Pull request: client: upd i18n

Merge in DNS/adguard-home from upd-i18n to master Squashed commit of the following: commit 181c13667eb79e5f0c8ec6502e8bd79f7403bf8d Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Apr 13 20:24:32 2022 +0300 client: upd i18n
Pull request: all: upd go, tools
2022-04-13 20:30:36 +03:00 · 2022-04-13 18:16:33 +03:00 · 2022-04-12 15:45:18 +03:00 · 2022-04-08 16:43:49 +03:00 · 2022-04-07 18:08:39 +03:00 · 2022-04-07 14:07:27 +03:00
81 changed files with 535 additions and 989 deletions
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -8,7 +8,6 @@
 - 'documentation'
 - 'enhancement'
 - 'feature request'
- 'help wanted'
 - 'localization'
 - 'needs investigation'
 - 'recurrent'
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,54 +12,17 @@ and this project adheres to
 ## [Unreleased]

 <!--
-## [v0.108.0] - 2022-10-01 (APPROX.)
+## [v0.108.0] - 2022-07-01 (APPROX.)
 -->

 ### Security

+- Enforced password strength policy ([#3503]).
 - Weaker cipher suites that use the CBC (cipher block chaining) mode of
  operation have been disabled ([#2993]).

 ### Added

- Support for Discovery of Designated Resolvers (DDR) according to the [RFC
-  draft][ddr-draft-06] ([#4463]).
- `windows/arm64` support ([#3057]).
-
-### Deprecated
-
- Go 1.17 support.  v0.109.0 will require at least Go 1.18 to build.
-
-[#2993]: https://github.com/AdguardTeam/AdGuardHome/issues/2993
-[#3057]: https://github.com/AdguardTeam/AdGuardHome/issues/3057
-
-[ddr-draft-06]:   https://www.ietf.org/archive/id/draft-ietf-add-ddr-06.html
-
-
-
-<!--
-## [v0.107.8] - 2022-07-12 (APPROX.)
-->
-
-
-
-## [v0.107.7] - 2022-06-06
-
-See also the [v0.107.7 GitHub milestone][ms-v0.107.7].
-
-### Security
-
- Go version was updated to prevent the possibility of exploiting the
-  [CVE-2022-29526], [CVE-2022-30634], [CVE-2022-30629], [CVE-2022-30580], and
-  [CVE-2022-29804] vulnerabilities.
- Enforced password strength policy ([#3503]).
-
-### Added
-
- Support for the final DNS-over-QUIC standard, [RFC 9250][rfc-9250] ([#4592]).
- Support upstreams for subdomains of a domain only ([#4503]).
- The ability to control each source of runtime clients separately via
-  `clients.runtime_sources` configuration object ([#3020]).
 - The ability to customize the set of networks that are considered private
  through the new `dns.private_networks` property in the configuration file
  ([#3142]).
@@ -69,14 +32,12 @@ See also the [v0.107.7 GitHub milestone][ms-v0.107.7].
  ([#4166]).
 - Logs are now collected by default on FreeBSD and OpenBSD when AdGuard Home is
  installed as a service ([#4213]).
+- `windows/arm64` support ([#3057]).

 ### Changed

- On OpenBSD, the daemon script now uses the recommended `/bin/ksh` shell
-  instead of the `/bin/sh` one ([#4533]).  To apply this change, backup your
-  data and run `AdGuardHome -s uninstall && AdGuardHome -s install`.
 - The default DNS-over-QUIC port number is now `853` instead of `754` in
-  accordance with [RFC 9250][rfc-9250] ([#4276]).
+  accordance with the latest [RFC draft][doq-draft-10] ([#4276]).
 - Reverse DNS now has a greater priority as the source of runtime clients'
  information than ARP neighborhood.
 - Improved detection of runtime clients through more resilient ARP processing
@@ -102,36 +63,8 @@ See also the [v0.107.7 GitHub milestone][ms-v0.107.7].

 #### Configuration Changes

-In this release, the schema version has changed from 12 to 14.
+In this release, the schema version has changed from 12 to 13.

- Object `clients`, which in schema versions 13 and earlier was an array of
-  actual persistent clients, is now consist of `persistent` and
-  `runtime_sources` properties:
-
-  ```yaml
-  # BEFORE:
-  'clients':
-  - name: client-name
-    # …
-
-  # AFTER:
-  'clients':
-    'persistent':
-      - name: client-name
-        # …
-    'runtime_sources':
-      whois: true
-      arp: true
-      rdns: true
-      dhcp: true
-      hosts: true
-  ```
-
-  The value for `clients.runtime_sources.rdns` field is taken from
-  `dns.resolve_clients` property.  To rollback this change, remove the
-  `runtime_sources` property, move the contents of `persistent` into the
-  `clients` itself, the value of `clients.runtime_sources.rdns` into the
-  `dns.resolve_clients`, and change the `schema_version` back to `13`.
 - Property `local_domain_name`, which in schema versions 12 and earlier used to
  be a part of the `dns` object, is now a part of the `dhcp` object:

@@ -152,23 +85,12 @@ In this release, the schema version has changed from 12 to 14.

 ### Deprecated

- The `--no-etc-hosts` option.  Its functionality is now controlled by
-  `clients.runtime_sources.hosts` configuration property.  v0.109.0 will remove
-  the flag completely.
-
-### Fixed
-
- Query log occasionally going into an infinite loop ([#4591]).
- Service startup on boot on systems using SysV-init ([#4480]).
- Detection of the stopped service status on macOS and Linux ([#4273]).
- Case-sensitive ClientID ([#4542]).
- Slow version update queries making other HTTP APIs unresponsive ([#4499]).
- ARP tables refreshing process causing excessive PTR requests ([#3157]).
+- Go 1.17 support.  v0.109.0 will require at least Go 1.18 to build.

 [#1730]: https://github.com/AdguardTeam/AdGuardHome/issues/1730
-[#3020]: https://github.com/AdguardTeam/AdGuardHome/issues/3020
+[#2993]: https://github.com/AdguardTeam/AdGuardHome/issues/2993
+[#3057]: https://github.com/AdguardTeam/AdGuardHome/issues/3057
 [#3142]: https://github.com/AdguardTeam/AdGuardHome/issues/3142
-[#3157]: https://github.com/AdguardTeam/AdGuardHome/issues/3157
 [#3367]: https://github.com/AdguardTeam/AdGuardHome/issues/3367
 [#3381]: https://github.com/AdguardTeam/AdGuardHome/issues/3381
 [#3503]: https://github.com/AdguardTeam/AdGuardHome/issues/3503
@@ -178,23 +100,20 @@ In this release, the schema version has changed from 12 to 14.
 [#4213]: https://github.com/AdguardTeam/AdGuardHome/issues/4213
 [#4221]: https://github.com/AdguardTeam/AdGuardHome/issues/4221
 [#4238]: https://github.com/AdguardTeam/AdGuardHome/issues/4238
-[#4273]: https://github.com/AdguardTeam/AdGuardHome/issues/4273
 [#4276]: https://github.com/AdguardTeam/AdGuardHome/issues/4276
-[#4480]: https://github.com/AdguardTeam/AdGuardHome/issues/4480
-[#4499]: https://github.com/AdguardTeam/AdGuardHome/issues/4499
-[#4503]: https://github.com/AdguardTeam/AdGuardHome/issues/4503
-[#4533]: https://github.com/AdguardTeam/AdGuardHome/issues/4533
-[#4542]: https://github.com/AdguardTeam/AdGuardHome/issues/4542
-[#4591]: https://github.com/AdguardTeam/AdGuardHome/issues/4591
-[#4592]: https://github.com/AdguardTeam/AdGuardHome/issues/4592

-[CVE-2022-29526]: https://www.cvedetails.com/cve/CVE-2022-29526
-[CVE-2022-29804]: https://www.cvedetails.com/cve/CVE-2022-29804
-[CVE-2022-30580]: https://www.cvedetails.com/cve/CVE-2022-30580
-[CVE-2022-30629]: https://www.cvedetails.com/cve/CVE-2022-30629
-[CVE-2022-30634]: https://www.cvedetails.com/cve/CVE-2022-30634
-[ms-v0.107.7]:    https://github.com/AdguardTeam/AdGuardHome/milestone/43?closed=1
-[rfc-9250]:       https://datatracker.ietf.org/doc/html/rfc9250
+[repr]:         https://reproducible-builds.org/docs/source-date-epoch/
+[doq-draft-10]: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-10#section-10.2
+
+
+
+<!--
+## [v0.107.7] - 2022-05-18 (APPROX.)
+
+See also the [v0.107.7 GitHub milestone][ms-v0.107.7].
+
+[ms-v0.107.7]: https://github.com/AdguardTeam/AdGuardHome/milestone/43?closed=1
+-->



@@ -248,7 +167,6 @@ See also the [v0.107.6 GitHub milestone][ms-v0.107.6].
 [CVE-2022-28327]: https://www.cvedetails.com/cve/CVE-2022-28327
 [dns-draft-02]:   https://datatracker.ietf.org/doc/html/draft-ietf-add-svcb-dns-02#section-5.1
 [ms-v0.107.6]:    https://github.com/AdguardTeam/AdGuardHome/milestone/42?closed=1
-[repr]:           https://reproducible-builds.org/docs/source-date-epoch/
 [svcb-draft-08]:  https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-08.html


@@ -1010,12 +928,11 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].


 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.8...HEAD
-[v0.107.8]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.7...v0.107.8
-->
-
 [Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.7...HEAD
 [v0.107.7]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.6...v0.107.7
+-->
+
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.6...HEAD
 [v0.107.6]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.5...v0.107.6
 [v0.107.5]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.4...v0.107.5
 [v0.107.4]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.3...v0.107.4
--- a/client/src/__locales/be.json
+++ b/client/src/__locales/be.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "звычайны DNS (праз UDP, імя хаста);",
    "example_upstream_dot": "зашыфраваны <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "зашыфраваны <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "зашыфраваны <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "зашыфраваны <0>DNS-over-QUIC (эксперыментальны)</0>;",
    "example_upstream_sdns": "<0>DNS Stamps</0> для <1>DNSCrypt</1> ці <2>DNS-over-HTTPS</2> рэзалвераў;",
    "example_upstream_tcp": "звычайны DNS (наўзверх TCP);",
    "example_upstream_tcp_hostname": "звычайны DNS (праз TCP, імя хаста);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Калі порт HTTPS наладжаны, ўэб-інтэрфейс адміністравання AdGuard Home будзе даступны праз HTTPS, а таксама DNS-over-HTTPS сервер будзе даступны па шляху '/dns-query'.",
    "encryption_dot": "Порт DNS-over-TLS",
    "encryption_dot_desc": "Калі гэты порт наладжаны, AdGuard Home запусціць DNS-over-TLS-сервер на гэтаму порту.",
-    "encryption_doq": "Порт DNS-over-QUIC",
-    "encryption_doq_desc": "Калі гэты порт наладжаны, AdGuard Home запусціць сервер DNS-over-QUIC на гэтым порце.",
+    "encryption_doq": "Порт DNS-over-QUIC (эксперыментальны)",
+    "encryption_doq_desc": "Калі гэты порт наладжаны, AdGuard Home запусціць сервер DNS-over-QUIC на гэтым порце. Гэта эксперыментальна і можа быць ненадзейна. Апроч таго, не так шмат кліентаў падтрымвае гэты спосаб цяпер.",
    "encryption_certificates": "Сертыфікаты",
    "encryption_certificates_desc": "Для выкарыстання шыфравання вам трэба падаць валідны ланцужок SSL-сертыфікатаў для вашага дамена. Вы можаце атрымаць дармовы сертыфікат на <0>{{link}}</0> ці вы можаце купіць яго ў аднаго з давераных Цэнтраў Сертыфікацыі.",
    "encryption_certificates_input": "Скапіюйце сюды сертыфікаты ў PEM-кадоўцы.",
--- a/client/src/__locales/cs.json
+++ b/client/src/__locales/cs.json
@@ -9,7 +9,7 @@
    "bootstrap_dns": "Bootstrap DNS servery",
    "bootstrap_dns_desc": "Servery Bootstrap DNS se používají k řešení IP adres DoH/DoT, které zadáváte jako upstreamy.",
    "local_ptr_title": "Soukromé reverzní DNS servery",
-    "local_ptr_desc": "Servery DNS, které AdGuard Home používá pro lokální dotazy PTR. Tyto servery se používají k řešení požadavků PTR na adresy v soukromých rozmezích IP, například \"192.168.12.34\", pomocí reverzního DNS. Pokud není nastaveno, AdGuard Home automaticky použije výchozí řešitele vašeho OS s výjimkou adres samotného AdGuard Home.",
+    "local_ptr_desc": "Servery DNS, které AdGuard Home používá pro lokální dotazy PTR. Tyto servery se používají k rozlišení názvů hostitelů klientů se soukromými adresami IP, například \"192.168.12.34\" pomocí rDNS. Pokud není nastaveno, AdGuard Home automaticky použije výchozí řešitele vašeho OS s výjimkou adres samotného AdGuard Home.",
    "local_ptr_default_resolver": "Ve výchozím nastavení používá AdGuard Home následující reverzní DNS řešitele: {{ip}}.",
    "local_ptr_no_default_resolver": "AdGuard Home nemohl určit vhodné soukromé reverzní DNS řešitele pro tento systém.",
    "local_ptr_placeholder": "Zadejte jednu adresu serveru na řádek",
@@ -85,7 +85,7 @@
    "form_enter_hostname": "Zadejte název hostitele",
    "error_details": "Podrobnosti chyby",
    "response_details": "Detail odpovědi",
-    "request_details": "Detaily požadavku",
+    "request_details": "Detail požadavku",
    "client_details": "Detaily klienta",
    "details": "Detaily",
    "back": "Zpět",
@@ -213,7 +213,7 @@
    "example_upstream_udp": "obvyklý DNS (skrze UDP, název hostitele);",
    "example_upstream_dot": "šifrovaný <0>DNS skrze TLS</0>;",
    "example_upstream_doh": "šifrovaný <0>DNS skrze HTTPS</0>;",
-    "example_upstream_doq": "šifrovaný <0>DNS skrze QUIC</0>;",
+    "example_upstream_doq": "šifrovaný <0>DNS skrze QUIC</0> (experimentální);",
    "example_upstream_sdns": "<0>DNS razítka</0> pro <1>DNSCrypt</1> nebo <2>DNS skrze HTTPS</2> řešitele;",
    "example_upstream_tcp": "obvyklý DNS (přes TCP);",
    "example_upstream_tcp_hostname": "obvyklý DNS (skrze TCP, název hostitele);",
@@ -283,7 +283,7 @@
    "download_mobileconfig_doh": "Stáhnout .mobileconfig pro DNS skrze HTTPS",
    "download_mobileconfig_dot": "Stáhnout .mobileconfig pro DNS skrze TLS",
    "download_mobileconfig": "Stáhnout konfigurační soubor",
-    "plain_dns": "Běžný DNS",
+    "plain_dns": "Čisté DNS",
    "form_enter_rate_limit": "Zadejte rychlostní limit",
    "rate_limit": "Rychlostní limit",
    "edns_enable": "Povolit klientskou podsíť EDNS",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Pokud je nakonfigurován port HTTPS, AdGuard Home administrátorské rozhraní bude přístupné přes HTTPS a bude také poskytovat DNS skrze HTTPS na '/dns-query'.",
    "encryption_dot": "DNS skrze TLS port",
    "encryption_dot_desc": "Pokud je tento port nakonfigurován, AdGuard Home bude na tomto portu spouštět DNS skrze TLS server.",
-    "encryption_doq": "Port DNS skrze QUIC",
-    "encryption_doq_desc": "Pokud je tento port nakonfigurován, AdGuard Home bude na tomto portu spouštět DNS skrze QUIC server.",
+    "encryption_doq": "Port DNS skrze QUIC (experimentální)",
+    "encryption_doq_desc": "Pokud je tento port nakonfigurován, AdGuard Home spustí na tomto portu server DNS skrze QUIC. Je to experimentální a nemusí být spolehlivé. V současnosti také není příliš mnoho klientů, kteří to podporují.",
    "encryption_certificates": "Certifikáty",
    "encryption_certificates_desc": "Chcete-li používat šifrování, musíte pro svou doménu poskytnout platný řetězec certifikátů SSL. Certifikát můžete získat bezplatně na adrese <0>{{link}}</ 0>, nebo jej můžete zakoupit od jednoho z důvěryhodných certifikačních úřadů.",
    "encryption_certificates_input": "Zde můžete nakopírovat/vložit certifikáty PEM.",
--- a/client/src/__locales/da.json
+++ b/client/src/__locales/da.json
@@ -9,7 +9,7 @@
    "bootstrap_dns": "Bootstrap DNS-servere",
    "bootstrap_dns_desc": "Bootstrap DNS-servere bruges til at fortolke IP-adresser for de DoH-/DoT-resolvere, du angiver som upstream.",
    "local_ptr_title": "Private reverse DNS-servere",
-    "local_ptr_desc": "DNS-servere brugt af AdGuard Home til lokale PTR-forespørgsler. Disse servere bruges til at opløse PTR-forespørgsler fra private IP-adresseområder, f.eks. \"192.168.12.34\", vha. reverse DNS. Hvis ikke opsat, bruger AdGuard Home operativsystems standard DNS-opløsere undtagen for sine egne adresser.",
+    "local_ptr_desc": "De DNS-servere, som AdGuard Home bruger til lokale PTR-forespørgsler. Disse servere bruges til at opløse klientværtsnavne med private IP-adresser, f.eks. \"192.168.12.34\", vha. rDNS. Hvis ikke indstillet, bruger AdGuard Home dit operativsystems standard DNS-opløsere undtagen for sine egne adresser.",
    "local_ptr_default_resolver": "AdGuard Home bruger som standard flg. reverse DNS-opløsere: {{ip}}.",
    "local_ptr_no_default_resolver": "AdGuard Home kunne ikke fastslå egnede private reverse DNS-opløsere for dette system.",
    "local_ptr_placeholder": "Indtast en serveradresse pr. Linje",
@@ -213,7 +213,7 @@
    "example_upstream_udp": "almindelig DNS (over UDP, værtsnavn);",
    "example_upstream_dot": "krypteret <0>DNS-over-TLS</0>",
    "example_upstream_doh": "krypteret <0>DNS-over-HTTPS</0>",
-    "example_upstream_doq": "krypteret <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "krypteret <0>DNS-over-QUIC</0>(eksperimentel);",
    "example_upstream_sdns": "<0>DNS Stamps</0> til <1>DNSCrypt</1> eller <2>DNS-over-HTTPS</2>-opløsere;",
    "example_upstream_tcp": "almindelig DNS (over TCP)",
    "example_upstream_tcp_hostname": "almindelig DNS (over TCP, værtsnavn);",
@@ -351,7 +351,7 @@
    "install_devices_android_list_5": "Skift de aktuelle DNS 1- og DNS 2-værdier til dine AdGuard Home-serveradresser.",
    "install_devices_ios_list_1": "Tryk på Indstillinger på Hjem-skærmen.",
    "install_devices_ios_list_2": "Vælg Wi-Fi i menuen til venstre (det er umuligt at opsætte DNS for mobilnetværker).",
-    "install_devices_ios_list_3": "Tryk på navnet for det aktuelt aktive netværk.",
+    "install_devices_ios_list_3": "Tryk på navnet på det aktuelt aktive netværk.",
    "install_devices_ios_list_4": "Angiv dine AdGuard Home-serveradresser i DNS-feltet.",
    "get_started": "Komme I Gang",
    "next": "Næste",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Er HTTPS-porten opsat, vil AdGuard Home admin grænsefladen være tilgængelig via HTTPS, og den vil muliggøre DNS-over-HTTPS på '/dns-query' placeringen.",
    "encryption_dot": "DNS-over-TLS port",
    "encryption_dot_desc": "Er denne port opsat, vil AdGuard Home køre en DNS-over-TLS server på denne port.",
-    "encryption_doq": "DNS-over-QUIC port",
-    "encryption_doq_desc": "Er denne port opsat, vil AdGuard Home køre en DNS-over-QUIC server på denne port. ",
+    "encryption_doq": "DNS-over-QUIC port (eksperimentel)",
+    "encryption_doq_desc": "Er denne port opsat, vil AdGuard Home køre en DNS-over-QUIC server på denne port. Den er eksperimentel og er måske ikke pålidelig. Derudover understøttes den pt. heller ikke af ret mange klienter.",
    "encryption_certificates": "Certifikater",
    "encryption_certificates_desc": "For at kunne bruge kryptering skal du angive en gyldig SSL-certifikatkæde til dit domæne. Du kan få et gratis certifikat via <0>{{link}}</ 0>, eller du kan købe det via en af de betroede Certifikatmyndigheder.",
    "encryption_certificates_input": "Kopiér/indsæt dine PEM-kodede certifikater hér.",
--- a/client/src/__locales/de.json
+++ b/client/src/__locales/de.json
@@ -149,9 +149,9 @@
    "general_settings": "Allgemeine Einstellungen",
    "dns_settings": "DNS-Einstellungen",
    "dns_blocklists": "DNS-Sperrliste",
-    "dns_allowlists": "DNS-Positivlisten",
+    "dns_allowlists": "DNS-Freigabelisten",
    "dns_blocklists_desc": "AdGuard Home sperrt Domains, die in den Sperrlisten enthalten sind.",
-    "dns_allowlists_desc": "Domains aus DNS-Positivlisten werden auch dann zugelassen, wenn sie in einer der Sperrlisten enthalten sind.",
+    "dns_allowlists_desc": "Domains aus DNS-Freigabelisten werden auch dann zugelassen, wenn sie in einer der Sperrlisten enthalten sind.",
    "custom_filtering_rules": "Benutzerdefinierte Filterregeln",
    "encryption_settings": "Verschlüsselungseinstellungen",
    "dhcp_settings": "DHCP-Einstellungen",
@@ -181,21 +181,21 @@
    "elapsed": "Verstrichen",
    "filters_and_hosts_hint": "AdGuard Home versteht grundlegende Werbefilterregeln und Host-Datei-Syntax.",
    "no_blocklist_added": "Keine Sperrliste hinzugefügt",
-    "no_whitelist_added": "Keine Positivliste hinzugefügt",
+    "no_whitelist_added": "Keine Freigabeliste hinzugefügt",
    "add_blocklist": "Sperrliste hinzufügen",
-    "add_allowlist": "Positivliste hinzufügen",
+    "add_allowlist": "Freigabeliste hinzufügen",
    "cancel_btn": "Abbrechen",
    "enter_name_hint": "Name eingeben",
    "enter_url_or_path_hint": "URL oder absoluten Pfad der Liste eingeben",
    "check_updates_btn": "Nach Aktualisierungen suchen",
    "new_blocklist": "Neue Sperrliste",
-    "new_allowlist": "Neue Positivliste",
+    "new_allowlist": "Neue Freigabeliste",
    "edit_blocklist": "Sperrliste bearbeiten",
-    "edit_allowlist": "Positivliste bearbeiten",
+    "edit_allowlist": "Freigabeliste bearbeiten",
    "choose_blocklist": "Sperrliste wählen",
-    "choose_allowlist": "Positivliste wählen",
+    "choose_allowlist": "Freigabeliste wählen",
    "enter_valid_blocklist": "Gültige Webadresse zur Sperrliste eingeben.",
-    "enter_valid_allowlist": "Gültige Webadresse zur Positivliste eingeben.",
+    "enter_valid_allowlist": "Gültige Webadresse zur Freigabeliste eingeben.",
    "form_error_url_format": "Ungültiges URL-Format",
    "form_error_url_or_path_format": "Ungültige URL oder absoluter Pfad der Liste",
    "custom_filter_rules": "Benutzerdefinierte Filterregeln",
@@ -213,7 +213,7 @@
    "example_upstream_udp": "normales DNS (über UDP, Hostname);",
    "example_upstream_dot": "verschlüsseltes <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "verschlüsseltes <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "verschlüsseltes <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "verschlüsseltes <0>DNS-over-QUIC</0> (experimentell);",
    "example_upstream_sdns": "<0>DNS-Stempel</0> für <1>DNSCrypt</1> oder <2>DNS-over-HTTPS</2> Resolver;",
    "example_upstream_tcp": "reguläres DNS (over TCP);",
    "example_upstream_tcp_hostname": "normales DNS (über TCP, Hostname);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Wenn der HTTPS-Port konfiguriert ist, ist die AdGuard Home-Administrationsschnittstelle über HTTPS zugänglich und bietet auch DNS-over-HTTPS am Server „/dns-query“.",
    "encryption_dot": "DNS-over-TLS",
    "encryption_dot_desc": "Wenn dieser Port konfiguriert ist, führt AdGuard Home auf diesem Port einen DNS-over-TLS-Server aus.",
-    "encryption_doq": "Port für DNS-over-QUIC",
-    "encryption_doq_desc": "Wenn dieser Port eingerichtet ist, wird AdGuard Home einen DNS-over-QUIC-Server auf diesem Port ausführen. ",
+    "encryption_doq": "Port für DNS-over-QUIC (experimentell)",
+    "encryption_doq_desc": "Wenn dieser Port eingerichtet ist, wird AdGuard Home einen DNS-over-QUIC-Server auf diesem Port ausführen. Es ist experimentell und möglicherweise nicht zuverlässig. Außerdem gibt es im Moment nicht allzu viele Clients, die ihn unterstützen.",
    "encryption_certificates": "Zertifikate",
    "encryption_certificates_desc": "Um die Verschlüsselung verwenden zu können, müssen Sie eine gültige SSL-Zertifikatskette für Ihre Domain angeben. Sie können ein kostenloses Zertifikat für <0>{{link}}</0> erhalten oder es bei einer der vertrauenswürdigen Zertifizierungsstellen kaufen.",
    "encryption_certificates_input": "Kopieren Sie Ihre PEM-codierten Zertifikate und fügen Sie sie hier ein.",
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -9,7 +9,7 @@
    "bootstrap_dns": "Bootstrap DNS servers",
    "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve IP addresses of the DoH/DoT resolvers you specify as upstreams.",
    "local_ptr_title": "Private reverse DNS servers",
-    "local_ptr_desc": "The DNS servers that AdGuard Home uses for local PTR queries. These servers are used to resolve PTR requests for addresses in private IP ranges, for example \"192.168.12.34\", using reverse DNS. If not set, AdGuard Home uses the addresses of the default DNS resolvers of your OS except for the addresses of AdGuard Home itself.",
+    "local_ptr_desc": "The DNS servers that AdGuard Home uses for local PTR queries. These servers are used to resolve the hostnames of clients with private IP addresses, for example \"192.168.12.34\", using reverse DNS. If not set, AdGuard Home uses the addresses of the default DNS resolvers of your OS except for the addresses of AdGuard Home itself.",
    "local_ptr_default_resolver": "By default, AdGuard Home uses the following reverse DNS resolvers: {{ip}}.",
    "local_ptr_no_default_resolver": "AdGuard Home could not determine suitable private reverse DNS resolvers for this system.",
    "local_ptr_placeholder": "Enter one server address per line",
@@ -213,7 +213,7 @@
    "example_upstream_udp": "regular DNS (over UDP, hostname);",
    "example_upstream_dot": "encrypted <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "encrypted <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "encrypted <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "encrypted <0>DNS-over-QUIC</0> (experimental);",
    "example_upstream_sdns": "<0>DNS Stamps</0> for <1>DNSCrypt</1> or <2>DNS-over-HTTPS</2> resolvers;",
    "example_upstream_tcp": "regular DNS (over TCP);",
    "example_upstream_tcp_hostname": "regular DNS (over TCP, hostname);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "If HTTPS port is configured, AdGuard Home admin interface will be accessible via HTTPS, and it will also provide DNS-over-HTTPS on '/dns-query' location.",
    "encryption_dot": "DNS-over-TLS port",
    "encryption_dot_desc": "If this port is configured, AdGuard Home will run a DNS-over-TLS server on this port.",
-    "encryption_doq": "DNS-over-QUIC port",
-    "encryption_doq_desc": "If this port is configured, AdGuard Home will run a DNS-over-QUIC server on this port.",
+    "encryption_doq": "DNS-over-QUIC port (experimental)",
+    "encryption_doq_desc": "If this port is configured, AdGuard Home will run a DNS-over-QUIC server on this port. It's experimental and may not be reliable. Also, there are not too many clients that support it at the moment.",
    "encryption_certificates": "Certificates",
    "encryption_certificates_desc": "In order to use encryption, you need to provide a valid SSL certificates chain for your domain. You can get a free certificate on <0>{{link}}</0> or you can buy it from one of the trusted Certificate Authorities.",
    "encryption_certificates_input": "Copy/paste your PEM-encoded certificates here.",
--- a/client/src/__locales/es.json
+++ b/client/src/__locales/es.json
@@ -9,7 +9,7 @@
    "bootstrap_dns": "Servidores DNS de arranque",
    "bootstrap_dns_desc": "Los servidores DNS de arranque se utilizan para resolver las direcciones IP de los resolutores DoH/DoT que especifiques como DNS de subida.",
    "local_ptr_title": "Servidores DNS inversos y privados",
-    "local_ptr_desc": "Los servidores DNS que AdGuard Home utiliza para las consultas PTR locales. Estos servidores se utilizan para resolver las peticiones PTR de direcciones en rangos de IP privadas, por ejemplo \"192.168.12.34\", utilizando DNS inverso. Si no está establecido, AdGuard Home utilizará los resolutores DNS predeterminados de tu sistema operativo, excepto las direcciones del propio AdGuard Home.",
+    "local_ptr_desc": "Los servidores DNS que AdGuard Home utiliza para las consultas PTR locales. Estos servidores se utilizan para resolver los nombres de hosts de los clientes a direcciones IP privadas, por ejemplo \"192.168.12.34\", utilizando DNS inverso. Si no está establecido, AdGuard Home utilizará los resolutores DNS predeterminados de tu sistema operativo, excepto las direcciones del propio AdGuard Home.",
    "local_ptr_default_resolver": "Por defecto, AdGuard Home utiliza los siguientes resolutores DNS inversos: {{ip}}.",
    "local_ptr_no_default_resolver": "AdGuard Home no pudo determinar los resolutores DNS inversos y privados adecuados para este sistema.",
    "local_ptr_placeholder": "Ingresa una dirección de servidor por línea",
@@ -213,7 +213,7 @@
    "example_upstream_udp": "DNS regular (mediante UDP, nombre del host).",
    "example_upstream_dot": "cifrado <0>DNS mediante TLS</0>.",
    "example_upstream_doh": "cifrado <0>DNS mediante HTTPS</0>.",
-    "example_upstream_doq": "cifrado <0>DNS mediante QUIC</0>.",
+    "example_upstream_doq": "cifrado <0>DNS mediante QUIC</0> (experimental).",
    "example_upstream_sdns": "<0>DNS Stamps</0> para <1>DNSCrypt</1> o resolutores <2>DNS mediante HTTPS</2>.",
    "example_upstream_tcp": "DNS regular (mediante TCP).",
    "example_upstream_tcp_hostname": "DNS regular (mediante TCP, nombre del host).",
@@ -351,7 +351,7 @@
    "install_devices_android_list_5": "Cambia los valores de DNS 1 y DNS 2 a las direcciones de tu servidor AdGuard Home.",
    "install_devices_ios_list_1": "En la pantalla de inicio, pulsa en Configuración.",
    "install_devices_ios_list_2": "Elige Wi-Fi en el menú de la izquierda (es imposible configurar DNS para redes móviles).",
-    "install_devices_ios_list_3": "Pulsa sobre el nombre de la red actualmente activa.",
+    "install_devices_ios_list_3": "Pulsa sobre el nombre de la red activa en ese momento.",
    "install_devices_ios_list_4": "En el campo DNS ingresa las direcciones de tu servidor AdGuard Home.",
    "get_started": "Comenzar",
    "next": "Siguiente",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Si el puerto HTTPS está configurado, la interfaz de administración de AdGuard Home será accesible a través de HTTPS, y también proporcionará DNS mediante HTTPS en la ubicación '/dns-query'.",
    "encryption_dot": "Puerto DNS mediante TLS",
    "encryption_dot_desc": "Si este puerto está configurado, AdGuard Home ejecutará un servidor DNS mediante TLS en este puerto.",
-    "encryption_doq": "Puerto DNS mediante QUIC",
-    "encryption_doq_desc": "Si este puerto está configurado, AdGuard Home ejecutará un servidor DNS mediante QUIC en este puerto.",
+    "encryption_doq": "Puerto DNS mediante QUIC (experimental)",
+    "encryption_doq_desc": "Si este puerto está configurado, AdGuard Home ejecutará un servidor DNS mediante QUIC en este puerto. Es experimental y puede no ser confiable. Además, no hay muchos clientes que lo soporten por el momento.",
    "encryption_certificates": "Certificados",
    "encryption_certificates_desc": "Para utilizar el cifrado, debes proporcionar una cadena de certificado SSL válida para tu dominio. Puedes obtener un certificado gratuito en <0>{{link}}</0> o puedes comprarlo en una de las autoridades de certificación de confianza.",
    "encryption_certificates_input": "Copia/pega aquí tu certificado codificado PEM.",
--- a/client/src/__locales/fi.json
+++ b/client/src/__locales/fi.json
@@ -9,7 +9,7 @@
    "bootstrap_dns": "Bootstrap DNS-palvelimet",
    "bootstrap_dns_desc": "Bootstrap DNS-palvelimia käytetään ylävirroiksi määritettyjen DoH/DoT-resolvereiden IP-osoitteiden selvitykseen.",
    "local_ptr_title": "Yksityiset käänteiset DNS-palvelimet",
-    "local_ptr_desc": "DNS-palvelimet, joita AdGuard Home käyttää paikallisille PTR-kyselyille. Näitä palvelimia käytetään yksityistä IP-osoitetta käyttävien PTR-kyselyiden osoitteiden, kuten \"192.168.12.34\", selvitykseen käänteisen DNS:n avulla. Jos ei käytössä, AdGuard Home käyttää käyttöjärjestelmän oletusarvoisia DNS-resolvereita, poislukien AdGuard Homen omat osoitteet.",
+    "local_ptr_desc": "DNS-palvelimet, joita AdGuard Home käyttää paikallisille PTR-pyynnöille. Näitä palvelimia käytetään yksityistä IP-osoitetta käyttävien päätelaitteiden osoitteiden, kuten \"192.168.12.34\", selvitykseen käänteisen DNS:n avulla. Jos ei käytössä, käyttää AdGuard Home käyttöjärjestelmän oletusarvoisia DNS-resolvereita, poislukien AdGuard Homen omat osoitteet.",
    "local_ptr_default_resolver": "Oletusarvoisesti AdGuard Home käyttää seuraavia käänteisiä DNS-resolvereita: {{ip}}.",
    "local_ptr_no_default_resolver": "AdGuard Home ei voinut määrittää tälle järjestelmälle sopivaa yksityistä käänteistä DNS-resolveria.",
    "local_ptr_placeholder": "Syötä yksi palvelimen osoite per rivi",
@@ -213,7 +213,7 @@
    "example_upstream_udp": "tavallinen DNS (UDP, isäntänimi);",
    "example_upstream_dot": "salattu <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "salattu <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "salattu <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "salattu <0>DNS-over-QUIC</0> (kokeellinen);",
    "example_upstream_sdns": "<0>DNS Stamp</0> -merkinnät <1>DNSCrypt</1> tai <2>DNS-over-HTTPS</2> -resolvereille;",
    "example_upstream_tcp": "tavallinen DNS (TCP:n välityksellä);",
    "example_upstream_tcp_hostname": "tavallinen DNS (TCP, isäntänimi);",
@@ -338,7 +338,7 @@
    "install_devices_windows_list_2": "Avaa \"Verkko ja Internet\" -ryhmä ja sitten \"Verkko ja jakamiskeskus\".",
    "install_devices_windows_list_3": "Paina ikkunan vasemmasta laidasta \"Muuta sovittimen asetuksia\".",
    "install_devices_windows_list_4": "Paina aktiivista yhteyttäsi hiiren kakkospainikkeella ja valitse \"Ominaisuudet\".",
-    "install_devices_windows_list_5": "Etsi listasta \"Internet Protocol Version 4 (TCP/IPv4)\" (tai IPv6:lle \"Internet Protocol Version 6 (TCP/IPv6)\"), valitse se ja paina jälleen \"Ominaisuudet\".",
+    "install_devices_windows_list_5": "Etsi listasta \"Internet protokolla versio 4 (TCP/IP)\", valitse se ja paina jälleen \"Ominaisuudet\".",
    "install_devices_windows_list_6": "Valitse \"Käytä seuraavia DNS-palvelinten osoitteita\" ja syötä AdGuard Home -palvelimesi osoitteet.",
    "install_devices_macos_list_1": "Paina Omena-kuvaketta ja valitse \"Järjestelmäasetukset\".",
    "install_devices_macos_list_2": "Paina \"Verkko\".",
@@ -351,7 +351,7 @@
    "install_devices_android_list_5": "Syötä \"DNS 1\" ja \"DNS 2\" -kenttiin AdGuard Home -palvelimesi osoitteet.",
    "install_devices_ios_list_1": "Napauta aloitusnäytöstä \"Asetukset\".",
    "install_devices_ios_list_2": "Valitse vasemmalta \"Wi-Fi\" (mobiiliverkolle ei ole mahdollista määrittää omaa DNS-palvelinta).",
-    "install_devices_ios_list_3": "Valitse tällä hetkellä aktiivinen verkko.",
+    "install_devices_ios_list_3": "Valitse yhdistetty verkko.",
    "install_devices_ios_list_4": "Syötä \"DNS\" -kenttään AdGuard Home -palvelimesi osoitteet.",
    "get_started": "Aloita",
    "next": "Seuraava",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Jos HTTPS-portti on määritetty, on AdGuard Homen hallintapaneeli käytettävissä HTTPS-yhteydellä ja lisäksi tämä mahdollistaa myös DNS-over-HTTPS -yhteyden '/dns-query' -kohteessa.",
    "encryption_dot": "DNS-over-TLS -portti",
    "encryption_dot_desc": "Jos portti on määritetty, AdGuard Home suorittaa DNS-over-TLS -palvelimen tässä portissa.",
-    "encryption_doq": "DNS-over-QUIC-portti",
-    "encryption_doq_desc": "Jos portti on määritetty, AdGuard Home suorittaa DNS-over-QUIC-palvelimen tässä portissa.",
+    "encryption_doq": "DNS-over-QUIC -portti (kokeellinen)",
+    "encryption_doq_desc": "Jos portti on määritetty, AdGuard Home suorittaa DNS-over-QUIC -palvelimen tässä portissa. Ominaisuus on kokeellinen, eikä välttämättä luotettava. Lisäksi tätä tukevia päätelaitteita ei vielä ole kovin paljon.",
    "encryption_certificates": "Varmenteet",
    "encryption_certificates_desc": "Salauksen käyttämiseksi, on syötettävä verkkotunnuksellesi myönnetty, aito SSL-varmenneketju. Voit hankkia ilmaisen varmenteen osoitteesta <0>{{link}}</0> tai ostaa sellaisen joltakin luotetulta varmentajalta.",
    "encryption_certificates_input": "Kopioi/liitä PEM-koodatut varmenteesi tähän.",
--- a/client/src/__locales/fr.json
+++ b/client/src/__locales/fr.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "DNS normal (sur UDP, nom d’hôte) ;",
    "example_upstream_dot": "<0>DNS-over-TLS</0> chiffré ;",
    "example_upstream_doh": "<0>DNS-over-HTTPS</0> chiffré ;",
-    "example_upstream_doq": "<0>DNS-over-QUIC</0> chiffré;",
+    "example_upstream_doq": "<0>DNS-over-QUIC</0> chiffré (expérimental) ;",
    "example_upstream_sdns": "vous pouvez utiliser <0>DNS Stamps</0> pour <1>DNSCrypt</1> ou les résolveurs <2>DNS_over_HTTPS</2> ;",
    "example_upstream_tcp": "DNS classique (au-dessus de TCP) ;",
    "example_upstream_tcp_hostname": "DNS normal (sur TCP, nom d’hôte) ;",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Si le port HTTPS est configuré, l'interface administrateur de AdGuard Home sera accessible via HTTPS et fournira aussi un service DNS-over-HTTPS sur l'emplacement '/dns-query'.",
    "encryption_dot": "Port DNS-over-TLS",
    "encryption_dot_desc": "Si ce port est configuré, AdGuard Home exécutera un serveur DNS-over-TLS sur ce port.",
-    "encryption_doq": "Port DNS sur QUIC",
-    "encryption_doq_desc": "Si ce port est configuré, AdGuard Home exécutera un serveur DNS sur QUIC sur ce port. ",
+    "encryption_doq": "Port DNS sur QUIC (expérimental)",
+    "encryption_doq_desc": "Si ce port est configuré, AdGuard Home exécutera un serveur DNS sur QUIC sur ce port. Ceci est expérimental et possiblement pas entièrement fiable. Peu de clients le prennent en charge actuellement.",
    "encryption_certificates": "Certificats",
    "encryption_certificates_desc": "Pour utiliser le chiffrement, vous devez fournir une chaîne de certificats SSL valide pour votre domaine. Vous pouvez en obtenir une gratuitement sur <0>{{link}}</0> ou vous pouvez en acheter une via les Autorités de Certification de confiance.",
    "encryption_certificates_input": "Copiez/coller vos certificats encodés PEM ici.",
--- a/client/src/__locales/hr.json
+++ b/client/src/__locales/hr.json
@@ -370,7 +370,7 @@
    "encryption_dot": "DNS-over-TLS port",
    "encryption_dot_desc": "Ako je ovaj port postavljen, AdGuard Home će pokrenuti DNS-over-TLS poslužitelj na ovom portu.",
    "encryption_doq": "DNS-over-QUIC port (eksperimentalno)",
-    "encryption_doq_desc": "Ako je ovaj priključak konfiguriran, AdGuard Home će na ovom priključku pokretati DNS-over-QUIC poslužitelj.",
+    "encryption_doq_desc": "Ako je ovaj port postavljen, AdGuard Home će na ovom portu pokrenuti DNS-over-QUIC poslužitelj. Eksperimentalno je i možda nije pouzdano. Također, trenutno nema previše klijenata koji to podržavaju.",
    "encryption_certificates": "Certifikati",
    "encryption_certificates_desc": "Da biste koristili šifriranje, za svoju domenu morate osigurati važeći lanac SSL certifikata. Besplatan certifikat možete dobiti na <0>{{link}}</0> ili ga možete kupiti od jednog od pouzdanih izdavatelja certifikata.",
    "encryption_certificates_input": "Zalijepite svoje PEM-kodirane certifikate ovdje.",
@@ -511,7 +511,7 @@
    "statistics_configuration": "Postavke statistike",
    "statistics_retention": "Spremanje statistike",
    "statistics_retention_desc": "Ako smanjite vrijednost intervala, neki će podaci biti izgubljeni",
-    "statistics_clear": "Poništi statistiku",
+    "statistics_clear": " Poništi statistiku",
    "statistics_clear_confirm": "Jeste li sigurni da želite poništiti statistiku?",
    "statistics_retention_confirm": "Jeste li sigurni da želite promijeniti zadržavanje statistike? Ako smanjite vrijednost intervala, neki će podaci biti izgubljeni",
    "statistics_cleared": "Statistika je uspješno uklonjenja",
--- a/client/src/__locales/hu.json
+++ b/client/src/__locales/hu.json
@@ -9,7 +9,7 @@
    "bootstrap_dns": "Bootstrap DNS kiszolgálók",
    "bootstrap_dns_desc": "A Bootstrap DNS szerverek a DoH/DoT feloldók IP-címeinek feloldására szolgálnak.",
    "local_ptr_title": "Privát DNS szerverek",
-    "local_ptr_desc": "Azok a DNS szerverek, amiket az AdGuard Home a helyi PTR kérésekhez használ. ",
+    "local_ptr_desc": "Azok a DNS szerverek, amiket az AdGuard Home a helyi PTR kérésekhez használ. Ezeket a szervereket arra használjuk, hogy reverse DNS által feloldjuk a kliensek hosztneveit privát IP címekre, például \"192.168.12.34\". Ha nincs beállítva, akkor az AdGuard Home, kivéve az ő saját címét, az operációs rendszer alapértelmezett DNS feloldók címeit fogja használni.",
    "local_ptr_default_resolver": "Alapesetben az AdGuard Home a következő reverse DNS feloldókat használja: {{ip}}.",
    "local_ptr_no_default_resolver": "Az AdGuard Home nem tudta meghatározni a privát reverse DNS feloldókat ehhez a rendszerhez.",
    "local_ptr_placeholder": "Adjon meg soronként egy kiszolgáló címet",
@@ -213,7 +213,7 @@
    "example_upstream_udp": "normál DNS (UDP felett, hostnév);",
    "example_upstream_dot": "titkosított <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "titkosított <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "titkosított <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "titkosított <0>DNS-over-QUIC</0> (kísérleti);",
    "example_upstream_sdns": "<0>DNS Stamps</0> a <1>DNSCrypt</1> vagy <2>DNS-over-HTTPS</2> feloldókhoz;",
    "example_upstream_tcp": "hagyományos DNS (TCP felett);",
    "example_upstream_tcp_hostname": "normál DNS (TCP felett, hostnév);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Ha a HTTPS port konfigurálva van, akkor az AdGuard Home admin felülete elérhető lesz a HTTPS-en keresztül, és ezenkívül DNS-over-HTTPS-t is biztosít a '/dns-query' helyen.",
    "encryption_dot": "DNS-over-TLS port",
    "encryption_dot_desc": "Ha ez a port be van állítva, az AdGuard Home DNS-over-TLS szerverként tud futni ezen a porton.",
-    "encryption_doq": "DNS-over-QUIC port",
-    "encryption_doq_desc": "Ha ez a port be van állítva, akkor az AdGuard Home egy DNS-over-QUIC szerverként fog futni ezen a porton. ",
+    "encryption_doq": "DNS-over-QUIC port (kísérleti)",
+    "encryption_doq_desc": "Ha ez a port be van állítva, akkor az AdGuard Home egy DNS-over-QUIC szerverként fog futni ezen a porton. Ez egy kísérleti funkció és nem biztos, hogy megbízható. Emellett nincs sok olyan kliens, ami támogatná ezt jelenleg.",
    "encryption_certificates": "Tanúsítványok",
    "encryption_certificates_desc": "A titkosítás használatához érvényes SSL tanúsítványláncot kell megadnia a domainjéhez. Ingyenes tanúsítványt kaphat a <0>{{link}}</0> webhelyen, vagy megvásárolhatja az egyik megbízható tanúsítványkibocsátó hatóságtól.",
    "encryption_certificates_input": "Másolja be ide a PEM-kódolt tanúsítványt.",
--- a/client/src/__locales/id.json
+++ b/client/src/__locales/id.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "DNS biasa (lebih dari UDP, nama host);",
    "example_upstream_dot": "terenkripsi <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "terenkripsi <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "terenkripsi <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "terenkripsi <0>DNS-over-QUIC</0> (eksperimental);",
    "example_upstream_sdns": "<0>Stempel DNS</0> untuk <1>DNSCrypt</1> atau pengarah <2>DNS-over-HTTPS</2>;",
    "example_upstream_tcp": "DNS reguler (melalui TCP);",
    "example_upstream_tcp_hostname": "DNS biasa (lebih dari TCP, nama host);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Jika port HTTPS dikonfigurasi, antarmuka admin Home AdGuard akan dapat diakses melalui HTTPS, dan itu juga akan memberikan DNS-over-HTTPS di lokasi '/ dns-query'.",
    "encryption_dot": "Port DNS-over-TLS",
    "encryption_dot_desc": "Jika port ini terkonfigurasi, AdGuard Home akan menjalankan server DNS-over-TLS dalam port ini",
-    "encryption_doq": "Port DNS-over-QUIC ",
-    "encryption_doq_desc": "Jika port ini diatur secara sepesifik, AdGuard Home akan menjalankan server DNS-lewat-QUIC pada port ini.",
+    "encryption_doq": "Port DNS-over-QUIC (eksperimental)",
+    "encryption_doq_desc": "Jika port ini diatur secara sepesifik, AdGuard Home akan menjalankan server DNS-lewat-QUIC pada port ini. Ini adalah eksperimental dan mungkin tidak dapat diandalkan. Juga, tidak banyak klien yang mendukungnya saat ini.",
    "encryption_certificates": "Sertifikat",
    "encryption_certificates_desc": "Untuk menggunakan enkripsi, Anda perlu memberikan rantai sertifikat SSL yang valid untuk domain Anda. Anda bisa mendapatkan sertifikat gratis di <0>{{link}}</0> atau Anda dapat membelinya dari salah satu Otoritas Sertifikat tepercaya.",
    "encryption_certificates_input": "Salin / rekatkan sertifikat PEM yang disandikan di sini.",
--- a/client/src/__locales/it.json
+++ b/client/src/__locales/it.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "DNS regolare (over UDP, nome host);",
    "example_upstream_dot": "<0>DNS su TLS</0> crittografato;",
    "example_upstream_doh": "<0>DNS su HTTPS</0> crittografato;",
-    "example_upstream_doq": "<0>DNS su QUIC</0> crittografato;",
+    "example_upstream_doq": "<0>DNS su QUIC</0> crittografato (sperimentale);",
    "example_upstream_sdns": "<0>DNS Stamps</0> per <1>DNSCrypt</1> oppure i risolutori <2>DNS su HTTPS</2>;",
    "example_upstream_tcp": "DNS regolare (over TCP);",
    "example_upstream_tcp_hostname": "DNS regolare (over TCP, nome host);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Se la porta HTTPS è configurata, l'interfaccia di amministrazione di AdGuard Home sarà accessibile tramite HTTPS e fornirà anche DNS su HTTPS nella posizione \"/ dns-query\".",
    "encryption_dot": "DNS su porta TLS",
    "encryption_dot_desc": "Se questa porta è configurata, AdGuard Home eseguirà un server DNS su TLS su questa porta.",
-    "encryption_doq": "Porta DNS su QUIC",
-    "encryption_doq_desc": "Se questa porta è configurata, AdGuard Home eseguirà un server DNS su porta QUIC. ",
+    "encryption_doq": "Porta DNS su QUIC (sperimentale)",
+    "encryption_doq_desc": "Se questa porta è configurata, AdGuard Home eseguirà un server DNS su porta QUIC. Questa opzione è sperimentale e potrebbe non risultare affidabile. Inoltre, al momento non sono molti i client a supportarla.",
    "encryption_certificates": "Certificati",
    "encryption_certificates_desc": "Per utilizzare la crittografia, è necessario fornire una catena di certificati SSL valida per il proprio dominio. Puoi ottenere un certificato gratuito su <0> {{link}} </ 0> o puoi acquistarlo da una delle Autorità di certificazione attendibili.",
    "encryption_certificates_input": "Copia / incolla qui i certificati codificati PEM.",
--- a/client/src/__locales/ja.json
+++ b/client/src/__locales/ja.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "通常のDNS（over UDP, ホスト名）。",
    "example_upstream_dot": "暗号化されている <0>DNS-over-TLS</0>。",
    "example_upstream_doh": "暗号化されている <0>DNS-over-HTTPS</0>。",
-    "example_upstream_doq": "暗号化 <0>DNS-over-QUIC</0>。",
+    "example_upstream_doq": "暗号化 <0>DNS-over-QUIC</0>（実験的）。",
    "example_upstream_sdns": "<1>DNSCrypt</1> または <2>DNS-over-HTTPS</2> リゾルバのための <0>DNS Stamps</0>。",
    "example_upstream_tcp": "通常のDNS（over TCP）。",
    "example_upstream_tcp_hostname": "通常のDNS（over TCP, ホスト名）。",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "HTTPSポートが設定されていると、AdGuard Home 管理インターフェースはHTTPS経由でアクセス可能になり、そして「/dns-query」の場所にDNS-over-HTTPSも提供されます。",
    "encryption_dot": "DNS-over-TLS ポート",
    "encryption_dot_desc": "このポートが設定されていると、AdGuard HomeはこのポートでDNS-over-TLSサーバを実行します。",
-    "encryption_doq": "DNS-over-QUIC ポート",
-    "encryption_doq_desc": "このポートが設定されていると、AdGuard HomeはこのポートにてDNS-over-QUICサーバーを実行します。",
+    "encryption_doq": "DNS-over-QUIC ポート (実験的)",
+    "encryption_doq_desc": "このポートが設定されていると、AdGuard HomeはこのポートにてDNS-over-QUICサーバーを実行します。これは実験的なものであり、頼りにならない可能性があります。また、現時点ではこのサーバーをサポートするクライアントも少ないです。",
    "encryption_certificates": "証明書",
    "encryption_certificates_desc": "暗号化を使用するには、ドメインに有効なSSL証明書チェーンを提供する必要があります。無料の証明書は<0> {{link}} </0>で入手できます。または、信頼できる認証局のいずれかから購入することもできます。",
    "encryption_certificates_input": "ここにPEM形式の証明書をコピー／ペーストしてください。",
--- a/client/src/__locales/ko.json
+++ b/client/src/__locales/ko.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "일반 DNS (UDP를 통한, 호스트명);",
    "example_upstream_dot": "암호화된 <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "암호화된 <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "암호화된 <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "암호화된 <0>DNS-over-QUIC</0> (실험);",
    "example_upstream_sdns": "<1>DNSCrypt</1> 또는 <2>DNS-over-HTTPS</2> 리졸버를 위한 <0>DNS 스탬프</0>;",
    "example_upstream_tcp": "일반 DNS (TCP를 통한 접속);",
    "example_upstream_tcp_hostname": "일반 DNS (TCP를 통한, 호스트명);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "HTTPS 포트가 구성되면 HTTPS를 통해 AdGuard Home 관리자 인터페이스에 액세스할 수 있으며, '/dns-query' 위치에 DNS-over-HTTPS도 제공합니다.",
    "encryption_dot": "DNS-over-TLS 포트",
    "encryption_dot_desc": "이 포트가 구성된 경우 AdGuard Home 이 포트에서 DNS-over-TLS 서버를 실행합니다.",
-    "encryption_doq": "DNS-over-QUIC 포트",
-    "encryption_doq_desc": "이 포트가 설정된 경우 AdGuard Home은 해당 포트에서 DNS-over-QUIC 서버를 실행합니다. ",
+    "encryption_doq": "DNS-over-QUIC 포트 (실험)",
+    "encryption_doq_desc": "이 포트가 설정된 경우 AdGuard Home은 해당 포트에서 DNS-over-QUIC 서버를 실행합니다. 이것은 실험적이며 신뢰할 수 없습니다. 또한 현재 이를 지원하는 클라이언트가 많지 않습니다.",
    "encryption_certificates": "인증서",
    "encryption_certificates_desc": "암호화를 사용하려면 도메인에 대해 올바른 SSL 인증서 체인을 제공해야 합니다. <0>{{link}}</0>에서 무료 증명서를 받을 수도 있고, 신뢰할 수있는 인증 기관에서 구입할 수 있습니다.",
    "encryption_certificates_input": "PEM으로 인코딩된 인증서 여기에 복사/붙여넣기하세요.",
--- a/client/src/__locales/nl.json
+++ b/client/src/__locales/nl.json
@@ -9,7 +9,7 @@
    "bootstrap_dns": "Bootstrap DNS-servers",
    "bootstrap_dns_desc": "Bootstrap DNS-servers worden gebruikt om IP-adressen op te lossen van de DoH / DoT-resolvers die u opgeeft als upstreams.",
    "local_ptr_title": "Private omgekeerde DNS-servers",
-    "local_ptr_desc": "De DNS-servers die AdGuard Home gebruikt voor lokale PTR-zoekopdrachten. Deze servers worden gebruikt om PTR-verzoeken voor adressen in privé-IP-bereiken op te lossen, bijvoorbeeld \"192.168.12.34\", met behulp van reverse DNS. Indien niet ingesteld, gebruikt AdGuard Home de adressen van de standaard DNS-resolvers van uw besturingssysteem, behalve de adressen van AdGuard Home zelf.",
+    "local_ptr_desc": "De DNS-servers die AdGuard Home zal gebruiken voor lokale PTR zoekopdrachten. Deze server wordt gebruikt om de hostnamen van de clients met private IP-adressen, bijvoorbeeld \"192.168.12.34\", dmv. rDNS. Indien niet ingesteld, gebruikt AdGuard Home automatisch je standaard DNS-resolver.",
    "local_ptr_default_resolver": "Standaard gebruikt AdGuard Home de volgende omgekeerde DNS-resolvers: {{ip}}.",
    "local_ptr_no_default_resolver": "AdGuard Home kon voor dit systeem geen geschikte private omgekeerde DNS-resolvers bepalen.",
    "local_ptr_placeholder": "Voer één serveradres per regel in",
@@ -213,7 +213,7 @@
    "example_upstream_udp": "standaard DNS (via UDP, hostnaam);",
    "example_upstream_dot": "versleutelde <0>DNS-via-TLS</0>;",
    "example_upstream_doh": "versleutelde <0>DNS-via-HTTPS</0>;",
-    "example_upstream_doq": "versleutelde <0>DNS-via-QUIC</0>;",
+    "example_upstream_doq": "versleutelde <0>DNS-via-QUIC</0> (experimenteel);",
    "example_upstream_sdns": "<0>DNS Stamps</0> voor <1>DNSCrypt</1> of <2>DNS-via-HTTPS</2> oplossingen;",
    "example_upstream_tcp": "standaard DNS (over TCP);",
    "example_upstream_tcp_hostname": "standaard DNS (via TCP, hostnaam);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Als de HTTPS-poort is geconfigureerd, is de AdGuard Home beheerders interface toegankelijk via HTTPS en biedt deze ook DNS-via-HTTPS op de locatie '/ dns-query'.",
    "encryption_dot": "DNS-via-TLS poort",
    "encryption_dot_desc": "Indien deze poort is geconfigureerd, zal AdGuard Home gebruik maken van een DNS-via-TLS server via deze poort.",
-    "encryption_doq": "DNS-over-QUIC poort",
-    "encryption_doq_desc": "Als deze poort is geconfigureerd, zal AdGuard Home een DNS-via-QUIC server gebruiken via deze poort.",
+    "encryption_doq": "DNS-via-QUIC poort (experimenteel)",
+    "encryption_doq_desc": "Als deze poort is geconfigureerd, zal AdGuard Home een DNS-via-QUIC server gebruiken via deze poort. Dit is experimenteel en kan onbetrouwbaar zijn. Er zijn overigens nog niet veel systemen die dit nu al ondersteunen.",
    "encryption_certificates": "Certificaten",
    "encryption_certificates_desc": "Om encryptie te gebruiken, moet u een geldige SSL certificaat voor uw domein opgeven. U kunt een gratis certificaat krijgen op <0> {{link}} </0> of u kunt het kopen bij een van de vertrouwde certificaatautoriteiten.",
    "encryption_certificates_input": "Kopieër en plak je PEM-gecodeerde certificaten hier.",
--- a/client/src/__locales/no.json
+++ b/client/src/__locales/no.json
@@ -199,7 +199,7 @@
    "example_upstream_regular": "vanlig DNS (over UDP)",
    "example_upstream_dot": "kryptert <0>DNS-over-TLS</0>",
    "example_upstream_doh": "kryptert <0>DNS-over-HTTPS</0>",
-    "example_upstream_doq": "kryptert <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "kryptert <0>DNS-over-QUIC</0>",
    "example_upstream_sdns": "du kan bruke <0>DNS-stempler</0> med <1>DNSCrypt</1> eller <2>DNS-over-HTTPS</2>-behandlere",
    "example_upstream_tcp": "vanlig DNS (over TCP)",
    "all_lists_up_to_date_toast": "Alle listene er allerede oppdatert",
@@ -354,8 +354,8 @@
    "encryption_https_desc": "Dersom HTTPS-porten er satt opp, vil AdGuard Home sitt admin-grensesnitt være tilgjengelig gjennom HTTPS, og vil også sørge for DNS-over-HTTPS på «/dns-query»-plasseringen.",
    "encryption_dot": "'DNS-over-TLS'-port",
    "encryption_dot_desc": "Dersom denne porten er satt opp, vil AdGuard Home kjøre en 'DNS-over-TLS'-tjener på denne porten.",
-    "encryption_doq": "DNS-over-QUIC-port",
-    "encryption_doq_desc": "Dersom denne porten er satt opp, vil AdGuard Home kjøre en DNS-over-QUIC-tjener på denne porten. ",
+    "encryption_doq": "'DNS-over-QUIC'-port",
+    "encryption_doq_desc": "Dersom denne porten er satt opp, vil AdGuard Home kjøre en DNS-over-QUIC-tjener på denne porten. Den er eksperimentell og vil kanskje ikke være pålitelig. I tillegg er det ikke så altfor mange klienter som støtter det for øyeblikket.",
    "encryption_certificates": "Sertifikater",
    "encryption_certificates_desc": "For å bruke kryptering, må du skrive inn et gyldig SSL-sertifikatkjede for domenet ditt. Du kan få et gratis sertifikat hos <0>{{link}}</0>, eller kjøpe et fra en av de troverdige sertifikatsautoritetene.",
    "encryption_certificates_input": "Kopier / lim inn dine PEM-kodede sertifikater her.",
--- a/client/src/__locales/pl.json
+++ b/client/src/__locales/pl.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "zwykły DNS (przez UDP, nazwa hosta);",
    "example_upstream_dot": "zaszyfrowany <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "zaszyfrowany <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "zaszyfrowany <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "zaszyfrowany <0>DNS-over-QUIC</0> (eksperymentalny);",
    "example_upstream_sdns": "<0>Stempel DNS</0> dla resolwerów <1>DNSCrypt</1> lub <2>DNS-over-HTTPS</2>;",
    "example_upstream_tcp": "zwykły DNS (przez TCP);",
    "example_upstream_tcp_hostname": "zwykły DNS (przez TCP, nazwa hosta);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Jeśli port HTTPS jest skonfigurowany, interfejs administratora AdGuard Home będzie dostępny za pośrednictwem protokołu HTTPS i zapewni DNS przez HTTPS w lokalizacji zapytania '/dns-query'.",
    "encryption_dot": "Port DNS-over-TLS",
    "encryption_dot_desc": "Jeśli ten port jest skonfigurowany, AdGuard Home uruchomi serwer DNS-over-TLS na tym porcie.",
-    "encryption_doq": "Port DNS-over-QUIC",
-    "encryption_doq_desc": "Jeśli ten port jest skonfigurowany, AdGuard Home uruchomi serwer DNS-over-QUIC na tym porcie.",
+    "encryption_doq": "Port DNS-over-QUIC (eksperymentalny)",
+    "encryption_doq_desc": "Jeśli ten port jest skonfigurowany, AdGuard Home uruchomi serwer DNS-over-QUIC na tym porcie. Jest to funkcja eksperymentalna i może nie być stabilna. Ponadto, w tej chwili nie ma zbyt wielu klientów, którzy go obsługują.",
    "encryption_certificates": "Certyfikaty",
    "encryption_certificates_desc": "Aby korzystać z szyfrowania, musisz podać prawidłowy łańcuch certyfikatów SSL dla swojej domeny. Możesz uzyskać bezpłatny certyfikat na  <0>{{link}}</0> lub możesz go kupić od jednego z zaufanych urzędów certyfikacji.",
    "encryption_certificates_input": "Kopiuj/wklej tutaj swoje zakodowane certyfikaty PEM.",
--- a/client/src/__locales/pt-br.json
+++ b/client/src/__locales/pt-br.json
@@ -9,7 +9,7 @@
    "bootstrap_dns": "Servidores DNS de inicialização",
    "bootstrap_dns_desc": "Servidores DNS de inicialização são usados para resolver endereços IP dos resolvedores DoH/DoT que você especifica como upstreams.",
    "local_ptr_title": "Servidores DNS reversos privados",
-    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usa para consultas PTR locais. Esses servidores são usados para resolver solicitações de PTR para endereços em intervalos de IP privados, por exemplo \"192.168.12.34\", usando DNS reverso. Se não estiver definido, o AdGuard Home usa os endereços dos resolvedores de DNS padrão do seu sistema operacional, exceto os endereços do próprio AdGuard Home.",
+    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usa para consultas PTR locais. Esses servidores são usados para resolver os nomes de host de clientes com endereços IP privados, por exemplo \"192.168.12.34\", usando DNS reverso. Se não for definido, o AdGuard Home usa os endereços dos resolvedores DNS padrão do seu sistema operacional, exceto os endereços do AdGuard Home.",
    "local_ptr_default_resolver": "Por padrão, o AdGuard Home usa os seguintes resolvedores de DNS reverso: {{ip}}.",
    "local_ptr_no_default_resolver": "A página inicial do AdGuard não conseguiu determinar resolvedores DNS reversos privados adequados para este sistema.",
    "local_ptr_placeholder": "Insira um endereço de servidor por linha",
@@ -213,7 +213,7 @@
    "example_upstream_udp": "DNS normal (através do UDP, nome do servidor);",
    "example_upstream_dot": "<0>DNS-sobre-TLS</0> criptografado;",
    "example_upstream_doh": "<0>DNS-sobre-HTTPS</0> criptografado;",
-    "example_upstream_doq": "<0>DNS-sobre-QUIC</0> criptografado;",
+    "example_upstream_doq": "<0>DNS-sobre-QUIC</0> criptografado (experimental);",
    "example_upstream_sdns": "<0>DNS Stamps</0> para o <1>DNSCrypt</1> ou usar os resolvedores <2>DNS-sobre-HTTPS</2>;",
    "example_upstream_tcp": "DNS regular (através do TCP);",
    "example_upstream_tcp_hostname": "DNS normal (através do TCP, nome do servidor);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Se a porta HTTPS estiver configurada, a interface administrativa do AdGuard Home será acessível via HTTPS e também fornecerá o DNS-sobre-HTTPS no local '/dns-query'.",
    "encryption_dot": "Porta DNS-sobre-TLS",
    "encryption_dot_desc": "Se essa porta estiver configurada, o AdGuard Home irá executar o servidor DNS-sobre- TSL nesta porta.",
-    "encryption_doq": "Porta DNS-sobre-QUIC",
-    "encryption_doq_desc": "Se esta porta estiver configurada, o AdGuard Home executará um servidor DNS-sobre-QUIC nesta porta. ",
+    "encryption_doq": "Porta DNS-sobre-QUIC (experimental)",
+    "encryption_doq_desc": "Se esta porta estiver configurada, o AdGuard Home executará um servidor DNS-sobre-QUIC nesta porta. É experimental e pode não ser confiável. Além disso, não há muitos clientes que ofereçam suporte no momento.",
    "encryption_certificates": "Certificados",
    "encryption_certificates_desc": "Para usar criptografia, você precisa fornecer uma cadeia de certificados SSL válida para seu domínio. Você pode obter um certificado gratuito em <0> {{link}}</0> ou pode comprá-lo de uma das autoridades de certificação confiáveis.",
    "encryption_certificates_input": "Copie/cole aqui seu certificado codificado em PEM.",
--- a/client/src/__locales/pt-pt.json
+++ b/client/src/__locales/pt-pt.json
@@ -9,7 +9,7 @@
    "bootstrap_dns": "Servidores DNS de arranque",
    "bootstrap_dns_desc": "Servidores DNS de inicialização são usados para resolver endereços IP dos resolvedores DoH/DoT que especifica como upstreams.",
    "local_ptr_title": "Servidores DNS reversos privados",
-    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usa para consultas PTR locais. Esses servidores são usados para resolver solicitações de PTR para endereços em intervalos de IP privados, por exemplo \"192.168.12.34\", usando DNS reverso. Se não estiver definido, o AdGuard Home usa os endereços dos resolvedores de DNS padrão do seu sistema operacional, exceto os endereços do próprio AdGuard Home.",
+    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usa para consultas PTR locais. Esses servidores são usados para resolver os nomes de host de clientes com endereços IP privados, por exemplo \"192.168.12.34\", usando DNS reverso. Se não for definido, o AdGuard Home usa os endereços dos resolvedores DNS padrão do seu sistema operacional, exceto os endereços do AdGuard Home.",
    "local_ptr_default_resolver": "Por predefinição, o AdGuard Home usa os seguintes resolvedores de DNS reverso: {{ip}}.",
    "local_ptr_no_default_resolver": "A página inicial do AdGuard não conseguiu determinar resolvedores DNS reversos privados adequados para este sistema.",
    "local_ptr_placeholder": "Insira um endereço de servidor por linha",
@@ -213,7 +213,7 @@
    "example_upstream_udp": "DNS normal (através do UDP, nome do servidor);",
    "example_upstream_dot": "<0>DNS-sobre-TLS</0> criptografado;",
    "example_upstream_doh": "<0>DNS-sobre-HTTPS</0> criptografado;",
-    "example_upstream_doq": "<0>DNS-sobre-QUIC</0> criptografado;",
+    "example_upstream_doq": "<0>DNS-sobre-QUIC</0> criptografado (experimental);",
    "example_upstream_sdns": "<0>DNS Stamps</0> para o <1>DNSCrypt</1> ou usar os resolvedores <2>DNS-sobre-HTTPS</2>;",
    "example_upstream_tcp": "DNS regular (através do TCP);",
    "example_upstream_tcp_hostname": "DNS normal (através do TCP, nome do servidor);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Se a porta HTTPS estiver configurada, a interface administrativa do AdGuard Home será acessível via HTTPS e também fornecerá o DNS-sobre-HTTPS no local '/dns-query'.",
    "encryption_dot": "Porta DNS-sobre-TLS",
    "encryption_dot_desc": "Se essa porta estiver configurada, o AdGuard Home irá executar o servidor DNS-sobre- TSL nesta porta.",
-    "encryption_doq": "Porta DNS-sobre-QUIC",
-    "encryption_doq_desc": "Se esta porta estiver configurada, o AdGuard Home executará um servidor DNS-sobre-QUIC nesta porta. ",
+    "encryption_doq": "Porta DNS-sobre-QUIC (experimental)",
+    "encryption_doq_desc": "Se esta porta estiver configurada, o AdGuard Home executará um servidor DNS-sobre-QUIC nesta porta. É experimental e pode não ser confiável. Além disso, não há demasiados clientes que ofereçam suporte no momento.",
    "encryption_certificates": "Certificados",
    "encryption_certificates_desc": "Para usar criptografia, precisa de fornecer uma cadeia de certificados SSL válida para o seu domínio. Pode obter um certificado gratuito em <0> {{link}}</0> ou pode comprá-lo numa das autoridades de certificação confiáveis.",
    "encryption_certificates_input": "Copie/cole aqui o seu certificado codificado em PEM.",
--- a/client/src/__locales/ro.json
+++ b/client/src/__locales/ro.json
@@ -7,15 +7,15 @@
    "load_balancing": "Echilibrare-sarcini",
    "load_balancing_desc": "Interoghează câte un server în amonte la un moment dat. AdGuard Home utilizează un algoritm de randomizare ponderat pentru a alege serverul, astfel încât cel mai rapid server să fie utilizat mai des.",
    "bootstrap_dns": "Serverele DNS Bootstrap",
-    "bootstrap_dns_desc": "Serverele DNS Bootstrap sunt folosite pentru a rezolva adresele IP ale rezolvatorilor DoH/DoT indicați ca upstreams.",
+    "bootstrap_dns_desc": "Serverele DNS Bootstrap sunt folosite pentru a rezolva adresele IP ale resolverelor DoH/DoT indicate ca upstreams.",
    "local_ptr_title": "Servere DNS inverse private",
-    "local_ptr_desc": "Serverele DNS pe care AdGuard Home le utilizează pentru interogările PTR locale. Aceste servere sunt utilizate pentru a rezolva solicitările PTR pentru adrese din intervale IP private, de exemplu „192.168.12.34”, utilizând DNS invers. Dacă nu este configurat, AdGuard Home utilizează adresele rezolvatorilor DNS impliciți ai sistemului dvs. de operare, cu excepția adreselor AdGuard Home în sine.",
-    "local_ptr_default_resolver": "În mod implicit, AdGuard Home utilizează următorii rezolvatori DNS inverși: {{ip}}.",
-    "local_ptr_no_default_resolver": "AdGuard Home nu a putut determina rezolvatorii DNS privați adecvați pentru acest sistem.",
+    "local_ptr_desc": "Servere DNS pe care AdGuard Home le utilizează pentru interogări PTR locale. Aceste servere sunt folosite pentru a rezolva numele gazdelor de clienți cu adrese IP private, cum ar fi \"192.168.12.34\", folosind DNS inversat. Dacă nu este setat, AdGuard Home utilizează adresele resolverelor DNS implicite ale SO al dvs., cu excepția adreselor AdGuard Home înseși.",
+    "local_ptr_default_resolver": "În mod implicit, AdGuard Home utilizează următoarele resolvere DNS inverse: {{ip}}.",
+    "local_ptr_no_default_resolver": "AdGuard Home nu a putut determina resolvere DNS private adecvate pentru acest sistem.",
    "local_ptr_placeholder": "Introduceți o adresă de server per linie",
    "resolve_clients_title": "Permiteți rezolvarea inversa a adreselor IP ale clienților",
-    "resolve_clients_desc": "Rezolvă invers adresele IP ale clienților în numele lor de gazde prin trimiterea interogărilor PTR la rezolvatorii corespunzători (servere DNS private pentru clienți locali, servere în amonte pentru clienți cu adrese IP publice).",
-    "use_private_ptr_resolvers_title": "Utilizați rezolvatori DNS inverși privați",
+    "resolve_clients_desc": "Rezolvă invers adresele IP ale clienților în numele lor de gazde prin trimiterea interogărilor PTR la resolverele corespunzătoare (servere DNS private pentru clienți locali, servere în amonte pentru clienți cu adrese IP publice).",
+    "use_private_ptr_resolvers_title": "Utilizați resolvere DNS inverse private",
    "use_private_ptr_resolvers_desc": "Efectuează examinări DNS inverse pentru adresele deservite local folosind aceste servere în amonte. Dacă este dezactivată, AdGuard Home răspunde cu NXDOMAIN la toate aceste cereri PTR, cu excepția clienților cunoscuți din DHCP, /etc/hosts și așa mai departe.",
    "check_dhcp_servers": "Căutați servere DHCP",
    "save_config": "Salvare configurare",
@@ -213,8 +213,8 @@
    "example_upstream_udp": "DNS obișnuit (over UDP, nume de gazdă);",
    "example_upstream_dot": "<0>DNS-over-TLS</0> criptat;",
    "example_upstream_doh": "<0>DNS-over-HTTPS</0> criptat;",
-    "example_upstream_doq": "criptat <0>DNS-over-QUIC</0>;",
-    "example_upstream_sdns": "<0>DNS Stamps</0> pentru <1>DNSCrypt</1> sau rezolvatori <2>DNS-over-HTTPS</2>;",
+    "example_upstream_doq": "<0>DNS-over-QUIC</0> criptat (experimental);",
+    "example_upstream_sdns": "<0>DNS Stamps</0> pentru <1>DNSCrypt</1> sau rezolvere <2>DNS-over-HTTPS</2>;",
    "example_upstream_tcp": "DNS clasic (over TCP);",
    "example_upstream_tcp_hostname": "DNS obișnuit (over TCP, nume de gazdă);",
    "all_lists_up_to_date_toast": "Toate listele sunt deja la zi",
@@ -351,7 +351,7 @@
    "install_devices_android_list_5": "Schimbați valorile DNS 1 și DNS 2 la adresele serverului dvs. AdGuard Home.",
    "install_devices_ios_list_1": "Din ecranul de start, tapați Setări.",
    "install_devices_ios_list_2": "Alegeți Wi-Fi în meniul din stânga (este imposibil să configurați DNS pentru rețelele mobile).",
-    "install_devices_ios_list_3": "Apăsați pe numele rețelei active în prezent.",
+    "install_devices_ios_list_3": "Tapați numele rețelei active curente.",
    "install_devices_ios_list_4": "În câmpul DNS, introduceți adresele serverului dvs. AdGuard Home.",
    "get_started": "Să începem",
    "next": "Următor",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Dacă portul HTTPS este configurat, interfața administrator AdGuard Home va fi accesibilă prin HTTPS și va oferi de asemenea DNS-over-HTTPS în locația '/DNS-query'.",
    "encryption_dot": "Port DNS-over-TLS",
    "encryption_dot_desc": "Dacă acest port este configurat, AdGuard Home va rula un server DNS-over-TLS pe acest port.",
-    "encryption_doq": "Portul DNS-over-QUIC",
-    "encryption_doq_desc": "Dacă este configurat acest port, AdGuard Home va rula un server DNS-over-QUIC pe acest port.",
+    "encryption_doq": "Port DNS-over-QUIC (experimental)",
+    "encryption_doq_desc": "Dacă acest port este configurat, AdGuard Home va rula un server DNS-over-QUIC pe acest port. Este experimental și este posibil să nu fie fiabil. De asemenea, nu există prea mulți clienți care să-l susțină în acest moment.",
    "encryption_certificates": "Certificate",
    "encryption_certificates_desc": "Pentru a utiliza criptarea, trebuie furnizate o serie de certificate SSL valabile pentru domeniul dvs.. Puteți obține un certificat gratuit pe <0>{{link}}</0> sau îl puteți cumpăra de la una din Autoritățile Certificate de încredere.",
    "encryption_certificates_input": "Copiați/lipiți certificatele dvs. PEM-codate aici.",
@@ -585,7 +585,7 @@
    "list_updated": "{{count}} listă actualizată",
    "list_updated_plural": "{{count}} liste actualizate",
    "dnssec_enable": "Activați DNSSEC",
-    "dnssec_enable_desc": "Activați semnalul DNSSEC în interogările DNS de ieșire și verificați rezultatul (este necesar un rezolvator compatibil DNSSEC).",
+    "dnssec_enable_desc": "Activați semnalul DNSSEC în interogările DNS de ieșire și verificați rezultatul (este necesar un resolver compatibil DNSSEC).",
    "validated_with_dnssec": "Validat cu DNSSEC",
    "all_queries": "Toate interogările",
    "show_blocked_responses": "Blocat",
--- a/client/src/__locales/ru.json
+++ b/client/src/__locales/ru.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "обычный DNS (поверх UDP, с именем хоста);",
    "example_upstream_dot": "зашифрованный <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "зашифрованный <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "зашифрован <0>DNS-over-QUIC</0>",
+    "example_upstream_doq": "зашифрованный <0>DNS-over-QUIC</0> (эксперементальный);",
    "example_upstream_sdns": "<0>DNS Stamps</0> для <1>DNSCrypt</1> или <2>DNS-over-HTTPS</2> серверов;",
    "example_upstream_tcp": "обычный DNS (поверх TCP);",
    "example_upstream_tcp_hostname": "обычный DNS (поверх TCP, с именем хоста);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Если порт HTTPS настроен, веб-интерфейс администрирования AdGuard Home будет доступен через HTTPS, а также DNS-over-HTTPS сервер будет доступен по пути '/dns-query'.",
    "encryption_dot": "Порт DNS-over-TLS",
    "encryption_dot_desc": "Если этот порт настроен, AdGuard Home запустит DNS-over-TLS-сервер на этому порту.",
-    "encryption_doq": "Порт DNS-over-QUIC",
-    "encryption_doq_desc": "Если этот порт настроен, AdGuard Home запустит сервер DNS-over-QUIC на этом порте.",
+    "encryption_doq": "Порт DNS-over-QUIC (экспериментальный)",
+    "encryption_doq_desc": "Если этот порт настроен, AdGuard Home запустит сервер DNS-over-QUIC на этом порте. Это экспериментально и может быть ненадёжно. Кроме того, не так много клиентов поддерживает этот способ в настоящий момент.",
    "encryption_certificates": "Сертификаты",
    "encryption_certificates_desc": "Для использования шифрования вам необходимо предоставить корректную цепочку SSL-сертификатов для вашего домена. Вы можете получить бесплатный сертификат на <0>{{link}}</0> или вы можете купить его у одного из доверенных Центров Сертификации.",
    "encryption_certificates_input": "Скопируйте сюда сертификаты в PEM-кодировке.",
--- a/client/src/__locales/sk.json
+++ b/client/src/__locales/sk.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "štandardné DNS (cez UDP, hostname);",
    "example_upstream_dot": "šifrované <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "šifrované <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "šifrované <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "šifrované <0>DNS-over-QUIC</0> (experimentálne);",
    "example_upstream_sdns": "<0>DNS pečiatky</0> pre <1>DNSCrypt</1> alebo <2>DNS-over-HTTPS</2> rezolvery;",
    "example_upstream_tcp": "obyčajná DNS (cez TCP);",
    "example_upstream_tcp_hostname": "štandardné DNS (cez TCP, hostname);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Ak je nakonfigurovaný HTTPS port, AdGuard Home administrátorské rozhranie bude prístupné cez HTTPS a bude tiež poskytovať DNS-cez-HTTPS na '/dns-query'.",
    "encryption_dot": "Port DNS-cez-TLS",
    "encryption_dot_desc": "Ak je tento port nakonfigurovaný, AdGuard Home bude na tomto porte spúšťať DNS-cez-TLS server.",
-    "encryption_doq": "Port DNS-cez-QUIC",
-    "encryption_doq_desc": "Ak je tento port nakonfigurovaný, AdGuard Home na tomto porte spustí server DNS-over-QUIC. ",
+    "encryption_doq": "DNS-over-QUIC (experimentálne)",
+    "encryption_doq_desc": "Ak je tento port nakonfigurovaný, AdGuard Home na tomto porte spustí server DNS-over-QUIC. Je to experimentálne a nemusí to byť spoľahlivé. Momentálne tiež nie je príliš veľa klientov, ktorí by ju podporovali.",
    "encryption_certificates": "Certifikáty",
    "encryption_certificates_desc": "Ak chcete používať šifrovanie, musíte pre svoju doménu poskytnúť platný reťazec certifikátov SSL. Certifikát môžete získať bezplatne na adrese <0>{{link}}</0> alebo si ho môžete kúpiť od jedného z dôveryhodných certifikačných orgánov.",
    "encryption_certificates_input": "Skopírujte alebo prilepte sem certifikáty vo formáte PEM.",
--- a/client/src/__locales/sl.json
+++ b/client/src/__locales/sl.json
@@ -9,7 +9,7 @@
    "bootstrap_dns": "Zagonski DNS strežniki",
    "bootstrap_dns_desc": "Zagonski DNS strežniki se uporabljajo za razreševanje IP naslovov DoH/DoT reševalcev, ki jih določite kot navzgornje.",
    "local_ptr_title": "Zasebni povratni strežniki DNS",
-    "local_ptr_desc": "Strežniki DNS, ki jih AdGuard Home uporablja za lokalne PTR poizvedbe. Ti strežniki se uporabljajo za reševanje zahtev PTR za naslove v zasebnih obsegih IP, na primer \"192.168.12.34\", z uporabo obratnega DNS. Če ni nastavljen, AdGuard Home uporablja naslove privzetih razreševalnikov DNS vašega OS, razen naslovov samega AdGuard Home.",
+    "local_ptr_desc": "Strežniki DNS, ki jih AdGuard Home uporablja za lokalne poizvedbe PTR. Ti strežniki se uporabljajo za razreševanje imen gostiteljev z zasebnimi naslovi IP, na primer \"192.168.12.34\" uporablja DNS. Če ni nastavljen, uporablja naslove privzetih razreševalnikov DNS vašega OS, razen naslovov samega AdGuard Home.",
    "local_ptr_default_resolver": "AdGuard Home privzeto uporablja te povratne razreševalnike DNS: {{ip}}.",
    "local_ptr_no_default_resolver": "AdGuard Home ni mogel določiti ustreznih zasebnih povratnih reševalcev DNS za ta sistem.",
    "local_ptr_placeholder": "V vrstico vnesite en naslov strežnika",
@@ -213,7 +213,7 @@
    "example_upstream_udp": "redni DNS (nad UDP, ime gostitelja);",
    "example_upstream_dot": "šifriran <0>DNS-prek-TLS</0>;",
    "example_upstream_doh": "šifriran <0>DNS-prek-HTTPS</0>;",
-    "example_upstream_doq": "šifriran <0>DNS-prek-QUIC</0>;",
+    "example_upstream_doq": "šifriran <0>DNS-prek-QUIC</0> (eksperimentalno);",
    "example_upstream_sdns": "lahko uporabite <0>DNS Žige</0> za reševalce <1>DNSCrypt</1> ali <2>DNS-prek-HTTPS</2>;",
    "example_upstream_tcp": "redni DNS (nad TCP);",
    "example_upstream_tcp_hostname": "redni DNS (nad TCP, ime gostitelja);",
@@ -351,7 +351,7 @@
    "install_devices_android_list_5": "Spremeni nastavitev vrednosti DNS 1 in DNS 2 na naslove strežnikov AdGuard Home.",
    "install_devices_ios_list_1": "Na začetnem zaslonu izberite Nastavitve.",
    "install_devices_ios_list_2": "V levem meniju izberite Wi-Fi (nemogoče je konfigurirati DNS za mobilna omrežja).",
-    "install_devices_ios_list_3": "Tapnite na ime trenutno aktivnega omrežja.",
+    "install_devices_ios_list_3": "Dotaknite se imena trenutno aktivnega omrežja.",
    "install_devices_ios_list_4": "V polje DNS vnesite vaše naslove AdGuard Home strežnika.",
    "get_started": "Začnimo",
    "next": "Naprej",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Če so vrata HTTPS konfigurirana, bo skrbniški vmesnik AdGuard Home dostopen prek protokola HTTPS, prav tako pa bo zagotovil DNS-prek-HTTPS na mestu '/dns-query'.",
    "encryption_dot": "Vrata DNS-prek-TLS",
    "encryption_dot_desc": "Če so ta vrata konfigurirana, bo AdGuard Home na teh vratih zagnal DNS-prek-TLS strežnika.",
-    "encryption_doq": "DNS-prek-vrat QUIC",
-    "encryption_doq_desc": "Če so nastavljena ta vrata bo AdGuard Home na teh vratih zagnal strežnik DNS-prek-QUIC. ",
+    "encryption_doq": "DNS-prek-vrat QUIC (eksperimentalno)",
+    "encryption_doq_desc": "Če so nastavljena ta vrata bo AdGuard Home na teh vratih zagnal strežnik DNS-prek-QUIC. To je eksperimentalno in morda ni zanesljivo. Prav tako trenutno ni preveč odjemalcev, ki to podpirajo.",
    "encryption_certificates": "Digitalna potrdila",
    "encryption_certificates_desc": "Za uporabo šifriranja morate za svojo domeno zagotoviti veljavno verigo potrdil SSL. Brezplačno digitalno potrdilo lahko dobite na <0>{{link}}</0> ali pa ga kupite pri enem od   zaupanja vrednih overiteljev.\n\n",
    "encryption_certificates_input": "Tukaj kopirajte/prilepite PEM šifrirana digitalna potrdila.",
--- a/client/src/__locales/sr-cs.json
+++ b/client/src/__locales/sr-cs.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "uobičajen DNS (preko UDP, imena domaćina);",
    "example_upstream_dot": "šifrovano <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "šifrovano <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "šifrovano <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "šifrovano <0>DNS-over-QUIC</0> (eksperimentalno);",
    "example_upstream_sdns": "<0>DNS brojeve</0> za <1>DNSCrypt</1> ili <2>DNS-over-HTTPS</2> razrešivače;",
    "example_upstream_tcp": "uobičajeni DNS (preko TCP);",
    "example_upstream_tcp_hostname": "uobičajen DNS (preko TCP, imena domaćina);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Ako je HTTPS port konfigurisan, AdGuard Home administratorskom okruženju će se moći pristupati preko HTTPS, a to će takođe omogućiti DNS-over-HTTPS na '/dns-query' lokaciji.",
    "encryption_dot": "DNS-over-TLS port",
    "encryption_dot_desc": "Ako je ovaj port konfigurisan, AdGuard Home će pokretati DNS-over-TLS server na ovom portu.",
-    "encryption_doq": "DNS-over-QUIC port",
-    "encryption_doq_desc": "Ako je ovaj port konfigurisan, AdGuard Home će pokrenuti DNS-over-QUIC server na tom portu.",
+    "encryption_doq": "DNS-over-QUIC port (eksperimentalno)",
+    "encryption_doq_desc": "Ako je ovaj port konfigurisan, AdGuard Home će pokrenuti DNS-over-QUIC server na tom portu. To je eksperiment i možda neće biti stabilno. Takođe, u ovom trenutku ne postoji puno klijenata koji ovo podržavaju.",
    "encryption_certificates": "Sertifikati",
    "encryption_certificates_desc": "Da biste koristili šifrovanje, morate obezbediti važeći lanac SSL sertifikata za vaš domen. Besplatan sertifikat možete nabaviti na <0>{{link}}</0> ili ga možete kupiti od nekog od pouzdanih izdavalaca sertifikata.",
    "encryption_certificates_input": "Kopirajte/nalepite vaše PEM-kodirane sertifikate ovde.",
--- a/client/src/__locales/sv.json
+++ b/client/src/__locales/sv.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "vanlig DNS (över UDP, värdnamn);",
    "example_upstream_dot": "krypterat <0>DNS-over-TLS</0>",
    "example_upstream_doh": "krypterat <0>DNS-over-HTTPS</0>",
-    "example_upstream_doq": "krypterat <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "krypterat <0>DNS-over-QUIC</0> (experimentell);",
    "example_upstream_sdns": "Du kan använda <0>DNS-stamps</0> för <1>DNSCrypt</1> eller <2>DNS-over-HTTPS</2>-resolvers",
    "example_upstream_tcp": "vanlig DNS (över UDP)",
    "example_upstream_tcp_hostname": "vanlig DNS (över TCP, värdnamn);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Om en HTTPS-port är inställd kommer gränssnittet till AdGuard Home administrering att kunna nås via HTTPS och kommer också att erbjuda DNS-over-HTTPS på '/dns-query' plats.",
    "encryption_dot": "DNS-över-TLS port",
    "encryption_dot_desc": "Om den här porten ställs in kommer AdGuard Home att använda DNS-over-TLS-server på porten.",
-    "encryption_doq": "DNS-over-QUIC port",
-    "encryption_doq_desc": "Om denna port är konfigurerad kommer AdGuard Home att köra en DNS-over-QUIC-server på denna port. ",
+    "encryption_doq": "DNS-over-QUIC port (experimentell)",
+    "encryption_doq_desc": "Om denna port är konfigurerad kommer AdGuard Home att köra en DNS-over-QUIC-server på denna port. Det är experimentellt och kanske inte är tillförlitligt. Dessutom finns det inte så många klienter som stödjer det för tillfället.",
    "encryption_certificates": "Certifikat",
    "encryption_certificates_desc": "För att använda kryptering måste du ange ett giltigt SSL-certifikat för din domän. Du kan skaffa ett certifikat gratis på <0>{{link}}</0> eller köpa ett från någon av de godkända certifikatutfärdare.",
    "encryption_certificates_input": "Kopiera/klistra in dina PEM-kodade certifikat här.",
--- a/client/src/__locales/tr.json
+++ b/client/src/__locales/tr.json
@@ -9,7 +9,7 @@
    "bootstrap_dns": "DNS Önyükleme sunucuları",
    "bootstrap_dns_desc": "DNS Önyükleme sunucuları, belirttiğiniz üst sunucuların DoH/DoT çözümleyicilerine ait IP adreslerinin çözümlemek için kullanılır.",
    "local_ptr_title": "Özel ters DNS sunucuları",
-    "local_ptr_desc": "AdGuard Home'un yerel PTR sorguları için kullandığı DNS sunucuları. Bu sunucular, rDNS kullanarak, örneğin \"192.168.12.34\" gibi özel IP aralıklarındaki adresler için PTR isteklerini çözmek için kullanılır. Ayarlanmadığı durumda AdGuard Home, işletim sisteminizin varsayılan DNS çözümleme adreslerini kullanır.",
+    "local_ptr_desc": "AdGuard Home'un yerel PTR sorguları için kullandığı DNS sunucuları. Bu sunucular, rDNS kullanarak \"192.168.12.34\" gibi özel IP adreslerine sahip istemcilerin ana makine adlarını çözmek için kullanılır. Ayarlanmadığı durumda AdGuard Home, işletim sisteminizin varsayılan DNS çözümleme adreslerini kullanır.",
    "local_ptr_default_resolver": "AdGuard Home, varsayılan olarak aşağıdaki ters DNS çözümleyicilerini kullanır: {{ip}}.",
    "local_ptr_no_default_resolver": "AdGuard Home, bu sistem için uygun olan özel ters DNS çözümleyicilerini belirleyemedi.",
    "local_ptr_placeholder": "Her satıra bir sunucu adresi girin",
@@ -115,7 +115,7 @@
    "blocked_by": "<0>Filtreler tarafından engellenen</0>",
    "stats_malware_phishing": "Engellenen kötü amaçlı yazılım ve kimlik avı",
    "stats_adult": "Engellenen yetişkin içerikli siteler",
-    "stats_query_domain": "Başlıca sorgulanan alan adları",
+    "stats_query_domain": "En fazla sorgulanan alan adları",
    "for_last_24_hours": "son 24 saat içindekiler",
    "for_last_days": "son {{count}} gün boyunca",
    "for_last_days_plural": "son {{count}} gün boyunca",
@@ -123,8 +123,8 @@
    "stats_disabled_short": "İstatistikler devre dışı bırakıldı",
    "no_domains_found": "Alan adı bulunamadı",
    "requests_count": "İstek sayısı",
-    "top_blocked_domains": "Başlıca engellenen alan adları",
-    "top_clients": "Başlıca istemciler",
+    "top_blocked_domains": "En fazla engellenen alan adları",
+    "top_clients": "En aktif istemciler",
    "no_clients_found": "İstemci bulunamadı",
    "general_statistics": "Genel istatistikler",
    "number_of_dns_query_days": "Son {{count}} gün boyunca işlenen DNS sorgularının sayısı",
@@ -213,7 +213,7 @@
    "example_upstream_udp": "normal DNS (UDP üzerinden, ana makine adı);",
    "example_upstream_dot": "şifrelenmiş <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "şifrelenmiş <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "şifrelenmiş <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "şifrelenmiş <0>DNS-over-QUIC</0> (deneysel);",
    "example_upstream_sdns": "<1>DNSCrypt</1> veya <2>DNS-over-HTTPS</2> çözümleyicileri için <0>DNS Damgaları</0>;",
    "example_upstream_tcp": "normal DNS (TCP üzerinden);",
    "example_upstream_tcp_hostname": "normal DNS (TCP üzerinden, ana makine adı);",
@@ -336,22 +336,22 @@
    "install_devices_router_list_4": "Bazı yönlendirici türlerinde özel bir DNS sunucusu ayarlanamaz. Bu durumda, AdGuard Home'u <0>DHCP sunucusu</0> olarak ayarlamak yardımcı olabilir. Aksi takdirde, yönlendirici modeliniz için DNS sunucularını nasıl ayarlayacağınız konusunda yönlendirici kılavuzuna bakmalısınız.",
    "install_devices_windows_list_1": "Başlat menüsünden veya Windows araması aracılığıyla Denetim Masası'nı açın.",
    "install_devices_windows_list_2": "Ağ ve İnternet kategorisine girin ve ardından Ağ ve Paylaşım Merkezi'ne girin.",
-    "install_devices_windows_list_3": "Sol panelde \"Bağdaştırıcı ayarlarını değiştirin\" öğesine tıklayın.",
+    "install_devices_windows_list_3": "Sol panelde \"Bağdaştırıcı ayarlarını değiştirin'e\" tıklayın.",
    "install_devices_windows_list_4": "Kullandığınız aktif bağlantının üzerine sağ tıklayın ve Özellikler öğesine tıklayın.",
-    "install_devices_windows_list_5": "Listede \"İnternet Protokolü Sürüm 4 (TCP/IPv4)\" (veya IPv6 için \"İnternet Protokolü Sürüm 6 (TCP/IPv6)\") öğesini bulun, seçin ve ardından tekrar Özellikler öğesine tıklayın.",
+    "install_devices_windows_list_5": "Listede \"İnternet Protokolü Sürüm 4 (TCP/IPv4)\" (veya IPv6 için \"İnternet Protokolü Sürüm 6 (TCP/IPv6)\") öğesini bulun, seçin ve ardından tekrar Özellikler'e tıklayın.",
    "install_devices_windows_list_6": "\"Aşağıdaki DNS sunucu adreslerini kullan\"ı seçin ve AdGuard Home sunucu adreslerinizi girin.",
-    "install_devices_macos_list_1": "Apple simgesine tıklayın ve Sistem Tercihleri öğesine gidin.",
-    "install_devices_macos_list_2": "Ağ öğesine tıklayın.",
+    "install_devices_macos_list_1": "Apple simgesine tıklayın ve Sistem Tercihleri'ne gidin.",
+    "install_devices_macos_list_2": "Ağ'a tıklayın.",
    "install_devices_macos_list_3": "Listedeki ilk bağlantıyı seçin ve Gelişmiş öğesine tıklayın.",
    "install_devices_macos_list_4": "DNS sekmesini seçin ve AdGuard Home sunucunuzun adreslerini girin.",
    "install_devices_android_list_1": "Android Menüsü ana ekranından Ayarlar'a dokunun.",
-    "install_devices_android_list_2": "Menüde bulunan Wi-Fi öğesine dokunun. Mevcut tüm ağlar listelenecektir (mobil ağlar için özel DNS sunucusu ayarlanamaz).",
+    "install_devices_android_list_2": "Menüde bulunan Wi-Fi seçeneğine dokunun. Mevcut tüm ağlar listelenecektir (mobil ağlar için özel DNS sunucusu ayarlanamaz).",
    "install_devices_android_list_3": "Bağlı olduğunuz ağın üzerine basılı tutun ve Ağı Değiştir'e dokunun.",
    "install_devices_android_list_4": "Bazı cihazlarda, diğer ayarları görmek için \"Gelişmiş\" seçeneğini seçmeniz gerekebilir. Android DNS ayarlarınızı yapmak için IP ayarlarını DHCP modundan Statik moda almanız gerekecektir.",
    "install_devices_android_list_5": "DNS 1 ve DNS 2 değerlerini AdGuard Home sunucunuzun adresleriyle değiştirin.",
    "install_devices_ios_list_1": "Ana ekrandan Ayarlar'a dokunun.",
    "install_devices_ios_list_2": "Sol menüde bulunan Wi-Fi bölümüne girin (mobil ağlar için özel DNS sunucusu ayarlanamaz).",
-    "install_devices_ios_list_3": "O anda aktif olan ağın adına dokunun.",
+    "install_devices_ios_list_3": "Bağlı olduğunuz ağın ismine dokunun.",
    "install_devices_ios_list_4": "DNS alanına AdGuard Home sunucunuzun adreslerini girin.",
    "get_started": "Başlayın",
    "next": "Sonraki",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "HTTPS bağlantı noktası yapılandırılırsa, AdGuard Home yönetici arayüzüne HTTPS aracılığıyla erişilebilir olacak ve ayrıca '/dns-query' üzerinden DNS-over-HTTPS bağlantısı sağlayacaktır.",
    "encryption_dot": "DNS-over-TLS bağlantı noktası",
    "encryption_dot_desc": "Bu bağlantı noktası yapılandırılırsa, AdGuard Home, DNS-over-TLS sunucusunu bu bağlantı noktası üzerinden çalıştıracaktır.",
-    "encryption_doq": "DNS-over-QUIC bağlantı noktası",
-    "encryption_doq_desc": "Bu bağlantı noktası yapılandırılırsa, AdGuard Home, bu bağlantı noktasında bir DNS-over-QUIC sunucusu çalıştıracaktır.",
+    "encryption_doq": "DNS-over-QUIC bağlantı noktası (deneysel)",
+    "encryption_doq_desc": "Bu bağlantı noktası yapılandırılırsa, AdGuard Home, DNS-over-QUIC sunucusunu bu bağlantı noktası üzerinden çalıştıracaktır. Bu özellik deneme aşamasındadır ve güvenilir olmayabilir. Ayrıca, şu anda bu özelliği destekleyen çok fazla istemci yok.",
    "encryption_certificates": "Sertifikalar",
    "encryption_certificates_desc": "Şifrelemeyi kullanmak için alan adınıza geçerli bir SSL sertifika zinciri sağlamanız gerekir. <0>{{link}}</0> adresinden ücretsiz bir sertifika alabilir veya güvenilir Sertifika Yetkililerinden satın alabilirsiniz.",
    "encryption_certificates_input": "PEM biçimindeki sertifikalarınızı kopyalayıp buraya yapıştırın.",
@@ -453,7 +453,7 @@
    "setup_dns_privacy_2": "<0>DNS-over-HTTPS:</0> <1>{{address}}</1> dizesini kullan.",
    "setup_dns_privacy_3": "<0>İşte, kullanabileceğiniz yazılımların bir listesi.</0>",
    "setup_dns_privacy_4": "Bir iOS 14 veya macOS Big Sur cihazında, DNS ayarlarına <highlight>DNS-over-HTTPS</highlight> veya <highlight>DNS-over-TLS</highlight> sunucuları ekleyen özel '.mobileconfig' dosyasını indirebilirsiniz.",
-    "setup_dns_privacy_android_1": "Android 9, yerel olarak DNS-over-TLS protokolünü destekler. Yapılandırmak için Ayarlar → Ağ ve İnternet → Gelişmiş → Özel DNS öğesine gidin ve alan adınızı girin.",
+    "setup_dns_privacy_android_1": "Android 9, yerel olarak DNS-over-TLS protokolünü destekler. Yapılandırmak için Ayarlar → Ağ ve İnternet → Gelişmiş → Özel DNS seçeneğine gidin ve alan adınızı girin.",
    "setup_dns_privacy_android_2": "<0>Android için AdGuard</0>, <1>DNS-over-HTTPS</1> ve <1>DNS-over-TLS</1> protokolünü destekler.",
    "setup_dns_privacy_android_3": "<0>Intra</0> Android'e <1>DNS-over-HTTPS</1> protokol desteğini ekler.",
    "setup_dns_privacy_ios_1": "<0>DNSCloak</0>, <1>DNS-over-HTTPS</1> protokolünü destekler, ancak kendi sunucunuzu kullanacak şekilde yapılandırmak için bir <2>DNS Damgası</2> oluşturmanız gerekir.",
@@ -602,14 +602,14 @@
    "milliseconds_abbreviation": "ms",
    "cache_size": "Önbellek boyutu",
    "cache_size_desc": "DNS önbellek boyutu (bayt cinsinden).",
-    "cache_ttl_min_override": "Minimum kullanım süresini geçersiz kıl",
-    "cache_ttl_max_override": "Maksimum kullanım süresini geçersiz kıl",
+    "cache_ttl_min_override": "Minimum TTL'i değiştir",
+    "cache_ttl_max_override": "Maksimum TTL'i değiştir",
    "enter_cache_size": "Önbellek boyutunu girin (bayt)",
-    "enter_cache_ttl_min_override": "Minimum kullanım süresi girin (saniye olarak)",
-    "enter_cache_ttl_max_override": "Maksimum kullanım süresi girin (saniye olarak)",
+    "enter_cache_ttl_min_override": "Minimum TTL değerini girin (saniye olarak)",
+    "enter_cache_ttl_max_override": "Maksimum TTL değerini girin (saniye olarak)",
    "cache_ttl_min_override_desc": "DNS yanıtlarını önbelleğe alırken üst sunucudan alınan kullanım süresi değerini uzatın (saniye olarak).",
    "cache_ttl_max_override_desc": "DNS önbelleğindeki girişler için maksimum kullanım süresi değerini ayarlayın (saniye olarak).",
-    "ttl_cache_validation": "Minimum önbellek kullanım süresi geçersiz kılma, maksimum değerden küçük veya ona eşit olmalıdır",
+    "ttl_cache_validation": "Minimum önbellek TTL geçersiz kılma, maksimuma eşit veya bundan küçük olmalıdır",
    "cache_optimistic": "İyimser önbelleğe alma",
    "cache_optimistic_desc": "Girişlerin süresi dolduğunda bile AdGuard Home'un önbellekten yanıt vermesini sağlayın ve bunları yenilemeye çalışın.",
    "filter_category_general": "Genel",
--- a/client/src/__locales/uk.json
+++ b/client/src/__locales/uk.json
@@ -7,16 +7,16 @@
    "load_balancing": "Балансування навантаження",
    "load_balancing_desc": "Запитувати один сервер за раз. AdGuard Home використовуватиме зважений випадковий алгоритм для вибору сервера, щоб найшвидший сервер використовувався частіше.",
    "bootstrap_dns": "Bootstrap DNS-сервери",
-    "bootstrap_dns_desc": "Bootstrap DNS-сервери використовуються для вирішення IP-адрес встановлених серверів DoH/DoT.",
+    "bootstrap_dns_desc": "Bootstrap DNS-сервери використовуються для пошуку IP-адреси DoH/DoT серверів, які ви встановили.",
    "local_ptr_title": "Приватні сервери для зворотного DNS",
-    "local_ptr_desc": "DNS-сервери, які AdGuard Home використовує для локальних PTR-запитів. Ці сервери використовуються для вирішення PTR-запитів для адрес у приватних мережах, наприклад, «192.168.12.34». Якщо список порожній, AdGuard Home буде усталено використовувати системний DNS-сервер.",
-    "local_ptr_default_resolver": "Стандартно AdGuard Home користується такими зворотними DNS-вирішувачами: {{ip}}.",
-    "local_ptr_no_default_resolver": "AdGuard Home не зміг визначити приватні зворотні DNS-вирішувачі, які підійшли б для цієї системи.",
+    "local_ptr_desc": "DNS-сервери, які AdGuard Home використовує для локальних PTR-запитів. Ці сервери, використовуючи rDNS, використовуються для отримання доменних імен клієнтів у приватних мережах, наприклад, «192.168.12.34». Якщо список порожній, буде використовуватись системний DNS-сервер.",
+    "local_ptr_default_resolver": "AdGuard Home усталено використовує такі зворотні DNS-резолвери: {{ip}}.",
+    "local_ptr_no_default_resolver": "AdGuard Home не зміг визначити приватні реверсивні DNS-резолвери, що були б придатними для цієї системи.",
    "local_ptr_placeholder": "Вводьте одну адресу на рядок",
-    "resolve_clients_title": "Увімкнути зворотне вирішення IP-адрес клієнтів",
+    "resolve_clients_title": "Увімкнути запитування доменних імен для IP-адрес клієнтів",
    "resolve_clients_desc": "Визначати доменні імена клієнтів за допомогою PTR-запитів до відповідних серверів — приватних DNS-серверів для локальних клієнтів та upstream-серверів для клієнтів з публічними IP-адресами.",
    "use_private_ptr_resolvers_title": "Використовувати приватні зворотні DNS-резолвери",
-    "use_private_ptr_resolvers_desc": "Надсилати зворотні DNS-запити до вказаних серверів для клієнтів, що обслуговуються локально. Якщо вимкнено, AdGuard Home буде відповідати NXDOMAIN на всі такі PTR-запити, окрім запитів про клієнтів, що уже відомі завдяки DHCP, /etc/hosts тощо.",
+    "use_private_ptr_resolvers_desc": "Надсилати зворотні DNS-запити до вказаних серверів для клієнтів, що обслуговуються локально. Якщо вимкнено, AdGuard Home буде відповідати NXDOMAIN на всі такі PTR-запити, окрім запитів про клієнтів, що уже відомі по DHCP, /etc/hosts тощо.",
    "check_dhcp_servers": "Перевірити DHCP-сервери",
    "save_config": "Зберегти конфігурацію",
    "enabled_dhcp": "DHCP-сервер увімкнено",
@@ -60,12 +60,12 @@
    "dhcp_form_range_end": "Кінець діапазону",
    "dhcp_form_lease_title": "Час оренди DHCP (в секундах)",
    "dhcp_form_lease_input": "Тривалість оренди",
-    "dhcp_interface_select": "Вибрати DHCP-інтерфейс",
+    "dhcp_interface_select": "Оберіть інтерфейс DHCP",
    "dhcp_hardware_address": "Апаратна адреса",
    "dhcp_ip_addresses": "IP-адреси",
    "ip": "IP",
    "dhcp_table_hostname": "Назва вузла",
-    "dhcp_table_expires": "Закінчується",
+    "dhcp_table_expires": "Термін дії",
    "dhcp_warning": "Якщо ви однаково хочете увімкнути DHCP-сервер, переконайтеся, що у вашій мережі немає інших активних DHCP-серверів. Інакше, це може порушити роботу інтернету на під'єднаних пристроях!",
    "dhcp_error": "AdGuard Home не зміг визначити, чи є в мережі інший DHCP-сервер",
    "dhcp_static_ip_error": "Для використання DHCP-сервера необхідно встановити статичну IP-адресу. Нам не вдалося визначити, чи цей мережевий інтерфейс налаштовано для використання статичної IP-адреси. Встановіть статичну IP-адресу вручну.",
@@ -117,11 +117,11 @@
    "stats_adult": "Заблоковано вебсайтів для дорослих",
    "stats_query_domain": "Найчастіші запити доменів",
    "for_last_24_hours": "за останні 24 години",
-    "for_last_days": "за останній {{count}} день",
+    "for_last_days": "за останній день",
    "for_last_days_plural": "за останні {{count}} днів",
    "stats_disabled": "Статистику вимкнено. Ви можете увімкнути її на <0>сторінці налаштувань</0>.",
    "stats_disabled_short": "Статистику вимкнено",
-    "no_domains_found": "Не знайдено жодного домену",
+    "no_domains_found": "Доменів не знайдено",
    "requests_count": "Кількість запитів",
    "top_blocked_domains": "Найчастіше блоковані домени",
    "top_clients": "Найактивніші клієнти",
@@ -131,21 +131,21 @@
    "number_of_dns_query_days_plural": "Кількість DNS-запитів, оброблених за останні {{count}} днів",
    "number_of_dns_query_24_hours": "Кількість DNS-запитів, оброблених за останні 24 години",
    "number_of_dns_query_blocked_24_hours": "Кількість DNS-запитів, заблокованих фільтрами і списками блокування hosts",
-    "number_of_dns_query_blocked_24_hours_by_sec": "Кількість DNS-запитів, заблокованих модулем «Безпека перегляду» AdGuard",
+    "number_of_dns_query_blocked_24_hours_by_sec": "Кількість DNS-запитів, заблокованих модулем безпеки перегляду AdGuard",
    "number_of_dns_query_blocked_24_hours_adult": "Кількість заблокованих вебсайтів для дорослих",
    "enforced_save_search": "Примусовий безпечний пошук",
    "number_of_dns_query_to_safe_search": "Кількість DNS-запитів до пошукових систем, для яких примусово застосований безпечний пошук",
    "average_processing_time": "Середній час обробки",
    "average_processing_time_hint": "Середній час обробки DNS запиту в мілісекундах",
-    "block_domain_use_filters_and_hosts": "Блокування доменів за допомогою фільтрів та hosts-файлів",
+    "block_domain_use_filters_and_hosts": "Блокувати домени з використанням фільтрів та hosts-файлів",
    "filters_block_toggle_hint": "Ви можете налаштувати правила блокування в розділі <a>Фільтри</a>.",
-    "use_adguard_browsing_sec": "Використовувати вебслужбу «Безпека перегляду» AdGuard",
-    "use_adguard_browsing_sec_hint": "AdGuard Home перевірятиме, чи підлягає домен блокуванню завдяки вебслужбі «Безпека перегляду». Для перевірки буде використано безпечний API — на сервер надсилається лише короткий префікс хешу SHA256 доменного імені.",
-    "use_adguard_parental": "Використовувати вебслужбу «Батьківський контроль» AdGuard",
-    "use_adguard_parental_hint": "AdGuard Home перевірить, чи містить домен матеріали для дорослих. Буде використано той же безпечний API, що й для «Безпеки перегляду» AdGuard.",
-    "enforce_safe_search": "Використовувати Безпечний пошук",
+    "use_adguard_browsing_sec": "Використовувати веб-службу безпечного перегляду AdGuard",
+    "use_adguard_browsing_sec_hint": "AdGuard Home перевірятиме, чи додано домен до списку веб-служби безпечного перегляду браузера. Він використовуватиме API для перевірки — на сервер надсилається лише короткий префікс хешу SHA256 доменного імені.",
+    "use_adguard_parental": "Використовувати вебсервіс Батьківського контролю AdGuard",
+    "use_adguard_parental_hint": "AdGuard Home перевірятиме, чи домен містить матеріали для дорослих. Він використовує той самий орієнтований на приватність API, що й веб-служба безпечного перегляду.",
+    "enforce_safe_search": "Використовувати безпечний пошук",
    "enforce_save_search_hint": "AdGuard Home може примусово застосовувати безпечний пошук в таких пошукових системах: Google, YouTube, Bing, DuckDuckGo, Yandex, Pixabay.",
-    "no_servers_specified": "Сервери не вказано",
+    "no_servers_specified": "Не вказано сервери",
    "general_settings": "Загальні налаштування",
    "dns_settings": "Налаштування DNS",
    "dns_blocklists": "Список блокування DNS",
@@ -158,15 +158,15 @@
    "upstream_dns": "Upstream DNS-сервери",
    "upstream_dns_help": "Введіть адреси серверів по одній на рядок. <a>Докладніше</a> про налаштування DNS-серверів.",
    "upstream_dns_configured_in_file": "Налаштовано в {{path}}",
-    "test_upstream_btn": "Перевірити сервери",
+    "test_upstream_btn": "Тест upstream серверів",
    "upstreams": "Upstreams",
    "apply_btn": "Застосувати",
    "disabled_filtering_toast": "Фільтрування вимкнено",
    "enabled_filtering_toast": "Фільтрування увімкнено",
    "disabled_safe_browsing_toast": "Безпечний перегляд вимкнено",
    "enabled_safe_browsing_toast": "Безпечний перегляд увімкнено",
-    "disabled_parental_toast": "«Батьківський контроль» вимкнено",
-    "enabled_parental_toast": "«Батьківський контроль» увімкнено",
+    "disabled_parental_toast": "Батьківський контроль вимкнено",
+    "enabled_parental_toast": "Батьківський контроль увімкнено",
    "disabled_safe_search_toast": "Безпечний пошук вимкнено",
    "enabled_save_search_toast": "Безпечний пошук увімкнено",
    "enabled_table_header": "Увімкнено",
@@ -193,7 +193,7 @@
    "edit_blocklist": "Змінити список блокування",
    "edit_allowlist": "Змінити список дозволів",
    "choose_blocklist": "Виберіть списки блокування",
-    "choose_allowlist": "Виберіть списки дозволів",
+    "choose_allowlist": "Обрати списки дозволених сайтів",
    "enter_valid_blocklist": "Введіть дійсну URL-адресу в список блокування.",
    "enter_valid_allowlist": "Введіть дійсну URL-адресу в список дозволів.",
    "form_error_url_format": "Неправильний формат URL",
@@ -213,8 +213,8 @@
    "example_upstream_udp": "звичайний DNS (поверх UDP, з назвою вузла);",
    "example_upstream_dot": "зашифрований <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "зашифрований <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "зашифрований <0>DNS-over-QUIC</0>;",
-    "example_upstream_sdns": "<0>DNS Stamps</0> для <1>DNSCrypt-</1> або <2>DNS-over-HTTPS-</2>вирішувачів;",
+    "example_upstream_doq": "зашифрований <0>DNS-over-QUIC</0> (експериментальний);",
+    "example_upstream_sdns": "<0>DNS Stamps</0> для <1>DNSCrypt</1> або <2>DNS-over-HTTPS</2> серверів;",
    "example_upstream_tcp": "звичайний DNS (через TCP);",
    "example_upstream_tcp_hostname": "звичайний DNS (поверх TCP, з назвою вузла);",
    "all_lists_up_to_date_toast": "Всі списки вже оновлені",
@@ -266,7 +266,7 @@
    "dns_cache_config": "Конфігурація кешу DNS",
    "dns_cache_config_desc": "Тут ви можете налаштувати DNS-кеш",
    "blocking_mode": "Режим блокування",
-    "default": "Усталено",
+    "default": "Типовий",
    "nxdomain": "NXDOMAIN",
    "refused": "REFUSED",
    "null_ip": "Нульовий IP",
@@ -316,7 +316,7 @@
    "install_settings_dns_desc": "Вам потрібно буде налаштувати свої пристрої або маршрутизатор для використання DNS-сервера за такими адресами:",
    "install_settings_all_interfaces": "Усі інтерфейси",
    "install_auth_title": "Авторизація",
-    "install_auth_desc": "Необхідно налаштувати автентифікацію паролем для вебінтерфейсу AdGuard Home. Навіть якщо він доступний лише у вашій локальній мережі, важливо захистити його від необмеженого доступу.",
+    "install_auth_desc": "Необходно налаштувати автентифікацію паролем для вебінтерфейсу AdGuard Home. Навіть якщо він доступний лише у вашій локальній мережі, важливо захистити його від необмеженого доступу.\n\nДолжна быть настроена аутентификация паролем для веб-интерфейса AdGuard Home. Даже если он доступен только в вашей локальной сети, важно защитить его от неограниченного доступа.",
    "install_auth_username": "Ім'я користувача",
    "install_auth_password": "Пароль",
    "install_auth_confirm": "Підтвердьте пароль",
@@ -336,7 +336,7 @@
    "install_devices_router_list_4": "Ви не можете встановити власний DNS-сервер на деяких типах маршрутизаторів. У цьому разі вам може допомогти налаштування AdGuard Home в якості <0>DHCP-сервера</0>. В іншому разі вам потрібно знайти інструкцію щодо налаштування DNS-сервера для вашої конкретної моделі маршрутизатора.",
    "install_devices_windows_list_1": "Відкрийте Панель керування через меню «Пуск» або пошук Windows.",
    "install_devices_windows_list_2": "Перейдіть до категорії Мережа й Інтернет, а потім до Центру мереж і спільного доступу.",
-    "install_devices_windows_list_3": "Зліва на екрані натисніть на «Змінити налаштування адаптера».",
+    "install_devices_windows_list_3": "Зліва на екрані натисніть на «Змінити настройки адаптера».",
    "install_devices_windows_list_4": "Клацніть на активному з'єднанні правою кнопкою миші та виберіть «Властивості».",
    "install_devices_windows_list_5": "Знайдіть у списку пункт «Internet Protocol Version 4 (TCP/IPv4)» або «Internet Protocol Version 6 (TCP/IPv6)», виберіть його та натисніть кнопку Властивості ще раз.",
    "install_devices_windows_list_6": "Виберіть «Використовувати наступні адреси DNS-серверів» та введіть адреси вашого сервера AdGuard Home.",
@@ -351,7 +351,7 @@
    "install_devices_android_list_5": "Змініть встановлені значення DNS 1 і DNS 2 на адреси вашого домашнього сервера AdGuard.",
    "install_devices_ios_list_1": "На головному екрані торкніться Налаштування.",
    "install_devices_ios_list_2": "Виберіть Wi-Fi у меню ліворуч (неможливо налаштувати DNS для мобільних мереж).",
-    "install_devices_ios_list_3": "Натисніть на назву поточної активної мережі.",
+    "install_devices_ios_list_3": "Натисніть на назву поточно активної мережі.",
    "install_devices_ios_list_4": "У полі DNS введіть адреси вашого сервера AdGuard Home.",
    "get_started": "Розпочати",
    "next": "Наступні",
@@ -369,13 +369,13 @@
    "encryption_https_desc": "Якщо HTTPS-порт налаштовано, інтерфейс адміністратора AdGuard Home буде доступний через HTTPS, а також DNS-over-HTTPS-сервер буде доступний за адресою /dns-query.",
    "encryption_dot": "Порт DNS-over-TLS",
    "encryption_dot_desc": "Якщо цей порт налаштовано, AdGuard Home запустить на цьому порту сервер DNS-over-TLS.",
-    "encryption_doq": "Порт DNS-over-QUIC",
-    "encryption_doq_desc": "Якщо цей порт налаштовано, AdGuard Home запустить на ньому сервер DNS-over-QUIC.",
+    "encryption_doq": "Порт DNS-over-QUIC (експериментальний)",
+    "encryption_doq_desc": "Якщо цей порт налаштовано, AdGuard Home запустить на цьому порту сервер DNS-over-QUIC. Це експериментально і може бути ненадійним. Крім того, зараз не так багато клієнтів, які це підтримують.",
    "encryption_certificates": "Сертифікати",
-    "encryption_certificates_desc": "Для використання шифрування потрібно надати дійсний ланцюжок сертифікатів SSL для вашого домену. Ви можете отримати безплатний сертифікат на <0>{{link}}</0> або придбати його в одному з надійних Центрів Сертифікації.",
+    "encryption_certificates_desc": "Для використання шифрування потрібно надати дійсний ланцюжок сертифікатів SSL для вашого домену. Ви можете отримати безкоштовний сертифікат на <0>{{link}}</0> або придбати його в одному з надійних Центрів Сертифікації.",
    "encryption_certificates_input": "Скопіюйте/вставте сюди свої кодовані PEM сертифікати.",
    "encryption_status": "Статус",
-    "encryption_expire": "Закінчується",
+    "encryption_expire": "Закічнується",
    "encryption_key": "Приватний ключ",
    "encryption_key_input": "Скопіюйте/вставте сюди свій приватний ключ кодований PEM для вашого сертифіката.",
    "encryption_enable": "Увімкнути шифрування (HTTPS, DNS-over-HTTPS і DNS-over-TLS)",
@@ -552,16 +552,16 @@
    "fastest_addr": "Найшвидша IP-адреса",
    "fastest_addr_desc": "Опитати всі DNS-сервери й повернути найшвидшу IP-адресу серед усіх наданих. Це сповільнить швидкість DNS-запитів, оскільки AdGuard Home повинен буде чекати відповіді усіх DNS-серверів, але водночас може покращити якість з'єднання.",
    "autofix_warning_text": "Якщо ви натиснете «Виправити», AdGuard Home налаштує вашу систему на використання DNS-сервера AdGuard Home.",
-    "autofix_warning_list": "Будуть виконані такі дії: <0>Деактивація системи DNSStubListener</0> <0>Зміна адреси DNS-сервера на «127.0.0.1»</0> <0>Заміна символічного посилання «/etc/resolv.conf» на «/run/systemd/resolve/resolv.conf»</0> <0>Зупинка DNSStubListener (перезапуск системної служби systemd-resolved)</0>",
+    "autofix_warning_list": "Це виконає наступні завдання: <0>Деактивує систему DNSStubListener</0> <0>Змінить адресу DNS сервера на 127.0.0.1</0> <0>Замінить символічне посилання /etc/resolv.conf на /run/systemd/resolve/resolv.conf</0> <0>Зупинить DNSStubListener (перезапустить сервіс systemd-resolved)</0>",
    "autofix_warning_result": "В результаті буде усталено, що усі DNS-запити вашої системи будуть опрацьовані AdGuard Home.",
    "tags_title": "Теги",
    "tags_desc": "Ви можете вибрати теги, які відповідають клієнту. Теги можна використати в правилах фільтрування, щоб точніше застосовувати їх. <0>Докладніше</0>.",
    "form_select_tags": "Виберіть теги клієнта",
-    "check_title": "Перевірити фільтрування",
+    "check_title": "Перевірте фільтрування",
    "check_desc": "Перевірити чи фільтрується назва вузла.",
    "check": "Перевірити",
    "form_enter_host": "Введіть назву вузла",
-    "filtered_custom_rules": "Відфільтровано завдяки власним правилам фільтрування",
+    "filtered_custom_rules": "Відфільтровано за власними правилами фільтрування",
    "choose_from_list": "Виберіть зі списку",
    "add_custom_list": "Додати власний список",
    "host_whitelisted": "Вузол додано до списку дозволів",
@@ -585,14 +585,14 @@
    "list_updated": "{{count}} список оновлено",
    "list_updated_plural": "{{count}} списки оновлено",
    "dnssec_enable": "Увімкнути DNSSEC",
-    "dnssec_enable_desc": "Увімкнути DNSSEC для вихідних DNS-запитів та перевірити результат (потрібен вирішувач з підтримкою DNSSEC).",
+    "dnssec_enable_desc": "Встановити прапорець DNSSEC для вихідних DNS запитів та перевірити результат (потрібен розпізнавач з підтримкою DNSSEC).",
    "validated_with_dnssec": "Засвідчено DNSSEC",
    "all_queries": "Усі запити",
    "show_blocked_responses": "Заблоковані",
    "show_whitelisted_responses": "Дозволені",
    "show_processed_responses": "Оброблені",
    "blocked_safebrowsing": "Заблоковано Безпечним переглядом",
-    "blocked_adult_websites": "Заблоковано «Батьківським контролем»",
+    "blocked_adult_websites": "Заблоковано Батьківським контролем",
    "blocked_threats": "Заблоковано загроз",
    "allowed": "Дозволено",
    "filtered": "Відфільтровано",
--- a/client/src/__locales/vi.json
+++ b/client/src/__locales/vi.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "DNS thông thường (qua UDP, tên máy chủ);",
    "example_upstream_dot": "được mã hoá <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "được mã hoá <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "được mã hoá <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "được mã hoá <0>DNS-over-QUIC</0> (thử nghiệm);",
    "example_upstream_sdns": "bạn có thể sử dụng <0>DNS Stamps</0> for <1>DNSCrypt</1> hoặc <2>DNS-over-HTTPS</2> ",
    "example_upstream_tcp": "DNS thông thường(dùng TCP);",
    "example_upstream_tcp_hostname": "DNS thông thường (qua TCP, tên máy chủ);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Nếu cổng HTTPS được định cấu hình, giao diện quản trị viên AdGuard Home sẽ có thể truy cập thông qua HTTPS và nó cũng sẽ cung cấp DNS-over-HTTPS trên vị trí '/dns-query'.",
    "encryption_dot": "Cổng DNS-over-TLS",
    "encryption_dot_desc": "Nếu cổng này được định cấu hình, AdGuard Home sẽ chạy máy chủ DNS-over-TLS trên cổng này.",
-    "encryption_doq": "Cổng DNS-over-QUIC",
-    "encryption_doq_desc": "Nếu cổng này được định cấu hình, AdGuard Home sẽ chạy máy chủ DNS qua QUIC trên cổng này. ",
+    "encryption_doq": "Cổng DNS-over-QUIC (thử nghiệm)",
+    "encryption_doq_desc": "Nếu cổng này được định cấu hình, AdGuard Home sẽ chạy máy chủ DNS qua QUIC trên cổng này. Đó là thử nghiệm và có thể không đáng tin cậy. Ngoài ra, không có quá nhiều khách hàng hỗ trợ nó vào lúc này.",
    "encryption_certificates": "Chứng chỉ",
    "encryption_certificates_desc": "Để sử dụng mã hóa, bạn cần cung cấp chuỗi chứng chỉ SSL hợp lệ cho miền của mình. Bạn có thể nhận chứng chỉ miễn phí trên <0>{{link}}</0> hoặc bạn có thể mua chứng chỉ từ một trong các Cơ Quan Chứng Nhận tin cậy.",
    "encryption_certificates_input": "Sao chép/dán chứng chỉ được mã hóa PEM của bạn tại đây.",
--- a/client/src/__locales/zh-cn.json
+++ b/client/src/__locales/zh-cn.json
@@ -148,8 +148,8 @@
    "no_servers_specified": "未找到指定的服务器",
    "general_settings": "常规设置",
    "dns_settings": "DNS 设置",
-    "dns_blocklists": "DNS 拦截列表",
-    "dns_allowlists": "DNS 允许列表",
+    "dns_blocklists": "DNS封锁清单",
+    "dns_allowlists": "DNS允许清单",
    "dns_blocklists_desc": "AdGuard Home将阻止匹配DNS拦截清单的域名",
    "dns_allowlists_desc": "来自DNS允许列表的域将被允许，即使它们位于任意阻止列表中也是如此",
    "custom_filtering_rules": "自定义过滤规则",
@@ -213,7 +213,7 @@
    "example_upstream_udp": "常规 DNS（通过 UDP、主机名）；",
    "example_upstream_dot": "加密 <0>DNS-over-TLS</0>；",
    "example_upstream_doh": "加密 <0>DNS-over-HTTPS</0>；",
-    "example_upstream_doq": "加密 <0>DNS-over-QUIC</0>",
+    "example_upstream_doq": "加密 <0>DNS-over-QUIC</0>（实验性的）；",
    "example_upstream_sdns": "<1>DNSCrypt</1> 的 <0>DNS Stamps</0> 或者 <2>DNS-over-HTTPS</2> 解析器；",
    "example_upstream_tcp": "常规 DNS（基于 TCP ）；",
    "example_upstream_tcp_hostname": "常规 DNS（通过 TCP、主机名）；",
@@ -335,22 +335,22 @@
    "install_devices_router_list_3": "请在此处输入您的 AdGuard Home 服务器地址。",
    "install_devices_router_list_4": "在某些类型的路由器上无法设置自定义 DNS 服务器。在此情况下将 AdGuard Home 设置为 <0>DHCP 服务器</0>，可能会有所帮助。否则您应该查找如何根据特定路由器型号设置 DNS 服务器的使用手册。",
    "install_devices_windows_list_1": "通过开始菜单或 Windows 搜索功能打开控制面板。",
-    "install_devices_windows_list_2": "点击进入「网络和 Internet」后，再次点击进入「网络和共享中心」",
+    "install_devices_windows_list_2": "点击进入 ”网络和 Internet“ 后，再次点击进入 “网络和共享中心”",
    "install_devices_windows_list_3": "在窗口的左侧点击「更改适配器设置」。",
    "install_devices_windows_list_4": "选择您正在连接的网络设备，右击它并选择「属性”」。",
-    "install_devices_windows_list_5": "在列表中找到「Internet 协议版本 4 (TCP/IPv4)」，选择并再次点击「属性」。",
+    "install_devices_windows_list_5": "在列表中找到 ”Internet 协议版本 4 (TCP/IPv4)“ ，选择并再次点击 ”属性“ 。",
    "install_devices_windows_list_6": "选择“使用下面的 DNS 服务器地址”，并输入您的 AdGuard Home 服务器地址。",
    "install_devices_macos_list_1": "点击苹果图标，进入「系统首选项」。",
    "install_devices_macos_list_2": "点击「网络」。",
-    "install_devices_macos_list_3": "选择在列表中的第一个连接，并点击「高级」。",
-    "install_devices_macos_list_4": "选择「DNS」选项卡，并输入您的 AdGuard Home 服务器地址。",
+    "install_devices_macos_list_3": "选择在列表中的第一个连接，并点击 ”高级“ 。",
+    "install_devices_macos_list_4": "选择 ”DNS“ 选项卡，并输入您的 AdGuard Home 服务器地址。",
    "install_devices_android_list_1": "在安卓主屏幕菜单中点击设置。",
-    "install_devices_android_list_2": "点击菜单上的「无线局域网」选项。在屏幕上将列出所有可用的网络（蜂窝移动网络不支持修改 DNS ）。",
-    "install_devices_android_list_3": "长按当前已连接的网络，然后点击「修改网络设置」。",
-    "install_devices_android_list_4": "在某些设备上，您可能需要选中「高级」复选框以查看进一步的设置。您可能需要调整您安卓设备的 DNS 设置，或是需要将 IP 设置从 DHCP 切换到静态。",
+    "install_devices_android_list_2": "点击菜单上的 ”无线局域网“ 选项。在屏幕上将列出所有可用的网络（蜂窝移动网络不支持修改 DNS ）。",
+    "install_devices_android_list_3": "长按当前已连接的网络，然后点击 ”修改网络设置“ 。",
+    "install_devices_android_list_4": "在某些设备上，您可能需要选中 ”高级“ 复选框以查看进一步的设置。您可能需要调整您安卓设备的 DNS 设置，或是需要将 IP 设置从 DHCP 切换到静态。",
    "install_devices_android_list_5": "将 DNS 1 和 DNS 2 的值改为您的 AdGuard Home 服务器地址。",
-    "install_devices_ios_list_1": "从主屏幕中点击「设置」。",
-    "install_devices_ios_list_2": "从左侧目录中选择「无线局域网」（移动数据网络环境下不支持修改 DNS ）。",
+    "install_devices_ios_list_1": "从主屏幕中点击 ”设置“ 。",
+    "install_devices_ios_list_2": "从左侧目录中选择 ”无线局域网“（移动数据网络环境下不支持修改 DNS ）。",
    "install_devices_ios_list_3": "点击当前已连接网络的名称。",
    "install_devices_ios_list_4": "在 DNS 字段中输入您的 AdGuard Home 服务器地址。",
    "get_started": "开始配置",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "如果配置了 HTTPS 端口，AdGuard Home 管理界面将可以通过 HTTPS 访问，它还将在在 '/dns-query' 位置提供 DNS-over-HTTPS 。",
    "encryption_dot": "DNS-over-TLS 端口",
    "encryption_dot_desc": "如果配置了此端口，AdGuard Home 将在此端口上运行一个 DNS-over-TLS 服务器。",
-    "encryption_doq": "DNS-over-QUIC 端口",
-    "encryption_doq_desc": "如果配置了此端口，AdGuard Home 将在此端口上运行一个 DNS-over-QUIC 服务器。",
+    "encryption_doq": "DNS-over-QUIC 端口（实验性的）",
+    "encryption_doq_desc": "如果配置了此端口，AdGuard Home将在此端口上运行一个DNS-over-QUIC服务器。这是实验性的，可能不可靠。而且，支持此特性的客户端并不多。",
    "encryption_certificates": "证书",
    "encryption_certificates_desc": "为了使用加密，您需要为域提供有效的 SSL 证书链。您可以在 <0>{{link}}</0> 上获得免费证书，也可以从受信任的证书颁发机构购买证书。",
    "encryption_certificates_input": "将您以 PEM 格式编码的证书复制粘贴到此处。",
--- a/client/src/__locales/zh-tw.json
+++ b/client/src/__locales/zh-tw.json
@@ -9,7 +9,7 @@
    "bootstrap_dns": "自我啟動（Bootstrap）DNS 伺服器",
    "bootstrap_dns_desc": "自我啟動（Bootstrap）DNS 伺服器被用於解析您明確指定作為上游的 DoH/DoT 解析器之 IP 位址。",
    "local_ptr_title": "私人反向的 DNS 伺服器",
-    "local_ptr_desc": "AdGuard Home 用於區域指標（PTR）查詢之 DNS 伺服器。這些伺服器被用於解析有關在私人 IP 範圍的位址之區域指標查詢，例如，\"192.168.12.34\"，使用反向的 DNS。如果未被設定，AdGuard Home 使用您的作業系統之預設 DNS 解析器的位址。",
+    "local_ptr_desc": "AdGuard Home 用於區域指標（PTR）查詢之 DNS 伺服器。這些伺服器被用於解析含私人 IP 位址的用戶端之主機名稱，例如，\"192.168.12.34\"，使用反向的 DNS。如果未被設定，除 AdGuard Home 它本身的位址之外，AdGuard Home 使用您的作業系統之預設 DNS 解析器的位址。",
    "local_ptr_default_resolver": "預設下，AdGuard Home 使用以下反向的 DNS 解析器：{{ip}}。",
    "local_ptr_no_default_resolver": "AdGuard Home 無法為此系統決定合適的私人反向的 DNS 解析器。",
    "local_ptr_placeholder": "每行輸入一個伺服器位址",
@@ -213,7 +213,7 @@
    "example_upstream_udp": "常規 DNS（透過 UDP，主機名稱）；",
    "example_upstream_dot": "加密的 <0>DNS-over-TLS</0>；",
    "example_upstream_doh": "加密的 <0>DNS-over-HTTPS</0>；",
-    "example_upstream_doq": "加密的 <0>DNS-over-QUIC</0>;",
+    "example_upstream_doq": "加密的 <0>DNS-over-QUIC</0>（實驗性的）；",
    "example_upstream_sdns": "關於 <1>DNSCrypt</1> 或 <2>DNS-over-HTTPS</2> 解析器之 <0>DNS 戳記</0>；",
    "example_upstream_tcp": "常規 DNS（透過 TCP）；",
    "example_upstream_tcp_hostname": "常規 DNS（透過 TCP，主機名稱）；",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "如果 HTTPS 連接埠被配置，AdGuard Home 管理員介面透過 HTTPS 將為可存取的，且它也將於 '/dns-query' 位置上提供 DNS-over-HTTPS。",
    "encryption_dot": "DNS-over-TLS 連接埠",
    "encryption_dot_desc": "如果該連接埠被配置，AdGuard Home 將於此連接埠上運行 DNS-over-TLS 伺服器。",
-    "encryption_doq": "DNS-over-QUIC 連接埠",
-    "encryption_doq_desc": "如果此連接埠被配置，AdGuard Home 將於此連接埠上運行 DNS-over-QUIC 伺服器。",
+    "encryption_doq": "DNS-over-QUIC 連接埠（實驗性的）",
+    "encryption_doq_desc": "如果此連接埠被配置，AdGuard Home 將於此連接埠上運行 DNS-over-QUIC 伺服器。它是實驗性的並可能為不可靠的。再者，此刻沒有太多支援它的用戶端。",
    "encryption_certificates": "憑證",
    "encryption_certificates_desc": "為了使用加密，您需要提供有效的安全通訊端層（SSL）憑證鏈結供您的網域。於 <0>{{link}}</0> 上您可取得免費的憑證或您可從受信任的憑證授權單位之一購買它。",
    "encryption_certificates_input": "於此複製/貼上您的隱私增強郵件編碼之（PEM-encoded）憑證。",
--- a/client/src/components/Logs/InfiniteTable.js
+++ b/client/src/components/Logs/InfiniteTable.js
@@ -43,7 +43,7 @@ const InfiniteTable = ({

    useEffect(() => {
        listener();
-    }, [items.length < QUERY_LOGS_PAGE_LIMIT, isEntireLog]);
+    }, [items.length < QUERY_LOGS_PAGE_LIMIT]);

    useEffect(() => {
        const THROTTLE_TIME = 100;
@@ -66,24 +66,15 @@ const InfiniteTable = ({

    const isNothingFound = items.length === 0 && !processingGetLogs;

-    return (
-        <div className="logs__table" role="grid">
-            {loading && <Loading />}
-            <Header />
-            {isNothingFound ? (
-                <label className="logs__no-data">{t('nothing_found')}</label>
-            ) : (
-                <>
-                    {items.map(renderRow)}
-                    {!isEntireLog && (
-                        <div ref={loader} className="logs__loading text-center">
-                            {t('loading_table_status')}
-                        </div>
-                    )}
-                </>
-            )}
-        </div>
-    );
+    return <div className='logs__table' role='grid'>
+        {loading && <Loading />}
+        <Header />
+        {isNothingFound
+            ? <label className="logs__no-data">{t('nothing_found')}</label>
+            : <>{items.map(renderRow)}
+                    {!isEntireLog && <div ref={loader} className="logs__loading text-center">{t('loading_table_status')}</div>}
+            </>}
+    </div>;
 };

 InfiniteTable.propTypes = {
--- a/client/src/components/Logs/index.js
+++ b/client/src/components/Logs/index.js
@@ -152,16 +152,6 @@ const Logs = () => {
        };
    }, []);

-    useEffect(() => {
-        if (!history.location.search) {
-            (async () => {
-                setIsLoading(true);
-                await dispatch(setFilteredLogs());
-                setIsLoading(false);
-            })();
-        }
-    }, [history.location.search]);
-
    const renderPage = () => <>
        <Filters
                filter={{
--- a/client/src/helpers/filters/filters.json
+++ b/client/src/helpers/filters/filters.json
@@ -81,8 +81,8 @@
        "urlhaus-filter-online": {
            "name": "Online Malicious URL Blocklist",
            "categoryId": "security",
-            "homepage": "https://gitlab.com/malware-filter/urlhaus-filter",
-            "source": "https://malware-filter.gitlab.io/malware-filter/urlhaus-filter-agh-online.txt"
+            "homepage": "https://gitlab.com/curben/urlhaus-filter",
+            "source": "https://curben.gitlab.io/malware-filter/urlhaus-filter-agh-online.txt"
        },
        "dandelion-sprouts-anti-malware-list": {
            "name": "Dandelion Sprout's Anti-Malware List",
--- a/client/src/helpers/helpers.js
+++ b/client/src/helpers/helpers.js
@@ -693,8 +693,8 @@ export const replaceZeroWithEmptyString = (value) => (parseInt(value, 10) === 0
 * @returns {string}
 */
 export const getLogsUrlParams = (search, response_status) => `?${queryString.stringify({
-    search: search || undefined,
-    response_status: response_status || undefined,
+    search,
+    response_status,
 })}`;

 export const processContent = (
--- a/client/src/helpers/trackers/trackers.js
+++ b/client/src/helpers/trackers/trackers.js
@@ -1,5 +1,4 @@
 import whotracksmeDb from './whotracksme.json';
-import whotracksmeWebsites from './whotracksme_web.json';
 import adguardDb from './adguard.json';
 import { REPOSITORY } from '../constants';

@@ -21,22 +20,6 @@ export const sources = {
    ADGUARD: 2,
 };

-/**
- * Gets link to tracker page on whotracks.me.
- *
- * @param trackerId
- * @return {string}
- */
-const getWhotracksmeUrl = (trackerId) => {
-    const websiteId = whotracksmeWebsites.websites[trackerId];
-    if (websiteId) {
-        // Overrides links to websites.
-        return `https://whotracks.me/websites/${websiteId}.html`;
-    }
-
-    return `https://whotracks.me/trackers/${trackerId}.html`;
-};
-
 /**
 * Gets the source metadata for the specified tracker
 * @param {TrackerData} trackerData tracker data
@@ -50,7 +33,7 @@ export const getSourceData = (trackerData) => {
    if (trackerData.source === sources.WHOTRACKSME) {
        return {
            name: 'Whotracks.me',
-            url: getWhotracksmeUrl(trackerData.id),
+            url: `https://whotracks.me/trackers/${trackerData.id}.html`,
        };
    }
    if (trackerData.source === sources.ADGUARD) {
--- a/client/src/helpers/trackers/whotracksme_web.json
+++ b/client/src/helpers/trackers/whotracksme_web.json
@@ -1,6 +0,0 @@
-{
-  "timeUpdated": "2021-12-19T13:50:00.512Z",
-  "websites": {
-    "netflix": "netflix.com"
-  }
-}
--- a/go.mod
+++ b/go.mod
@@ -3,34 +3,33 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.17

 require (
-	github.com/AdguardTeam/dnsproxy v0.43.1
+	github.com/AdguardTeam/dnsproxy v0.42.1
 	github.com/AdguardTeam/golibs v0.10.8
 	github.com/AdguardTeam/urlfilter v0.16.0
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.2.3
 	github.com/digineo/go-ipset/v2 v2.2.1
-	github.com/dimfeld/httptreemux/v5 v5.4.0
-	github.com/fsnotify/fsnotify v1.5.4
+	github.com/fsnotify/fsnotify v1.5.1
 	github.com/go-ping/ping v0.0.0-20211130115550-779d1e919534
 	github.com/google/go-cmp v0.5.7
 	github.com/google/gopacket v1.1.19
 	github.com/google/renameio v1.0.1
-	github.com/google/uuid v1.3.0
 	github.com/insomniacslk/dhcp v0.0.0-20220405050111-12fbdcb11b41
 	github.com/kardianos/service v1.2.1
-	github.com/lucas-clemente/quic-go v0.27.1
+	github.com/lucas-clemente/quic-go v0.26.0
 	github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118
 	github.com/mdlayher/netlink v1.6.0
 	// TODO(a.garipov): This package is deprecated; find a new one or use
 	// our own code for that.
 	github.com/mdlayher/raw v0.0.0-20211126142749-4eae47f3d54b
-	github.com/miekg/dns v1.1.49
+	github.com/miekg/dns v1.1.48
+	github.com/satori/go.uuid v1.2.0
 	github.com/stretchr/testify v1.7.0
 	github.com/ti-mo/netfilter v0.4.0
 	go.etcd.io/bbolt v1.3.6
 	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
-	golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4
-	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150
+	golang.org/x/net v0.0.0-20220412020605-290c469a71a5
+	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 	gopkg.in/yaml.v2 v2.4.0
 	howett.net/plist v1.0.0
@@ -45,6 +44,7 @@ require (
 	github.com/cheekybits/genny v1.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
 	github.com/josharian/native v1.0.0 // indirect
 	github.com/marten-seemann/qtls-go1-16 v0.1.5 // indirect
 	github.com/marten-seemann/qtls-go1-17 v0.1.1 // indirect
@@ -57,11 +57,14 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/stretchr/objx v0.1.1 // indirect
 	github.com/u-root/uio v0.0.0-20220204230159-dac05f7d2cb4 // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
+	golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
 	golang.org/x/text v0.3.7 // indirect
-	golang.org/x/tools v0.1.11-0.20220426200323-dcaea06afc12 // indirect
+	golang.org/x/tools v0.1.11-0.20220316014157-77aa08bb151a // indirect
 	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 )
+
+// TODO(a.garipov): Return to the main repo once miekg/dns#1359 is merged.
+replace github.com/miekg/dns => github.com/ainar-g/dns v1.1.49-0.20220411125901-8a162bbc18d8
--- a/go.sum
+++ b/go.sum
@@ -7,8 +7,8 @@ dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBr
 dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
-github.com/AdguardTeam/dnsproxy v0.43.1 h1:E777KfQAi+VurOoWEdGQ5iqjSOOAzzbTfLOEzj8heCs=
-github.com/AdguardTeam/dnsproxy v0.43.1/go.mod h1:JUGTm5dmlll47JltztsT0N//pVJjdg6zu0SNeUeaA7g=
+github.com/AdguardTeam/dnsproxy v0.42.1 h1:RZAtW75cvMX1d9Mibg0CA343V7VWV5PLrXsLhBZfdYc=
+github.com/AdguardTeam/dnsproxy v0.42.1/go.mod h1:thHuk3599mgmucsv5J9HR9lBVQHnf4YleE08EbxNrN0=
 github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
@@ -28,6 +28,8 @@ github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmH
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635/go.mod h1:lmLxL+FV291OopO93Bwf9fQLQeLyt33VJRUg5VJ30us=
+github.com/ainar-g/dns v1.1.49-0.20220411125901-8a162bbc18d8 h1:Hp2waLwK989ui3bDkFpedlIHfyWdZ77gynvd+GPEqXY=
+github.com/ainar-g/dns v1.1.49-0.20220411125901-8a162bbc18d8/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/ameshkov/dnscrypt/v2 v2.2.3 h1:X9UP5AHtwp46Ji+sGFfF/1Is6OPI/SjxLqhKpx0P5UI=
 github.com/ameshkov/dnscrypt/v2 v2.2.3/go.mod h1:xJB9cE1/GF+NB6EEQqRlkoa4bjcV2w7VYn1G+zVq7Bs=
 github.com/ameshkov/dnsstamps v1.0.1/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A=
@@ -50,17 +52,14 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/digineo/go-ipset/v2 v2.2.1 h1:k6skY+0fMqeUjjeWO/m5OuWPSZUAn7AucHMnQ1MX77g=
 github.com/digineo/go-ipset/v2 v2.2.1/go.mod h1:wBsNzJlZlABHUITkesrggFnZQtgW5wkqw1uo8Qxe0VU=
-github.com/dimfeld/httptreemux/v5 v5.4.0 h1:IiHYEjh+A7pYbhWyjmGnj5HZK6gpOOvyBXCJ+BE8/Gs=
-github.com/dimfeld/httptreemux/v5 v5.4.0/go.mod h1:QeEylH57C0v3VO0tkKraVz9oD3Uu93CKPnTLbsidvSw=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/fanliao/go-promise v0.0.0-20141029170127-1890db352a72/go.mod h1:PjfxuH4FZdUyfMdtBio2lsRr1AKEaVPwelzuHuh8Lqc=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
 github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
-github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
-github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
@@ -141,15 +140,21 @@ github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/lucas-clemente/quic-go v0.27.1 h1:sOw+4kFSVrdWOYmUjufQ9GBVPqZ+tu+jMtXxXNmRJyk=
-github.com/lucas-clemente/quic-go v0.27.1/go.mod h1:AzgQoPda7N+3IqMMMkywBKggIFo2KT6pfnlrQ2QieeI=
+github.com/lucas-clemente/quic-go v0.25.0/go.mod h1:YtzP8bxRVCBlO77yRanE264+fY/T2U9ZlW1AaHOsMOg=
+github.com/lucas-clemente/quic-go v0.26.0 h1:ALBQXr9UJ8A1LyzvceX4jd9QFsHvlI0RR6BkV16o00A=
+github.com/lucas-clemente/quic-go v0.26.0/go.mod h1:AzgQoPda7N+3IqMMMkywBKggIFo2KT6pfnlrQ2QieeI=
 github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
 github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc=
+github.com/marten-seemann/qtls-go1-15 v0.1.4/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I=
+github.com/marten-seemann/qtls-go1-16 v0.1.4/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk=
 github.com/marten-seemann/qtls-go1-16 v0.1.5 h1:o9JrYPPco/Nukd/HpOHMHZoBDXQqoNtUCmny98/1uqQ=
 github.com/marten-seemann/qtls-go1-16 v0.1.5/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk=
+github.com/marten-seemann/qtls-go1-17 v0.1.0/go.mod h1:fz4HIxByo+LlWcreM4CZOYNuz3taBQ8rN2X6FqvaWo8=
 github.com/marten-seemann/qtls-go1-17 v0.1.1 h1:DQjHPq+aOzUeh9/lixAGunn6rIOQyWChPSI4+hgW7jc=
 github.com/marten-seemann/qtls-go1-17 v0.1.1/go.mod h1:C2ekUKcDdz9SDWxec1N/MvcXBpaX9l3Nx67XaR84L5s=
+github.com/marten-seemann/qtls-go1-18 v0.1.0-beta.1/go.mod h1:PUhIQk19LoFt2174H4+an8TYvWOGjb/hHwphBeaDHwI=
+github.com/marten-seemann/qtls-go1-18 v0.1.0/go.mod h1:PUhIQk19LoFt2174H4+an8TYvWOGjb/hHwphBeaDHwI=
 github.com/marten-seemann/qtls-go1-18 v0.1.1 h1:qp7p7XXUFL7fpBvSS1sWD+uSqPvzNQK43DH+/qEkj0Y=
 github.com/marten-seemann/qtls-go1-18 v0.1.1/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
@@ -174,11 +179,6 @@ github.com/mdlayher/socket v0.2.1/go.mod h1:QLlNPkFR88mRUNQIzRBMfXxwKal8H7u1h3bL
 github.com/mdlayher/socket v0.2.3 h1:XZA2X2TjdOwNoNPVPclRCURoX/hokBY8nkTmRZFEheM=
 github.com/mdlayher/socket v0.2.3/go.mod h1:bz12/FozYNH/VbvC3q7TRIK/Y6dH1kCKsXaUeXi/FmY=
 github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
-github.com/miekg/dns v1.1.40/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
-github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
-github.com/miekg/dns v1.1.44/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
-github.com/miekg/dns v1.1.49 h1:qe0mQU3Z/XpFeE+AEBo2rqaS1IPBJ3anmqZ4XiZJVG8=
-github.com/miekg/dns v1.1.49/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
@@ -212,6 +212,8 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:
 github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
+github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
+github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/shirou/gopsutil/v3 v3.21.8 h1:nKct+uP0TV8DjjNiHanKf8SAuub+GNsbrOtM9Nl9biA=
 github.com/shirou/gopsutil/v3 v3.21.8/go.mod h1:YWp/H8Qs5fVmf17v7JNZzA0mPJ+mS2e9JdiUF9LlKzQ=
@@ -290,9 +292,8 @@ golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPI
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -308,7 +309,6 @@ golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@@ -329,8 +329,8 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA=
-golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220412020605-290c469a71a5 h1:bRb386wvrE+oBNdF1d/Xh9mQrfQ4ecYhW5qJ5GvTGT4=
+golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -358,7 +358,6 @@ golang.org/x/sys v0.0.0-20190606122018-79a91cf218c4/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -375,7 +374,6 @@ golang.org/x/sys v0.0.0-20201017003518-b09fb700fbb7/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -392,9 +390,8 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 h1:xHms4gcpe1YE7A3yIllJXP16CMAGuqwO2lX1mTyyRRc=
-golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -414,14 +411,13 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
-golang.org/x/tools v0.1.11-0.20220426200323-dcaea06afc12 h1:pODAJF0uBqx6zFa1MYaiTobVo5FzCbnTVUXeO8o71fE=
-golang.org/x/tools v0.1.11-0.20220426200323-dcaea06afc12/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4=
+golang.org/x/tools v0.1.11-0.20220316014157-77aa08bb151a h1:ofrrl6c6NG5/IOSx/R1cyiQxxjqlur0h/TvbUhkH0II=
+golang.org/x/tools v0.1.11-0.20220316014157-77aa08bb151a/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/internal/aghnet/arpdb_bsd.go
+++ b/internal/aghnet/arpdb_bsd.go
@@ -13,24 +13,19 @@ import (
 	"github.com/AdguardTeam/golibs/netutil"
 )

-func newARPDB() (arp *cmdARPDB) {
+func newARPDB() *cmdARPDB {
 	return &cmdARPDB{
 		parse: parseArpA,
 		ns: &neighs{
 			mu: &sync.RWMutex{},
 			ns: make([]Neighbor, 0),
 		},
-		cmd: "arp",
-		// Use -n flag to avoid resolving the hostnames of the neighbors.  By
-		// default ARP attempts to resolve the hostnames via DNS.  See man 8
-		// arp.
-		//
-		// See also https://github.com/AdguardTeam/AdGuardHome/issues/3157.
-		args: []string{"-a", "-n"},
+		cmd:  "arp",
+		args: []string{"-a"},
 	}
 }

-// parseArpA parses the output of the "arp -a -n" command on macOS and FreeBSD.
+// parseArpA parses the output of the "arp -a" command on macOS and FreeBSD.
 // The expected input format:
 //
 //   host.name (192.168.0.1) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]
--- a/internal/aghnet/arpdb_linux.go
+++ b/internal/aghnet/arpdb_linux.go
@@ -38,17 +38,12 @@ func newARPDB() (arp *arpdbs) {
 			fsys:     rootDirFS,
 			filename: "proc/net/arp",
 		},
-		// Then, try "arp -a -n".
+		// Then, try "arp -a".
 		&cmdARPDB{
 			parse: parseF,
 			ns:    ns,
 			cmd:   "arp",
-			// Use -n flag to avoid resolving the hostnames of the neighbors.
-			// By default ARP attempts to resolve the hostnames via DNS.  See
-			// man 8 arp.
-			//
-			// See also https://github.com/AdguardTeam/AdGuardHome/issues/3157.
-			args: []string{"-a", "-n"},
+			args:  []string{"-a"},
 		},
 		// Finally, try "ip neigh".
 		&cmdARPDB{
@@ -114,11 +109,11 @@ func (arp *fsysARPDB) Neighbors() (ns []Neighbor) {
 	return arp.ns.clone()
 }

-// parseArpAWrt parses the output of the "arp -a -n" command on OpenWrt.  The
+// parseArpAWrt parses the output of the "arp -a" command on OpenWrt.  The
 // expected input format:
 //
-//   IP address     HW type  Flags  HW address         Mask  Device
-//   192.168.11.98  0x1      0x2    5a:92:df:a9:7e:28  *     wan
+//   IP address       HW type     Flags       HW address            Mask     Device
+//   192.168.11.98    0x1         0x2         5a:92:df:a9:7e:28     *        wan
 //
 func parseArpAWrt(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 	if !sc.Scan() {
@@ -158,8 +153,8 @@ func parseArpAWrt(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 	return ns
 }

-// parseArpA parses the output of the "arp -a -n" command on Linux.  The
-// expected input format:
+// parseArpA parses the output of the "arp -a" command on Linux.  The expected
+// input format:
 //
 //   hostname (192.168.1.1) at ab:cd:ef:ab:cd:ef [ether] on enp0s3
 //
--- a/internal/aghnet/arpdb_openbsd.go
+++ b/internal/aghnet/arpdb_openbsd.go
@@ -12,25 +12,20 @@ import (
 	"github.com/AdguardTeam/golibs/log"
 )

-func newARPDB() (arp *cmdARPDB) {
+func newARPDB() *cmdARPDB {
 	return &cmdARPDB{
 		parse: parseArpA,
 		ns: &neighs{
 			mu: &sync.RWMutex{},
 			ns: make([]Neighbor, 0),
 		},
-		cmd: "arp",
-		// Use -n flag to avoid resolving the hostnames of the neighbors.  By
-		// default ARP attempts to resolve the hostnames via DNS.  See man 8
-		// arp.
-		//
-		// See also https://github.com/AdguardTeam/AdGuardHome/issues/3157.
-		args: []string{"-a", "-n"},
+		cmd:  "arp",
+		args: []string{"-a"},
 	}
 }

-// parseArpA parses the output of the "arp -a -n" command on OpenBSD.  The
-// expected input format:
+// parseArpA parses the output of the "arp -a" command on OpenBSD.  The expected
+// input format:
 //
 //   Host        Ethernet Address  Netif Expire    Flags
 //   192.168.1.1 ab:cd:ef:ab:cd:ef   em0 19m59s
--- a/internal/aghnet/arpdb_windows.go
+++ b/internal/aghnet/arpdb_windows.go
@@ -10,7 +10,7 @@ import (
 	"sync"
 )

-func newARPDB() (arp *cmdARPDB) {
+func newARPDB() *cmdARPDB {
 	return &cmdARPDB{
 		parse: parseArpA,
 		ns: &neighs{
--- a/internal/aghnet/net_nolinux.go
+++ b/internal/aghnet/net_nolinux.go
@@ -1,5 +1,5 @@
-//go:build darwin || freebsd || openbsd
-// +build darwin freebsd openbsd
+//go:build !linux
+// +build !linux

 package aghnet

--- a/internal/aghnet/net_windows.go
+++ b/internal/aghnet/net_windows.go
@@ -1,5 +1,5 @@
-//go:build windows
-// +build windows
+//go:build !(linux || darwin || freebsd || openbsd)
+// +build !linux,!darwin,!freebsd,!openbsd

 package aghnet

@@ -13,10 +13,6 @@ import (
 	"golang.org/x/sys/windows"
 )

-func canBindPrivilegedPorts() (can bool, err error) {
-	return true, nil
-}
-
 func ifaceHasStaticIP(string) (ok bool, err error) {
 	return false, aghos.Unsupported("checking static ip")
 }
--- a/internal/aghos/os.go
+++ b/internal/aghos/os.go
@@ -175,13 +175,3 @@ func RootDirFS() (fsys fs.FS) {
 	// behavior is undocumented but it currently works.
 	return os.DirFS("")
 }
-
-// NotifyShutdownSignal notifies c on receiving shutdown signals.
-func NotifyShutdownSignal(c chan<- os.Signal) {
-	notifyShutdownSignal(c)
-}
-
-// IsShutdownSignal returns true if sig is a shutdown signal.
-func IsShutdownSignal(sig os.Signal) (ok bool) {
-	return isShutdownSignal(sig)
-}
--- a/internal/aghos/os_unix.go
+++ b/internal/aghos/os_unix.go
@@ -1,27 +0,0 @@
-//go:build darwin || freebsd || linux || openbsd
-// +build darwin freebsd linux openbsd
-
-package aghos
-
-import (
-	"os"
-	"os/signal"
-
-	"golang.org/x/sys/unix"
-)
-
-func notifyShutdownSignal(c chan<- os.Signal) {
-	signal.Notify(c, unix.SIGINT, unix.SIGQUIT, unix.SIGTERM)
-}
-
-func isShutdownSignal(sig os.Signal) (ok bool) {
-	switch sig {
-	case
-		unix.SIGINT,
-		unix.SIGQUIT,
-		unix.SIGTERM:
-		return true
-	default:
-		return false
-	}
-}
--- a/internal/aghos/os_windows.go
+++ b/internal/aghos/os_windows.go
@@ -4,10 +4,6 @@
 package aghos

 import (
-	"os"
-	"os/signal"
-	"syscall"
-
 	"golang.org/x/sys/windows"
 )

@@ -39,20 +35,3 @@ func haveAdminRights() (bool, error) {
 func isOpenWrt() (ok bool) {
 	return false
 }
-
-func notifyShutdownSignal(c chan<- os.Signal) {
-	// syscall.SIGTERM is processed automatically.  See go doc os/signal,
-	// section Windows.
-	signal.Notify(c, os.Interrupt)
-}
-
-func isShutdownSignal(sig os.Signal) (ok bool) {
-	switch sig {
-	case
-		os.Interrupt,
-		syscall.SIGTERM:
-		return true
-	default:
-		return false
-	}
-}
--- a/internal/aghtls/aghtls.go
+++ b/internal/aghtls/aghtls.go
@@ -0,0 +1,30 @@
+// Package aghtls contains utilities for work with TLS.
+package aghtls
+
+import "crypto/tls"
+
+// SaferCipherSuites returns a set of default cipher suites with vulnerable and
+// weak cipher suites removed.
+func SaferCipherSuites() (safe []uint16) {
+	for _, s := range tls.CipherSuites() {
+		switch s.ID {
+		case
+			tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
+			// Less safe 3DES and CBC suites, go on.
+		default:
+			safe = append(safe, s.ID)
+		}
+	}
+
+	return safe
+}
--- a/internal/dnsforward/clientid.go
+++ b/internal/dnsforward/clientid.go
@@ -65,7 +65,7 @@ func clientIDFromClientServerName(
 		return "", err
 	}

-	return strings.ToLower(clientID), nil
+	return clientID, nil
 }

 // clientIDFromDNSContextHTTPS extracts the client's ID from the path of the
@@ -104,7 +104,7 @@ func clientIDFromDNSContextHTTPS(pctx *proxy.DNSContext) (clientID string, err e
 		return "", fmt.Errorf("clientid check: %w", err)
 	}

-	return strings.ToLower(clientID), nil
+	return clientID, nil
 }

 // tlsConn is a narrow interface for *tls.Conn to simplify testing.
@@ -112,8 +112,8 @@ type tlsConn interface {
 	ConnectionState() (cs tls.ConnectionState)
 }

-// quicConnection is a narrow interface for quic.Connection to simplify testing.
-type quicConnection interface {
+// quicSession is a narrow interface for quic.Session to simplify testing.
+type quicSession interface {
 	ConnectionState() (cs quic.ConnectionState)
 }

@@ -148,16 +148,16 @@ func (s *Server) clientIDFromDNSContext(pctx *proxy.DNSContext) (clientID string

 		cliSrvName = tc.ConnectionState().ServerName
 	case proxy.ProtoQUIC:
-		conn, ok := pctx.QUICConnection.(quicConnection)
+		qs, ok := pctx.QUICSession.(quicSession)
 		if !ok {
 			return "", fmt.Errorf(
-				"proxy ctx quic conn of proto %s is %T, want quic.Connection",
+				"proxy ctx quic session of proto %s is %T, want quic.Session",
 				proto,
-				pctx.QUICConnection,
+				pctx.QUICSession,
 			)
 		}

-		cliSrvName = conn.ConnectionState().TLS.ServerName
+		cliSrvName = qs.ConnectionState().TLS.ServerName
 	}

 	clientID, err = clientIDFromClientServerName(
--- a/internal/dnsforward/clientid_test.go
+++ b/internal/dnsforward/clientid_test.go
@@ -29,18 +29,17 @@ func (c testTLSConn) ConnectionState() (cs tls.ConnectionState) {
 	return cs
 }

-// testQUICConnection is a quicConnection for tests.
-type testQUICConnection struct {
-	// Connection is embedded here simply to make testQUICConnection a
-	// quic.Connection without actually implementing all methods.
-	quic.Connection
+// testQUICSession is a quicSession for tests.
+type testQUICSession struct {
+	// Session is embedded here simply to make testQUICSession a quic.Session
+	// without actually implementing all methods.
+	quic.Session

 	serverName string
 }

-// ConnectionState implements the quicConnection interface for
-// testQUICConnection.
-func (c testQUICConnection) ConnectionState() (cs quic.ConnectionState) {
+// ConnectionState implements the quicSession interface for testQUICSession.
+func (c testQUICSession) ConnectionState() (cs quic.ConnectionState) {
 	cs.TLS.ServerName = c.serverName

 	return cs
@@ -144,22 +143,6 @@ func TestServer_clientIDFromDNSContext(t *testing.T) {
 		wantErrMsg: `clientid check: client server name "cli.myexample.com" ` +
 			`doesn't match host server name "example.com"`,
 		strictSNI: true,
-	}, {
-		name:         "tls_case",
-		proto:        proxy.ProtoTLS,
-		hostSrvName:  "example.com",
-		cliSrvName:   "InSeNsItIvE.example.com",
-		wantClientID: "insensitive",
-		wantErrMsg:   ``,
-		strictSNI:    true,
-	}, {
-		name:         "quic_case",
-		proto:        proxy.ProtoQUIC,
-		hostSrvName:  "example.com",
-		cliSrvName:   "InSeNsItIvE.example.com",
-		wantClientID: "insensitive",
-		wantErrMsg:   ``,
-		strictSNI:    true,
 	}}

 	for _, tc := range testCases {
@@ -180,17 +163,17 @@ func TestServer_clientIDFromDNSContext(t *testing.T) {
 				}
 			}

-			var qconn quic.Connection
+			var qs quic.Session
 			if tc.proto == proxy.ProtoQUIC {
-				qconn = testQUICConnection{
+				qs = testQUICSession{
 					serverName: tc.cliSrvName,
 				}
 			}

 			pctx := &proxy.DNSContext{
-				Proto:          tc.proto,
-				Conn:           conn,
-				QUICConnection: qconn,
+				Proto:       tc.proto,
+				Conn:        conn,
+				QUICSession: qs,
 			}

 			clientID, err := srv.clientIDFromDNSContext(pctx)
@@ -227,11 +210,6 @@ func TestClientIDFromDNSContextHTTPS(t *testing.T) {
 		path:         "/dns-query/cli/",
 		wantClientID: "cli",
 		wantErrMsg:   "",
-	}, {
-		name:         "clientid_case",
-		path:         "/dns-query/InSeNsItIvE",
-		wantClientID: "insensitive",
-		wantErrMsg:   ``,
 	}, {
 		name:         "bad_url",
 		path:         "/foo",
--- a/internal/dnsforward/config.go
+++ b/internal/dnsforward/config.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/aghtls"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
@@ -132,9 +133,8 @@ type FilteringConfig struct {

 // TLSConfig is the TLS configuration for HTTPS, DNS-over-HTTPS, and DNS-over-TLS
 type TLSConfig struct {
-	TLSListenAddrs   []*net.TCPAddr `yaml:"-" json:"-"`
-	QUICListenAddrs  []*net.UDPAddr `yaml:"-" json:"-"`
-	HTTPSListenAddrs []*net.TCPAddr `yaml:"-" json:"-"`
+	TLSListenAddrs  []*net.TCPAddr `yaml:"-" json:"-"`
+	QUICListenAddrs []*net.UDPAddr `yaml:"-" json:"-"`

 	// Reject connection if the client uses server name (in SNI) that doesn't match the certificate
 	StrictSNICheck bool `yaml:"strict_sni_check" json:"-"`
@@ -427,6 +427,7 @@ func (s *Server) prepareTLS(proxyConfig *proxy.Config) error {

 	proxyConfig.TLSConfig = &tls.Config{
 		GetCertificate: s.onGetCertificate,
+		CipherSuites:   aghtls.SaferCipherSuites(),
 		MinVersion:     tls.VersionTLS12,
 	}

--- a/internal/dnsforward/dns.go
+++ b/internal/dnsforward/dns.go
@@ -135,6 +135,7 @@ func (s *Server) processRecursion(dctx *dnsContext) (rc resultCode) {
 		pctx.Res = s.genNXDomain(pctx.Req)

 		return resultCodeFinish
+
 	}

 	return resultCodeSuccess
--- a/internal/dnsforward/http.go
+++ b/internal/dnsforward/http.go
@@ -510,7 +510,6 @@ func separateUpstream(upstreamStr string) (upstream string, isDomainSpec bool, e
 			continue
 		}

-		host = strings.TrimPrefix(host, "*.")
 		err = netutil.ValidateDomainName(host)
 		if err != nil {
 			return "", true, fmt.Errorf("domain at index %d: %w", i, err)
--- a/internal/dnsforward/recursiondetector_test.go
+++ b/internal/dnsforward/recursiondetector_test.go
@@ -83,7 +83,7 @@ func TestRecursionDetector_Suspect(t *testing.T) {
 	testCases := []struct {
 		name string
 		msg  dns.Msg
-		want int
+		want bool
 	}{{
 		name: "simple",
 		msg: dns.Msg{
@@ -95,18 +95,24 @@ func TestRecursionDetector_Suspect(t *testing.T) {
 				Qtype: dns.TypeA,
 			}},
 		},
-		want: 1,
+		want: true,
 	}, {
 		name: "unencumbered",
 		msg:  dns.Msg{},
-		want: 0,
+		want: false,
 	}}

 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			t.Cleanup(rd.clear)
+
 			rd.add(tc.msg)
-			assert.Equal(t, tc.want, rd.recentRequests.Stats().Count)
+
+			if tc.want {
+				assert.Equal(t, 1, rd.recentRequests.Stats().Count)
+			} else {
+				assert.Zero(t, rd.recentRequests.Stats().Count)
+			}
 		})
 	}
 }
--- a/internal/dnsforward/stats.go
+++ b/internal/dnsforward/stats.go
@@ -64,9 +64,9 @@ func (s *Server) logQuery(
 		Answer:            pctx.Res,
 		OrigAnswer:        dctx.origResp,
 		Result:            dctx.result,
+		Elapsed:           elapsed,
 		ClientID:          dctx.clientID,
 		ClientIP:          ip,
-		Elapsed:           elapsed,
 		AuthenticatedData: dctx.responseAD,
 	}

--- a/internal/home/clients.go
+++ b/internal/home/clients.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"net"
 	"sort"
-	"strings"
 	"sync"
 	"time"

@@ -60,16 +59,6 @@ const (
 	ClientSourceHostsFile
 )

-// clientSourceConf is used to configure where the runtime clients will be
-// obtained from.
-type clientSourcesConf struct {
-	WHOIS     bool `yaml:"whois"`
-	ARP       bool `yaml:"arp"`
-	RDNS      bool `yaml:"rdns"`
-	DHCP      bool `yaml:"dhcp"`
-	HostsFile bool `yaml:"hosts"`
-}
-
 // RuntimeClient information
 type RuntimeClient struct {
 	WHOISInfo *RuntimeClientWHOISInfo
@@ -145,14 +134,14 @@ func (clients *clientsContainer) Init(
 		clients.dhcpServer.SetOnLeaseChanged(clients.onDHCPLeaseChanged)
 	}

-	if clients.etcHosts != nil {
-		go clients.handleHostsUpdates()
-	}
+	go clients.handleHostsUpdates()
 }

 func (clients *clientsContainer) handleHostsUpdates() {
-	for upd := range clients.etcHosts.Upd() {
-		clients.addFromHostsFile(upd)
+	if clients.etcHosts != nil {
+		for upd := range clients.etcHosts.Upd() {
+			clients.addFromHostsFile(upd)
+		}
 	}
 }

@@ -169,9 +158,7 @@ func (clients *clientsContainer) Start() {

 // Reload reloads runtime clients.
 func (clients *clientsContainer) Reload() {
-	if clients.arpdb != nil {
-		clients.addFromSystemARP()
-	}
+	clients.addFromSystemARP()
 }

 type clientObject struct {
@@ -547,7 +534,7 @@ func (clients *clientsContainer) check(c *Client) (err error) {
 		} else if mac, err = net.ParseMAC(id); err == nil {
 			c.IDs[i] = mac.String()
 		} else if err = dnsforward.ValidateClientID(id); err == nil {
-			c.IDs[i] = strings.ToLower(id)
+			c.IDs[i] = id
 		} else {
 			return fmt.Errorf("invalid clientid at index %d: %q", i, id)
 		}
@@ -856,7 +843,7 @@ func (clients *clientsContainer) addFromSystemARP() {
 // updateFromDHCP adds the clients that have a non-empty hostname from the DHCP
 // server.
 func (clients *clientsContainer) updateFromDHCP(add bool) {
-	if clients.dhcpServer == nil || !config.Clients.Sources.DHCP {
+	if clients.dhcpServer == nil {
 		return
 	}

--- a/internal/home/clients_test.go
+++ b/internal/home/clients_test.go
@@ -9,6 +9,7 @@ import (

 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
 	"github.com/AdguardTeam/golibs/testutil"
+
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
--- a/internal/home/config.go
+++ b/internal/home/config.go
@@ -51,13 +51,6 @@ type osConfig struct {
 	RlimitNoFile uint64 `yaml:"rlimit_nofile"`
 }

-type clientsConfig struct {
-	// Sources defines the set of sources to fetch the runtime clients from.
-	Sources *clientSourcesConf `yaml:"runtime_sources"`
-	// Persistent are the configured clients.
-	Persistent []*clientObject `yaml:"persistent"`
-}
-
 // configuration is loaded from YAML
 // field ordering is important -- yaml fields will mirror ordering from here
 type configuration struct {
@@ -95,7 +88,7 @@ type configuration struct {
 	// Clients contains the YAML representations of the persistent clients.
 	// This field is only used for reading and writing persistent client data.
 	// Keep this field sorted to ensure consistent ordering.
-	Clients *clientsConfig `yaml:"clients"`
+	Clients []*clientObject `yaml:"clients"`

 	logSettings `yaml:",inline"`

@@ -130,6 +123,9 @@ type dnsConfig struct {
 	// UpstreamTimeout is the timeout for querying upstream servers.
 	UpstreamTimeout timeutil.Duration `yaml:"upstream_timeout"`

+	// ResolveClients enables and disables resolving clients with RDNS.
+	ResolveClients bool `yaml:"resolve_clients"`
+
 	// PrivateNets is the set of IP networks for which the private reverse DNS
 	// resolver should be used.
 	PrivateNets []string `yaml:"private_networks"`
@@ -202,6 +198,7 @@ var config = &configuration{
 		FilteringEnabled:           true, // whether or not use filter lists
 		FiltersUpdateIntervalHours: 24,
 		UpstreamTimeout:            timeutil.Duration{Duration: dnsforward.DefaultTimeout},
+		ResolveClients:             true,
 		UsePrivateRDNS:             true,
 	},
 	TLS: tlsConfigSettings{
@@ -212,15 +209,6 @@ var config = &configuration{
 	DHCP: &dhcpd.ServerConfig{
 		LocalDomainName: "lan",
 	},
-	Clients: &clientsConfig{
-		Sources: &clientSourcesConf{
-			WHOIS:     true,
-			ARP:       true,
-			RDNS:      true,
-			DHCP:      true,
-			HostsFile: true,
-		},
-	},
 	logSettings: logSettings{
 		LogCompress:   false,
 		LogLocalTime:  false,
@@ -416,7 +404,9 @@ func (c *configuration) write() error {
 		s.WriteDiskConfig(&c)
 		dns := &config.DNS
 		dns.FilteringConfig = c
-		dns.LocalPTRResolvers, config.Clients.Sources.RDNS, dns.UsePrivateRDNS = s.RDNSSettings()
+		dns.LocalPTRResolvers,
+			dns.ResolveClients,
+			dns.UsePrivateRDNS = s.RDNSSettings()
 	}

 	if Context.dhcpServer != nil {
@@ -425,7 +415,7 @@ func (c *configuration) write() error {
 		config.DHCP = c
 	}

-	config.Clients.Persistent = Context.clients.forConfig()
+	config.Clients = Context.clients.forConfig()

 	configFile := config.getConfigFilename()
 	log.Debug("Writing YAML file: %s", configFile)
--- a/internal/home/controlupdate.go
+++ b/internal/home/controlupdate.go
@@ -3,7 +3,6 @@ package home
 import (
 	"context"
 	"encoding/json"
-	"fmt"
 	"net/http"
 	"os"
 	"os/exec"
@@ -28,16 +27,12 @@ type temporaryError interface {

 // Get the latest available version from the Internet
 func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Content-Type", "application/json")
-
 	resp := &versionResponse{}
 	if Context.disableUpdate {
+		// w.Header().Set("Content-Type", "application/json")
 		resp.Disabled = true
-		err := json.NewEncoder(w).Encode(resp)
-		if err != nil {
-			aghhttp.Error(r, w, http.StatusInternalServerError, "writing body: %s", err)
-		}
-
+		_ = json.NewEncoder(w).Encode(resp)
+		// TODO(e.burkov): Add error handling and deal with headers.
 		return
 	}

@@ -49,48 +44,30 @@ func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
 	if r.ContentLength != 0 {
 		err = json.NewDecoder(r.Body).Decode(req)
 		if err != nil {
-			aghhttp.Error(r, w, http.StatusBadRequest, "parsing request: %s", err)
+			aghhttp.Error(r, w, http.StatusBadRequest, "JSON parse: %s", err)

 			return
 		}
 	}

-	err = requestVersionInfo(resp, req.Recheck)
-	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
-		aghhttp.Error(r, w, http.StatusBadGateway, "%s", err)
-
-		return
-	}
-
-	err = resp.setAllowedToAutoUpdate()
-	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
-		aghhttp.Error(r, w, http.StatusInternalServerError, "%s", err)
-
-		return
-	}
-
-	err = json.NewEncoder(w).Encode(resp)
-	if err != nil {
-		aghhttp.Error(r, w, http.StatusInternalServerError, "writing body: %s", err)
-	}
-}
-
-// requestVersionInfo sets the VersionInfo field of resp if it can reach the
-// update server.
-func requestVersionInfo(resp *versionResponse, recheck bool) (err error) {
 	for i := 0; i != 3; i++ {
-		resp.VersionInfo, err = Context.updater.VersionInfo(recheck)
+		func() {
+			Context.controlLock.Lock()
+			defer Context.controlLock.Unlock()
+
+			resp.VersionInfo, err = Context.updater.VersionInfo(req.Recheck)
+		}()
+
 		if err != nil {
 			var terr temporaryError
 			if errors.As(err, &terr) && terr.Temporary() {
-				// Temporary network error.  This case may happen while we're
-				// restarting our DNS server.  Log and sleep for some time.
+				// Temporary network error.  This case may happen while
+				// we're restarting our DNS server.  Log and sleep for
+				// some time.
 				//
 				// See https://github.com/AdguardTeam/AdGuardHome/issues/934.
 				d := time.Duration(i) * time.Second
-				log.Info("update: temp net error: %q; sleeping for %s and retrying", err, d)
+				log.Info("temp net error: %q; sleeping for %s and retrying", err, d)
 				time.Sleep(d)

 				continue
@@ -99,14 +76,29 @@ func requestVersionInfo(resp *versionResponse, recheck bool) (err error) {

 		break
 	}
-
 	if err != nil {
 		vcu := Context.updater.VersionCheckURL()
+		// TODO(a.garipov): Figure out the purpose of %T verb.
+		aghhttp.Error(
+			r,
+			w,
+			http.StatusBadGateway,
+			"Couldn't get version check json from %s: %T %s\n",
+			vcu,
+			err,
+			err,
+		)

-		return fmt.Errorf("getting version info from %s: %s", vcu, err)
+		return
 	}

-	return nil
+	resp.confirmAutoUpdate()
+
+	w.Header().Set("Content-Type", "application/json")
+	err = json.NewEncoder(w).Encode(resp)
+	if err != nil {
+		aghhttp.Error(r, w, http.StatusInternalServerError, "Couldn't write body: %s", err)
+	}
 }

 // handleUpdate performs an update to the latest available version procedure.
@@ -140,37 +132,31 @@ func handleUpdate(w http.ResponseWriter, r *http.Request) {

 // versionResponse is the response for /control/version.json endpoint.
 type versionResponse struct {
-	updater.VersionInfo
 	Disabled bool `json:"disabled"`
+	updater.VersionInfo
 }

-// setAllowedToAutoUpdate sets CanAutoUpdate to true if AdGuard Home is actually
-// allowed to perform an automatic update by the OS.
-func (vr *versionResponse) setAllowedToAutoUpdate() (err error) {
-	if vr.CanAutoUpdate == nil || !*vr.CanAutoUpdate {
-		return
-	}
+// confirmAutoUpdate checks the real possibility of auto update.
+func (vr *versionResponse) confirmAutoUpdate() {
+	if vr.CanAutoUpdate != nil && *vr.CanAutoUpdate {
+		canUpdate := true

-	tlsConf := &tlsConfigSettings{}
-	Context.tls.WriteDiskConfig(tlsConf)
-
-	canUpdate := true
-	if tlsConfUsesPrivilegedPorts(tlsConf) || config.BindPort < 1024 || config.DNS.Port < 1024 {
-		canUpdate, err = aghnet.CanBindPrivilegedPorts()
-		if err != nil {
-			return fmt.Errorf("checking ability to bind privileged ports: %w", err)
+		var tlsConf *tlsConfigSettings
+		if runtime.GOOS != "windows" {
+			tlsConf = &tlsConfigSettings{}
+			Context.tls.WriteDiskConfig(tlsConf)
 		}
+
+		if tlsConf != nil &&
+			((tlsConf.Enabled && (tlsConf.PortHTTPS < 1024 ||
+				tlsConf.PortDNSOverTLS < 1024 ||
+				tlsConf.PortDNSOverQUIC < 1024)) ||
+				config.BindPort < 1024 ||
+				config.DNS.Port < 1024) {
+			canUpdate, _ = aghnet.CanBindPrivilegedPorts()
+		}
+		vr.CanAutoUpdate = &canUpdate
 	}
-
-	vr.CanAutoUpdate = &canUpdate
-
-	return nil
-}
-
-// tlsConfUsesPrivilegedPorts returns true if the provided TLS configuration
-// indicates that privileged ports are used.
-func tlsConfUsesPrivilegedPorts(c *tlsConfigSettings) (ok bool) {
-	return c.Enabled && (c.PortHTTPS < 1024 || c.PortDNSOverTLS < 1024 || c.PortDNSOverQUIC < 1024)
 }

 // finishUpdate completes an update procedure.
--- a/internal/home/dns.go
+++ b/internal/home/dns.go
@@ -58,7 +58,6 @@ func initDNSServer() (err error) {
 	}

 	conf := querylog.Config{
-		Anonymizer:        anonymizer,
 		ConfigModified:    onConfigModified,
 		HTTPRegister:      httpRegister,
 		FindClient:        Context.clients.findMultiple,
@@ -68,6 +67,7 @@ func initDNSServer() (err error) {
 		Enabled:           config.DNS.QueryLogEnabled,
 		FileEnabled:       config.DNS.QueryLogFileEnabled,
 		AnonymizeClientIP: config.DNS.AnonymizeClientIP,
+		Anonymizer:        anonymizer,
 	}
 	Context.queryLog = querylog.New(conf)

@@ -135,13 +135,8 @@ func initDNSServer() (err error) {
 		return fmt.Errorf("dnsServer.Prepare: %w", err)
 	}

-	if config.Clients.Sources.RDNS {
-		Context.rdns = NewRDNS(Context.dnsServer, &Context.clients, config.DNS.UsePrivateRDNS)
-	}
-
-	if config.Clients.Sources.WHOIS {
-		Context.whois = initWHOIS(&Context.clients)
-	}
+	Context.rdns = NewRDNS(Context.dnsServer, &Context.clients, config.DNS.UsePrivateRDNS)
+	Context.whois = initWHOIS(&Context.clients)

 	Context.filters.Init()
 	return nil
@@ -158,11 +153,10 @@ func onDNSRequest(pctx *proxy.DNSContext) {
 		return
 	}

-	srcs := config.Clients.Sources
-	if srcs.RDNS && !ip.IsLoopback() {
+	if config.DNS.ResolveClients && !ip.IsLoopback() {
 		Context.rdns.Begin(ip)
 	}
-	if srcs.WHOIS && !netutil.IsSpecialPurpose(ip) {
+	if !netutil.IsSpecialPurpose(ip) {
 		Context.whois.Begin(ip)
 	}
 }
@@ -221,10 +215,6 @@ func generateServerConfig() (newConf dnsforward.ServerConfig, err error) {
 		newConf.TLSConfig = tlsConf.TLSConfig
 		newConf.TLSConfig.ServerName = tlsConf.ServerName

-		if tlsConf.PortHTTPS != 0 {
-			newConf.HTTPSListenAddrs = ipsToTCPAddrs(hosts, tlsConf.PortHTTPS)
-		}
-
 		if tlsConf.PortDNSOverTLS != 0 {
 			newConf.TLSListenAddrs = ipsToTCPAddrs(hosts, tlsConf.PortDNSOverTLS)
 		}
@@ -244,13 +234,12 @@ func generateServerConfig() (newConf dnsforward.ServerConfig, err error) {
 	}

 	newConf.TLSv12Roots = Context.tlsRoots
-	newConf.TLSCiphers = Context.tlsCiphers
 	newConf.TLSAllowUnencryptedDoH = tlsConf.AllowUnencryptedDoH

 	newConf.FilterHandler = applyAdditionalFiltering
 	newConf.GetCustomUpstreamByClient = Context.clients.findUpstreams

-	newConf.ResolveClients = config.Clients.Sources.RDNS
+	newConf.ResolveClients = dnsConf.ResolveClients
 	newConf.UsePrivateRDNS = dnsConf.UsePrivateRDNS
 	newConf.LocalPTRResolvers = dnsConf.LocalPTRResolvers
 	newConf.UpstreamTimeout = dnsConf.UpstreamTimeout.Duration
@@ -335,28 +324,24 @@ func getDNSEncryption() (de dnsEncryption) {

 // applyAdditionalFiltering adds additional client information and settings if
 // the client has them.
-func applyAdditionalFiltering(clientIP net.IP, clientID string, setts *filtering.Settings) {
+func applyAdditionalFiltering(clientAddr net.IP, clientID string, setts *filtering.Settings) {
 	Context.dnsFilter.ApplyBlockedServices(setts, nil, true)

-	log.Debug("looking up settings for client with ip %s and clientid %q", clientIP, clientID)
-
-	if clientIP == nil {
+	if clientAddr == nil {
 		return
 	}

-	setts.ClientIP = clientIP
+	setts.ClientIP = clientAddr

 	c, ok := Context.clients.Find(clientID)
 	if !ok {
-		c, ok = Context.clients.Find(clientIP.String())
+		c, ok = Context.clients.Find(clientAddr.String())
 		if !ok {
-			log.Debug("client with ip %s and clientid %q not found", clientIP, clientID)
-
 			return
 		}
 	}

-	log.Debug("using settings for client %q with ip %s and clientid %q", c.Name, clientIP, clientID)
+	log.Debug("using settings for client %s with ip %s and clientid %q", c.Name, clientAddr, clientID)

 	if c.UseOwnBlockedServices {
 		Context.dnsFilter.ApplyBlockedServices(setts, c.BlockedServices, false)
@@ -402,11 +387,10 @@ func startDNSServer() error {
 			continue
 		}

-		srcs := config.Clients.Sources
-		if srcs.RDNS && !ip.IsLoopback() {
+		if config.DNS.ResolveClients && !ip.IsLoopback() {
 			Context.rdns.Begin(ip)
 		}
-		if srcs.WHOIS && !netutil.IsSpecialPurpose(ip) {
+		if !netutil.IsSpecialPurpose(ip) {
 			Context.whois.Begin(ip)
 		}
 	}
--- a/internal/home/home.go
+++ b/internal/home/home.go
@@ -22,6 +22,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
+	"github.com/AdguardTeam/AdGuardHome/internal/aghtls"
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
@@ -78,7 +79,6 @@ type homeContext struct {
 	disableUpdate    bool   // If set, don't check for updates
 	controlLock      sync.Mutex
 	tlsRoots         *x509.CertPool // list of root CAs for TLSv1.2
-	tlsCiphers       []uint16       // list of TLS ciphers to use
 	transport        *http.Transport
 	client           *http.Client
 	appSignalChannel chan os.Signal // Channel for receiving OS signals by the console app
@@ -143,13 +143,13 @@ func setupContext(args options) {
 	initConfig()

 	Context.tlsRoots = LoadSystemRootCAs()
-	Context.tlsCiphers = InitTLSCiphers()
 	Context.transport = &http.Transport{
 		DialContext: customDialContext,
 		Proxy:       getHTTPProxy,
 		TLSClientConfig: &tls.Config{
-			RootCAs:    Context.tlsRoots,
-			MinVersion: tls.VersionTLS12,
+			RootCAs:      Context.tlsRoots,
+			CipherSuites: aghtls.SaferCipherSuites(),
+			MinVersion:   tls.VersionTLS12,
 		},
 	}
 	Context.client = &http.Client{
@@ -173,11 +173,6 @@ func setupContext(args options) {

 			os.Exit(0)
 		}
-
-		if !args.noEtcHosts && config.Clients.Sources.HostsFile {
-			err = setupHostsContainer()
-			fatalOnError(err)
-		}
 	}

 	Context.mux = http.NewServeMux()
@@ -290,12 +285,14 @@ func setupConfig(args options) (err error) {
 		ConfName: config.getConfigFilename(),
 	})

-	var arpdb aghnet.ARPDB
-	if config.Clients.Sources.ARP {
-		arpdb = aghnet.NewARPDB()
+	if !args.noEtcHosts {
+		if err = setupHostsContainer(); err != nil {
+			return err
+		}
 	}

-	Context.clients.Init(config.Clients.Persistent, Context.dhcpServer, Context.etcHosts, arpdb)
+	arpdb := aghnet.NewARPDB()
+	Context.clients.Init(config.Clients, Context.dhcpServer, Context.etcHosts, arpdb)

 	if args.bindPort != 0 {
 		uc := aghalg.UniqChecker{}
--- a/internal/home/mobileconfig.go
+++ b/internal/home/mobileconfig.go
@@ -11,7 +11,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
-	"github.com/google/uuid"
+	uuid "github.com/satori/go.uuid"
 	"howett.net/plist"
 )

@@ -47,9 +47,9 @@ type payloadContent struct {

 	PayloadType        string
 	PayloadIdentifier  string
+	PayloadUUID        string
 	PayloadDisplayName string
 	PayloadDescription string
-	PayloadUUID        uuid.UUID
 	PayloadVersion     int
 }

@@ -63,14 +63,18 @@ const dnsSettingsPayloadType = "com.apple.dnsSettings.managed"
 type mobileConfig struct {
 	PayloadDescription       string
 	PayloadDisplayName       string
+	PayloadIdentifier        string
 	PayloadType              string
+	PayloadUUID              string
 	PayloadContent           []*payloadContent
-	PayloadIdentifier        uuid.UUID
-	PayloadUUID              uuid.UUID
 	PayloadVersion           int
 	PayloadRemovalDisallowed bool
 }

+func genUUIDv4() string {
+	return uuid.NewV4().String()
+}
+
 const (
 	dnsProtoHTTPS = "HTTPS"
 	dnsProtoTLS   = "TLS"
@@ -100,23 +104,23 @@ func encodeMobileConfig(d *dnsSettings, clientID string) ([]byte, error) {
 		return nil, fmt.Errorf("bad dns protocol %q", proto)
 	}

-	payloadID := fmt.Sprintf("%s.%s", dnsSettingsPayloadType, uuid.New())
+	payloadID := fmt.Sprintf("%s.%s", dnsSettingsPayloadType, genUUIDv4())
 	data := &mobileConfig{
-		PayloadDescription: "Adds AdGuard Home to macOS Big Sur and iOS 14 or newer systems",
+		PayloadDescription: "Adds AdGuard Home to macOS Big Sur " +
+			"and iOS 14 or newer systems",
 		PayloadDisplayName: dspName,
+		PayloadIdentifier:  genUUIDv4(),
 		PayloadType:        "Configuration",
+		PayloadUUID:        genUUIDv4(),
 		PayloadContent: []*payloadContent{{
-			DNSSettings: d,
-
 			PayloadType:        dnsSettingsPayloadType,
 			PayloadIdentifier:  payloadID,
+			PayloadUUID:        genUUIDv4(),
 			PayloadDisplayName: dspName,
 			PayloadDescription: "Configures device to use AdGuard Home",
-			PayloadUUID:        uuid.New(),
 			PayloadVersion:     1,
+			DNSSettings:        d,
 		}},
-		PayloadIdentifier:        uuid.New(),
-		PayloadUUID:              uuid.New(),
 		PayloadVersion:           1,
 		PayloadRemovalDisallowed: false,
 	}
--- a/internal/home/options.go
+++ b/internal/home/options.go
@@ -230,19 +230,13 @@ var helpArg = arg{
 }

 var noEtcHostsArg = arg{
-	description:     "Deprecated.  Do not use the OS-provided hosts.",
+	description:     "Do not use the OS-provided hosts.",
 	longName:        "no-etc-hosts",
 	shortName:       "",
 	updateWithValue: nil,
 	updateNoValue:   func(o options) (options, error) { o.noEtcHosts = true; return o, nil },
-	effect: func(_ options, _ string) (f effect, err error) {
-		log.Info(
-			"warning: --no-etc-hosts flag is deprecated and will be removed in the future versions",
-		)
-
-		return nil, nil
-	},
-	serialize: func(o options) []string { return boolSliceOrNil(o.noEtcHosts) },
+	effect:          nil,
+	serialize:       func(o options) []string { return boolSliceOrNil(o.noEtcHosts) },
 }

 var localFrontendArg = arg{
--- a/internal/home/rdns.go
+++ b/internal/home/rdns.go
@@ -16,17 +16,18 @@ type RDNS struct {
 	exchanger dnsforward.RDNSExchanger
 	clients   *clientsContainer

-	// usePrivate is used to store the state of current private RDNS resolving
-	// settings and to react to it's changes.
+	// usePrivate is used to store the state of current private RDNS
+	// resolving settings and to react to it's changes.
 	usePrivate uint32

 	// ipCh used to pass client's IP to rDNS workerLoop.
 	ipCh chan net.IP

 	// ipCache caches the IP addresses to be resolved by rDNS.  The resolved
-	// address stays here while it's inside clients.  After leaving clients the
-	// address will be resolved once again.  If the address couldn't be
-	// resolved, cache prevents further attempts to resolve it for some time.
+	// address stays here while it's inside clients.  After leaving clients
+	// the address will be resolved once again.  If the address couldn't be
+	// resolved, cache prevents further attempts to resolve it for some
+	// time.
 	ipCache cache.Cache
 }

--- a/internal/home/service.go
+++ b/internal/home/service.go
@@ -433,11 +433,8 @@ EnvironmentFile=-/etc/sysconfig/{{.Name}}
 WantedBy=multi-user.target
 `

-// sysvScript is the source of the daemon script for SysV-based Linux systems.
-// Keep as close as possible to the https://github.com/kardianos/service/blob/29f8c79c511bc18422bb99992779f96e6bc33921/service_sysv_linux.go#L187.
-//
-// Use ps command instead of reading the procfs since it's a more
-// implementation-independent approach.
+// Note: we should keep it in sync with the template from service_sysv_linux.go file
+// Use "ps | grep -v grep | grep $(get_pid)" because "ps PID" may not work on OpenWrt
 const sysvScript = `#!/bin/sh
 # For RedHat and cousins:
 # chkconfig: - 99 01
@@ -468,7 +465,7 @@ get_pid() {
 }

 is_running() {
-    [ -f "$pid_file" ] && ps -p "$(get_pid)" > /dev/null 2>&1
+    [ -f "$pid_file" ] && ps | grep -v grep | grep $(get_pid) > /dev/null 2>&1
 }

 case "$1" in
@@ -612,7 +609,7 @@ command_args="-P ${pidfile} -p ${pidfile_child} -T ${name} -r {{.WorkingDirector
 run_rc_command "$1"
 `

-const openBSDScript = `#!/bin/ksh
+const openBSDScript = `#!/bin/sh
 #
 # $OpenBSD: {{ .SvcInfo }}

--- a/internal/home/tls.go
+++ b/internal/home/tls.go
@@ -26,7 +26,6 @@ import (
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/google/go-cmp/cmp"
-	"golang.org/x/sys/cpu"
 )

 var tlsWebHandlersRegistered = false
@@ -731,52 +730,3 @@ func LoadSystemRootCAs() (roots *x509.CertPool) {

 	return nil
 }
-
-// InitTLSCiphers performs the same work as initDefaultCipherSuites() from
-// crypto/tls/common.go but don't uses lots of other default ciphers.
-func InitTLSCiphers() (ciphers []uint16) {
-	// Check the cpu flags for each platform that has optimized GCM
-	// implementations.  The worst case is when all these variables are
-	// false.
-	var (
-		hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ
-		hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
-		// Keep in sync with crypto/aes/cipher_s390x.go.
-		hasGCMAsmS390X = cpu.S390X.HasAES &&
-			cpu.S390X.HasAESCBC &&
-			cpu.S390X.HasAESCTR &&
-			(cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM)
-
-		hasGCMAsm = hasGCMAsmAMD64 || hasGCMAsmARM64 || hasGCMAsmS390X
-	)
-
-	if hasGCMAsm {
-		// If AES-GCM hardware is provided then prioritize AES-GCM
-		// cipher suites.
-		ciphers = []uint16{
-			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-		}
-	} else {
-		// Without AES-GCM hardware, we put the ChaCha20-Poly1305 cipher
-		// suites first.
-		ciphers = []uint16{
-			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-		}
-	}
-
-	return append(
-		ciphers,
-		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-	)
-}
--- a/internal/home/upgrade.go
+++ b/internal/home/upgrade.go
@@ -21,11 +21,9 @@ import (
 )

 // currentSchemaVersion is the current schema version.
-const currentSchemaVersion = 14
+const currentSchemaVersion = 13

 // These aliases are provided for convenience.
-//
-// TODO(e.burkov):  Remove any after updating to Go 1.18.
 type (
 	any  = interface{}
 	yarr = []any
@@ -88,7 +86,6 @@ func upgradeConfigSchema(oldVersion int, diskConf yobj) (err error) {
 		upgradeSchema10to11,
 		upgradeSchema11to12,
 		upgradeSchema12to13,
-		upgradeSchema13to14,
 	}

 	n := 0
@@ -729,7 +726,7 @@ func upgradeSchema12to13(diskConf yobj) (err error) {
 	var dhcp yobj
 	dhcp, ok = dhcpVal.(yobj)
 	if !ok {
-		return fmt.Errorf("unexpected type of dhcp: %T", dhcpVal)
+		return fmt.Errorf("unexpected type of dhcp: %T", dnsVal)
 	}

 	const field = "local_domain_name"
@@ -740,68 +737,6 @@ func upgradeSchema12to13(diskConf yobj) (err error) {
 	return nil
 }

-// upgradeSchema13to14 performs the following changes:
-//
-//   # BEFORE:
-//   'clients':
-//   - 'name': 'client-name'
-//     # …
-//
-//   # AFTER:
-//   'clients':
-//     'persistent':
-//     - 'name': 'client-name'
-//       # …
-//     'runtime_sources':
-//       'whois': true
-//       'arp': true
-//       'rdns': true
-//       'dhcp': true
-//       'hosts': true
-//
-func upgradeSchema13to14(diskConf yobj) (err error) {
-	log.Printf("Upgrade yaml: 13 to 14")
-	diskConf["schema_version"] = 14
-
-	clientsVal, ok := diskConf["clients"]
-	if !ok {
-		clientsVal = yarr{}
-	}
-
-	var rdnsSrc bool
-	if dnsVal, dok := diskConf["dns"]; dok {
-		var dnsSettings yobj
-		dnsSettings, ok = dnsVal.(yobj)
-		if !ok {
-			return fmt.Errorf("unexpected type of dns: %T", dnsVal)
-		}
-
-		var rdnsSrcVal any
-		rdnsSrcVal, ok = dnsSettings["resolve_clients"]
-		if ok {
-			rdnsSrc, ok = rdnsSrcVal.(bool)
-			if !ok {
-				return fmt.Errorf("unexpected type of resolve_clients: %T", rdnsSrcVal)
-			}
-
-			delete(dnsSettings, "resolve_clients")
-		}
-	}
-
-	diskConf["clients"] = yobj{
-		"persistent": clientsVal,
-		"runtime_sources": &clientSourcesConf{
-			WHOIS:     true,
-			ARP:       true,
-			RDNS:      rdnsSrc,
-			DHCP:      true,
-			HostsFile: true,
-		},
-	}
-
-	return nil
-}
-
 // TODO(a.garipov): Replace with log.Output when we port it to our logging
 // package.
 func funcName() string {
--- a/internal/home/upgrade_test.go
+++ b/internal/home/upgrade_test.go
@@ -513,129 +513,46 @@ func TestUpgradeSchema11to12(t *testing.T) {
 }

 func TestUpgradeSchema12to13(t *testing.T) {
-	const newSchemaVer = 13
+	t.Run("no_dns", func(t *testing.T) {
+		conf := yobj{}

-	testCases := []struct {
-		in   yobj
-		want yobj
-		name string
-	}{{
-		in:   yobj{},
-		want: yobj{"schema_version": newSchemaVer},
-		name: "no_dns",
-	}, {
-		in: yobj{"dns": yobj{}},
-		want: yobj{
-			"dns":            yobj{},
-			"schema_version": newSchemaVer,
-		},
-		name: "no_dhcp",
-	}, {
-		in: yobj{
+		err := upgradeSchema12to13(conf)
+		require.NoError(t, err)
+
+		assert.Equal(t, conf["schema_version"], 13)
+	})
+
+	t.Run("no_dhcp", func(t *testing.T) {
+		conf := yobj{
+			"dns": yobj{},
+		}
+
+		err := upgradeSchema12to13(conf)
+		require.NoError(t, err)
+
+		assert.Equal(t, conf["schema_version"], 13)
+	})
+
+	t.Run("good", func(t *testing.T) {
+		conf := yobj{
 			"dns": yobj{
 				"local_domain_name": "lan",
 			},
 			"dhcp":           yobj{},
-			"schema_version": newSchemaVer - 1,
-		},
-		want: yobj{
+			"schema_version": 12,
+		}
+
+		wantConf := yobj{
 			"dns": yobj{},
 			"dhcp": yobj{
 				"local_domain_name": "lan",
 			},
-			"schema_version": newSchemaVer,
-		},
-		name: "good",
-	}}
+			"schema_version": 13,
+		}

-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			err := upgradeSchema12to13(tc.in)
-			require.NoError(t, err)
+		err := upgradeSchema12to13(conf)
+		require.NoError(t, err)

-			assert.Equal(t, tc.want, tc.in)
-		})
-	}
-}
-
-func TestUpgradeSchema13to14(t *testing.T) {
-	const newSchemaVer = 14
-
-	testClient := &clientObject{
-		Name:              "agh-client",
-		IDs:               []string{"id1"},
-		UseGlobalSettings: true,
-	}
-
-	testCases := []struct {
-		in   yobj
-		want yobj
-		name string
-	}{{
-		in: yobj{},
-		want: yobj{
-			"schema_version": newSchemaVer,
-			// The clients field will be added anyway.
-			"clients": yobj{
-				"persistent": yarr{},
-				"runtime_sources": &clientSourcesConf{
-					WHOIS:     true,
-					ARP:       true,
-					RDNS:      false,
-					DHCP:      true,
-					HostsFile: true,
-				},
-			},
-		},
-		name: "no_clients",
-	}, {
-		in: yobj{
-			"clients": []*clientObject{testClient},
-		},
-		want: yobj{
-			"schema_version": newSchemaVer,
-			"clients": yobj{
-				"persistent": []*clientObject{testClient},
-				"runtime_sources": &clientSourcesConf{
-					WHOIS:     true,
-					ARP:       true,
-					RDNS:      false,
-					DHCP:      true,
-					HostsFile: true,
-				},
-			},
-		},
-		name: "no_dns",
-	}, {
-		in: yobj{
-			"clients": []*clientObject{testClient},
-			"dns": yobj{
-				"resolve_clients": true,
-			},
-		},
-		want: yobj{
-			"schema_version": newSchemaVer,
-			"clients": yobj{
-				"persistent": []*clientObject{testClient},
-				"runtime_sources": &clientSourcesConf{
-					WHOIS:     true,
-					ARP:       true,
-					RDNS:      true,
-					DHCP:      true,
-					HostsFile: true,
-				},
-			},
-			"dns": yobj{},
-		},
-		name: "good",
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			err := upgradeSchema13to14(tc.in)
-			require.NoError(t, err)
-
-			assert.Equal(t, tc.want, tc.in)
-		})
-	}
+		assert.Equal(t, wantConf, conf)
+	})
 }
--- a/internal/home/web.go
+++ b/internal/home/web.go
@@ -10,6 +10,7 @@ import (
 	"time"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
+	"github.com/AdguardTeam/AdGuardHome/internal/aghtls"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
@@ -264,9 +265,9 @@ func (web *Web) tlsServerLoop() {
 			Addr:     address,
 			TLSConfig: &tls.Config{
 				Certificates: []tls.Certificate{web.httpsServer.cert},
-				MinVersion:   tls.VersionTLS12,
 				RootCAs:      Context.tlsRoots,
-				CipherSuites: Context.tlsCiphers,
+				CipherSuites: aghtls.SaferCipherSuites(),
+				MinVersion:   tls.VersionTLS12,
 			},
 			Handler:           withMiddlewares(Context.mux, limitRequestBody),
 			ReadTimeout:       web.conf.ReadTimeout,
--- a/internal/querylog/http.go
+++ b/internal/querylog/http.go
@@ -19,10 +19,10 @@ import (
 )

 type qlogConfig struct {
+	Enabled bool `json:"enabled"`
 	// Use float64 here to support fractional numbers and not mess the API
 	// users by changing the units.
 	Interval          float64 `json:"interval"`
-	Enabled           bool    `json:"enabled"`
 	AnonymizeClientIP bool    `json:"anonymize_client_ip"`
 }

--- a/internal/querylog/qlog.go
+++ b/internal/querylog/qlog.go
@@ -149,7 +149,7 @@ func (l *queryLog) clear() {
 		log.Error("removing log file %q: %s", l.logFile, err)
 	}

-	log.Debug("querylog: cleared")
+	log.Debug("Query log: cleared")
 }

 func (l *queryLog) Add(params *AddParams) {
--- a/internal/querylog/qlog_test.go
+++ b/internal/querylog/qlog_test.go
@@ -285,8 +285,8 @@ func addEntry(l *queryLog, host string, answerStr, client net.IP) {
 		Answer:     &a,
 		OrigAnswer: &a,
 		Result:     &res,
-		Upstream:   "upstream",
 		ClientIP:   client,
+		Upstream:   "upstream",
 	}

 	l.Add(params)
--- a/internal/querylog/querylog.go
+++ b/internal/querylog/querylog.go
@@ -28,11 +28,8 @@ type QueryLog interface {
 	WriteDiskConfig(c *Config)
 }

-// Config is the query log configuration structure.
+// Config - configuration object
 type Config struct {
-	// Anonymizer processes the IP addresses to anonymize those if needed.
-	Anonymizer *aghnet.IPMut
-
 	// ConfigModified is called when the configuration is changed, for
 	// example by HTTP requests.
 	ConfigModified func()
@@ -71,6 +68,9 @@ type Config struct {
 	// AnonymizeClientIP tells if the query log should anonymize clients' IP
 	// addresses.
 	AnonymizeClientIP bool
+
+	// Anonymizer processes the IP addresses to anonymize those if needed.
+	Anonymizer *aghnet.IPMut
 }

 // AddParams is the parameters for adding an entry.
@@ -91,18 +91,18 @@ type AddParams struct {
 	// Result is the filtering result (optional).
 	Result *filtering.Result

+	// Elapsed is the time spent for processing the request.
+	Elapsed time.Duration
+
 	ClientID string

+	ClientIP net.IP
+
 	// Upstream is the URL of the upstream DNS server.
 	Upstream string

 	ClientProto ClientProto

-	ClientIP net.IP
-
-	// Elapsed is the time spent for processing the request.
-	Elapsed time.Duration
-
 	// Cached indicates if the response is served from cache.
 	Cached bool

--- a/internal/querylog/search.go
+++ b/internal/querylog/search.go
@@ -73,7 +73,7 @@ func (l *queryLog) searchMemory(params *searchParams, cache clientCache) (entrie

 // search - searches log entries in the query log using specified parameters
 // returns the list of entries found + time of the oldest entry
-func (l *queryLog) search(params *searchParams) (entries []*logEntry, oldest time.Time) {
+func (l *queryLog) search(params *searchParams) ([]*logEntry, time.Time) {
 	now := time.Now()

 	if params.limit == 0 {
@@ -88,7 +88,7 @@ func (l *queryLog) search(params *searchParams) (entries []*logEntry, oldest tim
 	totalLimit := params.offset + params.limit

 	// now let's get a unified collection
-	entries = append(memoryEntries, fileEntries...)
+	entries := append(memoryEntries, fileEntries...)
 	if len(entries) > totalLimit {
 		// remove extra records
 		entries = entries[:totalLimit]
@@ -111,18 +111,13 @@ func (l *queryLog) search(params *searchParams) (entries []*logEntry, oldest tim
 		}
 	}

-	if len(entries) > 0 {
+	if len(entries) > 0 && len(entries) <= totalLimit {
 		// Update oldest after merging in the memory buffer.
 		oldest = entries[len(entries)-1].Time
 	}

-	log.Debug(
-		"querylog: prepared data (%d/%d) older than %s in %s",
-		len(entries),
-		total,
-		params.olderThan,
-		time.Since(now),
-	)
+	log.Debug("QueryLog: prepared data (%d/%d) older than %s in %s",
+		len(entries), total, params.olderThan, time.Since(now))

 	return entries, oldest
 }
@@ -185,8 +180,6 @@ func (l *queryLog) searchFiles(
 		e, ts, err = l.readNextEntry(r, params, cache)
 		if err != nil {
 			if err == io.EOF {
-				oldestNano = 0
-
 				break
 			}

--- a/internal/tools/go.mod
+++ b/internal/tools/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/securego/gosec/v2 v2.11.0
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
 	golang.org/x/tools v0.1.11-0.20220316014157-77aa08bb151a
-	honnef.co/go/tools v0.3.1
+	honnef.co/go/tools v0.3.0
 	mvdan.cc/gofumpt v0.3.1
 	mvdan.cc/unparam v0.0.0-20220316160445-06cc5682983b
 )
@@ -19,16 +19,16 @@ require (
 require (
 	github.com/BurntSushi/toml v1.1.0 // indirect
 	github.com/client9/misspell v0.3.4 // indirect
-	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/google/go-cmp v0.5.7 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/gookit/color v1.5.0 // indirect
 	github.com/kyoh86/nolint v0.0.1 // indirect
 	github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect
 	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
-	golang.org/x/exp/typeparams v0.0.0-20220426173459-3bcf042a4bf5 // indirect
+	golang.org/x/exp/typeparams v0.0.0-20220407100705-7b9b53b0aca4 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
-	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 // indirect
+	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
 	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
--- a/internal/tools/go.sum
+++ b/internal/tools/go.sum
@@ -157,9 +157,8 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
-github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
@@ -421,8 +420,8 @@ golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMk
 golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5 h1:FR+oGxGfbQu1d+jglI3rCkjAjUnhRSZcUxr+DqlDLNo=
 golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw=
 golang.org/x/exp/typeparams v0.0.0-20220218215828-6cf2b201936e/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
-golang.org/x/exp/typeparams v0.0.0-20220426173459-3bcf042a4bf5 h1:pKfHvPtBtqS0+V/V9Y0cZQa2h8HJV/qSRJiGgYu+LQA=
-golang.org/x/exp/typeparams v0.0.0-20220426173459-3bcf042a4bf5/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
+golang.org/x/exp/typeparams v0.0.0-20220407100705-7b9b53b0aca4 h1:P5yukcpQfG1ZDKR0pGdaZCVwaNPntMxLFKYg81li58M=
+golang.org/x/exp/typeparams v0.0.0-20220407100705-7b9b53b0aca4/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -560,8 +559,8 @@ golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 h1:xHms4gcpe1YE7A3yIllJXP16CMAGuqwO2lX1mTyyRRc=
-golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -752,8 +751,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.3.1 h1:1kJlrWJLkaGXgcaeosRXViwviqjI7nkBvU2+sZW0AYc=
-honnef.co/go/tools v0.3.1/go.mod h1:vlRD9XErLMGT+mDuofSr0mMMquscM/1nQqtRSsh6m70=
+honnef.co/go/tools v0.3.0 h1:2LdYUZ7CIxnYgskbUZfY7FPggmqnh6shBqfWa8Tn3XU=
+honnef.co/go/tools v0.3.0/go.mod h1:vlRD9XErLMGT+mDuofSr0mMMquscM/1nQqtRSsh6m70=
 mvdan.cc/gofumpt v0.3.1 h1:avhhrOmv0IuvQVK7fvwV91oFSGAk5/6Po8GXTzICeu8=
 mvdan.cc/gofumpt v0.3.1/go.mod h1:w3ymliuxvzVx8DAutBnVyDqYb1Niy/yCJt/lk821YCE=
 mvdan.cc/unparam v0.0.0-20220316160445-06cc5682983b h1:C8Pi6noat8BcrL9WnSRYeQ63fpkJk3hKVHtF5731kIw=
--- a/internal/updater/check.go
+++ b/internal/updater/check.go
@@ -17,11 +17,11 @@ const versionCheckPeriod = 8 * time.Hour

 // VersionInfo contains information about a new version.
 type VersionInfo struct {
-	CanAutoUpdate        *bool  `json:"can_autoupdate,omitempty"`
 	NewVersion           string `json:"new_version,omitempty"`
 	Announcement         string `json:"announcement,omitempty"`
 	AnnouncementURL      string `json:"announcement_url,omitempty"`
 	SelfUpdateMinVersion string `json:"-"`
+	CanAutoUpdate        *bool  `json:"can_autoupdate,omitempty"`
 }

 // MaxResponseSize is responses on server's requests maximum length in bytes.
--- a/openapi/CHANGELOG.md
+++ b/openapi/CHANGELOG.md
@@ -4,7 +4,10 @@

 ## v0.108.0: API changes

-## v0.107.7: API changes
+### The new optional field `"ecs"` in `QueryLogItem`
+
+* The new optional field `"ecs"` in `GET /control/querylog` contains the IP
+  network from an EDNS Client-Subnet option from the request message if any.

 ### The new possible status code in `/install/configure` response.

@@ -12,11 +15,6 @@
  `POST /install/configure` which means that the specified password does not
  meet the strength requirements.

-### The new optional field `"ecs"` in `QueryLogItem`
-
-* The new optional field `"ecs"` in `GET /control/querylog` contains the IP
-  network from an EDNS Client-Subnet option from the request message if any.
-
 ## v0.107.3: API changes

 ### The new field `"version"` in `AddressesInfo`
--- a/scripts/make/go-lint.sh
+++ b/scripts/make/go-lint.sh
@@ -136,6 +136,7 @@ underscores() {
 			-e '_freebsd.go'\
 			-e '_linux.go'\
 			-e '_little.go'\
+			-e '_nolinux.go'\
 			-e '_openbsd.go'\
 			-e '_others.go'\
 			-e '_test.go'\