filtering: imp tests

filtering: wildcard interference
2023-05-15 10:33:52 +03:00 · 2023-05-12 12:25:33 +03:00
176 changed files with 3225 additions and 7374 deletions
--- a/.github/ISSUE_TEMPLATE/bug.yml
+++ b/.github/ISSUE_TEMPLATE/bug.yml
@@ -10,58 +10,52 @@
          - 'label': >
                I have checked the
                [Wiki](https://github.com/AdguardTeam/AdGuardHome/wiki) and
-                [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a)
+                [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions)
                and found no answer
            'required': true
          - 'label': >
                I have searched other issues and found no duplicates
            'required': true
          - 'label': >
-                I want to report a bug and not [ask a question or ask for
+                I want to report a bug and not ask a question
                help](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a)
            'required': true
          - 'label': >
                I have set up AdGuard Home correctly and [configured clients to
                use it](https://github.com/AdguardTeam/AdGuardHome/wiki/Clients).
                (Use the
                [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions/categories/q-a)
                for help with installing and configuring clients.)
            'required': true
    'id': 'prerequisites'
    'type': 'checkboxes'
  - 'attributes':
-        'description': 'On which Platform does the issue occur?'
+        'description': 'On which operating system type does the issue occur?'
-        'label': 'Platform (OS and CPU architecture)'
+        'label': 'Operating system type'
        'options':
-          - 'Darwin (aka macOS)/AMD64 (aka x86_64)'
+          - 'FreeBSD'
-          - 'Darwin (aka macOS)/ARM64'
+          - 'Linux, OpenWrt'
-          - 'FreeBSD/386'
+          - 'Linux, Other (please mention the version in the description)'
-          - 'FreeBSD/AMD64 (aka x86_64)'
+          - 'macOS (aka Darwin)'
-          - 'FreeBSD/ARM64'
+          - 'OpenBSD'
-          - 'FreeBSD/ARMv5'
+          - 'Windows'
-          - 'FreeBSD/ARMv6'
+          - 'Other (please mention in the description)'
          - 'FreeBSD/ARMv7'
          - 'Linux/386'
          - 'Linux/AMD64 (aka x86_64)'
          - 'Linux/ARM64'
          - 'Linux/ARMv5'
          - 'Linux/ARMv6'
          - 'Linux/ARMv7'
          - 'Linux/MIPS LE'
          - 'Linux/MIPS'
          - 'Linux/MIPS64 LE'
          - 'Linux/MIPS64'
          - 'Linux/PPC64 LE'
          - 'OpenBSD/AMD64 (aka x86_64)'
          - 'OpenBSD/ARM64'
          - 'Windows/386'
          - 'Windows/AMD64 (aka x86_64)'
          - 'Windows/ARM64'
          - 'Custom (please mention in the description)'
    'id': 'os'
    'type': 'dropdown'
    'validations':
        'required': true
  - 'attributes':
        'description': 'On which CPU architecture does the issue occur?'
        'label': 'CPU architecture'
        'options':
          - 'AMD64'
          - 'x86'
          - '64-bit ARM'
          - 'ARMv5'
          - 'ARMv6'
          - 'ARMv7'
          - '64-bit MIPS'
          - '64-bit MIPS LE'
          - '32-bit MIPS'
          - '32-bit MIPS LE'
          - '64-bit PowerPC LE'
          - 'Other (please mention in the description)'
    'id': 'arch'
    'type': 'dropdown'
    'validations':
        'required': true
  - 'attributes':
        'description': 'How did you install AdGuard Home?'
        'label': 'Installation'
@@ -69,7 +63,7 @@
          - 'GitHub releases or script from README'
          - 'Docker'
          - 'Snapcraft'
-          - 'Custom package (OpenWrt, HomeAssistant, etc; please mention in the description)'
+          - 'Custom port'
          - 'Other (please mention in the description)'
    'id': 'install'
    'type': 'dropdown'
@@ -95,55 +89,21 @@
    'validations':
        'required': true
  - 'attributes':
-        'description': >
+        'description': 'Please describe the bug'
-            Please describe what you did.  An `nslookup` or a `dig` command is
+        'label': 'Description'
            the best way.  For crashes, please provide a full failure log.
        'label': 'Action'
        'value': |
-            ```sh
+            #### What did you do?
-            nslookup -debug -type=a 'www.example.com' '$YOUR_AGH_ADDRESS'
+
-            ```
+            #### Expected result
-    'id': 'failing_action'
+
            #### Actual result
            #### Screenshots (if applicable)
            #### Additional information
    'id': 'description'
    'type': 'textarea'
    'validations':
        'required': true
-  - 'attributes':
+'description': 'File a bug report'
        'description': >
            What did you expect to see?  Please add a description and/or
            screenshots, if applicable.
        'label': 'Expected result'
        'placeholder': >
            What did you expect to see?
    'id': 'expected'
    'type': 'textarea'
    'validations':
        'required': true
  - 'attributes':
        'description': >
            What happened instead?  Please add a description and/or screenshots,
            if applicable.
        'label': 'Actual result'
        'placeholder': >
            What did you see instead?
    'id': 'result'
    'type': 'textarea'
    'validations':
        'required': true
  - 'attributes':
        'description': >
            Please add additional information, such as non-standard OS or port,
            here.  You can also put screenshots here, if applicable.  For
            example, it is better to copy and paste text from a terminal instead
            of posting a screenshot of the terminal.
        'label': 'Additional information and/or screenshots'
        'placeholder': >
            Additional OS information, screenshots of the UI, etc.
    'id': 'additional'
    'type': 'textarea'
    'validations':
        'required': false
 'description': >
    Open a bug report.  Please do not open bug reports for questions or help
    with configuring clients.  If you want to ask for help, use the Discussions
    section.
 'name': 'Bug'
--- a/.github/ISSUE_TEMPLATE/feature.yml
+++ b/.github/ISSUE_TEMPLATE/feature.yml
@@ -23,32 +23,19 @@
    'id': 'prerequisites'
    'type': 'checkboxes'
  - 'attributes':
-        'description': 'Please describe the problem you are trying to solve'
+        'description': 'Please describe the request'
-        'label': 'The problem'
+        'label': 'Description'
-        'placeholder': >
+        'value': |
-            Please describe the problem you are trying to solve
+            #### What problem are you trying to solve?
-    'id': 'problem'
+
            #### Proposed solution
            #### Alternatives considered
            #### Additional information
    'id': 'description'
    'type': 'textarea'
    'validations':
        'required': true
  - 'attributes':
        'description': 'What feature are you proposing to solve this problem?'
        'label': 'Proposed solution'
        'placeholder': >
            What feature are you proposing to solve this problem?
    'id': 'proposed_solution'
    'type': 'textarea'
    'validations':
        'required': true
  - 'attributes':
        'label': 'Alternatives considered and additional information'
        'placeholder': >
            Are there any other ways to solve the problem?
    'id': 'additional'
    'type': 'textarea'
    'validations':
        'required': false
 'description': 'Suggest a feature or an enhancement for AdGuard Home'
 'labels':
  - 'feature request'
 'name': 'Feature request or enhancement'
--- a/.github/PULL_REQUEST_TEMPLATE
+++ b/.github/PULL_REQUEST_TEMPLATE
@@ -1,20 +0,0 @@
 Before submitting a PR please make sure that:
 1.  You have discussed your solution in an issue and have got an
    approval from a maintainer.
 2.  This isn't a localization fix; please send those to our
    [CrowdIn](https://crowdin.com/project/adguard-applications/en#/adguard-home)
    page.
 3.  Your code follows our
    [code guidelines](https://github.com/AdguardTeam/CodeGuidelines/blob/master/Go/Go.md).
 Add a short description here.  The description should include:
 1.  Which issue this PR closes (`Closes #NNNN.`) or updates (`Updates
    #NNNN.`).
 2.  A short description of how the change achieves that.
 Do not forget to remove these instructions.
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,7 +1,7 @@
 'name': 'build'
 'env':
-  'GO_VERSION': '1.19.10'
+  'GO_VERSION': '1.19.8'
  'NODE_VERSION': '14'
 'on':
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -1,7 +1,7 @@
 'name': 'lint'
 'env':
-  'GO_VERSION': '1.19.10'
+  'GO_VERSION': '1.19.8'
 'on':
  'push':
--- a/.github/workflows/potential-duplicates.yml
+++ b/.github/workflows/potential-duplicates.yml
@@ -1,18 +0,0 @@
 'name': 'potential-duplicates'
 'on':
    'issues':
        'types':
          - 'opened'
 'jobs':
    'run':
        'runs-on': 'ubuntu-latest'
        'steps':
          - 'uses': 'wow-actions/potential-duplicates@v1'
            'with':
                'GITHUB_TOKEN': '${{ secrets.GITHUB_TOKEN }}'
                'state': 'all'
                'threshold': 0.6
                'comment': |
                    Potential duplicates: {{#issues}}
                     *  [#{{ number }}] {{ title }} ({{ accuracy }}%)
                    {{/issues}}
--- a/.gitignore
+++ b/.gitignore
@@ -16,13 +16,10 @@
 /dist/
 /filtering/tests/filtering.TestLotsOfRules*.pprof
 /filtering/tests/top-1m.csv
 /internal/next/AdGuardHome.yaml
 /launchpad_credentials
 /querylog.json*
 /snapcraft_login
-AdGuardHome
+AdGuardHome*
 AdGuardHome.exe
 AdGuardHome.yaml*
 coverage.txt
 node_modules/
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,176 +14,14 @@ and this project adheres to
 <!--
 ## [v0.108.0] - TBA
-## [v0.107.33] - 2023-06-28 (APPROX.)
+## [v0.107.30] - 2023-04-26 (APPROX.)
 See also the [v0.107.33 GitHub milestone][ms-v0.107.33].
 [ms-v0.107.33]: https://github.com/AdguardTeam/AdGuardHome/milestone/68?closed=1
 NOTE: Add new changes BELOW THIS COMMENT.
 -->
 ### Added
 - The new command-line flag `--web-addr` is the address to serve the web UI on,
  in the host:port format.
 - The ability to set inactivity periods for filtering blocked services, both
  globally and per client, in the configuration file ([#951]).  The UI changes
  are coming in the upcoming releases.
 - The ability to edit rewrite rules via `PUT /control/rewrite/update` HTTP API
  and the Web UI ([#1577]).
 ### Changed
 #### Configuration Changes
 In this release, the schema version has changed from 20 to 22.
 - Property `clients.persistent.blocked_services`, which in schema versions 21
  and earlier used to be a list containing ids of blocked services, is now an
  object containing ids and schedule for blocked services:
  ```yaml
  # BEFORE:
  'clients':
    'persistent':
      - 'name': 'client-name'
        'blocked_services':
        - id_1
        - id_2
  # AFTER:
  'clients':
    'persistent':
    - 'name': client-name
      'blocked_services':
        'ids':
        - id_1
        - id_2
      'schedule':
        'time_zone': 'Local'
        'sun':
          'start': '0s'
          'end': '24h'
        'mon':
          'start': '1h'
          'end': '23h'
  ```
  To rollback this change, replace `clients.persistent.blocked_services` object
  with the list of ids of blocked services and change the `schema_version` back
  to `21`.
 - Property `dns.blocked_services`, which in schema versions 20 and earlier used
  to be a list containing ids of blocked services, is now an object containing
  ids and schedule for blocked services:
  ```yaml
  # BEFORE:
  'blocked_services':
  - id_1
  - id_2
  # AFTER:
  'blocked_services':
    'ids':
    - id_1
    - id_2
    'schedule':
      'time_zone': 'Local'
      'sun':
        'start': '0s'
        'end': '24h'
      'mon':
        'start': '10m'
        'end': '23h30m'
      'tue':
        'start': '20m'
        'end': '23h'
      'wed':
        'start': '30m'
        'end': '22h30m'
      'thu':
        'start': '40m'
        'end': '22h'
      'fri':
        'start': '50m'
        'end': '21h30m'
      'sat':
        'start': '1h'
        'end': '21h'
  ```
  To rollback this change, replace `dns.blocked_services` object with the list
  of ids of blocked services and change the `schema_version` back to `20`.
 ### Deprecated
 - Flags `-h`, `--host`, `-p`, `--port` have been deprecated.  The `-h` flag
  will work as an alias for `--help`, instead of the deprecated `--host` in the
  future releases.
 ### Fixed
 - Excessive error logging when using DNS-over-QUIC ([#5285]).
 - Cannot set `bind_host` in AdGuardHome.yaml (docker version)([#4231], [#4235]).
 - The blocklists can now be deleted properly ([#5700]).
 - Queries with the question-section target `.`, for example `NS .`, are now
  counted in the statistics and correctly shown in the query log ([#5910]).
 - Safe Search not working with `AAAA` queries for domains that don't have `AAAA`
  records ([#5913]).
 [#951]:  https://github.com/AdguardTeam/AdGuardHome/issues/951
 [#1577]: https://github.com/AdguardTeam/AdGuardHome/issues/1577
 [#4231]: https://github.com/AdguardTeam/AdGuardHome/issues/4231
 [#4235]: https://github.com/AdguardTeam/AdGuardHome/pull/4235
 [#5285]: https://github.com/AdguardTeam/AdGuardHome/issues/5285
 [#5700]: https://github.com/AdguardTeam/AdGuardHome/issues/5700
 [#5910]: https://github.com/AdguardTeam/AdGuardHome/issues/5910
 [#5913]: https://github.com/AdguardTeam/AdGuardHome/issues/5913
 <!--
 NOTE: Add new changes ABOVE THIS COMMENT.
 -->
 ## [v0.107.32] - 2023-06-13
 ### Fixed
 - DNSCrypt upstream not resetting the client and resolver information on
  dialing errors ([#5872]).
 ## [v0.107.31] - 2023-06-08
 See also the [v0.107.31 GitHub milestone][ms-v0.107.31].
 ### Fixed
 - Startup errors on OpenWrt ([#5872]).
 - Plain-UDP upstreams always falling back to TCP, causing outages and slowdowns
  ([#5873], [#5874]).
 [#5872]: https://github.com/AdguardTeam/AdGuardHome/issues/5872
 [#5873]: https://github.com/AdguardTeam/AdGuardHome/issues/5873
 [#5874]: https://github.com/AdguardTeam/AdGuardHome/issues/5874
 [ms-v0.107.31]: https://github.com/AdguardTeam/AdGuardHome/milestone/67?closed=1
 ## [v0.107.30] - 2023-06-07
 See also the [v0.107.30 GitHub milestone][ms-v0.107.30].
-### Security
+[ms-v0.107.30]: https://github.com/AdguardTeam/AdGuardHome/milestone/66?closed=1
- Go version has been updated to prevent the possibility of exploiting the
+NOTE: Add new changes BELOW THIS COMMENT.
-  CVE-2023-29402, CVE-2023-29403, and CVE-2023-29404 Go vulnerabilities fixed in
+-->
  [Go 1.19.10][go-1.19.10].
 ### Fixed
@@ -199,8 +37,9 @@ See also the [v0.107.30 GitHub milestone][ms-v0.107.30].
 [#5716]: https://github.com/AdguardTeam/AdGuardHome/issues/5716
-[go-1.19.10]:   https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ
+<!--
-[ms-v0.107.30]: https://github.com/AdguardTeam/AdGuardHome/milestone/66?closed=1
+NOTE: Add new changes ABOVE THIS COMMENT.
 -->
@@ -2125,14 +1964,11 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].
 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.33...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.30...HEAD
-[v0.107.33]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.32...v0.107.33
+[v0.107.30]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.29...v0.107.30
 -->
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.32...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.29...HEAD
 [v0.107.32]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.31...v0.107.32
 [v0.107.31]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.30...v0.107.31
 [v0.107.30]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.29...v0.107.30
 [v0.107.29]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.28...v0.107.29
 [v0.107.28]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.27...v0.107.28
 [v0.107.27]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.26...v0.107.27
--- a/README.md
+++ b/README.md
@@ -466,10 +466,6 @@ bug or implementing the feature.
    Home](https://github.com/ebrianne/adguard-exporter) by
    [@ebrianne](https://github.com/ebrianne).
 *  [Terminal-based, real-time traffic monitoring and statistics for your AdGuard Home
    instance](https://github.com/Lissy93/AdGuardian-Term) by
    [@Lissy93](https://github.com/Lissy93)
 *  [AdGuard Home on GLInet
    routers](https://forum.gl-inet.com/t/adguardhome-on-gl-routers/10664) by
    [Gl-Inet](https://gl-inet.com/).
--- a/bamboo-specs/bamboo.yaml
+++ b/bamboo-specs/bamboo.yaml
@@ -1,8 +1,5 @@
 ---
 !include release.yaml
 ---
 !include snapcraft.yaml
 ---
 !include test.yaml
 ---
 !include release.yaml
--- a/bamboo-specs/release.yaml
+++ b/bamboo-specs/release.yaml
@@ -7,7 +7,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
  'channel': 'edge'
-    'dockerGo': 'adguard/golang-ubuntu:6.7'
+  'dockerGo': 'adguard/golang-ubuntu:6.3'
 'stages':
 - 'Build frontend':
@@ -34,6 +34,12 @@
    'jobs':
    - 'Publish to static storage'
 - 'Publish to Snapstore':
    'manual': false
    'final': false
    'jobs':
    - 'Publish to Snapstore'
 - 'Publish to GitHub Releases':
    'manual': false
    'final': false
@@ -65,7 +71,7 @@
        make js-deps js-build
  'artifacts':
  - 'name': 'AdGuardHome frontend'
-        'pattern': 'build/**'
+    'pattern': 'build*/**'
    'shared': true
    'required': true
  'requirements':
@@ -198,6 +204,59 @@
  'requirements':
  - 'adg-docker': 'true'
 'Publish to Snapstore':
  'docker':
    'image': '${bamboo.dockerGo}'
  'key': 'PTS'
  'other':
    'clean-working-dir': true
  'tasks':
  - 'clean'
  - 'checkout':
      'repository': 'bamboo-deploy-publisher'
      'path': 'bamboo-deploy-publisher'
      'force-clean-build': true
  - 'script':
      'interpreter': 'SHELL'
      'scripts':
      - |
        #!/bin/sh
        set -e -f -u -x
        cd ./dist/
        channel="${bamboo.channel}"
        readonly channel
        case "$channel"
        in
        ('release')
              snapchannel='candidate'
              ;;
        ('beta')
              snapchannel='beta'
              ;;
        ('edge')
              snapchannel='edge'
              ;;
        (*)
              echo "invalid channel '$channel'"
              exit 1
              ;;
        esac
        env\
                SNAPCRAFT_CHANNEL="$snapchannel"\
                SNAPCRAFT_EMAIL="${bamboo.snapcraftEmail}"\
                SNAPCRAFT_MACAROON="${bamboo.snapcraftMacaroonPassword}"\
                SNAPCRAFT_UBUNTU_DISCHARGE="${bamboo.snapcraftUbuntuDischargePassword}"\
                ../bamboo-deploy-publisher/deploy.sh adguard-home-snap
  'final-tasks':
  - 'clean'
  'requirements':
  - 'adg-docker': 'true'
 'Publish to GitHub Releases':
  'key': 'PTGR'
  'other':
@@ -237,8 +296,8 @@
  - 'adg-docker': 'true'
 'triggers':
-    # Don't use minute values that end with a zero or a five as these are often
+# Don't use minute values that end with a zero or a five as these are often used
-    # used in CI and so resources during these minutes can be quite busy.
+# in CI and so resources during these minutes can be quite busy.
 - 'cron': '0 42 13 ? * MON-FRI *'
 'branches':
  'create': 'manually'
@@ -263,8 +322,8 @@
  'concurrent-build-plugin': 'system-default'
 'branch-overrides':
-    # beta-vX.Y branches are the branches into which the commits that are needed
+# beta-vX.Y branches are the branches into which the commits that are needed to
-    # to release a new patch version are initially cherry-picked.
+# release a new patch version are initially cherry-picked.
 - '^beta-v[0-9]+\.[0-9]+':
    # Build betas on release branches manually.
    'triggers': []
@@ -272,9 +331,9 @@
    # need to build a few of these.
    'variables':
      'channel': 'beta'
-            'dockerGo': 'adguard/golang-ubuntu:6.7'
+      'dockerGo': 'adguard/golang-ubuntu:6.3'
-    # release-vX.Y.Z branches are the branches from which the actual final
+# release-vX.Y.Z branches are the branches from which the actual final release
-    # release is built.
+# is built.
 - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
    # Disable integration branches for release branches.
    'branch-config':
@@ -287,4 +346,4 @@
    # are the ones that actually get released.
    'variables':
      'channel': 'release'
-            'dockerGo': 'adguard/golang-ubuntu:6.7'
+      'dockerGo': 'adguard/golang-ubuntu:6.3'
--- a/bamboo-specs/snapcraft.yaml
+++ b/bamboo-specs/snapcraft.yaml
@@ -1,211 +0,0 @@
 ---
 # This part of the release build is separate from the one described in
 # release.yaml, because the Snapcraft infrastructure is brittle, and timeouts
 # during logins and uploads often lead to release blocking.
 'version': 2
 'plan':
    'project-key': 'AGH'
    'key': 'AGHSNAP'
    'name': 'AdGuard Home - Build and publish Snapcraft release'
 # Make sure to sync any changes with the branch overrides below.
 'variables':
    'channel': 'edge'
    'dockerGo': 'adguard/golang-ubuntu:6.7'
    'snapcraftChannel': 'edge'
 'stages':
  - 'Download release':
        'manual': false
        'final': false
        'jobs':
          - 'Download release'
  - 'Build packages':
        'manual': false
        'final': false
        'jobs':
          - 'Build packages'
  - 'Publish to Snapstore':
        'manual': false
        'final': false
        'jobs':
          - 'Publish to Snapstore'
 # TODO(a.garipov): Consider using the Artifact Downloader Task if it ever learns
 # about plan branches.
 'Download release':
    'artifacts':
      - 'name': 'i386_binary'
        'pattern': 'AdGuardHome_i386'
        'shared': true
        'required': true
      - 'name': 'amd64_binary'
        'pattern': 'AdGuardHome_amd64'
        'shared': true
        'required': true
      - 'name': 'armhf_binary'
        'pattern': 'AdGuardHome_armhf'
        'shared': true
        'required': true
      - 'name': 'arm64_binary'
        'pattern': 'AdGuardHome_arm64'
        'shared': true
        'required': true
    'docker':
        'image': '${bamboo.dockerGo}'
    'key': 'DR'
    'other':
        'clean-working-dir': true
    'tasks':
      - 'checkout':
            'force-clean-build': true
      - 'script':
            'interpreter': 'SHELL'
            'scripts':
            - |
              #!/bin/sh
              set -e -f -u -x
              env\
                      CHANNEL="${bamboo.channel}"\
                      VERBOSE='1'\
                      sh ./scripts/snap/download.sh
    'requirements':
      - 'adg-docker': 'true'
 'Build packages':
    'artifact-subscriptions':
      - 'artifact': 'i386_binary'
      - 'artifact': 'amd64_binary'
      - 'artifact': 'armhf_binary'
      - 'artifact': 'arm64_binary'
    'artifacts':
      - 'name': 'i386_snap'
        'pattern': 'AdGuardHome_i386.snap'
        'shared': true
        'required': true
      - 'name': 'amd64_snap'
        'pattern': 'AdGuardHome_amd64.snap'
        'shared': true
        'required': true
      - 'name': 'armhf_snap'
        'pattern': 'AdGuardHome_armhf.snap'
        'shared': true
        'required': true
      - 'name': 'arm64_snap'
        'pattern': 'AdGuardHome_arm64.snap'
        'shared': true
        'required': true
    'docker':
        'image': '${bamboo.dockerGo}'
    'key': 'BP'
    'other':
        'clean-working-dir': true
    'tasks':
      - 'checkout':
            'force-clean-build': true
      - 'script':
            'interpreter': 'SHELL'
            'scripts':
            - |
              #!/bin/sh
              set -e -f -u -x
              env\
                      VERBOSE='1'\
                      sh ./scripts/snap/build.sh
    'requirements':
      - 'adg-docker': 'true'
 'Publish to Snapstore':
    'artifact-subscriptions':
      - 'artifact': 'i386_snap'
      - 'artifact': 'amd64_snap'
      - 'artifact': 'armhf_snap'
      - 'artifact': 'arm64_snap'
    'docker':
        'image': '${bamboo.dockerGo}'
    'key': 'PTS'
    'other':
        'clean-working-dir': true
    'tasks':
      - 'checkout':
            'force-clean-build': true
      - 'script':
            'interpreter': 'SHELL'
            'scripts':
              - |
                #!/bin/sh
                set -e -f -u -x
                env\
                        SNAPCRAFT_CHANNEL="${bamboo.snapcraftChannel}"\
                        SNAPCRAFT_STORE_CREDENTIALS="${bamboo.snapcraftMacaroonPassword}"\
                        VERBOSE='1'\
                        sh ./scripts/snap/upload.sh
    'final-tasks':
      - 'clean'
    'requirements':
      - 'adg-docker': 'true'
 'triggers':
    # Don't use minute values that end with a zero or a five as these are often
    # used in CI and so resources during these minutes can be quite busy.
    #
    # NOTE: The time is chosen to be exactly one hour after the main release
    # build as defined as in release.yaml.
  - 'cron': '0 42 14 ? * MON-FRI *'
 'branches':
    'create': 'manually'
    'delete':
        'after-deleted-days': 1
        'after-inactive-days': 30
    'integration':
        'push-on-success': false
        'merge-from': 'AdGuard Home - Build and publish Snapcraft release'
    'link-to-jira': true
 'notifications':
  - 'events':
      - 'plan-completed'
    'recipients':
      - 'webhook':
            'name': 'Build webhook'
            'url': 'http://prod.jirahub.service.eu.consul/v1/webhook/bamboo?channel=adguard-qa'
 'labels': []
 'other':
    'concurrent-build-plugin': 'system-default'
 'branch-overrides':
    # beta-vX.Y branches are the branches into which the commits that are needed
    # to release a new patch version are initially cherry-picked.
  - '^beta-v[0-9]+\.[0-9]+':
        # Build betas on release branches manually.
        'triggers': []
        # Set the default release channel on the release branch to beta, as we may
        # need to build a few of these.
        'variables':
            'channel': 'beta'
            'dockerGo': 'adguard/golang-ubuntu:6.7'
            'snapcraftChannel': 'beta'
    # release-vX.Y.Z branches are the branches from which the actual final
    # release is built.
  - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
        # Disable integration branches for release branches.
        'branch-config':
            'integration':
                'push-on-success': false
                'merge-from': 'beta-v0.107'
        # Build final releases on release branches manually.
        'triggers': []
        # Set the default release channel on the final branch to release, as these
        # are the ones that actually get released.
        'variables':
            'channel': 'release'
            'dockerGo': 'adguard/golang-ubuntu:6.7'
            'snapcraftChannel': 'candidate'
--- a/bamboo-specs/test.yaml
+++ b/bamboo-specs/test.yaml
@@ -5,7 +5,7 @@
  'key': 'AHBRTSPECS'
  'name': 'AdGuard Home - Build and run tests'
 'variables':
-    'dockerGo': 'adguard/golang-ubuntu:6.7'
+  'dockerGo': 'adguard/golang-ubuntu:6.3'
 'stages':
 - 'Tests':
--- a/client/src/__locales/be.json
+++ b/client/src/__locales/be.json
@@ -150,7 +150,7 @@
    "dns_allowlists": "Белыя спісы DNS",
    "dns_blocklists_desc": "AdGuard Home будзе блакаваць дамены з чорных спісаў.",
    "dns_allowlists_desc": "Дамены з белых спісаў DNS будуць дазволены, нават калі яны знаходзяцца ў любым з чорных спісаў.",
-    "custom_filtering_rules": "Карыстальніцкія правілы фільтрацыі",
+    "custom_filtering_rules": "Карыстацкія правілы фільтрацыі",
    "encryption_settings": "Налады шыфравання",
    "dhcp_settings": "Налады DHCP",
    "upstream_dns": "Upstream DNS-серверы",
@@ -247,7 +247,7 @@
    "loading_table_status": "Загрузка...",
    "page_table_footer_text": "Старонка",
    "rows_table_footer_text": "радкоў",
-    "updated_custom_filtering_toast": "Карыстальніцкія правілы паспяхова захаваны",
+    "updated_custom_filtering_toast": "Занесены змены ў карыстацкія правілы",
    "rule_removed_from_custom_filtering_toast": "Карыстацкае правіла выдалена: {{rule}}",
    "rule_added_to_custom_filtering_toast": "Карыстацкае правіла дададзена: {{rule}}",
    "query_log_response_status": "Статус: {{value}}",
@@ -475,9 +475,7 @@
    "setup_dns_notice": "Каб выкарыстоўваць <1>DNS-over-HTTPS</1> ці <1>DNS-over-TLS</1>, вам патрэбна <0>наладзіць шыфраванне</0> у наладах AdGuard Home.",
    "rewrite_added": "Правіла перанакіравання DNS для «{{key}}» паспяхова дададзена",
    "rewrite_deleted": "Правіла перанакіравання DNS для «{{key}}» паспяхова выдалена",
    "rewrite_updated": "Перазапіс DNS паспяхова абноўлены",
    "rewrite_add": "Дадаць правіла перанакіравання DNS",
    "rewrite_edit": "Рэдагаваць перазапіс DNS",
    "rewrite_not_found": "Не знойдзена правілаў перанакіравання DNS",
    "rewrite_confirm_delete": "Вы ўпэўнены, што хочаце выдаліць правіла перанакіравання DNS для «{{key}}»?",
    "rewrite_desc": "Дазваляе лёгка наладзіць карыстацкі DNS-адказ для пэўнага дамена.",
@@ -570,7 +568,7 @@
    "check_desc": "Праверыць фільтрацыю імя хаста",
    "check": "Праверыць",
    "form_enter_host": "Увядзіце імя хаста",
-    "filtered_custom_rules": "Адфільтраваны з дапамогай карыстальніцкіх правіл фільтрацыі",
+    "filtered_custom_rules": "Адфільтраваны з дапамогай карыстацкіх правілаў фільтрацыі",
    "choose_from_list": "Абраць са спіса",
    "add_custom_list": "Дадаць свой спіс",
    "host_whitelisted": "Хост занесены ў белы спіс",
--- a/client/src/__locales/cs.json
+++ b/client/src/__locales/cs.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "Pro použití <1>DNS skrze HTTPS</1> nebo <1>DNS skrze TLS</1> potřebujete v nastaveních AdGuard Home <0>nakonfigurovat šifrování</0>.",
    "rewrite_added": "Přesměrování DNS pro „{{key}}“ úspěšně přidáno",
    "rewrite_deleted": "Přesměrování DNS pro „{{key}}“ úspěšně smazáno",
    "rewrite_updated": "Přesměrování DNS bylo úspěšně aktualizováno",
    "rewrite_add": "Přidat přesměrování DNS",
    "rewrite_edit": "Upravit přesměrování DNS",
    "rewrite_not_found": "Přesměrování DNS nenalezeny",
    "rewrite_confirm_delete": "Jste si jisti, že chcete smazat přesměrování DNS pro „{{key}}“?",
    "rewrite_desc": "Umožňuje snadno nakonfigurovat vlastní DNS odezvy pro konkrétní název domény.",
--- a/client/src/__locales/da.json
+++ b/client/src/__locales/da.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "For at kunne bruge <1>DNS-over-HTTPS</1> eller <1>DNS-over-TLS</1>, skal du <0>opsætte Krypteringen</0> i AdGuard Homes indstillinger.",
    "rewrite_added": "DNS-omskrivning for \"{{key}}\" blev tilføjet",
    "rewrite_deleted": "DNS-omskrivning for \"{{key}}\" blev slettet",
    "rewrite_updated": "DNS-omskrivning hermed opdateret",
    "rewrite_add": "Tilføj DNS-omskrivning",
    "rewrite_edit": "Redigér DNS-omskrivning",
    "rewrite_not_found": "Ingen DNS-omskrivninger fundet",
    "rewrite_confirm_delete": "Sikker på, at du vil slette DNS-omskrivning for \"{{key}}\"?",
    "rewrite_desc": "Gør det nemt at opsætte det tilpassede DNS-svar for et specifikt domænenavn.",
--- a/client/src/__locales/de.json
+++ b/client/src/__locales/de.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "Um <1>DNS-over-HTTTPS</1> oder <1>DNS-over-TLS</1> verwenden zu können, müssen Sie in den AdGuard Home Einstellungen die <0>Verschlüsselung konfigurieren</0>.",
    "rewrite_added": "DNS-Umschreibung für „{{key}}“ erfolgreich hinzugefügt",
    "rewrite_deleted": "DNS-Umschreibung für „{{key}}“ erfolgreich entfernt",
    "rewrite_updated": "DNS-Rewrite erfolgreich aktualisiert",
    "rewrite_add": "DNS-Umschreibung hinzufügen",
    "rewrite_edit": "DNS-Rewrite bearbeiten",
    "rewrite_not_found": "Keine DNS-Umschreibungen gefunden",
    "rewrite_confirm_delete": "Möchten Sie die DNS-Umschreibung für „{{key}}“ wirklich entfernen?",
    "rewrite_desc": "Ermöglicht die einfache Konfiguration der benutzerdefinierten DNS-Antwort für einen bestimmten Domainnamen.",
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "In order to use <1>DNS-over-HTTPS</1> or <1>DNS-over-TLS</1>, you need to <0>configure Encryption</0> in AdGuard Home settings.",
    "rewrite_added": "DNS rewrite for \"{{key}}\" successfully added",
    "rewrite_deleted": "DNS rewrite for \"{{key}}\" successfully deleted",
    "rewrite_updated": "DNS rewrite successfully updated",
    "rewrite_add": "Add DNS rewrite",
    "rewrite_edit": "Edit DNS rewrite",
    "rewrite_not_found": "No DNS rewrites found",
    "rewrite_confirm_delete": "Are you sure you want to delete DNS rewrite for \"{{key}}\"?",
    "rewrite_desc": "Allows to easily configure custom DNS response for a specific domain name.",
--- a/client/src/__locales/es.json
+++ b/client/src/__locales/es.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "Para utilizar <1>DNS mediante HTTPS</1> o <1>DNS mediante TLS</1>, debes <0>configurar el cifrado</0> en la configuración de AdGuard Home.",
    "rewrite_added": "Reescritura DNS para \"{{key}}\" añadido correctamente",
    "rewrite_deleted": "Reescritura DNS para \"{{key}}\" eliminado correctamente",
    "rewrite_updated": "Reconfiguración de DNS actualizada correctamente",
    "rewrite_add": "Añadir reescritura DNS",
    "rewrite_edit": "Editar reconfiguración de DNS",
    "rewrite_not_found": "No se han encontrado reescrituras DNS",
    "rewrite_confirm_delete": "¿Estás seguro de que deseas eliminar la reescritura DNS para \"{{key}}\"?",
    "rewrite_desc": "Permite configurar fácilmente la respuesta DNS personalizada para un nombre de dominio específico.",
--- a/client/src/__locales/fa.json
+++ b/client/src/__locales/fa.json
@@ -268,8 +268,6 @@
    "blocking_mode_nxdomain": "NXDOMAIN: پاسخ با کُد NXDOMAIN",
    "blocking_mode_null_ip": "Null IP: پاسخ با آدرس آی پی صفر(0.0.0.0 برای A; :: برای AAAA)",
    "blocking_mode_custom_ip": "آی پی دستی: پاسخ با آدرس آی پی دستی تنظیم شده",
    "theme_light": "پوسته روشن",
    "theme_dark": "پوسته تیره",
    "upstream_dns_client_desc": "اگر این فیلد را خالی نگه دارید، AdGuard Home از سرور پیکربندی شده در <0> تنظیماتDNS </0> استفاده می کند.",
    "tracker_source": "منبع ردیاب",
    "source_label": "منبع",
@@ -440,9 +438,7 @@
    "setup_dns_notice": "به منظور استفاده از <1>DNS-over-HTTPS</1> یا <1>DNS-over-TLS</1>، شما نیاز به <0>پیکربندی رمزگذاری</0> در تنظیمات AdGuard Home دارید.",
    "rewrite_added": "بازنویسی DNS برای \"{{key}}\" با موفقیت اضافه شد",
    "rewrite_deleted": "بازنویسی DNS برای \"{{key}}\" با موفقیت حذف شد",
    "rewrite_updated": "بازنویسی DNS با موفقیت به روز شد",
    "rewrite_add": "افزودن بازنویسی DNS",
    "rewrite_edit": "بازنویسی DNS را ویرایش کنید",
    "rewrite_not_found": "بازنویسی DNS یافت نشد",
    "rewrite_confirm_delete": "آیا واقعا میخواهید بازنویسی DNS برای \"{{key}}\" را حذف کنید؟",
    "rewrite_desc": "به آسانی اجازه پیکربندی پاسخ DNS دستی برای یک نام دامنه خاص را می دهد.",
@@ -571,6 +567,5 @@
    "use_saved_key": "از کلید ذخیره شده قبلی استفاده کنید",
    "parental_control": "نظارت والدین",
    "safe_browsing": "وب گردی اَمن",
-    "form_error_password_length": "رمزعبور باید حداقل {{value}} کاراکتر باشد.",
+    "form_error_password_length": "رمزعبور باید حداقل {{value}} کاراکتر باشد."
    "protection_section_label": "حفاظت"
 }
--- a/client/src/__locales/fi.json
+++ b/client/src/__locales/fi.json
@@ -86,7 +86,7 @@
    "request_details": "Pyynnön tiedot",
    "client_details": "Päätelaitteen tiedot",
    "details": "Yksityiskohdat",
-    "back": "Palaa takaisin",
+    "back": "Takaisin",
    "dashboard": "Tila",
    "settings": "Asetukset",
    "filters": "Suodattimet",
@@ -146,8 +146,8 @@
    "no_servers_specified": "Palvelimia ei ole määritetty",
    "general_settings": "Yleiset asetukset",
    "dns_settings": "DNS-asetukset",
-    "dns_blocklists": "DNS-estot",
+    "dns_blocklists": "DNS-estolistat",
-    "dns_allowlists": "DNS-sallinnat",
+    "dns_allowlists": "DNS-sallittujen listat",
    "dns_blocklists_desc": "AdGuard Home estää estolistalla olevat verkkotunnukset.",
    "dns_allowlists_desc": "DNS-sallittujen listalla olevat verkkotunnukset sallitaan myös silloin, jos ne ovat jollain muulla estolistalla.",
    "custom_filtering_rules": "Omat suodatussäännöt",
@@ -222,7 +222,7 @@
    "all_lists_up_to_date_toast": "Kaikki listat ovat ajan tasalla",
    "updated_upstream_dns_toast": "Ylävirtojen palvelimet tallennettiin",
    "dns_test_ok_toast": "Määritetyt DNS-palvelimet toimivat oikein",
-    "dns_test_not_ok_toast": "Palvelin \"{{key}}\": Ei voitu käyttää, tarkista oikeinkirjoitus",
+    "dns_test_not_ok_toast": "Palvelin \"{{key}}\": ei voitu käyttää, tarkista sen oikeinkirjoitus",
    "dns_test_warning_toast": "Datavuon \"{{key}}\" ei vastaa testipyyntöihin eikä välttämättä toimi kunnolla",
    "unblock": "Salli",
    "block": "Estä",
@@ -478,9 +478,7 @@
    "setup_dns_notice": "<1>DNS-over-HTTPS</1> tai <1>DNS-over-TLS</1> -toteutuksia varten, on AdGuard Homen <0>Salausasetukset</0> määritettävä.",
    "rewrite_added": "Kohteen \"{{key}}\" DNS-uudelleenohjaus lisättiin",
    "rewrite_deleted": "Kohteen \"{{key}}\" DNS-uudelleenohjaus poistettiin",
    "rewrite_updated": "DNS-uudelleenohjaukset päivitettiin",
    "rewrite_add": "Lisää DNS-uudelleenohjaus",
    "rewrite_edit": "Muokkaa DNS-uudelleenohjausta",
    "rewrite_not_found": "DNS-uudelleenohjauksia ei löytynyt",
    "rewrite_confirm_delete": "Haluatko varmasti poistaa DNS-uudelleenohjauksen kohteelle \"{{key}}\"?",
    "rewrite_desc": "Mahdollistaa oman DNS-vastauksen helpon määrityksen tietylle verkkotunnukselle.",
@@ -629,7 +627,7 @@
    "cache_optimistic": "Optimistinen välimuisti",
    "cache_optimistic_desc": "Pakota AdGuard Home vastaamaan välimuistista vaikka tiedot olisivat vanhentuneet. Pyri samalla myös päivittämään tiedot.",
    "filter_category_general": "Yleiset",
-    "filter_category_security": "Tietoturva",
+    "filter_category_security": "Turvallisuus",
    "filter_category_regional": "Alueelliset",
    "filter_category_other": "Muut",
    "filter_category_general_desc": "Listat, jotka estävät seurannan ja mainokset useimmilla laitteilla",
--- a/client/src/__locales/fr.json
+++ b/client/src/__locales/fr.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "Pour utiliser le <1>DNS-over-HTTPS</1> ou le <1>DNS-over-TLS</1>, vous devez <0>configurer le Chiffrement</0> dans les paramètres de AdGuard Home.",
    "rewrite_added": "Réécriture DNS pour « {{key}} » ajoutée",
    "rewrite_deleted": "Réécriture DNS pour « {{key}} » supprimée",
    "rewrite_updated": "Réécriture DNS mise à jour",
    "rewrite_add": "Ajouter une réécriture DNS",
    "rewrite_edit": "Modifier la réécriture DNS",
    "rewrite_not_found": "Aucune réécriture DNS trouvée",
    "rewrite_confirm_delete": "Voulez-vous vraiment supprimer la réécriture DNS pour « {{key}} » ?",
    "rewrite_desc": "Permet de configurer facilement la réponse DNS personnalisée pour un nom de domaine spécifique.",
--- a/client/src/__locales/hr.json
+++ b/client/src/__locales/hr.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "Da biste koristili <1>DNS-over-HTTPS</1> ili <1>DNS-over-TLS</1>, morate <0>postaviti šifriranje</0> u AdGuard Home postavkama.",
    "rewrite_added": "DNS prijepis za \"{{key}}\" je uspješno dodan",
    "rewrite_deleted": "DNS prijepis za \"{{key}}\" je uspješno uklonjen",
    "rewrite_updated": "Prepisivanje DNS-a uspješno ažurirano",
    "rewrite_add": "Dodaj DNS prijepis",
    "rewrite_edit": "Uredite prepisivanje DNS-a",
    "rewrite_not_found": "Nema DNS prijepisa",
    "rewrite_confirm_delete": "Jeste li sigurni da želite ukloniti DNS prijepis za \"{{key}}\" klijenta?",
    "rewrite_desc": "Omogućuje jednostavno postavljanje prilagođenog DNS odgovora za određenu domenu.",
--- a/client/src/__locales/hu.json
+++ b/client/src/__locales/hu.json
@@ -167,7 +167,6 @@
    "enabled_parental_toast": "Szülői felügyelet engedélyezve",
    "disabled_safe_search_toast": "Biztonságos keresés letiltva",
    "enabled_save_search_toast": "Biztonságos keresés engedélyezve",
    "updated_save_search_toast": "A Biztonságos keresés beállításai frissítve",
    "enabled_table_header": "Engedélyezve",
    "name_table_header": "Név",
    "list_url_table_header": "Lista URL-je",
@@ -291,8 +290,6 @@
    "rate_limit": "Kérések korlátozása",
    "edns_enable": "EDNS kliens alhálózat engedélyezése",
    "edns_cs_desc": "Adja hozzá az EDNS Client Subnet beállítást (ECS) a felfelé irányuló kérésekhez, és naplózza a kliensek által küldött értékeket a lekérdezési naplóban.",
    "edns_use_custom_ip": "Használjon egyéni IP-címet az EDNS-hez",
    "edns_use_custom_ip_desc": "Engedélyezze az egyéni IP-cím használatát az EDNS-hez",
    "rate_limit_desc": "Maximálisan hány kérést küldhet egy kliens másodpercenkén. Ha 0-ra állítja, akkor nincs korlátozás.",
    "blocking_ipv4_desc": "A blokkolt A kéréshez visszaadandó IP-cím",
    "blocking_ipv6_desc": "A blokkolt AAAA kéréshez visszaadandó IP-cím",
@@ -478,9 +475,7 @@
    "setup_dns_notice": "Ahhoz, hogy a <1>DNS-over-HTTPS</1> vagy a <1>DNS-over-TLS</1> valamelyikét használja, muszáj <0>beállítania a titkosítást</0> az AdGuard Home beállításaiban.",
    "rewrite_added": "DNS átírás a(z) \"{{key}}\" kulcshoz sikeresen hozzáadva",
    "rewrite_deleted": "DNS átírás a(z) \"{{key}}\" kulcshoz sikeresen törölve",
    "rewrite_updated": "A DNS újraírása sikeresen frissítve",
    "rewrite_add": "DNS átírás hozzáadása",
    "rewrite_edit": "DNS újraírás szerkesztése",
    "rewrite_not_found": "Nem találhatók DNS átírások",
    "rewrite_confirm_delete": "Biztosan törölni szeretné a DNS átírást ehhez: \"{{key}}\"?",
    "rewrite_desc": "Lehetővé teszi, hogy egyszerűen beállítson egyéni DNS választ egy adott domain névhez.",
@@ -528,10 +523,6 @@
    "statistics_retention_confirm": "Biztos benne, hogy megváltoztatja a statisztika megőrzési idejét? Ha csökkentette az értéket, a megadottnál korábbi adatok elvesznek",
    "statistics_cleared": "A statisztikák sikeresen vissza lettek állítva",
    "statistics_enable": "Statisztikák engedélyezése",
    "ignore_domains": "Figyelmen kívül hagyott domainek (újsorral elválasztva)",
    "ignore_domains_title": "Figyelmen kívül hagyott domainek",
    "ignore_domains_desc_stats": "Az ezekre a tartományokra vonatkozó lekérdezések nem kerülnek a statisztikákba",
    "ignore_domains_desc_query": "Az ezekhez a tartományokhoz tartozó lekérdezések nem kerülnek a lekérdezési naplóba",
    "interval_hours": "{{count}} óra",
    "interval_hours_plural": "{{count}} óra",
    "filters_configuration": "Szűrők beállításai",
@@ -652,29 +643,5 @@
    "confirm_dns_cache_clear": "Biztos benne, hogy törölni szeretné a DNS-gyorsítótárat?",
    "cache_cleared": "A DNS gyorsítótár sikeresen törlődött",
    "clear_cache": "Gyorsítótár törlése",
-    "make_static": "Statikussá tétel",
+    "protection_section_label": "Védelem"
    "theme_auto_desc": "Automatikus (az eszköz színsémájától függően)",
    "theme_dark_desc": "Sötét téma",
    "theme_light_desc": "Világos téma",
    "disable_for_seconds": "{{count}} másodpercig",
    "disable_for_seconds_plural": "{{count}} másodpercig",
    "disable_for_minutes": "{{count}} percig",
    "disable_for_minutes_plural": "{{count}} percig",
    "disable_for_hours": "{{count}} óráig",
    "disable_for_hours_plural": "{{count}} óráig",
    "disable_until_tomorrow": "Holnapig",
    "disable_notify_for_seconds": "Kapcsolja ki a védelmet {{count}} másodpercre",
    "disable_notify_for_seconds_plural": "Kapcsolja ki a védelmet {{count}} másodpercre",
    "disable_notify_for_minutes": "Kapcsolja ki a védelmet {{count}} percre",
    "disable_notify_for_minutes_plural": "Kapcsolja ki a védelmet {{count}} percre",
    "disable_notify_for_hours": "Kapcsolja ki a védelmet {{count}} órára",
    "disable_notify_for_hours_plural": "Kapcsolja ki a védelmet {{count}} órára",
    "disable_notify_until_tomorrow": "Holnapig kapcsolja ki a védelmet",
    "enable_protection_timer": "A védelem {{time}}-kor aktiválódik",
    "custom_retention_input": "Adja meg a megőrzést órákban",
    "custom_rotation_input": "Írja be a forgatást órákban",
    "protection_section_label": "Védelem",
    "log_and_stats_section_label": "Lekérdezési napló és statisztikák",
    "ignore_query_log": "Figyelmen kívül hagyja ezt az ügyfelet a lekérdezési naplóban",
    "ignore_statistics": "Hagyja figyelmen kívül ezt az ügyfelet a statisztikákban"
 }
--- a/client/src/__locales/id.json
+++ b/client/src/__locales/id.json
@@ -474,9 +474,7 @@
    "setup_dns_notice": "Jikalau ingin menggunakan <1>DNS-over-HTTPS</1> atau <1>DNS-over-TLS</1>, Anda perlu <0>mengatur Enkripsi</0> pada pengaturan AdGuard Home.",
    "rewrite_added": "DNS rewrite untuk \"{{key}}\" berhasil ditambahkan",
    "rewrite_deleted": "DNS rewrite untuk \"{{key}}\" berhasil dihapus",
    "rewrite_updated": "Penulisan ulang DNS berhasil diperbarui",
    "rewrite_add": "Tambah DNS rewrite",
    "rewrite_edit": "Edit penulisan ulang DNS",
    "rewrite_not_found": "Tidak ada DNS rewrite ditemukan",
    "rewrite_confirm_delete": "Apakah anda yakin ingin menghapus DNS rewrite untuk \"{{key}}\"?",
    "rewrite_desc": "Memungkinkan untuk dengan mudah mengkonfigurasi respons DNS kustom untuk nama domain tertentu.",
--- a/client/src/__locales/it.json
+++ b/client/src/__locales/it.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "Per utilizzare <1>DNS su HTTPS</1> o <1>DNS su TLS</1>, è necessario <0>configurare la crittografia</0> nelle impostazioni di AdGuard Home.",
    "rewrite_added": "Riscrittura DNS per \"{{key}}\" aggiunta correttamente",
    "rewrite_deleted": "La riscrittura DNS per \"{{key}}\" è stata eliminata correttamente",
    "rewrite_updated": "Riscrittura DNS aggiornata correttamente",
    "rewrite_add": "Aggiungi la riscrittura DNS",
    "rewrite_edit": "Modifica della riscrittura DNS",
    "rewrite_not_found": "Nessuna riscrittura DNS trovata",
    "rewrite_confirm_delete": "Sei sicuro di voler cancellare la riscrittura DNS per \"{{key}}\"?",
    "rewrite_desc": "Consente di configurare facilmente la risposta DNS personalizzata per un nome di dominio specifico.",
--- a/client/src/__locales/ja.json
+++ b/client/src/__locales/ja.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "<1>DNS-over-HTTPS</1>または<1>DNS-over-TLS</1>を使用するには、AdGuard Home 設定の<0>暗号化設定</0>が必要です。",
    "rewrite_added": "\"{{key}}\" のDNS書き換え情報を追加完了しました",
    "rewrite_deleted": "\"{{key}}\" のDNS書き換え情報を削除完了しました",
    "rewrite_updated": "DNS rewrite を更新完了しました。",
    "rewrite_add": "DNS書き換え情報を追加する",
    "rewrite_edit": "DNS rewrite を編集する",
    "rewrite_not_found": "DNS書き換え情報はありません",
    "rewrite_confirm_delete": "\"{{key}}\" のDNS書き換え情報を削除してもよろしいですか？",
    "rewrite_desc": "特定のドメイン名に対するDNS応答を簡単にカスタマイズすることを可能にします。",
--- a/client/src/__locales/ko.json
+++ b/client/src/__locales/ko.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "<1>DNS-over-HTTPS</1> 또는 <1>DNS-over-TLS를</1> 사용하려면 AdGuard Home 설정에서 <0>암호화를 구성해야 합니다.</0>",
    "rewrite_added": "'{{key}}'에 대한 DNS 수정 정보를 성공적으로 추가 됩니다",
    "rewrite_deleted": "'{{key}}'에 대한 DNS 수정 정보를 성공적으로 삭제 됩니다",
    "rewrite_updated": "DNS 다시 쓰기 업데이트 완료",
    "rewrite_add": "DNS 변환 정보를 추가합니다",
    "rewrite_edit": "DNS 다시 쓰기 편집",
    "rewrite_not_found": "DNS 변경 정보를 찾을 수 없습니다",
    "rewrite_confirm_delete": "'{{key}}'에 대한 DNS 변경 정보를 삭제하시겠습니까?",
    "rewrite_desc": "특정 도메인 이름에 대한 사용자 지정 DNS 응답을 쉽게 구성할 수 있습니다.",
--- a/client/src/__locales/nl.json
+++ b/client/src/__locales/nl.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "Om <1>DNS-via-HTTPS</1> of <1>DNS-via-TLS</1> te gebruiken, moet je <0>Versleuteling configureren</0> in de AdGuard Home instellingen.",
    "rewrite_added": "DNS-herschrijving voor \"{{key}}\" met succes toegevoegd",
    "rewrite_deleted": "DNS-herschrijving voor \"{{key}}\" met succes verwijderd",
    "rewrite_updated": "DNS-herschrijven succesvol bijgewerkt",
    "rewrite_add": "DNS-herschrijving toevoegen",
    "rewrite_edit": "DNS-herschrijven bewerken",
    "rewrite_not_found": "Geen DNS-herschrijving gevonden",
    "rewrite_confirm_delete": "Bent u zeker dat u DNS-herschrijving \"{{key}}\" wilt verwijderen?",
    "rewrite_desc": "Hiermee kunt u eenvoudig aangepaste DNS-antwoorden configureren voor een specifieke domeinnaam.",
--- a/client/src/__locales/no.json
+++ b/client/src/__locales/no.json
@@ -282,8 +282,6 @@
    "blocking_mode_null_ip": "Null IP: Svar med en 0-IP-adresse (0.0.0.0 for A; :: for AAAA)",
    "blocking_mode_custom_ip": "Tilpasset IP: Svar med en manuelt valgt IP-adresse",
    "theme_auto": "Auto",
    "theme_light": "Lyst tema",
    "theme_dark": "Mørkt tema",
    "upstream_dns_client_desc": "Hvis dette feltet holdes tomt, vil AdGuard Home bruke tjenerne som er satt opp i <0>DNS-innstillingene</0>.",
    "tracker_source": "Sporerkilde",
    "source_label": "Kilde",
@@ -457,9 +455,7 @@
    "setup_dns_notice": "For å benytte <1>DNS-over-HTTPS</1> eller <1>DNS-over-TLS</1>, må du <0>sette opp Kryptering</0> i AdGuard Home-innstillingene.",
    "rewrite_added": "DNS-omdirigeringen for «{{key}}» ble vellykket lagt til",
    "rewrite_deleted": "DNS-omdirigeringen for «{{key}}» ble vellykket slettet",
    "rewrite_updated": "DNS-omskriving ble oppdatert",
    "rewrite_add": "Legg til DNS-omdirigering",
    "rewrite_edit": "Rediger DNS-omskriving",
    "rewrite_not_found": "Ingen DNS-omdirigeringer ble funnet",
    "rewrite_confirm_delete": "Er du sikker på at du vil slette DNS-omdirigeringen for «{{key}}»?",
    "rewrite_desc": "Lar deg enkelt konfigurere selvvalgte DNS-tilbakemeldinger for et spesifikt domenenavn.",
--- a/client/src/__locales/pl.json
+++ b/client/src/__locales/pl.json
@@ -222,7 +222,7 @@
    "all_lists_up_to_date_toast": "Wszystkie listy są już aktualne",
    "updated_upstream_dns_toast": "Serwery nadrzędne zostały pomyślnie zapisane",
    "dns_test_ok_toast": "Określone serwery DNS działają poprawnie",
-    "dns_test_not_ok_toast": "Serwer \"{{key}}\": nie może być użyte, sprawdź, czy zapisano go poprawnie",
+    "dns_test_not_ok_toast": "Serwer \"{{key}}\": nie można go użyć, sprawdź, czy napisałeś go poprawnie",
    "dns_test_warning_toast": "Upstream \"{{key}}\" nie odpowiada na zapytania testowe i może nie działać prawidłowo",
    "unblock": "Odblokuj",
    "block": "Zablokuj",
@@ -346,7 +346,7 @@
    "install_devices_windows_list_2": "Przejdź do kategorii Sieć i Internet, a następnie do Centrum sieci i udostępniania.",
    "install_devices_windows_list_3": "W lewym panelu kliknij \"Zmień ustawienia adaptera\".",
    "install_devices_windows_list_4": "Kliknij prawym przyciskiem myszy aktywne połączenie i wybierz Właściwości.",
-    "install_devices_windows_list_5": "Znajdź na liście \"Protokół internetowy w wersji 4 (TCP/IPv4)\" (lub w przypadku IPv6 \"Protokół internetowy w wersji 6 (TCP/IPv6)\"), zaznacz go i ponownie kliknij Właściwości.",
+    "install_devices_windows_list_5": "Znajdź na liście \"Protokół internetowy w wersji 4 (TCP/IPv4)\" (lub w przypadku IPv6 \"Protokół internetowy w wersji 6 (TCP/IPv6)\"), zaznacz go i ponownie kliknij na Właściwości.",
    "install_devices_windows_list_6": "Wybierz opcję \"Użyj następujących adresów serwerów DNS\" i wprowadź adresy serwerów AdGuard Home.",
    "install_devices_macos_list_1": "Kliknij ikonę Apple i przejdź do Preferencje systemowe.",
    "install_devices_macos_list_2": "Kliknij Sieć.",
@@ -396,7 +396,7 @@
    "encryption_issuer": "Zgłaszający",
    "encryption_hostnames": "Nazwy hostów",
    "encryption_reset": "Czy na pewno chcesz zresetować ustawienia szyfrowania?",
-    "encryption_warning": "Uwaga",
+    "encryption_warning": "Uwaga!",
    "topline_expiring_certificate": "Twój certyfikat SSL wkrótce wygaśnie. Zaktualizuj <0>Ustawienia szyfrowania</0>.",
    "topline_expired_certificate": "Twój certyfikat SSL wygasł. Zaktualizuj <0>Ustawienia szyfrowania</0>.",
    "form_error_port_range": "Wpisz numer portu z zakresu 80-65535",
@@ -478,9 +478,7 @@
    "setup_dns_notice": "Aby skorzystać z <1>DNS-over-HTTPS</1> lub <1>DNS-over-TLS</1>, musisz w ustawieniach AdGuard Home <0>skonfigurować szyfrowanie</0>.",
    "rewrite_added": "Pomyślnie dodano przepisanie DNS dla „{{key}}”",
    "rewrite_deleted": "Przepisanie DNS dla „{{key}}” zostało pomyślnie usunięte",
    "rewrite_updated": "Pomyślnie zaktualizowano przepisywanie DNS",
    "rewrite_add": "Dodaj przepisywanie DNS",
    "rewrite_edit": "Edytuj przepisywanie DNS",
    "rewrite_not_found": "Nie znaleziono przepisywania DNS",
    "rewrite_confirm_delete": "Czy na pewno chcesz usunąć przepisywanie DNS dla „{{key}}”?",
    "rewrite_desc": "Pozwala łatwo skonfigurować niestandardową odpowiedź DNS dla określonej nazwy domeny.",
@@ -544,7 +542,7 @@
    "password_placeholder": "Wpisz hasło",
    "sign_in": "Zaloguj się",
    "sign_out": "Wyloguj się",
-    "forgot_password": "Zapomniano hasła?",
+    "forgot_password": "Zapomniałeś hasła?",
    "forgot_password_desc": "Wykonaj <0>te kroki</0>, aby utworzyć nowe hasło do konta użytkownika.",
    "location": "Lokalizacja",
    "orgname": "Nazwa firmy",
--- a/client/src/__locales/pt-br.json
+++ b/client/src/__locales/pt-br.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "Para usar o <1>DNS-sobre-HTTPS</1> ou <1>DNS-sobre-TLS</1>, você precisa <0>configurar a criptografia</0> nas configurações do AdGuard Home.",
    "rewrite_added": "Reescrita de DNS para \"{{key}}\" adicionada com sucesso",
    "rewrite_deleted": "Reescrita de DNS para \"{{key}}\" excluída com sucesso",
    "rewrite_updated": "Reconfiguração de DNS atualizada com êxito",
    "rewrite_add": "Adicionar reescrita de DNS",
    "rewrite_edit": "Editar reconfiguração de DNS",
    "rewrite_not_found": "Nenhuma reescrita de DNS foi encontrada",
    "rewrite_confirm_delete": "Você tem certeza de que deseja excluir a reescrita de DNS para \"{{key}}\"?",
    "rewrite_desc": "Permite configurar uma resposta personalizada do DNS para um nome de domínio específico.",
@@ -531,7 +529,7 @@
    "ignore_domains": "Domínios ignorados (separados por nova linha)",
    "ignore_domains_title": "Domínios ignorados",
    "ignore_domains_desc_stats": "As consultas para esses domínios não são gravadas nas estatísticas",
-    "ignore_domains_desc_query": "As consultas para esses domínios não são gravadas no registro de consulta",
+    "ignore_domains_desc_query": "As consultas para esses domínios não são gravadas no log de consulta",
    "interval_hours": "{{count}} hora",
    "interval_hours_plural": "{{count}} horas",
    "filters_configuration": "Configuração de filtros",
--- a/client/src/__locales/pt-pt.json
+++ b/client/src/__locales/pt-pt.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "Para usar o <1>DNS-sobre-HTTPS</1> ou <1>DNS-sobre-TLS</1>, precisa de <0>configurar a criptografia</0> nas configurações do AdGuard Home.",
    "rewrite_added": "Reescrita de DNS para \"{{key}}\" adicionada com sucesso",
    "rewrite_deleted": "Reescrita de DNS para \"{{key}}\" excluída com sucesso",
    "rewrite_updated": "Reedição de DNS atualizada com sucesso",
    "rewrite_add": "Adicionar reescrita de DNS",
    "rewrite_edit": "Editar reedição de DNS",
    "rewrite_not_found": "Nenhuma reescrita de DNS foi encontrada",
    "rewrite_confirm_delete": "Tem a certeza de que deseja excluir a reescrita de DNS para \"{{key}}\"?",
    "rewrite_desc": "Permite configurar uma resposta personalizada do DNS para um nome de domínio específico.",
--- a/client/src/__locales/ro.json
+++ b/client/src/__locales/ro.json
@@ -167,7 +167,6 @@
    "enabled_parental_toast": "Control Parental activat",
    "disabled_safe_search_toast": "Căutare protejată dezactivată",
    "enabled_save_search_toast": "Căutare protejată activată",
    "updated_save_search_toast": "Setări Căutare sigură actualizate",
    "enabled_table_header": "Activat",
    "name_table_header": "Nume",
    "list_url_table_header": "Lista URL",
@@ -257,12 +256,12 @@
    "query_log_cleared": "Jurnalul de interogare a fost șters cu succes",
    "query_log_updated": "Jurnalul de solicitări a fost actualizat cu succes",
    "query_log_clear": "Curăță jurnalele",
-    "query_log_retention": "Interogarea jurnalelor de rotație",
+    "query_log_retention": "Retenție jurnale interogare",
    "query_log_enable": "Activați jurnal",
    "query_log_configuration": "Configurația jurnalelor",
    "query_log_disabled": "Jurnalul de interogare este dezactivat și poate fi configurat în <0>setări</0>",
    "query_log_strict_search": "Utilizați ghilimele duble pentru căutare strictă",
-    "query_log_retention_confirm": "Sigur doriți să modificați rotația jurnalului de interogări? Dacă micșorați valoarea intervalului, unele date se vor pierde",
+    "query_log_retention_confirm": "Sunteți sigur că doriți să schimbați retenția jurnalului de interogare? Reducând valoarea intervalului, unele date vor fi pierdute",
    "anonymize_client_ip": "Anonimizare client IP",
    "anonymize_client_ip_desc": "Nu salvați adresa IP completă a clientului în jurnale și statistici",
    "dns_config": "Configurația serverului DNS",
@@ -291,8 +290,6 @@
    "rate_limit": "Limita ratei",
    "edns_enable": "Activați subrețeaua de clienți EDNS",
    "edns_cs_desc": "Adaugă opțiunea EDNS Client Subnet (ECS) la solicitările în amonte și înregistrează valorile trimise de clienți în jurnalul de interogare.",
    "edns_use_custom_ip": "Utilizați IP personalizat pentru EDNS",
    "edns_use_custom_ip_desc": "Permiteți utilizarea IP-ului personalizat pentru EDNS",
    "rate_limit_desc": "Numărul de interogări pe secundă permise pe client. Setarea la 0 înseamnă că nu există limită.",
    "blocking_ipv4_desc": "Adresa IP de returnat pentru o cerere A de blocare",
    "blocking_ipv6_desc": "Adresa IP de returnat pentru o cerere AAAA de blocare",
@@ -478,9 +475,7 @@
    "setup_dns_notice": "Pentru a utiliza <1>DNS-over-HTTPS</1> sau <1>DNS-over-TLS</1>, trebuie să <0>configurați Criptarea</0> în setările AdGuard Home.",
    "rewrite_added": "Rescriere DNS pentru \"{{key}}\" adăugată cu succes",
    "rewrite_deleted": "Rescriere DNS pentru \"{{key}}\" ștearsă cu succes",
    "rewrite_updated": "DNS rescrie actualizat cu succes",
    "rewrite_add": "Adăugați rescriere DNS",
    "rewrite_edit": "Editați rescrierea DNS",
    "rewrite_not_found": "Nu s-au găsit rescrieri DNS",
    "rewrite_confirm_delete": "Sunteți sigur că doriți să ștergeți rescrierea DNS pentru \"{{key}}\"?",
    "rewrite_desc": "Permite configurarea cu ușurință a răspunsului personalizat DNS pentru un nume de domeniu specific.",
@@ -528,10 +523,6 @@
    "statistics_retention_confirm": "Sunteți sigur că doriți să schimbați păstrarea statisticilor? Dacă reduceți valoarea intervalului, unele date vor fi pierdute",
    "statistics_cleared": "Statisticile au fost șterse cu succes",
    "statistics_enable": "Activați statisticile",
    "ignore_domains": "Domenii ignorate (separate prin linie nouă)",
    "ignore_domains_title": "Domenii ignorate",
    "ignore_domains_desc_stats": "Interogările pentru aceste domenii nu sunt scrise în statistici",
    "ignore_domains_desc_query": "Interogările pentru aceste domenii nu sunt scrise în jurnalul de interogări",
    "interval_hours": "{{count}} oră",
    "interval_hours_plural": "{{count}} ore",
    "filters_configuration": "Configurația filtrelor",
@@ -652,29 +643,5 @@
    "confirm_dns_cache_clear": "Sunteți sigur că doriți să ștergeți memoria cache DNS?",
    "cache_cleared": "Cache-ul DNS a fost golit cu succes",
    "clear_cache": "Goliți memoria cache",
-    "make_static": "Faceți static",
+    "protection_section_label": "Protecție"
    "theme_auto_desc": "Auto (pe baza schemei de culori a dispozitivului dvs.)",
    "theme_dark_desc": "Temă întunecată",
    "theme_light_desc": "Temă luminoasă",
    "disable_for_seconds": "Timp de {{count}} secundă",
    "disable_for_seconds_plural": "Timp de {{count}} secunde",
    "disable_for_minutes": "Timp de {{count}} minut",
    "disable_for_minutes_plural": "Timp de {{count}} minute",
    "disable_for_hours": "Timp de {{count}} oră",
    "disable_for_hours_plural": "Timp de {{count}} ore",
    "disable_until_tomorrow": "Până mâine",
    "disable_notify_for_seconds": "Dezactivați protecția timp de {{count}} secundă",
    "disable_notify_for_seconds_plural": "Dezactivați protecția timp de {{count}} secunde",
    "disable_notify_for_minutes": "Dezactivați protecția timp de {{count}} minut",
    "disable_notify_for_minutes_plural": "Dezactivați protecția timp de {{count}} minute",
    "disable_notify_for_hours": "Dezactivează protecția timp de {{count}} oră",
    "disable_notify_for_hours_plural": "Dezactivați protecția timp de {{count}} ore",
    "disable_notify_until_tomorrow": "Dezactivează protecția până mâine",
    "enable_protection_timer": "Protecția va fi activată în {{time}}",
    "custom_retention_input": "Introduceți reținerea în ore",
    "custom_rotation_input": "Introduceți rotația în ore",
    "protection_section_label": "Protecție",
    "log_and_stats_section_label": "Jurnal de interogări și statistici",
    "ignore_query_log": "Ignorați acest client în jurnalul de interogări",
    "ignore_statistics": "Ignorați acest client în statistici"
 }
--- a/client/src/__locales/ru.json
+++ b/client/src/__locales/ru.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "Чтобы использовать <1>DNS-over-HTTPS</1> или <1>DNS-over-TLS</1>, вам нужно <0>настроить шифрование</0> в настройках AdGuard Home.",
    "rewrite_added": "Правило перезаписи DNS-запросов для «{{key}}» успешно добавлено",
    "rewrite_deleted": "Правило перезаписи DNS-запросов для «{{key}}» успешно удалено",
    "rewrite_updated": "Правило перезаписи DNS-запросов успешно обновлено",
    "rewrite_add": "Добавить правило перезаписи DNS-запросов",
    "rewrite_edit": "Редактировать правило перезаписи DNS-запросов",
    "rewrite_not_found": "Не найдено правил перезаписи DNS-запросов",
    "rewrite_confirm_delete": "Вы уверены, что хотите удалить правило перезаписи DNS-запросов для «{{key}}»?",
    "rewrite_desc": "Позволяет легко настроить пользовательский DNS-ответ для определеннного домена.",
--- a/client/src/__locales/si-lk.json
+++ b/client/src/__locales/si-lk.json
@@ -153,7 +153,6 @@
    "enabled_parental_toast": "දෙමාපිය පාලනය සබල කෙරිණි",
    "disabled_safe_search_toast": "ආරක්‍ෂිත සෙවුම අබල කෙරිණි",
    "enabled_save_search_toast": "ආරක්‍ෂිත සෙවුම සබල කෙරිණි",
    "updated_save_search_toast": "ආරක්‍ෂිත සෙවුමේ සැකසුම් යාවත්කාල විය",
    "enabled_table_header": "සබලයි",
    "name_table_header": "නම",
    "list_url_table_header": "ඒ.ස.නි.(URL) ලැයිස්තුව",
@@ -238,12 +237,12 @@
    "query_log_cleared": "විමසුම් සටහන සාර්ථකව හිස් කර ඇත",
    "query_log_updated": "විමසුම් සටහන සාර්ථකව යාවත්කාල කෙරිණි",
    "query_log_clear": "විමසුම් සටහන් හිස් කරන්න",
-    "query_log_retention": "විමසුම් සටහන් රැඳවීම",
+    "query_log_retention": "විමසුම් සටහන් රඳවා තබා ගැනීම",
    "query_log_enable": "සටහන සබල කරන්න",
    "query_log_configuration": "සටහන් වින්‍යාසය",
    "query_log_disabled": "විමසුම් සටහන අබල කර ඇති අතර එය <0>සැකසුම්</0> තුළ වින්‍යාසගත කළ හැකිය",
    "query_log_strict_search": "ඉතා නිවැරදිව සෙවීමට ද්විත්ව උද්ධෘතය භාවිතා කරන්න",
-    "query_log_retention_confirm": "විමසුම් සටහන රඳවා තබා ගැනීම වෙනස් කිරීමට වුවමනා ද? ඔබ කාල පරතරයෙහි අගය අඩු කළහොත් සමහර දත්ත නැති වී යනු ඇත",
+    "query_log_retention_confirm": "විමසුම් සටහන රඳවා තබා ගැනීම වෙනස් කිරීමට ඇවැසි බව ඔබට විශ්වාසද? ඔබ කාල පරතරයෙහි අගය අඩු කළහොත් සමහර දත්ත නැති වී යනු ඇත",
    "anonymize_client_ip": "අනුග්‍රාහකයෙහි අ.ජා.කෙ. (IP) නිර්නාමික කරන්න",
    "anonymize_client_ip_desc": "සටහන් සහ සංඛ්‍යාලේඛන තුළ අනුග්‍රාහකයේ පූර්ණ අ.ජා.කෙ. ලිපිනය සුරකින්න එපා",
    "dns_config": "ව.නා.ප. සේවාදායක වින්‍යාසය",
@@ -271,8 +270,6 @@
    "form_enter_rate_limit": "අනුපාත සීමාව ඇතුල් කරන්න",
    "rate_limit": "අනුපාත සීමාව",
    "edns_enable": "EDNS අනුග්‍රාහක අනුජාලය සබල කරන්න",
    "edns_use_custom_ip": "EDNS සඳහා අභිරුචි අ.ජා.කෙ. යොදාගන්න",
    "edns_use_custom_ip_desc": "EDNS සඳහා අභිරුචි අ.ජා.කෙ. භාවිතයට ඉඩදෙන්න",
    "rate_limit_desc": "එක් අනුග්‍රාහකයකට ඉඩ දී ඇති තත්පරයට ඉල්ලීම් ගණන. එය 0 ලෙස සැකසීම යනුවෙන් අදහස් කරන්නේ සීමාවක් නැති බවයි.",
    "blocking_ipv4_desc": "අවහිර කළ A ඉල්ලීමක් සඳහා ආපසු එවිය යුතු අ.ජා.කෙ. (IP) ලිපිනය",
    "blocking_ipv6_desc": "අවහිර කළ AAAA ඉල්ලීමක් සඳහා ආපසු එවිය යුතු අ.ජා.කෙ. (IP) ලිපිනය",
@@ -281,9 +278,6 @@
    "blocking_mode_nxdomain": "නොපවතින වසම: NXDOMAIN කේතය සමඟ ප්‍රතිචාර දක්වයි",
    "blocking_mode_null_ip": "අභිශූන්‍යය අ.ජා.කෙ.: ශුන්‍ය අ.ජා.කෙ. ලිපිනය සමඟ ප්‍රතිචාර දක්වයි (A සඳහා 0.0.0.0; AAAA සඳහා ::)",
    "blocking_mode_custom_ip": "අභිරුචි අන්තර්ජාල කෙටුම්පත: අතින් සැකසූ අ.ජා. කෙ. ලිපිනයක් සමඟ ප්‍රතිචාර දක්වයි",
    "theme_auto": "ස්වයං",
    "theme_light": "දීප්ත",
    "theme_dark": "අඳුරු",
    "upstream_dns_client_desc": "ඔබ මෙම ක්ෂේත්‍රය හිස්ව තබා ගන්නේ නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් <0>ව.නා.ප. සැකසුම්</0> හි වින්‍යාසගත කර ඇති සේවාදායක භාවිතා කරනු ඇත.",
    "tracker_source": "ලුහුබැඳීම් මූලාශ්‍රය",
    "source_label": "මූලාශ්‍රය",
@@ -376,7 +370,6 @@
    "encryption_issuer": "නිකුත් කරන්නා",
    "encryption_hostnames": "ධාරක නාම",
    "encryption_reset": "සංකේතාංකන සැකසුම් යළි පිහිටුවීමට අවශ්‍ය බව ඔබට විශ්වාස ද?",
    "encryption_warning": "අවවාදයයි",
    "topline_expiring_certificate": "ඔබගේ SSL සහතිකය කල් ඉකුත්වීමට ආසන්න වී ඇත. <0>සංකේතන සැකසුම්</0> යාවත්කාල කරන්න.",
    "topline_expired_certificate": "ඔබගේ SSL සහතිකය කල් ඉකුත් වී ඇත. <0>සංකේතන සැකසුම්</0> යාවත්කාල කරන්න.",
    "form_error_port_range": "80-65535 පරාසය හි තොටක අගයක් ඇතුල් කරන්න",
@@ -497,10 +490,8 @@
    "statistics_clear": "සංඛ්‍යාලේඛන හිස් කරන්න",
    "statistics_clear_confirm": "සංඛ්‍යාලේඛන ඉවත් කිරීමට වුවමනා ද?",
    "statistics_retention_confirm": "සංඛ්‍යාලේඛන රඳවා තබා ගැනීම වෙනස් කිරීමට අවශ්‍ය බව ඔබට විශ්වාසද? ඔබ කාල පරතරයෙහි අගය අඩු කළහොත් සමහර දත්ත නැති වී යනු ඇත",
-    "statistics_cleared": "සංඛ්‍යාලේඛන සාර්ථකව හිස් කෙරිණි",
+    "statistics_cleared": "සංඛ්‍යාලේඛන සාර්ථකව ඉවත් කෙරිණි",
    "statistics_enable": "සංඛ්‍යාලේඛන සබල කරන්න",
    "ignore_domains": "නොසලකන වසම් (පේළියකට එක බැගින්)",
    "ignore_domains_title": "නොසලකන වසම්",
    "interval_hours": "පැය {{count}}",
    "interval_hours_plural": "පැය {{count}}",
    "filters_configuration": "පෙරහන් වින්‍යාසය",
@@ -610,31 +601,5 @@
    "parental_control": "දෙමාපිය පාලනය",
    "safe_browsing": "ආරක්‍ෂිත පිරික්සුම",
    "served_from_cache": "{{value}} <i>(නිහිතයෙන් ගැනිණි)</i>",
-    "form_error_password_length": "මුරපදය අවම වශයෙන් අකුරු {{value}} ක් දිගු විය යුතුමයි",
+    "form_error_password_length": "මුරපදය අවම වශයෙන් අකුරු {{value}} ක් දිගු විය යුතුමයි"
    "cache_cleared": "ව.නා.ප. නිහිතය හිස් කෙරිණි",
    "clear_cache": "නිහිතය මකන්න",
    "make_static": "ස්ථිතික කරන්න",
    "theme_dark_desc": "අඳුරු තේමාව",
    "theme_light_desc": "දීප්ත තේමාව",
    "disable_for_seconds": "තත්පර {{count}} ක්",
    "disable_for_seconds_plural": "තත්පර {{count}} ක්",
    "disable_for_minutes": "විනාඩි {{count}} ක්",
    "disable_for_minutes_plural": "විනාඩි {{count}} ක්",
    "disable_for_hours": "පැය {{count}} ක්",
    "disable_for_hours_plural": "පැය {{count}} ක්",
    "disable_until_tomorrow": "හෙට වනතුරු",
    "disable_notify_for_seconds": "තත්. {{count}} කට රැකවරණය අබල කරන්න",
    "disable_notify_for_seconds_plural": "තත්. {{count}} කට රැකවරණය අබල කරන්න",
    "disable_notify_for_minutes": "විනාඩි {{count}} කට රැකවරණය අබල කරන්න",
    "disable_notify_for_minutes_plural": "විනාඩි {{count}} කට රැකවරණය අබල කරන්න",
    "disable_notify_for_hours": "පැය {{count}} කට රැකවරණය අබල කරන්න",
    "disable_notify_for_hours_plural": "පැය {{count}} කට රැකවරණය අබල කරන්න",
    "disable_notify_until_tomorrow": "හෙට වනතුරු රැකවරණය අබල කරන්න",
    "enable_protection_timer": "{{time}} න් රැකවරණය සබල කෙරේ",
    "custom_retention_input": "රඳවා ගැනීම පැය වලින්",
    "custom_rotation_input": "රඳවා ගැනීම පැය වලින්",
    "protection_section_label": "රැකවරණය",
    "log_and_stats_section_label": "විමසුම් සටහන හා සංඛ්‍යාලේඛන",
    "ignore_query_log": "සටහනෙහි අනුග්‍රාහකය නොසලකන්න",
    "ignore_statistics": "සංඛ්‍යාලේඛනයට අනුග්‍රාහකය නොසලකන්න"
 }
--- a/client/src/__locales/sk.json
+++ b/client/src/__locales/sk.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "Pre použitie <1>DNS-over-HTTPS</1> alebo <1>DNS-over-TLS</1>, potrebujete v nastaveniach AdGuard Home <0>nakonfigurovať šifrovanie</0>.",
    "rewrite_added": "DNS prepísanie pre \"{{key}}\" bolo úspešne pridané",
    "rewrite_deleted": "DNS prepísanie pre \"{{key}}\" bolo úspešne vymazané",
    "rewrite_updated": "Prepísanie DNS bolo úspešne aktualizované",
    "rewrite_add": "Pridať DNS prepísanie",
    "rewrite_edit": "Upraviť prepísanie DNS",
    "rewrite_not_found": "Neboli nájdené žiadne DNS prepísania",
    "rewrite_confirm_delete": "Naozaj chcete odstrániť prepísanie DNS pre \"{{key}}\"?",
    "rewrite_desc": "Umožňuje ľahko nakonfigurovať vlastnú odpoveď DNS pre konkrétne meno domény.",
--- a/client/src/__locales/sl.json
+++ b/client/src/__locales/sl.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "Za uporabo <1>DNS-prek-HTTPS</1> ali <1>DNS-prek-TLS</1>, morate <0>konfigurirati šifriranje</0> v nastavitvah AdGuard Home.",
    "rewrite_added": "Uspešno je dodano DNS prepisovanje za \"{{key}}\"",
    "rewrite_deleted": "Uspešno je izbrisano DNS prepisovanje za \"{{key}}\"",
    "rewrite_updated": "DNS prepisovanje uspešno posodobljen",
    "rewrite_add": "Dodaj prepisovanje DNS",
    "rewrite_edit": "Urejanje prepisa DNS",
    "rewrite_not_found": "Ni bilo najdenih prepisovanj DNS",
    "rewrite_confirm_delete": "Ali ste prepričani, da želite izbrisati prepisovanje DNS za \"{{key}}\"?",
    "rewrite_desc": "Omogoča enostavno konfiguriranje odgovora DNS po meri za določeno ime domene.",
--- a/client/src/__locales/sr-cs.json
+++ b/client/src/__locales/sr-cs.json
@@ -475,9 +475,7 @@
    "setup_dns_notice": "Kako biste koristili <1>DNS-over-HTTPS</1> ili <1>DNS-over-TLS</1>, potrebno je da <0>konfigurišete šifrovanje</0> u AdGuard Home postavkama.",
    "rewrite_added": "DNS prepisivanje za \"{{key}}\" je uspešno dodato",
    "rewrite_deleted": "DNS prepisivanje za \"{{key}}\" uspešno izbrisano",
    "rewrite_updated": "DNS ponovo napisao uspešno ažuriran",
    "rewrite_add": "Dodaj DNS prepisivanje",
    "rewrite_edit": "Uređivanje DNS prepravke",
    "rewrite_not_found": "DNS prepisivanja nisu pronađena",
    "rewrite_confirm_delete": "Jeste li sigurni da želite da izbrišete DNS prepisivanje za \"{{key}}\"?",
    "rewrite_desc": "Dozvoljava da jednostavno konfigurišete prilagođeni DNS odgovor za određeni domen.",
--- a/client/src/__locales/sv.json
+++ b/client/src/__locales/sv.json
@@ -475,9 +475,7 @@
    "setup_dns_notice": "För att kunna använda <1>DNS-över-HTTPS</1> eller <1>DNS-över-TLS</1>, behöver du <0>konfigurera Kryptering</0> i AdGuard Home-inställningar.",
    "rewrite_added": "DNS-omskrivning för \"{{key}}\" lyckad",
    "rewrite_deleted": "DNS-omskrivning för \"{{key}}\" har tagits bort",
    "rewrite_updated": "DNS-omskrivning har uppdaterats",
    "rewrite_add": "Lägg till DNS omskrivning",
    "rewrite_edit": "Redigera DNS-omskrivning",
    "rewrite_not_found": "Inga DNS omskrivningar hittades",
    "rewrite_confirm_delete": "Är du säker på att du vill ta bort DNS-omskrivningen för \"{{key}}\"?",
    "rewrite_desc": "Gör det enkelt att konfigurera anpassat DNS svar för ett specifikt domännamn.",
--- a/client/src/__locales/tr.json
+++ b/client/src/__locales/tr.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "<1>DNS-over-HTTPS</1> veya <1>DNS-over-TLS</1> protokolünü kullanmak için AdGuard Home üzerinde <0>Şifreleme ayarları</0> bölümünden ayarları yapmanız gerekir.",
    "rewrite_added": "\"{{key}}\" için DNS yeniden yazımı başarıyla eklendi",
    "rewrite_deleted": "\"{{key}}\" için DNS yeniden yazımı başarıyla silindi",
    "rewrite_updated": "DNS yeniden yazma başarıyla güncellendi",
    "rewrite_add": "DNS yeniden yazımı ekle",
    "rewrite_edit": "DNS yeniden yazmayı düzenle",
    "rewrite_not_found": "DNS yeniden yazımı bulunamadı",
    "rewrite_confirm_delete": "\"{{key}}\" için DNS yeniden yazımını silmek istediğinize emin misiniz?",
    "rewrite_desc": "Belirli bir alan adı için özel DNS yanıtını kolayca yapılandırmanızı sağlar.",
--- a/client/src/__locales/uk.json
+++ b/client/src/__locales/uk.json
@@ -167,7 +167,6 @@
    "enabled_parental_toast": "«Батьківський контроль» увімкнено",
    "disabled_safe_search_toast": "Безпечний пошук вимкнено",
    "enabled_save_search_toast": "Безпечний пошук увімкнено",
    "updated_save_search_toast": "Налаштування Безпечного пошуку оновлено",
    "enabled_table_header": "Увімкнено",
    "name_table_header": "Назва",
    "list_url_table_header": "URL списку",
@@ -291,8 +290,6 @@
    "rate_limit": "Обмеження швидкості",
    "edns_enable": "Увімкнути відправку EDNS Client Subnet",
    "edns_cs_desc": "Додавати параметр EDNS Client Subnet (ECS) до запитів до upstream-серверів, а також записувати в журнал значення, що надсилаються клієнтами.",
    "edns_use_custom_ip": "Використання користувацької IP-адреси для EDNS",
    "edns_use_custom_ip_desc": "Дозволити використовувати користувацьку IP-адресу для EDNS",
    "rate_limit_desc": "Кількість запитів в секунду, які може робити один клієнт. Встановлене значення «0» означатиме необмежену кількість.",
    "blocking_ipv4_desc": "IP-адреса, яку потрібно видати для заблокованого A запиту",
    "blocking_ipv6_desc": "IP-адреса, яку потрібно видати для заблокованого АААА запиту",
@@ -478,9 +475,7 @@
    "setup_dns_notice": "Для використання <1>DNS-over-HTTPS</1> або <1>DNS-over-TLS</1>, вам потрібно <0>налаштувати Шифрування</0> в налаштуваннях AdGuard Home.",
    "rewrite_added": "Перезапис DNS для «{{key}}» успішно додано",
    "rewrite_deleted": "Перезапис DNS для «{{key}}» успішно видалено",
    "rewrite_updated": "Перезапис DNS успішно оновлено",
    "rewrite_add": "Додати перезапис DNS",
    "rewrite_edit": "Редагувати перезапис DNS",
    "rewrite_not_found": "Перезаписів DNS не знайдено",
    "rewrite_confirm_delete": "Ви впевнені, що хочете видалити перезапис DNS для «{{key}}»?",
    "rewrite_desc": "Дозволяє легко налаштувати власну відповідь DNS для певного доменного імені.",
@@ -528,10 +523,6 @@
    "statistics_retention_confirm": "Ви впевнені, що хочете змінити тривалість статистики? Якщо зменшити значення інтервалу, деякі дані будуть втрачені",
    "statistics_cleared": "Статистику успішно очищено",
    "statistics_enable": "Увімкнути статистику",
    "ignore_domains": "Ігноровані домени (по одному на рядок)",
    "ignore_domains_title": "Ігноровані домени",
    "ignore_domains_desc_stats": "Запити для цих доменів в статистику не пишуться",
    "ignore_domains_desc_query": "Запити для цих доменів не записуються до журналу запитів",
    "interval_hours": "{{count}} година",
    "interval_hours_plural": "{{count}} годин(и)",
    "filters_configuration": "Конфігурація фільтрів",
@@ -652,29 +643,5 @@
    "confirm_dns_cache_clear": "Ви впевнені, що бажаєте очистити кеш DNS?",
    "cache_cleared": "Кеш DNS успішно очищено",
    "clear_cache": "Очистити кеш",
-    "make_static": "Зробити статичним",
+    "protection_section_label": "Захист"
    "theme_auto_desc": "Автоматична (на основі теми вашого пристрою)",
    "theme_dark_desc": "Темна тема",
    "theme_light_desc": "Світла тема",
    "disable_for_seconds": "На {{count}} секунду",
    "disable_for_seconds_plural": "На {{count}} секунд",
    "disable_for_minutes": "На {{count}} хвилину",
    "disable_for_minutes_plural": "На {{count}} хвилин",
    "disable_for_hours": "На {{count}} годину",
    "disable_for_hours_plural": "На {{count}} годин",
    "disable_until_tomorrow": "До завтра",
    "disable_notify_for_seconds": "Вимкнення захисту на {{count}} секунду",
    "disable_notify_for_seconds_plural": "Вимкнення захисту на {{count}} секунд",
    "disable_notify_for_minutes": "Вимкнення захисту на {{count}} хвилину",
    "disable_notify_for_minutes_plural": "Вимкнення захисту на {{count}} хвилин",
    "disable_notify_for_hours": "Вимкнення захисту на {{count}} годину",
    "disable_notify_for_hours_plural": "Вимкнення захисту на {{count}} годин",
    "disable_notify_until_tomorrow": "Відключення захисту до завтра",
    "enable_protection_timer": "Захист буде ввімкнено о {{time}}",
    "custom_retention_input": "Введіть час в годинах",
    "custom_rotation_input": "Введіть час в годинах",
    "protection_section_label": "Захист",
    "log_and_stats_section_label": "Журнал запитів і статистика",
    "ignore_query_log": "Ігнорувати цей клієнт у журналі запитів",
    "ignore_statistics": "Ігноруйте цей клієнт в статистиці"
 }
--- a/client/src/__locales/vi.json
+++ b/client/src/__locales/vi.json
@@ -167,7 +167,6 @@
    "enabled_parental_toast": "Đã bật quản lý của phụ huynh",
    "disabled_safe_search_toast": "Đã tắt tìm kiếm an toàn",
    "enabled_save_search_toast": "Đã bật tìm kiếm an toàn",
    "updated_save_search_toast": "Cài đặt Tìm kiếm an toàn đã được cập nhật",
    "enabled_table_header": "Kích hoạt",
    "name_table_header": "Tên",
    "list_url_table_header": "URL bộ lọc",
@@ -257,12 +256,12 @@
    "query_log_cleared": "Nhật ký truy vấn đã được xóa thành công",
    "query_log_updated": "Cập nhật thành công nhật kí truy xuất",
    "query_log_clear": "Xóa nhật ký truy vấn",
-    "query_log_retention": "Xoay vòng nhật ký truy vấn",
+    "query_log_retention": "Lưu giữ nhật ký truy vấn",
    "query_log_enable": "Bật nhật ký",
    "query_log_configuration": "Cấu hình nhật ký",
    "query_log_disabled": "Nhật ký truy vấn bị vô hiệu hóa và có thể được định cấu hình trong <0>cài đặt</ 0>",
    "query_log_strict_search": "Sử dụng dấu ngoặc kép để tìm kiếm nghiêm ngặt",
-    "query_log_retention_confirm": "Bạn có chắc chắn muốn thay đổi xoay vòng nhật ký truy vấn không? Nếu bạn giảm giá trị khoảng thời gian, một số dữ liệu sẽ bị mất",
+    "query_log_retention_confirm": "Bạn có chắc chắn muốn thay đổi lưu giữ nhật ký truy vấn? Nếu bạn giảm giá trị khoảng, một số dữ liệu sẽ bị mất",
    "anonymize_client_ip": "Ẩn danh IP khách",
    "anonymize_client_ip_desc": "Không lưu địa chỉ IP đầy đủ của khách hàng trong nhật ký và thống kê",
    "dns_config": "Thiết lập máy chủ DNS",
@@ -291,8 +290,6 @@
    "rate_limit": "Giới hạn yêu cầu",
    "edns_enable": "Bật mạng con EDNS Client",
    "edns_cs_desc": "Thêm tùy chọn EDNS Client Subnet (ECS) vào các yêu cầu ngược dòng và ghi lại các giá trị được gửi bởi các máy khách trong nhật ký truy vấn.",
    "edns_use_custom_ip": "Sử dụng địa chỉ IP tùy chỉnh cho EDNS",
    "edns_use_custom_ip_desc": "Cho phép sử dụng địa chỉ IP tùy chỉnh cho EDNS",
    "rate_limit_desc": "Số lượng yêu cầu mỗi giây mà một khách hàng được phép thực hiện (0: không giới hạn)",
    "blocking_ipv4_desc": "Địa chỉ IP được trả lại cho một yêu cầu A bị chặn",
    "blocking_ipv6_desc": "Địa chỉ IP được trả lại cho một yêu cầu AAA bị chặn",
@@ -478,9 +475,7 @@
    "setup_dns_notice": "Để sử dụng <1>DNS-over-HTTPS</1> hoặc <1>DNS-over-TLS</1>, bạn cần <0>định cấu hình Mã hóa</0> trong cài đặt AdGuard Home.",
    "rewrite_added": "DNS viết lại cho \"{{key}}\" đã thêm thành công",
    "rewrite_deleted": "DNS viết lại cho \"{{key}}\" đã xóa thành công",
    "rewrite_updated": "Viết lại DNS được cập nhật thành công",
    "rewrite_add": "Thêm DNS viết lại",
    "rewrite_edit": "Chỉnh sửa viết lại DNS",
    "rewrite_not_found": "Không tìm thấy DNS viết lại",
    "rewrite_confirm_delete": "Bạn có chắc chắn muốn xóa DNS viết lại cho \"{{key}}\" không?",
    "rewrite_desc": "Cho phép dễ dàng định cấu hình tùy chỉnh DNS phản hồi cho một tên miền cụ thể.",
@@ -528,10 +523,6 @@
    "statistics_retention_confirm": "Bạn có chắc chắn muốn thay đổi lưu giữ số liệu thống kê? Nếu bạn giảm giá trị khoảng, một số dữ liệu sẽ bị mất",
    "statistics_cleared": "Xoá thống kê thành công",
    "statistics_enable": "Bật thống kê",
    "ignore_domains": "Các miền bị bỏ qua (cách nhau bởi dòng mới)",
    "ignore_domains_title": "Các miền bị bỏ qua",
    "ignore_domains_desc_stats": "Các truy vấn cho các miền này sẽ không được ghi vào thống kê",
    "ignore_domains_desc_query": "Các truy vấn cho các miền này sẽ không được ghi vào nhật ký truy vấn",
    "interval_hours": "{{count}} giờ",
    "interval_hours_plural": "{{count}} giờ",
    "filters_configuration": "Cấu hình bộ lọc",
@@ -652,29 +643,5 @@
    "confirm_dns_cache_clear": "Bạn có chắc chắn muốn xóa bộ đệm ẩn DNS không?",
    "cache_cleared": "Đã xóa thành công bộ đệm DNS",
    "clear_cache": "Xóa bộ nhớ cache",
-    "make_static": "Chuyển sang tĩnh",
+    "protection_section_label": "Sự bảo vệ"
    "theme_auto_desc": "Tự động (dựa trên chủ đề màu của thiết bị của bạn)",
    "theme_dark_desc": "Chủ đề tối",
    "theme_light_desc": "Chủ đề sáng",
    "disable_for_seconds": "Trong {{count}} giây",
    "disable_for_seconds_plural": "Trong {{count}} giây",
    "disable_for_minutes": "Trong {{count}} phút",
    "disable_for_minutes_plural": "Trong {{count}} phút",
    "disable_for_hours": "Trong {{count}} giờ",
    "disable_for_hours_plural": "Trong {{count}} giờ",
    "disable_until_tomorrow": "Cho đến ngày mai",
    "disable_notify_for_seconds": "Tắt bảo vệ trong {{count}} giây",
    "disable_notify_for_seconds_plural": "Tắt bảo vệ trong {{count}} giây",
    "disable_notify_for_minutes": "Tắt bảo vệ trong {{count}} phút",
    "disable_notify_for_minutes_plural": "Tắt bảo vệ trong {{count}} phút",
    "disable_notify_for_hours": "Tắt bảo vệ trong {{count}} giờ",
    "disable_notify_for_hours_plural": "Tắt bảo vệ trong {{count}} giờ",
    "disable_notify_until_tomorrow": "Vô hiệu hóa bảo vệ cho đến ngày mai",
    "enable_protection_timer": "Bảo vệ sẽ được bật trong {{time}}",
    "custom_retention_input": "Nhập thời gian giữ lại theo giờ",
    "custom_rotation_input": "Nhập chu kỳ theo giờ",
    "protection_section_label": "Sự bảo vệ",
    "log_and_stats_section_label": "Nhật ký truy vấn và thống kê",
    "ignore_query_log": "Bỏ qua máy khách này trong nhật ký truy vấn",
    "ignore_statistics": "Bỏ qua máy khách này trong thống kê"
 }
--- a/client/src/__locales/zh-cn.json
+++ b/client/src/__locales/zh-cn.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "为了使用 <1>DNS-over-HTTPS</1> 或者 <1>DNS-over-TLS</1> ，您需要在 AdGuard Home 设置中 <0>配置加密</0> 。",
    "rewrite_added": "已成功添加 \"{{key}}\" 的 DNS 重写",
    "rewrite_deleted": "已成功删除 \"{{key}}\" 的 DNS 重写",
    "rewrite_updated": "DNS 重写已成功更新",
    "rewrite_add": "添加 DNS 重写",
    "rewrite_edit": "编辑 DNS 重写",
    "rewrite_not_found": "未找到 DNS 重写",
    "rewrite_confirm_delete": "您确定要删除 \"{{key}}\" 的 DNS 重写？",
    "rewrite_desc": "可以轻松地为特定域名配置自定义 DNS 响应。",
--- a/client/src/__locales/zh-hk.json
+++ b/client/src/__locales/zh-hk.json
@@ -48,7 +48,6 @@
    "out_of_range_error": "必須介於 \"{{start}}\" - \"{{end}}\" 範圍之外",
    "lower_range_start_error": "必須小於起始值",
    "greater_range_start_error": "必須大於起始值",
    "gateway_or_subnet_invalid": "無效子網路",
    "dhcp_form_gateway_input": "閘道 IP 位址",
    "dhcp_form_subnet_input": "子網路遮罩",
    "dhcp_form_range_title": "IP 位址範圍",
@@ -196,7 +195,6 @@
    "form_error_url_or_path_format": "列表中含有的 URL 網址或絕對路徑",
    "custom_filter_rules": "自訂過濾規則",
    "custom_filter_rules_hint": "一行一條規則。您可以使用「adblock」語法或「hosts檔案」的語法。",
    "system_host_files": "系統 hosts 檔案",
    "examples_title": "範例",
    "example_meaning_filter_block": "封鎖對 example.org 網域及其所有子網域的存取",
    "example_meaning_filter_whitelist": "解除對 example.org 網域及其所有子網域存取封鎖",
@@ -281,8 +279,6 @@
    "rate_limit": "速率限制",
    "edns_enable": "啟用 EDNS Client Subnet",
    "edns_cs_desc": "傳送用戶端的子網路給 DNS 伺服器。",
    "edns_use_custom_ip": "使用自訂 EDNS IP",
    "edns_use_custom_ip_desc": "允許使用自訂 EDNS IP",
    "rate_limit_desc": "限制單一裝置每秒發出的查詢次數（設定為 0 即表示無限制）",
    "blocking_ipv4_desc": "回覆指定 IPv4 位址給被封鎖的網域的 A 紀錄查詢",
    "blocking_ipv6_desc": "回覆指定 IPv6 位址給被封鎖的網域的 AAAA 紀錄查詢",
@@ -291,9 +287,6 @@
    "blocking_mode_nxdomain": "NXDOMAIN：回應 NXDOMAIN 狀態碼",
    "blocking_mode_null_ip": "Null IP：回應零值的 IP 位址（A 紀錄回應 0.0.0.0 ，AAAA 紀錄回應 ::）",
    "blocking_mode_custom_ip": "自訂 IP 位址：回應一個自訂的 IP 位址",
    "theme_auto": "自動",
    "theme_light": "明亮",
    "theme_dark": "深色",
    "upstream_dns_client_desc": "如果您將此欄位留白，AdGuard Home 將使用 <0>DNS 設定</0> 內的設定的 DNS 伺服器。",
    "tracker_source": "追蹤器來源",
    "source_label": "來源",
@@ -404,7 +397,6 @@
    "dns_providers": "下列為常見的<0> DNS 伺服器</0>。",
    "update_now": "立即更新",
    "update_failed": "自動更新發生錯誤。請嘗試依照<a>以下步驟</a> 來手動更新。",
    "manual_update": "請嘗試依照<a>下列步驟</a>來手動更新。",
    "processing_update": "請稍候，AdGuard Home 正在更新",
    "clients_title": "用戶端",
    "clients_desc": "對已連接到 AdGuard Home 的裝置進行設定",
@@ -621,22 +613,5 @@
    "original_response": "原始回應",
    "click_to_view_queries": "按一下以檢視查詢結果",
    "port_53_faq_link": "連接埠 53 經常被「DNSStubListener」或「systemd-resolved」服務佔用。請閱讀下列有關解決<0>這個問題</0>的說明",
-    "adg_will_drop_dns_queries": "AdGuard Home 將停止回應此用戶端的所有 DNS 查詢。",
+    "adg_will_drop_dns_queries": "AdGuard Home 將停止回應此用戶端的所有 DNS 查詢。"
    "safe_browsing": "安全瀏覽",
    "served_from_cache": "{{value}} <i>(由快取回應)</i>",
    "form_error_password_length": "密碼必須至少 {{value}} 個字元長度",
    "theme_dark_desc": "深色主題",
    "theme_light_desc": "淺色主題",
    "disable_for_seconds": "{{count}} 秒",
    "disable_for_seconds_plural": "{{count}} 秒",
    "disable_for_minutes": "{{count}} 分鐘",
    "disable_for_minutes_plural": "{{count}} 分鐘",
    "disable_for_hours": "{{count}} 小時",
    "disable_for_hours_plural": "{{count}} 小時",
    "disable_until_tomorrow": "直到明天",
    "disable_notify_for_seconds": "暫停防護 {{count}} 秒",
    "disable_notify_for_seconds_plural": "暫停防護 {{count}} 秒",
    "disable_notify_for_minutes": "暫停防護 {{count}} 分鐘",
    "disable_notify_for_minutes_plural": "暫停防護 {{count}} 分鐘",
    "disable_notify_for_hours": "暫停防護 {{count}} 小時"
 }
--- a/client/src/__locales/zh-tw.json
+++ b/client/src/__locales/zh-tw.json
@@ -478,9 +478,7 @@
    "setup_dns_notice": "為了使用 <1>DNS-over-HTTPS</1> 或 <1>DNS-over-TLS</1>，您需要在 AdGuard Home 設定裡<0>配置加密</0>。",
    "rewrite_added": "對於 \"{{key}}\" 之 DNS 改寫被成功地加入",
    "rewrite_deleted": "對於 \"{{key}}\" 之 DNS 改寫被成功地刪除",
    "rewrite_updated": "DNS 重寫已成功更新",
    "rewrite_add": "新增 DNS 改寫",
    "rewrite_edit": "編輯 DNS 重寫",
    "rewrite_not_found": "無已發現之 DNS 改寫",
    "rewrite_confirm_delete": "您確定您想要刪除對於 \"{{key}}\" 之 DNS 改寫嗎？",
    "rewrite_desc": "允許輕易地配置自訂的 DNS 回應供特定的域名。",
--- a/client/src/actions/rewrites.js
+++ b/client/src/actions/rewrites.js
@@ -38,29 +38,6 @@ export const addRewrite = (config) => async (dispatch) => {
    }
 };
 export const updateRewriteRequest = createAction('UPDATE_REWRITE_REQUEST');
 export const updateRewriteFailure = createAction('UPDATE_REWRITE_FAILURE');
 export const updateRewriteSuccess = createAction('UPDATE_REWRITE_SUCCESS');
 /**
 * @param {Object} config
 * @param {string} config.target - current DNS rewrite value
 * @param {string} config.update - updated DNS rewrite value
 */
 export const updateRewrite = (config) => async (dispatch) => {
    dispatch(updateRewriteRequest());
    try {
        await apiClient.updateRewrite(config);
        dispatch(updateRewriteSuccess());
        dispatch(toggleRewritesModal());
        dispatch(getRewritesList());
        dispatch(addSuccessToast(i18next.t('rewrite_updated', { key: config.domain })));
    } catch (error) {
        dispatch(addErrorToast({ error }));
        dispatch(updateRewriteFailure());
    }
 };
 export const deleteRewriteRequest = createAction('DELETE_REWRITE_REQUEST');
 export const deleteRewriteFailure = createAction('DELETE_REWRITE_FAILURE');
 export const deleteRewriteSuccess = createAction('DELETE_REWRITE_SUCCESS');
--- a/client/src/api/Api.js
+++ b/client/src/api/Api.js
@@ -455,8 +455,6 @@ class Api {
    REWRITE_ADD = { path: 'rewrite/add', method: 'POST' };
    REWRITE_UPDATE = { path: 'rewrite/update', method: 'PUT' };
    REWRITE_DELETE = { path: 'rewrite/delete', method: 'POST' };
    getRewritesList() {
@@ -472,14 +470,6 @@ class Api {
        return this.makeRequest(path, method, parameters);
    }
    updateRewrite(config) {
        const { path, method } = this.REWRITE_UPDATE;
        const parameters = {
            data: config,
        };
        return this.makeRequest(path, method, parameters);
    }
    deleteRewrite(config) {
        const { path, method } = this.REWRITE_DELETE;
        const parameters = {
--- a/client/src/components/Filters/Rewrites/Form.js
+++ b/client/src/components/Filters/Rewrites/Form.js
@@ -105,7 +105,6 @@ Form.propTypes = {
    submitting: PropTypes.bool.isRequired,
    processingAdd: PropTypes.bool.isRequired,
    t: PropTypes.func.isRequired,
    initialValues: PropTypes.object,
 };
 export default flow([
--- a/client/src/components/Filters/Rewrites/Modal.js
+++ b/client/src/components/Filters/Rewrites/Modal.js
@@ -3,7 +3,6 @@ import PropTypes from 'prop-types';
 import { Trans, withTranslation } from 'react-i18next';
 import ReactModal from 'react-modal';
 import { MODAL_TYPE } from '../../../helpers/constants';
 import Form from './Form';
 const Modal = (props) => {
@@ -13,8 +12,6 @@ const Modal = (props) => {
        toggleRewritesModal,
        processingAdd,
        processingDelete,
        modalType,
        currentRewrite,
    } = props;
    return (
@@ -27,18 +24,13 @@ const Modal = (props) => {
            <div className="modal-content">
                <div className="modal-header">
                    <h4 className="modal-title">
                        {modalType === MODAL_TYPE.EDIT_REWRITE ? (
                            <Trans>rewrite_edit</Trans>
                        ) : (
                        <Trans>rewrite_add</Trans>
                        )}
                    </h4>
                    <button type="button" className="close" onClick={() => toggleRewritesModal()}>
                        <span className="sr-only">Close</span>
                    </button>
                </div>
                <Form
                    initialValues={{ ...currentRewrite }}
                    onSubmit={handleSubmit}
                    toggleRewritesModal={toggleRewritesModal}
                    processingAdd={processingAdd}
@@ -55,8 +47,6 @@ Modal.propTypes = {
    toggleRewritesModal: PropTypes.func.isRequired,
    processingAdd: PropTypes.bool.isRequired,
    processingDelete: PropTypes.bool.isRequired,
    modalType: PropTypes.string.isRequired,
    currentRewrite: PropTypes.object,
 };
 export default withTranslation()(Modal);
--- a/client/src/components/Filters/Rewrites/Table.js
+++ b/client/src/components/Filters/Rewrites/Table.js
@@ -3,7 +3,6 @@ import PropTypes from 'prop-types';
 import ReactTable from 'react-table';
 import { withTranslation } from 'react-i18next';
 import { sortIp } from '../../../helpers/helpers';
 import { MODAL_TYPE } from '../../../helpers/constants';
 class Table extends Component {
    cellWrap = ({ value }) => (
@@ -32,35 +31,16 @@ class Table extends Component {
            maxWidth: 100,
            sortable: false,
            resizable: false,
-            Cell: (value) => {
+            Cell: (value) => (
                const currentRewrite = {
                    answer: value.row.answer,
                    domain: value.row.domain,
                };
                return (
                <div className="logs__row logs__row--center">
                    <button
                        type="button"
-                            className="btn btn-icon btn-outline-primary btn-sm mr-2"
+                        className="btn btn-icon btn-icon--green btn-outline-secondary btn-sm"
-                            onClick={() => {
+                        onClick={() => this.props.handleDelete({
-                                this.props.toggleRewritesModal({
+                            answer: value.row.answer,
-                                    type: MODAL_TYPE.EDIT_REWRITE,
+                            domain: value.row.domain,
-                                    currentRewrite,
+                        })
-                                });
+                        }
                            }}
                            disabled={this.props.processingUpdate}
                            title={this.props.t('edit_table_action')}
                        >
                            <svg className="icons icon12">
                                <use xlinkHref="#edit" />
                            </svg>
                        </button>
                        <button
                            type="button"
                            className="btn btn-icon btn-outline-secondary btn-sm"
                            onClick={() => this.props.handleDelete(currentRewrite)}
                        title={this.props.t('delete_table_action')}
                    >
                        <svg className="icons">
@@ -68,8 +48,7 @@ class Table extends Component {
                        </svg>
                    </button>
                </div>
-                );
+            ),
            },
        },
    ];
@@ -105,9 +84,7 @@ Table.propTypes = {
    processing: PropTypes.bool.isRequired,
    processingAdd: PropTypes.bool.isRequired,
    processingDelete: PropTypes.bool.isRequired,
    processingUpdate: PropTypes.bool.isRequired,
    handleDelete: PropTypes.func.isRequired,
    toggleRewritesModal: PropTypes.func.isRequired,
 };
 export default withTranslation()(Table);
--- a/client/src/components/Filters/Rewrites/index.js
+++ b/client/src/components/Filters/Rewrites/index.js
@@ -6,13 +6,16 @@ import Table from './Table';
 import Modal from './Modal';
 import Card from '../../ui/Card';
 import PageTitle from '../../ui/PageTitle';
 import { MODAL_TYPE } from '../../../helpers/constants';
 class Rewrites extends Component {
    componentDidMount() {
        this.props.getRewritesList();
    }
    handleSubmit = (values) => {
        this.props.addRewrite(values);
    };
    handleDelete = (values) => {
        // eslint-disable-next-line no-alert
        if (window.confirm(this.props.t('rewrite_confirm_delete', { key: values.domain }))) {
@@ -20,19 +23,6 @@ class Rewrites extends Component {
        }
    };
    handleSubmit = (values) => {
        const { modalType, currentRewrite } = this.props.rewrites;
        if (modalType === MODAL_TYPE.EDIT_REWRITE && currentRewrite) {
            this.props.updateRewrite({
                target: currentRewrite,
                update: values,
            });
        } else {
            this.props.addRewrite(values);
        }
    };
    render() {
        const {
            t,
@@ -46,9 +36,6 @@ class Rewrites extends Component {
            processing,
            processingAdd,
            processingDelete,
            processingUpdate,
            modalType,
            currentRewrite,
        } = rewrites;
        return (
@@ -67,15 +54,13 @@ class Rewrites extends Component {
                            processing={processing}
                            processingAdd={processingAdd}
                            processingDelete={processingDelete}
                            processingUpdate={processingUpdate}
                            handleDelete={this.handleDelete}
                            toggleRewritesModal={toggleRewritesModal}
                        />
                        <button
                            type="button"
                            className="btn btn-success btn-standard mt-3"
-                            onClick={() => toggleRewritesModal({ type: MODAL_TYPE.ADD_REWRITE })}
+                            onClick={() => toggleRewritesModal()}
                            disabled={processingAdd}
                        >
                            <Trans>rewrite_add</Trans>
@@ -83,13 +68,10 @@ class Rewrites extends Component {
                        <Modal
                            isModalOpen={isModalOpen}
                            modalType={modalType}
                            toggleRewritesModal={toggleRewritesModal}
                            handleSubmit={this.handleSubmit}
                            processingAdd={processingAdd}
                            processingDelete={processingDelete}
                            processingUpdate={processingUpdate}
                            currentRewrite={currentRewrite}
                        />
                    </Fragment>
                </Card>
@@ -104,7 +86,6 @@ Rewrites.propTypes = {
    toggleRewritesModal: PropTypes.func.isRequired,
    addRewrite: PropTypes.func.isRequired,
    deleteRewrite: PropTypes.func.isRequired,
    updateRewrite: PropTypes.func.isRequired,
    rewrites: PropTypes.object.isRequired,
 };
--- a/client/src/components/Filters/Table.js
+++ b/client/src/components/Filters/Table.js
@@ -48,7 +48,6 @@ class Table extends Component {
            Header: <Trans>list_url_table_header</Trans>,
            accessor: 'url',
            minWidth: 180,
            // eslint-disable-next-line react/prop-types
            Cell: ({ value }) => (
                <div className="logs__row">
                    {isValidAbsolutePath(value) ? value
--- a/client/src/components/ProtectionTimer/index.js
+++ b/client/src/components/ProtectionTimer/index.js
@@ -32,8 +32,6 @@ const ProtectionTimer = ({
 };
 ProtectionTimer.propTypes = {
    protectionDisabledDuration: PropTypes.number,
    toggleProtectionSuccess: PropTypes.func.isRequired,
    setProtectionTimerTime: PropTypes.func.isRequired,
 };
--- a/client/src/components/Settings/LogsConfig/Form.js
+++ b/client/src/components/Settings/LogsConfig/Form.js
@@ -27,6 +27,7 @@ import {
 } from '../../../helpers/constants';
 import '../FormButton.css';
 const getIntervalTitle = (interval, t) => {
    switch (interval) {
        case RETENTION_CUSTOM:
--- a/client/src/components/Settings/StatsConfig/Form.js
+++ b/client/src/components/Settings/StatsConfig/Form.js
@@ -7,6 +7,7 @@ import { Trans, withTranslation } from 'react-i18next';
 import flow from 'lodash/flow';
 import { connect } from 'react-redux';
 import {
    renderRadioField,
    toNumber,
--- a/client/src/components/ui/Icons.js
+++ b/client/src/components/ui/Icons.js
@@ -1,4 +1,3 @@
 /* eslint-disable react/no-unknown-property */
 import React from 'react';
 import './Icons.css';
--- a/client/src/containers/DnsRewrites.js
+++ b/client/src/containers/DnsRewrites.js
@@ -3,7 +3,6 @@ import {
    getRewritesList,
    addRewrite,
    deleteRewrite,
    updateRewrite,
    toggleRewritesModal,
 } from '../actions/rewrites';
 import Rewrites from '../components/Filters/Rewrites';
@@ -18,7 +17,6 @@ const mapDispatchToProps = {
    getRewritesList,
    addRewrite,
    deleteRewrite,
    updateRewrite,
    toggleRewritesModal,
 };
--- a/client/src/helpers/constants.js
+++ b/client/src/helpers/constants.js
@@ -173,8 +173,6 @@ export const MODAL_TYPE = {
    ADD_FILTERS: 'ADD_FILTERS',
    EDIT_FILTERS: 'EDIT_FILTERS',
    CHOOSE_FILTERING_LIST: 'CHOOSE_FILTERING_LIST',
    ADD_REWRITE: 'ADD_REWRITE',
    EDIT_REWRITE: 'EDIT_REWRITE',
 };
 export const CLIENT_ID = {
--- a/client/src/helpers/filters/filters.js
+++ b/client/src/helpers/filters/filters.js
@@ -100,12 +100,6 @@ export default {
            "homepage": "https://github.com/DandelionSprout/adfilt",
            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_13.txt"
        },
        "POL_cert_polska_list_of_malicious_domains": {
            "name": "POL: CERT Polska List of malicious domains",
            "categoryId": "regional",
            "homepage": "https://cert.pl/posts/2020/03/ostrzezenia_phishing/",
            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_41.txt"
        },
        "POL_polish_filters_for_pi_hole": {
            "name": "POL: Polish filters for Pi-hole",
            "categoryId": "regional",
@@ -124,12 +118,6 @@ export default {
            "homepage": "https://github.com/bkrucarci/turk-adlist",
            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_26.txt"
        },
        "TUR_turkish_ad_hosts": {
            "name": "TUR: Turkish Ad Hosts",
            "categoryId": "regional",
            "homepage": "https://github.com/symbuzzer/Turkish-Ad-Hosts",
            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_40.txt"
        },
        "VNM_abpvn": {
            "name": "VNM: ABPVN List",
            "categoryId": "regional",
@@ -226,12 +214,6 @@ export default {
            "homepage": "https://github.com/durablenapkin/scamblocklist",
            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt"
        },
        "shadowwhisperers_malware_list": {
            "name": "ShadowWhisperer's Malware List",
            "categoryId": "security",
            "homepage": "https://github.com/ShadowWhisperer/BlockLists",
            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_42.txt"
        },
        "staklerware_indicators_list": {
            "name": "Stalkerware Indicators List",
            "categoryId": "security",
--- a/client/src/helpers/helpers.js
+++ b/client/src/helpers/helpers.js
@@ -845,6 +845,7 @@ export const sortIp = (a, b) => {
    }
 };
 /**
 * @param {number} filterId
 * @returns {string}
--- a/client/src/helpers/trackers/trackers.json
+++ b/client/src/helpers/trackers/trackers.json
--- a/client/src/reducers/rewrites.js
+++ b/client/src/reducers/rewrites.js
@@ -30,27 +30,7 @@ const rewrites = handleActions(
        [actions.deleteRewriteFailure]: (state) => ({ ...state, processingDelete: false }),
        [actions.deleteRewriteSuccess]: (state) => ({ ...state, processingDelete: false }),
-        [actions.updateRewriteRequest]: (state) => ({ ...state, processingUpdate: true }),
+        [actions.toggleRewritesModal]: (state) => {
        [actions.updateRewriteFailure]: (state) => ({ ...state, processingUpdate: false }),
        [actions.updateRewriteSuccess]: (state) => {
            const newState = {
                ...state,
                processingUpdate: false,
            };
            return newState;
        },
        [actions.toggleRewritesModal]: (state, { payload }) => {
            if (payload) {
                const newState = {
                    ...state,
                    modalType: payload.type || '',
                    isModalOpen: !state.isModalOpen,
                    currentRewrite: payload.currentRewrite,
                };
                return newState;
            }
            const newState = {
                ...state,
                isModalOpen: !state.isModalOpen,
@@ -62,10 +42,7 @@ const rewrites = handleActions(
        processing: true,
        processingAdd: false,
        processingDelete: false,
        processingUpdate: false,
        isModalOpen: false,
        modalType: '',
        currentRewrite: {},
        list: [],
    },
 );
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -82,5 +82,6 @@ CMD [ \
 	"/opt/adguardhome/AdGuardHome", \
 	"--no-check-update", \
 	"-c", "/opt/adguardhome/conf/AdGuardHome.yaml", \
 	"-h", "0.0.0.0", \
 	"-w", "/opt/adguardhome/work" \
 ]
--- a/go.mod
+++ b/go.mod
@@ -3,13 +3,11 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.19
 require (
-	// TODO(a.garipov): Update to a tagged version when it's released.
+	github.com/AdguardTeam/dnsproxy v0.49.1
-	github.com/AdguardTeam/dnsproxy v0.50.3-0.20230628054307-31e374065768
+	github.com/AdguardTeam/golibs v0.13.2
 	github.com/AdguardTeam/golibs v0.13.3
 	github.com/AdguardTeam/urlfilter v0.16.1
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.2.7
 	github.com/bluele/gcache v0.0.2
 	github.com/digineo/go-ipset/v2 v2.2.1
 	github.com/dimfeld/httptreemux/v5 v5.5.0
 	github.com/fsnotify/fsnotify v1.6.0
@@ -18,24 +16,24 @@ require (
 	github.com/google/gopacket v1.1.19
 	github.com/google/renameio v1.0.1
 	github.com/google/uuid v1.3.0
-	github.com/insomniacslk/dhcp v0.0.0-20230612134759-b20c9ba983df
+	github.com/insomniacslk/dhcp v0.0.0-20221215072855-de60144f33f8
 	github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86
 	github.com/kardianos/service v1.2.2
 	github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118
-	github.com/mdlayher/netlink v1.7.2
+	github.com/mdlayher/netlink v1.7.1
-	github.com/mdlayher/packet v1.1.2
+	github.com/mdlayher/packet v1.1.1
 	// TODO(a.garipov): This package is deprecated; find a new one or use our
 	// own code for that.  Perhaps, use gopacket.
 	github.com/mdlayher/raw v0.1.0
-	github.com/miekg/dns v1.1.55
+	github.com/miekg/dns v1.1.53
-	github.com/quic-go/quic-go v0.35.1
+	github.com/quic-go/quic-go v0.33.0
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.8.2
 	github.com/ti-mo/netfilter v0.5.0
 	go.etcd.io/bbolt v1.3.7
-	golang.org/x/crypto v0.10.0
+	golang.org/x/crypto v0.8.0
-	golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df
+	golang.org/x/exp v0.0.0-20230321023759-10a507213a29
-	golang.org/x/net v0.11.0
+	golang.org/x/net v0.9.0
-	golang.org/x/sys v0.9.0
+	golang.org/x/sys v0.7.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gopkg.in/yaml.v3 v3.0.1
 	howett.net/plist v1.0.0
@@ -46,22 +44,23 @@ require (
 	github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 // indirect
 	github.com/ameshkov/dnsstamps v1.0.3 // indirect
 	github.com/beefsack/go-rate v0.0.0-20220214233405-116f4ca011a0 // indirect
 	github.com/bluele/gcache v0.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/golang/mock v1.6.0 // indirect
-	github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 // indirect
+	github.com/google/pprof v0.0.0-20230406165453-00490a63f317 // indirect
-	github.com/mdlayher/socket v0.4.1 // indirect
+	github.com/mdlayher/socket v0.4.0 // indirect
-	github.com/onsi/ginkgo/v2 v2.11.0 // indirect
+	github.com/onsi/ginkgo/v2 v2.9.2 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
-	github.com/pierrec/lz4/v4 v4.1.18 // indirect
+	github.com/pierrec/lz4/v4 v4.1.17 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/quic-go/qpack v0.4.0 // indirect
 	github.com/quic-go/qtls-go1-19 v0.3.2 // indirect
 	github.com/quic-go/qtls-go1-20 v0.2.2 // indirect
 	github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 // indirect
-	golang.org/x/mod v0.11.0 // indirect
+	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
+	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/text v0.10.0 // indirect
+	golang.org/x/text v0.9.0 // indirect
-	golang.org/x/tools v0.10.0 // indirect
+	golang.org/x/tools v0.8.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,9 +1,9 @@
-github.com/AdguardTeam/dnsproxy v0.50.3-0.20230628054307-31e374065768 h1:5Ia6wA+tqAlTyzuaOVGSlHmb0osLWXeJUs3NxCuC4gA=
+github.com/AdguardTeam/dnsproxy v0.49.1 h1:JpStBK05uCgA3ldleaNLRmIwE9V7vRg7/kVJQSdnQYg=
-github.com/AdguardTeam/dnsproxy v0.50.3-0.20230628054307-31e374065768/go.mod h1:CQhZTkqC8X0ID6glrtyaxgqRRdiYfn1gJulC1cZ5Dn8=
+github.com/AdguardTeam/dnsproxy v0.49.1/go.mod h1:Y7g7jRTd/u7+KJ/QvnGI2PCE8vnisp6EsW47/Sz0DZw=
 github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
-github.com/AdguardTeam/golibs v0.13.3 h1:RT3QbzThtaLiFLkIUDS6/hlGEXrh0zYvdf4bd7UWpGo=
+github.com/AdguardTeam/golibs v0.13.2 h1:BPASsyQKmb+b8VnvsNOHp7bKfcZl9Z+Z2UhPjOiupSc=
-github.com/AdguardTeam/golibs v0.13.3/go.mod h1:wkJ6EUsN4np/9Gp7+9QeooY9E2U2WCLJYAioLCzkHsI=
+github.com/AdguardTeam/golibs v0.13.2/go.mod h1:7ylQLv2Lqsc3UW3jHoITynYk6Y1tYtgEMkR09ppfsN8=
 github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU=
 github.com/AdguardTeam/urlfilter v0.16.1 h1:ZPi0rjqo8cQf2FVdzo6cqumNoHZx2KPXj2yZa1A5BBw=
 github.com/AdguardTeam/urlfilter v0.16.1/go.mod h1:46YZDOV1+qtdRDuhZKVPSSp7JWWes0KayqHrKAFBdEI=
@@ -31,9 +31,10 @@ github.com/digineo/go-ipset/v2 v2.2.1 h1:k6skY+0fMqeUjjeWO/m5OuWPSZUAn7AucHMnQ1M
 github.com/digineo/go-ipset/v2 v2.2.1/go.mod h1:wBsNzJlZlABHUITkesrggFnZQtgW5wkqw1uo8Qxe0VU=
 github.com/dimfeld/httptreemux/v5 v5.5.0 h1:p8jkiMrCuZ0CmhwYLcbNbl7DDo21fozhKHQ2PccwOFQ=
 github.com/dimfeld/httptreemux/v5 v5.5.0/go.mod h1:QeEylH57C0v3VO0tkKraVz9oD3Uu93CKPnTLbsidvSw=
 github.com/fanliao/go-promise v0.0.0-20141029170127-1890db352a72/go.mod h1:PjfxuH4FZdUyfMdtBio2lsRr1AKEaVPwelzuHuh8Lqc=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
 github.com/go-ole/go-ole v1.2.5 h1:t4MGB5xEDZvXI+0rMjjsfBsD7yAgp/s9ZDkL1JndXwY=
 github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-ping/ping v1.1.0 h1:3MCGhVX4fyEUuhsfwPrsEdQw6xspHkv5zHsiSoDFZYw=
@@ -44,59 +45,77 @@ github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
 github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
-github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs=
+github.com/google/pprof v0.0.0-20230406165453-00490a63f317 h1:hFhpt7CTmR3DX+b4R19ydQFtofxT0Sv3QsKNMVQYTMQ=
-github.com/google/pprof v0.0.0-20230602150820-91b7bce49751/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA=
+github.com/google/pprof v0.0.0-20230406165453-00490a63f317/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk=
 github.com/google/renameio v1.0.1 h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU=
 github.com/google/renameio v1.0.1/go.mod h1:t/HQoYBZSsWSNK35C6CO/TpPLDVWvxOHboWUAweKUpk=
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8CrSJVmaolDVOxTfS9kc36uB6H40kdbQq8=
-github.com/insomniacslk/dhcp v0.0.0-20230612134759-b20c9ba983df h1:pF1MMIzEJzJ/MyI4bXYXVYyN8CJgoQ2PPKT2z3O/Cl4=
+github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714/go.mod h1:2Goc3h8EklBH5mspfHFxBnEoURQCGzQQH1ga9Myjvis=
-github.com/insomniacslk/dhcp v0.0.0-20230612134759-b20c9ba983df/go.mod h1:7474bZ1YNCvarT6WFKie4kEET6J0KYRDC4XJqqXzQW4=
+github.com/insomniacslk/dhcp v0.0.0-20221215072855-de60144f33f8 h1:Z72DOke2yOK0Ms4Z2LK1E1OrRJXOxSj5DllTz2FYTRg=
 github.com/insomniacslk/dhcp v0.0.0-20221215072855-de60144f33f8/go.mod h1:m5WMe03WCvWcXjRnhvaAbAAXdCnu20J5P+mmH44ZzpE=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
 github.com/josharian/native v1.0.1-0.20221213033349-c1e37c09b531/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
 github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 h1:elKwZS1OcdQ0WwEDBeqxKwb7WB62QX8bvZ/FJnVXIfk=
 github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86/go.mod h1:aFAMtuldEgx/4q7iSGazk22+IcgvtiC+HIimFO9XlS8=
 github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw=
 github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4/go.mod h1:WGuG/smIU4J/54PblvSbh+xvCZmpJnFgr3ds6Z55XMQ=
 github.com/jsimonetti/rtnetlink v0.0.0-20201009170750-9c6f07d100c1/go.mod h1:hqoO/u39cqLeBLebZ8fWdE96O7FxrAsRYhnVOdgHxok=
 github.com/jsimonetti/rtnetlink v0.0.0-20201110080708-d2c240429e6c/go.mod h1:huN4d1phzjhlOsNIjFsw2SVRbwIHj3fJDMEU2SDPTmg=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/kardianos/service v1.2.2 h1:ZvePhAHfvo0A7Mftk/tEzqEZ7Q4lgnR8sGz4xu1YX60=
 github.com/kardianos/service v1.2.2/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/mdlayher/ethernet v0.0.0-20190606142754-0394541c37b7/go.mod h1:U6ZQobyTjI/tJyq2HG+i/dfSoFUt8/aZCM+GKtmFk/Y=
 github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118 h1:2oDp6OOhLxQ9JBoUuysVz9UZ9uI6oLUbvAZu0x8o+vE=
 github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118/go.mod h1:ZFUnHIVchZ9lJoWoEGUg8Q3M4U8aNNWA3CVSUTkW4og=
 github.com/mdlayher/netlink v0.0.0-20190313131330-258ea9dff42c/go.mod h1:eQB3mZE4aiYnlUsyGGCOpPETfdQq4Jhsgf1fk3cwQaA=
-github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g=
+github.com/mdlayher/netlink v0.0.0-20190409211403-11939a169225/go.mod h1:eQB3mZE4aiYnlUsyGGCOpPETfdQq4Jhsgf1fk3cwQaA=
-github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw=
+github.com/mdlayher/netlink v1.0.0/go.mod h1:KxeJAFOFLG6AjpyDkQ/iIhxygIUKD+vcwqcnu43w/+M=
 github.com/mdlayher/netlink v1.1.0/go.mod h1:H4WCitaheIsdF9yOYu8CFmCgQthAPIWZmcKp9uZHgmY=
 github.com/mdlayher/netlink v1.1.1/go.mod h1:WTYpFb/WTvlRJAyKhZL5/uy69TDDpHHu2VZmb2XgV7o=
 github.com/mdlayher/netlink v1.7.1 h1:FdUaT/e33HjEXagwELR8R3/KL1Fq5x3G5jgHLp/BTmg=
 github.com/mdlayher/netlink v1.7.1/go.mod h1:nKO5CSjE/DJjVhk/TNp6vCE1ktVxEA8VEh8drhZzxsQ=
 github.com/mdlayher/packet v1.0.0/go.mod h1:eE7/ctqDhoiRhQ44ko5JZU2zxB88g+JH/6jmnjzPjOU=
-github.com/mdlayher/packet v1.1.2 h1:3Up1NG6LZrsgDVn6X4L9Ge/iyRyxFEFD9o6Pr3Q1nQY=
+github.com/mdlayher/packet v1.1.1 h1:7Fv4OEMYqPl7//uBm04VgPpnSNi8fbBZznppgh6WMr8=
-github.com/mdlayher/packet v1.1.2/go.mod h1:GEu1+n9sG5VtiRE4SydOmX5GTwyyYlteZiFU+x0kew4=
+github.com/mdlayher/packet v1.1.1/go.mod h1:DRvYY5mH4M4lUqAnMg04E60U4fjUKMZ/4g2cHElZkKo=
 github.com/mdlayher/raw v0.0.0-20190606142536-fef19f00fc18/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg=
 github.com/mdlayher/raw v0.0.0-20191009151244-50f2db8cc065/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg=
 github.com/mdlayher/raw v0.1.0 h1:K4PFMVy+AFsp0Zdlrts7yNhxc/uXoPVHi9RzRvtZF2Y=
 github.com/mdlayher/raw v0.1.0/go.mod h1:yXnxvs6c0XoF/aK52/H5PjsVHmWBCFfZUfoh/Y5s9Sg=
 github.com/mdlayher/socket v0.2.1/go.mod h1:QLlNPkFR88mRUNQIzRBMfXxwKal8H7u1h3bL1CV+f0E=
-github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U=
+github.com/mdlayher/socket v0.4.0 h1:280wsy40IC9M9q1uPGcLBwXpcTQDtoGwVt+BNoITxIw=
-github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA=
+github.com/mdlayher/socket v0.4.0/go.mod h1:xxFqz5GRCUN3UEOm9CZqEJsAbe1C8OwSK46NlmWuVoc=
 github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
-github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
+github.com/miekg/dns v1.1.53 h1:ZBkuHr5dxHtB1caEOlZTLPo7D3L3TWckgUUs/RHfDxw=
-github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
+github.com/miekg/dns v1.1.53/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
+github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU=
-github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
+github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts=
-github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc=
+github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pierrec/lz4/v4 v4.1.14/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
-github.com/pierrec/lz4/v4 v4.1.18 h1:xaKrnTkyoqfh1YItXl56+6KJNVYWlEEPuAQW9xsplYQ=
+github.com/pierrec/lz4/v4 v4.1.17 h1:kV4Ip+/hUBC+8T6+2EgburRtkE9ef4nbY3f4dFhGjMc=
-github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
+github.com/pierrec/lz4/v4 v4.1.17/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -108,18 +127,24 @@ github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc8
 github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
 github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E=
 github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
-github.com/quic-go/quic-go v0.35.1 h1:b0kzj6b/cQAf05cT0CkQubHM31wiA+xH3IBkxP62poo=
+github.com/quic-go/quic-go v0.33.0 h1:ItNoTDN/Fm/zBlq769lLJc8ECe9gYaW40veHCCco7y0=
-github.com/quic-go/quic-go v0.35.1/go.mod h1:+4CVgVppm0FNjpG3UcX8Joi/frKOH7/ciD5yGcwOO1g=
+github.com/quic-go/quic-go v0.33.0/go.mod h1:YMuhaAV9/jIu0XclDXwZPAsP/2Kgr5yMYhe9oxhhOFA=
 github.com/shirou/gopsutil/v3 v3.21.8 h1:nKct+uP0TV8DjjNiHanKf8SAuub+GNsbrOtM9Nl9biA=
 github.com/shirou/gopsutil/v3 v3.21.8/go.mod h1:YWp/H8Qs5fVmf17v7JNZzA0mPJ+mS2e9JdiUF9LlKzQ=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/ti-mo/netfilter v0.2.0/go.mod h1:8GbBGsY/8fxtyIdfwy29JiluNcPK4K7wIT+x42ipqUU=
 github.com/ti-mo/netfilter v0.5.0 h1:MZmsUw5bFRecOb0AeyjOPxTHg4UxYzyEs0Ek/6Lxoy8=
 github.com/ti-mo/netfilter v0.5.0/go.mod h1:nt+8B9hx/QpqHr7Hazq+2qMCCA8u2OTkyc/7+U9ARz8=
@@ -127,6 +152,7 @@ github.com/tklauser/go-sysconf v0.3.9 h1:JeUVdAOWhhxVcU6Eqr/ATFHgXk/mmiItdKeJPev
 github.com/tklauser/go-sysconf v0.3.9/go.mod h1:11DU/5sG7UexIrp/O6g35hrWzu0JxlwQ3LSFUzyeuhs=
 github.com/tklauser/numcpus v0.3.0 h1:ILuRUQBtssgnxw0XXIjKUC56fgnOrFoQQ/4+DeU2biQ=
 github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcyE6boqnA8=
 github.com/u-root/uio v0.0.0-20221213070652-c3537552635f/go.mod h1:IogEAUBXDEwX7oR/BMmCctShYs80ql4hF0ySdzGxf7E=
 github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 h1:YcojQL98T/OO+rybuzn2+5KrD5dBwXIvYBvQ2cD3Avg=
 github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63/go.mod h1:eLL9Nub3yfAho7qB0MzZizFhTU2QkLeoVsWdHtDW264=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
@@ -134,36 +160,52 @@ go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
 go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
+golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
-golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df h1:UA2aFVmmsIlefxMk29Dp2juaUSth8Pyn3Tq5Y5mJGME=
+golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
-golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
+golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
+golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
-golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190419010253-1f3472d942ba/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210929193557-e81a3d93ecf6/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU=
+golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
-golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190322080309-f49334f85ddc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190411185658-b44545bcd369/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190418153312-f0ce4c0180be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606122018-79a91cf218c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -177,22 +219,23 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
+golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
-golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58=
+golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg=
+golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
-golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM=
+golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/internal/aghnet/dhcp_unix.go
+++ b/internal/aghnet/dhcp_unix.go
@@ -304,7 +304,7 @@ func tryConn6(req *dhcpv6.Message, c net.PacketConn) (ok, next bool, err error)
 	if !(response.Type() == dhcpv6.MessageTypeAdvertise &&
 		msg.TransactionID == req.TransactionID &&
 		rcid != nil &&
-		cid.Equal(rcid)) {
+		cid.Equal(*rcid)) {
 		log.Debug("dhcpv6: received message from server doesn't match our request")
--- a/internal/aghnet/interfaces_windows.go
+++ b/internal/aghnet/interfaces_windows.go
@@ -0,0 +1,17 @@
 //go:build windows
 package aghnet
 import (
 	"net"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 )
 // listenPacketReusable announces on the local network address additionally
 // configuring the socket to have a reusable binding.
 func listenPacketReusable(_, _, _ string) (c net.PacketConn, err error) {
 	// TODO(e.burkov):  Check if we are able to control sockets on Windows
 	// in the same way as on Unix.
 	return nil, aghos.Unsupported("listening packet reusable")
 }
--- a/internal/dhcpd/README.md
+++ b/internal/dhcpd/README.md
@@ -1,60 +1,46 @@
- #  Testing DHCP Server
+# DHCP server
 Contents:
 * [Test setup with Virtual Box](#vbox)
 *  [Quick test with DHCPTest](#dhcptest)
-##  <a href="#vbox" id="vbox" name="vbox">Test setup with Virtual Box</a>
+<a id="vbox"></a>
 ## Test setup with Virtual Box
-   ### Prerequisites
+To set up a test environment for DHCP server you need:
-To set up a test environment for DHCP server you will need:
+* Linux host machine
 * Virtual Box
 * Virtual machine (guest OS doesn't matter)
- *  Linux AG Home host machine (Virtual).
+### Configure client
 *  Virtual Box.
 *  Virtual machine (guest OS doesn't matter).
-   ### Configure Virtual Box
+1. Install Virtual Box and run the following command to create a Host-Only network:
 1.  Install Virtual Box and run the following command to create a Host-Only 
     network:
     ```sh
        $ VBoxManage hostonlyif create
     ```
    You can check its status by `ip a` command.
    You can also set up Host-Only network using Virtual Box menu:
     ```
        File -> Host Network Manager...
     ```
 2. Create your virtual machine and set up its network:
     ```
        VM Settings -> Network -> Host-only Adapter
     ```
- 3.  Start your VM, install an OS.  Configure your network interface to use
+3. Start your VM, install an OS.  Configure your network interface to use DHCP and the OS should ask for a IP address from our DHCP server.
     DHCP and the OS should ask for a IP address from our DHCP server.
- 4.  To see the current IP addresses on client OS you can use `ip a` command on
+4. To see the current IP address on client OS you can use `ip a` command on Linux or `ipconfig` on Windows.
     Linux or `ipconfig` on Windows.
- 5.  To force the client OS to request an IP from DHCP server again, you can
+5. To force the client OS to request an IP from DHCP server again, you can use `dhclient` on Linux or `ipconfig /release` on Windows.
     use `dhclient` on Linux or `ipconfig /release` on Windows.
 ### Configure server
- 1.  Edit server configuration file `AdGuardHome.yaml`, for example:
+1. Edit server configuration file 'AdGuardHome.yaml', for example:
     ```yaml
        dhcp:
          enabled: true
          interface_name: vboxnet0
          local_domain_name: lan
          dhcpv4:
            gateway_ip: 192.168.56.1
            subnet_mask: 255.255.255.0
@@ -68,29 +54,11 @@ To set up a test environment for DHCP server you will need:
            lease_duration: 86400
            ra_slaac_only: false
            ra_allow_slaac: false
     ```
 2. Start the server
-     ```sh
+        ./AdGuardHome
     ./AdGuardHome -v
     ```
    There should be a message in log which shows that DHCP server is ready:
     ```
        [info] DHCP: listening on 0.0.0.0:67
     ```
 ##  <a href="#dhcptest" id="dhcptest" name="dhcptest">Quick test with DHCPTest utility</a>
   ### Prerequisites
 *  [DHCP test utility][dhcptest-gh].
   ### Quick test
 The DHCP server could be tested for DISCOVER-OFFER packets with in
 interactive mode.
 [dhcptest-gh]: https://github.com/CyberShadow/dhcptest
--- a/internal/dhcpd/bitset.go
+++ b/internal/dhcpd/bitset.go
@@ -25,8 +25,11 @@ func (s *bitSet) isSet(n uint64) (ok bool) {
 	var word uint64
 	word, ok = s.words[wordIdx]
 	if !ok {
 		return false
 	}
-	return ok && word&(1<<bitIdx) != 0
+	return word&(1<<bitIdx) != 0
 }
 // set sets or unsets a bit.
--- a/internal/dhcpd/conn_darwin.go
+++ b/internal/dhcpd/conn_darwin.go
@@ -1,4 +1,4 @@
-//go:build darwin || freebsd || openbsd
+//go:build darwin
 package dhcpd
@@ -249,30 +249,31 @@ func (c *dhcpConn) buildEtherPkt(payload []byte, peer *dhcpUnicastAddr) (pkt []b
 func (s *v4Server) send(peer net.Addr, conn net.PacketConn, req, resp *dhcpv4.DHCPv4) {
 	switch giaddr, ciaddr, mtype := req.GatewayIPAddr, req.ClientIPAddr, resp.MessageType(); {
 	case giaddr != nil && !giaddr.IsUnspecified():
-		// Send any return messages to the server port on the BOOTP relay agent
+		// Send any return messages to the server port on the BOOTP
-		// whose address appears in giaddr.
+		// relay agent whose address appears in giaddr.
 		peer = &net.UDPAddr{
 			IP:   giaddr,
 			Port: dhcpv4.ServerPort,
 		}
 		if mtype == dhcpv4.MessageTypeNak {
 			// Set the broadcast bit in the DHCPNAK, so that the relay agent
-			// broadcasts it to the client, because the client may not have a
+			// broadcasts it to the client, because the client may not have
-			// correct network address or subnet mask, and the client may not be
+			// a correct network address or subnet mask, and the client may not
-			// answering ARP requests.
+			// be answering ARP requests.
 			resp.SetBroadcast()
 		}
 	case mtype == dhcpv4.MessageTypeNak:
 		// Broadcast any DHCPNAK messages to 0xffffffff.
 	case ciaddr != nil && !ciaddr.IsUnspecified():
-		// Unicast DHCPOFFER and DHCPACK messages to the address in ciaddr.
+		// Unicast DHCPOFFER and DHCPACK messages to the address in
 		// ciaddr.
 		peer = &net.UDPAddr{
 			IP:   ciaddr,
 			Port: dhcpv4.ClientPort,
 		}
 	case !req.IsBroadcast() && req.ClientHWAddr != nil:
-		// Unicast DHCPOFFER and DHCPACK messages to the client's hardware
+		// Unicast DHCPOFFER and DHCPACK messages to the client's
-		// address and yiaddr.
+		// hardware address and yiaddr.
 		peer = &dhcpUnicastAddr{
 			Addr:   raw.Addr{HardwareAddr: req.ClientHWAddr},
 			yiaddr: resp.YourIPAddr,
--- a/internal/dhcpd/conn_darwin_internal_test.go
+++ b/internal/dhcpd/conn_darwin_internal_test.go
@@ -1,4 +1,4 @@
-//go:build darwin || freebsd || openbsd
+//go:build darwin
 package dhcpd
--- a/internal/dhcpd/conn_linux.go
+++ b/internal/dhcpd/conn_linux.go
@@ -1,4 +1,4 @@
-//go:build linux
+//go:build freebsd || linux || openbsd
 package dhcpd
@@ -247,30 +247,31 @@ func (c *dhcpConn) buildEtherPkt(payload []byte, peer *dhcpUnicastAddr) (pkt []b
 func (s *v4Server) send(peer net.Addr, conn net.PacketConn, req, resp *dhcpv4.DHCPv4) {
 	switch giaddr, ciaddr, mtype := req.GatewayIPAddr, req.ClientIPAddr, resp.MessageType(); {
 	case giaddr != nil && !giaddr.IsUnspecified():
-		// Send any return messages to the server port on the BOOTP relay agent
+		// Send any return messages to the server port on the BOOTP
-		// whose address appears in giaddr.
+		// relay agent whose address appears in giaddr.
 		peer = &net.UDPAddr{
 			IP:   giaddr,
 			Port: dhcpv4.ServerPort,
 		}
 		if mtype == dhcpv4.MessageTypeNak {
 			// Set the broadcast bit in the DHCPNAK, so that the relay agent
-			// broadcasts it to the client, because the client may not have a
+			// broadcasts it to the client, because the client may not have
-			// correct network address or subnet mask, and the client may not be
+			// a correct network address or subnet mask, and the client may not
-			// answering ARP requests.
+			// be answering ARP requests.
 			resp.SetBroadcast()
 		}
 	case mtype == dhcpv4.MessageTypeNak:
 		// Broadcast any DHCPNAK messages to 0xffffffff.
 	case ciaddr != nil && !ciaddr.IsUnspecified():
-		// Unicast DHCPOFFER and DHCPACK messages to the address in ciaddr.
+		// Unicast DHCPOFFER and DHCPACK messages to the address in
 		// ciaddr.
 		peer = &net.UDPAddr{
 			IP:   ciaddr,
 			Port: dhcpv4.ClientPort,
 		}
 	case !req.IsBroadcast() && req.ClientHWAddr != nil:
-		// Unicast DHCPOFFER and DHCPACK messages to the client's hardware
+		// Unicast DHCPOFFER and DHCPACK messages to the client's
-		// address and yiaddr.
+		// hardware address and yiaddr.
 		peer = &dhcpUnicastAddr{
 			Addr:   packet.Addr{HardwareAddr: req.ClientHWAddr},
 			yiaddr: resp.YourIPAddr,
--- a/internal/dhcpd/conn_linux_internal_test.go
+++ b/internal/dhcpd/conn_linux_internal_test.go
@@ -1,4 +1,4 @@
-//go:build linux
+//go:build freebsd || linux || openbsd
 package dhcpd
--- a/internal/dhcpd/dhcpd.go
+++ b/internal/dhcpd/dhcpd.go
@@ -28,9 +28,8 @@ const (
 	defaultBackoff     time.Duration = 500 * time.Millisecond
 )
-// Lease contains the necessary information about a DHCP lease.  It's used as is
+// Lease contains the necessary information about a DHCP lease.  It's used in
-// in the database, so don't change it until it's absolutely necessary, see
+// various places.  So don't change it without good reason.
 // [dataVersion].
 type Lease struct {
 	// Expiry is the expiration time of the lease.
 	Expiry time.Time `json:"expires"`
@@ -42,6 +41,8 @@ type Lease struct {
 	HWAddr net.HardwareAddr `json:"mac"`
 	// IP is the IP address leased to the client.
 	//
 	// TODO(a.garipov): Migrate leases.db.
 	IP netip.Addr `json:"ip"`
 	// IsStatic defines if the lease is static.
@@ -238,16 +239,36 @@ func Create(conf *ServerConfig) (s *server, err error) {
 	// [aghhttp.RegisterFunc].
 	s.registerHandlers()
-	v4Enabled, v6Enabled, err := s.setServers(conf)
+	v4conf := conf.Conf4
 	v4conf.InterfaceName = s.conf.InterfaceName
 	v4conf.notify = s.onNotify
 	v4conf.Enabled = s.conf.Enabled && v4conf.RangeStart.IsValid()
 	s.srv4, err = v4Create(&v4conf)
 	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
+		if v4conf.Enabled {
-		return nil, err
+			return nil, fmt.Errorf("creating dhcpv4 srv: %w", err)
 		}
 		log.Debug("dhcpd: warning: creating dhcpv4 srv: %s", err)
 	}
 	v6conf := conf.Conf6
 	v6conf.Enabled = s.conf.Enabled
 	if len(v6conf.RangeStart) == 0 {
 		v6conf.Enabled = false
 	}
 	v6conf.InterfaceName = s.conf.InterfaceName
 	v6conf.notify = s.onNotify
 	s.srv6, err = v6Create(v6conf)
 	if err != nil {
 		return nil, fmt.Errorf("creating dhcpv6 srv: %w", err)
 	}
 	s.conf.Conf4 = conf.Conf4
 	s.conf.Conf6 = conf.Conf6
-	if s.conf.Enabled && !v4Enabled && !v6Enabled {
+	if s.conf.Enabled && !v4conf.Enabled && !v6conf.Enabled {
 		return nil, fmt.Errorf("neither dhcpv4 nor dhcpv6 srv is configured")
 	}
@@ -268,39 +289,6 @@ func Create(conf *ServerConfig) (s *server, err error) {
 	return s, nil
 }
 // setServers updates DHCPv4 and DHCPv6 servers created from the provided
 // configuration conf.
 func (s *server) setServers(conf *ServerConfig) (v4Enabled, v6Enabled bool, err error) {
 	v4conf := conf.Conf4
 	v4conf.InterfaceName = s.conf.InterfaceName
 	v4conf.notify = s.onNotify
 	v4conf.Enabled = s.conf.Enabled && v4conf.RangeStart.IsValid()
 	s.srv4, err = v4Create(&v4conf)
 	if err != nil {
 		if v4conf.Enabled {
 			return true, false, fmt.Errorf("creating dhcpv4 srv: %w", err)
 		}
 		log.Debug("dhcpd: warning: creating dhcpv4 srv: %s", err)
 	}
 	v6conf := conf.Conf6
 	v6conf.InterfaceName = s.conf.InterfaceName
 	v6conf.notify = s.onNotify
 	v6conf.Enabled = s.conf.Enabled
 	if len(v6conf.RangeStart) == 0 {
 		v6conf.Enabled = false
 	}
 	s.srv6, err = v6Create(v6conf)
 	if err != nil {
 		return v4conf.Enabled, v6conf.Enabled, fmt.Errorf("creating dhcpv6 srv: %w", err)
 	}
 	return v4conf.Enabled, v6conf.Enabled, nil
 }
 // Enabled returns true when the server is enabled.
 func (s *server) Enabled() (ok bool) {
 	return s.conf.Enabled
--- a/internal/dhcpd/http_unix.go
+++ b/internal/dhcpd/http_unix.go
@@ -16,7 +16,6 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
 )
 type v4ServerConfJSON struct {
@@ -264,28 +263,6 @@ func (s *server) handleDHCPSetConfigV6(
 	return srv6, enabled, err
 }
 // createServers returns DHCPv4 and DHCPv6 servers created from the provided
 // configuration conf.
 func (s *server) createServers(conf *dhcpServerConfigJSON) (srv4, srv6 DHCPServer, err error) {
 	srv4, v4Enabled, err := s.handleDHCPSetConfigV4(conf)
 	if err != nil {
 		return nil, nil, fmt.Errorf("bad dhcpv4 configuration: %s", err)
 	}
 	srv6, v6Enabled, err := s.handleDHCPSetConfigV6(conf)
 	if err != nil {
 		return nil, nil, fmt.Errorf("bad dhcpv6 configuration: %s", err)
 	}
 	if conf.Enabled == aghalg.NBTrue && !v4Enabled && !v6Enabled {
 		return nil, nil, fmt.Errorf("dhcpv4 or dhcpv6 configuration must be complete")
 	}
 	return srv4, srv6, nil
 }
 // handleDHCPSetConfig is the handler for the POST /control/dhcp/set_config
 // HTTP API.
 func (s *server) handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
 	conf := &dhcpServerConfigJSON{}
 	conf.Enabled = aghalg.BoolToNullBool(s.conf.Enabled)
@@ -298,9 +275,22 @@ func (s *server) handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	srv4, srv6, err := s.createServers(conf)
+	srv4, v4Enabled, err := s.handleDHCPSetConfigV4(conf)
 	if err != nil {
-		aghhttp.Error(r, w, http.StatusBadRequest, "%s", err)
+		aghhttp.Error(r, w, http.StatusBadRequest, "bad dhcpv4 configuration: %s", err)
 		return
 	}
 	srv6, v6Enabled, err := s.handleDHCPSetConfigV6(conf)
 	if err != nil {
 		aghhttp.Error(r, w, http.StatusBadRequest, "bad dhcpv6 configuration: %s", err)
 		return
 	}
 	if conf.Enabled == aghalg.NBTrue && !v4Enabled && !v6Enabled {
 		aghhttp.Error(r, w, http.StatusBadRequest, "dhcpv4 or dhcpv6 configuration must be complete")
 		return
 	}
@@ -360,10 +350,10 @@ type netInterfaceJSON struct {
 	Addrs6       []netip.Addr `json:"ipv6_addresses"`
 }
-// handleDHCPInterfaces is the handler for the GET /control/dhcp/interfaces
+// handleDHCPInterfaces is the handler for the GET /control/dhcp/interfaces HTTP
-// HTTP API.
+// API.
 func (s *server) handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
-	resp := map[string]*netInterfaceJSON{}
+	resp := map[string]netInterfaceJSON{}
 	ifaces, err := net.Interfaces()
 	if err != nil {
@@ -374,86 +364,73 @@ func (s *server) handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
 	for _, iface := range ifaces {
 		if iface.Flags&net.FlagLoopback != 0 {
-			// It's a loopback, skip it.
+			// it's a loopback, skip it
 			continue
 		}
 		if iface.Flags&net.FlagBroadcast == 0 {
-			// This interface doesn't support broadcast, skip it.
+			// this interface doesn't support broadcast, skip it
 			continue
 		}
-		jsonIface, iErr := newNetInterfaceJSON(iface)
+		var addrs []net.Addr
-		if iErr != nil {
+		addrs, err = iface.Addrs()
-			aghhttp.Error(r, w, http.StatusInternalServerError, "%s", iErr)
+		if err != nil {
 			aghhttp.Error(
 				r,
 				w,
 				http.StatusInternalServerError,
 				"Failed to get addresses for interface %s: %s",
 				iface.Name,
 				err,
 			)
 			return
 		}
-		if jsonIface != nil {
+		jsonIface := netInterfaceJSON{
 			resp[iface.Name] = jsonIface
 		}
 	}
 	_ = aghhttp.WriteJSONResponse(w, r, resp)
 }
 // newNetInterfaceJSON creates a JSON object from a [net.Interface] iface.
 func newNetInterfaceJSON(iface net.Interface) (out *netInterfaceJSON, err error) {
 	addrs, err := iface.Addrs()
 	if err != nil {
 		return nil, fmt.Errorf(
 			"failed to get addresses for interface %s: %s",
 			iface.Name,
 			err,
 		)
 	}
 	out = &netInterfaceJSON{
 			Name:         iface.Name,
 			HardwareAddr: iface.HardwareAddr.String(),
 		}
 		if iface.Flags != 0 {
-		out.Flags = iface.Flags.String()
+			jsonIface.Flags = iface.Flags.String()
 		}
-
+		// we don't want link-local addresses in json, so skip them
 	// We don't want link-local addresses in JSON, so skip them.
 		for _, addr := range addrs {
-		ipNet, ok := addr.(*net.IPNet)
+			ipnet, ok := addr.(*net.IPNet)
 			if !ok {
-			// Not an IPNet, should not happen.
+				// not an IPNet, should not happen
-			return nil, fmt.Errorf("got iface.Addrs() element %[1]s that is not"+
+				aghhttp.Error(
-				" net.IPNet, it is %[1]T", addr)
+					r,
-		}
+					w,
 					http.StatusInternalServerError,
 					"got iface.Addrs() element %[1]s that is not net.IPNet, it is %[1]T",
 					addr)
-		// Ignore link-local.
+				return
 			}
 			// ignore link-local
 			//
 			// TODO(e.burkov):  Try to listen DHCP on LLA as well.
-		if ipNet.IP.IsLinkLocalUnicast() {
+			if ipnet.IP.IsLinkLocalUnicast() {
 				continue
 			}
-		vAddr, iErr := netutil.IPToAddrNoMapped(ipNet.IP)
+			if ip4 := ipnet.IP.To4(); ip4 != nil {
-		if iErr != nil {
+				addr := netip.AddrFrom4(*(*[4]byte)(ip4))
-			// Not an IPNet, should not happen.
+				jsonIface.Addrs4 = append(jsonIface.Addrs4, addr)
 			return nil, fmt.Errorf("failed to convert IP address %[1]s: %w", addr, iErr)
 		}
 		if vAddr.Is4() {
 			out.Addrs4 = append(out.Addrs4, vAddr)
 			} else {
-			out.Addrs6 = append(out.Addrs6, vAddr)
+				addr := netip.AddrFrom16(*(*[16]byte)(ipnet.IP))
 				jsonIface.Addrs6 = append(jsonIface.Addrs6, addr)
 			}
 		}
 		if len(jsonIface.Addrs4)+len(jsonIface.Addrs6) != 0 {
 			jsonIface.GatewayIP = aghnet.GatewayIP(iface.Name)
 			resp[iface.Name] = jsonIface
 		}
 	}
-	if len(out.Addrs4)+len(out.Addrs6) == 0 {
+	_ = aghhttp.WriteJSONResponse(w, r, resp)
 		return nil, nil
 	}
 	out.GatewayIP = aghnet.GatewayIP(iface.Name)
 	return out, nil
 }
 // dhcpSearchOtherResult contains information about other DHCP server for
--- a/internal/dhcpd/os_windows.go
+++ b/internal/dhcpd/os_windows.go
@@ -0,0 +1,15 @@
 //go:build windows
 package dhcpd
 import (
 	"net"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"golang.org/x/net/ipv4"
 )
 // Create a socket for receiving broadcast packets
 func newBroadcastPacketConn(_ net.IP, _ int, _ string) (*ipv4.PacketConn, error) {
 	return nil, aghos.Unsupported("newBroadcastPacketConn")
 }
--- a/internal/dhcpd/routeradv.go
+++ b/internal/dhcpd/routeradv.go
@@ -7,7 +7,6 @@ import (
 	"sync/atomic"
 	"time"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
 	"golang.org/x/net/icmp"
@@ -196,15 +195,16 @@ func createICMPv6RAPacket(params icmpv6RA) (data []byte, err error) {
 	return data, nil
 }
-// Init initializes RA module.
+// Init - initialize RA module
 func (ra *raCtx) Init() (err error) {
 	ra.stop.Store(0)
 	ra.conn = nil
-	if !ra.raAllowSLAAC && !ra.raSLAACOnly {
+	if !(ra.raAllowSLAAC || ra.raSLAACOnly) {
 		return nil
 	}
-	log.Debug("dhcpv6 ra: source IP address: %s  DNS IP address: %s", ra.ipAddr, ra.dnsIPAddr)
+	log.Debug("dhcpv6 ra: source IP address: %s  DNS IP address: %s",
 		ra.ipAddr, ra.dnsIPAddr)
 	params := icmpv6RA{
 		managedAddressConfiguration: !ra.raSLAACOnly,
@@ -223,15 +223,18 @@ func (ra *raCtx) Init() (err error) {
 		return fmt.Errorf("creating packet: %w", err)
 	}
 	success := false
 	ipAndScope := ra.ipAddr.String() + "%" + ra.ifaceName
 	ra.conn, err = icmp.ListenPacket("ip6:ipv6-icmp", ipAndScope)
 	if err != nil {
 		return fmt.Errorf("dhcpv6 ra: icmp.ListenPacket: %w", err)
 	}
 	defer func() {
-		if err != nil {
+		if !success {
-			err = errors.WithDeferred(err, ra.Close())
+			derr := ra.Close()
 			if derr != nil {
 				log.Error("closing context: %s", derr)
 			}
 		}
 	}()
@@ -266,6 +269,7 @@ func (ra *raCtx) Init() (err error) {
 		log.Debug("dhcpv6 ra: loop exit")
 	}()
 	success = true
 	return nil
 }
--- a/internal/dhcpd/v4_unix.go
+++ b/internal/dhcpd/v4_unix.go
@@ -342,8 +342,8 @@ func (s *v4Server) rmLease(lease *Lease) (err error) {
 // server to be configured and it's not.
 const ErrUnconfigured errors.Error = "server is unconfigured"
-// AddStaticLease implements the DHCPServer interface for *v4Server.  It is
+// AddStaticLease implements the DHCPServer interface for *v4Server.  It is safe
-// safe for concurrent use.
+// for concurrent use.
 func (s *v4Server) AddStaticLease(l *Lease) (err error) {
 	defer func() { err = errors.Annotate(err, "dhcpv4: adding static lease: %w") }()
@@ -354,23 +354,21 @@ func (s *v4Server) AddStaticLease(l *Lease) (err error) {
 	l.IP = l.IP.Unmap()
 	if !l.IP.Is4() {
-		return fmt.Errorf("invalid IP %q: only IPv4 is supported", l.IP)
+		return fmt.Errorf("invalid ip %q, only ipv4 is supported", l.IP)
 	} else if gwIP := s.conf.GatewayIP; gwIP == l.IP {
-		return fmt.Errorf("can't assign the gateway IP %q to the lease", gwIP)
+		return fmt.Errorf("can't assign the gateway IP %s to the lease", gwIP)
 	}
 	l.IsStatic = true
 	err = netutil.ValidateMAC(l.HWAddr)
 	if err != nil {
 		// Don't wrap the error, because it's informative enough as is.
 		return err
 	}
 	if hostname := l.Hostname; hostname != "" {
 		hostname, err = normalizeHostname(hostname)
 		if err != nil {
 			// Don't wrap the error, because it's informative enough as is.
 			return err
 		}
@@ -388,33 +386,37 @@ func (s *v4Server) AddStaticLease(l *Lease) (err error) {
 		l.Hostname = hostname
 	}
-	err = s.updateStaticLease(l)
+	// Perform the following actions in an anonymous function to make sure
-	if err != nil {
+	// that the lock gets unlocked before the notification step.
-		// Don't wrap the error, because it's informative enough as is.
+	func() {
 		return err
 	}
 	s.conf.notify(LeaseChangedDBStore)
 	s.conf.notify(LeaseChangedAddedStatic)
 	return nil
 }
 // updateStaticLease safe removes dynamic lease with the same properties and
 // then adds a static lease l.
 func (s *v4Server) updateStaticLease(l *Lease) (err error) {
 		s.leasesLock.Lock()
 		defer s.leasesLock.Unlock()
 		err = s.rmDynamicLease(l)
 		if err != nil {
-		return fmt.Errorf("removing dynamic leases for %s (%s): %w", l.IP, l.HWAddr, err)
+			err = fmt.Errorf(
 				"removing dynamic leases for %s (%s): %w",
 				l.IP,
 				l.HWAddr,
 				err,
 			)
 			return
 		}
 		err = s.addLease(l)
 		if err != nil {
-		return fmt.Errorf("adding static lease for %s (%s): %w", l.IP, l.HWAddr, err)
+			err = fmt.Errorf("adding static lease for %s (%s): %w", l.IP, l.HWAddr, err)
 			return
 		}
 	}()
 	if err != nil {
 		return err
 	}
 	s.conf.notify(LeaseChangedDBStore)
 	s.conf.notify(LeaseChangedAddedStatic)
 	return nil
 }
@@ -892,9 +894,24 @@ func (s *v4Server) handleDecline(req, resp *dhcpv4.DHCPv4) (err error) {
 		reqIP = req.ClientIPAddr
 	}
-	oldLease := s.findLeaseForIP(reqIP, mac)
+	netIP, ok := netip.AddrFromSlice(reqIP)
 	if !ok {
 		log.Info("dhcpv4: invalid IP: %s", reqIP)
 		return nil
 	}
 	var oldLease *Lease
 	for _, l := range s.leases {
 		if bytes.Equal(l.HWAddr, mac) && l.IP == netIP {
 			oldLease = l
 			break
 		}
 	}
 	if oldLease == nil {
-		log.Info("dhcpv4: lease with IP %s for %s not found", reqIP, mac)
+		log.Info("dhcpv4: lease with ip %s for %s not found", reqIP, mac)
 		return nil
 	}
@@ -908,7 +925,7 @@ func (s *v4Server) handleDecline(req, resp *dhcpv4.DHCPv4) (err error) {
 	if err != nil {
 		return fmt.Errorf("allocating new lease for %s: %w", mac, err)
 	} else if newLease == nil {
-		log.Info("dhcpv4: allocating new lease for %s: no more IP addresses", mac)
+		log.Info("dhcpv4: allocating new lease for %s: no more ip addresses", mac)
 		resp.YourIPAddr = make([]byte, 4)
 		resp.UpdateOption(dhcpv4.OptMessageType(dhcpv4.MessageTypeAck))
@@ -924,32 +941,15 @@ func (s *v4Server) handleDecline(req, resp *dhcpv4.DHCPv4) (err error) {
 		return fmt.Errorf("adding new lease for %s: %w", mac, err)
 	}
-	log.Info("dhcpv4: changed IP from %s to %s for %s", reqIP, newLease.IP, mac)
+	log.Info("dhcpv4: changed ip from %s to %s for %s", reqIP, newLease.IP, mac)
 	resp.YourIPAddr = net.IP(newLease.IP.AsSlice())
 	resp.YourIPAddr = newLease.IP.AsSlice()
 	resp.UpdateOption(dhcpv4.OptMessageType(dhcpv4.MessageTypeAck))
 	return nil
 }
 // findLeaseForIP returns a lease for provided ip and mac.
 func (s *v4Server) findLeaseForIP(ip net.IP, mac net.HardwareAddr) (l *Lease) {
 	netIP, ok := netip.AddrFromSlice(ip)
 	if !ok {
 		log.Info("dhcpv4: invalid IP: %s", ip)
 		return nil
 	}
 	for _, il := range s.leases {
 		if bytes.Equal(il.HWAddr, mac) && il.IP == netIP {
 			return il
 		}
 	}
 	return nil
 }
 // handleRelease is the handler for the DHCP Release request.
 func (s *v4Server) handleRelease(req, resp *dhcpv4.DHCPv4) (err error) {
 	mac := req.ClientHWAddr
@@ -995,80 +995,11 @@ func (s *v4Server) handleRelease(req, resp *dhcpv4.DHCPv4) (err error) {
 	return nil
 }
-// messageHandler describes a DHCPv4 message handler function.
+// Find a lease associated with MAC and prepare response
-type messageHandler func(s *v4Server, req, resp *dhcpv4.DHCPv4) (rCode int, l *Lease, err error)
+// Return 1: OK
-
+// Return 0: error; reply with Nak
-// messageHandlers is a map of handlers for various messages with message types
+// Return -1: error; don't reply
-// keys.
+func (s *v4Server) handle(req, resp *dhcpv4.DHCPv4) int {
 var messageHandlers = map[dhcpv4.MessageType]messageHandler{
 	dhcpv4.MessageTypeDiscover: func(
 		s *v4Server,
 		req *dhcpv4.DHCPv4,
 		resp *dhcpv4.DHCPv4,
 	) (rCode int, l *Lease, err error) {
 		l, err = s.handleDiscover(req, resp)
 		if err != nil {
 			return 0, nil, fmt.Errorf("handling discover: %s", err)
 		}
 		if l == nil {
 			return 0, nil, nil
 		}
 		return 1, l, nil
 	},
 	dhcpv4.MessageTypeRequest: func(
 		s *v4Server,
 		req *dhcpv4.DHCPv4,
 		resp *dhcpv4.DHCPv4,
 	) (rCode int, l *Lease, err error) {
 		var toReply bool
 		l, toReply = s.handleRequest(req, resp)
 		if l == nil {
 			if toReply {
 				return 0, nil, nil
 			}
 			// Drop the packet.
 			return -1, nil, nil
 		}
 		return 1, l, nil
 	},
 	dhcpv4.MessageTypeDecline: func(
 		s *v4Server,
 		req *dhcpv4.DHCPv4,
 		resp *dhcpv4.DHCPv4,
 	) (rCode int, l *Lease, err error) {
 		err = s.handleDecline(req, resp)
 		if err != nil {
 			return 0, nil, fmt.Errorf("handling decline: %s", err)
 		}
 		return 1, nil, nil
 	},
 	dhcpv4.MessageTypeRelease: func(
 		s *v4Server,
 		req *dhcpv4.DHCPv4,
 		resp *dhcpv4.DHCPv4,
 	) (rCode int, l *Lease, err error) {
 		err = s.handleRelease(req, resp)
 		if err != nil {
 			return 0, nil, fmt.Errorf("handling release: %s", err)
 		}
 		return 1, nil, nil
 	},
 }
 // handle processes request, it finds a lease associated with MAC address and
 // prepares response.
 //
 // Possible return values are:
 //   - "1": OK,
 //   - "0": error, reply with Nak,
 //   - "-1": error, don't reply.
 func (s *v4Server) handle(req, resp *dhcpv4.DHCPv4) (rCode int) {
 	var err error
 	// Include server's identifier option since any reply should contain it.
@@ -1076,26 +1007,47 @@ func (s *v4Server) handle(req, resp *dhcpv4.DHCPv4) (rCode int) {
 	// See https://datatracker.ietf.org/doc/html/rfc2131#page-29.
 	resp.UpdateOption(dhcpv4.OptServerIdentifier(s.conf.dnsIPAddrs[0].AsSlice()))
-	handler := messageHandlers[req.MessageType()]
+	// TODO(a.garipov): Refactor this into handlers.
-	if handler == nil {
+	var l *Lease
-		s.updateOptions(req, resp)
+	switch mt := req.MessageType(); mt {
-
+	case dhcpv4.MessageTypeDiscover:
-		return 1
+		l, err = s.handleDiscover(req, resp)
 	}
 	rCode, l, err := handler(s, req, resp)
 		if err != nil {
-		log.Error("dhcpv4: %s", err)
+			log.Error("dhcpv4: handling discover: %s", err)
 			return 0
 		}
-	if rCode != 1 {
+		if l == nil {
-		return rCode
+			return 0
 		}
 	case dhcpv4.MessageTypeRequest:
 		var toReply bool
 		l, toReply = s.handleRequest(req, resp)
 		if l == nil {
 			if toReply {
 				return 0
 			}
 			return -1 // drop packet
 		}
 	case dhcpv4.MessageTypeDecline:
 		err = s.handleDecline(req, resp)
 		if err != nil {
 			log.Error("dhcpv4: handling decline: %s", err)
 			return 0
 		}
 	case dhcpv4.MessageTypeRelease:
 		err = s.handleRelease(req, resp)
 		if err != nil {
 			log.Error("dhcpv4: handling release: %s", err)
 			return 0
 		}
 	}
 	if l != nil {
-		resp.YourIPAddr = l.IP.AsSlice()
+		resp.YourIPAddr = net.IP(l.IP.AsSlice())
 	}
 	s.updateOptions(req, resp)
@@ -1210,8 +1162,23 @@ func (s *v4Server) Start() (err error) {
 		// No available IP addresses which may appear later.
 		return nil
 	}
 	// Update the value of Domain Name Server option separately from others if
 	// not assigned yet since its value is available only at server's start.
 	//
 	// TODO(e.burkov):  Initialize as implicit option with the rest of default
 	// options when it will be possible to do before the call to Start.
 	if !s.explicitOpts.Has(dhcpv4.OptionDomainNameServer) {
 		s.implicitOpts.Update(dhcpv4.OptDNS(dnsIPAddrs...))
 	}
-	s.configureDNSIPAddrs(dnsIPAddrs)
+	for _, ip := range dnsIPAddrs {
 		ip = ip.To4()
 		if ip == nil {
 			continue
 		}
 		s.conf.dnsIPAddrs = append(s.conf.dnsIPAddrs, netip.AddrFrom4(*(*[4]byte)(ip)))
 	}
 	var c net.PacketConn
 	if c, err = s.newDHCPConn(iface); err != nil {
@@ -1232,10 +1199,10 @@ func (s *v4Server) Start() (err error) {
 	log.Info("dhcpv4: listening")
 	go func() {
-		if sErr := s.srv.Serve(); errors.Is(sErr, net.ErrClosed) {
+		if serr := s.srv.Serve(); errors.Is(serr, net.ErrClosed) {
 			log.Info("dhcpv4: server is closed")
-		} else if sErr != nil {
+		} else if serr != nil {
-			log.Error("dhcpv4: srv.Serve: %s", sErr)
+			log.Error("dhcpv4: srv.Serve: %s", serr)
 		}
 	}()
@@ -1246,28 +1213,6 @@ func (s *v4Server) Start() (err error) {
 	return nil
 }
 // configureDNSIPAddrs updates v4Server configuration with provided slice of
 // dns IP addresses.
 func (s *v4Server) configureDNSIPAddrs(dnsIPAddrs []net.IP) {
 	// Update the value of Domain Name Server option separately from others if
 	// not assigned yet since its value is available only at server's start.
 	//
 	// TODO(e.burkov):  Initialize as implicit option with the rest of default
 	// options when it will be possible to do before the call to Start.
 	if !s.explicitOpts.Has(dhcpv4.OptionDomainNameServer) {
 		s.implicitOpts.Update(dhcpv4.OptDNS(dnsIPAddrs...))
 	}
 	for _, ip := range dnsIPAddrs {
 		vAddr, err := netutil.IPToAddr(ip, netutil.AddrFamilyIPv4)
 		if err != nil {
 			continue
 		}
 		s.conf.dnsIPAddrs = append(s.conf.dnsIPAddrs, vAddr)
 	}
 }
 // Stop - stop server
 func (s *v4Server) Stop() (err error) {
 	if s.srv == nil {
--- a/internal/dhcpd/v4_unix_test.go
+++ b/internal/dhcpd/v4_unix_test.go
@@ -227,7 +227,7 @@ func TestV4Server_AddRemove_static(t *testing.T) {
 		},
 		name: "with_gateway_ip",
 		wantErrMsg: "dhcpv4: adding static lease: " +
-			`can't assign the gateway IP "192.168.10.1" to the lease`,
+			"can't assign the gateway IP 192.168.10.1 to the lease",
 	}, {
 		lease: &Lease{
 			Hostname: "ip6.local",
@@ -236,7 +236,7 @@ func TestV4Server_AddRemove_static(t *testing.T) {
 		},
 		name: "ipv6",
 		wantErrMsg: `dhcpv4: adding static lease: ` +
-			`invalid IP "ffff::1": only IPv4 is supported`,
+			`invalid ip "ffff::1", only ipv4 is supported`,
 	}, {
 		lease: &Lease{
 			Hostname: "bad-mac.local",
--- a/internal/dhcpd/v6_unix.go
+++ b/internal/dhcpd/v6_unix.go
@@ -30,7 +30,7 @@ type v6Server struct {
 	leasesLock sync.Mutex
 	leases     []*Lease
 	ipAddrs    [256]byte
-	sid        dhcpv6.DUID
+	sid        dhcpv6.Duid
 	ra raCtx // RA module
@@ -586,31 +586,9 @@ func (s *v6Server) packetHandler(conn net.PacketConn, peer net.Addr, req dhcpv6.
 	}
 }
-// configureDNSIPAddrs updates v6Server configuration with the slice of DNS IP
+// initialize RA module
-// addresses of provided interface iface.  Initializes RA module.
+func (s *v6Server) initRA(iface *net.Interface) error {
-func (s *v6Server) configureDNSIPAddrs(iface *net.Interface) (ok bool, err error) {
+	// choose the source IP address - should be link-local-unicast
 	dnsIPAddrs, err := aghnet.IfaceDNSIPAddrs(
 		iface,
 		aghnet.IPVersion6,
 		defaultMaxAttempts,
 		defaultBackoff,
 	)
 	if err != nil {
 		return false, fmt.Errorf("interface %s: %w", iface.Name, err)
 	}
 	if len(dnsIPAddrs) == 0 {
 		return false, nil
 	}
 	s.conf.dnsIPAddrs = dnsIPAddrs
 	return true, s.initRA(iface)
 }
 // initRA initializes RA module.
 func (s *v6Server) initRA(iface *net.Interface) (err error) {
 	// Choose the source IP address - should be link-local-unicast.
 	s.ra.ipAddr = s.conf.dnsIPAddrs[0]
 	for _, ip := range s.conf.dnsIPAddrs {
 		if ip.IsLinkLocalUnicast() {
@@ -626,7 +604,6 @@ func (s *v6Server) initRA(iface *net.Interface) (err error) {
 	s.ra.ifaceName = s.conf.InterfaceName
 	s.ra.iface = iface
 	s.ra.packetSendPeriod = 1 * time.Second
 	return s.ra.Init()
 }
@@ -646,47 +623,63 @@ func (s *v6Server) Start() (err error) {
 	log.Debug("dhcpv6: starting...")
-	ok, err := s.configureDNSIPAddrs(iface)
+	dnsIPAddrs, err := aghnet.IfaceDNSIPAddrs(
 		iface,
 		aghnet.IPVersion6,
 		defaultMaxAttempts,
 		defaultBackoff,
 	)
 	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
+		return fmt.Errorf("interface %s: %w", ifaceName, err)
 		return err
 	}
-	if !ok {
+	if len(dnsIPAddrs) == 0 {
 		// No available IP addresses which may appear later.
 		return nil
 	}
-	// Don't initialize DHCPv6 server if we must force the clients to use SLAAC.
+	s.conf.dnsIPAddrs = dnsIPAddrs
 	err = s.initRA(iface)
 	if err != nil {
 		return err
 	}
 	// don't initialize DHCPv6 server if we must force the clients to use SLAAC
 	if s.conf.RASLAACOnly {
 		log.Debug("not starting dhcpv6 server due to ra_slaac_only=true")
 		return nil
 	}
 	log.Debug("dhcpv6: listening...")
 	err = netutil.ValidateMAC(iface.HardwareAddr)
 	if err != nil {
 		return fmt.Errorf("validating interface %s: %w", iface.Name, err)
 	}
-	s.sid = &dhcpv6.DUIDLLT{
+	s.sid = dhcpv6.Duid{
-		HWType:        iana.HWTypeEthernet,
+		Type:          dhcpv6.DUID_LLT,
 		HwType:        iana.HWTypeEthernet,
 		LinkLayerAddr: iface.HardwareAddr,
 		Time:          dhcpv6.GetTime(),
 	}
-	s.srv, err = server6.NewServer(iface.Name, nil, s.packetHandler, server6.WithDebugLogger())
+	laddr := &net.UDPAddr{
 		IP:   net.ParseIP("::"),
 		Port: dhcpv6.DefaultServerPort,
 	}
 	s.srv, err = server6.NewServer(iface.Name, laddr, s.packetHandler, server6.WithDebugLogger())
 	if err != nil {
 		return err
 	}
 	log.Debug("dhcpv6: listening...")
 	go func() {
-		if sErr := s.srv.Serve(); errors.Is(sErr, net.ErrClosed) {
+		if serr := s.srv.Serve(); errors.Is(serr, net.ErrClosed) {
 			log.Info("dhcpv6: server is closed")
-		} else if sErr != nil {
+		} else if serr != nil {
-			log.Error("dhcpv6: srv.Serve: %s", sErr)
+			log.Error("dhcpv6: srv.Serve: %s", serr)
 		}
 	}()
--- a/internal/dhcpd/v6_unix_test.go
+++ b/internal/dhcpd/v6_unix_test.go
@@ -121,8 +121,9 @@ func TestV6GetLease(t *testing.T) {
 	dnsAddr := net.ParseIP("2000::1")
 	s.conf.dnsIPAddrs = []net.IP{dnsAddr}
-	s.sid = &dhcpv6.DUIDLL{
+	s.sid = dhcpv6.Duid{
-		HWType:        iana.HWTypeEthernet,
+		Type:          dhcpv6.DUID_LLT,
 		HwType:        iana.HWTypeEthernet,
 		LinkLayerAddr: net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
 	}
@@ -215,8 +216,9 @@ func TestV6GetDynamicLease(t *testing.T) {
 	dnsAddr := net.ParseIP("2000::1")
 	s.conf.dnsIPAddrs = []net.IP{dnsAddr}
-	s.sid = &dhcpv6.DUIDLL{
+	s.sid = dhcpv6.Duid{
-		HWType:        iana.HWTypeEthernet,
+		Type:          dhcpv6.DUID_LLT,
 		HwType:        iana.HWTypeEthernet,
 		LinkLayerAddr: net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
 	}
--- a/internal/dhcpsvc/config.go
+++ b/internal/dhcpsvc/config.go
@@ -1,86 +0,0 @@
 package dhcpsvc
 import (
 	"net/netip"
 	"time"
 	"github.com/google/gopacket/layers"
 )
 // Config is the configuration for the DHCP service.
 type Config struct {
 	// Interfaces stores configurations of DHCP server specific for the network
 	// interface identified by its name.
 	Interfaces map[string]*InterfaceConfig
 	// LocalDomainName is the top-level domain name to use for resolving DHCP
 	// clients' hostnames.
 	LocalDomainName string
 	// ICMPTimeout is the timeout for checking another DHCP server's presence.
 	ICMPTimeout time.Duration
 	// Enabled is the state of the service, whether it is enabled or not.
 	Enabled bool
 }
 // InterfaceConfig is the configuration of a single DHCP interface.
 type InterfaceConfig struct {
 	// IPv4 is the configuration of DHCP protocol for IPv4.
 	IPv4 *IPv4Config
 	// IPv6 is the configuration of DHCP protocol for IPv6.
 	IPv6 *IPv6Config
 }
 // IPv4Config is the interface-specific configuration for DHCPv4.
 type IPv4Config struct {
 	// GatewayIP is the IPv4 address of the network's gateway.  It is used as
 	// the default gateway for DHCP clients and also used in calculating the
 	// network-specific broadcast address.
 	GatewayIP netip.Addr
 	// SubnetMask is the IPv4 subnet mask of the network.  It should be a valid
 	// IPv4 subnet mask (i.e. all 1s followed by all 0s).
 	SubnetMask netip.Addr
 	// RangeStart is the first address in the range to assign to DHCP clients.
 	RangeStart netip.Addr
 	// RangeEnd is the last address in the range to assign to DHCP clients.
 	RangeEnd netip.Addr
 	// Options is the list of DHCP options to send to DHCP clients.
 	Options layers.DHCPOptions
 	// LeaseDuration is the TTL of a DHCP lease.
 	LeaseDuration time.Duration
 	// Enabled is the state of the DHCPv4 service, whether it is enabled or not
 	// on the specific interface.
 	Enabled bool
 }
 // IPv6Config is the interface-specific configuration for DHCPv6.
 type IPv6Config struct {
 	// RangeStart is the first address in the range to assign to DHCP clients.
 	RangeStart netip.Addr
 	// Options is the list of DHCP options to send to DHCP clients.
 	Options layers.DHCPOptions
 	// LeaseDuration is the TTL of a DHCP lease.
 	LeaseDuration time.Duration
 	// RASlaacOnly defines whether the DHCP clients should only use SLAAC for
 	// address assignment.
 	RASLAACOnly bool
 	// RAAllowSlaac defines whether the DHCP clients may use SLAAC for address
 	// assignment.
 	RAAllowSLAAC bool
 	// Enabled is the state of the DHCPv6 service, whether it is enabled or not
 	// on the specific interface.
 	Enabled bool
 }
--- a/internal/dhcpsvc/dhcpsvc.go
+++ b/internal/dhcpsvc/dhcpsvc.go
@@ -1,120 +0,0 @@
 // Package dhcpsvc contains the AdGuard Home DHCP service.
 //
 // TODO(e.burkov): Add tests.
 package dhcpsvc
 import (
 	"context"
 	"net"
 	"net/netip"
 	"time"
 	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
 )
 // Lease is a DHCP lease.
 //
 // TODO(e.burkov):  Consider it to [agh], since it also may be needed in
 // [websvc].  Also think of implementing iterating methods with appropriate
 // signatures.
 type Lease struct {
 	// IP is the IP address leased to the client.
 	IP netip.Addr
 	// Expiry is the expiration time of the lease.
 	Expiry time.Time
 	// Hostname of the client.
 	Hostname string
 	// HWAddr is the physical hardware address (MAC address).
 	HWAddr net.HardwareAddr
 	// IsStatic defines if the lease is static.
 	IsStatic bool
 }
 type Interface interface {
 	agh.ServiceWithConfig[*Config]
 	// Enabled returns true if DHCP provides information about clients.
 	Enabled() (ok bool)
 	// HostByIP returns the hostname of the DHCP client with the given IP
 	// address.  The address will be netip.Addr{} if there is no such client,
 	// due to an assumption that a DHCP client must always have an IP address.
 	HostByIP(ip netip.Addr) (host string)
 	// MACByIP returns the MAC address for the given IP address leased.  It
 	// returns nil if there is no such client, due to an assumption that a DHCP
 	// client must always have a MAC address.
 	MACByIP(ip netip.Addr) (mac net.HardwareAddr)
 	// IPByHost returns the IP address of the DHCP client with the given
 	// hostname.  The hostname will be an empty string if there is no such
 	// client, due to an assumption that a DHCP client must always have a
 	// hostname, either set by the client or assigned automatically.
 	IPByHost(host string) (ip netip.Addr)
 	// Leases returns all the DHCP leases.
 	Leases() (leases []*Lease)
 	// AddLease adds a new DHCP lease.  It returns an error if the lease is
 	// invalid or already exists.
 	AddLease(l *Lease) (err error)
 	// EditLease changes an existing DHCP lease.  It returns an error if there
 	// is no lease equal to old or if new is invalid or already exists.
 	EditLease(old, new *Lease) (err error)
 	// RemoveLease removes an existing DHCP lease.  It returns an error if there
 	// is no lease equal to l.
 	RemoveLease(l *Lease) (err error)
 	// Reset removes all the DHCP leases.
 	Reset() (err error)
 }
 // Empty is an [Interface] implementation that does nothing.
 type Empty struct{}
 // type check
 var _ Interface = Empty{}
 // Start implements the [Service] interface for Empty.
 func (Empty) Start() (err error) { return nil }
 // Shutdown implements the [Service] interface for Empty.
 func (Empty) Shutdown(_ context.Context) (err error) { return nil }
 var _ agh.ServiceWithConfig[*Config] = Empty{}
 // Config implements the [ServiceWithConfig] interface for Empty.
 func (Empty) Config() (conf *Config) { return nil }
 // Enabled implements the [Interface] interface for Empty.
 func (Empty) Enabled() (ok bool) { return false }
 // HostByIP implements the [Interface] interface for Empty.
 func (Empty) HostByIP(_ netip.Addr) (host string) { return "" }
 // MACByIP implements the [Interface] interface for Empty.
 func (Empty) MACByIP(_ netip.Addr) (mac net.HardwareAddr) { return nil }
 // IPByHost implements the [Interface] interface for Empty.
 func (Empty) IPByHost(_ string) (ip netip.Addr) { return netip.Addr{} }
 // Leases implements the [Interface] interface for Empty.
 func (Empty) Leases() (leases []*Lease) { return nil }
 // AddLease implements the [Interface] interface for Empty.
 func (Empty) AddLease(_ *Lease) (err error) { return nil }
 // EditLease implements the [Interface] interface for Empty.
 func (Empty) EditLease(_, _ *Lease) (err error) { return nil }
 // RemoveLease implements the [Interface] interface for Empty.
 func (Empty) RemoveLease(_ *Lease) (err error) { return nil }
 // Reset implements the [Interface] interface for Empty.
 func (Empty) Reset() (err error) { return nil }
--- a/internal/dnsforward/dns.go
+++ b/internal/dnsforward/dns.go
@@ -145,13 +145,10 @@ func (s *Server) handleDNSRequest(_ *proxy.Proxy, pctx *proxy.DNSContext) error
 // processRecursion checks the incoming request and halts its handling by
 // answering NXDOMAIN if s has tried to resolve it recently.
 func (s *Server) processRecursion(dctx *dnsContext) (rc resultCode) {
 	log.Debug("dnsforward: started processing recursion")
 	defer log.Debug("dnsforward: finished processing recursion")
 	pctx := dctx.proxyCtx
 	if msg := pctx.Req; msg != nil && s.recDetector.check(*msg) {
-		log.Debug("dnsforward: recursion detected resolving %q", msg.Question[0].Name)
+		log.Debug("recursion detected resolving %q", msg.Question[0].Name)
 		pctx.Res = s.genNXDomain(pctx.Req)
 		return resultCodeFinish
@@ -161,13 +158,10 @@ func (s *Server) processRecursion(dctx *dnsContext) (rc resultCode) {
 }
 // processInitial terminates the following processing for some requests if
-// needed and enriches dctx with some client-specific information.
+// needed and enriches the ctx with some client-specific information.
 //
 // TODO(e.burkov):  Decompose into less general processors.
 func (s *Server) processInitial(dctx *dnsContext) (rc resultCode) {
 	log.Debug("dnsforward: started processing initial")
 	defer log.Debug("dnsforward: finished processing initial")
 	pctx := dctx.proxyCtx
 	q := pctx.Req.Question[0]
 	qt := q.Qtype
@@ -288,9 +282,6 @@ func (s *Server) onDHCPLeaseChanged(flags int) {
 //
 // See https://www.ietf.org/archive/id/draft-ietf-add-ddr-10.html.
 func (s *Server) processDDRQuery(dctx *dnsContext) (rc resultCode) {
 	log.Debug("dnsforward: started processing ddr")
 	defer log.Debug("dnsforward: finished processing ddr")
 	if !s.conf.HandleDDR {
 		return resultCodeSuccess
 	}
@@ -384,9 +375,6 @@ func (s *Server) makeDDRResponse(req *dns.Msg) (resp *dns.Msg) {
 // processDetermineLocal determines if the client's IP address is from locally
 // served network and saves the result into the context.
 func (s *Server) processDetermineLocal(dctx *dnsContext) (rc resultCode) {
 	log.Debug("dnsforward: started processing local detection")
 	defer log.Debug("dnsforward: finished processing local detection")
 	rc = resultCodeSuccess
 	var ip net.IP
@@ -417,9 +405,6 @@ func (s *Server) dhcpHostToIP(host string) (ip netip.Addr, ok bool) {
 //
 // TODO(a.garipov): Adapt to AAAA as well.
 func (s *Server) processDHCPHosts(dctx *dnsContext) (rc resultCode) {
 	log.Debug("dnsforward: started processing dhcp hosts")
 	defer log.Debug("dnsforward: finished processing dhcp hosts")
 	pctx := dctx.proxyCtx
 	req := pctx.Req
 	q := req.Question[0]
@@ -559,9 +544,6 @@ func extractARPASubnet(domain string) (pref netip.Prefix, err error) {
 // processRestrictLocal responds with NXDOMAIN to PTR requests for IP addresses
 // in locally served network from external clients.
 func (s *Server) processRestrictLocal(dctx *dnsContext) (rc resultCode) {
 	log.Debug("dnsforward: started processing local restriction")
 	defer log.Debug("dnsforward: finished processing local restriction")
 	pctx := dctx.proxyCtx
 	req := pctx.Req
 	q := req.Question[0]
@@ -631,9 +613,6 @@ func (s *Server) ipToDHCPHost(ip netip.Addr) (host string, ok bool) {
 // processDHCPAddrs responds to PTR requests if the target IP is leased by the
 // DHCP server.
 func (s *Server) processDHCPAddrs(dctx *dnsContext) (rc resultCode) {
 	log.Debug("dnsforward: started processing dhcp addrs")
 	defer log.Debug("dnsforward: finished processing dhcp addrs")
 	pctx := dctx.proxyCtx
 	if pctx.Res != nil {
 		return resultCodeSuccess
@@ -679,9 +658,6 @@ func (s *Server) processDHCPAddrs(dctx *dnsContext) (rc resultCode) {
 // processLocalPTR responds to PTR requests if the target IP is detected to be
 // inside the local network and the query was not answered from DHCP.
 func (s *Server) processLocalPTR(dctx *dnsContext) (rc resultCode) {
 	log.Debug("dnsforward: started processing local ptr")
 	defer log.Debug("dnsforward: finished processing local ptr")
 	pctx := dctx.proxyCtx
 	if pctx.Res != nil {
 		return resultCodeSuccess
@@ -716,9 +692,6 @@ func (s *Server) processLocalPTR(dctx *dnsContext) (rc resultCode) {
 // Apply filtering logic
 func (s *Server) processFilteringBeforeRequest(ctx *dnsContext) (rc resultCode) {
 	log.Debug("dnsforward: started processing filtering before req")
 	defer log.Debug("dnsforward: finished processing filtering before req")
 	if ctx.proxyCtx.Res != nil {
 		// Go on since the response is already set.
 		return resultCodeSuccess
@@ -752,9 +725,6 @@ func ipStringFromAddr(addr net.Addr) (ipStr string) {
 // processUpstream passes request to upstream servers and handles the response.
 func (s *Server) processUpstream(dctx *dnsContext) (rc resultCode) {
 	log.Debug("dnsforward: started processing upstream")
 	defer log.Debug("dnsforward: finished processing upstream")
 	pctx := dctx.proxyCtx
 	req := pctx.Req
 	q := req.Question[0]
@@ -901,9 +871,6 @@ func (s *Server) setCustomUpstream(pctx *proxy.DNSContext, clientID string) {
 // Apply filtering logic after we have received response from upstream servers
 func (s *Server) processFilteringAfterResponse(dctx *dnsContext) (rc resultCode) {
 	log.Debug("dnsforward: started processing filtering after resp")
 	defer log.Debug("dnsforward: finished processing filtering after resp")
 	pctx := dctx.proxyCtx
 	switch res := dctx.result; res.Reason {
 	case filtering.NotFilteredAllowList:
--- a/internal/dnsforward/dnsforward.go
+++ b/internal/dnsforward/dnsforward.go
@@ -48,33 +48,12 @@ var webRegistered bool
 // hostToIPTable is a convenient type alias for tables of host names to an IP
 // address.
 //
 // TODO(e.burkov):  Use the [DHCP] interface instead.
 type hostToIPTable = map[string]netip.Addr
 // ipToHostTable is a convenient type alias for tables of IP addresses to their
 // host names.  For example, for use with PTR queries.
 //
 // TODO(e.burkov):  Use the [DHCP] interface instead.
 type ipToHostTable = map[netip.Addr]string
 // DHCP is an interface for accessing DHCP lease data needed in this package.
 type DHCP interface {
 	// HostByIP returns the hostname of the DHCP client with the given IP
 	// address.  The address will be netip.Addr{} if there is no such client,
 	// due to an assumption that a DHCP client must always have an IP address.
 	HostByIP(ip netip.Addr) (host string)
 	// IPByHost returns the IP address of the DHCP client with the given
 	// hostname.  The hostname will be an empty string if there is no such
 	// client, due to an assumption that a DHCP client must always have a
 	// hostname, either set by the client or assigned automatically.
 	IPByHost(host string) (ip netip.Addr)
 	// Enabled returns true if DHCP provides information about clients.
 	Enabled() (ok bool)
 }
 // Server is the main way to start a DNS server.
 //
 // Example:
@@ -236,7 +215,7 @@ func (s *Server) Close() {
 	s.dnsProxy = nil
 	if err := s.ipset.close(); err != nil {
-		log.Error("dnsforward: closing ipset: %s", err)
+		log.Error("closing ipset: %s", err)
 	}
 }
@@ -464,7 +443,7 @@ func (s *Server) setupResolvers(localAddrs []string) (err error) {
 		return err
 	}
-	log.Debug("dnsforward: upstreams to resolve ptr for local addresses: %v", localAddrs)
+	log.Debug("upstreams to resolve PTR for local addresses: %v", localAddrs)
 	var upsConfig *proxy.UpstreamConfig
 	upsConfig, err = proxy.ParseUpstreamsConfig(
@@ -677,9 +656,7 @@ func (s *Server) Reconfigure(conf *ServerConfig) error {
 	s.serverLock.Lock()
 	defer s.serverLock.Unlock()
-	log.Info("dnsforward: starting reconfiguring server")
+	log.Print("Start reconfiguring the server")
 	defer log.Info("dnsforward: finished reconfiguring server")
 	err := s.stopLocked()
 	if err != nil {
 		return fmt.Errorf("could not reconfigure the server: %w", err)
@@ -731,13 +708,13 @@ func (s *Server) IsBlockedClient(ip netip.Addr, clientID string) (blocked bool,
 	// Allow if at least one of the checks allows in allowlist mode, but block
 	// if at least one of the checks blocks in blocklist mode.
 	if allowlistMode && blockedByIP && blockedByClientID {
-		log.Debug("dnsforward: client %v (id %q) is not in access allowlist", ip, clientID)
+		log.Debug("client %v (id %q) is not in access allowlist", ip, clientID)
 		// Return now without substituting the empty rule for the
 		// clientID because the rule can't be empty here.
 		return true, rule
 	} else if !allowlistMode && (blockedByIP || blockedByClientID) {
-		log.Debug("dnsforward: client %v (id %q) is in access blocklist", ip, clientID)
+		log.Debug("client %v (id %q) is in access blocklist", ip, clientID)
 		blocked = true
 	}
--- a/internal/dnsforward/filter.go
+++ b/internal/dnsforward/filter.go
@@ -53,14 +53,14 @@ func (s *Server) beforeRequestHandler(
 // getClientRequestFilteringSettings looks up client filtering settings using
 // the client's IP address and ID, if any, from dctx.
 func (s *Server) getClientRequestFilteringSettings(dctx *dnsContext) *filtering.Settings {
-	setts := s.dnsFilter.Settings()
+	setts := s.dnsFilter.GetConfig()
 	setts.ProtectionEnabled = dctx.protectionEnabled
 	if s.conf.FilterHandler != nil {
 		ip, _ := netutil.IPAndPortFromAddr(dctx.proxyCtx.Addr)
-		s.conf.FilterHandler(ip, dctx.clientID, setts)
+		s.conf.FilterHandler(ip, dctx.clientID, &setts)
 	}
-	return setts
+	return &setts
 }
 // filterDNSRequest applies the dnsFilter and sets dctx.proxyCtx.Res if the
--- a/internal/dnsforward/http_test.go
+++ b/internal/dnsforward/http_test.go
@@ -487,8 +487,7 @@ func TestServer_handleTestUpstreaDNS(t *testing.T) {
 		},
 		wantResp: map[string]any{
 			badUps: `upstream "` + badUps + `" fails to exchange: ` +
-				`couldn't communicate with upstream: exchanging with ` +
+				`couldn't communicate with upstream: dns: id mismatch`,
 				badUps + ` over tcp: dns: id mismatch`,
 		},
 		name: "broken",
 	}, {
@@ -498,8 +497,7 @@ func TestServer_handleTestUpstreaDNS(t *testing.T) {
 		wantResp: map[string]any{
 			goodUps: "OK",
 			badUps: `upstream "` + badUps + `" fails to exchange: ` +
-				`couldn't communicate with upstream: exchanging with ` +
+				`couldn't communicate with upstream: dns: id mismatch`,
 				badUps + ` over tcp: dns: id mismatch`,
 		},
 		name: "both",
 	}}
--- a/internal/dnsforward/ipset.go
+++ b/internal/dnsforward/ipset.go
@@ -110,9 +110,6 @@ func ipsFromAnswer(ans []dns.RR) (ip4s, ip6s []net.IP) {
 // process adds the resolved IP addresses to the domain's ipsets, if any.
 func (c *ipsetCtx) process(dctx *dnsContext) (rc resultCode) {
 	log.Debug("dnsforward: ipset: started processing")
 	defer log.Debug("dnsforward: ipset: finished processing")
 	if c.skipIpsetProcessing(dctx) {
 		return resultCodeSuccess
 	}
@@ -128,12 +125,12 @@ func (c *ipsetCtx) process(dctx *dnsContext) (rc resultCode) {
 	n, err := c.ipsetMgr.Add(host, ip4s, ip6s)
 	if err != nil {
 		// Consider ipset errors non-critical to the request.
-		log.Error("dnsforward: ipset: adding host ips: %s", err)
+		log.Error("ipset: adding host ips: %s", err)
 		return resultCodeSuccess
 	}
-	log.Debug("dnsforward: ipset: added %d new ipset entries", n)
+	log.Debug("ipset: added %d new ipset entries", n)
 	return resultCodeSuccess
 }
--- a/internal/dnsforward/msg.go
+++ b/internal/dnsforward/msg.go
@@ -57,13 +57,16 @@ func (s *Server) genDNSFilterMessage(
 		return s.genBlockedHost(req, s.conf.SafeBrowsingBlockHost, dctx)
 	case filtering.FilteredParental:
 		return s.genBlockedHost(req, s.conf.ParentalBlockHost, dctx)
 	case filtering.FilteredSafeSearch:
 		// If Safe Search generated the necessary IP addresses, use them.
 		// Otherwise, if there were no errors, there are no addresses for the
 		// requested IP version, so produce a NODATA response.
 		return s.genResponseWithIPs(req, ipsFromRules(res.Rules))
 	default:
-		return s.genForBlockingMode(req, ipsFromRules(res.Rules))
+		// If the query was filtered by Safe Search, filtering also must return
 		// the IP addresses that must be used in response.  Return them
 		// regardless of the filtering method.
 		ips := ipsFromRules(res.Rules)
 		if res.Reason == filtering.FilteredSafeSearch && len(ips) > 0 {
 			return s.genResponseWithIPs(req, ips)
 		}
 		return s.genForBlockingMode(req, ips)
 	}
 }
--- a/internal/dnsforward/stats.go
+++ b/internal/dnsforward/stats.go
@@ -17,78 +17,60 @@ import (
 // Write Stats data and logs
 func (s *Server) processQueryLogsAndStats(dctx *dnsContext) (rc resultCode) {
 	log.Debug("dnsforward: started processing querylog and stats")
 	defer log.Debug("dnsforward: finished processing querylog and stats")
 	elapsed := time.Since(dctx.startTime)
 	pctx := dctx.proxyCtx
-	q := pctx.Req.Question[0]
+	shouldLog := true
 	msg := pctx.Req
 	q := msg.Question[0]
 	host := strings.ToLower(strings.TrimSuffix(q.Name, "."))
 	// don't log ANY request if refuseAny is enabled
 	if q.Qtype == dns.TypeANY && s.conf.RefuseAny {
 		shouldLog = false
 	}
 	ip, _ := netutil.IPAndPortFromAddr(pctx.Addr)
 	ip = slices.Clone(ip)
 	s.serverLock.RLock()
 	defer s.serverLock.RUnlock()
 	s.anonymizer.Load()(ip)
-	log.Debug("dnsforward: client ip for stats and querylog: %s", ip)
+	log.Debug("client ip: %s", ip)
 	ipStr := ip.String()
 	ids := []string{ipStr, dctx.clientID}
 	qt, cl := q.Qtype, q.Qclass
 	// Synchronize access to s.queryLog and s.stats so they won't be suddenly
 	// uninitialized while in use.  This can happen after proxy server has been
 	// stopped, but its workers haven't yet exited.
-	s.serverLock.RLock()
+	if shouldLog &&
-	defer s.serverLock.RUnlock()
+		s.queryLog != nil &&
-
+		// TODO(s.chzhen):  Use dnsforward.dnsContext when it will start
-	if s.shouldLog(host, qt, cl, ids) {
+		// containing persistent client.
 		s.queryLog.ShouldLog(host, q.Qtype, q.Qclass, ids) {
 		s.logQuery(dctx, pctx, elapsed, ip)
 	} else {
 		log.Debug(
-			"dnsforward: request %s %s %q from %s ignored; not adding to querylog",
+			"dnsforward: request %s %s from %s ignored; not logging",
-			dns.Class(cl),
+			dns.Type(q.Qtype),
 			dns.Type(qt),
 			host,
 			ip,
 		)
 	}
-	if s.shouldCountStat(host, qt, cl, ids) {
+	if s.stats != nil &&
 		// TODO(s.chzhen):  Use dnsforward.dnsContext when it will start
 		// containing persistent client.
 		s.stats.ShouldCount(host, q.Qtype, q.Qclass, ids) {
 		s.updateStats(dctx, elapsed, *dctx.result, ipStr)
 	} else {
 		log.Debug(
 			"dnsforward: request %s %s %q from %s ignored; not counting in stats",
 			dns.Class(cl),
 			dns.Type(qt),
 			host,
 			ip,
 		)
 	}
 	return resultCodeSuccess
 }
 // shouldLog returns true if the query with the given data should be logged in
 // the query log.  s.serverLock is expected to be locked.
 func (s *Server) shouldLog(host string, qt, cl uint16, ids []string) (ok bool) {
 	if qt == dns.TypeANY && s.conf.RefuseAny {
 		return false
 	}
 	// TODO(s.chzhen):  Use dnsforward.dnsContext when it will start containing
 	// persistent client.
 	return s.queryLog != nil && s.queryLog.ShouldLog(host, qt, cl, ids)
 }
 // shouldCountStat returns true if the query with the given data should be
 // counted in the statistics.  s.serverLock is expected to be locked.
 func (s *Server) shouldCountStat(host string, qt, cl uint16, ids []string) (ok bool) {
 	// TODO(s.chzhen):  Use dnsforward.dnsContext when it will start containing
 	// persistent client.
 	return s.stats != nil && s.stats.ShouldCount(host, qt, cl, ids)
 }
 // logQuery pushes the request details into the query log.
 func (s *Server) logQuery(
 	dctx *dnsContext,
@@ -141,10 +123,7 @@ func (s *Server) updateStats(
 	pctx := ctx.proxyCtx
 	e := stats.Entry{}
 	e.Domain = strings.ToLower(pctx.Req.Question[0].Name)
-	if e.Domain != "." {
+	e.Domain = e.Domain[:len(e.Domain)-1] // remove last "."
 		// Remove last ".", but save the domain as is for "." queries.
 		e.Domain = e.Domain[:len(e.Domain)-1]
 	}
 	if clientID := ctx.clientID; clientID != "" {
 		e.Client = clientID
--- a/internal/dnsforward/stats_test.go
+++ b/internal/dnsforward/stats_test.go
@@ -46,10 +46,6 @@ type testStats struct {
 // Update implements the [stats.Interface] interface for *testStats.
 func (l *testStats) Update(e stats.Entry) {
 	if e.Domain == "" {
 		return
 	}
 	l.lastEntry = e
 }
@@ -58,12 +54,9 @@ func (l *testStats) ShouldCount(string, uint16, uint16, []string) bool {
 	return true
 }
-func TestServer_ProcessQueryLogsAndStats(t *testing.T) {
+func TestProcessQueryLogsAndStats(t *testing.T) {
 	const domain = "example.com."
 	testCases := []struct {
 		name           string
 		domain         string
 		proto          proxy.Proto
 		addr           net.Addr
 		clientID       string
@@ -74,7 +67,6 @@ func TestServer_ProcessQueryLogsAndStats(t *testing.T) {
 		wantStatResult stats.Result
 	}{{
 		name:           "success_udp",
 		domain:         domain,
 		proto:          proxy.ProtoUDP,
 		addr:           &net.UDPAddr{IP: net.IP{1, 2, 3, 4}, Port: 1234},
 		clientID:       "",
@@ -85,7 +77,6 @@ func TestServer_ProcessQueryLogsAndStats(t *testing.T) {
 		wantStatResult: stats.RNotFiltered,
 	}, {
 		name:           "success_tls_clientid",
 		domain:         domain,
 		proto:          proxy.ProtoTLS,
 		addr:           &net.TCPAddr{IP: net.IP{1, 2, 3, 4}, Port: 1234},
 		clientID:       "cli42",
@@ -96,7 +87,6 @@ func TestServer_ProcessQueryLogsAndStats(t *testing.T) {
 		wantStatResult: stats.RNotFiltered,
 	}, {
 		name:           "success_tls",
 		domain:         domain,
 		proto:          proxy.ProtoTLS,
 		addr:           &net.TCPAddr{IP: net.IP{1, 2, 3, 4}, Port: 1234},
 		clientID:       "",
@@ -107,7 +97,6 @@ func TestServer_ProcessQueryLogsAndStats(t *testing.T) {
 		wantStatResult: stats.RNotFiltered,
 	}, {
 		name:           "success_quic",
 		domain:         domain,
 		proto:          proxy.ProtoQUIC,
 		addr:           &net.UDPAddr{IP: net.IP{1, 2, 3, 4}, Port: 1234},
 		clientID:       "",
@@ -118,7 +107,6 @@ func TestServer_ProcessQueryLogsAndStats(t *testing.T) {
 		wantStatResult: stats.RNotFiltered,
 	}, {
 		name:           "success_https",
 		domain:         domain,
 		proto:          proxy.ProtoHTTPS,
 		addr:           &net.TCPAddr{IP: net.IP{1, 2, 3, 4}, Port: 1234},
 		clientID:       "",
@@ -129,7 +117,6 @@ func TestServer_ProcessQueryLogsAndStats(t *testing.T) {
 		wantStatResult: stats.RNotFiltered,
 	}, {
 		name:           "success_dnscrypt",
 		domain:         domain,
 		proto:          proxy.ProtoDNSCrypt,
 		addr:           &net.TCPAddr{IP: net.IP{1, 2, 3, 4}, Port: 1234},
 		clientID:       "",
@@ -140,7 +127,6 @@ func TestServer_ProcessQueryLogsAndStats(t *testing.T) {
 		wantStatResult: stats.RNotFiltered,
 	}, {
 		name:           "success_udp_filtered",
 		domain:         domain,
 		proto:          proxy.ProtoUDP,
 		addr:           &net.UDPAddr{IP: net.IP{1, 2, 3, 4}, Port: 1234},
 		clientID:       "",
@@ -151,7 +137,6 @@ func TestServer_ProcessQueryLogsAndStats(t *testing.T) {
 		wantStatResult: stats.RFiltered,
 	}, {
 		name:           "success_udp_sb",
 		domain:         domain,
 		proto:          proxy.ProtoUDP,
 		addr:           &net.UDPAddr{IP: net.IP{1, 2, 3, 4}, Port: 1234},
 		clientID:       "",
@@ -162,7 +147,6 @@ func TestServer_ProcessQueryLogsAndStats(t *testing.T) {
 		wantStatResult: stats.RSafeBrowsing,
 	}, {
 		name:           "success_udp_ss",
 		domain:         domain,
 		proto:          proxy.ProtoUDP,
 		addr:           &net.UDPAddr{IP: net.IP{1, 2, 3, 4}, Port: 1234},
 		clientID:       "",
@@ -173,7 +157,6 @@ func TestServer_ProcessQueryLogsAndStats(t *testing.T) {
 		wantStatResult: stats.RSafeSearch,
 	}, {
 		name:           "success_udp_pc",
 		domain:         domain,
 		proto:          proxy.ProtoUDP,
 		addr:           &net.UDPAddr{IP: net.IP{1, 2, 3, 4}, Port: 1234},
 		clientID:       "",
@@ -182,17 +165,6 @@ func TestServer_ProcessQueryLogsAndStats(t *testing.T) {
 		wantCode:       resultCodeSuccess,
 		reason:         filtering.FilteredParental,
 		wantStatResult: stats.RParental,
 	}, {
 		name:           "success_udp_pc_empty_fqdn",
 		domain:         ".",
 		proto:          proxy.ProtoUDP,
 		addr:           &net.UDPAddr{IP: net.IP{1, 2, 3, 5}, Port: 1234},
 		clientID:       "",
 		wantLogProto:   "",
 		wantStatClient: "1.2.3.5",
 		wantCode:       resultCodeSuccess,
 		reason:         filtering.FilteredParental,
 		wantStatResult: stats.RParental,
 	}}
 	ups, err := upstream.AddressToUpstream("1.1.1.1", nil)
@@ -209,7 +181,7 @@ func TestServer_ProcessQueryLogsAndStats(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			req := &dns.Msg{
 				Question: []dns.Question{{
-					Name: tc.domain,
+					Name: "example.com.",
 				}},
 			}
 			pctx := &proxy.DNSContext{
--- a/internal/filtering/blocked.go
+++ b/internal/filtering/blocked.go
@@ -2,12 +2,9 @@ package filtering
 import (
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"time"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 	"github.com/AdguardTeam/AdGuardHome/internal/schedule"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/urlfilter/rules"
 	"golang.org/x/exp/slices"
@@ -47,57 +44,23 @@ func initBlockedServices() {
 	log.Debug("filtering: initialized %d services", l)
 }
-// BlockedServices is the configuration of blocked services.
+// BlockedSvcKnown returns true if a blocked service ID is known.
-type BlockedServices struct {
+func BlockedSvcKnown(s string) (ok bool) {
-	// Schedule is blocked services schedule for every day of the week.
+	_, ok = serviceRules[s]
 	Schedule *schedule.Weekly `yaml:"schedule"`
-	// IDs is the names of blocked services.
+	return ok
 	IDs []string `yaml:"ids"`
 }
 // Clone returns a deep copy of blocked services.
 func (s *BlockedServices) Clone() (c *BlockedServices) {
 	if s == nil {
 		return nil
 	}
 	return &BlockedServices{
 		Schedule: s.Schedule.Clone(),
 		IDs:      slices.Clone(s.IDs),
 	}
 }
 // Validate returns an error if blocked services contain unknown service ID.  s
 // must not be nil.
 func (s *BlockedServices) Validate() (err error) {
 	for _, id := range s.IDs {
 		_, ok := serviceRules[id]
 		if !ok {
 			return fmt.Errorf("unknown blocked-service %q", id)
 		}
 	}
 	return nil
 }
 // ApplyBlockedServices - set blocked services settings for this DNS request
-func (d *DNSFilter) ApplyBlockedServices(setts *Settings) {
+func (d *DNSFilter) ApplyBlockedServices(setts *Settings, list []string) {
 	setts.ServicesRules = []ServiceEntry{}
 	if list == nil {
 		d.confLock.RLock()
 		defer d.confLock.RUnlock()
-	setts.ServicesRules = []ServiceEntry{}
+		list = d.Config.BlockedServices
 	bsvc := d.BlockedServices
 	// TODO(s.chzhen):  Use startTime from [dnsforward.dnsContext].
 	if !bsvc.Schedule.Contains(time.Now()) {
 		d.ApplyBlockedServicesList(setts, bsvc.IDs)
 	}
 	}
 // ApplyBlockedServicesList appends filtering rules to the settings.
 func (d *DNSFilter) ApplyBlockedServicesList(setts *Settings, list []string) {
 	for _, name := range list {
 		rules, ok := serviceRules[name]
 		if !ok {
@@ -127,7 +90,7 @@ func (d *DNSFilter) handleBlockedServicesAll(w http.ResponseWriter, r *http.Requ
 func (d *DNSFilter) handleBlockedServicesList(w http.ResponseWriter, r *http.Request) {
 	d.confLock.RLock()
-	list := d.Config.BlockedServices.IDs
+	list := d.Config.BlockedServices
 	d.confLock.RUnlock()
 	_ = aghhttp.WriteJSONResponse(w, r, list)
@@ -143,7 +106,7 @@ func (d *DNSFilter) handleBlockedServicesSet(w http.ResponseWriter, r *http.Requ
 	}
 	d.confLock.Lock()
-	d.Config.BlockedServices.IDs = list
+	d.Config.BlockedServices = list
 	d.confLock.Unlock()
 	log.Debug("Updated blocked services list: %d", len(list))
--- a/internal/filtering/dnsrewrite.go
+++ b/internal/filtering/dnsrewrite.go
@@ -3,6 +3,7 @@ package filtering
 import (
 	"github.com/AdguardTeam/urlfilter/rules"
 	"github.com/miekg/dns"
 	"golang.org/x/exp/slices"
 )
 // DNSRewriteResult is the result of application of $dnsrewrite rules.
@@ -24,7 +25,13 @@ func (d *DNSFilter) processDNSRewrites(dnsr []*rules.NetworkRule) (res Result) {
 		Response: DNSRewriteResultResponse{},
 	}
-	for _, nr := range dnsr {
+	slices.SortFunc(dnsr, rewriteSortsBefore)
 	for i, nr := range dnsr {
 		if i > 0 && containsWildcard(nr) {
 			break
 		}
 		dr := nr.DNSRewrite
 		if dr.NewCNAME != "" {
 			// NewCNAME rules have a higher priority than other rules.
@@ -73,3 +80,19 @@ func (d *DNSFilter) processDNSRewrites(dnsr []*rules.NetworkRule) (res Result) {
 		Reason:           RewrittenRule,
 	}
 }
 func rewriteSortsBefore(a, b *rules.NetworkRule) (sortsBefore bool) {
 	return len(a.Shortcut) > len(b.Shortcut)
 }
 func containsWildcard(r *rules.NetworkRule) (ok bool) {
 	for _, c := range r.RuleText {
 		if c == '*' {
 			return true
 		} else if c == '^' {
 			break
 		}
 	}
 	return false
 }
--- a/internal/filtering/dnsrewrite_test.go
+++ b/internal/filtering/dnsrewrite_test.go
@@ -5,6 +5,7 @@ import (
 	"path"
 	"testing"
 	"github.com/AdguardTeam/urlfilter"
 	"github.com/miekg/dns"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -202,3 +203,32 @@ func TestDNSFilter_CheckHostRules_dnsrewrite(t *testing.T) {
 		assert.Equal(t, "new-ptr-with-dot.", ptr)
 	})
 }
 func TestDNSFilter_ProcessDNSRewrites(t *testing.T) {
 	const text = `
 |www.example.com^$dnsrewrite=127.0.0.1
 |*.example.com^$dnsrewrite=127.0.0.2
 `
 	host := "www.example.com"
 	rrtype := dns.TypeA
 	f, _ := newForTest(t, nil, []Filter{{ID: 0, Data: []byte(text)}})
 	setts := &Settings{
 		FilteringEnabled: true,
 	}
 	ufReq := &urlfilter.DNSRequest{
 		Hostname:         host,
 		SortedClientTags: setts.ClientTags,
 		ClientIP:         setts.ClientIP.String(),
 		ClientName:       setts.ClientName,
 		DNSType:          rrtype,
 	}
 	dres, matched := f.filteringEngine.MatchRequest(ufReq)
 	require.False(t, matched)
 	res := f.processDNSResultRewrites(dres, host)
 	assert.Len(t, res.Rules, 1)
 }
--- a/internal/filtering/filtering.go
+++ b/internal/filtering/filtering.go
@@ -103,9 +103,9 @@ type Config struct {
 	Rewrites []*LegacyRewrite `yaml:"rewrites"`
-	// BlockedServices is the configuration of blocked services.
+	// Names of services to block (globally).
 	// Per-client settings can override this configuration.
-	BlockedServices *BlockedServices `yaml:"blocked_services"`
+	BlockedServices []string `yaml:"blocked_services"`
 	// EtcHosts is a container of IP-hostname pairs taken from the operating
 	// system configuration files (e.g. /etc/hosts).
@@ -298,12 +298,12 @@ func (d *DNSFilter) SetEnabled(enabled bool) {
 	atomic.StoreUint32(&d.enabled, mathutil.BoolToNumber[uint32](enabled))
 }
-// Settings returns filtering settings.
+// GetConfig - get configuration
-func (d *DNSFilter) Settings() (s *Settings) {
+func (d *DNSFilter) GetConfig() (s Settings) {
 	d.confLock.RLock()
 	defer d.confLock.RUnlock()
-	return &Settings{
+	return Settings{
 		FilteringEnabled:    atomic.LoadUint32(&d.Config.enabled) != 0,
 		SafeSearchEnabled:   d.Config.SafeSearchConf.Enabled,
 		SafeBrowsingEnabled: d.Config.SafeBrowsingEnabled,
@@ -987,13 +987,16 @@ func New(c *Config, blockFilters []Filter) (d *DNSFilter, err error) {
 		return nil, fmt.Errorf("rewrites: preparing: %s", err)
 	}
-	if d.BlockedServices != nil {
+	bsvcs := []string{}
-		err = d.BlockedServices.Validate()
+	for _, s := range d.BlockedServices {
 		if !BlockedSvcKnown(s) {
 			log.Debug("skipping unknown blocked-service %q", s)
-		if err != nil {
+			continue
 			return nil, fmt.Errorf("filtering: %w", err)
 		}
 		bsvcs = append(bsvcs, s)
 	}
 	d.BlockedServices = bsvcs
 	if blockFilters != nil {
 		err = d.initFiltering(nil, blockFilters)
--- a/internal/filtering/http.go
+++ b/internal/filtering/http.go
@@ -169,7 +169,7 @@ func (d *DNSFilter) handleFilteringRemoveURL(w http.ResponseWriter, r *http.Requ
 		deleted = (*filters)[delIdx]
 		p := deleted.Path(d.DataDir)
 		err = os.Rename(p, p+".old")
-		if err != nil && !errors.Is(err, os.ErrNotExist) {
+		if err != nil {
 			log.Error("deleting filter %d: renaming file %q: %s", deleted.ID, p, err)
 			return
@@ -416,12 +416,12 @@ type checkHostResp struct {
 func (d *DNSFilter) handleCheckHost(w http.ResponseWriter, r *http.Request) {
 	host := r.URL.Query().Get("name")
-	setts := d.Settings()
+	setts := d.GetConfig()
 	setts.FilteringEnabled = true
 	setts.ProtectionEnabled = true
-	d.ApplyBlockedServices(setts)
+	d.ApplyBlockedServices(&setts, nil)
-	result, err := d.CheckHost(host, dns.TypeA, setts)
+	result, err := d.CheckHost(host, dns.TypeA, &setts)
 	if err != nil {
 		aghhttp.Error(
 			r,
@@ -555,7 +555,6 @@ func (d *DNSFilter) RegisterFilteringHandlers() {
 	registerHTTP(http.MethodGet, "/control/rewrite/list", d.handleRewriteList)
 	registerHTTP(http.MethodPost, "/control/rewrite/add", d.handleRewriteAdd)
 	registerHTTP(http.MethodPut, "/control/rewrite/update", d.handleRewriteUpdate)
 	registerHTTP(http.MethodPost, "/control/rewrite/delete", d.handleRewriteDelete)
 	registerHTTP(http.MethodGet, "/control/blocked_services/services", d.handleBlockedServicesIDs)
--- a/internal/filtering/rewrite/storage.go
+++ b/internal/filtering/rewrite/storage.go
@@ -84,7 +84,7 @@ func (s *DefaultStorage) MatchRequest(dReq *urlfilter.DNSRequest) (rws []*rules.
 		return nil
 	}
-	// TODO(a.garipov): Check cnames for cycles on initialization.
+	// TODO(a.garipov): Check cnames for cycles on initialisation.
 	cnames := stringutil.NewSet()
 	host := dReq.Hostname
 	for len(rrules) > 0 && rrules[0].DNSRewrite != nil && rrules[0].DNSRewrite.NewCNAME != "" {
--- a/internal/filtering/rewritehttp.go
+++ b/internal/filtering/rewritehttp.go
@@ -6,7 +6,6 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 	"github.com/AdguardTeam/golibs/log"
 	"golang.org/x/exp/slices"
 )
 // TODO(d.kolyshev): Use [rewrite.Item] instead.
@@ -92,62 +91,3 @@ func (d *DNSFilter) handleRewriteDelete(w http.ResponseWriter, r *http.Request)
 	d.Config.ConfigModified()
 }
 // rewriteUpdateJSON is a struct for JSON object with rewrite rule update info.
 type rewriteUpdateJSON struct {
 	Target rewriteEntryJSON `json:"target"`
 	Update rewriteEntryJSON `json:"update"`
 }
 // handleRewriteUpdate is the handler for the PUT /control/rewrite/update HTTP
 // API.
 func (d *DNSFilter) handleRewriteUpdate(w http.ResponseWriter, r *http.Request) {
 	updateJSON := rewriteUpdateJSON{}
 	err := json.NewDecoder(r.Body).Decode(&updateJSON)
 	if err != nil {
 		aghhttp.Error(r, w, http.StatusBadRequest, "json.Decode: %s", err)
 		return
 	}
 	rwDel := &LegacyRewrite{
 		Domain: updateJSON.Target.Domain,
 		Answer: updateJSON.Target.Answer,
 	}
 	rwAdd := &LegacyRewrite{
 		Domain: updateJSON.Update.Domain,
 		Answer: updateJSON.Update.Answer,
 	}
 	err = rwAdd.normalize()
 	if err != nil {
 		// Shouldn't happen currently, since normalize only returns a non-nil
 		// error when a rewrite is nil, but be change-proof.
 		aghhttp.Error(r, w, http.StatusBadRequest, "normalizing: %s", err)
 		return
 	}
 	index := -1
 	defer func() {
 		if index >= 0 {
 			d.Config.ConfigModified()
 		}
 	}()
 	d.confLock.Lock()
 	defer d.confLock.Unlock()
 	index = slices.IndexFunc(d.Config.Rewrites, rwDel.equal)
 	if index == -1 {
 		aghhttp.Error(r, w, http.StatusBadRequest, "target rule not found")
 		return
 	}
 	d.Config.Rewrites = slices.Replace(d.Config.Rewrites, index, index+1, rwAdd)
 	log.Debug("rewrite: removed element: %s -> %s", rwDel.Domain, rwDel.Answer)
 	log.Debug("rewrite: added element: %s -> %s", rwAdd.Domain, rwAdd.Answer)
 }
--- a/internal/filtering/rewritehttp_test.go
+++ b/internal/filtering/rewritehttp_test.go
@@ -1,237 +0,0 @@
 package filtering_test
 import (
 	"bytes"
 	"encoding/json"
 	"io"
 	"net/http"
 	"net/http/httptest"
 	"testing"
 	"time"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 // TODO(d.kolyshev): Use [rewrite.Item] instead.
 type rewriteJSON struct {
 	Domain string `json:"domain"`
 	Answer string `json:"answer"`
 }
 type rewriteUpdateJSON struct {
 	Target rewriteJSON `json:"target"`
 	Update rewriteJSON `json:"update"`
 }
 const (
 	// testTimeout is the common timeout for tests.
 	testTimeout = 100 * time.Millisecond
 	listURL   = "/control/rewrite/list"
 	addURL    = "/control/rewrite/add"
 	deleteURL = "/control/rewrite/delete"
 	updateURL = "/control/rewrite/update"
 	decodeErrorMsg = "json.Decode: json: cannot unmarshal string into Go value of type" +
 		" filtering.rewriteEntryJSON\n"
 )
 func TestDNSFilter_handleRewriteHTTP(t *testing.T) {
 	confModCh := make(chan struct{})
 	reqCh := make(chan struct{})
 	testRewrites := []*rewriteJSON{
 		{Domain: "example.local", Answer: "example.rewrite"},
 		{Domain: "one.local", Answer: "one.rewrite"},
 	}
 	testRewritesJSON, mErr := json.Marshal(testRewrites)
 	require.NoError(t, mErr)
 	testCases := []struct {
 		reqData     any
 		name        string
 		url         string
 		method      string
 		wantList    []*rewriteJSON
 		wantBody    string
 		wantConfMod bool
 		wantStatus  int
 	}{{
 		name:        "list",
 		url:         listURL,
 		method:      http.MethodGet,
 		reqData:     nil,
 		wantConfMod: false,
 		wantStatus:  http.StatusOK,
 		wantBody:    string(testRewritesJSON) + "\n",
 		wantList:    testRewrites,
 	}, {
 		name:        "add",
 		url:         addURL,
 		method:      http.MethodPost,
 		reqData:     rewriteJSON{Domain: "add.local", Answer: "add.rewrite"},
 		wantConfMod: true,
 		wantStatus:  http.StatusOK,
 		wantBody:    "",
 		wantList: append(
 			testRewrites,
 			&rewriteJSON{Domain: "add.local", Answer: "add.rewrite"},
 		),
 	}, {
 		name:        "add_error",
 		url:         addURL,
 		method:      http.MethodPost,
 		reqData:     "invalid_json",
 		wantConfMod: false,
 		wantStatus:  http.StatusBadRequest,
 		wantBody:    decodeErrorMsg,
 		wantList:    testRewrites,
 	}, {
 		name:        "delete",
 		url:         deleteURL,
 		method:      http.MethodPost,
 		reqData:     rewriteJSON{Domain: "one.local", Answer: "one.rewrite"},
 		wantConfMod: true,
 		wantStatus:  http.StatusOK,
 		wantBody:    "",
 		wantList:    []*rewriteJSON{{Domain: "example.local", Answer: "example.rewrite"}},
 	}, {
 		name:        "delete_error",
 		url:         deleteURL,
 		method:      http.MethodPost,
 		reqData:     "invalid_json",
 		wantConfMod: false,
 		wantStatus:  http.StatusBadRequest,
 		wantBody:    decodeErrorMsg,
 		wantList:    testRewrites,
 	}, {
 		name:   "update",
 		url:    updateURL,
 		method: http.MethodPut,
 		reqData: rewriteUpdateJSON{
 			Target: rewriteJSON{Domain: "one.local", Answer: "one.rewrite"},
 			Update: rewriteJSON{Domain: "upd.local", Answer: "upd.rewrite"},
 		},
 		wantConfMod: true,
 		wantStatus:  http.StatusOK,
 		wantBody:    "",
 		wantList: []*rewriteJSON{
 			{Domain: "example.local", Answer: "example.rewrite"},
 			{Domain: "upd.local", Answer: "upd.rewrite"},
 		},
 	}, {
 		name:        "update_error",
 		url:         updateURL,
 		method:      http.MethodPut,
 		reqData:     "invalid_json",
 		wantConfMod: false,
 		wantStatus:  http.StatusBadRequest,
 		wantBody: "json.Decode: json: cannot unmarshal string into Go value of type" +
 			" filtering.rewriteUpdateJSON\n",
 		wantList: testRewrites,
 	}, {
 		name:   "update_error_target",
 		url:    updateURL,
 		method: http.MethodPut,
 		reqData: rewriteUpdateJSON{
 			Target: rewriteJSON{Domain: "inv.local", Answer: "inv.rewrite"},
 			Update: rewriteJSON{Domain: "upd.local", Answer: "upd.rewrite"},
 		},
 		wantConfMod: false,
 		wantStatus:  http.StatusBadRequest,
 		wantBody:    "target rule not found\n",
 		wantList:    testRewrites,
 	}}
 	for _, tc := range testCases {
 		onConfModified := func() {
 			if !tc.wantConfMod {
 				panic("config modified has been fired")
 			}
 			testutil.RequireSend(testutil.PanicT{}, confModCh, struct{}{}, testTimeout)
 		}
 		t.Run(tc.name, func(t *testing.T) {
 			handlers := make(map[string]http.Handler)
 			d, err := filtering.New(&filtering.Config{
 				ConfigModified: onConfModified,
 				HTTPRegister: func(_, url string, handler http.HandlerFunc) {
 					handlers[url] = handler
 				},
 				Rewrites: rewriteEntriesToLegacyRewrites(testRewrites),
 			}, nil)
 			require.NoError(t, err)
 			t.Cleanup(d.Close)
 			d.RegisterFilteringHandlers()
 			require.NotEmpty(t, handlers)
 			require.Contains(t, handlers, listURL)
 			require.Contains(t, handlers, tc.url)
 			var body io.Reader
 			if tc.reqData != nil {
 				data, rErr := json.Marshal(tc.reqData)
 				require.NoError(t, rErr)
 				body = bytes.NewReader(data)
 			}
 			r := httptest.NewRequest(tc.method, tc.url, body)
 			w := httptest.NewRecorder()
 			go func() {
 				handlers[tc.url].ServeHTTP(w, r)
 				testutil.RequireSend(testutil.PanicT{}, reqCh, struct{}{}, testTimeout)
 			}()
 			if tc.wantConfMod {
 				testutil.RequireReceive(t, confModCh, testTimeout)
 			}
 			testutil.RequireReceive(t, reqCh, testTimeout)
 			assert.Equal(t, tc.wantStatus, w.Code)
 			respBody, err := io.ReadAll(w.Body)
 			require.NoError(t, err)
 			assert.Equal(t, []byte(tc.wantBody), respBody)
 			assertRewritesList(t, handlers[listURL], tc.wantList)
 		})
 	}
 }
 // assertRewritesList checks if rewrites list equals the list received from the
 // handler by listURL.
 func assertRewritesList(t *testing.T, handler http.Handler, wantList []*rewriteJSON) {
 	t.Helper()
 	r := httptest.NewRequest(http.MethodGet, listURL, nil)
 	w := httptest.NewRecorder()
 	handler.ServeHTTP(w, r)
 	require.Equal(t, http.StatusOK, w.Code)
 	var actual []*rewriteJSON
 	err := json.NewDecoder(w.Body).Decode(&actual)
 	require.NoError(t, err)
 	assert.Equal(t, wantList, actual)
 }
 // rewriteEntriesToLegacyRewrites gets legacy rewrites from json entries.
 func rewriteEntriesToLegacyRewrites(entries []*rewriteJSON) (rw []*filtering.LegacyRewrite) {
 	for _, entry := range entries {
 		rw = append(rw, &filtering.LegacyRewrite{
 			Domain: entry.Domain,
 			Answer: entry.Answer,
 		})
 	}
 	return rw
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Stanislav Chzhen	b34a8c169c	filtering: imp tests	2023-05-15 10:33:52 +03:00
Stanislav Chzhen	1f2ba07eae	filtering: wildcard interference	2023-05-12 12:25:33 +03:00
`@@ -1,4 +1,4 @@`
	`//go:build darwin \|\| freebsd \|\| openbsd`	`//go:build darwin`

	`package dhcpd`	`package dhcpd`
`@@ -1,4 +1,4 @@`
	`//go:build linux`	`//go:build freebsd \|\| linux \|\| openbsd`

	`package dhcpd`	`package dhcpd`