvzuWPeak=
+github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY=
 github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
@@ -246,11 +276,15 @@ github.com/tklauser/go-sysconf v0.3.9 h1:JeUVdAOWhhxVcU6Eqr/ATFHgXk/mmiItdKeJPev
 github.com/tklauser/go-sysconf v0.3.9/go.mod h1:11DU/5sG7UexIrp/O6g35hrWzu0JxlwQ3LSFUzyeuhs=
 github.com/tklauser/numcpus v0.3.0 h1:ILuRUQBtssgnxw0XXIjKUC56fgnOrFoQQ/4+DeU2biQ=
 github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcyE6boqnA8=
-github.com/u-root/u-root v7.0.0+incompatible h1:u+KSS04pSxJGI5E7WE4Bs9+Zd75QjFv+REkjy/aoAc8=
-github.com/u-root/u-root v7.0.0+incompatible/go.mod h1:RYkpo8pTHrNjW08opNd/U6p/RJE7K0D8fXO0d47+3YY=
+github.com/u-root/uio v0.0.0-20210528114334-82958018845c/go.mod h1:LpEX5FO/cB+WF4TYGY1V5qktpaZLkKkSegbr0V4eYXA=
+github.com/u-root/uio v0.0.0-20210528151154-e40b768296a7 h1:XMAtQHwKjWHIRwg+8Nj/rzUomQY1q6cM3ncA0wP8GU4=
+github.com/u-root/uio v0.0.0-20210528151154-e40b768296a7/go.mod h1:LpEX5FO/cB+WF4TYGY1V5qktpaZLkKkSegbr0V4eYXA=
 github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
 github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
 go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
 go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA=
@@ -263,17 +297,18 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=
-golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
+golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -288,24 +323,34 @@ golang.org/x/net v0.0.0-20190419010253-1f3472d942ba/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200904194848-62affa334b73/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201016165138-7b1cca2348c0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201216054612-986b41b23924/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210908191846-a5e095526f91/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210929193557-e81a3d93ecf6 h1:Z04ewVs7JhXaYkmDhBERPi41gnltfQpMWDnTnQbaCqk=
+golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210928044308-7d9f5e0b762b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210929193557-e81a3d93ecf6/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=
+golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -316,6 +361,7 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -332,9 +378,9 @@ golang.org/x/sys v0.0.0-20190606122018-79a91cf218c4/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -347,23 +393,35 @@ golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201017003518-b09fb700fbb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201118182958-a01c418693c7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201218084310-7d0127a74742/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210110051926-789bb1bd4061/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210123111255-9b0068b26619/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210216163648-f7da38b97c65/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210525143221-35b2ab0089ea/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210909193231-528a39cd75f3 h1:3Ad41xy2WCESpufXwgs7NpDSu+vjxqLt2UFqUV+20bI=
+golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210909193231-528a39cd75f3/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -382,10 +440,15 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2 h1:BonxutuHCTL0rBDnZlKjpGIQFTjyUVTexFOdWkB6Fg0=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
+golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w=
+golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -413,6 +476,9 @@ google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQ
 google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
@@ -423,6 +489,7 @@ gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXL
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -431,13 +498,16 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-howett.net/plist v0.0.0-20201203080718-1454fab16a06 h1:QDxUo/w2COstK1wIBYpzQlHX/NqaQTcf9jyz347nI58=
-howett.net/plist v0.0.0-20201203080718-1454fab16a06/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0=
+honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
+honnef.co/go/tools v0.2.2 h1:MNh1AVMyVX23VUHE2O27jm6lNj3vjO5DexS4A1xvnzk=
+honnef.co/go/tools v0.2.2/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
+howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=
+howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=
 sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck=
 sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=
--- a/internal/aghalg/aghalg.go
+++ b/internal/aghalg/aghalg.go
@@ -0,0 +1,75 @@
+// Package aghalg contains common generic algorithms and data structures.
+//
+// TODO(a.garipov): Update to use type parameters in Go 1.18.
+package aghalg
+
+import (
+	"fmt"
+	"sort"
+)
+
+// comparable is an alias for interface{}.  Values passed as arguments of this
+// type alias must be comparable.
+//
+// TODO(a.garipov): Remove in Go 1.18.
+type comparable = interface{}
+
+// UniqChecker allows validating uniqueness of comparable items.
+type UniqChecker map[comparable]int64
+
+// Add adds a value to the validator.  v must not be nil.
+func (uc UniqChecker) Add(elems ...comparable) {
+	for _, e := range elems {
+		uc[e]++
+	}
+}
+
+// Merge returns a checker containing data from both uc and other.
+func (uc UniqChecker) Merge(other UniqChecker) (merged UniqChecker) {
+	merged = make(UniqChecker, len(uc)+len(other))
+	for elem, num := range uc {
+		merged[elem] += num
+	}
+
+	for elem, num := range other {
+		merged[elem] += num
+	}
+
+	return merged
+}
+
+// Validate returns an error enumerating all elements that aren't unique.
+// isBefore is an optional sorting function to make the error message
+// deterministic.
+func (uc UniqChecker) Validate(isBefore func(a, b comparable) (less bool)) (err error) {
+	var dup []comparable
+	for elem, num := range uc {
+		if num > 1 {
+			dup = append(dup, elem)
+		}
+	}
+
+	if len(dup) == 0 {
+		return nil
+	}
+
+	if isBefore != nil {
+		sort.Slice(dup, func(i, j int) (less bool) {
+			return isBefore(dup[i], dup[j])
+		})
+	}
+
+	return fmt.Errorf("duplicated values: %v", dup)
+}
+
+// IntIsBefore is a helper sort function for UniqChecker.Validate.
+// a and b must be of type int.
+func IntIsBefore(a, b comparable) (less bool) {
+	return a.(int) < b.(int)
+}
+
+// StringIsBefore is a helper sort function for UniqChecker.Validate.
+// a and b must be of type string.
+func StringIsBefore(a, b comparable) (less bool) {
+	return a.(string) < b.(string)
+}
--- a/internal/aghnet/dhcp_unix.go
+++ b/internal/aghnet/dhcp_unix.go
@@ -19,7 +19,8 @@ import (
 	"github.com/insomniacslk/dhcp/iana"
 )

-// defaultDiscoverTime is the
+// defaultDiscoverTime is the default timeout of checking another DHCP server
+// response.
 const defaultDiscoverTime = 3 * time.Second

 func checkOtherDHCP(ifaceName string) (ok4, ok6 bool, err4, err6 error) {
--- a/internal/aghnet/hostscontainer.go
+++ b/internal/aghnet/hostscontainer.go
@@ -72,7 +72,11 @@ func (rm *requestMatcher) MatchRequest(
 }

 // Translate returns the source hosts-syntax rule for the generated dnsrewrite
-// rule or an empty string if the last doesn't exist.
+// rule or an empty string if the last doesn't exist.  The returned rules are in
+// a processed format like:
+//
+//   ip host1 host2 ...
+//
 func (rm *requestMatcher) Translate(rule string) (hostRule string) {
 	rm.stateLock.RLock()
 	defer rm.stateLock.RUnlock()
@@ -179,7 +183,7 @@ func NewHostsContainer(
 				return nil, fmt.Errorf("adding path: %w", err)
 			}

-			log.Debug("%s: file %q expected to exist but doesn't", hostsContainerPref, p)
+			log.Debug("%s: %s is expected to exist but doesn't", hostsContainerPref, p)
 		}
 	}

@@ -199,7 +203,7 @@ func (hc *HostsContainer) Close() (err error) {
 }

 // Upd returns the channel into which the updates are sent.  The receivable
-// map's values are guaranteed to be of type of *stringutil.Set.
+// map's values are guaranteed to be of type of *aghnet.Hosts.
 func (hc *HostsContainer) Upd() (updates <-chan *netutil.IPMap) {
 	return hc.updates
 }
@@ -228,8 +232,9 @@ func pathsToPatterns(fsys fs.FS, paths []string) (patterns []string, err error)
 	return patterns, nil
 }

-// handleEvents concurrently handles the events.  It closes the update channel
-// of HostsContainer when finishes.  Used to be called within a goroutine.
+// handleEvents concurrently handles the file system events.  It closes the
+// update channel of HostsContainer when finishes.  It's used to be called
+// within a separate goroutine.
 func (hc *HostsContainer) handleEvents() {
 	defer log.OnPanic(fmt.Sprintf("%s: handling events", hostsContainerPref))

@@ -254,17 +259,27 @@ func (hc *HostsContainer) handleEvents() {
 	}
 }

+// ipRules is the pair of generated A/AAAA and PTR rules with related IP.
+type ipRules struct {
+	// rule is the A/AAAA $dnsrewrite rule.
+	rule string
+	// rulePtr is the PTR $dnsrewrite rule.
+	rulePtr string
+	// ip is the IP address related to the rules.
+	ip net.IP
+}
+
 // hostsParser is a helper type to parse rules from the operating system's hosts
 // file.  It exists for only a single refreshing session.
 type hostsParser struct {
-	// rulesBuilder builds the resulting rulesBuilder list content.
+	// rulesBuilder builds the resulting rules list content.
 	rulesBuilder *strings.Builder

-	// translations maps generated $dnsrewrite rules to the hosts-translations
-	// rules.
-	translations map[string]string
+	// rules stores the rules for main hosts to generate translations.
+	rules []ipRules

-	// cnameSet prevents duplicating cname rules.
+	// cnameSet prevents duplicating cname rules, e.g. same hostname for
+	// different IP versions.
 	cnameSet *stringutil.Set

 	// table stores only the unique IP-hostname pairs.  It's also sent to the
@@ -272,13 +287,16 @@ type hostsParser struct {
 	table *netutil.IPMap
 }

+// newHostsParser creates a new *hostsParser with buffers of size taken from the
+// previous parse.
 func (hc *HostsContainer) newHostsParser() (hp *hostsParser) {
+	lastLen := hc.last.Len()
+
 	return &hostsParser{
 		rulesBuilder: &strings.Builder{},
-		// For A/AAAA and PTRs.
-		translations: make(map[string]string, hc.last.Len()*2),
+		rules:        make([]ipRules, 0, lastLen),
 		cnameSet:     stringutil.NewSet(),
-		table:        netutil.NewIPMap(hc.last.Len()),
+		table:        netutil.NewIPMap(lastLen),
 	}
 }

@@ -286,9 +304,7 @@ func (hc *HostsContainer) newHostsParser() (hp *hostsParser) {
 // never signs to stop walking and never returns any additional patterns.
 //
 // See man hosts(5).
-func (hp *hostsParser) parseFile(
-	r io.Reader,
-) (patterns []string, cont bool, err error) {
+func (hp *hostsParser) parseFile(r io.Reader) (patterns []string, cont bool, err error) {
 	s := bufio.NewScanner(r)
 	for s.Scan() {
 		ip, hosts := hp.parseLine(s.Text())
@@ -339,62 +355,79 @@ func (hp *hostsParser) parseLine(line string) (ip net.IP, hosts []string) {
 	return ip, hosts
 }

-// Simple types of hosts in hosts database.  Zero value isn't used to be able
-// quizzaciously emulate nil with 0.
-const (
-	_ = iota
-	hostAlias
-	hostMain
-)
+// Hosts is used to contain the main host and all it's aliases.
+type Hosts struct {
+	// Aliases contains all the aliases for Main.
+	Aliases *stringutil.Set
+	// Main is the host itself.
+	Main string
+}
+
+// Equal returns true if h equals hh.
+func (h *Hosts) Equal(hh *Hosts) (ok bool) {
+	if h == nil || hh == nil {
+		return h == hh
+	}
+
+	return h.Main == hh.Main && h.Aliases.Equal(hh.Aliases)
+}

 // add tries to add the ip-host pair.  It returns:
 //
-//   hostAlias if the host is not the first one added for the ip.
-//   hostMain  if the host is the first one added for the ip.
-//   0         if the ip-host pair has already been added.
+//   main host    if the host is not the first one added for the ip.
+//   host itself  if the host is the first one added for the ip.
+//   ""           if the ip-host pair has already been added.
 //
-func (hp *hostsParser) add(ip net.IP, host string) (hostType int) {
+func (hp *hostsParser) add(ip net.IP, host string) (mainHost string) {
 	v, ok := hp.table.Get(ip)
-	switch hosts, _ := v.(*stringutil.Set); {
-	case ok && hosts.Has(host):
-		return 0
-	case hosts == nil:
-		hosts = stringutil.NewSet(host)
-		hp.table.Set(ip, hosts)
+	switch h, _ := v.(*Hosts); {
+	case !ok:
+		// This is the first host for the ip.
+		hp.table.Set(ip, &Hosts{Main: host})

-		return hostMain
+		return host
+	case h.Main == host:
+		// This is a duplicate.  Go on.
+	case h.Aliases == nil:
+		// This is the first alias.
+		h.Aliases = stringutil.NewSet(host)
+
+		return h.Main
+	case !h.Aliases.Has(host):
+		// This is a new alias.
+		h.Aliases.Add(host)
+
+		return h.Main
 	default:
-		hosts.Add(host)
-
-		return hostAlias
+		// This is a duplicate.  Go on.
 	}
+
+	return ""
 }

 // addPair puts the pair of ip and host to the rules builder if needed.  For
 // each ip the first member of hosts will become the main one.
 func (hp *hostsParser) addPairs(ip net.IP, hosts []string) {
-	// Put the rule in a preproccesed format like:
-	//
-	//   ip host1 host2 ...
-	//
-	hostsLine := strings.Join(append([]string{ip.String()}, hosts...), " ")
-	var mainHost string
 	for _, host := range hosts {
-		switch hp.add(ip, host) {
-		case 0:
+		switch mainHost := hp.add(ip, host); mainHost {
+		case "":
+			// This host is a duplicate.
 			continue
-		case hostMain:
-			mainHost = host
-			added, addedPtr := hp.writeMainHostRule(host, ip)
-			hp.translations[added], hp.translations[addedPtr] = hostsLine, hostsLine
-		case hostAlias:
+		case host:
+			// This host is main.
+			added, addedPtr := hp.writeMainRule(host, ip)
+			hp.rules = append(hp.rules, ipRules{
+				rule:    added,
+				rulePtr: addedPtr,
+				ip:      ip,
+			})
+		default:
+			// This host is an alias.
 			pair := fmt.Sprint(host, " ", mainHost)
 			if hp.cnameSet.Has(pair) {
 				continue
 			}
-			// Since the hostAlias couldn't be returned from add before the
-			// hostMain the mainHost shouldn't appear empty.
-			hp.writeAliasHostRule(host, mainHost)
+			hp.writeAliasRule(host, mainHost)
 			hp.cnameSet.Add(pair)
 		}

@@ -402,24 +435,24 @@ func (hp *hostsParser) addPairs(ip net.IP, hosts []string) {
 	}
 }

-// writeAliasHostRule writes the CNAME rule for the alias-host pair into
-// internal builders.
-func (hp *hostsParser) writeAliasHostRule(alias, host string) {
+// writeAliasRule writes the CNAME rule for the alias-host pair into internal
+// builders.
+func (hp *hostsParser) writeAliasRule(alias, host string) {
 	const (
 		nl = "\n"
 		sc = ";"

 		rwSuccess = rules.MaskSeparator + "$dnsrewrite=NOERROR" + sc + "CNAME" + sc
-		constLen  = len(rules.MaskStartURL) + len(rwSuccess) + len(nl)
+		constLen  = len(rules.MaskPipe) + len(rwSuccess) + len(nl)
 	)

 	hp.rulesBuilder.Grow(constLen + len(host) + len(alias))
-	stringutil.WriteToBuilder(hp.rulesBuilder, rules.MaskStartURL, alias, rwSuccess, host, nl)
+	stringutil.WriteToBuilder(hp.rulesBuilder, rules.MaskPipe, alias, rwSuccess, host, nl)
 }

-// writeMainHostRule writes the actual rule for the qtype and the PTR for the
+// writeMainRule writes the actual rule for the qtype and the PTR for the
 // host-ip pair into internal builders.
-func (hp *hostsParser) writeMainHostRule(host string, ip net.IP) (added, addedPtr string) {
+func (hp *hostsParser) writeMainRule(host string, ip net.IP) (added, addedPtr string) {
 	arpa, err := netutil.IPToReversedAddr(ip)
 	if err != nil {
 		return
@@ -431,8 +464,8 @@ func (hp *hostsParser) writeMainHostRule(host string, ip net.IP) (added, addedPt
 		rwSuccess    = "^$dnsrewrite=NOERROR;"
 		rwSuccessPTR = "^$dnsrewrite=NOERROR;PTR;"

-		modLen    = len("||") + len(rwSuccess) + len(";")
-		modLenPTR = len("||") + len(rwSuccessPTR)
+		modLen    = len(rules.MaskPipe) + len(rwSuccess) + len(";")
+		modLenPTR = len(rules.MaskPipe) + len(rwSuccessPTR)
 	)

 	var qtype string
@@ -451,7 +484,7 @@ func (hp *hostsParser) writeMainHostRule(host string, ip net.IP) (added, addedPt
 	ruleBuilder.Grow(modLen + len(host) + len(qtype) + len(ipStr))
 	stringutil.WriteToBuilder(
 		ruleBuilder,
-		"||",
+		rules.MaskPipe,
 		host,
 		rwSuccess,
 		qtype,
@@ -461,14 +494,10 @@ func (hp *hostsParser) writeMainHostRule(host string, ip net.IP) (added, addedPt
 	added = ruleBuilder.String()

 	ruleBuilder.Reset()
+
 	ruleBuilder.Grow(modLenPTR + len(arpa) + len(fqdn))
-	stringutil.WriteToBuilder(
-		ruleBuilder,
-		"||",
-		arpa,
-		rwSuccessPTR,
-		fqdn,
-	)
+	stringutil.WriteToBuilder(ruleBuilder, rules.MaskPipe, arpa, rwSuccessPTR, fqdn)
+
 	addedPtr = ruleBuilder.String()

 	hp.rulesBuilder.Grow(len(added) + len(addedPtr) + 2*len(nl))
@@ -488,18 +517,21 @@ func (hp *hostsParser) equalSet(target *netutil.IPMap) (ok bool) {
 		return false
 	}

-	hp.table.Range(func(ip net.IP, val interface{}) (cont bool) {
-		v, hasIP := target.Get(ip)
+	hp.table.Range(func(ip net.IP, b interface{}) (cont bool) {
 		// ok is set to true if the target doesn't contain ip or if the
-		// appropriate hosts set isn't equal to the checked one, i.e. the maps
-		// have at least one disperancy.
-		ok = !hasIP || !v.(*stringutil.Set).Equal(val.(*stringutil.Set))
+		// appropriate hosts set isn't equal to the checked one, i.e. the main
+		// hosts differ or the maps have at least one discrepancy.
+		if a, hasIP := target.Get(ip); !hasIP {
+			ok = true
+		} else if hosts, aok := a.(*Hosts); aok {
+			ok = !hosts.Equal(b.(*Hosts))
+		}

 		// Continue only if maps has no discrepancies.
 		return !ok
 	})

-	// Return true if every value from the IP map has no disperancies with the
+	// Return true if every value from the IP map has no discrepancies with the
 	// appropriate one from the target.
 	return !ok
 }
@@ -531,6 +563,35 @@ func (hp *hostsParser) newStrg(id int) (s *filterlist.RuleStorage, err error) {
 	}})
 }

+// translations generates the map to translate $dnsrewrite rules to
+// hosts-syntax ones.
+func (hp *hostsParser) translations() (trans map[string]string) {
+	l := len(hp.rules)
+	if l == 0 {
+		return nil
+	}
+
+	trans = make(map[string]string, l*2)
+	for _, r := range hp.rules {
+		v, ok := hp.table.Get(r.ip)
+		if !ok {
+			continue
+		}
+
+		var hosts *Hosts
+		hosts, ok = v.(*Hosts)
+		if !ok {
+			continue
+		}
+
+		strs := append([]string{r.ip.String(), hosts.Main}, hosts.Aliases.Values()...)
+		hostsLine := strings.Join(strs, " ")
+		trans[r.rule], trans[r.rulePtr] = hostsLine, hostsLine
+	}
+
+	return trans
+}
+
 // refresh gets the data from specified files and propagates the updates if
 // needed.
 //
@@ -544,7 +605,7 @@ func (hc *HostsContainer) refresh() (err error) {
 	}

 	if hp.equalSet(hc.last) {
-		log.Debug("%s: no updates detected", hostsContainerPref)
+		log.Debug("%s: no changes detected", hostsContainerPref)

 		return nil
 	}
@@ -557,7 +618,7 @@ func (hc *HostsContainer) refresh() (err error) {
 		return fmt.Errorf("initializing rules storage: %w", err)
 	}

-	hc.resetEng(rulesStrg, hp.translations)
+	hc.resetEng(rulesStrg, hp.translations())

 	return nil
 }
--- a/internal/aghnet/hostscontainer_test.go
+++ b/internal/aghnet/hostscontainer_test.go
@@ -9,6 +9,7 @@ import (
 	"sync/atomic"
 	"testing"
 	"testing/fstest"
+	"time"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
 	"github.com/AdguardTeam/golibs/errors"
@@ -129,24 +130,13 @@ func TestNewHostsContainer(t *testing.T) {
 	})
 }

-func TestHostsContainer_Refresh(t *testing.T) {
-	knownIP := net.IP{127, 0, 0, 1}
+func TestHostsContainer_refresh(t *testing.T) {
+	// TODO(e.burkov):  Test the case with no actual updates.

-	const knownHost = "localhost"
-	const knownAlias = "hocallost"
+	ip := net.IP{127, 0, 0, 1}
+	ipStr := ip.String()

-	const dirname = "dir"
-	const filename1 = "file1"
-	const filename2 = "file2"
-
-	p1 := path.Join(dirname, filename1)
-	p2 := path.Join(dirname, filename2)
-
-	testFS := fstest.MapFS{
-		p1: &fstest.MapFile{
-			Data: []byte(strings.Join([]string{knownIP.String(), knownHost}, sp) + nl),
-		},
-	}
+	testFS := fstest.MapFS{"dir/file1": &fstest.MapFile{Data: []byte(ipStr + ` hostname` + nl)}}

 	// event is a convenient alias for an empty struct{} to emit test events.
 	type event = struct{}
@@ -157,119 +147,117 @@ func TestHostsContainer_Refresh(t *testing.T) {
 	w := &aghtest.FSWatcher{
 		OnEvents: func() (e <-chan event) { return eventsCh },
 		OnAdd: func(name string) (err error) {
-			assert.Equal(t, dirname, name)
+			assert.Equal(t, "dir", name)

 			return nil
 		},
 		OnClose: func() (err error) { panic("not implemented") },
 	}

-	hc, err := NewHostsContainer(0, testFS, w, dirname)
+	hc, err := NewHostsContainer(0, testFS, w, "dir")
 	require.NoError(t, err)

-	checkRefresh := func(t *testing.T, wantHosts *stringutil.Set) {
+	checkRefresh := func(t *testing.T, wantHosts Hosts) {
 		upd, ok := <-hc.Upd()
 		require.True(t, ok)
 		require.NotNil(t, upd)

 		assert.Equal(t, 1, upd.Len())

-		v, ok := upd.Get(knownIP)
+		v, ok := upd.Get(ip)
 		require.True(t, ok)

-		var hosts *stringutil.Set
-		hosts, ok = v.(*stringutil.Set)
+		var hosts *Hosts
+		hosts, ok = v.(*Hosts)
 		require.True(t, ok)

-		assert.True(t, hosts.Equal(wantHosts))
+		assert.Equal(t, wantHosts.Main, hosts.Main)
+		assert.True(t, hosts.Aliases.Equal(wantHosts.Aliases))
 	}

 	t.Run("initial_refresh", func(t *testing.T) {
-		checkRefresh(t, stringutil.NewSet(knownHost))
+		checkRefresh(t, Hosts{Main: "hostname"})
 	})

-	testFS[p2] = &fstest.MapFile{
-		Data: []byte(strings.Join([]string{knownIP.String(), knownAlias}, sp) + nl),
-	}
-	eventsCh <- event{}
-
 	t.Run("second_refresh", func(t *testing.T) {
-		checkRefresh(t, stringutil.NewSet(knownHost, knownAlias))
+		testFS["dir/file2"] = &fstest.MapFile{Data: []byte(ipStr + ` alias` + nl)}
+		eventsCh <- event{}
+		checkRefresh(t, Hosts{Main: "hostname", Aliases: stringutil.NewSet("alias")})
 	})

-	eventsCh <- event{}
+	t.Run("double_refresh", func(t *testing.T) {
+		// Make a change once.
+		testFS["dir/file1"] = &fstest.MapFile{Data: []byte(ipStr + ` alias` + nl)}
+		eventsCh <- event{}

-	t.Run("no_changes_refresh", func(t *testing.T) {
-		assert.Empty(t, hc.Upd())
+		// Require the changes are written.
+		require.Eventually(t, func() bool {
+			res, ok := hc.MatchRequest(urlfilter.DNSRequest{
+				Hostname: "hostname",
+				DNSType:  dns.TypeA,
+			})
+
+			return !ok && res.DNSRewrites() == nil
+		}, 5*time.Second, time.Second/2)
+
+		// Make a change again.
+		testFS["dir/file2"] = &fstest.MapFile{Data: []byte(ipStr + ` hostname` + nl)}
+		eventsCh <- event{}
+
+		// Require the changes are written.
+		require.Eventually(t, func() bool {
+			res, ok := hc.MatchRequest(urlfilter.DNSRequest{
+				Hostname: "hostname",
+				DNSType:  dns.TypeA,
+			})
+
+			return !ok && res.DNSRewrites() != nil
+		}, 5*time.Second, time.Second/2)
+
+		assert.Len(t, hc.Upd(), 1)
 	})
 }

 func TestHostsContainer_PathsToPatterns(t *testing.T) {
-	const (
-		dir0 = "dir"
-		dir1 = "dir_1"
-		fn1  = "file_1"
-		fn2  = "file_2"
-		fn3  = "file_3"
-		fn4  = "file_4"
-	)
-
-	fp1 := path.Join(dir0, fn1)
-	fp2 := path.Join(dir0, fn2)
-	fp3 := path.Join(dir0, dir1, fn3)
-
 	gsfs := fstest.MapFS{
-		fp1: &fstest.MapFile{Data: []byte{1}},
-		fp2: &fstest.MapFile{Data: []byte{2}},
-		fp3: &fstest.MapFile{Data: []byte{3}},
+		"dir_0/file_1":       &fstest.MapFile{Data: []byte{1}},
+		"dir_0/file_2":       &fstest.MapFile{Data: []byte{2}},
+		"dir_0/dir_1/file_3": &fstest.MapFile{Data: []byte{3}},
 	}

 	testCases := []struct {
-		name    string
-		wantErr error
-		want    []string
-		paths   []string
+		name  string
+		paths []string
+		want  []string
 	}{{
-		name:    "no_paths",
-		wantErr: nil,
-		want:    nil,
-		paths:   nil,
+		name:  "no_paths",
+		paths: nil,
+		want:  nil,
 	}, {
-		name:    "single_file",
-		wantErr: nil,
-		want:    []string{fp1},
-		paths:   []string{fp1},
+		name:  "single_file",
+		paths: []string{"dir_0/file_1"},
+		want:  []string{"dir_0/file_1"},
 	}, {
-		name:    "several_files",
-		wantErr: nil,
-		want:    []string{fp1, fp2},
-		paths:   []string{fp1, fp2},
+		name:  "several_files",
+		paths: []string{"dir_0/file_1", "dir_0/file_2"},
+		want:  []string{"dir_0/file_1", "dir_0/file_2"},
 	}, {
-		name:    "whole_dir",
-		wantErr: nil,
-		want:    []string{path.Join(dir0, "*")},
-		paths:   []string{dir0},
+		name:  "whole_dir",
+		paths: []string{"dir_0"},
+		want:  []string{"dir_0/*"},
 	}, {
-		name:    "file_and_dir",
-		wantErr: nil,
-		want:    []string{fp1, path.Join(dir0, dir1, "*")},
-		paths:   []string{fp1, path.Join(dir0, dir1)},
+		name:  "file_and_dir",
+		paths: []string{"dir_0/file_1", "dir_0/dir_1"},
+		want:  []string{"dir_0/file_1", "dir_0/dir_1/*"},
 	}, {
-		name:    "non-existing",
-		wantErr: nil,
-		want:    nil,
-		paths:   []string{path.Join(dir0, "file_3")},
+		name:  "non-existing",
+		paths: []string{path.Join("dir_0", "file_3")},
+		want:  nil,
 	}}

 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			patterns, err := pathsToPatterns(gsfs, tc.paths)
-			if tc.wantErr != nil {
-				assert.ErrorIs(t, err, tc.wantErr)
-
-				return
-			}
-
 			require.NoError(t, err)

 			assert.Equal(t, tc.want, patterns)
@@ -290,93 +278,158 @@ func TestHostsContainer_PathsToPatterns(t *testing.T) {
 	})
 }

+func TestHostsContainer_Translate(t *testing.T) {
+	testdata := os.DirFS("./testdata")
+	stubWatcher := aghtest.FSWatcher{
+		OnEvents: func() (e <-chan struct{}) { return nil },
+		OnAdd:    func(name string) (err error) { return nil },
+		OnClose:  func() (err error) { panic("not implemented") },
+	}
+
+	hc, err := NewHostsContainer(0, testdata, &stubWatcher, "etc_hosts")
+	require.NoError(t, err)
+
+	testCases := []struct {
+		name      string
+		rule      string
+		wantTrans []string
+	}{{
+		name:      "simplehost",
+		rule:      "|simplehost^$dnsrewrite=NOERROR;A;1.0.0.1",
+		wantTrans: []string{"1.0.0.1", "simplehost"},
+	}, {
+		name:      "hello",
+		rule:      "|hello^$dnsrewrite=NOERROR;A;1.0.0.0",
+		wantTrans: []string{"1.0.0.0", "hello", "hello.world", "hello.world.again"},
+	}, {
+		name:      "simplehost_v6",
+		rule:      "|simplehost^$dnsrewrite=NOERROR;AAAA;::1",
+		wantTrans: []string{"::1", "simplehost"},
+	}, {
+		name:      "hello_v6",
+		rule:      "|hello^$dnsrewrite=NOERROR;AAAA;::",
+		wantTrans: []string{"::", "hello", "hello.world", "hello.world.again"},
+	}, {
+		name:      "simplehost_ptr",
+		rule:      "|1.0.0.1.in-addr.arpa^$dnsrewrite=NOERROR;PTR;simplehost.",
+		wantTrans: []string{"1.0.0.1", "simplehost"},
+	}, {
+		name:      "hello_ptr",
+		rule:      "|0.0.0.1.in-addr.arpa^$dnsrewrite=NOERROR;PTR;hello.",
+		wantTrans: []string{"1.0.0.0", "hello", "hello.world", "hello.world.again"},
+	}, {
+		name: "simplehost_ptr_v6",
+		rule: "|1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" +
+			"^$dnsrewrite=NOERROR;PTR;simplehost.",
+		wantTrans: []string{"::1", "simplehost"},
+	}, {
+		name: "hello_ptr_v6",
+		rule: "|0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" +
+			"^$dnsrewrite=NOERROR;PTR;hello.",
+		wantTrans: []string{"::", "hello", "hello.world", "hello.world.again"},
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			want := stringutil.NewSet(tc.wantTrans...)
+			got := stringutil.NewSet(strings.Fields(hc.Translate(tc.rule))...)
+			assert.True(t, want.Equal(got))
+		})
+	}
+}
+
 func TestHostsContainer(t *testing.T) {
 	const listID = 1234

 	testdata := os.DirFS("./testdata")

-	nRewrites := func(t *testing.T, res *urlfilter.DNSResult, n int) (rws []*rules.DNSRewrite) {
-		t.Helper()
-
-		rewrites := res.DNSRewrites()
-		assert.Len(t, rewrites, n)
-
-		for _, rewrite := range rewrites {
-			require.Equal(t, listID, rewrite.FilterListID)
-
-			rw := rewrite.DNSRewrite
-			require.NotNil(t, rw)
-
-			rws = append(rws, rw)
-		}
-
-		return rws
-	}
-
 	testCases := []struct {
-		testTail func(t *testing.T, res *urlfilter.DNSResult)
-		name     string
-		req      urlfilter.DNSRequest
+		want []*rules.DNSRewrite
+		name string
+		req  urlfilter.DNSRequest
 	}{{
+		want: []*rules.DNSRewrite{{
+			RCode:  dns.RcodeSuccess,
+			Value:  net.IPv4(1, 0, 0, 1),
+			RRType: dns.TypeA,
+		}, {
+			RCode:  dns.RcodeSuccess,
+			Value:  net.IP(append((&[15]byte{})[:], byte(1))),
+			RRType: dns.TypeAAAA,
+		}},
 		name: "simple",
 		req: urlfilter.DNSRequest{
 			Hostname: "simplehost",
 			DNSType:  dns.TypeA,
 		},
-		testTail: func(t *testing.T, res *urlfilter.DNSResult) {
-			rws := nRewrites(t, res, 2)
-
-			v, ok := rws[0].Value.(net.IP)
-			require.True(t, ok)
-
-			assert.True(t, net.IP{1, 0, 0, 1}.Equal(v))
-
-			v, ok = rws[1].Value.(net.IP)
-			require.True(t, ok)
-
-			// It's ::1.
-			assert.True(t, net.IP(append((&[15]byte{})[:], byte(1))).Equal(v))
-		},
 	}, {
+		want: []*rules.DNSRewrite{{
+			RCode:    dns.RcodeSuccess,
+			NewCNAME: "hello",
+		}},
 		name: "hello_alias",
 		req: urlfilter.DNSRequest{
 			Hostname: "hello.world",
 			DNSType:  dns.TypeA,
 		},
-		testTail: func(t *testing.T, res *urlfilter.DNSResult) {
-			assert.Equal(t, "hello", nRewrites(t, res, 1)[0].NewCNAME)
+	}, {
+		want: []*rules.DNSRewrite{{
+			RCode:    dns.RcodeSuccess,
+			NewCNAME: "hello",
+		}},
+		name: "other_line_alias",
+		req: urlfilter.DNSRequest{
+			Hostname: "hello.world.again",
+			DNSType:  dns.TypeA,
 		},
 	}, {
+		want: []*rules.DNSRewrite{},
+		name: "hello_subdomain",
+		req: urlfilter.DNSRequest{
+			Hostname: "say.hello",
+			DNSType:  dns.TypeA,
+		},
+	}, {
+		want: []*rules.DNSRewrite{},
+		name: "hello_alias_subdomain",
+		req: urlfilter.DNSRequest{
+			Hostname: "say.hello.world",
+			DNSType:  dns.TypeA,
+		},
+	}, {
+		want: []*rules.DNSRewrite{{
+			RCode:    dns.RcodeSuccess,
+			NewCNAME: "a.whole",
+		}},
 		name: "lots_of_aliases",
 		req: urlfilter.DNSRequest{
 			Hostname: "for.testing",
 			DNSType:  dns.TypeA,
 		},
-		testTail: func(t *testing.T, res *urlfilter.DNSResult) {
-			assert.Equal(t, "a.whole", nRewrites(t, res, 1)[0].NewCNAME)
-		},
 	}, {
+		want: []*rules.DNSRewrite{{
+			RCode:  dns.RcodeSuccess,
+			RRType: dns.TypePTR,
+			Value:  "simplehost.",
+		}},
 		name: "reverse",
 		req: urlfilter.DNSRequest{
 			Hostname: "1.0.0.1.in-addr.arpa",
 			DNSType:  dns.TypePTR,
 		},
-		testTail: func(t *testing.T, res *urlfilter.DNSResult) {
-			rws := nRewrites(t, res, 1)
-
-			assert.Equal(t, dns.TypePTR, rws[0].RRType)
-			assert.Equal(t, "simplehost.", rws[0].Value)
-		},
 	}, {
+		want: []*rules.DNSRewrite{},
 		name: "non-existing",
 		req: urlfilter.DNSRequest{
 			Hostname: "nonexisting",
 			DNSType:  dns.TypeA,
 		},
-		testTail: func(t *testing.T, res *urlfilter.DNSResult) {
-			require.NotNil(t, res)
-
-			assert.Nil(t, res.DNSRewrites())
+	}, {
+		want: nil,
+		name: "bad_type",
+		req: urlfilter.DNSRequest{
+			Hostname: "1.0.0.1.in-addr.arpa",
+			DNSType:  dns.TypeSRV,
 		},
 	}}

@@ -393,20 +446,33 @@ func TestHostsContainer(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			res, ok := hc.MatchRequest(tc.req)
 			require.False(t, ok)
+
+			if tc.want == nil {
+				assert.Nil(t, res)
+
+				return
+			}
+
 			require.NotNil(t, res)

-			tc.testTail(t, res)
+			rewrites := res.DNSRewrites()
+			require.Len(t, rewrites, len(tc.want))
+
+			for i, rewrite := range rewrites {
+				require.Equal(t, listID, rewrite.FilterListID)
+
+				rw := rewrite.DNSRewrite
+				require.NotNil(t, rw)
+
+				assert.Equal(t, tc.want[i], rw)
+			}
 		})
 	}
 }

 func TestUniqueRules_ParseLine(t *testing.T) {
-	const (
-		hostname = "localhost"
-		alias    = "hocallost"
-	)
-
-	knownIP := net.IP{127, 0, 0, 1}
+	ip := net.IP{127, 0, 0, 1}
+	ipStr := ip.String()

 	testCases := []struct {
 		name      string
@@ -415,39 +481,39 @@ func TestUniqueRules_ParseLine(t *testing.T) {
 		wantHosts []string
 	}{{
 		name:      "simple",
-		line:      strings.Join([]string{knownIP.String(), hostname}, sp),
-		wantIP:    knownIP,
-		wantHosts: []string{"localhost"},
+		line:      ipStr + ` hostname`,
+		wantIP:    ip,
+		wantHosts: []string{"hostname"},
 	}, {
 		name:      "aliases",
-		line:      strings.Join([]string{knownIP.String(), hostname, alias}, sp),
-		wantIP:    knownIP,
-		wantHosts: []string{"localhost", "hocallost"},
+		line:      ipStr + ` hostname alias`,
+		wantIP:    ip,
+		wantHosts: []string{"hostname", "alias"},
 	}, {
 		name:      "invalid_line",
-		line:      knownIP.String(),
+		line:      ipStr,
 		wantIP:    nil,
 		wantHosts: nil,
 	}, {
 		name:      "invalid_line_hostname",
-		line:      strings.Join([]string{knownIP.String(), "#" + hostname}, sp),
-		wantIP:    knownIP,
+		line:      ipStr + ` # hostname`,
+		wantIP:    ip,
 		wantHosts: nil,
 	}, {
 		name:      "commented_aliases",
-		line:      strings.Join([]string{knownIP.String(), hostname, "#" + alias}, sp),
-		wantIP:    knownIP,
-		wantHosts: []string{"localhost"},
+		line:      ipStr + ` hostname # alias`,
+		wantIP:    ip,
+		wantHosts: []string{"hostname"},
 	}, {
 		name:      "whole_comment",
-		line:      strings.Join([]string{"#", knownIP.String(), hostname}, sp),
+		line:      `# ` + ipStr + ` hostname`,
 		wantIP:    nil,
 		wantHosts: nil,
 	}, {
 		name:      "partial_comment",
-		line:      strings.Join([]string{knownIP.String(), hostname[:4] + "#" + hostname[4:]}, sp),
-		wantIP:    knownIP,
-		wantHosts: []string{hostname[:4]},
+		line:      ipStr + ` host#name`,
+		wantIP:    ip,
+		wantHosts: []string{"host"},
 	}, {
 		name:      "empty",
 		line:      ``,
@@ -458,8 +524,8 @@ func TestUniqueRules_ParseLine(t *testing.T) {
 	for _, tc := range testCases {
 		hp := hostsParser{}
 		t.Run(tc.name, func(t *testing.T) {
-			ip, hosts := hp.parseLine(tc.line)
-			assert.True(t, tc.wantIP.Equal(ip))
+			got, hosts := hp.parseLine(tc.line)
+			assert.True(t, tc.wantIP.Equal(got))
 			assert.Equal(t, tc.wantHosts, hosts)
 		})
 	}
--- a/internal/aghnet/interfaces.go
+++ b/internal/aghnet/interfaces.go
@@ -8,8 +8,8 @@ import (
 	"github.com/AdguardTeam/golibs/log"
 )

-// IPVersion is a documentational alias for int.  Use it when the integer means
-// IP version.
+// IPVersion is a alias for int for documentation purposes.  Use it when the
+// integer means IP version.
 type IPVersion = int

 // IP version constants.
@@ -25,6 +25,13 @@ type NetIface interface {

 // IfaceIPAddrs returns the interface's IP addresses.
 func IfaceIPAddrs(iface NetIface, ipv IPVersion) (ips []net.IP, err error) {
+	switch ipv {
+	case IPVersion4, IPVersion6:
+		// Go on.
+	default:
+		return nil, fmt.Errorf("invalid ip version %d", ipv)
+	}
+
 	addrs, err := iface.Addrs()
 	if err != nil {
 		return nil, err
@@ -41,20 +48,16 @@ func IfaceIPAddrs(iface NetIface, ipv IPVersion) (ips []net.IP, err error) {
 			continue
 		}

-		// Assume that net.(*Interface).Addrs can only return valid IPv4
-		// and IPv6 addresses.  Thus, if it isn't an IPv4 address, it
-		// must be an IPv6 one.
-		switch ipv {
-		case IPVersion4:
-			if ip4 := ip.To4(); ip4 != nil {
+		// Assume that net.(*Interface).Addrs can only return valid IPv4 and
+		// IPv6 addresses.  Thus, if it isn't an IPv4 address, it must be an
+		// IPv6 one.
+		ip4 := ip.To4()
+		if ipv == IPVersion4 {
+			if ip4 != nil {
 				ips = append(ips, ip4)
 			}
-		case IPVersion6:
-			if ip6 := ip.To4(); ip6 == nil {
-				ips = append(ips, ip)
-			}
-		default:
-			return nil, fmt.Errorf("invalid ip version %d", ipv)
+		} else if ip4 == nil {
+			ips = append(ips, ip)
 		}
 	}

@@ -67,7 +70,7 @@ func IfaceIPAddrs(iface NetIface, ipv IPVersion) (ips []net.IP, err error) {
 //
 // It makes up to maxAttempts attempts to get the addresses if there are none,
 // each time using the provided backoff.  Sometimes an interface needs a few
-// seconds to really ititialize.
+// seconds to really initialize.
 //
 // See https://github.com/AdguardTeam/AdGuardHome/issues/2304.
 func IfaceDNSIPAddrs(
@@ -96,16 +99,16 @@ func IfaceDNSIPAddrs(

 	switch len(addrs) {
 	case 0:
-		// Don't return errors in case the users want to try and enable
-		// the DHCP server later.
+		// Don't return errors in case the users want to try and enable the DHCP
+		// server later.
 		t := time.Duration(n) * backoff
 		log.Error("dhcpv%d: no ip for iface after %d attempts and %s", ipv, n, t)

 		return nil, nil
 	case 1:
-		// Some Android devices use 8.8.8.8 if there is not a secondary
-		// DNS server.  Fix that by setting the secondary DNS address to
-		// the same address.
+		// Some Android devices use 8.8.8.8 if there is not a secondary DNS
+		// server.  Fix that by setting the secondary DNS address to the same
+		// address.
 		//
 		// See https://github.com/AdguardTeam/AdGuardHome/issues/1708.
 		log.Debug("dhcpv%d: setting secondary dns ip to itself", ipv)
--- a/internal/aghnet/interfaces_test.go
+++ b/internal/aghnet/interfaces_test.go
@@ -5,13 +5,15 @@ import (
 	"testing"

 	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

+// fakeIface is a stub implementation of aghnet.NetIface to simplify testing.
 type fakeIface struct {
-	addrs []net.Addr
 	err   error
+	addrs []net.Addr
 }

 // Addrs implements the NetIface interface for *fakeIface.
@@ -33,61 +35,86 @@ func TestIfaceIPAddrs(t *testing.T) {
 	addr6 := &net.IPNet{IP: ip6}

 	testCases := []struct {
-		name    string
-		iface   NetIface
-		ipv     IPVersion
-		want    []net.IP
-		wantErr error
+		iface      NetIface
+		name       string
+		wantErrMsg string
+		want       []net.IP
+		ipv        IPVersion
 	}{{
-		name:    "ipv4_success",
-		iface:   &fakeIface{addrs: []net.Addr{addr4}, err: nil},
-		ipv:     IPVersion4,
-		want:    []net.IP{ip4},
-		wantErr: nil,
+		iface:      &fakeIface{addrs: []net.Addr{addr4}, err: nil},
+		name:       "ipv4_success",
+		wantErrMsg: "",
+		want:       []net.IP{ip4},
+		ipv:        IPVersion4,
 	}, {
-		name:    "ipv4_success_with_ipv6",
-		iface:   &fakeIface{addrs: []net.Addr{addr6, addr4}, err: nil},
-		ipv:     IPVersion4,
-		want:    []net.IP{ip4},
-		wantErr: nil,
+		iface:      &fakeIface{addrs: []net.Addr{addr6, addr4}, err: nil},
+		name:       "ipv4_success_with_ipv6",
+		wantErrMsg: "",
+		want:       []net.IP{ip4},
+		ipv:        IPVersion4,
 	}, {
-		name:    "ipv4_error",
-		iface:   &fakeIface{addrs: []net.Addr{addr4}, err: errTest},
-		ipv:     IPVersion4,
-		want:    nil,
-		wantErr: errTest,
+		iface:      &fakeIface{addrs: []net.Addr{addr4}, err: errTest},
+		name:       "ipv4_error",
+		wantErrMsg: errTest.Error(),
+		want:       nil,
+		ipv:        IPVersion4,
 	}, {
-		name:    "ipv6_success",
-		iface:   &fakeIface{addrs: []net.Addr{addr6}, err: nil},
-		ipv:     IPVersion6,
-		want:    []net.IP{ip6},
-		wantErr: nil,
+		iface:      &fakeIface{addrs: []net.Addr{addr6}, err: nil},
+		name:       "ipv6_success",
+		wantErrMsg: "",
+		want:       []net.IP{ip6},
+		ipv:        IPVersion6,
 	}, {
-		name:    "ipv6_success_with_ipv4",
-		iface:   &fakeIface{addrs: []net.Addr{addr6, addr4}, err: nil},
-		ipv:     IPVersion6,
-		want:    []net.IP{ip6},
-		wantErr: nil,
+		iface:      &fakeIface{addrs: []net.Addr{addr6, addr4}, err: nil},
+		name:       "ipv6_success_with_ipv4",
+		wantErrMsg: "",
+		want:       []net.IP{ip6},
+		ipv:        IPVersion6,
 	}, {
-		name:    "ipv6_error",
-		iface:   &fakeIface{addrs: []net.Addr{addr6}, err: errTest},
-		ipv:     IPVersion6,
-		want:    nil,
-		wantErr: errTest,
+		iface:      &fakeIface{addrs: []net.Addr{addr6}, err: errTest},
+		name:       "ipv6_error",
+		wantErrMsg: errTest.Error(),
+		want:       nil,
+		ipv:        IPVersion6,
+	}, {
+		iface:      &fakeIface{addrs: nil, err: nil},
+		name:       "bad_proto",
+		wantErrMsg: "invalid ip version 10",
+		want:       nil,
+		ipv:        IPVersion6 + IPVersion4,
+	}, {
+		iface:      &fakeIface{addrs: []net.Addr{&net.IPAddr{IP: ip4}}, err: nil},
+		name:       "ipaddr_v4",
+		wantErrMsg: "",
+		want:       []net.IP{ip4},
+		ipv:        IPVersion4,
+	}, {
+		iface:      &fakeIface{addrs: []net.Addr{&net.IPAddr{IP: ip6, Zone: ""}}, err: nil},
+		name:       "ipaddr_v6",
+		wantErrMsg: "",
+		want:       []net.IP{ip6},
+		ipv:        IPVersion6,
+	}, {
+		iface:      &fakeIface{addrs: []net.Addr{&net.UnixAddr{}}, err: nil},
+		name:       "non-ipv4",
+		wantErrMsg: "",
+		want:       nil,
+		ipv:        IPVersion4,
 	}}

 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			got, gotErr := IfaceIPAddrs(tc.iface, tc.ipv)
-			require.True(t, errors.Is(gotErr, tc.wantErr))
+			got, err := IfaceIPAddrs(tc.iface, tc.ipv)
+			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
+
 			assert.Equal(t, tc.want, got)
 		})
 	}
 }

 type waitingFakeIface struct {
-	addrs []net.Addr
 	err   error
+	addrs []net.Addr
 	n     int
 }

@@ -116,11 +143,11 @@ func TestIfaceDNSIPAddrs(t *testing.T) {
 	addr6 := &net.IPNet{IP: ip6}

 	testCases := []struct {
-		name    string
 		iface   NetIface
-		ipv     IPVersion
-		want    []net.IP
 		wantErr error
+		name    string
+		want    []net.IP
+		ipv     IPVersion
 	}{{
 		name:    "ipv4_success",
 		iface:   &fakeIface{addrs: []net.Addr{addr4}, err: nil},
@@ -169,12 +196,25 @@ func TestIfaceDNSIPAddrs(t *testing.T) {
 		ipv:     IPVersion6,
 		want:    []net.IP{ip6, ip6},
 		wantErr: nil,
+	}, {
+		name:    "empty",
+		iface:   &fakeIface{addrs: nil, err: nil},
+		ipv:     IPVersion4,
+		want:    nil,
+		wantErr: nil,
+	}, {
+		name:    "many",
+		iface:   &fakeIface{addrs: []net.Addr{addr4, addr4}},
+		ipv:     IPVersion4,
+		want:    []net.IP{ip4, ip4},
+		wantErr: nil,
 	}}

 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			got, gotErr := IfaceDNSIPAddrs(tc.iface, tc.ipv, 2, 0)
-			require.True(t, errors.Is(gotErr, tc.wantErr))
+			got, err := IfaceDNSIPAddrs(tc.iface, tc.ipv, 2, 0)
+			require.ErrorIs(t, err, tc.wantErr)
+
 			assert.Equal(t, tc.want, got)
 		})
 	}
--- a/internal/aghnet/ipmut_test.go
+++ b/internal/aghnet/ipmut_test.go
@@ -0,0 +1,44 @@
+package aghnet
+
+import (
+	"net"
+	"testing"
+
+	"github.com/AdguardTeam/golibs/netutil"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIPMut(t *testing.T) {
+	testIPs := []net.IP{{
+		127, 0, 0, 1,
+	}, {
+		192, 168, 0, 1,
+	}, {
+		8, 8, 8, 8,
+	}}
+
+	t.Run("nil_no_mut", func(t *testing.T) {
+		ipmut := NewIPMut(nil)
+
+		ips := netutil.CloneIPs(testIPs)
+		for i := range ips {
+			ipmut.Load()(ips[i])
+			assert.True(t, ips[i].Equal(testIPs[i]))
+		}
+	})
+
+	t.Run("not_nil_mut", func(t *testing.T) {
+		ipmut := NewIPMut(func(ip net.IP) {
+			for i := range ip {
+				ip[i] = 0
+			}
+		})
+		want := netutil.IPv4Zero()
+
+		ips := netutil.CloneIPs(testIPs)
+		for i := range ips {
+			ipmut.Load()(ips[i])
+			assert.True(t, ips[i].Equal(want))
+		}
+	})
+}
--- a/internal/aghnet/ipset.go
+++ b/internal/aghnet/ipset.go
@@ -20,7 +20,12 @@ type IpsetManager interface {
 //
 //   DOMAIN[,DOMAIN].../IPSET_NAME[,IPSET_NAME]...
 //
-// The error is of type *aghos.UnsupportedError if the OS is not supported.
+// If ipsetConf is empty, msg and err are nil.  The error is of type
+// *aghos.UnsupportedError if the OS is not supported.
 func NewIpsetManager(ipsetConf []string) (mgr IpsetManager, err error) {
+	if len(ipsetConf) == 0 {
+		return nil, nil
+	}
+
 	return newIpsetMgr(ipsetConf)
 }
--- a/internal/aghnet/ipset_linux.go
+++ b/internal/aghnet/ipset_linux.go
@@ -14,6 +14,7 @@ import (
 	"github.com/digineo/go-ipset/v2"
 	"github.com/mdlayher/netlink"
 	"github.com/ti-mo/netfilter"
+	"golang.org/x/sys/unix"
 )

 // How to test on a real Linux machine:
@@ -42,11 +43,17 @@ import (

 // newIpsetMgr returns a new Linux ipset manager.
 func newIpsetMgr(ipsetConf []string) (set IpsetManager, err error) {
-	dial := func(pf netfilter.ProtoFamily, conf *netlink.Config) (conn ipsetConn, err error) {
-		return ipset.Dial(pf, conf)
+	return newIpsetMgrWithDialer(ipsetConf, defaultDial)
+}
+
+// defaultDial is the default netfilter dialing function.
+func defaultDial(pf netfilter.ProtoFamily, conf *netlink.Config) (conn ipsetConn, err error) {
+	conn, err = ipset.Dial(pf, conf)
+	if err != nil {
+		return nil, err
 	}

-	return newIpsetMgrWithDialer(ipsetConf, dial)
+	return conn, nil
 }

 // ipsetConn is the ipset conn interface.
@@ -103,8 +110,8 @@ func (m *ipsetMgr) dialNetfilter(conf *netlink.Config) (err error) {
 	// The kernel API does not actually require two sockets but package
 	// github.com/digineo/go-ipset does.
 	//
-	// TODO(a.garipov): Perhaps we can ditch package ipset altogether and
-	// just use packages netfilter and netlink.
+	// TODO(a.garipov): Perhaps we can ditch package ipset altogether and just
+	// use packages netfilter and netlink.
 	m.ipv4Conn, err = m.dial(netfilter.ProtoIPv4, conf)
 	if err != nil {
 		return fmt.Errorf("dialing v4: %w", err)
@@ -214,6 +221,14 @@ func newIpsetMgrWithDialer(ipsetConf []string, dial ipsetDialer) (mgr IpsetManag

 	err = m.dialNetfilter(&netlink.Config{})
 	if err != nil {
+		if errors.Is(err, unix.EPROTONOSUPPORT) {
+			// The implementation doesn't support this protocol version.  Just
+			// issue a warning.
+			log.Info("ipset: dialing netfilter: warning: %s", err)
+
+			return nil, nil
+		}
+
 		return nil, fmt.Errorf("dialing netfilter: %w", err)
 	}

--- a/internal/aghnet/net.go
+++ b/internal/aghnet/net.go
@@ -42,8 +42,7 @@ func GatewayIP(ifaceName string) net.IP {

 	fields := strings.Fields(string(d))
 	// The meaningful "ip route" command output should contain the word
-	// "default" at first field and default gateway IP address at third
-	// field.
+	// "default" at first field and default gateway IP address at third field.
 	if len(fields) < 3 || fields[0] != "default" {
 		return nil
 	}
@@ -187,7 +186,8 @@ func GetSubnet(ifaceName string) *net.IPNet {
 	return nil
 }

-// CheckPort checks if the port is available for binding.
+// CheckPort checks if the port is available for binding.  network is expected
+// to be one of "udp" and "tcp".
 func CheckPort(network string, ip net.IP, port int) (err error) {
 	var c io.Closer
 	addr := netutil.IPPort{IP: ip, Port: port}.String()
@@ -200,7 +200,11 @@ func CheckPort(network string, ip net.IP, port int) (err error) {
 		return nil
 	}

-	return errors.WithDeferred(err, closePortChecker(c))
+	if err != nil {
+		return err
+	}
+
+	return closePortChecker(c)
 }

 // IsAddrInUse checks if err is about unsuccessful address binding.
@@ -213,28 +217,6 @@ func IsAddrInUse(err error) (ok bool) {
 	return isAddrInUse(sysErr)
 }

-// SplitHost is a wrapper for net.SplitHostPort for the cases when the hostport
-// does not necessarily contain a port.
-func SplitHost(hostport string) (host string, err error) {
-	host, _, err = net.SplitHostPort(hostport)
-	if err != nil {
-		// Check for the missing port error.  If it is that error, just
-		// use the host as is.
-		//
-		// See the source code for net.SplitHostPort.
-		const missingPort = "missing port in address"
-
-		addrErr := &net.AddrError{}
-		if !errors.As(err, &addrErr) || addrErr.Err != missingPort {
-			return "", err
-		}
-
-		host = hostport
-	}
-
-	return host, nil
-}
-
 // CollectAllIfacesAddrs returns the slice of all network interfaces IP
 // addresses without port number.
 func CollectAllIfacesAddrs() (addrs []string, err error) {
--- a/internal/aghnet/net_test.go
+++ b/internal/aghnet/net_test.go
@@ -5,6 +5,8 @@ import (
 	"testing"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
+	"github.com/AdguardTeam/golibs/netutil"
+	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -13,12 +15,20 @@ func TestMain(m *testing.M) {
 	aghtest.DiscardLogOutput(m)
 }

-func TestGetValidNetInterfacesForWeb(t *testing.T) {
+func TestGetInterfaceByIP(t *testing.T) {
 	ifaces, err := GetValidNetInterfacesForWeb()
-	require.NoErrorf(t, err, "cannot get net interfaces: %s", err)
-	require.NotEmpty(t, ifaces, "no net interfaces found")
+	require.NoError(t, err)
+	require.NotEmpty(t, ifaces)
+
 	for _, iface := range ifaces {
-		require.NotEmptyf(t, iface.Addresses, "no addresses found for %s", iface.Name)
+		t.Run(iface.Name, func(t *testing.T) {
+			require.NotEmpty(t, iface.Addresses)
+
+			for _, ip := range iface.Addresses {
+				ifaceName := GetInterfaceByIP(ip)
+				require.Equal(t, iface.Name, ifaceName)
+			}
+		})
 	}
 }

@@ -69,3 +79,49 @@ func TestBroadcastFromIPNet(t *testing.T) {
 		})
 	}
 }
+
+func TestCheckPort(t *testing.T) {
+	t.Run("tcp_bound", func(t *testing.T) {
+		l, err := net.Listen("tcp", "127.0.0.1:")
+		require.NoError(t, err)
+		testutil.CleanupAndRequireSuccess(t, l.Close)
+
+		ipp := netutil.IPPortFromAddr(l.Addr())
+		require.NotNil(t, ipp)
+		require.NotNil(t, ipp.IP)
+		require.NotZero(t, ipp.Port)
+
+		err = CheckPort("tcp", ipp.IP, ipp.Port)
+		target := &net.OpError{}
+		require.ErrorAs(t, err, &target)
+
+		assert.Equal(t, "listen", target.Op)
+	})
+
+	t.Run("udp_bound", func(t *testing.T) {
+		conn, err := net.ListenPacket("udp", "127.0.0.1:")
+		require.NoError(t, err)
+		testutil.CleanupAndRequireSuccess(t, conn.Close)
+
+		ipp := netutil.IPPortFromAddr(conn.LocalAddr())
+		require.NotNil(t, ipp)
+		require.NotNil(t, ipp.IP)
+		require.NotZero(t, ipp.Port)
+
+		err = CheckPort("udp", ipp.IP, ipp.Port)
+		target := &net.OpError{}
+		require.ErrorAs(t, err, &target)
+
+		assert.Equal(t, "listen", target.Op)
+	})
+
+	t.Run("bad_network", func(t *testing.T) {
+		err := CheckPort("bad_network", nil, 0)
+		assert.NoError(t, err)
+	})
+
+	t.Run("can_bind", func(t *testing.T) {
+		err := CheckPort("udp", net.IP{0, 0, 0, 0}, 0)
+		assert.NoError(t, err)
+	})
+}
--- a/internal/aghnet/net_unix.go
+++ b/internal/aghnet/net_unix.go
@@ -10,6 +10,7 @@ import (
 	"github.com/AdguardTeam/golibs/errors"
 )

+// closePortChecker closes c.  c must be non-nil.
 func closePortChecker(c io.Closer) (err error) {
 	return c.Close()
 }
--- a/internal/aghnet/net_windows.go
+++ b/internal/aghnet/net_windows.go
@@ -25,6 +25,7 @@ func ifaceSetStaticIP(string) (err error) {
 	return aghos.Unsupported("setting static ip")
 }

+// closePortChecker closes c.  c must be non-nil.
 func closePortChecker(c io.Closer) (err error) {
 	if err = c.Close(); err != nil {
 		return err
--- a/internal/aghnet/testdata/etc_hosts
+++ b/internal/aghnet/testdata/etc_hosts
@@ -12,9 +12,19 @@
 1.0.0.3 *
 1.0.0.4 *.com

+# See https://github.com/AdguardTeam/AdGuardHome/issues/4079.
+1.0.0.0 hello.world.again
+
+# Duplicates of a main host and an alias.
+1.0.0.1 simplehost
+1.0.0.0 hello.world
+
 # Same for IPv6.
 ::1 simplehost
 ::  hello hello.world
 ::2 a.whole lot.of aliases for.testing
 ::3 *
 ::4 *.com
+::  hello.world.again
+::1 simplehost
+::  hello.world
--- a/internal/dhcpd/iprange.go
+++ b/internal/dhcpd/iprange.go
@@ -14,8 +14,8 @@ import (
 //
 // It is safe for concurrent use.
 //
-// TODO(a.garipov): Perhaps create an optimised version with uint32 for
-// IPv4 ranges?  Or use one of uint128 packages?
+// TODO(a.garipov): Perhaps create an optimized version with uint32 for IPv4
+// ranges?  Or use one of uint128 packages?
 type ipRange struct {
 	start *big.Int
 	end   *big.Int
--- a/internal/dhcpd/options_unix.go
+++ b/internal/dhcpd/options_unix.go
@@ -130,21 +130,19 @@ func parseDHCPOption(s string) (opt dhcpv4.Option, err error) {
 // prepareOptions builds the set of DHCP options according to host requirements
 // document and values from conf.
 func prepareOptions(conf V4ServerConf) (opts dhcpv4.Options) {
+	// Set default values for host configuration parameters listed in Appendix
+	// A of RFC-2131.  Those parameters, if requested by client, should be
+	// returned with values defined by Host Requirements Document.
+	//
+	// See https://datatracker.ietf.org/doc/html/rfc2131#appendix-A.
+	//
+	// See also https://datatracker.ietf.org/doc/html/rfc1122,
+	// https://datatracker.ietf.org/doc/html/rfc1123, and
+	// https://datatracker.ietf.org/doc/html/rfc2132.
 	opts = dhcpv4.Options{
-		// Set default values for host configuration parameters listed
-		// in Appendix A of RFC-2131.  Those parameters, if requested by
-		// client, should be returned with values defined by Host
-		// Requirements Document.
-		//
-		// See https://datatracker.ietf.org/doc/html/rfc2131#appendix-A.
-		//
-		// See also https://datatracker.ietf.org/doc/html/rfc1122,
-		// https://datatracker.ietf.org/doc/html/rfc1123, and
-		// https://datatracker.ietf.org/doc/html/rfc2132.
-
 		// IP-Layer Per Host
-
 		dhcpv4.OptionNonLocalSourceRouting.Code(): []byte{0},
+
 		// Set the current recommended default time to live for the
 		// Internet Protocol which is 64, see
 		// https://datatracker.ietf.org/doc/html/rfc1700.
--- a/internal/dhcpd/server.go
+++ b/internal/dhcpd/server.go
@@ -27,7 +27,6 @@ type DHCPServer interface {
 	Start() (err error)
 	// Stop - stop server
 	Stop() (err error)
-
 	getLeasesRef() []*Lease
 }

--- a/internal/dhcpd/v4.go
+++ b/internal/dhcpd/v4.go
@@ -1056,8 +1056,6 @@ func (s *v4Server) Start() (err error) {
 	go func() {
 		if serr := s.srv.Serve(); errors.Is(serr, net.ErrClosed) {
 			log.Info("dhcpv4: server is closed")
-
-			return
 		} else if serr != nil {
 			log.Error("dhcpv4: srv.Serve: %s", serr)
 		}
--- a/internal/dhcpd/v6.go
+++ b/internal/dhcpd/v6.go
@@ -662,8 +662,11 @@ func (s *v6Server) Start() (err error) {
 	}

 	go func() {
-		err = s.srv.Serve()
-		log.Error("dhcpv6: srv.Serve: %s", err)
+		if serr := s.srv.Serve(); errors.Is(serr, net.ErrClosed) {
+			log.Info("dhcpv6: server is closed")
+		} else if serr != nil {
+			log.Error("dhcpv6: srv.Serve: %s", serr)
+		}
 	}()

 	return nil
--- a/internal/dnsforward/access.go
+++ b/internal/dnsforward/access.go
@@ -7,8 +7,8 @@ import (
 	"net/http"
 	"strings"

+	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/stringutil"
@@ -194,62 +194,46 @@ func (s *Server) handleAccessList(w http.ResponseWriter, r *http.Request) {
 	}
 }

-func isUniq(slice []string) (ok bool, uniqueMap map[string]unit) {
-	exists := make(map[string]unit)
-	for _, key := range slice {
-		if _, has := exists[key]; has {
-			return false, nil
-		}
-		exists[key] = unit{}
-	}
-	return true, exists
-}
-
-func intersect(mapA, mapB map[string]unit) bool {
-	for key := range mapA {
-		if _, has := mapB[key]; has {
-			return true
-		}
-	}
-	return false
-}
-
 // validateAccessSet checks the internal accessListJSON lists.  To search for
 // duplicates, we cannot compare the new stringutil.Set and []string, because
 // creating a set for a large array can be an unnecessary algorithmic complexity
-func validateAccessSet(list accessListJSON) (err error) {
-	const (
-		errAllowedDup    errors.Error = "duplicates in allowed clients"
-		errDisallowedDup errors.Error = "duplicates in disallowed clients"
-		errBlockedDup    errors.Error = "duplicates in blocked hosts"
-		errIntersect     errors.Error = "some items in allowed and " +
-			"disallowed lists at the same time"
-	)
-
-	ok, allowedClients := isUniq(list.AllowedClients)
-	if !ok {
-		return errAllowedDup
+func validateAccessSet(list *accessListJSON) (err error) {
+	allowed, err := validateStrUniq(list.AllowedClients)
+	if err != nil {
+		return fmt.Errorf("validating allowed clients: %w", err)
 	}

-	ok, disallowedClients := isUniq(list.DisallowedClients)
-	if !ok {
-		return errDisallowedDup
+	disallowed, err := validateStrUniq(list.DisallowedClients)
+	if err != nil {
+		return fmt.Errorf("validating disallowed clients: %w", err)
 	}

-	ok, _ = isUniq(list.BlockedHosts)
-	if !ok {
-		return errBlockedDup
+	_, err = validateStrUniq(list.BlockedHosts)
+	if err != nil {
+		return fmt.Errorf("validating blocked hosts: %w", err)
 	}

-	if intersect(allowedClients, disallowedClients) {
-		return errIntersect
+	merged := allowed.Merge(disallowed)
+	err = merged.Validate(aghalg.StringIsBefore)
+	if err != nil {
+		return fmt.Errorf("items in allowed and disallowed clients intersect: %w", err)
 	}

 	return nil
 }

+// validateStrUniq returns an informative error if clients are not unique.
+func validateStrUniq(clients []string) (uc aghalg.UniqChecker, err error) {
+	uc = make(aghalg.UniqChecker, len(clients))
+	for _, c := range clients {
+		uc.Add(c)
+	}
+
+	return uc, uc.Validate(aghalg.StringIsBefore)
+}
+
 func (s *Server) handleAccessSet(w http.ResponseWriter, r *http.Request) {
-	list := accessListJSON{}
+	list := &accessListJSON{}
 	err := json.NewDecoder(r.Body).Decode(&list)
 	if err != nil {
 		aghhttp.Error(r, w, http.StatusBadRequest, "decoding request: %s", err)
--- a/internal/dnsforward/clientid_test.go
+++ b/internal/dnsforward/clientid_test.go
@@ -31,8 +31,8 @@ func (c testTLSConn) ConnectionState() (cs tls.ConnectionState) {

 // testQUICSession is a quicSession for tests.
 type testQUICSession struct {
-	// Session is embedded here simply to make testQUICSession
-	// a quic.Session without acctually implementing all methods.
+	// Session is embedded here simply to make testQUICSession a quic.Session
+	// without actually implementing all methods.
 	quic.Session

 	serverName string
--- a/internal/dnsforward/config.go
+++ b/internal/dnsforward/config.go
@@ -98,10 +98,10 @@ type FilteringConfig struct {
 	AllowedClients    []string `yaml:"allowed_clients"`    // IP addresses of whitelist clients
 	DisallowedClients []string `yaml:"disallowed_clients"` // IP addresses of clients that should be blocked
 	BlockedHosts      []string `yaml:"blocked_hosts"`      // hosts that should be blocked
-	// TrustedProxies is the list of IP addresses and CIDR networks to
-	// detect proxy servers addresses the DoH requests from which should be
-	// handled.  The value of nil or an empty slice for this field makes
-	// Proxy not trust any address.
+	// TrustedProxies is the list of IP addresses and CIDR networks to detect
+	// proxy servers addresses the DoH requests from which should be handled.
+	// The value of nil or an empty slice for this field makes Proxy not trust
+	// any address.
 	TrustedProxies []string `yaml:"trusted_proxies"`

 	// DNS cache settings
--- a/internal/dnsforward/dns.go
+++ b/internal/dnsforward/dns.go
@@ -293,9 +293,9 @@ func (s *Server) processInternalHosts(dctx *dnsContext) (rc resultCode) {
 	req := dctx.proxyCtx.Req
 	q := req.Question[0]

-	// Go on processing the AAAA request despite the fact that we don't
-	// support it yet.  The expected behavior here is to respond with an
-	// empty asnwer and not NXDOMAIN.
+	// Go on processing the AAAA request despite the fact that we don't support
+	// it yet.  The expected behavior here is to respond with an empty answer
+	// and not NXDOMAIN.
 	if q.Qtype != dns.TypeA && q.Qtype != dns.TypeAAAA {
 		return resultCodeSuccess
 	}
@@ -352,9 +352,22 @@ func (s *Server) processRestrictLocal(ctx *dnsContext) (rc resultCode) {

 	ip, err := netutil.IPFromReversedAddr(q.Name)
 	if err != nil {
-		log.Debug("dns: reversed addr: %s", err)
+		log.Debug("dns: parsing reversed addr: %s", err)

-		return resultCodeError
+		// DNS-Based Service Discovery uses PTR records having not an ARPA
+		// format of the domain name in question.  Those shouldn't be
+		// invalidated.  See http://www.dns-sd.org/ServerStaticSetup.html and
+		// RFC 2782.
+		name := strings.TrimSuffix(q.Name, ".")
+		if err = netutil.ValidateSRVDomainName(name); err != nil {
+			log.Debug("dns: validating service domain: %s", err)
+
+			return resultCodeError
+		}
+
+		log.Debug("dns: request is for a service domain")
+
+		return resultCodeSuccess
 	}

 	// Restrict an access to local addresses for external clients.  We also
--- a/internal/dnsforward/dnsforward.go
+++ b/internal/dnsforward/dnsforward.go
@@ -443,7 +443,7 @@ func (s *Server) setupResolvers(localAddrs []string) (err error) {
 		&upstream.Options{
 			Bootstrap: bootstraps,
 			Timeout:   defaultLocalTimeout,
-			// TODO(e.burkov): Should we verify server's ceritificates?
+			// TODO(e.burkov): Should we verify server's certificates?
 		},
 	)
 	if err != nil {
@@ -559,7 +559,7 @@ func (s *Server) IsRunning() bool {
 	return s.isRunning
 }

-// srvClosedErr is returned when the method can't complete without inacessible
+// srvClosedErr is returned when the method can't complete without inaccessible
 // data from the closing server.
 const srvClosedErr errors.Error = "server is closed"

--- a/internal/dnsforward/dnsforward_test.go
+++ b/internal/dnsforward/dnsforward_test.go
@@ -892,7 +892,7 @@ func TestBlockedBySafeBrowsing(t *testing.T) {

 func TestRewrite(t *testing.T) {
 	c := &filtering.Config{
-		Rewrites: []filtering.RewriteEntry{{
+		Rewrites: []*filtering.LegacyRewrite{{
 			Domain: "test.com",
 			Answer: "1.2.3.4",
 			Type:   dns.TypeA,
--- a/internal/dnsforward/http.go
+++ b/internal/dnsforward/http.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"net"
 	"net/http"
-	"strconv"
 	"strings"
 	"time"

@@ -192,22 +191,23 @@ func (req *dnsConfig) checkCacheTTL() bool {

 func (s *Server) handleSetConfig(w http.ResponseWriter, r *http.Request) {
 	req := dnsConfig{}
-	dec := json.NewDecoder(r.Body)
-	if err := dec.Decode(&req); err != nil {
+	err := json.NewDecoder(r.Body).Decode(&req)
+	if err != nil {
 		aghhttp.Error(r, w, http.StatusBadRequest, "json Encode: %s", err)

 		return
 	}

 	if req.Upstreams != nil {
-		if err := ValidateUpstreams(*req.Upstreams); err != nil {
+		if err = ValidateUpstreams(*req.Upstreams); err != nil {
 			aghhttp.Error(r, w, http.StatusBadRequest, "wrong upstreams specification: %s", err)

 			return
 		}
 	}

-	if errBoot, err := req.checkBootstrap(); err != nil {
+	var errBoot string
+	if errBoot, err = req.checkBootstrap(); err != nil {
 		aghhttp.Error(
 			r,
 			w,
@@ -220,19 +220,16 @@ func (s *Server) handleSetConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if !req.checkBlockingMode() {
+	switch {
+	case !req.checkBlockingMode():
 		aghhttp.Error(r, w, http.StatusBadRequest, "blocking_mode: incorrect value")

 		return
-	}
-
-	if !req.checkUpstreamsMode() {
+	case !req.checkUpstreamsMode():
 		aghhttp.Error(r, w, http.StatusBadRequest, "upstream_mode: incorrect value")

 		return
-	}
-
-	if !req.checkCacheTTL() {
+	case !req.checkCacheTTL():
 		aghhttp.Error(
 			r,
 			w,
@@ -241,13 +238,15 @@ func (s *Server) handleSetConfig(w http.ResponseWriter, r *http.Request) {
 		)

 		return
+	default:
+		// Go on.
 	}

 	restart := s.setConfig(req)
 	s.conf.ConfigModified()

 	if restart {
-		if err := s.Reconfigure(nil); err != nil {
+		if err = s.Reconfigure(nil); err != nil {
 			aghhttp.Error(r, w, http.StatusInternalServerError, "%s", err)
 		}
 	}
@@ -387,14 +386,14 @@ func ValidateUpstreams(upstreams []string) (err error) {

 	var defaultUpstreamFound bool
 	for _, u := range upstreams {
-		var ok bool
-		ok, err = validateUpstream(u)
+		var useDefault bool
+		useDefault, err = validateUpstream(u)
 		if err != nil {
 			return err
 		}

 		if !defaultUpstreamFound {
-			defaultUpstreamFound = ok
+			defaultUpstreamFound = useDefault
 		}
 	}

@@ -407,50 +406,62 @@ func ValidateUpstreams(upstreams []string) (err error) {

 var protocols = []string{"tls://", "https://", "tcp://", "sdns://", "quic://"}

-func validateUpstream(u string) (bool, error) {
+func validateUpstream(u string) (useDefault bool, err error) {
 	// Check if the user tries to specify upstream for domain.
-	u, useDefault, err := separateUpstream(u)
+	var isDomainSpec bool
+	u, isDomainSpec, err = separateUpstream(u)
 	if err != nil {
-		return useDefault, err
+		return !isDomainSpec, err
 	}

-	// The special server address '#' means "use the default servers"
-	if u == "#" && !useDefault {
+	// The special server address '#' means that default server must be used.
+	if useDefault = !isDomainSpec; u == "#" && isDomainSpec {
 		return useDefault, nil
 	}

-	// Check if the upstream has a valid protocol prefix
+	// Check if the upstream has a valid protocol prefix.
+	//
+	// TODO(e.burkov):  Validate the domain name.
 	for _, proto := range protocols {
 		if strings.HasPrefix(u, proto) {
 			return useDefault, nil
 		}
 	}

-	// Return error if the upstream contains '://' without any valid protocol
 	if strings.Contains(u, "://") {
-		return useDefault, fmt.Errorf("wrong protocol")
+		return useDefault, errors.Error("wrong protocol")
 	}

-	// Check if upstream is valid plain DNS
-	return useDefault, checkPlainDNS(u)
+	// Check if upstream is either an IP or IP with port.
+	if net.ParseIP(u) != nil {
+		return useDefault, nil
+	} else if _, err = netutil.ParseIPPort(u); err != nil {
+		return useDefault, err
+	}
+
+	return useDefault, nil
 }

 // separateUpstream returns the upstream without the specified domains.
-// useDefault is true when a default upstream must be used.
-func separateUpstream(upstreamStr string) (upstream string, useDefault bool, err error) {
-	defer func() { err = errors.Annotate(err, "bad upstream for domain spec %q: %w", upstreamStr) }()
-
+// isDomainSpec is true when the upstream is domains-specific.
+func separateUpstream(upstreamStr string) (upstream string, isDomainSpec bool, err error) {
 	if !strings.HasPrefix(upstreamStr, "[/") {
-		return upstreamStr, true, nil
+		return upstreamStr, false, nil
 	}
+	defer func() { err = errors.Annotate(err, "bad upstream for domain %q: %w", upstreamStr) }()

 	parts := strings.Split(upstreamStr[2:], "/]")
-	if len(parts) != 2 {
-		return "", false, errors.Error("duplicated separator")
+	switch len(parts) {
+	case 2:
+		// Go on.
+	case 1:
+		return "", false, errors.Error("missing separator")
+	default:
+		return "", true, errors.Error("duplicated separator")
 	}

-	domains := parts[0]
-	upstream = parts[1]
+	var domains string
+	domains, upstream = parts[0], parts[1]
 	for i, host := range strings.Split(domains, "/") {
 		if host == "" {
 			continue
@@ -458,36 +469,11 @@ func separateUpstream(upstreamStr string) (upstream string, useDefault bool, err

 		err = netutil.ValidateDomainName(host)
 		if err != nil {
-			return "", false, fmt.Errorf("domain at index %d: %w", i, err)
+			return "", true, fmt.Errorf("domain at index %d: %w", i, err)
 		}
 	}

-	return upstream, false, nil
-}
-
-// checkPlainDNS checks if host is plain DNS
-func checkPlainDNS(upstream string) error {
-	// Check if host is ip without port
-	if net.ParseIP(upstream) != nil {
-		return nil
-	}
-
-	// Check if host is ip with port
-	ip, port, err := net.SplitHostPort(upstream)
-	if err != nil {
-		return err
-	}
-
-	if net.ParseIP(ip) == nil {
-		return fmt.Errorf("%s is not a valid IP", ip)
-	}
-
-	_, err = strconv.ParseInt(port, 0, 64)
-	if err != nil {
-		return fmt.Errorf("%s is not a valid port: %w", port, err)
-	}
-
-	return nil
+	return upstream, true, nil
 }

 // excFunc is a signature of function to check if upstream exchanges correctly.
@@ -515,12 +501,8 @@ func checkDNSUpstreamExc(u upstream.Upstream) (err error) {

 	if len(reply.Answer) != 1 {
 		return fmt.Errorf("wrong response")
-	}
-
-	if t, ok := reply.Answer[0].(*dns.A); ok {
-		if !net.IPv4(8, 8, 8, 8).Equal(t.A) {
-			return fmt.Errorf("wrong response")
-		}
+	} else if a, ok := reply.Answer[0].(*dns.A); !ok || !a.A.Equal(net.IP{8, 8, 8, 8}) {
+		return fmt.Errorf("wrong response")
 	}

 	return nil
@@ -555,7 +537,7 @@ func checkDNS(input string, bootstrap []string, timeout time.Duration, ef excFun

 	// Separate upstream from domains list.
 	var useDefault bool
-	if input, useDefault, err = separateUpstream(input); err != nil {
+	if useDefault, err = validateUpstream(input); err != nil {
 		return fmt.Errorf("wrong upstream format: %w", err)
 	}

@@ -564,7 +546,7 @@ func checkDNS(input string, bootstrap []string, timeout time.Duration, ef excFun
 		return nil
 	}

-	if _, err = validateUpstream(input); err != nil {
+	if input, _, err = separateUpstream(input); err != nil {
 		return fmt.Errorf("wrong upstream format: %w", err)
 	}

@@ -572,7 +554,8 @@ func checkDNS(input string, bootstrap []string, timeout time.Duration, ef excFun
 		bootstrap = defaultBootstrap
 	}

-	log.Debug("checking if dns server %q works...", input)
+	log.Debug("checking if upstream %s works", input)
+
 	var u upstream.Upstream
 	u, err = upstream.AddressToUpstream(input, &upstream.Options{
 		Bootstrap: bootstrap,
@@ -586,7 +569,7 @@ func checkDNS(input string, bootstrap []string, timeout time.Duration, ef excFun
 		return fmt.Errorf("upstream %q fails to exchange: %w", input, err)
 	}

-	log.Debug("dns %s works OK", input)
+	log.Debug("upstream %s is ok", input)

 	return nil
 }
@@ -620,9 +603,9 @@ func (s *Server) handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 		err = checkDNS(host, bootstraps, timeout, checkPrivateUpstreamExc)
 		if err != nil {
 			log.Info("%v", err)
-			// TODO(e.burkov): If passed upstream have already
-			// written an error above, we rewriting the error for
-			// it.  These cases should be handled properly instead.
+			// TODO(e.burkov): If passed upstream have already written an error
+			// above, we rewriting the error for it.  These cases should be
+			// handled properly instead.
 			result[host] = err.Error()

 			continue
--- a/internal/dnsforward/http_test.go
+++ b/internal/dnsforward/http_test.go
@@ -184,7 +184,7 @@ func TestDNSForwardHTTP_handleSetConfig(t *testing.T) {
 		wantSet: "",
 	}, {
 		name: "upstream_dns_bad",
-		wantSet: `wrong upstreams specification: address !!!: ` +
+		wantSet: `wrong upstreams specification: bad ipport address "!!!": address !!!: ` +
 			`missing port in address`,
 	}, {
 		name: "bootstraps_bad",
@@ -235,107 +235,117 @@ func TestDNSForwardHTTP_handleSetConfig(t *testing.T) {
 }

 func TestIsCommentOrEmpty(t *testing.T) {
-	assert.True(t, IsCommentOrEmpty(""))
-	assert.True(t, IsCommentOrEmpty("# comment"))
-	assert.False(t, IsCommentOrEmpty("1.2.3.4"))
+	for _, tc := range []struct {
+		want assert.BoolAssertionFunc
+		str  string
+	}{{
+		want: assert.True,
+		str:  "",
+	}, {
+		want: assert.True,
+		str:  "# comment",
+	}, {
+		want: assert.False,
+		str:  "1.2.3.4",
+	}} {
+		tc.want(t, IsCommentOrEmpty(tc.str))
+	}
 }

-// TODO(a.garipov): Rewrite to check the actual error messages.
 func TestValidateUpstream(t *testing.T) {
 	testCases := []struct {
+		wantDef  assert.BoolAssertionFunc
 		name     string
 		upstream string
-		valid    bool
-		wantDef  bool
+		wantErr  string
 	}{{
+		wantDef:  assert.True,
 		name:     "invalid",
 		upstream: "1.2.3.4.5",
-		valid:    false,
-		wantDef:  false,
+		wantErr:  `bad ipport address "1.2.3.4.5": address 1.2.3.4.5: missing port in address`,
 	}, {
+		wantDef:  assert.True,
 		name:     "invalid",
 		upstream: "123.3.7m",
-		valid:    false,
-		wantDef:  false,
+		wantErr:  `bad ipport address "123.3.7m": address 123.3.7m: missing port in address`,
 	}, {
+		wantDef:  assert.True,
 		name:     "invalid",
 		upstream: "htttps://google.com/dns-query",
-		valid:    false,
-		wantDef:  false,
+		wantErr:  `wrong protocol`,
 	}, {
+		wantDef:  assert.True,
 		name:     "invalid",
 		upstream: "[/host.com]tls://dns.adguard.com",
-		valid:    false,
-		wantDef:  false,
+		wantErr:  `bad upstream for domain "[/host.com]tls://dns.adguard.com": missing separator`,
 	}, {
+		wantDef:  assert.True,
 		name:     "invalid",
 		upstream: "[host.ru]#",
-		valid:    false,
-		wantDef:  false,
+		wantErr:  `bad ipport address "[host.ru]#": address [host.ru]#: missing port in address`,
 	}, {
+		wantDef:  assert.True,
 		name:     "valid_default",
 		upstream: "1.1.1.1",
-		valid:    true,
-		wantDef:  true,
+		wantErr:  ``,
 	}, {
+		wantDef:  assert.True,
 		name:     "valid_default",
 		upstream: "tls://1.1.1.1",
-		valid:    true,
-		wantDef:  true,
+		wantErr:  ``,
 	}, {
+		wantDef:  assert.True,
 		name:     "valid_default",
 		upstream: "https://dns.adguard.com/dns-query",
-		valid:    true,
-		wantDef:  true,
+		wantErr:  ``,
 	}, {
+		wantDef:  assert.True,
 		name:     "valid_default",
 		upstream: "sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
-		valid:    true,
-		wantDef:  true,
+		wantErr:  ``,
 	}, {
+		wantDef:  assert.False,
 		name:     "valid",
 		upstream: "[/host.com/]1.1.1.1",
-		valid:    true,
-		wantDef:  false,
+		wantErr:  ``,
 	}, {
+		wantDef:  assert.False,
 		name:     "valid",
 		upstream: "[//]tls://1.1.1.1",
-		valid:    true,
-		wantDef:  false,
+		wantErr:  ``,
 	}, {
+		wantDef:  assert.False,
 		name:     "valid",
 		upstream: "[/www.host.com/]#",
-		valid:    true,
-		wantDef:  false,
+		wantErr:  ``,
 	}, {
+		wantDef:  assert.False,
 		name:     "valid",
 		upstream: "[/host.com/google.com/]8.8.8.8",
-		valid:    true,
-		wantDef:  false,
+		wantErr:  ``,
 	}, {
+		wantDef:  assert.False,
 		name:     "valid",
 		upstream: "[/host/]sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
-		valid:    true,
-		wantDef:  false,
+		wantErr:  ``,
 	}, {
+		wantDef:  assert.False,
 		name:     "idna",
 		upstream: "[/пример.рф/]8.8.8.8",
-		valid:    true,
-		wantDef:  false,
+		wantErr:  ``,
 	}, {
+		wantDef:  assert.False,
 		name:     "bad_domain",
 		upstream: "[/!/]8.8.8.8",
-		valid:    false,
-		wantDef:  false,
+		wantErr: `bad upstream for domain "[/!/]8.8.8.8": domain at index 0: ` +
+			`bad domain name "!": bad domain name label "!": bad domain name label rune '!'`,
 	}}

 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			defaultUpstream, err := validateUpstream(tc.upstream)
-			require.Equal(t, tc.valid, err == nil)
-			if tc.valid {
-				assert.Equal(t, tc.wantDef, defaultUpstream)
-			}
+			testutil.AssertErrorMsg(t, tc.wantErr, err)
+			tc.wantDef(t, defaultUpstream)
 		})
 	}
 }
@@ -343,22 +353,19 @@ func TestValidateUpstream(t *testing.T) {
 func TestValidateUpstreamsSet(t *testing.T) {
 	testCases := []struct {
 		name    string
-		msg     string
+		wantErr string
 		set     []string
-		wantNil bool
 	}{{
 		name:    "empty",
-		msg:     "empty upstreams array should be valid",
+		wantErr: ``,
 		set:     nil,
-		wantNil: true,
 	}, {
 		name:    "comment",
-		msg:     "comments should not be validated",
+		wantErr: ``,
 		set:     []string{"# comment"},
-		wantNil: true,
 	}, {
-		name: "valid_no_default",
-		msg:  "there is no default upstream",
+		name:    "valid_no_default",
+		wantErr: `no default upstreams specified`,
 		set: []string{
 			"[/host.com/]1.1.1.1",
 			"[//]tls://1.1.1.1",
@@ -366,10 +373,9 @@ func TestValidateUpstreamsSet(t *testing.T) {
 			"[/host.com/google.com/]8.8.8.8",
 			"[/host/]sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
 		},
-		wantNil: false,
 	}, {
-		name: "valid_with_default",
-		msg:  "upstreams set is valid, but doesn't pass through validation cause: %s",
+		name:    "valid_with_default",
+		wantErr: ``,
 		set: []string{
 			"[/host.com/]1.1.1.1",
 			"[//]tls://1.1.1.1",
@@ -378,19 +384,16 @@ func TestValidateUpstreamsSet(t *testing.T) {
 			"[/host/]sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
 			"8.8.8.8",
 		},
-		wantNil: true,
 	}, {
 		name:    "invalid",
-		msg:     "there is an invalid upstream in set, but it pass through validation",
+		wantErr: `cannot prepare the upstream dhcp://fake.dns ([]): unsupported URL scheme: dhcp`,
 		set:     []string{"dhcp://fake.dns"},
-		wantNil: false,
 	}}

 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			err := ValidateUpstreams(tc.set)
-
-			assert.Equalf(t, tc.wantNil, err == nil, tc.msg, err)
+			testutil.AssertErrorMsg(t, tc.wantErr, err)
 		})
 	}
 }
--- a/internal/dnsforward/ipset.go
+++ b/internal/dnsforward/ipset.go
@@ -24,20 +24,19 @@ type ipsetCtx struct {
 func (c *ipsetCtx) init(ipsetConf []string) (err error) {
 	c.ipsetMgr, err = aghnet.NewIpsetManager(ipsetConf)
 	if errors.Is(err, os.ErrInvalid) || errors.Is(err, os.ErrPermission) {
-		// ipset cannot currently be initialized if the server was
-		// installed from Snap or when the user or the binary doesn't
-		// have the required permissions, or when the kernel doesn't
-		// support netfilter.
+		// ipset cannot currently be initialized if the server was installed
+		// from Snap or when the user or the binary doesn't have the required
+		// permissions, or when the kernel doesn't support netfilter.
 		//
 		// Log and go on.
 		//
-		// TODO(a.garipov): The Snap problem can probably be solved if
-		// we add the netlink-connector interface plug.
-		log.Info("warning: cannot initialize ipset: %s", err)
+		// TODO(a.garipov): The Snap problem can probably be solved if we add
+		// the netlink-connector interface plug.
+		log.Info("ipset: warning: cannot initialize: %s", err)

 		return nil
 	} else if unsupErr := (&aghos.UnsupportedError{}); errors.As(err, &unsupErr) {
-		log.Info("warning: %s", err)
+		log.Info("ipset: warning: %s", err)

 		return nil
 	} else if err != nil {
--- a/internal/dnsforward/recursiondetector.go
+++ b/internal/dnsforward/recursiondetector.go
@@ -78,8 +78,8 @@ func newRecursionDetector(ttl time.Duration, suspectsNum uint) (rd *recursionDet
 // msgToSignature converts msg into it's signature represented in bytes.
 func msgToSignature(msg dns.Msg) (sig []byte) {
 	sig = make([]byte, uint16sz*2+netutil.MaxDomainNameLen)
-	// The binary.BigEndian byte order is used everywhere except when the
-	// real machine's endianess is needed.
+	// The binary.BigEndian byte order is used everywhere except when the real
+	// machine's endianness is needed.
 	byteOrder := binary.BigEndian
 	byteOrder.PutUint16(sig[0:], msg.Id)
 	q := msg.Question[0]
--- a/internal/filtering/filtering.go
+++ b/internal/filtering/filtering.go
@@ -28,7 +28,7 @@ import (

 // The IDs of built-in filter lists.
 //
-// Keep in sync with client/src/helpers/contants.js.
+// Keep in sync with client/src/helpers/constants.js.
 const (
 	CustomListID = -iota
 	SysHostsListID
@@ -80,7 +80,7 @@ type Config struct {
 	ParentalCacheSize     uint `yaml:"parental_cache_size"`     // (in bytes)
 	CacheTime             uint `yaml:"cache_time"`              // Element's TTL (in minutes)

-	Rewrites []RewriteEntry `yaml:"rewrites"`
+	Rewrites []*LegacyRewrite `yaml:"rewrites"`

 	// Names of services to block (globally).
 	// Per-client settings can override this configuration.
@@ -161,9 +161,14 @@ type DNSFilter struct {

 // Filter represents a filter list
 type Filter struct {
-	ID       int64  // auto-assigned when filter is added (see nextFilterID)
-	Data     []byte `yaml:"-"` // List of rules divided by '\n'
-	FilePath string `yaml:"-"` // Path to a filtering rules file
+	// FilePath is the path to a filtering rules list file.
+	FilePath string `yaml:"-"`
+
+	// Data is the content of the file.
+	Data []byte `yaml:"-"`
+
+	// ID is automatically assigned when filter is added using nextFilterID.
+	ID int64
 }

 // Reason holds an enum detailing why it was filtered or not filtered
@@ -281,8 +286,14 @@ func (d *DNSFilter) WriteDiskConfig(c *Config) {
 	c.Rewrites = cloneRewrites(c.Rewrites)
 }

-func cloneRewrites(entries []RewriteEntry) (clone []RewriteEntry) {
-	return append([]RewriteEntry(nil), entries...)
+// cloneRewrites returns a deep copy of entries.
+func cloneRewrites(entries []*LegacyRewrite) (clone []*LegacyRewrite) {
+	clone = make([]*LegacyRewrite, len(entries))
+	for i, rw := range entries {
+		clone[i] = rw.clone()
+	}
+
+	return clone
 }

 // SetFilters - set new filters (synchronously or asynchronously)
@@ -477,10 +488,8 @@ func (d *DNSFilter) matchSysHosts(
 }

 // matchSysHostsIntl actually matches the request.  It's separated to avoid
-// perfoming checks twice.
-func (d *DNSFilter) matchSysHostsIntl(
-	req *urlfilter.DNSRequest,
-) (res Result, err error) {
+// performing checks twice.
+func (d *DNSFilter) matchSysHostsIntl(req *urlfilter.DNSRequest) (res Result, err error) {
 	dnsres, _ := d.EtcHosts.MatchRequest(*req)
 	if dnsres == nil {
 		return res, nil
@@ -507,61 +516,86 @@ func (d *DNSFilter) matchSysHostsIntl(
 	return res, nil
 }

-// Process rewrites table
-// . Find CNAME for a domain name (exact match or by wildcard)
-//  . if found and CNAME equals to domain name - this is an exception;  exit
-//  . if found, set domain name to canonical name
-//  . repeat for the new domain name (Note: we return only the last CNAME)
-// . Find A or AAAA record for a domain name (exact match or by wildcard)
-//  . if found, set IP addresses (IPv4 or IPv6 depending on qtype) in Result.IPList array
+// processRewrites performs filtering based on the legacy rewrite records.
+//
+// Firstly, it finds CNAME rewrites for host.  If the CNAME is the same as host,
+// this query isn't filtered.  If it's different, repeat the process for the new
+// CNAME, breaking loops in the process.
+//
+// Secondly, it finds A or AAAA rewrites for host and, if found, sets res.IPList
+// accordingly.  If the found rewrite has a special value of "A" or "AAAA", the
+// result is an exception.
 func (d *DNSFilter) processRewrites(host string, qtype uint16) (res Result) {
 	d.confLock.RLock()
 	defer d.confLock.RUnlock()

-	rr := findRewrites(d.Rewrites, host, qtype)
-	if len(rr) != 0 {
-		res.Reason = Rewritten
+	rewrites, matched := findRewrites(d.Rewrites, host, qtype)
+	if !matched {
+		return Result{}
 	}

+	res.Reason = Rewritten
+
 	cnames := stringutil.NewSet()
 	origHost := host
-	for len(rr) != 0 && rr[0].Type == dns.TypeCNAME {
-		log.Debug("rewrite: CNAME for %s is %s", host, rr[0].Answer)
+	for matched && len(rewrites) > 0 && rewrites[0].Type == dns.TypeCNAME {
+		rw := rewrites[0]
+		rwPat := rw.Domain
+		rwAns := rw.Answer

-		if host == rr[0].Answer { // "host == CNAME" is an exception
-			res.Reason = NotFilteredNotFound
+		log.Debug("rewrite: cname for %s is %s", host, rwAns)

-			return res
+		if origHost == rwAns || rwPat == rwAns {
+			// Either a request for the hostname itself or a rewrite of
+			// a pattern onto itself, both of which are an exception rules.
+			// Return a not filtered result.
+			return Result{}
+		} else if host == rwAns && isWildcard(rwPat) {
+			// An "*.example.com → sub.example.com" rewrite matching in a loop.
+			//
+			// See https://github.com/AdguardTeam/AdGuardHome/issues/4016.
+
+			res.CanonName = host
+
+			break
 		}

-		host = rr[0].Answer
+		host = rwAns
 		if cnames.Has(host) {
-			log.Info("rewrite: breaking CNAME redirection loop: %s.  Question: %s", host, origHost)
+			log.Info("rewrite: cname loop for %q on %q", origHost, host)

 			return res
 		}

 		cnames.Add(host)
-		res.CanonName = rr[0].Answer
-		rr = findRewrites(d.Rewrites, host, qtype)
+		res.CanonName = host
+		rewrites, matched = findRewrites(d.Rewrites, host, qtype)
 	}

-	for _, r := range rr {
-		if r.Type == qtype && (qtype == dns.TypeA || qtype == dns.TypeAAAA) {
-			if r.IP == nil { // IP exception
-				res.Reason = NotFilteredNotFound
-
-				return res
-			}
-
-			res.IPList = append(res.IPList, r.IP)
-			log.Debug("rewrite: A/AAAA for %s is %s", host, r.IP)
-		}
-	}
+	setRewriteResult(&res, host, rewrites, qtype)

 	return res
 }

+// setRewriteResult sets the Reason or IPList of res if necessary.  res must not
+// be nil.
+func setRewriteResult(res *Result, host string, rewrites []*LegacyRewrite, qtype uint16) {
+	for _, rw := range rewrites {
+		if rw.Type == qtype && (qtype == dns.TypeA || qtype == dns.TypeAAAA) {
+			if rw.IP == nil {
+				// "A"/"AAAA" exception: allow getting from upstream.
+				res.Reason = NotFilteredNotFound
+
+				return
+			}
+
+			res.IPList = append(res.IPList, rw.IP)
+
+			log.Debug("rewrite: a/aaaa for %s is %s", host, rw.IP)
+		}
+	}
+}
+
 // matchBlockedServicesRules checks the host against the blocked services rules
 // in settings, if any.  The err is always nil, it is only there to make this
 // a valid hostChecker function.
@@ -917,12 +951,18 @@ func New(c *Config, blockFilters []Filter) (d *DNSFilter) {
 	err := d.initSecurityServices()
 	if err != nil {
 		log.Error("filtering: initialize services: %s", err)
+
 		return nil
 	}

 	if c != nil {
 		d.Config = *c
-		d.prepareRewrites()
+		err = d.prepareRewrites()
+		if err != nil {
+			log.Error("rewrites: preparing: %s", err)
+
+			return nil
+		}
 	}

 	bsvcs := []string{}
--- a/internal/filtering/rewrites.go
+++ b/internal/filtering/rewrites.go
@@ -4,94 +4,121 @@ package filtering

 import (
 	"encoding/json"
+	"fmt"
 	"net"
 	"net/http"
 	"sort"
 	"strings"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
+	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/miekg/dns"
 )

-// RewriteEntry is a rewrite array element
-type RewriteEntry struct {
-	// Domain is the domain for which this rewrite should work.
+// LegacyRewrite is a single legacy DNS rewrite record.
+//
+// Instances of *LegacyRewrite must never be nil.
+type LegacyRewrite struct {
+	// Domain is the domain pattern for which this rewrite should work.
 	Domain string `yaml:"domain"`
+
 	// Answer is the IP address, canonical name, or one of the special
 	// values: "A" or "AAAA".
 	Answer string `yaml:"answer"`
+
 	// IP is the IP address that should be used in the response if Type is
-	// A or AAAA.
+	// dns.TypeA or dns.TypeAAAA.
 	IP net.IP `yaml:"-"`
+
 	// Type is the DNS record type: A, AAAA, or CNAME.
 	Type uint16 `yaml:"-"`
 }

-// equal returns true if the entry is considered equal to the other.
-func (e *RewriteEntry) equal(other RewriteEntry) (ok bool) {
-	return e.Domain == other.Domain && e.Answer == other.Answer
+// clone returns a deep clone of rw.
+func (rw *LegacyRewrite) clone() (cloneRW *LegacyRewrite) {
+	return &LegacyRewrite{
+		Domain: rw.Domain,
+		Answer: rw.Answer,
+		IP:     netutil.CloneIP(rw.IP),
+		Type:   rw.Type,
+	}
 }

-// matchesQType returns true if the entry matched qtype.
-func (e *RewriteEntry) matchesQType(qtype uint16) (ok bool) {
+// equal returns true if the rw is equal to the other.
+func (rw *LegacyRewrite) equal(other *LegacyRewrite) (ok bool) {
+	return rw.Domain == other.Domain && rw.Answer == other.Answer
+}
+
+// matchesQType returns true if the entry matches the question type qt.
+func (rw *LegacyRewrite) matchesQType(qt uint16) (ok bool) {
 	// Add CNAMEs, since they match for all types requests.
-	if e.Type == dns.TypeCNAME {
+	if rw.Type == dns.TypeCNAME {
 		return true
 	}

 	// Reject types other than A and AAAA.
-	if qtype != dns.TypeA && qtype != dns.TypeAAAA {
+	if qt != dns.TypeA && qt != dns.TypeAAAA {
 		return false
 	}

 	// If the types match or the entry is set to allow only the other type,
 	// include them.
-	return e.Type == qtype || e.IP == nil
+	return rw.Type == qt || rw.IP == nil
 }

 // normalize makes sure that the a new or decoded entry is normalized with
 // regards to domain name case, IP length, and so on.
-func (e *RewriteEntry) normalize() {
-	// TODO(a.garipov): Write a case-agnostic version of strings.HasSuffix
-	// and use it in matchDomainWildcard instead of using strings.ToLower
+//
+// If rw is nil, it returns an errors.
+func (rw *LegacyRewrite) normalize() (err error) {
+	if rw == nil {
+		return errors.Error("nil rewrite entry")
+	}
+
+	// TODO(a.garipov): Write a case-agnostic version of strings.HasSuffix and
+	// use it in matchDomainWildcard instead of using strings.ToLower
 	// everywhere.
-	e.Domain = strings.ToLower(e.Domain)
+	rw.Domain = strings.ToLower(rw.Domain)

-	switch e.Answer {
+	switch rw.Answer {
 	case "AAAA":
-		e.IP = nil
-		e.Type = dns.TypeAAAA
+		rw.IP = nil
+		rw.Type = dns.TypeAAAA

-		return
+		return nil
 	case "A":
-		e.IP = nil
-		e.Type = dns.TypeA
+		rw.IP = nil
+		rw.Type = dns.TypeA

-		return
+		return nil
 	default:
 		// Go on.
 	}

-	ip := net.ParseIP(e.Answer)
+	ip := net.ParseIP(rw.Answer)
 	if ip == nil {
-		e.Type = dns.TypeCNAME
+		rw.Type = dns.TypeCNAME

-		return
+		return nil
 	}

 	ip4 := ip.To4()
 	if ip4 != nil {
-		e.IP = ip4
-		e.Type = dns.TypeA
+		rw.IP = ip4
+		rw.Type = dns.TypeA
 	} else {
-		e.IP = ip
-		e.Type = dns.TypeAAAA
+		rw.IP = ip
+		rw.Type = dns.TypeAAAA
 	}
+
+	return nil
 }

-func isWildcard(host string) bool {
-	return len(host) > 1 && host[0] == '*' && host[1] == '.'
+// isWildcard returns true if pat is a wildcard domain pattern.
+func isWildcard(pat string) bool {
+	return len(pat) > 1 && pat[0] == '*' && pat[1] == '.'
 }

 // matchDomainWildcard returns true if host matches the wildcard pattern.
@@ -107,16 +134,16 @@ func matchDomainWildcard(host, wildcard string) (ok bool) {
 //   wildcard > exact
 //   lower level wildcard > higher level wildcard
 //
-type rewritesSorted []RewriteEntry
+type rewritesSorted []*LegacyRewrite

 // Len implements the sort.Interface interface for legacyRewritesSorted.
-func (a rewritesSorted) Len() int { return len(a) }
+func (a rewritesSorted) Len() (l int) { return len(a) }

 // Swap implements the sort.Interface interface for legacyRewritesSorted.
 func (a rewritesSorted) Swap(i, j int) { a[i], a[j] = a[j], a[i] }

 // Less implements the sort.Interface interface for legacyRewritesSorted.
-func (a rewritesSorted) Less(i, j int) bool {
+func (a rewritesSorted) Less(i, j int) (less bool) {
 	if a[i].Type == dns.TypeCNAME && a[j].Type != dns.TypeCNAME {
 		return true
 	} else if a[i].Type != dns.TypeCNAME && a[j].Type == dns.TypeCNAME {
@@ -133,49 +160,62 @@ func (a rewritesSorted) Less(i, j int) bool {
 		}
 	}

-	// both are wildcards
+	// Both are wildcards.
 	return len(a[i].Domain) > len(a[j].Domain)
 }

-func (d *DNSFilter) prepareRewrites() {
-	for i := range d.Rewrites {
-		d.Rewrites[i].normalize()
+// prepareRewrites normalizes and validates all legacy DNS rewrites.
+func (d *DNSFilter) prepareRewrites() (err error) {
+	for i, r := range d.Rewrites {
+		err = r.normalize()
+		if err != nil {
+			return fmt.Errorf("at index %d: %w", i, err)
+		}
 	}
+
+	return nil
 }

-// findRewrites returns the list of matched rewrite entries.  The priority is:
-// CNAME, then A and AAAA; exact, then wildcard.  If the host is matched
-// exactly, wildcard entries aren't returned.  If the host matched by wildcards,
-// return the most specific for the question type.
-func findRewrites(entries []RewriteEntry, host string, qtype uint16) (matched []RewriteEntry) {
-	rr := rewritesSorted{}
+// findRewrites returns the list of matched rewrite entries.  If rewrites are
+// empty, but matched is true, the domain is found among the rewrite rules but
+// not for this question type.
+//
+// The result priority is: CNAME, then A and AAAA; exact, then wildcard.  If the
+// host is matched exactly, wildcard entries aren't returned.  If the host
+// matched by wildcards, return the most specific for the question type.
+func findRewrites(
+	entries []*LegacyRewrite,
+	host string,
+	qtype uint16,
+) (rewrites []*LegacyRewrite, matched bool) {
 	for _, e := range entries {
 		if e.Domain != host && !matchDomainWildcard(host, e.Domain) {
 			continue
 		}

+		matched = true
 		if e.matchesQType(qtype) {
-			rr = append(rr, e)
+			rewrites = append(rewrites, e)
 		}
 	}

-	if len(rr) == 0 {
-		return nil
+	if len(rewrites) == 0 {
+		return nil, matched
 	}

-	sort.Sort(rr)
+	sort.Sort(rewritesSorted(rewrites))

-	for i, r := range rr {
+	for i, r := range rewrites {
 		if isWildcard(r.Domain) {
-			// Don't use rr[:0], because we need to return at least
-			// one item here.
-			rr = rr[:max(1, i)]
+			// Don't use rewrites[:0], because we need to return at least one
+			// item here.
+			rewrites = rewrites[:max(1, i)]

 			break
 		}
 	}

-	return rr
+	return rewrites, matched
 }

 func max(a, b int) int {
@@ -214,24 +254,32 @@ func (d *DNSFilter) handleRewriteList(w http.ResponseWriter, r *http.Request) {
 }

 func (d *DNSFilter) handleRewriteAdd(w http.ResponseWriter, r *http.Request) {
-	jsent := rewriteEntryJSON{}
-	err := json.NewDecoder(r.Body).Decode(&jsent)
+	rwJSON := rewriteEntryJSON{}
+	err := json.NewDecoder(r.Body).Decode(&rwJSON)
 	if err != nil {
 		aghhttp.Error(r, w, http.StatusBadRequest, "json.Decode: %s", err)

 		return
 	}

-	ent := RewriteEntry{
-		Domain: jsent.Domain,
-		Answer: jsent.Answer,
+	rw := &LegacyRewrite{
+		Domain: rwJSON.Domain,
+		Answer: rwJSON.Answer,
 	}
-	ent.normalize()
+
+	err = rw.normalize()
+	if err != nil {
+		// Shouldn't happen currently, since normalize only returns a non-nil
+		// error when a rewrite is nil, but be change-proof.
+		aghhttp.Error(r, w, http.StatusBadRequest, "normalizing: %s", err)
+
+		return
+	}
+
 	d.confLock.Lock()
-	d.Config.Rewrites = append(d.Config.Rewrites, ent)
+	d.Config.Rewrites = append(d.Config.Rewrites, rw)
 	d.confLock.Unlock()
-	log.Debug("Rewrites: added element: %s -> %s [%d]",
-		ent.Domain, ent.Answer, len(d.Config.Rewrites))
+	log.Debug("rewrite: added element: %s -> %s [%d]", rw.Domain, rw.Answer, len(d.Config.Rewrites))

 	d.Config.ConfigModified()
 }
@@ -245,17 +293,20 @@ func (d *DNSFilter) handleRewriteDelete(w http.ResponseWriter, r *http.Request)
 		return
 	}

-	entDel := RewriteEntry{
+	entDel := &LegacyRewrite{
 		Domain: jsent.Domain,
 		Answer: jsent.Answer,
 	}
-	arr := []RewriteEntry{}
+	arr := []*LegacyRewrite{}
+
 	d.confLock.Lock()
 	for _, ent := range d.Config.Rewrites {
 		if ent.equal(entDel) {
-			log.Debug("Rewrites: removed element: %s -> %s", ent.Domain, ent.Answer)
+			log.Debug("rewrite: removed element: %s -> %s", ent.Domain, ent.Answer)
+
 			continue
 		}
+
 		arr = append(arr, ent)
 	}
 	d.Config.Rewrites = arr
--- a/internal/filtering/rewrites_test.go
+++ b/internal/filtering/rewrites_test.go
@@ -15,7 +15,7 @@ func TestRewrites(t *testing.T) {
 	d := newForTest(t, nil, nil)
 	t.Cleanup(d.Close)

-	d.Rewrites = []RewriteEntry{{
+	d.Rewrites = []*LegacyRewrite{{
 		// This one and below are about CNAME, A and AAAA.
 		Domain: "somecname",
 		Answer: "somehost.com",
@@ -66,98 +66,123 @@ func TestRewrites(t *testing.T) {
 	}, {
 		Domain: "BIGHOST.COM",
 		Answer: "1.2.3.7",
+	}, {
+		Domain: "*.issue4016.com",
+		Answer: "sub.issue4016.com",
 	}}
-	d.prepareRewrites()
+
+	require.NoError(t, d.prepareRewrites())

 	testCases := []struct {
-		name      string
-		host      string
-		wantCName string
-		wantVals  []net.IP
-		dtyp      uint16
+		name       string
+		host       string
+		wantCName  string
+		wantIPs    []net.IP
+		wantReason Reason
+		dtyp       uint16
 	}{{
-		name:      "not_filtered_not_found",
-		host:      "hoost.com",
-		wantCName: "",
-		wantVals:  nil,
-		dtyp:      dns.TypeA,
+		name:       "not_filtered_not_found",
+		host:       "hoost.com",
+		wantCName:  "",
+		wantIPs:    nil,
+		wantReason: NotFilteredNotFound,
+		dtyp:       dns.TypeA,
 	}, {
-		name:      "rewritten_a",
-		host:      "www.host.com",
-		wantCName: "host.com",
-		wantVals:  []net.IP{{1, 2, 3, 4}, {1, 2, 3, 5}},
-		dtyp:      dns.TypeA,
+		name:       "rewritten_a",
+		host:       "www.host.com",
+		wantCName:  "host.com",
+		wantIPs:    []net.IP{{1, 2, 3, 4}, {1, 2, 3, 5}},
+		wantReason: Rewritten,
+		dtyp:       dns.TypeA,
 	}, {
-		name:      "rewritten_aaaa",
-		host:      "www.host.com",
-		wantCName: "host.com",
-		wantVals:  []net.IP{net.ParseIP("1:2:3::4")},
-		dtyp:      dns.TypeAAAA,
+		name:       "rewritten_aaaa",
+		host:       "www.host.com",
+		wantCName:  "host.com",
+		wantIPs:    []net.IP{net.ParseIP("1:2:3::4")},
+		wantReason: Rewritten,
+		dtyp:       dns.TypeAAAA,
 	}, {
-		name:      "wildcard_match",
-		host:      "abc.host.com",
-		wantCName: "",
-		wantVals:  []net.IP{{1, 2, 3, 5}},
-		dtyp:      dns.TypeA,
+		name:       "wildcard_match",
+		host:       "abc.host.com",
+		wantCName:  "",
+		wantIPs:    []net.IP{{1, 2, 3, 5}},
+		wantReason: Rewritten,
+		dtyp:       dns.TypeA,
 	}, {
-		name:      "wildcard_override",
-		host:      "a.host.com",
-		wantCName: "",
-		wantVals:  []net.IP{{1, 2, 3, 4}},
-		dtyp:      dns.TypeA,
+		name:       "wildcard_override",
+		host:       "a.host.com",
+		wantCName:  "",
+		wantIPs:    []net.IP{{1, 2, 3, 4}},
+		wantReason: Rewritten,
+		dtyp:       dns.TypeA,
 	}, {
-		name:      "wildcard_cname_interaction",
-		host:      "www.host2.com",
-		wantCName: "host.com",
-		wantVals:  []net.IP{{1, 2, 3, 4}, {1, 2, 3, 5}},
-		dtyp:      dns.TypeA,
+		name:       "wildcard_cname_interaction",
+		host:       "www.host2.com",
+		wantCName:  "host.com",
+		wantIPs:    []net.IP{{1, 2, 3, 4}, {1, 2, 3, 5}},
+		wantReason: Rewritten,
+		dtyp:       dns.TypeA,
 	}, {
-		name:      "two_cnames",
-		host:      "b.host.com",
-		wantCName: "somehost.com",
-		wantVals:  []net.IP{{0, 0, 0, 0}},
-		dtyp:      dns.TypeA,
+		name:       "two_cnames",
+		host:       "b.host.com",
+		wantCName:  "somehost.com",
+		wantIPs:    []net.IP{{0, 0, 0, 0}},
+		wantReason: Rewritten,
+		dtyp:       dns.TypeA,
 	}, {
-		name:      "two_cnames_and_wildcard",
-		host:      "b.host3.com",
-		wantCName: "x.host.com",
-		wantVals:  []net.IP{{1, 2, 3, 5}},
-		dtyp:      dns.TypeA,
+		name:       "two_cnames_and_wildcard",
+		host:       "b.host3.com",
+		wantCName:  "x.host.com",
+		wantIPs:    []net.IP{{1, 2, 3, 5}},
+		wantReason: Rewritten,
+		dtyp:       dns.TypeA,
 	}, {
-		name:      "issue3343",
-		host:      "www.hostboth.com",
-		wantCName: "",
-		wantVals:  []net.IP{net.ParseIP("1234::5678")},
-		dtyp:      dns.TypeAAAA,
+		name:       "issue3343",
+		host:       "www.hostboth.com",
+		wantCName:  "",
+		wantIPs:    []net.IP{net.ParseIP("1234::5678")},
+		wantReason: Rewritten,
+		dtyp:       dns.TypeAAAA,
 	}, {
-		name:      "issue3351",
-		host:      "bighost.com",
-		wantCName: "",
-		wantVals:  []net.IP{{1, 2, 3, 7}},
-		dtyp:      dns.TypeA,
+		name:       "issue3351",
+		host:       "bighost.com",
+		wantCName:  "",
+		wantIPs:    []net.IP{{1, 2, 3, 7}},
+		wantReason: Rewritten,
+		dtyp:       dns.TypeA,
+	}, {
+		name:       "issue4008",
+		host:       "somehost.com",
+		wantCName:  "",
+		wantIPs:    nil,
+		wantReason: Rewritten,
+		dtyp:       dns.TypeHTTPS,
+	}, {
+		name:       "issue4016",
+		host:       "www.issue4016.com",
+		wantCName:  "sub.issue4016.com",
+		wantIPs:    nil,
+		wantReason: Rewritten,
+		dtyp:       dns.TypeA,
+	}, {
+		name:       "issue4016_self",
+		host:       "sub.issue4016.com",
+		wantCName:  "",
+		wantIPs:    nil,
+		wantReason: NotFilteredNotFound,
+		dtyp:       dns.TypeA,
 	}}

 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			valsNum := len(tc.wantVals)
-
 			r := d.processRewrites(tc.host, tc.dtyp)
-			if valsNum == 0 {
-				assert.Equal(t, NotFilteredNotFound, r.Reason)
-
-				return
-			}
-
-			require.Equalf(t, Rewritten, r.Reason, "got %s", r.Reason)
+			require.Equalf(t, tc.wantReason, r.Reason, "got %s", r.Reason)

 			if tc.wantCName != "" {
 				assert.Equal(t, tc.wantCName, r.CanonName)
 			}

-			require.Len(t, r.IPList, valsNum)
-			for i, ip := range tc.wantVals {
-				assert.Equal(t, ip, r.IPList[i])
-			}
+			assert.Equal(t, tc.wantIPs, r.IPList)
 		})
 	}
 }
@@ -166,7 +191,7 @@ func TestRewritesLevels(t *testing.T) {
 	d := newForTest(t, nil, nil)
 	t.Cleanup(d.Close)
 	// Exact host, wildcard L2, wildcard L3.
-	d.Rewrites = []RewriteEntry{{
+	d.Rewrites = []*LegacyRewrite{{
 		Domain: "host.com",
 		Answer: "1.1.1.1",
 		Type:   dns.TypeA,
@@ -179,7 +204,8 @@ func TestRewritesLevels(t *testing.T) {
 		Answer: "3.3.3.3",
 		Type:   dns.TypeA,
 	}}
-	d.prepareRewrites()
+
+	require.NoError(t, d.prepareRewrites())

 	testCases := []struct {
 		name string
@@ -212,7 +238,7 @@ func TestRewritesExceptionCNAME(t *testing.T) {
 	d := newForTest(t, nil, nil)
 	t.Cleanup(d.Close)
 	// Wildcard and exception for a sub-domain.
-	d.Rewrites = []RewriteEntry{{
+	d.Rewrites = []*LegacyRewrite{{
 		Domain: "*.host.com",
 		Answer: "2.2.2.2",
 	}, {
@@ -222,29 +248,32 @@ func TestRewritesExceptionCNAME(t *testing.T) {
 		Domain: "*.sub.host.com",
 		Answer: "*.sub.host.com",
 	}}
-	d.prepareRewrites()
+
+	require.NoError(t, d.prepareRewrites())

 	testCases := []struct {
 		name string
 		host string
 		want net.IP
 	}{{
-		name: "match_sub-domain",
+		name: "match_subdomain",
 		host: "my.host.com",
 		want: net.IP{2, 2, 2, 2},
 	}, {
 		name: "exception_cname",
 		host: "sub.host.com",
+		want: nil,
 	}, {
 		name: "exception_wildcard",
 		host: "my.sub.host.com",
+		want: nil,
 	}}

 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			r := d.processRewrites(tc.host, dns.TypeA)
 			if tc.want == nil {
-				assert.Equal(t, NotFilteredNotFound, r.Reason)
+				assert.Equal(t, NotFilteredNotFound, r.Reason, "got %s", r.Reason)

 				return
 			}
@@ -260,7 +289,7 @@ func TestRewritesExceptionIP(t *testing.T) {
 	d := newForTest(t, nil, nil)
 	t.Cleanup(d.Close)
 	// Exception for AAAA record.
-	d.Rewrites = []RewriteEntry{{
+	d.Rewrites = []*LegacyRewrite{{
 		Domain: "host.com",
 		Answer: "1.2.3.4",
 		Type:   dns.TypeA,
@@ -281,7 +310,8 @@ func TestRewritesExceptionIP(t *testing.T) {
 		Answer: "A",
 		Type:   dns.TypeA,
 	}}
-	d.prepareRewrites()
+
+	require.NoError(t, d.prepareRewrites())

 	testCases := []struct {
 		name string
--- a/internal/home/auth.go
+++ b/internal/home/auth.go
@@ -404,8 +404,8 @@ func realIP(r *http.Request) (ip net.IP, err error) {
 		return ip, nil
 	}

-	// When everything else fails, just return the remote address as
-	// understood by the stdlib.
+	// When everything else fails, just return the remote address as understood
+	// by the stdlib.
 	ipStr, err := netutil.SplitHost(r.RemoteAddr)
 	if err != nil {
 		return nil, fmt.Errorf("getting ip from client addr: %w", err)
@@ -424,7 +424,8 @@ func handleLogin(w http.ResponseWriter, r *http.Request) {
 	}

 	var remoteAddr string
-	// The realIP couldn't be used here due to security issues.
+	// realIP cannot be used here without taking TrustedProxies into account due
+	// to security issues.
 	//
 	// See https://github.com/AdguardTeam/AdGuardHome/issues/2799.
 	//
@@ -438,13 +439,7 @@ func handleLogin(w http.ResponseWriter, r *http.Request) {
 	if blocker := Context.auth.blocker; blocker != nil {
 		if left := blocker.check(remoteAddr); left > 0 {
 			w.Header().Set("Retry-After", strconv.Itoa(int(left.Seconds())))
-			aghhttp.Error(
-				r,
-				w,
-				http.StatusTooManyRequests,
-				"auth: blocked for %s",
-				left,
-			)
+			aghhttp.Error(r, w, http.StatusTooManyRequests, "auth: blocked for %s", left)

 			return
 		}
@@ -458,17 +453,18 @@ func handleLogin(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	// Use realIP here, since this IP address is only used for logging.
+	ip, err := realIP(r)
+	if err != nil {
+		log.Error("auth: getting real ip from request: %s", err)
+	} else if ip == nil {
+		// Technically shouldn't happen.
+		log.Error("auth: unknown ip")
+	}
+
 	if len(cookie) == 0 {
-		var ip net.IP
-		ip, err = realIP(r)
-		if err != nil {
-			log.Info("auth: getting real ip from request: %s", err)
-		} else if ip == nil {
-			// Technically shouldn't happen.
-			log.Info("auth: failed to login user %q from unknown ip", req.Name)
-		} else {
-			log.Info("auth: failed to login user %q from ip %q", req.Name, ip)
-		}
+		log.Info("auth: failed to login user %q from ip %v", req.Name, ip)
+
 		time.Sleep(1 * time.Second)

 		http.Error(w, "invalid username or password", http.StatusBadRequest)
@@ -476,11 +472,13 @@ func handleLogin(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	w.Header().Set("Set-Cookie", cookie)
+	log.Info("auth: user %q successfully logged in from ip %v", req.Name, ip)

-	w.Header().Set("Cache-Control", "no-store, no-cache, must-revalidate, proxy-revalidate")
-	w.Header().Set("Pragma", "no-cache")
-	w.Header().Set("Expires", "0")
+	h := w.Header()
+	h.Set("Set-Cookie", cookie)
+	h.Set("Cache-Control", "no-store, no-cache, must-revalidate, proxy-revalidate")
+	h.Set("Pragma", "no-cache")
+	h.Set("Expires", "0")

 	aghhttp.OK(w)
 }
@@ -530,7 +528,7 @@ func optionalAuthThird(w http.ResponseWriter, r *http.Request) (authFirst bool)
 	cookie, err := r.Cookie(sessionCookieName)

 	if glProcessCookie(r) {
-		log.Debug("auth: authentification was handled by GL-Inet submodule")
+		log.Debug("auth: authentication was handled by GL-Inet submodule")
 		ok = true
 	} else if err == nil {
 		r := Context.auth.checkSession(cookie.Value)
--- a/internal/home/clients.go
+++ b/internal/home/clients.go
@@ -96,7 +96,7 @@ type clientsContainer struct {
 	dnsServer *dnsforward.Server

 	// etcHosts contains list of rewrite rules taken from the operating system's
-	// hosts databse.
+	// hosts database.
 	etcHosts *aghnet.HostsContainer

 	testing bool // if TRUE, this object is used for internal tests
@@ -175,7 +175,7 @@ type clientObject struct {
 	UseGlobalBlockedServices bool `yaml:"use_global_blocked_services"`
 }

-// addFromConfig initializes the clients containter with objects from the
+// addFromConfig initializes the clients container with objects from the
 // configuration file.
 func (clients *clientsContainer) addFromConfig(objects []*clientObject) {
 	for _, o := range objects {
@@ -783,12 +783,17 @@ func (clients *clientsContainer) addFromHostsFile(hosts *netutil.IPMap) {

 	n := 0
 	hosts.Range(func(ip net.IP, v interface{}) (cont bool) {
-		names, ok := v.(*stringutil.Set)
+		hosts, ok := v.(*aghnet.Hosts)
 		if !ok {
 			log.Error("dns: bad type %T in ipToRC for %s", v, ip)
+
+			return true
 		}

-		names.Range(func(name string) (cont bool) {
+		if clients.addHostLocked(ip, hosts.Main, ClientSourceHostsFile) {
+			n++
+		}
+		hosts.Aliases.Range(func(name string) (cont bool) {
 			if clients.addHostLocked(ip, name, ClientSourceHostsFile) {
 				n++
 			}
--- a/internal/home/config.go
+++ b/internal/home/config.go
@@ -1,11 +1,13 @@
 package home

 import (
+	"fmt"
 	"net"
 	"os"
 	"path/filepath"
 	"sync"

+	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
@@ -164,7 +166,7 @@ type tlsConfigSettings struct {

 // config is the global configuration structure.
 //
-// TODO(a.garipov, e.burkov): This global is afwul and must be removed.
+// TODO(a.garipov, e.burkov): This global is awful and must be removed.
 var config = &configuration{
 	BindPort:     3000,
 	BetaBindPort: 0,
@@ -286,22 +288,25 @@ func parseConfig() (err error) {
 		return err
 	}

-	pm := portsMap{}
-	pm.add(
+	uc := aghalg.UniqChecker{}
+	addPorts(
+		uc,
 		config.BindPort,
 		config.BetaBindPort,
 		config.DNS.Port,
 	)
+
 	if config.TLS.Enabled {
-		pm.add(
+		addPorts(
+			uc,
 			config.TLS.PortHTTPS,
 			config.TLS.PortDNSOverTLS,
 			config.TLS.PortDNSOverQUIC,
 			config.TLS.PortDNSCrypt,
 		)
 	}
-	if err = pm.validate(); err != nil {
-		return err
+	if err = uc.Validate(aghalg.IntIsBefore); err != nil {
+		return fmt.Errorf("validating ports: %w", err)
 	}

 	if !checkFiltersUpdateIntervalHours(config.DNS.FiltersUpdateIntervalHours) {
@@ -315,6 +320,15 @@ func parseConfig() (err error) {
 	return nil
 }

+// addPorts is a helper for ports validation.  It skips zero ports.
+func addPorts(uc aghalg.UniqChecker, ports ...int) {
+	for _, p := range ports {
+		if p != 0 {
+			uc.Add(p)
+		}
+	}
+}
+
 // readConfigFile reads configuration file contents.
 func readConfigFile() (fileData []byte, err error) {
 	if len(config.fileData) > 0 {
--- a/internal/home/control.go
+++ b/internal/home/control.go
@@ -37,7 +37,7 @@ func appendDNSAddrs(dst []string, addrs ...net.IP) (res []string) {

 // appendDNSAddrsWithIfaces formats and appends all DNS addresses from src to
 // dst.  It also adds the IP addresses of all network interfaces if src contains
-// an unspecified IP addresss.
+// an unspecified IP address.
 func appendDNSAddrsWithIfaces(dst []string, src []net.IP) (res []string, err error) {
 	ifacesAdded := false
 	for _, h := range src {
--- a/internal/home/controlinstall.go
+++ b/internal/home/controlinstall.go
@@ -14,24 +14,37 @@ import (
 	"strings"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
+	"github.com/AdguardTeam/AdGuardHome/internal/version"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 )

 // getAddrsResponse is the response for /install/get_addresses endpoint.
 type getAddrsResponse struct {
-	WebPort    int                             `json:"web_port"`
-	DNSPort    int                             `json:"dns_port"`
 	Interfaces map[string]*aghnet.NetInterface `json:"interfaces"`
+
+	// Version is the version of AdGuard Home.
+	//
+	// TODO(a.garipov): In the new API, rename this endpoint to something more
+	// general, since there will be more information here than just network
+	// interfaces.
+	Version string `json:"version"`
+
+	WebPort int `json:"web_port"`
+	DNSPort int `json:"dns_port"`
 }

 // handleInstallGetAddresses is the handler for /install/get_addresses endpoint.
 func (web *Web) handleInstallGetAddresses(w http.ResponseWriter, r *http.Request) {
-	data := getAddrsResponse{}
-	data.WebPort = defaultPortHTTP
-	data.DNSPort = defaultPortDNS
+	data := getAddrsResponse{
+		Version: version.Version(),
+
+		WebPort: defaultPortHTTP,
+		DNSPort: defaultPortDNS,
+	}

 	ifaces, err := aghnet.GetValidNetInterfacesForWeb()
 	if err != nil {
@@ -60,19 +73,19 @@ func (web *Web) handleInstallGetAddresses(w http.ResponseWriter, r *http.Request
 	}
 }

-type checkConfigReqEnt struct {
-	Port    int    `json:"port"`
+type checkConfReqEnt struct {
 	IP      net.IP `json:"ip"`
+	Port    int    `json:"port"`
 	Autofix bool   `json:"autofix"`
 }

-type checkConfigReq struct {
-	Web         checkConfigReqEnt `json:"web"`
-	DNS         checkConfigReqEnt `json:"dns"`
-	SetStaticIP bool              `json:"set_static_ip"`
+type checkConfReq struct {
+	Web         checkConfReqEnt `json:"web"`
+	DNS         checkConfReqEnt `json:"dns"`
+	SetStaticIP bool            `json:"set_static_ip"`
 }

-type checkConfigRespEnt struct {
+type checkConfRespEnt struct {
 	Status     string `json:"status"`
 	CanAutofix bool   `json:"can_autofix"`
 }
@@ -83,72 +96,110 @@ type staticIPJSON struct {
 	Error  string `json:"error"`
 }

-type checkConfigResp struct {
-	Web      checkConfigRespEnt `json:"web"`
-	DNS      checkConfigRespEnt `json:"dns"`
-	StaticIP staticIPJSON       `json:"static_ip"`
+type checkConfResp struct {
+	StaticIP staticIPJSON     `json:"static_ip"`
+	Web      checkConfRespEnt `json:"web"`
+	DNS      checkConfRespEnt `json:"dns"`
 }

-// Check if ports are available, respond with results
-func (web *Web) handleInstallCheckConfig(w http.ResponseWriter, r *http.Request) {
-	reqData := checkConfigReq{}
-	respData := checkConfigResp{}
+// validateWeb returns error is the web part if the initial configuration can't
+// be set.
+func (req *checkConfReq) validateWeb(uc aghalg.UniqChecker) (err error) {
+	defer func() { err = errors.Annotate(err, "validating ports: %w") }()

-	err := json.NewDecoder(r.Body).Decode(&reqData)
+	port := req.Web.Port
+	addPorts(uc, config.BetaBindPort, port)
+	if err = uc.Validate(aghalg.IntIsBefore); err != nil {
+		// Avoid duplicating the error into the status of DNS.
+		uc[port] = 1
+
+		return err
+	}
+
+	switch port {
+	case 0, config.BindPort:
+		return nil
+	default:
+		// Go on and check the port binding only if it's not zero or won't be
+		// unbound after install.
+	}
+
+	return aghnet.CheckPort("tcp", req.Web.IP, port)
+}
+
+// validateDNS returns error if the DNS part of the initial configuration can't
+// be set.  canAutofix is true if the port can be unbound by AdGuard Home
+// automatically.
+func (req *checkConfReq) validateDNS(uc aghalg.UniqChecker) (canAutofix bool, err error) {
+	defer func() { err = errors.Annotate(err, "validating ports: %w") }()
+
+	port := req.DNS.Port
+	addPorts(uc, port)
+	if err = uc.Validate(aghalg.IntIsBefore); err != nil {
+		return false, err
+	}
+
+	switch port {
+	case 0:
+		return false, nil
+	case config.BindPort:
+		// Go on and only check the UDP port since the TCP one is already bound
+		// by AdGuard Home for web interface.
+	default:
+		// Check TCP as well.
+		err = aghnet.CheckPort("tcp", req.DNS.IP, port)
+		if err != nil {
+			return false, err
+		}
+	}
+
+	err = aghnet.CheckPort("udp", req.DNS.IP, port)
+	if !aghnet.IsAddrInUse(err) {
+		return false, err
+	}
+
+	// Try to fix automatically.
+	canAutofix = checkDNSStubListener()
+	if canAutofix && req.DNS.Autofix {
+		if derr := disableDNSStubListener(); derr != nil {
+			log.Error("disabling DNSStubListener: %s", err)
+		}
+
+		err = aghnet.CheckPort("udp", req.DNS.IP, port)
+		canAutofix = false
+	}
+
+	return canAutofix, err
+}
+
+// handleInstallCheckConfig handles the /check_config endpoint.
+func (web *Web) handleInstallCheckConfig(w http.ResponseWriter, r *http.Request) {
+	req := &checkConfReq{}
+
+	err := json.NewDecoder(r.Body).Decode(req)
 	if err != nil {
-		aghhttp.Error(r, w, http.StatusBadRequest, "Failed to parse 'check_config' JSON data: %s", err)
+		aghhttp.Error(r, w, http.StatusBadRequest, "decoding the request: %s", err)

 		return
 	}

-	pm := portsMap{}
-	pm.add(config.BindPort, config.BetaBindPort, reqData.Web.Port)
-	if err = pm.validate(); err != nil {
-		respData.Web.Status = err.Error()
-	} else if reqData.Web.Port != 0 {
-		err = aghnet.CheckPort("tcp", reqData.Web.IP, reqData.Web.Port)
-		if err != nil {
-			respData.Web.Status = err.Error()
-		}
+	resp := &checkConfResp{}
+	uc := aghalg.UniqChecker{}
+
+	if err = req.validateWeb(uc); err != nil {
+		resp.Web.Status = err.Error()
 	}

-	pm.add(reqData.DNS.Port)
-	if err = pm.validate(); err != nil {
-		respData.DNS.Status = err.Error()
-	} else if reqData.DNS.Port != 0 {
-		err = aghnet.CheckPort("udp", reqData.DNS.IP, reqData.DNS.Port)
-
-		if aghnet.IsAddrInUse(err) {
-			canAutofix := checkDNSStubListener()
-			if canAutofix && reqData.DNS.Autofix {
-
-				err = disableDNSStubListener()
-				if err != nil {
-					log.Error("Couldn't disable DNSStubListener: %s", err)
-				}
-
-				err = aghnet.CheckPort("udp", reqData.DNS.IP, reqData.DNS.Port)
-				canAutofix = false
-			}
-
-			respData.DNS.CanAutofix = canAutofix
-		}
-
-		if err == nil {
-			err = aghnet.CheckPort("tcp", reqData.DNS.IP, reqData.DNS.Port)
-		}
-
-		if err != nil {
-			respData.DNS.Status = err.Error()
-		} else if !reqData.DNS.IP.IsUnspecified() {
-			respData.StaticIP = handleStaticIP(reqData.DNS.IP, reqData.SetStaticIP)
-		}
+	if resp.DNS.CanAutofix, err = req.validateDNS(uc); err != nil {
+		resp.DNS.Status = err.Error()
+	} else if !req.DNS.IP.IsUnspecified() {
+		resp.StaticIP = handleStaticIP(req.DNS.IP, req.SetStaticIP)
 	}

 	w.Header().Set("Content-Type", "application/json")
-	err = json.NewEncoder(w).Encode(respData)
+	err = json.NewEncoder(w).Encode(resp)
 	if err != nil {
-		aghhttp.Error(r, w, http.StatusInternalServerError, "Unable to marshal JSON: %s", err)
+		aghhttp.Error(r, w, http.StatusInternalServerError, "encoding the response: %s", err)

 		return
 	}
@@ -270,10 +321,11 @@ type applyConfigReqEnt struct {
 }

 type applyConfigReq struct {
-	Web      applyConfigReqEnt `json:"web"`
-	DNS      applyConfigReqEnt `json:"dns"`
-	Username string            `json:"username"`
-	Password string            `json:"password"`
+	Username string `json:"username"`
+	Password string `json:"password"`
+
+	Web applyConfigReqEnt `json:"web"`
+	DNS applyConfigReqEnt `json:"dns"`
 }

 // copyInstallSettings copies the installation parameters between two
@@ -298,7 +350,12 @@ func shutdownSrv(ctx context.Context, srv *http.Server) {

 	err := srv.Shutdown(ctx)
 	if err != nil {
-		log.Error("error while shutting down http server %q: %s", srv.Addr, err)
+		const msgFmt = "shutting down http server %q: %s"
+		if errors.Is(err, context.Canceled) {
+			log.Debug(msgFmt, srv.Addr, err)
+		} else {
+			log.Error(msgFmt, srv.Addr, err)
+		}
 	}
 }

@@ -432,8 +489,8 @@ func (web *Web) registerInstallHandlers() {
 // TODO(e.burkov): This should removed with the API v1 when the appropriate
 // functionality will appear in default checkConfigReqEnt.
 type checkConfigReqEntBeta struct {
-	Port    int      `json:"port"`
 	IP      []net.IP `json:"ip"`
+	Port    int      `json:"port"`
 	Autofix bool     `json:"autofix"`
 }

@@ -468,15 +525,15 @@ func (web *Web) handleInstallCheckConfigBeta(w http.ResponseWriter, r *http.Requ
 		return
 	}

-	nonBetaReqData := checkConfigReq{
-		Web: checkConfigReqEnt{
-			Port:    reqData.Web.Port,
+	nonBetaReqData := checkConfReq{
+		Web: checkConfReqEnt{
 			IP:      reqData.Web.IP[0],
+			Port:    reqData.Web.Port,
 			Autofix: reqData.Web.Autofix,
 		},
-		DNS: checkConfigReqEnt{
-			Port:    reqData.DNS.Port,
+		DNS: checkConfReqEnt{
 			IP:      reqData.DNS.IP[0],
+			Port:    reqData.DNS.Port,
 			Autofix: reqData.DNS.Autofix,
 		},
 		SetStaticIP: reqData.SetStaticIP,
@@ -519,10 +576,11 @@ type applyConfigReqEntBeta struct {
 // TODO(e.burkov): This should removed with the API v1 when the appropriate
 // functionality will appear in default applyConfigReq.
 type applyConfigReqBeta struct {
-	Web      applyConfigReqEntBeta `json:"web"`
-	DNS      applyConfigReqEntBeta `json:"dns"`
-	Username string                `json:"username"`
-	Password string                `json:"password"`
+	Username string `json:"username"`
+	Password string `json:"password"`
+
+	Web applyConfigReqEntBeta `json:"web"`
+	DNS applyConfigReqEntBeta `json:"dns"`
 }

 // handleInstallConfigureBeta is a substitution of /install/configure handler
@@ -585,9 +643,9 @@ func (web *Web) handleInstallConfigureBeta(w http.ResponseWriter, r *http.Reques
 // TODO(e.burkov): This should removed with the API v1 when the appropriate
 // functionality will appear in default firstRunData.
 type getAddrsResponseBeta struct {
+	Interfaces []*aghnet.NetInterface `json:"interfaces"`
 	WebPort    int                    `json:"web_port"`
 	DNSPort    int                    `json:"dns_port"`
-	Interfaces []*aghnet.NetInterface `json:"interfaces"`
 }

 // handleInstallConfigureBeta is a substitution of /install/get_addresses
@@ -596,9 +654,10 @@ type getAddrsResponseBeta struct {
 // TODO(e.burkov): This should removed with the API v1 when the appropriate
 // functionality will appear in default handleInstallGetAddresses.
 func (web *Web) handleInstallGetAddressesBeta(w http.ResponseWriter, r *http.Request) {
-	data := getAddrsResponseBeta{}
-	data.WebPort = defaultPortHTTP
-	data.DNSPort = defaultPortDNS
+	data := getAddrsResponseBeta{
+		WebPort: defaultPortHTTP,
+		DNSPort: defaultPortDNS,
+	}

 	ifaces, err := aghnet.GetValidNetInterfacesForWeb()
 	if err != nil {
--- a/internal/home/dns.go
+++ b/internal/home/dns.go
@@ -54,7 +54,7 @@ func initDNSServer() (err error) {
 	}
 	Context.stats, err = stats.New(statsConf)
 	if err != nil {
-		return fmt.Errorf("couldn't initialize statistics module")
+		return fmt.Errorf("init stats: %w", err)
 	}

 	conf := querylog.Config{
--- a/internal/home/home.go
+++ b/internal/home/home.go
@@ -19,6 +19,7 @@ import (
 	"syscall"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
@@ -295,22 +296,24 @@ func setupConfig(args options) (err error) {
 	Context.clients.Init(config.Clients, Context.dhcpServer, Context.etcHosts)

 	if args.bindPort != 0 {
-		pm := portsMap{}
-		pm.add(
+		uc := aghalg.UniqChecker{}
+		addPorts(
+			uc,
 			args.bindPort,
 			config.BetaBindPort,
 			config.DNS.Port,
 		)
 		if config.TLS.Enabled {
-			pm.add(
+			addPorts(
+				uc,
 				config.TLS.PortHTTPS,
 				config.TLS.PortDNSOverTLS,
 				config.TLS.PortDNSOverQUIC,
 				config.TLS.PortDNSCrypt,
 			)
 		}
-		if err = pm.validate(); err != nil {
-			return err
+		if err = uc.Validate(aghalg.IntIsBefore); err != nil {
+			return fmt.Errorf("validating ports: %w", err)
 		}

 		config.BindPort = args.bindPort
@@ -374,7 +377,7 @@ func fatalOnError(err error) {
 	}
 }

-// run performs configurating and starts AdGuard Home.
+// run configures and starts AdGuard Home.
 func run(args options, clientBuildFS fs.FS) {
 	var err error

@@ -390,9 +393,9 @@ func run(args options, clientBuildFS fs.FS) {
 	// Go memory hacks
 	memoryUsage(args)

-	// print the first message after logger is configured
+	// Print the first message after logger is configured.
 	log.Println(version.Full())
-	log.Debug("Current working directory is %s", Context.workDir)
+	log.Debug("current working directory is %s", Context.workDir)
 	if args.runningAsService {
 		log.Info("AdGuard Home is running as a service")
 	}
@@ -628,13 +631,13 @@ func configureLogger(args options) {
 		log.SetLevel(log.DEBUG)
 	}

-	// Make sure that we see the microseconds in logs, as networking stuff
-	// can happen pretty quickly.
+	// Make sure that we see the microseconds in logs, as networking stuff can
+	// happen pretty quickly.
 	log.SetFlags(log.LstdFlags | log.Lmicroseconds)

 	if args.runningAsService && ls.LogFile == "" && runtime.GOOS == "windows" {
-		// When running as a Windows service, use eventlog by default if nothing else is configured
-		// Otherwise, we'll simply loose the log output
+		// When running as a Windows service, use eventlog by default if nothing
+		// else is configured.  Otherwise, we'll simply lose the log output.
 		ls.LogFile = configSyslog
 	}

--- a/internal/home/portsmap.go
+++ b/internal/home/portsmap.go
@@ -1,63 +0,0 @@
-package home
-
-import (
-	"fmt"
-	"strconv"
-	"strings"
-
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/stringutil"
-)
-
-// portsMap is a helper type for mapping a network port to the number of its
-// users.
-type portsMap map[int]int
-
-// add binds each of ps.  Zeroes are skipped.
-func (pm portsMap) add(ps ...int) {
-	for _, p := range ps {
-		if p == 0 {
-			continue
-		}
-
-		pm[p]++
-	}
-}
-
-// validate returns an error about all the ports bound several times.
-func (pm portsMap) validate() (err error) {
-	overbound := []int{}
-	for p, num := range pm {
-		if num > 1 {
-			overbound = append(overbound, p)
-			pm[p] = 1
-		}
-	}
-
-	switch len(overbound) {
-	case 0:
-		return nil
-	case 1:
-		return fmt.Errorf("port %d is already used", overbound[0])
-	default:
-		b := &strings.Builder{}
-
-		// TODO(e.burkov, a.garipov):  Add JoinToBuilder helper to stringutil.
-		stringutil.WriteToBuilder(b, "ports ", strconv.Itoa(overbound[0]))
-		for _, p := range overbound[1:] {
-			stringutil.WriteToBuilder(b, ", ", strconv.Itoa(p))
-		}
-		stringutil.WriteToBuilder(b, " are already used")
-
-		return errors.Error(b.String())
-	}
-}
-
-// validatePorts is a helper function for a single-step ports binding
-// validation.
-func validatePorts(ps ...int) (err error) {
-	pm := portsMap{}
-	pm.add(ps...)
-
-	return pm.validate()
-}
--- a/internal/home/service.go
+++ b/internal/home/service.go
@@ -82,6 +82,12 @@ func svcStatus(s service.Service) (status service.Status, err error) {
 // On OpenWrt, the service utility may not exist.  We use our service script
 // directly in this case.
 func svcAction(s service.Service, action string) (err error) {
+	if runtime.GOOS == "darwin" &&
+		action == "start" &&
+		!strings.HasPrefix(Context.workDir, "/Applications/") {
+		log.Info("warning: service must be started from within the /Applications directory")
+	}
+
 	err = service.Control(s, action)
 	if err != nil && service.Platform() == "unix-systemv" &&
 		(action == "start" || action == "stop" || action == "restart") {
@@ -102,9 +108,9 @@ func sendSigReload() {
 		return
 	}

-	pidfile := fmt.Sprintf("/var/run/%s.pid", serviceName)
+	pidFile := fmt.Sprintf("/var/run/%s.pid", serviceName)
 	var pid int
-	data, err := os.ReadFile(pidfile)
+	data, err := os.ReadFile(pidFile)
 	if errors.Is(err, os.ErrNotExist) {
 		if pid, err = aghos.PIDByCommand(serviceName, os.Getpid()); err != nil {
 			log.Error("service: finding AdGuardHome process: %s", err)
@@ -112,19 +118,19 @@ func sendSigReload() {
 			return
 		}
 	} else if err != nil {
-		log.Error("service: reading pid file %s: %s", pidfile, err)
+		log.Error("service: reading pid file %s: %s", pidFile, err)

 		return
 	} else {
 		parts := strings.SplitN(string(data), "\n", 2)
 		if len(parts) == 0 {
-			log.Error("service: parsing pid file %s: bad value", pidfile)
+			log.Error("service: parsing pid file %s: bad value", pidFile)

 			return
 		}

 		if pid, err = strconv.Atoi(strings.TrimSpace(parts[0])); err != nil {
-			log.Error("service: parsing pid from file %s: %s", pidfile, err)
+			log.Error("service: parsing pid from file %s: %s", pidFile, err)

 			return
 		}
@@ -157,7 +163,7 @@ func sendSigReload() {
 // it is specified when we register a service, and it indicates to the app
 // that it is being run as a service/daemon.
 func handleServiceControlAction(opts options, clientBuildFS fs.FS) {
-	// Call chooseSystem expicitly to introduce OpenBSD support for service
+	// Call chooseSystem explicitly to introduce OpenBSD support for service
 	// package.  It's a noop for other GOOS values.
 	chooseSystem()

@@ -243,7 +249,7 @@ func handleServiceInstallCommand(s service.Service) {

 	if aghos.IsOpenWrt() {
 		// On OpenWrt it is important to run enable after the service
-		// installation Otherwise, the service won't start on the system
+		// installation.  Otherwise, the service won't start on the system
 		// startup.
 		_, err = runInitdCommand("enable")
 		if err != nil {
@@ -279,6 +285,10 @@ func handleServiceUninstallCommand(s service.Service) {
 		}
 	}

+	if err := svcAction(s, "stop"); err != nil {
+		log.Debug("service: executing action %q: %s", "stop", err)
+	}
+
 	if err := svcAction(s, "uninstall"); err != nil {
 		log.Fatalf("service: executing action %q: %s", "uninstall", err)
 	}
@@ -341,7 +351,9 @@ func configureService(c *service.Config) {
 // returns command code or error if any
 func runInitdCommand(action string) (int, error) {
 	confPath := "/etc/init.d/" + serviceName
+	// Pass the script and action as a single string argument.
 	code, _, err := aghos.RunCommand("sh", "-c", confPath+" "+action)
+
 	return code, err
 }

@@ -579,9 +591,10 @@ const freeBSDScript = `#!/bin/sh
 name="{{.Name}}"
 {{.Name}}_env="IS_DAEMON=1"
 {{.Name}}_user="root"
-pidfile="/var/run/${name}.pid"
+pidfile_child="/var/run/${name}.pid"
+pidfile="/var/run/${name}_daemon.pid"
 command="/usr/sbin/daemon"
-command_args="-p ${pidfile} -f -r {{.WorkingDirectory}}/{{.Name}}"
+command_args="-P ${pidfile} -p ${pidfile_child} -f -r {{.WorkingDirectory}}/{{.Name}}"
 run_rc_command "$1"
 `

--- a/internal/home/service_openbsd.go
+++ b/internal/home/service_openbsd.go
@@ -28,8 +28,7 @@ import (
 //
 // TODO(e.burkov):  Perhaps, file a PR to github.com/kardianos/service.

-// sysVersion is the version of local service.System interface
-// implementation.
+// sysVersion is the version of local service.System interface implementation.
 const sysVersion = "openbsd-runcom"

 func chooseSystem() {
@@ -174,7 +173,7 @@ func (s *openbsdRunComService) template() (t *template.Template) {
 	)))
 }

-// execPath returns the absolute path to the excutable to be run as a service.
+// execPath returns the absolute path to the executable to be run as a service.
 func (s *openbsdRunComService) execPath() (path string, err error) {
 	if c := s.cfg; c != nil && len(c.Executable) != 0 {
 		return filepath.Abs(c.Executable)
--- a/internal/home/tls.go
+++ b/internal/home/tls.go
@@ -20,6 +20,7 @@ import (
 	"sync"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/golibs/errors"
@@ -250,7 +251,9 @@ func (t *TLSMod) handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 	}

 	if setts.Enabled {
-		if err = validatePorts(
+		uc := aghalg.UniqChecker{}
+		addPorts(
+			uc,
 			config.BindPort,
 			config.BetaBindPort,
 			config.DNS.Port,
@@ -258,8 +261,11 @@ func (t *TLSMod) handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 			setts.PortDNSOverTLS,
 			setts.PortDNSOverQUIC,
 			setts.PortDNSCrypt,
-		); err != nil {
-			aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
+		)
+
+		err = uc.Validate(aghalg.IntIsBefore)
+		if err != nil {
+			aghhttp.Error(r, w, http.StatusBadRequest, "validating ports: %s", err)

 			return
 		}
@@ -338,7 +344,9 @@ func (t *TLSMod) handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 	}

 	if data.Enabled {
-		if err = validatePorts(
+		uc := aghalg.UniqChecker{}
+		addPorts(
+			uc,
 			config.BindPort,
 			config.BetaBindPort,
 			config.DNS.Port,
@@ -346,7 +354,10 @@ func (t *TLSMod) handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 			data.PortDNSOverTLS,
 			data.PortDNSOverQUIC,
 			data.PortDNSCrypt,
-		); err != nil {
+		)
+
+		err = uc.Validate(aghalg.IntIsBefore)
+		if err != nil {
 			aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)

 			return
--- a/internal/home/web.go
+++ b/internal/home/web.go
@@ -10,6 +10,7 @@ import (
 	"time"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
+	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/NYTimes/gziphandler"
@@ -175,35 +176,48 @@ func (web *Web) Start() {
 			WriteTimeout:      web.conf.WriteTimeout,
 		}
 		go func() {
+			defer log.OnPanic("web: plain")
+
 			errs <- web.httpServer.ListenAndServe()
 		}()

-		if web.conf.BetaBindPort != 0 {
-			web.httpServerBeta = &http.Server{
-				ErrorLog:          log.StdLog("web: plain", log.DEBUG),
-				Addr:              netutil.JoinHostPort(hostStr, web.conf.BetaBindPort),
-				Handler:           withMiddlewares(Context.mux, limitRequestBody, web.wrapIndexBeta),
-				ReadTimeout:       web.conf.ReadTimeout,
-				ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
-				WriteTimeout:      web.conf.WriteTimeout,
-			}
-			go func() {
-				betaErr := web.httpServerBeta.ListenAndServe()
-				if betaErr != nil {
-					log.Error("starting beta http server: %s", betaErr)
-				}
-			}()
-		}
+		web.startBetaServer(hostStr)

 		err := <-errs
-		if err != http.ErrServerClosed {
+		if !errors.Is(err, http.ErrServerClosed) {
 			cleanupAlways()
 			log.Fatal(err)
 		}
-		// We use ErrServerClosed as a sign that we need to rebind on new address, so go back to the start of the loop
+
+		// We use ErrServerClosed as a sign that we need to rebind on a new
+		// address, so go back to the start of the loop.
 	}
 }

+// startBetaServer starts the beta HTTP server if necessary.
+func (web *Web) startBetaServer(hostStr string) {
+	if web.conf.BetaBindPort == 0 {
+		return
+	}
+
+	web.httpServerBeta = &http.Server{
+		ErrorLog:          log.StdLog("web: plain: beta", log.DEBUG),
+		Addr:              netutil.JoinHostPort(hostStr, web.conf.BetaBindPort),
+		Handler:           withMiddlewares(Context.mux, limitRequestBody, web.wrapIndexBeta),
+		ReadTimeout:       web.conf.ReadTimeout,
+		ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
+		WriteTimeout:      web.conf.WriteTimeout,
+	}
+	go func() {
+		defer log.OnPanic("web: plain: beta")
+
+		betaErr := web.httpServerBeta.ListenAndServe()
+		if betaErr != nil && !errors.Is(betaErr, http.ErrServerClosed) {
+			log.Error("starting beta http server: %s", betaErr)
+		}
+	}()
+}
+
 // Close gracefully shuts down the HTTP servers.
 func (web *Web) Close(ctx context.Context) {
 	log.Info("stopping http server...")
--- a/internal/querylog/querylog.go
+++ b/internal/querylog/querylog.go
@@ -69,7 +69,7 @@ type Config struct {
 	// addresses.
 	AnonymizeClientIP bool

-	// Anonymizer proccesses the IP addresses to anonymize those if needed.
+	// Anonymizer processes the IP addresses to anonymize those if needed.
 	Anonymizer *aghnet.IPMut
 }

--- a/internal/querylog/searchcriterion.go
+++ b/internal/querylog/searchcriterion.go
@@ -85,7 +85,7 @@ func ctDomainOrClientCaseNonStrict(

 // quickMatch quickly checks if the line matches the given search criterion.
 // It returns false if the like doesn't match.  This method is only here for
-// optimisation purposes.
+// optimization purposes.
 func (c *searchCriterion) quickMatch(line string, findClient quickMatchClientFunc) (ok bool) {
 	switch c.criterionType {
 	case ctTerm:
--- a/internal/querylog/searchparams.go
+++ b/internal/querylog/searchparams.go
@@ -32,7 +32,7 @@ type quickMatchClientFunc = func(clientID, ip string) (c *Client)

 // quickMatch quickly checks if the line matches the given search parameters.
 // It returns false if the line doesn't match.  This method is only here for
-// optimisation purposes.
+// optimization purposes.
 func (s *searchParams) quickMatch(line string, findClient quickMatchClientFunc) (ok bool) {
 	for _, c := range s.searchCriteria {
 		if !c.quickMatch(line, findClient) {
--- a/internal/stats/unit.go
+++ b/internal/stats/unit.go
@@ -67,7 +67,29 @@ type unitDB struct {
 	TimeAvg uint32 // usec
 }

+// withRecovered turns the value recovered from panic if any into an error and
+// combines it with the one pointed by orig.  orig must be non-nil.
+func withRecovered(orig *error) {
+	p := recover()
+	if p == nil {
+		return
+	}
+
+	var err error
+	switch p := p.(type) {
+	case error:
+		err = fmt.Errorf("panic: %w", p)
+	default:
+		err = fmt.Errorf("panic: recovered value of type %[1]T: %[1]v", p)
+	}
+
+	*orig = errors.WithDeferred(*orig, err)
+}
+
+// createObject creates s from conf and properly initializes it.
 func createObject(conf Config) (s *statsCtx, err error) {
+	defer withRecovered(&err)
+
 	s = &statsCtx{
 		mu: &sync.Mutex{},
 	}
--- a/internal/tools/go.mod
+++ b/internal/tools/go.mod
@@ -1,21 +1,32 @@
 module github.com/AdguardTeam/AdGuardHome/internal/tools

-go 1.16
+go 1.17

 require (
-	github.com/fzipp/gocyclo v0.3.1
+	github.com/fzipp/gocyclo v0.4.0
 	github.com/golangci/misspell v0.3.5
-	github.com/google/go-cmp v0.5.5 // indirect
-	github.com/gookit/color v1.4.2 // indirect
-	github.com/gordonklaus/ineffassign v0.0.0-20210225214923-2e10b2664254
+	github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8
 	github.com/kisielk/errcheck v1.6.0
 	github.com/kyoh86/looppointer v0.1.7
-	github.com/kyoh86/nolint v0.0.1 // indirect
-	github.com/securego/gosec/v2 v2.7.0
+	github.com/securego/gosec/v2 v2.9.5
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
-	golang.org/x/sys v0.0.0-20210514084401-e8d321eab015 // indirect
-	golang.org/x/tools v0.1.1
-	honnef.co/go/tools v0.1.4
-	mvdan.cc/gofumpt v0.1.1
-	mvdan.cc/unparam v0.0.0-20210104141923-aac4ce9116a7
+	golang.org/x/tools v0.1.8
+	honnef.co/go/tools v0.2.2
+	mvdan.cc/gofumpt v0.2.1
+	mvdan.cc/unparam v0.0.0-20211214103731-d0ef000c54e5
+)
+
+require (
+	github.com/BurntSushi/toml v0.4.1 // indirect
+	github.com/client9/misspell v0.3.4 // indirect
+	github.com/google/go-cmp v0.5.6 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/gookit/color v1.5.0 // indirect
+	github.com/kyoh86/nolint v0.0.1 // indirect
+	github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect
+	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
+	golang.org/x/mod v0.5.1 // indirect
+	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
--- a/internal/tools/go.sum
+++ b/internal/tools/go.sum
@@ -33,8 +33,9 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 contrib.go.opencensus.io/exporter/stackdriver v0.13.4/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw=
+github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
@@ -76,6 +77,7 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -90,12 +92,14 @@ github.com/envoyproxy/protoc-gen-validate v0.0.14/go.mod h1:iSmxcyjqTsJpI2R4NaDN
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
+github.com/frankban/quicktest v1.14.0 h1:+cqqvzZV87b4adx/5ayVOaYZ2CrvM4ejQvUdBzPPUss=
+github.com/frankban/quicktest v1.14.0/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09mUdL/ijj8og=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fullstorydev/grpcurl v1.6.0/go.mod h1:ZQ+ayqbKMJNhzLmbpCiurTVlaK2M/3nqZCxaQ2Ze/sM=
-github.com/fzipp/gocyclo v0.3.1 h1:A9UeX3HJSXTBzvHzhqoYVuE0eAhe+aM8XBCCwsPMZOc=
-github.com/fzipp/gocyclo v0.3.1/go.mod h1:DJHO6AUmbdqj2ET4Z9iArSuwWgYDRryYt2wASxc7x3E=
+github.com/fzipp/gocyclo v0.4.0 h1:IykTnjwh2YLyYkGa0y92iTTEQcnyAz0r9zOo15EbJ7k=
+github.com/fzipp/gocyclo v0.4.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -107,6 +111,7 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V
 github.com/go-redis/redis v6.15.8+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
@@ -137,6 +142,8 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golangci/misspell v0.3.5 h1:pLzmVdl3VxTOncgzHcvLOKirdvcx/TydsClUQXTehjo=
 github.com/golangci/misspell v0.3.5/go.mod h1:dEbvlSfYbMQDtrpRMQU675gSDLDNa8sCPPChZ7PhiVA=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -149,9 +156,9 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
@@ -166,14 +173,15 @@ github.com/google/trillian v1.3.11/go.mod h1:0tPraVHrSDkA3BO6vKX67zgLXs6SsOAbHEi
 github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/gookit/color v1.3.8/go.mod h1:R3ogXq2B9rTbXoSHJ1HyUVAZ3poOJHpd9nQmyGZsfvQ=
-github.com/gookit/color v1.4.2 h1:tXy44JFSFkKnELV6WaMo/lLfu/meqITX3iAV52do7lk=
-github.com/gookit/color v1.4.2/go.mod h1:fqRyamkC1W8uxl+lxCQxOT09l/vYfZ+QeiX3rKQHCoQ=
+github.com/gookit/color v1.5.0 h1:1Opow3+BWDwqor78DcJkJCIwnkviFi+rrOANki9BUFw=
+github.com/gookit/color v1.5.0/go.mod h1:43aQb+Zerm/BWh2GnrgOQm7ffz7tvQXEKV6BFMl7wAo=
 github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU=
-github.com/gordonklaus/ineffassign v0.0.0-20210225214923-2e10b2664254 h1:Nb2aRlC404yz7gQIfRZxX9/MLvQiqXyiBTJtgAy6yrI=
-github.com/gordonklaus/ineffassign v0.0.0-20210225214923-2e10b2664254/go.mod h1:M9mZEtGIsR1oDaZagNPNG9iq9n2HrhZ17dsXk73V3Lw=
+github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8 h1:PVRE9d4AQKmbelZ7emNig1+NT27DUmKZn5qXxfio54U=
+github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8/go.mod h1:Qcp2HIAYhR7mNUVSIxZww3Guk4it82ghYcEXIAk+QT0=
 github.com/gorhill/cronexpr v0.0.0-20180427100037-88b0669f7d75/go.mod h1:g2644b03hfBX9Ov0ZBDgXXens4rxSxmqFBbhvKv2yVA=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
@@ -217,11 +225,13 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/kyoh86/looppointer v0.1.7 h1:q5sZOhFvmvQ6ZoZxvPB/Mjj2croWX7L49BBuI4XQWCM=
 github.com/kyoh86/looppointer v0.1.7/go.mod h1:l0cRF49N6xDPx8IuBGC/imZo8Yn1BBLJY0vzI+4fepc=
@@ -231,6 +241,7 @@ github.com/kyoh86/nolint v0.0.1/go.mod h1:1ZiZZ7qqrZ9dZegU96phwVcdQOMKIqRzFJL3ew
 github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag=
 github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.9.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
@@ -257,7 +268,7 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
 github.com/mozilla/scribe v0.0.0-20180711195314-fb71baf557c1/go.mod h1:FIczTrinKo8VaLxe6PWTPEXRXDIHz2QAwiaBaP5/4a8=
-github.com/mozilla/tls-observatory v0.0.0-20210209181001-cf43108d6880/go.mod h1:FUqVoUPHSEdDR0MnFM3Dh8AU0pZHLXUD127SAJGER/s=
+github.com/mozilla/tls-observatory v0.0.0-20210609171429-7bc42856d2e5/go.mod h1:FUqVoUPHSEdDR0MnFM3Dh8AU0pZHLXUD127SAJGER/s=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo=
 github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc=
@@ -273,15 +284,18 @@ github.com/olekukonko/tablewriter v0.0.2/go.mod h1:rSAaSIOAGT9odnlyGlUfAJaoc5w2f
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.15.0 h1:1V1NfVQR87RtWAgp1lv9JZJ5Jap+XFGKPi00andXGi4=
-github.com/onsi/ginkgo v1.15.0/go.mod h1:hF8qUzuuC8DJGygJH3726JnCZX4MYbRB8yFfISqnKUg=
+github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.10.5 h1:7n6FEkpFmfCoo2t+YYqXH0evK+a9ICQz0xcAy9dYcaQ=
-github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48=
+github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE=
+github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -305,13 +319,14 @@ github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.2 h1:aIihoIOHCiLZHxyoNQ+ABL4NKhFTgKLBdMLyEAh98m0=
-github.com/rogpeppe/go-internal v1.6.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
+github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
 github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/securego/gosec/v2 v2.7.0 h1:mOhJv5w6UyNLpSssQOQCc7eGkKLuicAxvf66Ey/X4xk=
-github.com/securego/gosec/v2 v2.7.0/go.mod h1:xNbGArrGUspJLuz3LS5XCY1EBW/0vABAl/LWfSklmiM=
+github.com/securego/gosec/v2 v2.9.5 h1:Wiyf78NNedu8RClwW0vPRgPKCY7LJX4WujjJcPV2Nwg=
+github.com/securego/gosec/v2 v2.9.5/go.mod h1:lG831xFHrZofatyJb9Y5yMUE8Ws6z5U5CMHe9vYn1kM=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
@@ -334,8 +349,10 @@ github.com/stretchr/testify v1.1.4/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
@@ -356,6 +373,7 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.4/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/etcd v0.0.0-20200513171258-e048e166ab9c/go.mod h1:xCI7ZzBfRuGgBXyXO6yfWfDmlWd35khcWpUa4L0xI/k=
@@ -383,7 +401,7 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20211209193657-4570a0811e8b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -417,10 +435,9 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB
 golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
+golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -456,10 +473,11 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -522,11 +540,14 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210228012217-479acdf4ea46/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210514084401-e8d321eab015 h1:hZR0X1kPW+nwyJ9xRxqZk1vx5RUObAPBdKVvXPDUH/E=
-golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211213223007-03aa0b5f6827/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -534,8 +555,9 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -591,11 +613,10 @@ golang.org/x/tools v0.0.0-20200706234117-b22de6825cf7/go.mod h1:njjCfa9FT2d7l9Bc
 golang.org/x/tools v0.0.0-20200710042808-f1c4188a97a1/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20201007032633-0806396f153e/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210101214203-2dba1e4ea05c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210104081019-d8d6ddbec6ee/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.1 h1:wGiQel/hW0NnEkJUk8lbzkX2gFJU6PFxf1v5OlCfuOs=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w=
+golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -679,6 +700,8 @@ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -714,12 +737,12 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.1.4 h1:SadWOkti5uVN1FAMgxn165+Mw00fuQKyk4Gyn/inxNQ=
-honnef.co/go/tools v0.1.4/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las=
-mvdan.cc/gofumpt v0.1.1 h1:bi/1aS/5W00E2ny5q65w9SnKpWEF/UIOqDYBILpo9rA=
-mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48=
-mvdan.cc/unparam v0.0.0-20210104141923-aac4ce9116a7 h1:HT3e4Krq+IE44tiN36RvVEb6tvqeIdtsVSsxmNPqlFU=
-mvdan.cc/unparam v0.0.0-20210104141923-aac4ce9116a7/go.mod h1:hBpJkZE8H/sb+VRFvw2+rBpHNsTBcvSpk61hr8mzXZE=
+honnef.co/go/tools v0.2.2 h1:MNh1AVMyVX23VUHE2O27jm6lNj3vjO5DexS4A1xvnzk=
+honnef.co/go/tools v0.2.2/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
+mvdan.cc/gofumpt v0.2.1 h1:7jakRGkQcLAJdT+C8Bwc9d0BANkVPSkHZkzNv07pJAs=
+mvdan.cc/gofumpt v0.2.1/go.mod h1:a/rvZPhsNaedOJBzqRD9omnwVwHZsBdJirXHa9Gh9Ig=
+mvdan.cc/unparam v0.0.0-20211214103731-d0ef000c54e5 h1:Jh3LAeMt1eGpxomyu3jVkmVZWW2MxZ1qIIV2TZ/nRio=
+mvdan.cc/unparam v0.0.0-20211214103731-d0ef000c54e5/go.mod h1:b8RRCBm0eeiWR8cfN88xeq2G5SG3VKGO+5UPWi5FSOY=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
--- a/internal/version/version.go
+++ b/internal/version/version.go
@@ -62,18 +62,10 @@ func Version() (v string) {
 	return version
 }

-// Common formatting constants.
-const (
-	sp   = " "
-	nl   = "\n"
-	tb   = "\t"
-	nltb = nl + tb
-)
-
 // Constants defining the format of module information string.
 const (
 	modInfoAtSep    = "@"
-	modInfoDevSep   = sp
+	modInfoDevSep   = " "
 	modInfoSumLeft  = " (sum: "
 	modInfoSumRight = ")"
 )
@@ -142,6 +134,7 @@ const (
 func Verbose() (v string) {
 	b := &strings.Builder{}

+	const nl = "\n"
 	stringutil.WriteToBuilder(
 		b,
 		vFmtAGHHdr,
@@ -178,7 +171,7 @@ func Verbose() (v string) {
 	stringutil.WriteToBuilder(b, nl, vFmtDepsHdr)
 	for _, dep := range info.Deps {
 		if depStr := fmtModule(dep); depStr != "" {
-			stringutil.WriteToBuilder(b, nltb, depStr)
+			stringutil.WriteToBuilder(b, "\n\t", depStr)
 		}
 	}

--- a/openapi/CHANGELOG.md
+++ b/openapi/CHANGELOG.md
@@ -2,9 +2,16 @@

 <!-- TODO(a.garipov): Reformat in accordance with the KeepAChangelog spec. -->

-## v0.107: API changes
+## v0.107.3: API changes

-## The new field `"cached"` in `QueryLogItem`
+### The new field `"version"` in `AddressesInfo`
+
+* The new field `"version"` in `GET /install/get_addresses` is the version of
+  the AdGuard Home instance.
+
+## v0.107.0: API changes
+
+### The new field `"cached"` in `QueryLogItem`

 * The new field `"cached"` in `GET /control/querylog` is true if the response is
  served from cache instead of being resolved by an upstream server.
--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@@ -123,7 +123,9 @@
                    '8.8.8.8': 'OK'
                    '8.8.4.4': 'OK'
                    '192.168.1.104:53535': >
-                      Couldn't communicate with DNS server
+                      upstream "192.168.1.104:1234" fails to exchange: couldn't
+                      communicate with upstream: read udp
+                      192.168.1.100:60675->8.8.8.8:1234: i/o timeout
  '/version.json':
    'post':
      'tags':
@@ -1262,7 +1264,7 @@
          'type': 'boolean'
        'version':
          'type': 'string'
-          'example': '0.1'
+          'example': 'v0.123.4'
        'language':
          'type': 'string'
          'example': 'en'
@@ -2219,19 +2221,23 @@
      'description': 'AdGuard Home addresses configuration'
      'required':
      - 'dns_port'
-      - 'web_port'
      - 'interfaces'
+      - 'version'
+      - 'web_port'
      'properties':
        'dns_port':
          'type': 'integer'
          'format': 'uint16'
          'example': 53
+        'interfaces':
+          '$ref': '#/components/schemas/NetInterfaces'
+        'version':
+          'type': 'string'
+          'example': 'v0.123.4'
        'web_port':
          'type': 'integer'
          'format': 'uint16'
          'example': 80
-        'interfaces':
-          '$ref': '#/components/schemas/NetInterfaces'
    'AddressesInfoBeta':
      'type': 'object'
      'description': 'AdGuard Home addresses configuration'
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Eugene Burkov	41e8db4221	Pull request: client: upd i18n Merge in DNS/adguard-home from upd-i18n to master Squashed commit of the following: commit e3dfb6cd66813d45591f74c9cdddab8b61143db3 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Jan 24 14:52:19 2022 +0300 client: upd i18n	2022-01-24 15:02:47 +03:00
Eugene Burkov	3f5605c42e	Pull request: 2846 cover aghnet vol.1 Merge in DNS/adguard-home from 2846-cover-aghnet-vol.1 to master Updates #2846. Squashed commit of the following: commit 368e75b0bacb290f9929b8a5a682b06f2d75df6a Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Jan 21 19:11:59 2022 +0300 aghnet: imp tests commit 8bb3e2a1680fd30294f7c82693891ffb19474c6a Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Jan 21 18:27:06 2022 +0300 aghnet: rm unused test commit 28d8e64880f845810d0af629e5d1f06b9bde5b28 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Jan 21 18:18:22 2022 +0300 aghnet: cover with tests	2022-01-21 19:21:38 +03:00
Ildar Kamalov	f7ff02f3b1	Pull request: 3971 fix client id error message Updates #3971 Squashed commit of the following: commit f6b855a16daaec7bfca1e1653b4b9c4180c2d80e Merge: 0cb31dbb `5ec4a4da` Author: Ildar Kamalov <ik@adguard.com> Date: Thu Jan 20 18:19:20 2022 +0300 Merge branch 'master' into 3971-client-id commit 0cb31dbbea785fb5ba11a8efe2b6653aece7cd97 Author: Natalia Sokolova <n.sokolova@adguard.com> Date: Thu Jan 20 11:41:06 2022 +0300 client/src/__locales/en.json edited online with Bitbucket commit 7999f260d83adcb2fc8d5d5e40cb1934e0333873 Author: Ildar Kamalov <ik@adguard.com> Date: Wed Jan 19 15:58:18 2022 +0300 client: fix client id error message	2022-01-20 18:24:21 +03:00
Eugene Burkov	5ec4a4dab8	Pull request: 4142 stats panic Merge in DNS/adguard-home from 4142-stats-panic to master Updates #4142. Squashed commit of the following: commit bf168f50ac86bdfdab73bf7285705f09f87b6c72 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Jan 20 17:13:41 2022 +0300 stats: imp more commit bb638211da7d0c51959ded2dacb72faea00befb4 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Jan 20 17:09:31 2022 +0300 stats: imp code quality commit 27ac52f15e4e0f4112ce7a6b47b03f963463393e Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Jan 20 17:00:09 2022 +0300 stats: recover panic on init commit 1ffcebbb9062438170b010e1c7bad3c6cef4cfc1 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Jan 20 14:19:01 2022 +0300 all: fix some typos	2022-01-20 17:19:09 +03:00
Ainar Garipov	13871977f9	Pull request: all: upd dnsproxy Updates #4128. Squashed commit of the following: commit c177750f3f4d3ae29133154eca4dfe4051de1310 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Jan 20 17:01:02 2022 +0300 all: upd dnsproxy	2022-01-20 17:05:59 +03:00
Ildar Kamalov	2fdda8a22c	Pull request: 4143 sort client ids Merge in DNS/adguard-home from 4143-clients-sort to master Updates #4143. Squashed commit of the following: commit a4b547eb46a54bdfdc7d342fab5f8ecfa54f5d06 Merge: d369c11c `d82b2902` Author: Ildar Kamalov <ik@adguard.com> Date: Thu Jan 20 11:58:42 2022 +0300 Merge branch 'master' into 4143-clients-sort commit d369c11c69665510043f63e0283e1ca1b2974289 Author: Ildar Kamalov <ik@adguard.com> Date: Wed Jan 19 16:53:39 2022 +0300 client: fix sort ip method commit d767a1199c37ad9df7f3bc2d362d840b0226d836 Author: Ildar Kamalov <ik@adguard.com> Date: Wed Jan 19 16:23:23 2022 +0300 client: sort client ids	2022-01-20 12:23:59 +03:00
Eugene Burkov	d82b290251	Pull request: 4095 fix duplicating port Merge in DNS/adguard-home from 4095-port-3000 to master Updates #4095. Squashed commit of the following: commit 968cc806264898523d29c4ec20b3ce6a69abb09c Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Jan 19 20:26:33 2022 +0300 home: fix typo commit 03c6798db6a4ca726a7b5a683e475a8a74f79fe1 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Jan 19 20:20:34 2022 +0300 all: more naming imps commit d3d417fcb24a1859f53a743b3533faa81b6bef19 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Jan 19 20:10:14 2022 +0300 aghalgo: rename into aghalg commit 6e106006d07a747ff4ddf1271532106c3a3e2b20 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Jan 19 20:05:43 2022 +0300 all: imp names, docs commit 12c8d9fde0d0cc5b953da30b042171ba7c53da5d Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Jan 19 19:57:21 2022 +0300 all: fix log of changes commit 49c7a705b9b1ad8f2ef68fa807f9b6b8c447b421 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Jan 19 19:51:00 2022 +0300 home: fix duplicating port 3000	2022-01-19 20:45:50 +03:00
Ainar Garipov	eb15304ff4	scripts: imp sh lint	2022-01-19 15:06:23 +03:00
Eugene Burkov	1a3bf5ebda	Pull request: 4133 empty rewrite Merge in DNS/adguard-home from 4133-empty-rewrite to master Closes #4133. Squashed commit of the following: commit 4d2313c211c3955922d340c006b323c65e5e5ba4 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jan 18 21:36:21 2022 +0300 all: log changes commit 5b8e392a2225c215fc117223d3f6553f8bdf21cd Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jan 18 21:32:57 2022 +0300 all: upd urlfilter	2022-01-19 14:19:12 +03:00
Ainar Garipov	813a06d09a	Pull request: home: show version in install api Closes #4026. Squashed commit of the following: commit bcd1315a10e819daee3aee323427d90a27860b4a Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 18 14:57:49 2022 +0300 openapi: fix example commit b56e27c5ac1fc7c3f595057d77607479d72ec50a Author: Ildar Kamalov <ik@adguard.com> Date: Tue Jan 18 14:55:51 2022 +0300 client: show version on install page commit 95dfbfaa1235deef7b55e51457d11c677f6ef6b5 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 18 14:29:08 2022 +0300 home: show version in install api	2022-01-18 15:05:34 +03:00
Eugene Burkov	061136508e	Pull request: 4120 service domain validation Merge in DNS/adguard-home from 4120-fix-services to master Closes #4120. Squashed commit of the following: commit ca2e5faf64f567cc6647a300181712236158e69d Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jan 18 14:14:54 2022 +0300 dnsforward: imp docs commit 9ed5f536e691dcdee5b7c94e161c738d31ff8588 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jan 18 13:50:33 2022 +0300 dnsforward: fix reverse domain validation	2022-01-18 14:20:25 +03:00
Ainar Garipov	008f58c863	Pull request: all: upd dnsproxy Updates #4065. Squashed commit of the following: commit d65d2e3a783910b9cb95c5bcfbcf1af11da666d5 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jan 17 18:47:17 2022 +0300 all: upd dnsproxy	2022-01-17 18:54:00 +03:00
Eugene Burkov	0e4ffd339f	Pull request: 4074 fix upstream test Merge in DNS/adguard-home from 4074-upstream-test to master Updates #4074. Squashed commit of the following: commit 0de155b1e175a892b259791ff6d6e6f351bcfcf2 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Jan 12 19:20:01 2022 +0500 dnsforward: fix upstream test	2022-01-13 15:05:44 +03:00
Eugene Burkov	1458600c37	Pull request: 4079 fix hosts container aliases Merge in DNS/adguard-home from 4079-hosts-again to master Updates #4079. Squashed commit of the following: commit 6aa8cbf32e8e47ba46bf5fba7681a10b68b4bc01 Merge: 19dba371 `34c95f99` Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Jan 12 14:05:30 2022 +0500 Merge branch 'master' into 4079-hosts-again commit 19dba371cc30ab8b75b0116833f4ecf0ef0f182f Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Jan 12 14:05:20 2022 +0500 aghnet: imp docs commit 9f341eb8ee4ba8468240bc3eeeb4951a3f7f5e6d Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Jan 10 18:44:17 2022 +0500 aghnet: fix races commit fd66191c7637c8584711e5bb8186494327ce0f87 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Jan 6 17:21:14 2022 +0500 aghnet: fix hosts container aliases	2022-01-12 12:14:59 +03:00
Eugene Burkov	34c95f99f8	Pull request: 4046 darwin service message Merge in DNS/adguard-home from 4046-log-dir to master Closes #4046. Squashed commit of the following: commit 05140550b14f477f52487c575f56428ce9e6fa10 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Jan 5 17:54:11 2022 +0500 all: add macOS service msg	2022-01-11 21:33:14 +03:00
Ainar Garipov	e9c59b098e	Pull request: all: upd chlog Merge in DNS/adguard-home from upd-chlog to master Squashed commit of the following: commit 737525aa065bff7b1ec99876447bbc2f961a4c4d Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Dec 29 23:23:52 2021 +0300 all: upd chlog	2021-12-30 13:36:04 +03:00
Ainar Garipov	a0bb5ce8a4	Pull request: all: upd dnsproxy Updates #4042. Squashed commit of the following: commit 7531b974a6142fafee825ce9ca2ea202619b95af Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Dec 29 22:01:54 2021 +0300 all: upd dnsproxy	2021-12-29 22:09:46 +03:00
Ainar Garipov	01947bedb4	Pull request: all: upd chlog, bamboo Merge in DNS/adguard-home from upd-chlog to master Squashed commit of the following: commit 2607bd4f6734735c6b100e657a121726783f7ec4 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Dec 29 20:26:16 2021 +0300 all: fmt chlog commit fc379e379515a2bc5b2cd8e8324a95c49b908773 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Dec 29 20:24:16 2021 +0300 all: upd chlog, bamboo	2021-12-29 20:31:22 +03:00
Ainar Garipov	a6ca824064	Pull request: client: upd i18n Updates #2643. Squashed commit of the following: commit bc3de579e00762bc2c4b62fb1f7ba73837c10bff Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Dec 29 15:37:29 2021 +0300 client: upd si-lk i18n again commit 2cd5436b6e8c1918855aff58dd0958fe47b47e90 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Dec 29 15:08:21 2021 +0300 client: upd i18n	2021-12-29 15:44:48 +03:00
Ainar Garipov	380cff07f2	Pull request: all: opt log levels more Updates #3929. Squashed commit of the following: commit 0d4aadeff1c4de1440795faf83eb072c46392ff3 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Dec 28 16:34:44 2021 +0300 all: opt log levels more	2021-12-28 17:25:43 +03:00
Ainar Garipov	d2ce06e1ca	Pull request: all: imp uniq validation err msgs Updates #3975. Squashed commit of the following: commit f8578c2afb1bb5786e7b855a1715e0757bc08510 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Dec 28 16:39:13 2021 +0300 aghalgo: imp docs commit d9fc625f7c4ede2cf4b0683ad5efd0ddf9b966b1 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Dec 28 16:21:24 2021 +0300 all: imp uniq validation err msgs	2021-12-28 17:00:52 +03:00
Ainar Garipov	2ed1f939b5	Pull request: aghnet: fix ipset init errors Updates #4027. Squashed commit of the following: commit 9ac0cc27ca94e630cc321c90b60b271499af4d9b Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Dec 27 20:26:22 2021 +0300 aghnet: fix ipset init errors	2021-12-27 20:54:00 +03:00
Ainar Garipov	dea8a585f8	Pull request: filtering: fix rw to subdomain Updates #4016. Squashed commit of the following: commit 83bb15c5a5098103cd17e76b49f456fb4fa73408 Merge: 81905503 `313555b1` Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Dec 27 19:36:44 2021 +0300 Merge branch 'master' into 4016-rw-subdomain commit 81905503c977c004d7ddca1d4e7537bf76443a6e Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Dec 27 19:35:51 2021 +0300 filtering: fix self reqs commit b706f481f00232d28dade0bd747a7496753c7deb Merge: 29cf83de `661f4ece` Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Dec 27 19:13:08 2021 +0300 Merge branch 'master' into 4016-rw-subdomain commit 29cf83de8e3ff60ea1c471c2a161055b1377392d Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Dec 27 19:07:08 2021 +0300 all: fix docs commit 9213fd8ec2b81e65b1198ab241400065f14684b1 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Dec 27 18:44:06 2021 +0300 filtering: fix rw to subdomain	2021-12-27 19:40:39 +03:00
Eugene Burkov	313555b10c	Pull request: 3868 log freebsd reload fix Merge in DNS/adguard-home from 3868-changelog to master Squashed commit of the following: commit 92ccf7422c4c1342c160e4806cbf9fb17c22749b Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Dec 27 19:22:47 2021 +0300 all: log more changes	2021-12-27 19:29:42 +03:00
Eugene Burkov	661f4ece48	Pull request: 3868 imp service uninstall Merge in DNS/adguard-home from 3868-imp-uninstall to master Closes #3868. Updates #3457. Squashed commit of the following: commit 6f50713407980c27e5b14bef4dc8839e134ec5c8 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Dec 27 19:06:13 2021 +0300 all: imp openwrt commit 59f058f8ec7f5ac8cb795bf837c396601652a6ff Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Dec 27 17:26:32 2021 +0300 all: imp code && docs commit bab95366b0ffa40d96de5bb8116ec14606e310ed Merge: 92ebc210 `52f36f20` Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Dec 27 17:06:25 2021 +0300 Merge branch 'master' into 3868-imp-uninstall commit 92ebc210f04d5e02c3eef726017a0d5687f4bc4c Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Dec 27 13:18:58 2021 +0300 home: imp freebsd script & log changes commit 583ffc256e9f87cf19da2eca8bbefc9e00ea86cc Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Dec 16 14:08:46 2021 +0300 all: imp service uninstall	2021-12-27 19:12:40 +03:00
Ainar Garipov	52f36f201e	Pull request: filtering: restore rewrite behavior with other question types Updates #4008. Squashed commit of the following: commit babbc29331cfc2603c0c3b0987f5ba926690ec3e Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Dec 24 18:46:20 2021 +0300 filtering: restore rewrite behavior with other question types	2021-12-24 20:14:36 +03:00
Ainar Garipov	46cd974e2a	Pull request: all: opt log levels Updates #3929. Squashed commit of the following: commit bfb2361d81a0667c36193484ca125d08e5638b21 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Dec 24 17:23:39 2021 +0300 all: opt log levels	2021-12-24 17:29:57 +03:00
Eugene Burkov	201ef10de6	Pull request: 3987 Fix nil pointer dereference Merge in DNS/adguard-home from 3987-fix-nil-deref to master Updates #3987. Updates #2846. Squashed commit of the following: commit d653e09ce88a8b10b2a17fea1563c419895c714c Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Dec 23 20:08:51 2021 +0300 all: log changes commit c47a4eeacf76fa7df2d01af166dee9d52528ac58 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Dec 23 19:22:39 2021 +0300 aghnet: fix windows tests commit 9c91f14ccfe967ada3c00ddb86d673238e52c12d Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Dec 23 19:09:49 2021 +0300 aghnet: imp code readability, docs commit d3df15d1892e4ebfe7f8ea7144e39a0c712fce52 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Dec 23 18:47:28 2021 +0300 aghnet: fix nil pointer dereference	2021-12-23 20:16:08 +03:00
Eugene Burkov	d9df7c13be	Pull request: 3998 Make hosts rules match exactly Merge in DNS/adguard-home from 3998-fix-hosts-gen to master Closes #3998 Squashed commit of the following: commit b565d51afb6c292dd16accd45b7d37ed386714e8 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Dec 23 16:25:02 2021 +0300 aghnet: make hosts rules match exactly	2021-12-23 16:35:10 +03:00
Ainar Garipov	64e751e579	Pull request: all: upd dnsproxy Updates #3977. Squashed commit of the following: commit 3aaaacac102cdea04ae46b36d2dd3a3be7d50147 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Dec 23 16:15:11 2021 +0300 all: upd dnsproxy	2021-12-23 16:25:44 +03:00
Ainar Garipov	e6e5958595	Pull request: 3945 log success Updates #3945. * commit 'ebe86ce00ebca3431a96a44c3616af3ac42250ab': home: imp auth Log successful login attempts in addition to failed ones	2021-12-23 13:58:28 +03:00
Eugene Burkov	ff3df0ec33	Pull request: Update miekg/dns Merge in DNS/adguard-home from upd-dns-lib to master Updates #2275. Squashed commit of the following: commit 54d0485157ac4f08830ad7d8ca9be49eef87d678 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Dec 23 13:31:34 2021 +0300 all: upd dns lib	2021-12-23 13:38:38 +03:00
Ainar Garipov	ebe86ce00e	Merge branch 'master' into 3945-log-success	2021-12-22 21:29:31 +03:00
Ainar Garipov	d317e19291	home: imp auth	2021-12-22 21:27:36 +03:00
Ainar Garipov	39c4999d2d	Pull request: client: imp en i18n Merge in DNS/adguard-home from en-i18n-safe-browsing to master Squashed commit of the following: commit dd32a58c3761818a10386b4a1d9e6871da59c71e Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Dec 22 17:31:35 2021 +0300 client: imp en i18n	2021-12-22 18:14:28 +03:00
Ainar Garipov	7f55bd8461	Pull request: all: temp disable gh notifications Merge in DNS/adguard-home from temp-disable-notify to master Squashed commit of the following: commit c7f1393668e4dfe8681c9ed1c6f2ef45aed9106b Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Dec 22 17:07:37 2021 +0300 all: temp disable gh notifications	2021-12-22 17:11:41 +03:00
Ainar Garipov	2968a65f14	Pull request: all: upd go, tools, deps Updates #2275. Updates #3057. Squashed commit of the following: commit da22ad203cec1ef2a5d0a218933ddc3ac03c2ad3 Merge: dbd7e202 `779fbe79` Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Dec 22 16:26:46 2021 +0300 Merge branch 'master' into 2275-upd-go commit dbd7e20209ddc04198e89698b7e3c2750c4d9902 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Dec 22 15:04:17 2021 +0300 all: upd docker img commit 269796e3a00f60120a6327d6501f2dde031435c4 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Dec 21 21:04:25 2021 +0300 all: upd go, tools, deps	2021-12-22 16:34:51 +03:00
Ainar Garipov	779fbe79b8	Pull request: scripts: add network-control plug Updates #3976. Squashed commit of the following: commit 49d8a3a2d333c7896530c8a44c5ef06c396b5ae0 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Dec 22 16:20:45 2021 +0300 scripts: add network-control plug	2021-12-22 16:26:01 +03:00
Matt	da0d1cb754	Log successful login attempts in addition to failed ones	2021-12-15 23:05:51 +00:00