all: upd chlog

Merge in DNS/adguard-home from upd-dnsproxy-quic-fix to master

Squashed commit of the following:

commit a6ffa24769259c73e397e02d087dc155ed58a3e2
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Mon Jun 6 15:06:00 2022 +0300

    all: fix quic reply id

CHANGELOG.md

@@ -12,19 +12,52 @@ and this project adheres to
 ## [Unreleased]
 
 <!--
-## [v0.108.0] - 2022-07-01 (APPROX.)
+## [v0.108.0] - 2022-10-01 (APPROX.)
 -->
 
 ### Security
 
-- Enforced password strength policy ([#3503]).
 - Weaker cipher suites that use the CBC (cipher block chaining) mode of
   operation have been disabled ([#2993]).
 
 ### Added
 
-- Support for Discovery of Designated Resolvers (DDR) according to the 
-  [RFC draft][ddr-draft-06] ([#4463]).
+- Support for Discovery of Designated Resolvers (DDR) according to the [RFC
+  draft][ddr-draft-06] ([#4463]).
+- `windows/arm64` support ([#3057]).
+
+### Deprecated
+
+- Go 1.17 support.  v0.109.0 will require at least Go 1.18 to build.
+
+[#2993]: https://github.com/AdguardTeam/AdGuardHome/issues/2993
+[#3057]: https://github.com/AdguardTeam/AdGuardHome/issues/3057
+
+[ddr-draft-06]:   https://www.ietf.org/archive/id/draft-ietf-add-ddr-06.html
+
+
+
+<!--
+## [v0.107.8] - 2022-07-12 (APPROX.)
+-->
+
+
+
+## [v0.107.7] - 2022-06-06
+
+See also the [v0.107.7 GitHub milestone][ms-v0.107.7].
+
+### Security
+
+- Go version was updated to prevent the possibility of exploiting the
+  [CVE-2022-29526], [CVE-2022-30634], [CVE-2022-30629], [CVE-2022-30580], and
+  [CVE-2022-29804] vulnerabilities.
+- Enforced password strength policy ([#3503]).
+
+### Added
+
+- Support for the final DNS-over-QUIC standard, [RFC 9250][rfc-9250] ([#4592]).
+- Support upstreams for subdomains of a domain only ([#4503]).
 - The ability to control each source of runtime clients separately via
   `clients.runtime_sources` configuration object ([#3020]).
 - The ability to customize the set of networks that are considered private
@@ -36,12 +69,14 @@ and this project adheres to
   ([#4166]).
 - Logs are now collected by default on FreeBSD and OpenBSD when AdGuard Home is
   installed as a service ([#4213]).
-- `windows/arm64` support ([#3057]).
 
 ### Changed
 
+- On OpenBSD, the daemon script now uses the recommended `/bin/ksh` shell
+  instead of the `/bin/sh` one ([#4533]).  To apply this change, backup your
+  data and run `AdGuardHome -s uninstall && AdGuardHome -s install`.
 - The default DNS-over-QUIC port number is now `853` instead of `754` in
-  accordance with the latest [RFC draft][doq-draft-10] ([#4276]).
+  accordance with [RFC 9250][rfc-9250] ([#4276]).
 - Reverse DNS now has a greater priority as the source of runtime clients'
   information than ARP neighborhood.
 - Improved detection of runtime clients through more resilient ARP processing
@@ -96,7 +131,7 @@ In this release, the schema version has changed from 12 to 14.
   `dns.resolve_clients` property.  To rollback this change, remove the
   `runtime_sources` property, move the contents of `persistent` into the
   `clients` itself, the value of `clients.runtime_sources.rdns` into the
-  `dns.resolve_clietns`, and change the `schema_version` back to `13`.
+  `dns.resolve_clients`, and change the `schema_version` back to `13`.
 - Property `local_domain_name`, which in schema versions 12 and earlier used to
   be a part of the `dns` object, is now a part of the `dhcp` object:
 
@@ -117,20 +152,21 @@ In this release, the schema version has changed from 12 to 14.
 
 ### Deprecated
 
-- The `--no-etc-hosts` option.  Its' functionality is now controlled by
+- The `--no-etc-hosts` option.  Its functionality is now controlled by
   `clients.runtime_sources.hosts` configuration property.  v0.109.0 will remove
   the flag completely.
-- Go 1.17 support.  v0.109.0 will require at least Go 1.18 to build.
 
 ### Fixed
 
-- Slow version update queries making other HTTP APIs unresponsible ([#4499]).
+- Query log occasionally going into an infinite loop ([#4591]).
+- Service startup on boot on systems using SysV-init ([#4480]).
+- Detection of the stopped service status on macOS and Linux ([#4273]).
+- Case-sensitive ClientID ([#4542]).
+- Slow version update queries making other HTTP APIs unresponsive ([#4499]).
 - ARP tables refreshing process causing excessive PTR requests ([#3157]).
 
 [#1730]: https://github.com/AdguardTeam/AdGuardHome/issues/1730
-[#2993]: https://github.com/AdguardTeam/AdGuardHome/issues/2993
 [#3020]: https://github.com/AdguardTeam/AdGuardHome/issues/3020
-[#3057]: https://github.com/AdguardTeam/AdGuardHome/issues/3057
 [#3142]: https://github.com/AdguardTeam/AdGuardHome/issues/3142
 [#3157]: https://github.com/AdguardTeam/AdGuardHome/issues/3157
 [#3367]: https://github.com/AdguardTeam/AdGuardHome/issues/3367
@@ -142,22 +178,23 @@ In this release, the schema version has changed from 12 to 14.
 [#4213]: https://github.com/AdguardTeam/AdGuardHome/issues/4213
 [#4221]: https://github.com/AdguardTeam/AdGuardHome/issues/4221
 [#4238]: https://github.com/AdguardTeam/AdGuardHome/issues/4238
+[#4273]: https://github.com/AdguardTeam/AdGuardHome/issues/4273
 [#4276]: https://github.com/AdguardTeam/AdGuardHome/issues/4276
+[#4480]: https://github.com/AdguardTeam/AdGuardHome/issues/4480
 [#4499]: https://github.com/AdguardTeam/AdGuardHome/issues/4499
+[#4503]: https://github.com/AdguardTeam/AdGuardHome/issues/4503
+[#4533]: https://github.com/AdguardTeam/AdGuardHome/issues/4533
+[#4542]: https://github.com/AdguardTeam/AdGuardHome/issues/4542
+[#4591]: https://github.com/AdguardTeam/AdGuardHome/issues/4591
+[#4592]: https://github.com/AdguardTeam/AdGuardHome/issues/4592
 
-[ddr-draft-06]: https://www.ietf.org/archive/id/draft-ietf-add-ddr-06.html
-[doq-draft-10]: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-10#section-10.2
-[repr]:         https://reproducible-builds.org/docs/source-date-epoch/
-
-
-
-<!--
-## [v0.107.7] - 2022-05-18 (APPROX.)
-
-See also the [v0.107.7 GitHub milestone][ms-v0.107.7].
-
-[ms-v0.107.7]: https://github.com/AdguardTeam/AdGuardHome/milestone/43?closed=1
--->
+[CVE-2022-29526]: https://www.cvedetails.com/cve/CVE-2022-29526
+[CVE-2022-29804]: https://www.cvedetails.com/cve/CVE-2022-29804
+[CVE-2022-30580]: https://www.cvedetails.com/cve/CVE-2022-30580
+[CVE-2022-30629]: https://www.cvedetails.com/cve/CVE-2022-30629
+[CVE-2022-30634]: https://www.cvedetails.com/cve/CVE-2022-30634
+[ms-v0.107.7]:    https://github.com/AdguardTeam/AdGuardHome/milestone/43?closed=1
+[rfc-9250]:       https://datatracker.ietf.org/doc/html/rfc9250
 
 
 
@@ -211,6 +248,7 @@ See also the [v0.107.6 GitHub milestone][ms-v0.107.6].
 [CVE-2022-28327]: https://www.cvedetails.com/cve/CVE-2022-28327
 [dns-draft-02]:   https://datatracker.ietf.org/doc/html/draft-ietf-add-svcb-dns-02#section-5.1
 [ms-v0.107.6]:    https://github.com/AdguardTeam/AdGuardHome/milestone/42?closed=1
+[repr]:           https://reproducible-builds.org/docs/source-date-epoch/
 [svcb-draft-08]:  https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-08.html
 
 
@@ -972,11 +1010,12 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].
 
 
 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.7...HEAD
-[v0.107.7]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.6...v0.107.7
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.8...HEAD
+[v0.107.8]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.7...v0.107.8
 -->
 
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.6...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.7...HEAD
+[v0.107.7]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.6...v0.107.7
 [v0.107.6]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.5...v0.107.6
 [v0.107.5]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.4...v0.107.5
 [v0.107.4]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.3...v0.107.4

Makefile

@@ -34,8 +34,6 @@ YARN_INSTALL_FLAGS = $(YARN_FLAGS) --network-timeout 120000 --silent\
 	--ignore-engines --ignore-optional --ignore-platform\
 	--ignore-scripts
 
-V1API = 0
-
 # Macros for the build-release target.  If FRONTEND_PREBUILT is 0, the
 # default, the macro $(BUILD_RELEASE_DEPS_$(FRONTEND_PREBUILT)) expands
 # into BUILD_RELEASE_DEPS_0, and so both frontend and backend
@@ -63,7 +61,6 @@ ENV = env\
 	PATH="$${PWD}/bin:$$( "$(GO.MACRO)" env GOPATH )/bin:$${PATH}"\
 	RACE='$(RACE)'\
 	SIGN='$(SIGN)'\
-	V1API='$(V1API)'\
 	VERBOSE='$(VERBOSE)'\
 	VERSION='$(VERSION)'\
 

client/src/__locales/be.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "звычайны DNS (праз UDP, імя хаста);",
     "example_upstream_dot": "зашыфраваны <0>DNS-over-TLS</0>;",
     "example_upstream_doh": "зашыфраваны <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "зашыфраваны <0>DNS-over-QUIC (эксперыментальны)</0>;",
+    "example_upstream_doq": "зашыфраваны <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "<0>DNS Stamps</0> для <1>DNSCrypt</1> ці <2>DNS-over-HTTPS</2> рэзалвераў;",
     "example_upstream_tcp": "звычайны DNS (наўзверх TCP);",
     "example_upstream_tcp_hostname": "звычайны DNS (праз TCP, імя хаста);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Калі порт HTTPS наладжаны, ўэб-інтэрфейс адміністравання AdGuard Home будзе даступны праз HTTPS, а таксама DNS-over-HTTPS сервер будзе даступны па шляху '/dns-query'.",
     "encryption_dot": "Порт DNS-over-TLS",
     "encryption_dot_desc": "Калі гэты порт наладжаны, AdGuard Home запусціць DNS-over-TLS-сервер на гэтаму порту.",
-    "encryption_doq": "Порт DNS-over-QUIC (эксперыментальны)",
-    "encryption_doq_desc": "Калі гэты порт наладжаны, AdGuard Home запусціць сервер DNS-over-QUIC на гэтым порце. Гэта эксперыментальна і можа быць ненадзейна. Апроч таго, не так шмат кліентаў падтрымвае гэты спосаб цяпер.",
+    "encryption_doq": "Порт DNS-over-QUIC",
+    "encryption_doq_desc": "Калі гэты порт наладжаны, AdGuard Home запусціць сервер DNS-over-QUIC на гэтым порце.",
     "encryption_certificates": "Сертыфікаты",
     "encryption_certificates_desc": "Для выкарыстання шыфравання вам трэба падаць валідны ланцужок SSL-сертыфікатаў для вашага дамена. Вы можаце атрымаць дармовы сертыфікат на <0>{{link}}</0> ці вы можаце купіць яго ў аднаго з давераных Цэнтраў Сертыфікацыі.",
     "encryption_certificates_input": "Скапіюйце сюды сертыфікаты ў PEM-кадоўцы.",

client/src/__locales/cs.json

@@ -85,7 +85,7 @@
     "form_enter_hostname": "Zadejte název hostitele",
     "error_details": "Podrobnosti chyby",
     "response_details": "Detail odpovědi",
-    "request_details": "Detail požadavku",
+    "request_details": "Detaily požadavku",
     "client_details": "Detaily klienta",
     "details": "Detaily",
     "back": "Zpět",
@@ -213,7 +213,7 @@
     "example_upstream_udp": "obvyklý DNS (skrze UDP, název hostitele);",
     "example_upstream_dot": "šifrovaný <0>DNS skrze TLS</0>;",
     "example_upstream_doh": "šifrovaný <0>DNS skrze HTTPS</0>;",
-    "example_upstream_doq": "šifrovaný <0>DNS skrze QUIC</0> (experimentální);",
+    "example_upstream_doq": "šifrovaný <0>DNS skrze QUIC</0>;",
     "example_upstream_sdns": "<0>DNS razítka</0> pro <1>DNSCrypt</1> nebo <2>DNS skrze HTTPS</2> řešitele;",
     "example_upstream_tcp": "obvyklý DNS (přes TCP);",
     "example_upstream_tcp_hostname": "obvyklý DNS (skrze TCP, název hostitele);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Pokud je nakonfigurován port HTTPS, AdGuard Home administrátorské rozhraní bude přístupné přes HTTPS a bude také poskytovat DNS skrze HTTPS na '/dns-query'.",
     "encryption_dot": "DNS skrze TLS port",
     "encryption_dot_desc": "Pokud je tento port nakonfigurován, AdGuard Home bude na tomto portu spouštět DNS skrze TLS server.",
-    "encryption_doq": "Port DNS skrze QUIC (experimentální)",
-    "encryption_doq_desc": "Pokud je tento port nakonfigurován, AdGuard Home spustí na tomto portu server DNS skrze QUIC. Je to experimentální a nemusí být spolehlivé. V současnosti také není příliš mnoho klientů, kteří to podporují.",
+    "encryption_doq": "Port DNS skrze QUIC",
+    "encryption_doq_desc": "Pokud je tento port nakonfigurován, AdGuard Home bude na tomto portu spouštět DNS skrze QUIC server.",
     "encryption_certificates": "Certifikáty",
     "encryption_certificates_desc": "Chcete-li používat šifrování, musíte pro svou doménu poskytnout platný řetězec certifikátů SSL. Certifikát můžete získat bezplatně na adrese <0>{{link}}</ 0>, nebo jej můžete zakoupit od jednoho z důvěryhodných certifikačních úřadů.",
     "encryption_certificates_input": "Zde můžete nakopírovat/vložit certifikáty PEM.",

client/src/__locales/da.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "almindelig DNS (over UDP, værtsnavn);",
     "example_upstream_dot": "krypteret <0>DNS-over-TLS</0>",
     "example_upstream_doh": "krypteret <0>DNS-over-HTTPS</0>",
-    "example_upstream_doq": "krypteret <0>DNS-over-QUIC</0>(eksperimentel);",
+    "example_upstream_doq": "krypteret <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "<0>DNS Stamps</0> til <1>DNSCrypt</1> eller <2>DNS-over-HTTPS</2>-opløsere;",
     "example_upstream_tcp": "almindelig DNS (over TCP)",
     "example_upstream_tcp_hostname": "almindelig DNS (over TCP, værtsnavn);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Er HTTPS-porten opsat, vil AdGuard Home admin grænsefladen være tilgængelig via HTTPS, og den vil muliggøre DNS-over-HTTPS på '/dns-query' placeringen.",
     "encryption_dot": "DNS-over-TLS port",
     "encryption_dot_desc": "Er denne port opsat, vil AdGuard Home køre en DNS-over-TLS server på denne port.",
-    "encryption_doq": "DNS-over-QUIC port (eksperimentel)",
-    "encryption_doq_desc": "Er denne port opsat, vil AdGuard Home køre en DNS-over-QUIC server på denne port. Den er eksperimentel og er måske ikke pålidelig. Derudover understøttes den pt. heller ikke af ret mange klienter.",
+    "encryption_doq": "DNS-over-QUIC port",
+    "encryption_doq_desc": "Er denne port opsat, vil AdGuard Home køre en DNS-over-QUIC server på denne port. ",
     "encryption_certificates": "Certifikater",
     "encryption_certificates_desc": "For at kunne bruge kryptering skal du angive en gyldig SSL-certifikatkæde til dit domæne. Du kan få et gratis certifikat via <0>{{link}}</ 0>, eller du kan købe det via en af de betroede Certifikatmyndigheder.",
     "encryption_certificates_input": "Kopiér/indsæt dine PEM-kodede certifikater hér.",

client/src/__locales/de.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "normales DNS (über UDP, Hostname);",
     "example_upstream_dot": "verschlüsseltes <0>DNS-over-TLS</0>;",
     "example_upstream_doh": "verschlüsseltes <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "verschlüsseltes <0>DNS-over-QUIC</0> (experimentell);",
+    "example_upstream_doq": "verschlüsseltes <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "<0>DNS-Stempel</0> für <1>DNSCrypt</1> oder <2>DNS-over-HTTPS</2> Resolver;",
     "example_upstream_tcp": "reguläres DNS (over TCP);",
     "example_upstream_tcp_hostname": "normales DNS (über TCP, Hostname);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Wenn der HTTPS-Port konfiguriert ist, ist die AdGuard Home-Administrationsschnittstelle über HTTPS zugänglich und bietet auch DNS-over-HTTPS am Server „/dns-query“.",
     "encryption_dot": "DNS-over-TLS",
     "encryption_dot_desc": "Wenn dieser Port konfiguriert ist, führt AdGuard Home auf diesem Port einen DNS-over-TLS-Server aus.",
-    "encryption_doq": "Port für DNS-over-QUIC (experimentell)",
-    "encryption_doq_desc": "Wenn dieser Port eingerichtet ist, wird AdGuard Home einen DNS-over-QUIC-Server auf diesem Port ausführen. Es ist experimentell und möglicherweise nicht zuverlässig. Außerdem gibt es im Moment nicht allzu viele Clients, die ihn unterstützen.",
+    "encryption_doq": "Port für DNS-over-QUIC",
+    "encryption_doq_desc": "Wenn dieser Port eingerichtet ist, wird AdGuard Home einen DNS-over-QUIC-Server auf diesem Port ausführen. ",
     "encryption_certificates": "Zertifikate",
     "encryption_certificates_desc": "Um die Verschlüsselung verwenden zu können, müssen Sie eine gültige SSL-Zertifikatskette für Ihre Domain angeben. Sie können ein kostenloses Zertifikat für <0>{{link}}</0> erhalten oder es bei einer der vertrauenswürdigen Zertifizierungsstellen kaufen.",
     "encryption_certificates_input": "Kopieren Sie Ihre PEM-codierten Zertifikate und fügen Sie sie hier ein.",

client/src/__locales/en.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "regular DNS (over UDP, hostname);",
     "example_upstream_dot": "encrypted <0>DNS-over-TLS</0>;",
     "example_upstream_doh": "encrypted <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "encrypted <0>DNS-over-QUIC</0> (experimental);",
+    "example_upstream_doq": "encrypted <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "<0>DNS Stamps</0> for <1>DNSCrypt</1> or <2>DNS-over-HTTPS</2> resolvers;",
     "example_upstream_tcp": "regular DNS (over TCP);",
     "example_upstream_tcp_hostname": "regular DNS (over TCP, hostname);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "If HTTPS port is configured, AdGuard Home admin interface will be accessible via HTTPS, and it will also provide DNS-over-HTTPS on '/dns-query' location.",
     "encryption_dot": "DNS-over-TLS port",
     "encryption_dot_desc": "If this port is configured, AdGuard Home will run a DNS-over-TLS server on this port.",
-    "encryption_doq": "DNS-over-QUIC port (experimental)",
-    "encryption_doq_desc": "If this port is configured, AdGuard Home will run a DNS-over-QUIC server on this port. It's experimental and may not be reliable. Also, there are not too many clients that support it at the moment.",
+    "encryption_doq": "DNS-over-QUIC port",
+    "encryption_doq_desc": "If this port is configured, AdGuard Home will run a DNS-over-QUIC server on this port.",
     "encryption_certificates": "Certificates",
     "encryption_certificates_desc": "In order to use encryption, you need to provide a valid SSL certificates chain for your domain. You can get a free certificate on <0>{{link}}</0> or you can buy it from one of the trusted Certificate Authorities.",
     "encryption_certificates_input": "Copy/paste your PEM-encoded certificates here.",

client/src/__locales/es.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "DNS regular (mediante UDP, nombre del host).",
     "example_upstream_dot": "cifrado <0>DNS mediante TLS</0>.",
     "example_upstream_doh": "cifrado <0>DNS mediante HTTPS</0>.",
-    "example_upstream_doq": "cifrado <0>DNS mediante QUIC</0> (experimental).",
+    "example_upstream_doq": "cifrado <0>DNS mediante QUIC</0>.",
     "example_upstream_sdns": "<0>DNS Stamps</0> para <1>DNSCrypt</1> o resolutores <2>DNS mediante HTTPS</2>.",
     "example_upstream_tcp": "DNS regular (mediante TCP).",
     "example_upstream_tcp_hostname": "DNS regular (mediante TCP, nombre del host).",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Si el puerto HTTPS está configurado, la interfaz de administración de AdGuard Home será accesible a través de HTTPS, y también proporcionará DNS mediante HTTPS en la ubicación '/dns-query'.",
     "encryption_dot": "Puerto DNS mediante TLS",
     "encryption_dot_desc": "Si este puerto está configurado, AdGuard Home ejecutará un servidor DNS mediante TLS en este puerto.",
-    "encryption_doq": "Puerto DNS mediante QUIC (experimental)",
-    "encryption_doq_desc": "Si este puerto está configurado, AdGuard Home ejecutará un servidor DNS mediante QUIC en este puerto. Es experimental y puede no ser confiable. Además, no hay muchos clientes que lo soporten por el momento.",
+    "encryption_doq": "Puerto DNS mediante QUIC",
+    "encryption_doq_desc": "Si este puerto está configurado, AdGuard Home ejecutará un servidor DNS mediante QUIC en este puerto.",
     "encryption_certificates": "Certificados",
     "encryption_certificates_desc": "Para utilizar el cifrado, debes proporcionar una cadena de certificado SSL válida para tu dominio. Puedes obtener un certificado gratuito en <0>{{link}}</0> o puedes comprarlo en una de las autoridades de certificación de confianza.",
     "encryption_certificates_input": "Copia/pega aquí tu certificado codificado PEM.",

client/src/__locales/fi.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Bootstrap DNS-palvelimet",
     "bootstrap_dns_desc": "Bootstrap DNS-palvelimia käytetään ylävirroiksi määritettyjen DoH/DoT-resolvereiden IP-osoitteiden selvitykseen.",
     "local_ptr_title": "Yksityiset käänteiset DNS-palvelimet",
-    "local_ptr_desc": "DNS-palvelimet, joita AdGuard Home käyttää paikallisille PTR-pyynnöille. Näitä palvelimia käytetään yksityistä IP-osoitetta käyttävien päätelaitteiden osoitteiden, kuten \"192.168.12.34\", selvitykseen käänteisen DNS:n avulla. Jos ei käytössä, käyttää AdGuard Home käyttöjärjestelmän oletusarvoisia DNS-resolvereita, poislukien AdGuard Homen omat osoitteet.",
+    "local_ptr_desc": "DNS-palvelimet, joita AdGuard Home käyttää paikallisille PTR-kyselyille. Näitä palvelimia käytetään yksityistä IP-osoitetta käyttävien PTR-kyselyiden osoitteiden, kuten \"192.168.12.34\", selvitykseen käänteisen DNS:n avulla. Jos ei käytössä, AdGuard Home käyttää käyttöjärjestelmän oletusarvoisia DNS-resolvereita, poislukien AdGuard Homen omat osoitteet.",
     "local_ptr_default_resolver": "Oletusarvoisesti AdGuard Home käyttää seuraavia käänteisiä DNS-resolvereita: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home ei voinut määrittää tälle järjestelmälle sopivaa yksityistä käänteistä DNS-resolveria.",
     "local_ptr_placeholder": "Syötä yksi palvelimen osoite per rivi",
@@ -213,7 +213,7 @@
     "example_upstream_udp": "tavallinen DNS (UDP, isäntänimi);",
     "example_upstream_dot": "salattu <0>DNS-over-TLS</0>;",
     "example_upstream_doh": "salattu <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "salattu <0>DNS-over-QUIC</0> (kokeellinen);",
+    "example_upstream_doq": "salattu <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "<0>DNS Stamp</0> -merkinnät <1>DNSCrypt</1> tai <2>DNS-over-HTTPS</2> -resolvereille;",
     "example_upstream_tcp": "tavallinen DNS (TCP:n välityksellä);",
     "example_upstream_tcp_hostname": "tavallinen DNS (TCP, isäntänimi);",
@@ -351,7 +351,7 @@
     "install_devices_android_list_5": "Syötä \"DNS 1\" ja \"DNS 2\" -kenttiin AdGuard Home -palvelimesi osoitteet.",
     "install_devices_ios_list_1": "Napauta aloitusnäytöstä \"Asetukset\".",
     "install_devices_ios_list_2": "Valitse vasemmalta \"Wi-Fi\" (mobiiliverkolle ei ole mahdollista määrittää omaa DNS-palvelinta).",
-    "install_devices_ios_list_3": "Valitse yhdistetty verkko.",
+    "install_devices_ios_list_3": "Valitse tällä hetkellä aktiivinen verkko.",
     "install_devices_ios_list_4": "Syötä \"DNS\" -kenttään AdGuard Home -palvelimesi osoitteet.",
     "get_started": "Aloita",
     "next": "Seuraava",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Jos HTTPS-portti on määritetty, on AdGuard Homen hallintapaneeli käytettävissä HTTPS-yhteydellä ja lisäksi tämä mahdollistaa myös DNS-over-HTTPS -yhteyden '/dns-query' -kohteessa.",
     "encryption_dot": "DNS-over-TLS -portti",
     "encryption_dot_desc": "Jos portti on määritetty, AdGuard Home suorittaa DNS-over-TLS -palvelimen tässä portissa.",
-    "encryption_doq": "DNS-over-QUIC -portti (kokeellinen)",
-    "encryption_doq_desc": "Jos portti on määritetty, AdGuard Home suorittaa DNS-over-QUIC -palvelimen tässä portissa. Ominaisuus on kokeellinen, eikä välttämättä luotettava. Lisäksi tätä tukevia päätelaitteita ei vielä ole kovin paljon.",
+    "encryption_doq": "DNS-over-QUIC-portti",
+    "encryption_doq_desc": "Jos portti on määritetty, AdGuard Home suorittaa DNS-over-QUIC-palvelimen tässä portissa.",
     "encryption_certificates": "Varmenteet",
     "encryption_certificates_desc": "Salauksen käyttämiseksi, on syötettävä verkkotunnuksellesi myönnetty, aito SSL-varmenneketju. Voit hankkia ilmaisen varmenteen osoitteesta <0>{{link}}</0> tai ostaa sellaisen joltakin luotetulta varmentajalta.",
     "encryption_certificates_input": "Kopioi/liitä PEM-koodatut varmenteesi tähän.",

client/src/__locales/fr.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "DNS normal (sur UDP, nom d’hôte) ;",
     "example_upstream_dot": "<0>DNS-over-TLS</0> chiffré ;",
     "example_upstream_doh": "<0>DNS-over-HTTPS</0> chiffré ;",
-    "example_upstream_doq": "<0>DNS-over-QUIC</0> chiffré (expérimental) ;",
+    "example_upstream_doq": "<0>DNS-over-QUIC</0> chiffré;",
     "example_upstream_sdns": "vous pouvez utiliser <0>DNS Stamps</0> pour <1>DNSCrypt</1> ou les résolveurs <2>DNS_over_HTTPS</2> ;",
     "example_upstream_tcp": "DNS classique (au-dessus de TCP) ;",
     "example_upstream_tcp_hostname": "DNS normal (sur TCP, nom d’hôte) ;",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Si le port HTTPS est configuré, l'interface administrateur de AdGuard Home sera accessible via HTTPS et fournira aussi un service DNS-over-HTTPS sur l'emplacement '/dns-query'.",
     "encryption_dot": "Port DNS-over-TLS",
     "encryption_dot_desc": "Si ce port est configuré, AdGuard Home exécutera un serveur DNS-over-TLS sur ce port.",
-    "encryption_doq": "Port DNS sur QUIC (expérimental)",
-    "encryption_doq_desc": "Si ce port est configuré, AdGuard Home exécutera un serveur DNS sur QUIC sur ce port. Ceci est expérimental et possiblement pas entièrement fiable. Peu de clients le prennent en charge actuellement.",
+    "encryption_doq": "Port DNS sur QUIC",
+    "encryption_doq_desc": "Si ce port est configuré, AdGuard Home exécutera un serveur DNS sur QUIC sur ce port. ",
     "encryption_certificates": "Certificats",
     "encryption_certificates_desc": "Pour utiliser le chiffrement, vous devez fournir une chaîne de certificats SSL valide pour votre domaine. Vous pouvez en obtenir une gratuitement sur <0>{{link}}</0> ou vous pouvez en acheter une via les Autorités de Certification de confiance.",
     "encryption_certificates_input": "Copiez/coller vos certificats encodés PEM ici.",

client/src/__locales/hr.json

@@ -370,7 +370,7 @@
     "encryption_dot": "DNS-over-TLS port",
     "encryption_dot_desc": "Ako je ovaj port postavljen, AdGuard Home će pokrenuti DNS-over-TLS poslužitelj na ovom portu.",
     "encryption_doq": "DNS-over-QUIC port (eksperimentalno)",
-    "encryption_doq_desc": "Ako je ovaj port postavljen, AdGuard Home će na ovom portu pokrenuti DNS-over-QUIC poslužitelj. Eksperimentalno je i možda nije pouzdano. Također, trenutno nema previše klijenata koji to podržavaju.",
+    "encryption_doq_desc": "Ako je ovaj priključak konfiguriran, AdGuard Home će na ovom priključku pokretati DNS-over-QUIC poslužitelj.",
     "encryption_certificates": "Certifikati",
     "encryption_certificates_desc": "Da biste koristili šifriranje, za svoju domenu morate osigurati važeći lanac SSL certifikata. Besplatan certifikat možete dobiti na <0>{{link}}</0> ili ga možete kupiti od jednog od pouzdanih izdavatelja certifikata.",
     "encryption_certificates_input": "Zalijepite svoje PEM-kodirane certifikate ovdje.",
@@ -511,7 +511,7 @@
     "statistics_configuration": "Postavke statistike",
     "statistics_retention": "Spremanje statistike",
     "statistics_retention_desc": "Ako smanjite vrijednost intervala, neki će podaci biti izgubljeni",
-    "statistics_clear": " Poništi statistiku",
+    "statistics_clear": "Poništi statistiku",
     "statistics_clear_confirm": "Jeste li sigurni da želite poništiti statistiku?",
     "statistics_retention_confirm": "Jeste li sigurni da želite promijeniti zadržavanje statistike? Ako smanjite vrijednost intervala, neki će podaci biti izgubljeni",
     "statistics_cleared": "Statistika je uspješno uklonjenja",

client/src/__locales/hu.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Bootstrap DNS kiszolgálók",
     "bootstrap_dns_desc": "A Bootstrap DNS szerverek a DoH/DoT feloldók IP-címeinek feloldására szolgálnak.",
     "local_ptr_title": "Privát DNS szerverek",
-    "local_ptr_desc": "Azok a DNS szerverek, amiket az AdGuard Home a helyi PTR kérésekhez használ. Ezeket a szervereket arra használjuk, hogy reverse DNS által feloldjuk a kliensek hosztneveit privát IP címekre, például \"192.168.12.34\". Ha nincs beállítva, akkor az AdGuard Home, kivéve az ő saját címét, az operációs rendszer alapértelmezett DNS feloldók címeit fogja használni.",
+    "local_ptr_desc": "Azok a DNS szerverek, amiket az AdGuard Home a helyi PTR kérésekhez használ. ",
     "local_ptr_default_resolver": "Alapesetben az AdGuard Home a következő reverse DNS feloldókat használja: {{ip}}.",
     "local_ptr_no_default_resolver": "Az AdGuard Home nem tudta meghatározni a privát reverse DNS feloldókat ehhez a rendszerhez.",
     "local_ptr_placeholder": "Adjon meg soronként egy kiszolgáló címet",
@@ -213,7 +213,7 @@
     "example_upstream_udp": "normál DNS (UDP felett, hostnév);",
     "example_upstream_dot": "titkosított <0>DNS-over-TLS</0>;",
     "example_upstream_doh": "titkosított <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "titkosított <0>DNS-over-QUIC</0> (kísérleti);",
+    "example_upstream_doq": "titkosított <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "<0>DNS Stamps</0> a <1>DNSCrypt</1> vagy <2>DNS-over-HTTPS</2> feloldókhoz;",
     "example_upstream_tcp": "hagyományos DNS (TCP felett);",
     "example_upstream_tcp_hostname": "normál DNS (TCP felett, hostnév);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Ha a HTTPS port konfigurálva van, akkor az AdGuard Home admin felülete elérhető lesz a HTTPS-en keresztül, és ezenkívül DNS-over-HTTPS-t is biztosít a '/dns-query' helyen.",
     "encryption_dot": "DNS-over-TLS port",
     "encryption_dot_desc": "Ha ez a port be van állítva, az AdGuard Home DNS-over-TLS szerverként tud futni ezen a porton.",
-    "encryption_doq": "DNS-over-QUIC port (kísérleti)",
-    "encryption_doq_desc": "Ha ez a port be van állítva, akkor az AdGuard Home egy DNS-over-QUIC szerverként fog futni ezen a porton. Ez egy kísérleti funkció és nem biztos, hogy megbízható. Emellett nincs sok olyan kliens, ami támogatná ezt jelenleg.",
+    "encryption_doq": "DNS-over-QUIC port",
+    "encryption_doq_desc": "Ha ez a port be van állítva, akkor az AdGuard Home egy DNS-over-QUIC szerverként fog futni ezen a porton. ",
     "encryption_certificates": "Tanúsítványok",
     "encryption_certificates_desc": "A titkosítás használatához érvényes SSL tanúsítványláncot kell megadnia a domainjéhez. Ingyenes tanúsítványt kaphat a <0>{{link}}</0> webhelyen, vagy megvásárolhatja az egyik megbízható tanúsítványkibocsátó hatóságtól.",
     "encryption_certificates_input": "Másolja be ide a PEM-kódolt tanúsítványt.",

client/src/__locales/id.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "DNS biasa (lebih dari UDP, nama host);",
     "example_upstream_dot": "terenkripsi <0>DNS-over-TLS</0>;",
     "example_upstream_doh": "terenkripsi <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "terenkripsi <0>DNS-over-QUIC</0> (eksperimental);",
+    "example_upstream_doq": "terenkripsi <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "<0>Stempel DNS</0> untuk <1>DNSCrypt</1> atau pengarah <2>DNS-over-HTTPS</2>;",
     "example_upstream_tcp": "DNS reguler (melalui TCP);",
     "example_upstream_tcp_hostname": "DNS biasa (lebih dari TCP, nama host);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Jika port HTTPS dikonfigurasi, antarmuka admin Home AdGuard akan dapat diakses melalui HTTPS, dan itu juga akan memberikan DNS-over-HTTPS di lokasi '/ dns-query'.",
     "encryption_dot": "Port DNS-over-TLS",
     "encryption_dot_desc": "Jika port ini terkonfigurasi, AdGuard Home akan menjalankan server DNS-over-TLS dalam port ini",
-    "encryption_doq": "Port DNS-over-QUIC (eksperimental)",
-    "encryption_doq_desc": "Jika port ini diatur secara sepesifik, AdGuard Home akan menjalankan server DNS-lewat-QUIC pada port ini. Ini adalah eksperimental dan mungkin tidak dapat diandalkan. Juga, tidak banyak klien yang mendukungnya saat ini.",
+    "encryption_doq": "Port DNS-over-QUIC ",
+    "encryption_doq_desc": "Jika port ini diatur secara sepesifik, AdGuard Home akan menjalankan server DNS-lewat-QUIC pada port ini.",
     "encryption_certificates": "Sertifikat",
     "encryption_certificates_desc": "Untuk menggunakan enkripsi, Anda perlu memberikan rantai sertifikat SSL yang valid untuk domain Anda. Anda bisa mendapatkan sertifikat gratis di <0>{{link}}</0> atau Anda dapat membelinya dari salah satu Otoritas Sertifikat tepercaya.",
     "encryption_certificates_input": "Salin / rekatkan sertifikat PEM yang disandikan di sini.",

client/src/__locales/it.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "DNS regolare (over UDP, nome host);",
     "example_upstream_dot": "<0>DNS su TLS</0> crittografato;",
     "example_upstream_doh": "<0>DNS su HTTPS</0> crittografato;",
-    "example_upstream_doq": "<0>DNS su QUIC</0> crittografato (sperimentale);",
+    "example_upstream_doq": "<0>DNS su QUIC</0> crittografato;",
     "example_upstream_sdns": "<0>DNS Stamps</0> per <1>DNSCrypt</1> oppure i risolutori <2>DNS su HTTPS</2>;",
     "example_upstream_tcp": "DNS regolare (over TCP);",
     "example_upstream_tcp_hostname": "DNS regolare (over TCP, nome host);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Se la porta HTTPS è configurata, l'interfaccia di amministrazione di AdGuard Home sarà accessibile tramite HTTPS e fornirà anche DNS su HTTPS nella posizione \"/ dns-query\".",
     "encryption_dot": "DNS su porta TLS",
     "encryption_dot_desc": "Se questa porta è configurata, AdGuard Home eseguirà un server DNS su TLS su questa porta.",
-    "encryption_doq": "Porta DNS su QUIC (sperimentale)",
-    "encryption_doq_desc": "Se questa porta è configurata, AdGuard Home eseguirà un server DNS su porta QUIC. Questa opzione è sperimentale e potrebbe non risultare affidabile. Inoltre, al momento non sono molti i client a supportarla.",
+    "encryption_doq": "Porta DNS su QUIC",
+    "encryption_doq_desc": "Se questa porta è configurata, AdGuard Home eseguirà un server DNS su porta QUIC. ",
     "encryption_certificates": "Certificati",
     "encryption_certificates_desc": "Per utilizzare la crittografia, è necessario fornire una catena di certificati SSL valida per il proprio dominio. Puoi ottenere un certificato gratuito su <0> {{link}} </ 0> o puoi acquistarlo da una delle Autorità di certificazione attendibili.",
     "encryption_certificates_input": "Copia / incolla qui i certificati codificati PEM.",

client/src/__locales/ja.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "通常のDNS（over UDP, ホスト名）。",
     "example_upstream_dot": "暗号化されている <0>DNS-over-TLS</0>。",
     "example_upstream_doh": "暗号化されている <0>DNS-over-HTTPS</0>。",
-    "example_upstream_doq": "暗号化 <0>DNS-over-QUIC</0>（実験的）。",
+    "example_upstream_doq": "暗号化 <0>DNS-over-QUIC</0>。",
     "example_upstream_sdns": "<1>DNSCrypt</1> または <2>DNS-over-HTTPS</2> リゾルバのための <0>DNS Stamps</0>。",
     "example_upstream_tcp": "通常のDNS（over TCP）。",
     "example_upstream_tcp_hostname": "通常のDNS（over TCP, ホスト名）。",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "HTTPSポートが設定されていると、AdGuard Home 管理インターフェースはHTTPS経由でアクセス可能になり、そして「/dns-query」の場所にDNS-over-HTTPSも提供されます。",
     "encryption_dot": "DNS-over-TLS ポート",
     "encryption_dot_desc": "このポートが設定されていると、AdGuard HomeはこのポートでDNS-over-TLSサーバを実行します。",
-    "encryption_doq": "DNS-over-QUIC ポート (実験的)",
-    "encryption_doq_desc": "このポートが設定されていると、AdGuard HomeはこのポートにてDNS-over-QUICサーバーを実行します。これは実験的なものであり、頼りにならない可能性があります。また、現時点ではこのサーバーをサポートするクライアントも少ないです。",
+    "encryption_doq": "DNS-over-QUIC ポート",
+    "encryption_doq_desc": "このポートが設定されていると、AdGuard HomeはこのポートにてDNS-over-QUICサーバーを実行します。",
     "encryption_certificates": "証明書",
     "encryption_certificates_desc": "暗号化を使用するには、ドメインに有効なSSL証明書チェーンを提供する必要があります。無料の証明書は<0> {{link}} </0>で入手できます。または、信頼できる認証局のいずれかから購入することもできます。",
     "encryption_certificates_input": "ここにPEM形式の証明書をコピー／ペーストしてください。",

client/src/__locales/ko.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "일반 DNS (UDP를 통한, 호스트명);",
     "example_upstream_dot": "암호화된 <0>DNS-over-TLS</0>;",
     "example_upstream_doh": "암호화된 <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "암호화된 <0>DNS-over-QUIC</0> (실험);",
+    "example_upstream_doq": "암호화된 <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "<1>DNSCrypt</1> 또는 <2>DNS-over-HTTPS</2> 리졸버를 위한 <0>DNS 스탬프</0>;",
     "example_upstream_tcp": "일반 DNS (TCP를 통한 접속);",
     "example_upstream_tcp_hostname": "일반 DNS (TCP를 통한, 호스트명);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "HTTPS 포트가 구성되면 HTTPS를 통해 AdGuard Home 관리자 인터페이스에 액세스할 수 있으며, '/dns-query' 위치에 DNS-over-HTTPS도 제공합니다.",
     "encryption_dot": "DNS-over-TLS 포트",
     "encryption_dot_desc": "이 포트가 구성된 경우 AdGuard Home 이 포트에서 DNS-over-TLS 서버를 실행합니다.",
-    "encryption_doq": "DNS-over-QUIC 포트 (실험)",
-    "encryption_doq_desc": "이 포트가 설정된 경우 AdGuard Home은 해당 포트에서 DNS-over-QUIC 서버를 실행합니다. 이것은 실험적이며 신뢰할 수 없습니다. 또한 현재 이를 지원하는 클라이언트가 많지 않습니다.",
+    "encryption_doq": "DNS-over-QUIC 포트",
+    "encryption_doq_desc": "이 포트가 설정된 경우 AdGuard Home은 해당 포트에서 DNS-over-QUIC 서버를 실행합니다. ",
     "encryption_certificates": "인증서",
     "encryption_certificates_desc": "암호화를 사용하려면 도메인에 대해 올바른 SSL 인증서 체인을 제공해야 합니다. <0>{{link}}</0>에서 무료 증명서를 받을 수도 있고, 신뢰할 수있는 인증 기관에서 구입할 수 있습니다.",
     "encryption_certificates_input": "PEM으로 인코딩된 인증서 여기에 복사/붙여넣기하세요.",

client/src/__locales/nl.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "standaard DNS (via UDP, hostnaam);",
     "example_upstream_dot": "versleutelde <0>DNS-via-TLS</0>;",
     "example_upstream_doh": "versleutelde <0>DNS-via-HTTPS</0>;",
-    "example_upstream_doq": "versleutelde <0>DNS-via-QUIC</0> (experimenteel);",
+    "example_upstream_doq": "versleutelde <0>DNS-via-QUIC</0>;",
     "example_upstream_sdns": "<0>DNS Stamps</0> voor <1>DNSCrypt</1> of <2>DNS-via-HTTPS</2> oplossingen;",
     "example_upstream_tcp": "standaard DNS (over TCP);",
     "example_upstream_tcp_hostname": "standaard DNS (via TCP, hostnaam);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Als de HTTPS-poort is geconfigureerd, is de AdGuard Home beheerders interface toegankelijk via HTTPS en biedt deze ook DNS-via-HTTPS op de locatie '/ dns-query'.",
     "encryption_dot": "DNS-via-TLS poort",
     "encryption_dot_desc": "Indien deze poort is geconfigureerd, zal AdGuard Home gebruik maken van een DNS-via-TLS server via deze poort.",
-    "encryption_doq": "DNS-via-QUIC poort (experimenteel)",
-    "encryption_doq_desc": "Als deze poort is geconfigureerd, zal AdGuard Home een DNS-via-QUIC server gebruiken via deze poort. Dit is experimenteel en kan onbetrouwbaar zijn. Er zijn overigens nog niet veel systemen die dit nu al ondersteunen.",
+    "encryption_doq": "DNS-over-QUIC poort",
+    "encryption_doq_desc": "Als deze poort is geconfigureerd, zal AdGuard Home een DNS-via-QUIC server gebruiken via deze poort.",
     "encryption_certificates": "Certificaten",
     "encryption_certificates_desc": "Om encryptie te gebruiken, moet u een geldige SSL certificaat voor uw domein opgeven. U kunt een gratis certificaat krijgen op <0> {{link}} </0> of u kunt het kopen bij een van de vertrouwde certificaatautoriteiten.",
     "encryption_certificates_input": "Kopieër en plak je PEM-gecodeerde certificaten hier.",

client/src/__locales/no.json

@@ -199,7 +199,7 @@
     "example_upstream_regular": "vanlig DNS (over UDP)",
     "example_upstream_dot": "kryptert <0>DNS-over-TLS</0>",
     "example_upstream_doh": "kryptert <0>DNS-over-HTTPS</0>",
-    "example_upstream_doq": "kryptert <0>DNS-over-QUIC</0>",
+    "example_upstream_doq": "kryptert <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "du kan bruke <0>DNS-stempler</0> med <1>DNSCrypt</1> eller <2>DNS-over-HTTPS</2>-behandlere",
     "example_upstream_tcp": "vanlig DNS (over TCP)",
     "all_lists_up_to_date_toast": "Alle listene er allerede oppdatert",
@@ -354,8 +354,8 @@
     "encryption_https_desc": "Dersom HTTPS-porten er satt opp, vil AdGuard Home sitt admin-grensesnitt være tilgjengelig gjennom HTTPS, og vil også sørge for DNS-over-HTTPS på «/dns-query»-plasseringen.",
     "encryption_dot": "'DNS-over-TLS'-port",
     "encryption_dot_desc": "Dersom denne porten er satt opp, vil AdGuard Home kjøre en 'DNS-over-TLS'-tjener på denne porten.",
-    "encryption_doq": "'DNS-over-QUIC'-port",
-    "encryption_doq_desc": "Dersom denne porten er satt opp, vil AdGuard Home kjøre en DNS-over-QUIC-tjener på denne porten. Den er eksperimentell og vil kanskje ikke være pålitelig. I tillegg er det ikke så altfor mange klienter som støtter det for øyeblikket.",
+    "encryption_doq": "DNS-over-QUIC-port",
+    "encryption_doq_desc": "Dersom denne porten er satt opp, vil AdGuard Home kjøre en DNS-over-QUIC-tjener på denne porten. ",
     "encryption_certificates": "Sertifikater",
     "encryption_certificates_desc": "For å bruke kryptering, må du skrive inn et gyldig SSL-sertifikatkjede for domenet ditt. Du kan få et gratis sertifikat hos <0>{{link}}</0>, eller kjøpe et fra en av de troverdige sertifikatsautoritetene.",
     "encryption_certificates_input": "Kopier / lim inn dine PEM-kodede sertifikater her.",

client/src/__locales/pl.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "zwykły DNS (przez UDP, nazwa hosta);",
     "example_upstream_dot": "zaszyfrowany <0>DNS-over-TLS</0>;",
     "example_upstream_doh": "zaszyfrowany <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "zaszyfrowany <0>DNS-over-QUIC</0> (eksperymentalny);",
+    "example_upstream_doq": "zaszyfrowany <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "<0>Stempel DNS</0> dla resolwerów <1>DNSCrypt</1> lub <2>DNS-over-HTTPS</2>;",
     "example_upstream_tcp": "zwykły DNS (przez TCP);",
     "example_upstream_tcp_hostname": "zwykły DNS (przez TCP, nazwa hosta);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Jeśli port HTTPS jest skonfigurowany, interfejs administratora AdGuard Home będzie dostępny za pośrednictwem protokołu HTTPS i zapewni DNS przez HTTPS w lokalizacji zapytania '/dns-query'.",
     "encryption_dot": "Port DNS-over-TLS",
     "encryption_dot_desc": "Jeśli ten port jest skonfigurowany, AdGuard Home uruchomi serwer DNS-over-TLS na tym porcie.",
-    "encryption_doq": "Port DNS-over-QUIC (eksperymentalny)",
-    "encryption_doq_desc": "Jeśli ten port jest skonfigurowany, AdGuard Home uruchomi serwer DNS-over-QUIC na tym porcie. Jest to funkcja eksperymentalna i może nie być stabilna. Ponadto, w tej chwili nie ma zbyt wielu klientów, którzy go obsługują.",
+    "encryption_doq": "Port DNS-over-QUIC",
+    "encryption_doq_desc": "Jeśli ten port jest skonfigurowany, AdGuard Home uruchomi serwer DNS-over-QUIC na tym porcie.",
     "encryption_certificates": "Certyfikaty",
     "encryption_certificates_desc": "Aby korzystać z szyfrowania, musisz podać prawidłowy łańcuch certyfikatów SSL dla swojej domeny. Możesz uzyskać bezpłatny certyfikat na  <0>{{link}}</0> lub możesz go kupić od jednego z zaufanych urzędów certyfikacji.",
     "encryption_certificates_input": "Kopiuj/wklej tutaj swoje zakodowane certyfikaty PEM.",

client/src/__locales/pt-br.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Servidores DNS de inicialização",
     "bootstrap_dns_desc": "Servidores DNS de inicialização são usados para resolver endereços IP dos resolvedores DoH/DoT que você especifica como upstreams.",
     "local_ptr_title": "Servidores DNS reversos privados",
-    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usa para consultas PTR locais. Esses servidores são usados para resolver os nomes de host de clientes com endereços IP privados, por exemplo \"192.168.12.34\", usando DNS reverso. Se não for definido, o AdGuard Home usa os endereços dos resolvedores DNS padrão do seu sistema operacional, exceto os endereços do AdGuard Home.",
+    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usa para consultas PTR locais. Esses servidores são usados para resolver solicitações de PTR para endereços em intervalos de IP privados, por exemplo \"192.168.12.34\", usando DNS reverso. Se não estiver definido, o AdGuard Home usa os endereços dos resolvedores de DNS padrão do seu sistema operacional, exceto os endereços do próprio AdGuard Home.",
     "local_ptr_default_resolver": "Por padrão, o AdGuard Home usa os seguintes resolvedores de DNS reverso: {{ip}}.",
     "local_ptr_no_default_resolver": "A página inicial do AdGuard não conseguiu determinar resolvedores DNS reversos privados adequados para este sistema.",
     "local_ptr_placeholder": "Insira um endereço de servidor por linha",
@@ -213,7 +213,7 @@
     "example_upstream_udp": "DNS normal (através do UDP, nome do servidor);",
     "example_upstream_dot": "<0>DNS-sobre-TLS</0> criptografado;",
     "example_upstream_doh": "<0>DNS-sobre-HTTPS</0> criptografado;",
-    "example_upstream_doq": "<0>DNS-sobre-QUIC</0> criptografado (experimental);",
+    "example_upstream_doq": "<0>DNS-sobre-QUIC</0> criptografado;",
     "example_upstream_sdns": "<0>DNS Stamps</0> para o <1>DNSCrypt</1> ou usar os resolvedores <2>DNS-sobre-HTTPS</2>;",
     "example_upstream_tcp": "DNS regular (através do TCP);",
     "example_upstream_tcp_hostname": "DNS normal (através do TCP, nome do servidor);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Se a porta HTTPS estiver configurada, a interface administrativa do AdGuard Home será acessível via HTTPS e também fornecerá o DNS-sobre-HTTPS no local '/dns-query'.",
     "encryption_dot": "Porta DNS-sobre-TLS",
     "encryption_dot_desc": "Se essa porta estiver configurada, o AdGuard Home irá executar o servidor DNS-sobre- TSL nesta porta.",
-    "encryption_doq": "Porta DNS-sobre-QUIC (experimental)",
-    "encryption_doq_desc": "Se esta porta estiver configurada, o AdGuard Home executará um servidor DNS-sobre-QUIC nesta porta. É experimental e pode não ser confiável. Além disso, não há muitos clientes que ofereçam suporte no momento.",
+    "encryption_doq": "Porta DNS-sobre-QUIC",
+    "encryption_doq_desc": "Se esta porta estiver configurada, o AdGuard Home executará um servidor DNS-sobre-QUIC nesta porta. ",
     "encryption_certificates": "Certificados",
     "encryption_certificates_desc": "Para usar criptografia, você precisa fornecer uma cadeia de certificados SSL válida para seu domínio. Você pode obter um certificado gratuito em <0> {{link}}</0> ou pode comprá-lo de uma das autoridades de certificação confiáveis.",
     "encryption_certificates_input": "Copie/cole aqui seu certificado codificado em PEM.",

client/src/__locales/pt-pt.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Servidores DNS de arranque",
     "bootstrap_dns_desc": "Servidores DNS de inicialização são usados para resolver endereços IP dos resolvedores DoH/DoT que especifica como upstreams.",
     "local_ptr_title": "Servidores DNS reversos privados",
-    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usa para consultas PTR locais. Esses servidores são usados para resolver os nomes de host de clientes com endereços IP privados, por exemplo \"192.168.12.34\", usando DNS reverso. Se não for definido, o AdGuard Home usa os endereços dos resolvedores DNS padrão do seu sistema operacional, exceto os endereços do AdGuard Home.",
+    "local_ptr_desc": "Os servidores DNS que o AdGuard Home usa para consultas PTR locais. Esses servidores são usados para resolver solicitações de PTR para endereços em intervalos de IP privados, por exemplo \"192.168.12.34\", usando DNS reverso. Se não estiver definido, o AdGuard Home usa os endereços dos resolvedores de DNS padrão do seu sistema operacional, exceto os endereços do próprio AdGuard Home.",
     "local_ptr_default_resolver": "Por predefinição, o AdGuard Home usa os seguintes resolvedores de DNS reverso: {{ip}}.",
     "local_ptr_no_default_resolver": "A página inicial do AdGuard não conseguiu determinar resolvedores DNS reversos privados adequados para este sistema.",
     "local_ptr_placeholder": "Insira um endereço de servidor por linha",
@@ -213,7 +213,7 @@
     "example_upstream_udp": "DNS normal (através do UDP, nome do servidor);",
     "example_upstream_dot": "<0>DNS-sobre-TLS</0> criptografado;",
     "example_upstream_doh": "<0>DNS-sobre-HTTPS</0> criptografado;",
-    "example_upstream_doq": "<0>DNS-sobre-QUIC</0> criptografado (experimental);",
+    "example_upstream_doq": "<0>DNS-sobre-QUIC</0> criptografado;",
     "example_upstream_sdns": "<0>DNS Stamps</0> para o <1>DNSCrypt</1> ou usar os resolvedores <2>DNS-sobre-HTTPS</2>;",
     "example_upstream_tcp": "DNS regular (através do TCP);",
     "example_upstream_tcp_hostname": "DNS normal (através do TCP, nome do servidor);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Se a porta HTTPS estiver configurada, a interface administrativa do AdGuard Home será acessível via HTTPS e também fornecerá o DNS-sobre-HTTPS no local '/dns-query'.",
     "encryption_dot": "Porta DNS-sobre-TLS",
     "encryption_dot_desc": "Se essa porta estiver configurada, o AdGuard Home irá executar o servidor DNS-sobre- TSL nesta porta.",
-    "encryption_doq": "Porta DNS-sobre-QUIC (experimental)",
-    "encryption_doq_desc": "Se esta porta estiver configurada, o AdGuard Home executará um servidor DNS-sobre-QUIC nesta porta. É experimental e pode não ser confiável. Além disso, não há demasiados clientes que ofereçam suporte no momento.",
+    "encryption_doq": "Porta DNS-sobre-QUIC",
+    "encryption_doq_desc": "Se esta porta estiver configurada, o AdGuard Home executará um servidor DNS-sobre-QUIC nesta porta. ",
     "encryption_certificates": "Certificados",
     "encryption_certificates_desc": "Para usar criptografia, precisa de fornecer uma cadeia de certificados SSL válida para o seu domínio. Pode obter um certificado gratuito em <0> {{link}}</0> ou pode comprá-lo numa das autoridades de certificação confiáveis.",
     "encryption_certificates_input": "Copie/cole aqui o seu certificado codificado em PEM.",

client/src/__locales/ro.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "DNS obișnuit (over UDP, nume de gazdă);",
     "example_upstream_dot": "<0>DNS-over-TLS</0> criptat;",
     "example_upstream_doh": "<0>DNS-over-HTTPS</0> criptat;",
-    "example_upstream_doq": "<0>DNS-over-QUIC</0> criptat (experimental);",
+    "example_upstream_doq": "criptat <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "<0>DNS Stamps</0> pentru <1>DNSCrypt</1> sau rezolvatori <2>DNS-over-HTTPS</2>;",
     "example_upstream_tcp": "DNS clasic (over TCP);",
     "example_upstream_tcp_hostname": "DNS obișnuit (over TCP, nume de gazdă);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Dacă portul HTTPS este configurat, interfața administrator AdGuard Home va fi accesibilă prin HTTPS și va oferi de asemenea DNS-over-HTTPS în locația '/DNS-query'.",
     "encryption_dot": "Port DNS-over-TLS",
     "encryption_dot_desc": "Dacă acest port este configurat, AdGuard Home va rula un server DNS-over-TLS pe acest port.",
-    "encryption_doq": "Port DNS-over-QUIC (experimental)",
-    "encryption_doq_desc": "Dacă acest port este configurat, AdGuard Home va rula un server DNS-over-QUIC pe acest port. Este experimental și este posibil să nu fie fiabil. De asemenea, nu există prea mulți clienți care să-l susțină în acest moment.",
+    "encryption_doq": "Portul DNS-over-QUIC",
+    "encryption_doq_desc": "Dacă este configurat acest port, AdGuard Home va rula un server DNS-over-QUIC pe acest port.",
     "encryption_certificates": "Certificate",
     "encryption_certificates_desc": "Pentru a utiliza criptarea, trebuie furnizate o serie de certificate SSL valabile pentru domeniul dvs.. Puteți obține un certificat gratuit pe <0>{{link}}</0> sau îl puteți cumpăra de la una din Autoritățile Certificate de încredere.",
     "encryption_certificates_input": "Copiați/lipiți certificatele dvs. PEM-codate aici.",

client/src/__locales/ru.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "обычный DNS (поверх UDP, с именем хоста);",
     "example_upstream_dot": "зашифрованный <0>DNS-over-TLS</0>;",
     "example_upstream_doh": "зашифрованный <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "зашифрованный <0>DNS-over-QUIC</0> (эксперементальный);",
+    "example_upstream_doq": "зашифрован <0>DNS-over-QUIC</0>",
     "example_upstream_sdns": "<0>DNS Stamps</0> для <1>DNSCrypt</1> или <2>DNS-over-HTTPS</2> серверов;",
     "example_upstream_tcp": "обычный DNS (поверх TCP);",
     "example_upstream_tcp_hostname": "обычный DNS (поверх TCP, с именем хоста);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Если порт HTTPS настроен, веб-интерфейс администрирования AdGuard Home будет доступен через HTTPS, а также DNS-over-HTTPS сервер будет доступен по пути '/dns-query'.",
     "encryption_dot": "Порт DNS-over-TLS",
     "encryption_dot_desc": "Если этот порт настроен, AdGuard Home запустит DNS-over-TLS-сервер на этому порту.",
-    "encryption_doq": "Порт DNS-over-QUIC (экспериментальный)",
-    "encryption_doq_desc": "Если этот порт настроен, AdGuard Home запустит сервер DNS-over-QUIC на этом порте. Это экспериментально и может быть ненадёжно. Кроме того, не так много клиентов поддерживает этот способ в настоящий момент.",
+    "encryption_doq": "Порт DNS-over-QUIC",
+    "encryption_doq_desc": "Если этот порт настроен, AdGuard Home запустит сервер DNS-over-QUIC на этом порте.",
     "encryption_certificates": "Сертификаты",
     "encryption_certificates_desc": "Для использования шифрования вам необходимо предоставить корректную цепочку SSL-сертификатов для вашего домена. Вы можете получить бесплатный сертификат на <0>{{link}}</0> или вы можете купить его у одного из доверенных Центров Сертификации.",
     "encryption_certificates_input": "Скопируйте сюда сертификаты в PEM-кодировке.",

client/src/__locales/sk.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "štandardné DNS (cez UDP, hostname);",
     "example_upstream_dot": "šifrované <0>DNS-over-TLS</0>;",
     "example_upstream_doh": "šifrované <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "šifrované <0>DNS-over-QUIC</0> (experimentálne);",
+    "example_upstream_doq": "šifrované <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "<0>DNS pečiatky</0> pre <1>DNSCrypt</1> alebo <2>DNS-over-HTTPS</2> rezolvery;",
     "example_upstream_tcp": "obyčajná DNS (cez TCP);",
     "example_upstream_tcp_hostname": "štandardné DNS (cez TCP, hostname);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Ak je nakonfigurovaný HTTPS port, AdGuard Home administrátorské rozhranie bude prístupné cez HTTPS a bude tiež poskytovať DNS-cez-HTTPS na '/dns-query'.",
     "encryption_dot": "Port DNS-cez-TLS",
     "encryption_dot_desc": "Ak je tento port nakonfigurovaný, AdGuard Home bude na tomto porte spúšťať DNS-cez-TLS server.",
-    "encryption_doq": "DNS-over-QUIC (experimentálne)",
-    "encryption_doq_desc": "Ak je tento port nakonfigurovaný, AdGuard Home na tomto porte spustí server DNS-over-QUIC. Je to experimentálne a nemusí to byť spoľahlivé. Momentálne tiež nie je príliš veľa klientov, ktorí by ju podporovali.",
+    "encryption_doq": "Port DNS-cez-QUIC",
+    "encryption_doq_desc": "Ak je tento port nakonfigurovaný, AdGuard Home na tomto porte spustí server DNS-over-QUIC. ",
     "encryption_certificates": "Certifikáty",
     "encryption_certificates_desc": "Ak chcete používať šifrovanie, musíte pre svoju doménu poskytnúť platný reťazec certifikátov SSL. Certifikát môžete získať bezplatne na adrese <0>{{link}}</0> alebo si ho môžete kúpiť od jedného z dôveryhodných certifikačných orgánov.",
     "encryption_certificates_input": "Skopírujte alebo prilepte sem certifikáty vo formáte PEM.",

client/src/__locales/sl.json

@@ -9,7 +9,7 @@
     "bootstrap_dns": "Zagonski DNS strežniki",
     "bootstrap_dns_desc": "Zagonski DNS strežniki se uporabljajo za razreševanje IP naslovov DoH/DoT reševalcev, ki jih določite kot navzgornje.",
     "local_ptr_title": "Zasebni povratni strežniki DNS",
-    "local_ptr_desc": "Strežniki DNS, ki jih AdGuard Home uporablja za lokalne poizvedbe PTR. Ti strežniki se uporabljajo za razreševanje imen gostiteljev z zasebnimi naslovi IP, na primer \"192.168.12.34\" uporablja DNS. Če ni nastavljen, uporablja naslove privzetih razreševalnikov DNS vašega OS, razen naslovov samega AdGuard Home.",
+    "local_ptr_desc": "Strežniki DNS, ki jih AdGuard Home uporablja za lokalne PTR poizvedbe. Ti strežniki se uporabljajo za reševanje zahtev PTR za naslove v zasebnih obsegih IP, na primer \"192.168.12.34\", z uporabo obratnega DNS. Če ni nastavljen, AdGuard Home uporablja naslove privzetih razreševalnikov DNS vašega OS, razen naslovov samega AdGuard Home.",
     "local_ptr_default_resolver": "AdGuard Home privzeto uporablja te povratne razreševalnike DNS: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home ni mogel določiti ustreznih zasebnih povratnih reševalcev DNS za ta sistem.",
     "local_ptr_placeholder": "V vrstico vnesite en naslov strežnika",
@@ -213,7 +213,7 @@
     "example_upstream_udp": "redni DNS (nad UDP, ime gostitelja);",
     "example_upstream_dot": "šifriran <0>DNS-prek-TLS</0>;",
     "example_upstream_doh": "šifriran <0>DNS-prek-HTTPS</0>;",
-    "example_upstream_doq": "šifriran <0>DNS-prek-QUIC</0> (eksperimentalno);",
+    "example_upstream_doq": "šifriran <0>DNS-prek-QUIC</0>;",
     "example_upstream_sdns": "lahko uporabite <0>DNS Žige</0> za reševalce <1>DNSCrypt</1> ali <2>DNS-prek-HTTPS</2>;",
     "example_upstream_tcp": "redni DNS (nad TCP);",
     "example_upstream_tcp_hostname": "redni DNS (nad TCP, ime gostitelja);",
@@ -351,7 +351,7 @@
     "install_devices_android_list_5": "Spremeni nastavitev vrednosti DNS 1 in DNS 2 na naslove strežnikov AdGuard Home.",
     "install_devices_ios_list_1": "Na začetnem zaslonu izberite Nastavitve.",
     "install_devices_ios_list_2": "V levem meniju izberite Wi-Fi (nemogoče je konfigurirati DNS za mobilna omrežja).",
-    "install_devices_ios_list_3": "Dotaknite se imena trenutno aktivnega omrežja.",
+    "install_devices_ios_list_3": "Tapnite na ime trenutno aktivnega omrežja.",
     "install_devices_ios_list_4": "V polje DNS vnesite vaše naslove AdGuard Home strežnika.",
     "get_started": "Začnimo",
     "next": "Naprej",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Če so vrata HTTPS konfigurirana, bo skrbniški vmesnik AdGuard Home dostopen prek protokola HTTPS, prav tako pa bo zagotovil DNS-prek-HTTPS na mestu '/dns-query'.",
     "encryption_dot": "Vrata DNS-prek-TLS",
     "encryption_dot_desc": "Če so ta vrata konfigurirana, bo AdGuard Home na teh vratih zagnal DNS-prek-TLS strežnika.",
-    "encryption_doq": "DNS-prek-vrat QUIC (eksperimentalno)",
-    "encryption_doq_desc": "Če so nastavljena ta vrata bo AdGuard Home na teh vratih zagnal strežnik DNS-prek-QUIC. To je eksperimentalno in morda ni zanesljivo. Prav tako trenutno ni preveč odjemalcev, ki to podpirajo.",
+    "encryption_doq": "DNS-prek-vrat QUIC",
+    "encryption_doq_desc": "Če so nastavljena ta vrata bo AdGuard Home na teh vratih zagnal strežnik DNS-prek-QUIC. ",
     "encryption_certificates": "Digitalna potrdila",
     "encryption_certificates_desc": "Za uporabo šifriranja morate za svojo domeno zagotoviti veljavno verigo potrdil SSL. Brezplačno digitalno potrdilo lahko dobite na <0>{{link}}</0> ali pa ga kupite pri enem od   zaupanja vrednih overiteljev.\n\n",
     "encryption_certificates_input": "Tukaj kopirajte/prilepite PEM šifrirana digitalna potrdila.",

client/src/__locales/sr-cs.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "uobičajen DNS (preko UDP, imena domaćina);",
     "example_upstream_dot": "šifrovano <0>DNS-over-TLS</0>;",
     "example_upstream_doh": "šifrovano <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "šifrovano <0>DNS-over-QUIC</0> (eksperimentalno);",
+    "example_upstream_doq": "šifrovano <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "<0>DNS brojeve</0> za <1>DNSCrypt</1> ili <2>DNS-over-HTTPS</2> razrešivače;",
     "example_upstream_tcp": "uobičajeni DNS (preko TCP);",
     "example_upstream_tcp_hostname": "uobičajen DNS (preko TCP, imena domaćina);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Ako je HTTPS port konfigurisan, AdGuard Home administratorskom okruženju će se moći pristupati preko HTTPS, a to će takođe omogućiti DNS-over-HTTPS na '/dns-query' lokaciji.",
     "encryption_dot": "DNS-over-TLS port",
     "encryption_dot_desc": "Ako je ovaj port konfigurisan, AdGuard Home će pokretati DNS-over-TLS server na ovom portu.",
-    "encryption_doq": "DNS-over-QUIC port (eksperimentalno)",
-    "encryption_doq_desc": "Ako je ovaj port konfigurisan, AdGuard Home će pokrenuti DNS-over-QUIC server na tom portu. To je eksperiment i možda neće biti stabilno. Takođe, u ovom trenutku ne postoji puno klijenata koji ovo podržavaju.",
+    "encryption_doq": "DNS-over-QUIC port",
+    "encryption_doq_desc": "Ako je ovaj port konfigurisan, AdGuard Home će pokrenuti DNS-over-QUIC server na tom portu.",
     "encryption_certificates": "Sertifikati",
     "encryption_certificates_desc": "Da biste koristili šifrovanje, morate obezbediti važeći lanac SSL sertifikata za vaš domen. Besplatan sertifikat možete nabaviti na <0>{{link}}</0> ili ga možete kupiti od nekog od pouzdanih izdavalaca sertifikata.",
     "encryption_certificates_input": "Kopirajte/nalepite vaše PEM-kodirane sertifikate ovde.",

client/src/__locales/sv.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "vanlig DNS (över UDP, värdnamn);",
     "example_upstream_dot": "krypterat <0>DNS-over-TLS</0>",
     "example_upstream_doh": "krypterat <0>DNS-over-HTTPS</0>",
-    "example_upstream_doq": "krypterat <0>DNS-over-QUIC</0> (experimentell);",
+    "example_upstream_doq": "krypterat <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "Du kan använda <0>DNS-stamps</0> för <1>DNSCrypt</1> eller <2>DNS-over-HTTPS</2>-resolvers",
     "example_upstream_tcp": "vanlig DNS (över UDP)",
     "example_upstream_tcp_hostname": "vanlig DNS (över TCP, värdnamn);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Om en HTTPS-port är inställd kommer gränssnittet till AdGuard Home administrering att kunna nås via HTTPS och kommer också att erbjuda DNS-over-HTTPS på '/dns-query' plats.",
     "encryption_dot": "DNS-över-TLS port",
     "encryption_dot_desc": "Om den här porten ställs in kommer AdGuard Home att använda DNS-over-TLS-server på porten.",
-    "encryption_doq": "DNS-over-QUIC port (experimentell)",
-    "encryption_doq_desc": "Om denna port är konfigurerad kommer AdGuard Home att köra en DNS-over-QUIC-server på denna port. Det är experimentellt och kanske inte är tillförlitligt. Dessutom finns det inte så många klienter som stödjer det för tillfället.",
+    "encryption_doq": "DNS-over-QUIC port",
+    "encryption_doq_desc": "Om denna port är konfigurerad kommer AdGuard Home att köra en DNS-over-QUIC-server på denna port. ",
     "encryption_certificates": "Certifikat",
     "encryption_certificates_desc": "För att använda kryptering måste du ange ett giltigt SSL-certifikat för din domän. Du kan skaffa ett certifikat gratis på <0>{{link}}</0> eller köpa ett från någon av de godkända certifikatutfärdare.",
     "encryption_certificates_input": "Kopiera/klistra in dina PEM-kodade certifikat här.",

client/src/__locales/tr.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "normal DNS (UDP üzerinden, ana makine adı);",
     "example_upstream_dot": "şifrelenmiş <0>DNS-over-TLS</0>;",
     "example_upstream_doh": "şifrelenmiş <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "şifrelenmiş <0>DNS-over-QUIC</0> (deneysel);",
+    "example_upstream_doq": "şifrelenmiş <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "<1>DNSCrypt</1> veya <2>DNS-over-HTTPS</2> çözümleyicileri için <0>DNS Damgaları</0>;",
     "example_upstream_tcp": "normal DNS (TCP üzerinden);",
     "example_upstream_tcp_hostname": "normal DNS (TCP üzerinden, ana makine adı);",
@@ -336,16 +336,16 @@
     "install_devices_router_list_4": "Bazı yönlendirici türlerinde özel bir DNS sunucusu ayarlanamaz. Bu durumda, AdGuard Home'u <0>DHCP sunucusu</0> olarak ayarlamak yardımcı olabilir. Aksi takdirde, yönlendirici modeliniz için DNS sunucularını nasıl ayarlayacağınız konusunda yönlendirici kılavuzuna bakmalısınız.",
     "install_devices_windows_list_1": "Başlat menüsünden veya Windows araması aracılığıyla Denetim Masası'nı açın.",
     "install_devices_windows_list_2": "Ağ ve İnternet kategorisine girin ve ardından Ağ ve Paylaşım Merkezi'ne girin.",
-    "install_devices_windows_list_3": "Sol panelde \"Bağdaştırıcı ayarlarını değiştirin'e\" tıklayın.",
+    "install_devices_windows_list_3": "Sol panelde \"Bağdaştırıcı ayarlarını değiştirin\" öğesine tıklayın.",
     "install_devices_windows_list_4": "Kullandığınız aktif bağlantının üzerine sağ tıklayın ve Özellikler öğesine tıklayın.",
-    "install_devices_windows_list_5": "Listede \"İnternet Protokolü Sürüm 4 (TCP/IPv4)\" (veya IPv6 için \"İnternet Protokolü Sürüm 6 (TCP/IPv6)\") öğesini bulun, seçin ve ardından tekrar Özellikler'e tıklayın.",
+    "install_devices_windows_list_5": "Listede \"İnternet Protokolü Sürüm 4 (TCP/IPv4)\" (veya IPv6 için \"İnternet Protokolü Sürüm 6 (TCP/IPv6)\") öğesini bulun, seçin ve ardından tekrar Özellikler öğesine tıklayın.",
     "install_devices_windows_list_6": "\"Aşağıdaki DNS sunucu adreslerini kullan\"ı seçin ve AdGuard Home sunucu adreslerinizi girin.",
-    "install_devices_macos_list_1": "Apple simgesine tıklayın ve Sistem Tercihleri'ne gidin.",
-    "install_devices_macos_list_2": "Ağ'a tıklayın.",
+    "install_devices_macos_list_1": "Apple simgesine tıklayın ve Sistem Tercihleri öğesine gidin.",
+    "install_devices_macos_list_2": "Ağ öğesine tıklayın.",
     "install_devices_macos_list_3": "Listedeki ilk bağlantıyı seçin ve Gelişmiş öğesine tıklayın.",
     "install_devices_macos_list_4": "DNS sekmesini seçin ve AdGuard Home sunucunuzun adreslerini girin.",
     "install_devices_android_list_1": "Android Menüsü ana ekranından Ayarlar'a dokunun.",
-    "install_devices_android_list_2": "Menüde bulunan Wi-Fi seçeneğine dokunun. Mevcut tüm ağlar listelenecektir (mobil ağlar için özel DNS sunucusu ayarlanamaz).",
+    "install_devices_android_list_2": "Menüde bulunan Wi-Fi öğesine dokunun. Mevcut tüm ağlar listelenecektir (mobil ağlar için özel DNS sunucusu ayarlanamaz).",
     "install_devices_android_list_3": "Bağlı olduğunuz ağın üzerine basılı tutun ve Ağı Değiştir'e dokunun.",
     "install_devices_android_list_4": "Bazı cihazlarda, diğer ayarları görmek için \"Gelişmiş\" seçeneğini seçmeniz gerekebilir. Android DNS ayarlarınızı yapmak için IP ayarlarını DHCP modundan Statik moda almanız gerekecektir.",
     "install_devices_android_list_5": "DNS 1 ve DNS 2 değerlerini AdGuard Home sunucunuzun adresleriyle değiştirin.",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "HTTPS bağlantı noktası yapılandırılırsa, AdGuard Home yönetici arayüzüne HTTPS aracılığıyla erişilebilir olacak ve ayrıca '/dns-query' üzerinden DNS-over-HTTPS bağlantısı sağlayacaktır.",
     "encryption_dot": "DNS-over-TLS bağlantı noktası",
     "encryption_dot_desc": "Bu bağlantı noktası yapılandırılırsa, AdGuard Home, DNS-over-TLS sunucusunu bu bağlantı noktası üzerinden çalıştıracaktır.",
-    "encryption_doq": "DNS-over-QUIC bağlantı noktası (deneysel)",
-    "encryption_doq_desc": "Bu bağlantı noktası yapılandırılırsa, AdGuard Home, DNS-over-QUIC sunucusunu bu bağlantı noktası üzerinden çalıştıracaktır. Bu özellik deneme aşamasındadır ve güvenilir olmayabilir. Ayrıca, şu anda bu özelliği destekleyen çok fazla istemci yok.",
+    "encryption_doq": "DNS-over-QUIC bağlantı noktası",
+    "encryption_doq_desc": "Bu bağlantı noktası yapılandırılırsa, AdGuard Home, bu bağlantı noktasında bir DNS-over-QUIC sunucusu çalıştıracaktır.",
     "encryption_certificates": "Sertifikalar",
     "encryption_certificates_desc": "Şifrelemeyi kullanmak için alan adınıza geçerli bir SSL sertifika zinciri sağlamanız gerekir. <0>{{link}}</0> adresinden ücretsiz bir sertifika alabilir veya güvenilir Sertifika Yetkililerinden satın alabilirsiniz.",
     "encryption_certificates_input": "PEM biçimindeki sertifikalarınızı kopyalayıp buraya yapıştırın.",
@@ -453,7 +453,7 @@
     "setup_dns_privacy_2": "<0>DNS-over-HTTPS:</0> <1>{{address}}</1> dizesini kullan.",
     "setup_dns_privacy_3": "<0>İşte, kullanabileceğiniz yazılımların bir listesi.</0>",
     "setup_dns_privacy_4": "Bir iOS 14 veya macOS Big Sur cihazında, DNS ayarlarına <highlight>DNS-over-HTTPS</highlight> veya <highlight>DNS-over-TLS</highlight> sunucuları ekleyen özel '.mobileconfig' dosyasını indirebilirsiniz.",
-    "setup_dns_privacy_android_1": "Android 9, yerel olarak DNS-over-TLS protokolünü destekler. Yapılandırmak için Ayarlar → Ağ ve İnternet → Gelişmiş → Özel DNS seçeneğine gidin ve alan adınızı girin.",
+    "setup_dns_privacy_android_1": "Android 9, yerel olarak DNS-over-TLS protokolünü destekler. Yapılandırmak için Ayarlar → Ağ ve İnternet → Gelişmiş → Özel DNS öğesine gidin ve alan adınızı girin.",
     "setup_dns_privacy_android_2": "<0>Android için AdGuard</0>, <1>DNS-over-HTTPS</1> ve <1>DNS-over-TLS</1> protokolünü destekler.",
     "setup_dns_privacy_android_3": "<0>Intra</0> Android'e <1>DNS-over-HTTPS</1> protokol desteğini ekler.",
     "setup_dns_privacy_ios_1": "<0>DNSCloak</0>, <1>DNS-over-HTTPS</1> protokolünü destekler, ancak kendi sunucunuzu kullanacak şekilde yapılandırmak için bir <2>DNS Damgası</2> oluşturmanız gerekir.",

client/src/__locales/uk.json

@@ -7,16 +7,16 @@
     "load_balancing": "Балансування навантаження",
     "load_balancing_desc": "Запитувати один сервер за раз. AdGuard Home використовуватиме зважений випадковий алгоритм для вибору сервера, щоб найшвидший сервер використовувався частіше.",
     "bootstrap_dns": "Bootstrap DNS-сервери",
-    "bootstrap_dns_desc": "Bootstrap DNS-сервери використовуються для пошуку IP-адреси DoH/DoT серверів, які ви встановили.",
+    "bootstrap_dns_desc": "Bootstrap DNS-сервери використовуються для вирішення IP-адрес встановлених серверів DoH/DoT.",
     "local_ptr_title": "Приватні сервери для зворотного DNS",
-    "local_ptr_desc": "DNS-сервери, які AdGuard Home використовує для локальних PTR-запитів. Ці сервери, використовуючи rDNS, використовуються для отримання доменних імен клієнтів у приватних мережах, наприклад, «192.168.12.34». Якщо список порожній, буде використовуватись системний DNS-сервер.",
-    "local_ptr_default_resolver": "AdGuard Home усталено використовує такі зворотні DNS-резолвери: {{ip}}.",
-    "local_ptr_no_default_resolver": "AdGuard Home не зміг визначити приватні реверсивні DNS-резолвери, що були б придатними для цієї системи.",
+    "local_ptr_desc": "DNS-сервери, які AdGuard Home використовує для локальних PTR-запитів. Ці сервери використовуються для вирішення PTR-запитів для адрес у приватних мережах, наприклад, «192.168.12.34». Якщо список порожній, AdGuard Home буде усталено використовувати системний DNS-сервер.",
+    "local_ptr_default_resolver": "Стандартно AdGuard Home користується такими зворотними DNS-вирішувачами: {{ip}}.",
+    "local_ptr_no_default_resolver": "AdGuard Home не зміг визначити приватні зворотні DNS-вирішувачі, які підійшли б для цієї системи.",
     "local_ptr_placeholder": "Вводьте одну адресу на рядок",
-    "resolve_clients_title": "Увімкнути запитування доменних імен для IP-адрес клієнтів",
+    "resolve_clients_title": "Увімкнути зворотне вирішення IP-адрес клієнтів",
     "resolve_clients_desc": "Визначати доменні імена клієнтів за допомогою PTR-запитів до відповідних серверів — приватних DNS-серверів для локальних клієнтів та upstream-серверів для клієнтів з публічними IP-адресами.",
     "use_private_ptr_resolvers_title": "Використовувати приватні зворотні DNS-резолвери",
-    "use_private_ptr_resolvers_desc": "Надсилати зворотні DNS-запити до вказаних серверів для клієнтів, що обслуговуються локально. Якщо вимкнено, AdGuard Home буде відповідати NXDOMAIN на всі такі PTR-запити, окрім запитів про клієнтів, що уже відомі по DHCP, /etc/hosts тощо.",
+    "use_private_ptr_resolvers_desc": "Надсилати зворотні DNS-запити до вказаних серверів для клієнтів, що обслуговуються локально. Якщо вимкнено, AdGuard Home буде відповідати NXDOMAIN на всі такі PTR-запити, окрім запитів про клієнтів, що уже відомі завдяки DHCP, /etc/hosts тощо.",
     "check_dhcp_servers": "Перевірити DHCP-сервери",
     "save_config": "Зберегти конфігурацію",
     "enabled_dhcp": "DHCP-сервер увімкнено",
@@ -60,7 +60,7 @@
     "dhcp_form_range_end": "Кінець діапазону",
     "dhcp_form_lease_title": "Час оренди DHCP (в секундах)",
     "dhcp_form_lease_input": "Тривалість оренди",
-    "dhcp_interface_select": "Оберіть інтерфейс DHCP",
+    "dhcp_interface_select": "Вибрати DHCP-інтерфейс",
     "dhcp_hardware_address": "Апаратна адреса",
     "dhcp_ip_addresses": "IP-адреси",
     "ip": "IP",
@@ -117,11 +117,11 @@
     "stats_adult": "Заблоковано вебсайтів для дорослих",
     "stats_query_domain": "Найчастіші запити доменів",
     "for_last_24_hours": "за останні 24 години",
-    "for_last_days": "за останній день",
+    "for_last_days": "за останній {{count}} день",
     "for_last_days_plural": "за останні {{count}} днів",
     "stats_disabled": "Статистику вимкнено. Ви можете увімкнути її на <0>сторінці налаштувань</0>.",
     "stats_disabled_short": "Статистику вимкнено",
-    "no_domains_found": "Доменів не знайдено",
+    "no_domains_found": "Не знайдено жодного домену",
     "requests_count": "Кількість запитів",
     "top_blocked_domains": "Найчастіше блоковані домени",
     "top_clients": "Найактивніші клієнти",
@@ -131,7 +131,7 @@
     "number_of_dns_query_days_plural": "Кількість DNS-запитів, оброблених за останні {{count}} днів",
     "number_of_dns_query_24_hours": "Кількість DNS-запитів, оброблених за останні 24 години",
     "number_of_dns_query_blocked_24_hours": "Кількість DNS-запитів, заблокованих фільтрами і списками блокування hosts",
-    "number_of_dns_query_blocked_24_hours_by_sec": "Кількість DNS-запитів, заблокованих модулем безпеки перегляду AdGuard",
+    "number_of_dns_query_blocked_24_hours_by_sec": "Кількість DNS-запитів, заблокованих модулем «Безпека перегляду» AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "Кількість заблокованих вебсайтів для дорослих",
     "enforced_save_search": "Примусовий безпечний пошук",
     "number_of_dns_query_to_safe_search": "Кількість DNS-запитів до пошукових систем, для яких примусово застосований безпечний пошук",
@@ -139,10 +139,10 @@
     "average_processing_time_hint": "Середній час обробки DNS запиту в мілісекундах",
     "block_domain_use_filters_and_hosts": "Блокування доменів за допомогою фільтрів та hosts-файлів",
     "filters_block_toggle_hint": "Ви можете налаштувати правила блокування в розділі <a>Фільтри</a>.",
-    "use_adguard_browsing_sec": "Використовувати Безпечну навігацію AdGuard",
-    "use_adguard_browsing_sec_hint": "AdGuard Home перевірятиме, чи додано домен до списку веб-служби безпечного перегляду браузера. Він використовуватиме API для перевірки — на сервер надсилається лише короткий префікс хешу SHA256 доменного імені.",
-    "use_adguard_parental": "Використовувати вебсервіс Батьківського контролю AdGuard",
-    "use_adguard_parental_hint": "AdGuard Home перевірить, чи містить домен матеріали для дорослих. Він використовує то же API, що й Безпечна навігація AdGuard.",
+    "use_adguard_browsing_sec": "Використовувати вебслужбу «Безпека перегляду» AdGuard",
+    "use_adguard_browsing_sec_hint": "AdGuard Home перевірятиме, чи підлягає домен блокуванню завдяки вебслужбі «Безпека перегляду». Для перевірки буде використано безпечний API — на сервер надсилається лише короткий префікс хешу SHA256 доменного імені.",
+    "use_adguard_parental": "Використовувати вебслужбу «Батьківський контроль» AdGuard",
+    "use_adguard_parental_hint": "AdGuard Home перевірить, чи містить домен матеріали для дорослих. Буде використано той же безпечний API, що й для «Безпеки перегляду» AdGuard.",
     "enforce_safe_search": "Використовувати Безпечний пошук",
     "enforce_save_search_hint": "AdGuard Home може примусово застосовувати безпечний пошук в таких пошукових системах: Google, YouTube, Bing, DuckDuckGo, Yandex, Pixabay.",
     "no_servers_specified": "Сервери не вказано",
@@ -165,8 +165,8 @@
     "enabled_filtering_toast": "Фільтрування увімкнено",
     "disabled_safe_browsing_toast": "Безпечний перегляд вимкнено",
     "enabled_safe_browsing_toast": "Безпечний перегляд увімкнено",
-    "disabled_parental_toast": "Батьківський контроль вимкнено",
-    "enabled_parental_toast": "Батьківський контроль увімкнено",
+    "disabled_parental_toast": "«Батьківський контроль» вимкнено",
+    "enabled_parental_toast": "«Батьківський контроль» увімкнено",
     "disabled_safe_search_toast": "Безпечний пошук вимкнено",
     "enabled_save_search_toast": "Безпечний пошук увімкнено",
     "enabled_table_header": "Увімкнено",
@@ -193,7 +193,7 @@
     "edit_blocklist": "Змінити список блокування",
     "edit_allowlist": "Змінити список дозволів",
     "choose_blocklist": "Виберіть списки блокування",
-    "choose_allowlist": "Обрати списки дозволених сайтів",
+    "choose_allowlist": "Виберіть списки дозволів",
     "enter_valid_blocklist": "Введіть дійсну URL-адресу в список блокування.",
     "enter_valid_allowlist": "Введіть дійсну URL-адресу в список дозволів.",
     "form_error_url_format": "Неправильний формат URL",
@@ -213,8 +213,8 @@
     "example_upstream_udp": "звичайний DNS (поверх UDP, з назвою вузла);",
     "example_upstream_dot": "зашифрований <0>DNS-over-TLS</0>;",
     "example_upstream_doh": "зашифрований <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "зашифрований <0>DNS-over-QUIC</0> (експериментальний);",
-    "example_upstream_sdns": "<0>DNS Stamps</0> для <1>DNSCrypt</1> або <2>DNS-over-HTTPS</2> серверів;",
+    "example_upstream_doq": "зашифрований <0>DNS-over-QUIC</0>;",
+    "example_upstream_sdns": "<0>DNS Stamps</0> для <1>DNSCrypt-</1> або <2>DNS-over-HTTPS-</2>вирішувачів;",
     "example_upstream_tcp": "звичайний DNS (через TCP);",
     "example_upstream_tcp_hostname": "звичайний DNS (поверх TCP, з назвою вузла);",
     "all_lists_up_to_date_toast": "Всі списки вже оновлені",
@@ -351,7 +351,7 @@
     "install_devices_android_list_5": "Змініть встановлені значення DNS 1 і DNS 2 на адреси вашого домашнього сервера AdGuard.",
     "install_devices_ios_list_1": "На головному екрані торкніться Налаштування.",
     "install_devices_ios_list_2": "Виберіть Wi-Fi у меню ліворуч (неможливо налаштувати DNS для мобільних мереж).",
-    "install_devices_ios_list_3": "Натисніть на назву поточно активної мережі.",
+    "install_devices_ios_list_3": "Натисніть на назву поточної активної мережі.",
     "install_devices_ios_list_4": "У полі DNS введіть адреси вашого сервера AdGuard Home.",
     "get_started": "Розпочати",
     "next": "Наступні",
@@ -369,10 +369,10 @@
     "encryption_https_desc": "Якщо HTTPS-порт налаштовано, інтерфейс адміністратора AdGuard Home буде доступний через HTTPS, а також DNS-over-HTTPS-сервер буде доступний за адресою /dns-query.",
     "encryption_dot": "Порт DNS-over-TLS",
     "encryption_dot_desc": "Якщо цей порт налаштовано, AdGuard Home запустить на цьому порту сервер DNS-over-TLS.",
-    "encryption_doq": "Порт DNS-over-QUIC (експериментальний)",
-    "encryption_doq_desc": "Якщо цей порт налаштовано, AdGuard Home запустить на цьому порту сервер DNS-over-QUIC. Це експериментально і може бути ненадійним. Крім того, зараз не так багато клієнтів, які це підтримують.",
+    "encryption_doq": "Порт DNS-over-QUIC",
+    "encryption_doq_desc": "Якщо цей порт налаштовано, AdGuard Home запустить на ньому сервер DNS-over-QUIC.",
     "encryption_certificates": "Сертифікати",
-    "encryption_certificates_desc": "Для використання шифрування потрібно надати дійсний ланцюжок сертифікатів SSL для вашого домену. Ви можете отримати безкоштовний сертифікат на <0>{{link}}</0> або придбати його в одному з надійних Центрів Сертифікації.",
+    "encryption_certificates_desc": "Для використання шифрування потрібно надати дійсний ланцюжок сертифікатів SSL для вашого домену. Ви можете отримати безплатний сертифікат на <0>{{link}}</0> або придбати його в одному з надійних Центрів Сертифікації.",
     "encryption_certificates_input": "Скопіюйте/вставте сюди свої кодовані PEM сертифікати.",
     "encryption_status": "Статус",
     "encryption_expire": "Закінчується",
@@ -552,16 +552,16 @@
     "fastest_addr": "Найшвидша IP-адреса",
     "fastest_addr_desc": "Опитати всі DNS-сервери й повернути найшвидшу IP-адресу серед усіх наданих. Це сповільнить швидкість DNS-запитів, оскільки AdGuard Home повинен буде чекати відповіді усіх DNS-серверів, але водночас може покращити якість з'єднання.",
     "autofix_warning_text": "Якщо ви натиснете «Виправити», AdGuard Home налаштує вашу систему на використання DNS-сервера AdGuard Home.",
-    "autofix_warning_list": "Це виконає наступні завдання: <0>Деактивує систему DNSStubListener</0> <0>Змінить адресу DNS сервера на 127.0.0.1</0> <0>Замінить символічне посилання /etc/resolv.conf на /run/systemd/resolve/resolv.conf</0> <0>Зупинить DNSStubListener (перезапустить сервіс systemd-resolved)</0>",
+    "autofix_warning_list": "Будуть виконані такі дії: <0>Деактивація системи DNSStubListener</0> <0>Зміна адреси DNS-сервера на «127.0.0.1»</0> <0>Заміна символічного посилання «/etc/resolv.conf» на «/run/systemd/resolve/resolv.conf»</0> <0>Зупинка DNSStubListener (перезапуск системної служби systemd-resolved)</0>",
     "autofix_warning_result": "В результаті буде усталено, що усі DNS-запити вашої системи будуть опрацьовані AdGuard Home.",
     "tags_title": "Теги",
     "tags_desc": "Ви можете вибрати теги, які відповідають клієнту. Теги можна використати в правилах фільтрування, щоб точніше застосовувати їх. <0>Докладніше</0>.",
     "form_select_tags": "Виберіть теги клієнта",
-    "check_title": "Перевірте фільтрування",
+    "check_title": "Перевірити фільтрування",
     "check_desc": "Перевірити чи фільтрується назва вузла.",
     "check": "Перевірити",
     "form_enter_host": "Введіть назву вузла",
-    "filtered_custom_rules": "Відфільтровано за власними правилами фільтрування",
+    "filtered_custom_rules": "Відфільтровано завдяки власним правилам фільтрування",
     "choose_from_list": "Виберіть зі списку",
     "add_custom_list": "Додати власний список",
     "host_whitelisted": "Вузол додано до списку дозволів",
@@ -585,14 +585,14 @@
     "list_updated": "{{count}} список оновлено",
     "list_updated_plural": "{{count}} списки оновлено",
     "dnssec_enable": "Увімкнути DNSSEC",
-    "dnssec_enable_desc": "Встановити прапорець DNSSEC для вихідних DNS запитів та перевірити результат (потрібен розпізнавач з підтримкою DNSSEC).",
+    "dnssec_enable_desc": "Увімкнути DNSSEC для вихідних DNS-запитів та перевірити результат (потрібен вирішувач з підтримкою DNSSEC).",
     "validated_with_dnssec": "Засвідчено DNSSEC",
     "all_queries": "Усі запити",
     "show_blocked_responses": "Заблоковані",
     "show_whitelisted_responses": "Дозволені",
     "show_processed_responses": "Оброблені",
     "blocked_safebrowsing": "Заблоковано Безпечним переглядом",
-    "blocked_adult_websites": "Заблоковано Батьківським контролем",
+    "blocked_adult_websites": "Заблоковано «Батьківським контролем»",
     "blocked_threats": "Заблоковано загроз",
     "allowed": "Дозволено",
     "filtered": "Відфільтровано",

client/src/__locales/vi.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "DNS thông thường (qua UDP, tên máy chủ);",
     "example_upstream_dot": "được mã hoá <0>DNS-over-TLS</0>;",
     "example_upstream_doh": "được mã hoá <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "được mã hoá <0>DNS-over-QUIC</0> (thử nghiệm);",
+    "example_upstream_doq": "được mã hoá <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "bạn có thể sử dụng <0>DNS Stamps</0> for <1>DNSCrypt</1> hoặc <2>DNS-over-HTTPS</2> ",
     "example_upstream_tcp": "DNS thông thường(dùng TCP);",
     "example_upstream_tcp_hostname": "DNS thông thường (qua TCP, tên máy chủ);",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "Nếu cổng HTTPS được định cấu hình, giao diện quản trị viên AdGuard Home sẽ có thể truy cập thông qua HTTPS và nó cũng sẽ cung cấp DNS-over-HTTPS trên vị trí '/dns-query'.",
     "encryption_dot": "Cổng DNS-over-TLS",
     "encryption_dot_desc": "Nếu cổng này được định cấu hình, AdGuard Home sẽ chạy máy chủ DNS-over-TLS trên cổng này.",
-    "encryption_doq": "Cổng DNS-over-QUIC (thử nghiệm)",
-    "encryption_doq_desc": "Nếu cổng này được định cấu hình, AdGuard Home sẽ chạy máy chủ DNS qua QUIC trên cổng này. Đó là thử nghiệm và có thể không đáng tin cậy. Ngoài ra, không có quá nhiều khách hàng hỗ trợ nó vào lúc này.",
+    "encryption_doq": "Cổng DNS-over-QUIC",
+    "encryption_doq_desc": "Nếu cổng này được định cấu hình, AdGuard Home sẽ chạy máy chủ DNS qua QUIC trên cổng này. ",
     "encryption_certificates": "Chứng chỉ",
     "encryption_certificates_desc": "Để sử dụng mã hóa, bạn cần cung cấp chuỗi chứng chỉ SSL hợp lệ cho miền của mình. Bạn có thể nhận chứng chỉ miễn phí trên <0>{{link}}</0> hoặc bạn có thể mua chứng chỉ từ một trong các Cơ Quan Chứng Nhận tin cậy.",
     "encryption_certificates_input": "Sao chép/dán chứng chỉ được mã hóa PEM của bạn tại đây.",

client/src/__locales/zh-cn.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "常规 DNS（通过 UDP、主机名）；",
     "example_upstream_dot": "加密 <0>DNS-over-TLS</0>；",
     "example_upstream_doh": "加密 <0>DNS-over-HTTPS</0>；",
-    "example_upstream_doq": "加密 <0>DNS-over-QUIC</0>（实验性的）；",
+    "example_upstream_doq": "加密 <0>DNS-over-QUIC</0>",
     "example_upstream_sdns": "<1>DNSCrypt</1> 的 <0>DNS Stamps</0> 或者 <2>DNS-over-HTTPS</2> 解析器；",
     "example_upstream_tcp": "常规 DNS（基于 TCP ）；",
     "example_upstream_tcp_hostname": "常规 DNS（通过 TCP、主机名）；",
@@ -351,6 +351,7 @@
     "install_devices_android_list_5": "将 DNS 1 和 DNS 2 的值改为您的 AdGuard Home 服务器地址。",
     "install_devices_ios_list_1": "从主屏幕中点击「设置」。",
     "install_devices_ios_list_2": "从左侧目录中选择「无线局域网」（移动数据网络环境下不支持修改 DNS ）。",
+    "install_devices_ios_list_3": "点击当前已连接网络的名称。",
     "install_devices_ios_list_4": "在 DNS 字段中输入您的 AdGuard Home 服务器地址。",
     "get_started": "开始配置",
     "next": "下一步",
@@ -368,8 +369,8 @@
     "encryption_https_desc": "如果配置了 HTTPS 端口，AdGuard Home 管理界面将可以通过 HTTPS 访问，它还将在在 '/dns-query' 位置提供 DNS-over-HTTPS 。",
     "encryption_dot": "DNS-over-TLS 端口",
     "encryption_dot_desc": "如果配置了此端口，AdGuard Home 将在此端口上运行一个 DNS-over-TLS 服务器。",
-    "encryption_doq": "DNS-over-QUIC 端口（实验性的）",
-    "encryption_doq_desc": "如果配置了此端口，AdGuard Home将在此端口上运行一个DNS-over-QUIC服务器。这是实验性的，可能不可靠。而且，支持此特性的客户端并不多。",
+    "encryption_doq": "DNS-over-QUIC 端口",
+    "encryption_doq_desc": "如果配置了此端口，AdGuard Home 将在此端口上运行一个 DNS-over-QUIC 服务器。",
     "encryption_certificates": "证书",
     "encryption_certificates_desc": "为了使用加密，您需要为域提供有效的 SSL 证书链。您可以在 <0>{{link}}</0> 上获得免费证书，也可以从受信任的证书颁发机构购买证书。",
     "encryption_certificates_input": "将您以 PEM 格式编码的证书复制粘贴到此处。",

client/src/__locales/zh-tw.json

@@ -213,7 +213,7 @@
     "example_upstream_udp": "常規 DNS（透過 UDP，主機名稱）；",
     "example_upstream_dot": "加密的 <0>DNS-over-TLS</0>；",
     "example_upstream_doh": "加密的 <0>DNS-over-HTTPS</0>；",
-    "example_upstream_doq": "加密的 <0>DNS-over-QUIC</0>（實驗性的）；",
+    "example_upstream_doq": "加密的 <0>DNS-over-QUIC</0>;",
     "example_upstream_sdns": "關於 <1>DNSCrypt</1> 或 <2>DNS-over-HTTPS</2> 解析器之 <0>DNS 戳記</0>；",
     "example_upstream_tcp": "常規 DNS（透過 TCP）；",
     "example_upstream_tcp_hostname": "常規 DNS（透過 TCP，主機名稱）；",
@@ -369,8 +369,8 @@
     "encryption_https_desc": "如果 HTTPS 連接埠被配置，AdGuard Home 管理員介面透過 HTTPS 將為可存取的，且它也將於 '/dns-query' 位置上提供 DNS-over-HTTPS。",
     "encryption_dot": "DNS-over-TLS 連接埠",
     "encryption_dot_desc": "如果該連接埠被配置，AdGuard Home 將於此連接埠上運行 DNS-over-TLS 伺服器。",
-    "encryption_doq": "DNS-over-QUIC 連接埠（實驗性的）",
-    "encryption_doq_desc": "如果此連接埠被配置，AdGuard Home 將於此連接埠上運行 DNS-over-QUIC 伺服器。它是實驗性的並可能為不可靠的。再者，此刻沒有太多支援它的用戶端。",
+    "encryption_doq": "DNS-over-QUIC 連接埠",
+    "encryption_doq_desc": "如果此連接埠被配置，AdGuard Home 將於此連接埠上運行 DNS-over-QUIC 伺服器。",
     "encryption_certificates": "憑證",
     "encryption_certificates_desc": "為了使用加密，您需要提供有效的安全通訊端層（SSL）憑證鏈結供您的網域。於 <0>{{link}}</0> 上您可取得免費的憑證或您可從受信任的憑證授權單位之一購買它。",
     "encryption_certificates_input": "於此複製/貼上您的隱私增強郵件編碼之（PEM-encoded）憑證。",

client/src/components/Logs/index.js

@@ -152,6 +152,16 @@ const Logs = () => {
         };
     }, []);
 
+    useEffect(() => {
+        if (!history.location.search) {
+            (async () => {
+                setIsLoading(true);
+                await dispatch(setFilteredLogs());
+                setIsLoading(false);
+            })();
+        }
+    }, [history.location.search]);
+
     const renderPage = () => <>
         <Filters
                 filter={{

client/src/helpers/filters/filters.json

@@ -81,8 +81,8 @@
         "urlhaus-filter-online": {
             "name": "Online Malicious URL Blocklist",
             "categoryId": "security",
-            "homepage": "https://gitlab.com/curben/urlhaus-filter",
-            "source": "https://curben.gitlab.io/malware-filter/urlhaus-filter-agh-online.txt"
+            "homepage": "https://gitlab.com/malware-filter/urlhaus-filter",
+            "source": "https://malware-filter.gitlab.io/malware-filter/urlhaus-filter-agh-online.txt"
         },
         "dandelion-sprouts-anti-malware-list": {
             "name": "Dandelion Sprout's Anti-Malware List",

go.mod

@@ -3,27 +3,28 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.17
 
 require (
-	github.com/AdguardTeam/dnsproxy v0.42.2
+	github.com/AdguardTeam/dnsproxy v0.43.1
 	github.com/AdguardTeam/golibs v0.10.8
 	github.com/AdguardTeam/urlfilter v0.16.0
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.2.3
 	github.com/digineo/go-ipset/v2 v2.2.1
+	github.com/dimfeld/httptreemux/v5 v5.4.0
 	github.com/fsnotify/fsnotify v1.5.4
 	github.com/go-ping/ping v0.0.0-20211130115550-779d1e919534
 	github.com/google/go-cmp v0.5.7
 	github.com/google/gopacket v1.1.19
 	github.com/google/renameio v1.0.1
+	github.com/google/uuid v1.3.0
 	github.com/insomniacslk/dhcp v0.0.0-20220405050111-12fbdcb11b41
 	github.com/kardianos/service v1.2.1
-	github.com/lucas-clemente/quic-go v0.26.0
+	github.com/lucas-clemente/quic-go v0.27.1
 	github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118
 	github.com/mdlayher/netlink v1.6.0
 	// TODO(a.garipov): This package is deprecated; find a new one or use
 	// our own code for that.
 	github.com/mdlayher/raw v0.0.0-20211126142749-4eae47f3d54b
-	github.com/miekg/dns v1.1.48
-	github.com/satori/go.uuid v1.2.0
+	github.com/miekg/dns v1.1.49
 	github.com/stretchr/testify v1.7.0
 	github.com/ti-mo/netfilter v0.4.0
 	go.etcd.io/bbolt v1.3.6
@@ -44,7 +45,6 @@ require (
 	github.com/cheekybits/genny v1.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
-	github.com/google/uuid v1.3.0 // indirect
 	github.com/josharian/native v1.0.0 // indirect
 	github.com/marten-seemann/qtls-go1-16 v0.1.5 // indirect
 	github.com/marten-seemann/qtls-go1-17 v0.1.1 // indirect
@@ -65,6 +65,3 @@ require (
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 )
-
-// TODO(a.garipov): Return to the main repo once miekg/dns#1359 is merged.
-replace github.com/miekg/dns => github.com/ainar-g/dns v1.1.49-0.20220411125901-8a162bbc18d8

go.sum

@@ -7,8 +7,8 @@ dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBr
 dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
-github.com/AdguardTeam/dnsproxy v0.42.2 h1:aBhbuvqg/rZN8Rab5ILSfPFJDkiTviWXXcceJgajnNs=
-github.com/AdguardTeam/dnsproxy v0.42.2/go.mod h1:thHuk3599mgmucsv5J9HR9lBVQHnf4YleE08EbxNrN0=
+github.com/AdguardTeam/dnsproxy v0.43.1 h1:E777KfQAi+VurOoWEdGQ5iqjSOOAzzbTfLOEzj8heCs=
+github.com/AdguardTeam/dnsproxy v0.43.1/go.mod h1:JUGTm5dmlll47JltztsT0N//pVJjdg6zu0SNeUeaA7g=
 github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
@@ -28,8 +28,6 @@ github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmH
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635/go.mod h1:lmLxL+FV291OopO93Bwf9fQLQeLyt33VJRUg5VJ30us=
-github.com/ainar-g/dns v1.1.49-0.20220411125901-8a162bbc18d8 h1:Hp2waLwK989ui3bDkFpedlIHfyWdZ77gynvd+GPEqXY=
-github.com/ainar-g/dns v1.1.49-0.20220411125901-8a162bbc18d8/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/ameshkov/dnscrypt/v2 v2.2.3 h1:X9UP5AHtwp46Ji+sGFfF/1Is6OPI/SjxLqhKpx0P5UI=
 github.com/ameshkov/dnscrypt/v2 v2.2.3/go.mod h1:xJB9cE1/GF+NB6EEQqRlkoa4bjcV2w7VYn1G+zVq7Bs=
 github.com/ameshkov/dnsstamps v1.0.1/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A=
@@ -52,6 +50,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/digineo/go-ipset/v2 v2.2.1 h1:k6skY+0fMqeUjjeWO/m5OuWPSZUAn7AucHMnQ1MX77g=
 github.com/digineo/go-ipset/v2 v2.2.1/go.mod h1:wBsNzJlZlABHUITkesrggFnZQtgW5wkqw1uo8Qxe0VU=
+github.com/dimfeld/httptreemux/v5 v5.4.0 h1:IiHYEjh+A7pYbhWyjmGnj5HZK6gpOOvyBXCJ+BE8/Gs=
+github.com/dimfeld/httptreemux/v5 v5.4.0/go.mod h1:QeEylH57C0v3VO0tkKraVz9oD3Uu93CKPnTLbsidvSw=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/fanliao/go-promise v0.0.0-20141029170127-1890db352a72/go.mod h1:PjfxuH4FZdUyfMdtBio2lsRr1AKEaVPwelzuHuh8Lqc=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
@@ -141,21 +141,15 @@ github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/lucas-clemente/quic-go v0.25.0/go.mod h1:YtzP8bxRVCBlO77yRanE264+fY/T2U9ZlW1AaHOsMOg=
-github.com/lucas-clemente/quic-go v0.26.0 h1:ALBQXr9UJ8A1LyzvceX4jd9QFsHvlI0RR6BkV16o00A=
-github.com/lucas-clemente/quic-go v0.26.0/go.mod h1:AzgQoPda7N+3IqMMMkywBKggIFo2KT6pfnlrQ2QieeI=
+github.com/lucas-clemente/quic-go v0.27.1 h1:sOw+4kFSVrdWOYmUjufQ9GBVPqZ+tu+jMtXxXNmRJyk=
+github.com/lucas-clemente/quic-go v0.27.1/go.mod h1:AzgQoPda7N+3IqMMMkywBKggIFo2KT6pfnlrQ2QieeI=
 github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
 github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc=
-github.com/marten-seemann/qtls-go1-15 v0.1.4/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I=
-github.com/marten-seemann/qtls-go1-16 v0.1.4/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk=
 github.com/marten-seemann/qtls-go1-16 v0.1.5 h1:o9JrYPPco/Nukd/HpOHMHZoBDXQqoNtUCmny98/1uqQ=
 github.com/marten-seemann/qtls-go1-16 v0.1.5/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk=
-github.com/marten-seemann/qtls-go1-17 v0.1.0/go.mod h1:fz4HIxByo+LlWcreM4CZOYNuz3taBQ8rN2X6FqvaWo8=
 github.com/marten-seemann/qtls-go1-17 v0.1.1 h1:DQjHPq+aOzUeh9/lixAGunn6rIOQyWChPSI4+hgW7jc=
 github.com/marten-seemann/qtls-go1-17 v0.1.1/go.mod h1:C2ekUKcDdz9SDWxec1N/MvcXBpaX9l3Nx67XaR84L5s=
-github.com/marten-seemann/qtls-go1-18 v0.1.0-beta.1/go.mod h1:PUhIQk19LoFt2174H4+an8TYvWOGjb/hHwphBeaDHwI=
-github.com/marten-seemann/qtls-go1-18 v0.1.0/go.mod h1:PUhIQk19LoFt2174H4+an8TYvWOGjb/hHwphBeaDHwI=
 github.com/marten-seemann/qtls-go1-18 v0.1.1 h1:qp7p7XXUFL7fpBvSS1sWD+uSqPvzNQK43DH+/qEkj0Y=
 github.com/marten-seemann/qtls-go1-18 v0.1.1/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
@@ -180,6 +174,11 @@ github.com/mdlayher/socket v0.2.1/go.mod h1:QLlNPkFR88mRUNQIzRBMfXxwKal8H7u1h3bL
 github.com/mdlayher/socket v0.2.3 h1:XZA2X2TjdOwNoNPVPclRCURoX/hokBY8nkTmRZFEheM=
 github.com/mdlayher/socket v0.2.3/go.mod h1:bz12/FozYNH/VbvC3q7TRIK/Y6dH1kCKsXaUeXi/FmY=
 github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
+github.com/miekg/dns v1.1.40/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
+github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
+github.com/miekg/dns v1.1.44/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
+github.com/miekg/dns v1.1.49 h1:qe0mQU3Z/XpFeE+AEBo2rqaS1IPBJ3anmqZ4XiZJVG8=
+github.com/miekg/dns v1.1.49/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
@@ -213,8 +212,6 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:
 github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
-github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/shirou/gopsutil/v3 v3.21.8 h1:nKct+uP0TV8DjjNiHanKf8SAuub+GNsbrOtM9Nl9biA=
 github.com/shirou/gopsutil/v3 v3.21.8/go.mod h1:YWp/H8Qs5fVmf17v7JNZzA0mPJ+mS2e9JdiUF9LlKzQ=
@@ -311,6 +308,7 @@ golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@@ -360,6 +358,7 @@ golang.org/x/sys v0.0.0-20190606122018-79a91cf218c4/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -376,6 +375,7 @@ golang.org/x/sys v0.0.0-20201017003518-b09fb700fbb7/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -414,6 +414,7 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=

internal/aghtls/aghtls.go

@@ -1,30 +0,0 @@
-// Package aghtls contains utilities for work with TLS.
-package aghtls
-
-import "crypto/tls"
-
-// SaferCipherSuites returns a set of default cipher suites with vulnerable and
-// weak cipher suites removed.
-func SaferCipherSuites() (safe []uint16) {
-	for _, s := range tls.CipherSuites() {
-		switch s.ID {
-		case
-			tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
-			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-			tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-			tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
-			// Less safe 3DES and CBC suites, go on.
-		default:
-			safe = append(safe, s.ID)
-		}
-	}
-
-	return safe
-}

internal/dnsforward/clientid.go

@@ -65,7 +65,7 @@ func clientIDFromClientServerName(
 		return "", err
 	}
 
-	return clientID, nil
+	return strings.ToLower(clientID), nil
 }
 
 // clientIDFromDNSContextHTTPS extracts the client's ID from the path of the
@@ -104,7 +104,7 @@ func clientIDFromDNSContextHTTPS(pctx *proxy.DNSContext) (clientID string, err e
 		return "", fmt.Errorf("clientid check: %w", err)
 	}
 
-	return clientID, nil
+	return strings.ToLower(clientID), nil
 }
 
 // tlsConn is a narrow interface for *tls.Conn to simplify testing.
@@ -112,8 +112,8 @@ type tlsConn interface {
 	ConnectionState() (cs tls.ConnectionState)
 }
 
-// quicSession is a narrow interface for quic.Session to simplify testing.
-type quicSession interface {
+// quicConnection is a narrow interface for quic.Connection to simplify testing.
+type quicConnection interface {
 	ConnectionState() (cs quic.ConnectionState)
 }
 
@@ -148,16 +148,16 @@ func (s *Server) clientIDFromDNSContext(pctx *proxy.DNSContext) (clientID string
 
 		cliSrvName = tc.ConnectionState().ServerName
 	case proxy.ProtoQUIC:
-		qs, ok := pctx.QUICSession.(quicSession)
+		conn, ok := pctx.QUICConnection.(quicConnection)
 		if !ok {
 			return "", fmt.Errorf(
-				"proxy ctx quic session of proto %s is %T, want quic.Session",
+				"proxy ctx quic conn of proto %s is %T, want quic.Connection",
 				proto,
-				pctx.QUICSession,
+				pctx.QUICConnection,
 			)
 		}
 
-		cliSrvName = qs.ConnectionState().TLS.ServerName
+		cliSrvName = conn.ConnectionState().TLS.ServerName
 	}
 
 	clientID, err = clientIDFromClientServerName(

internal/dnsforward/clientid_test.go

@@ -29,17 +29,18 @@ func (c testTLSConn) ConnectionState() (cs tls.ConnectionState) {
 	return cs
 }
 
-// testQUICSession is a quicSession for tests.
-type testQUICSession struct {
-	// Session is embedded here simply to make testQUICSession a quic.Session
-	// without actually implementing all methods.
-	quic.Session
+// testQUICConnection is a quicConnection for tests.
+type testQUICConnection struct {
+	// Connection is embedded here simply to make testQUICConnection a
+	// quic.Connection without actually implementing all methods.
+	quic.Connection
 
 	serverName string
 }
 
-// ConnectionState implements the quicSession interface for testQUICSession.
-func (c testQUICSession) ConnectionState() (cs quic.ConnectionState) {
+// ConnectionState implements the quicConnection interface for
+// testQUICConnection.
+func (c testQUICConnection) ConnectionState() (cs quic.ConnectionState) {
 	cs.TLS.ServerName = c.serverName
 
 	return cs
@@ -143,6 +144,22 @@ func TestServer_clientIDFromDNSContext(t *testing.T) {
 		wantErrMsg: `clientid check: client server name "cli.myexample.com" ` +
 			`doesn't match host server name "example.com"`,
 		strictSNI: true,
+	}, {
+		name:         "tls_case",
+		proto:        proxy.ProtoTLS,
+		hostSrvName:  "example.com",
+		cliSrvName:   "InSeNsItIvE.example.com",
+		wantClientID: "insensitive",
+		wantErrMsg:   ``,
+		strictSNI:    true,
+	}, {
+		name:         "quic_case",
+		proto:        proxy.ProtoQUIC,
+		hostSrvName:  "example.com",
+		cliSrvName:   "InSeNsItIvE.example.com",
+		wantClientID: "insensitive",
+		wantErrMsg:   ``,
+		strictSNI:    true,
 	}}
 
 	for _, tc := range testCases {
@@ -163,17 +180,17 @@ func TestServer_clientIDFromDNSContext(t *testing.T) {
 				}
 			}
 
-			var qs quic.Session
+			var qconn quic.Connection
 			if tc.proto == proxy.ProtoQUIC {
-				qs = testQUICSession{
+				qconn = testQUICConnection{
 					serverName: tc.cliSrvName,
 				}
 			}
 
 			pctx := &proxy.DNSContext{
-				Proto:       tc.proto,
-				Conn:        conn,
-				QUICSession: qs,
+				Proto:          tc.proto,
+				Conn:           conn,
+				QUICConnection: qconn,
 			}
 
 			clientID, err := srv.clientIDFromDNSContext(pctx)
@@ -210,6 +227,11 @@ func TestClientIDFromDNSContextHTTPS(t *testing.T) {
 		path:         "/dns-query/cli/",
 		wantClientID: "cli",
 		wantErrMsg:   "",
+	}, {
+		name:         "clientid_case",
+		path:         "/dns-query/InSeNsItIvE",
+		wantClientID: "insensitive",
+		wantErrMsg:   ``,
 	}, {
 		name:         "bad_url",
 		path:         "/foo",

internal/dnsforward/config.go

@@ -11,7 +11,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtls"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
@@ -122,7 +121,6 @@ type FilteringConfig struct {
 	EnableDNSSEC           bool     `yaml:"enable_dnssec"`      // Set AD flag in outcoming DNS request
 	EnableEDNSClientSubnet bool     `yaml:"edns_client_subnet"` // Enable EDNS Client Subnet option
 	MaxGoroutines          uint32   `yaml:"max_goroutines"`     // Max. number of parallel goroutines for processing incoming requests
-	HandleDDR              bool     `yaml:"handle_ddr"`         // Handle DDR requests
 
 	// IpsetList is the ipset configuration that allows AdGuard Home to add
 	// IP addresses of the specified domain names to an ipset list.  Syntax:
@@ -134,8 +132,9 @@ type FilteringConfig struct {
 
 // TLSConfig is the TLS configuration for HTTPS, DNS-over-HTTPS, and DNS-over-TLS
 type TLSConfig struct {
-	TLSListenAddrs  []*net.TCPAddr `yaml:"-" json:"-"`
-	QUICListenAddrs []*net.UDPAddr `yaml:"-" json:"-"`
+	TLSListenAddrs   []*net.TCPAddr `yaml:"-" json:"-"`
+	QUICListenAddrs  []*net.UDPAddr `yaml:"-" json:"-"`
+	HTTPSListenAddrs []*net.TCPAddr `yaml:"-" json:"-"`
 
 	// Reject connection if the client uses server name (in SNI) that doesn't match the certificate
 	StrictSNICheck bool `yaml:"strict_sni_check" json:"-"`
@@ -152,7 +151,7 @@ type TLSConfig struct {
 	PrivateKeyData       []byte `yaml:"-" json:"-"`
 
 	// ServerName is the hostname of the server.  Currently, it is only being
-	// used for ClientID checking and Discovery of Designated Resolvers (DDR).
+	// used for ClientID checking.
 	ServerName string `yaml:"-" json:"-"`
 
 	cert tls.Certificate
@@ -428,7 +427,6 @@ func (s *Server) prepareTLS(proxyConfig *proxy.Config) error {
 
 	proxyConfig.TLSConfig = &tls.Config{
 		GetCertificate: s.onGetCertificate,
-		CipherSuites:   aghtls.SaferCipherSuites(),
 		MinVersion:     tls.VersionTLS12,
 	}
 

internal/dnsforward/dns.go

@@ -76,10 +76,6 @@ const (
 	resultCodeError
 )
 
-// ddrHostFQDN is the FQDN used in Discovery of Designated Resolvers (DDR) requests.
-// See https://www.ietf.org/archive/id/draft-ietf-add-ddr-06.html.
-const ddrHostFQDN = "_dns.resolver.arpa."
-
 // handleDNSRequest filters the incoming DNS requests and writes them to the query log
 func (s *Server) handleDNSRequest(_ *proxy.Proxy, d *proxy.DNSContext) error {
 	ctx := &dnsContext{
@@ -98,7 +94,6 @@ func (s *Server) handleDNSRequest(_ *proxy.Proxy, d *proxy.DNSContext) error {
 	mods := []modProcessFunc{
 		s.processRecursion,
 		s.processInitial,
-		s.processDDRQuery,
 		s.processDetermineLocal,
 		s.processInternalHosts,
 		s.processRestrictLocal,
@@ -246,77 +241,6 @@ func (s *Server) onDHCPLeaseChanged(flags int) {
 	s.setTableIPToHost(ipToHost)
 }
 
-// processDDRQuery responds to SVCB query for a special use domain name
-// ‘_dns.resolver.arpa’.  The result contains different types of encryption
-// supported by current user configuration.
-//
-// See https://www.ietf.org/archive/id/draft-ietf-add-ddr-06.html.
-func (s *Server) processDDRQuery(ctx *dnsContext) (rc resultCode) {
-	d := ctx.proxyCtx
-	question := d.Req.Question[0]
-
-	if !s.conf.HandleDDR {
-		return resultCodeSuccess
-	}
-
-	if question.Name == ddrHostFQDN {
-		// TODO(a.garipov): Check DoQ support in next RFC drafts.
-		if s.dnsProxy.TLSListenAddr == nil && s.dnsProxy.HTTPSListenAddr == nil ||
-			question.Qtype != dns.TypeSVCB {
-			d.Res = s.makeResponse(d.Req)
-
-			return resultCodeFinish
-		}
-
-		d.Res = s.makeDDRResponse(d.Req)
-
-		return resultCodeFinish
-	}
-
-	return resultCodeSuccess
-}
-
-// makeDDRResponse creates DDR answer according to server configuration.
-func (s *Server) makeDDRResponse(req *dns.Msg) (resp *dns.Msg) {
-	resp = s.makeResponse(req)
-	domainName := s.conf.ServerName
-
-	for _, addr := range s.dnsProxy.HTTPSListenAddr {
-		values := []dns.SVCBKeyValue{
-			&dns.SVCBAlpn{Alpn: []string{"h2"}},
-			&dns.SVCBPort{Port: uint16(addr.Port)},
-			&dns.SVCBDoHPath{Template: "/dns-query?dns"},
-		}
-
-		ans := &dns.SVCB{
-			Hdr:      s.hdr(req, dns.TypeSVCB),
-			Priority: 1,
-			Target:   domainName,
-			Value:    values,
-		}
-
-		resp.Answer = append(resp.Answer, ans)
-	}
-
-	for _, addr := range s.dnsProxy.TLSListenAddr {
-		values := []dns.SVCBKeyValue{
-			&dns.SVCBAlpn{Alpn: []string{"dot"}},
-			&dns.SVCBPort{Port: uint16(addr.Port)},
-		}
-
-		ans := &dns.SVCB{
-			Hdr:      s.hdr(req, dns.TypeSVCB),
-			Priority: 2,
-			Target:   domainName,
-			Value:    values,
-		}
-
-		resp.Answer = append(resp.Answer, ans)
-	}
-
-	return resp
-}
-
 // processDetermineLocal determines if the client's IP address is from
 // locally-served network and saves the result into the context.
 func (s *Server) processDetermineLocal(dctx *dnsContext) (rc resultCode) {

internal/dnsforward/dns_test.go

@@ -14,152 +14,6 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-const ddrTestDomainName = "dns.example.net"
-
-func TestServer_ProcessDDRQuery(t *testing.T) {
-	dohSVCB := &dns.SVCB{
-		Priority: 1,
-		Target:   ddrTestDomainName,
-		Value: []dns.SVCBKeyValue{
-			&dns.SVCBAlpn{Alpn: []string{"h2"}},
-			&dns.SVCBPort{Port: 8044},
-			&dns.SVCBDoHPath{Template: "/dns-query?dns"},
-		},
-	}
-
-	dotSVCB := &dns.SVCB{
-		Priority: 2,
-		Target:   ddrTestDomainName,
-		Value: []dns.SVCBKeyValue{
-			&dns.SVCBAlpn{Alpn: []string{"dot"}},
-			&dns.SVCBPort{Port: 8043},
-		},
-	}
-
-	testCases := []struct {
-		name       string
-		host       string
-		want       []*dns.SVCB
-		wantRes    resultCode
-		portDoH    int
-		portDoT    int
-		qtype      uint16
-		ddrEnabled bool
-	}{{
-		name:       "pass_host",
-		wantRes:    resultCodeSuccess,
-		host:       "example.net.",
-		qtype:      dns.TypeSVCB,
-		ddrEnabled: true,
-		portDoH:    8043,
-	}, {
-		name:       "pass_qtype",
-		wantRes:    resultCodeFinish,
-		host:       ddrHostFQDN,
-		qtype:      dns.TypeA,
-		ddrEnabled: true,
-		portDoH:    8043,
-	}, {
-		name:       "pass_disabled_tls",
-		wantRes:    resultCodeFinish,
-		host:       ddrHostFQDN,
-		qtype:      dns.TypeSVCB,
-		ddrEnabled: true,
-	}, {
-		name:       "pass_disabled_ddr",
-		wantRes:    resultCodeSuccess,
-		host:       ddrHostFQDN,
-		qtype:      dns.TypeSVCB,
-		ddrEnabled: false,
-		portDoH:    8043,
-	}, {
-		name:       "dot",
-		wantRes:    resultCodeFinish,
-		want:       []*dns.SVCB{dotSVCB},
-		host:       ddrHostFQDN,
-		qtype:      dns.TypeSVCB,
-		ddrEnabled: true,
-		portDoT:    8043,
-	}, {
-		name:       "doh",
-		wantRes:    resultCodeFinish,
-		want:       []*dns.SVCB{dohSVCB},
-		host:       ddrHostFQDN,
-		qtype:      dns.TypeSVCB,
-		ddrEnabled: true,
-		portDoH:    8044,
-	}, {
-		name:       "dot_doh",
-		wantRes:    resultCodeFinish,
-		want:       []*dns.SVCB{dotSVCB, dohSVCB},
-		host:       ddrHostFQDN,
-		qtype:      dns.TypeSVCB,
-		ddrEnabled: true,
-		portDoT:    8043,
-		portDoH:    8044,
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			s := prepareTestServer(t, tc.portDoH, tc.portDoT, tc.ddrEnabled)
-
-			req := createTestMessageWithType(tc.host, tc.qtype)
-
-			dctx := &dnsContext{
-				proxyCtx: &proxy.DNSContext{
-					Req: req,
-				},
-			}
-
-			res := s.processDDRQuery(dctx)
-			require.Equal(t, tc.wantRes, res)
-
-			if tc.wantRes != resultCodeFinish {
-				return
-			}
-
-			msg := dctx.proxyCtx.Res
-			require.NotNil(t, msg)
-
-			for _, v := range tc.want {
-				v.Hdr = s.hdr(req, dns.TypeSVCB)
-			}
-
-			assert.ElementsMatch(t, tc.want, msg.Answer)
-		})
-	}
-}
-
-func prepareTestServer(t *testing.T, portDoH, portDoT int, ddrEnabled bool) (s *Server) {
-	t.Helper()
-
-	proxyConf := proxy.Config{}
-
-	if portDoH > 0 {
-		proxyConf.HTTPSListenAddr = []*net.TCPAddr{{Port: portDoH}}
-	}
-
-	if portDoT > 0 {
-		proxyConf.TLSListenAddr = []*net.TCPAddr{{Port: portDoT}}
-	}
-
-	s = &Server{
-		dnsProxy: &proxy.Proxy{
-			Config: proxyConf,
-		},
-		conf: ServerConfig{
-			FilteringConfig: FilteringConfig{
-				HandleDDR: ddrEnabled,
-			},
-			TLSConfig: TLSConfig{
-				ServerName: ddrTestDomainName,
-			},
-		},
-	}
-
-	return s
-}
-
 func TestServer_ProcessDetermineLocal(t *testing.T) {
 	s := &Server{
 		privateNets: netutil.SubnetSetFunc(netutil.IsLocallyServed),

internal/dnsforward/http.go

@@ -510,6 +510,7 @@ func separateUpstream(upstreamStr string) (upstream string, isDomainSpec bool, e
 			continue
 		}
 
+		host = strings.TrimPrefix(host, "*.")
 		err = netutil.ValidateDomainName(host)
 		if err != nil {
 			return "", true, fmt.Errorf("domain at index %d: %w", i, err)

internal/dnsforward/stats.go

@@ -64,9 +64,9 @@ func (s *Server) logQuery(
 		Answer:            pctx.Res,
 		OrigAnswer:        dctx.origResp,
 		Result:            dctx.result,
-		Elapsed:           elapsed,
 		ClientID:          dctx.clientID,
 		ClientIP:          ip,
+		Elapsed:           elapsed,
 		AuthenticatedData: dctx.responseAD,
 	}
 

internal/home/clients.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"net"
 	"sort"
+	"strings"
 	"sync"
 	"time"
 
@@ -546,7 +547,7 @@ func (clients *clientsContainer) check(c *Client) (err error) {
 		} else if mac, err = net.ParseMAC(id); err == nil {
 			c.IDs[i] = mac.String()
 		} else if err = dnsforward.ValidateClientID(id); err == nil {
-			c.IDs[i] = id
+			c.IDs[i] = strings.ToLower(id)
 		} else {
 			return fmt.Errorf("invalid clientid at index %d: %q", i, id)
 		}

internal/home/clients_test.go

@@ -9,7 +9,6 @@ import (
 
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
 	"github.com/AdguardTeam/golibs/testutil"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

internal/home/config.go

@@ -187,7 +187,6 @@ var config = &configuration{
 			Ratelimit:          20,
 			RefuseAny:          true,
 			AllServers:         false,
-			HandleDDR:          true,
 			FastestTimeout: timeutil.Duration{
 				Duration: fastip.DefaultPingWaitTimeout,
 			},

internal/home/dns.go

@@ -58,6 +58,7 @@ func initDNSServer() (err error) {
 	}
 
 	conf := querylog.Config{
+		Anonymizer:        anonymizer,
 		ConfigModified:    onConfigModified,
 		HTTPRegister:      httpRegister,
 		FindClient:        Context.clients.findMultiple,
@@ -67,7 +68,6 @@ func initDNSServer() (err error) {
 		Enabled:           config.DNS.QueryLogEnabled,
 		FileEnabled:       config.DNS.QueryLogFileEnabled,
 		AnonymizeClientIP: config.DNS.AnonymizeClientIP,
-		Anonymizer:        anonymizer,
 	}
 	Context.queryLog = querylog.New(conf)
 
@@ -221,6 +221,10 @@ func generateServerConfig() (newConf dnsforward.ServerConfig, err error) {
 		newConf.TLSConfig = tlsConf.TLSConfig
 		newConf.TLSConfig.ServerName = tlsConf.ServerName
 
+		if tlsConf.PortHTTPS != 0 {
+			newConf.HTTPSListenAddrs = ipsToTCPAddrs(hosts, tlsConf.PortHTTPS)
+		}
+
 		if tlsConf.PortDNSOverTLS != 0 {
 			newConf.TLSListenAddrs = ipsToTCPAddrs(hosts, tlsConf.PortDNSOverTLS)
 		}
@@ -240,6 +244,7 @@ func generateServerConfig() (newConf dnsforward.ServerConfig, err error) {
 	}
 
 	newConf.TLSv12Roots = Context.tlsRoots
+	newConf.TLSCiphers = Context.tlsCiphers
 	newConf.TLSAllowUnencryptedDoH = tlsConf.AllowUnencryptedDoH
 
 	newConf.FilterHandler = applyAdditionalFiltering

internal/home/home.go

@@ -22,7 +22,6 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtls"
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
@@ -79,6 +78,7 @@ type homeContext struct {
 	disableUpdate    bool   // If set, don't check for updates
 	controlLock      sync.Mutex
 	tlsRoots         *x509.CertPool // list of root CAs for TLSv1.2
+	tlsCiphers       []uint16       // list of TLS ciphers to use
 	transport        *http.Transport
 	client           *http.Client
 	appSignalChannel chan os.Signal // Channel for receiving OS signals by the console app
@@ -143,13 +143,13 @@ func setupContext(args options) {
 	initConfig()
 
 	Context.tlsRoots = LoadSystemRootCAs()
+	Context.tlsCiphers = InitTLSCiphers()
 	Context.transport = &http.Transport{
 		DialContext: customDialContext,
 		Proxy:       getHTTPProxy,
 		TLSClientConfig: &tls.Config{
-			RootCAs:      Context.tlsRoots,
-			CipherSuites: aghtls.SaferCipherSuites(),
-			MinVersion:   tls.VersionTLS12,
+			RootCAs:    Context.tlsRoots,
+			MinVersion: tls.VersionTLS12,
 		},
 	}
 	Context.client = &http.Client{

internal/home/mobileconfig.go

@@ -11,7 +11,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
-	uuid "github.com/satori/go.uuid"
+	"github.com/google/uuid"
 	"howett.net/plist"
 )
 
@@ -47,9 +47,9 @@ type payloadContent struct {
 
 	PayloadType        string
 	PayloadIdentifier  string
-	PayloadUUID        string
 	PayloadDisplayName string
 	PayloadDescription string
+	PayloadUUID        uuid.UUID
 	PayloadVersion     int
 }
 
@@ -63,18 +63,14 @@ const dnsSettingsPayloadType = "com.apple.dnsSettings.managed"
 type mobileConfig struct {
 	PayloadDescription       string
 	PayloadDisplayName       string
-	PayloadIdentifier        string
 	PayloadType              string
-	PayloadUUID              string
 	PayloadContent           []*payloadContent
+	PayloadIdentifier        uuid.UUID
+	PayloadUUID              uuid.UUID
 	PayloadVersion           int
 	PayloadRemovalDisallowed bool
 }
 
-func genUUIDv4() string {
-	return uuid.NewV4().String()
-}
-
 const (
 	dnsProtoHTTPS = "HTTPS"
 	dnsProtoTLS   = "TLS"
@@ -104,23 +100,23 @@ func encodeMobileConfig(d *dnsSettings, clientID string) ([]byte, error) {
 		return nil, fmt.Errorf("bad dns protocol %q", proto)
 	}
 
-	payloadID := fmt.Sprintf("%s.%s", dnsSettingsPayloadType, genUUIDv4())
+	payloadID := fmt.Sprintf("%s.%s", dnsSettingsPayloadType, uuid.New())
 	data := &mobileConfig{
-		PayloadDescription: "Adds AdGuard Home to macOS Big Sur " +
-			"and iOS 14 or newer systems",
+		PayloadDescription: "Adds AdGuard Home to macOS Big Sur and iOS 14 or newer systems",
 		PayloadDisplayName: dspName,
-		PayloadIdentifier:  genUUIDv4(),
 		PayloadType:        "Configuration",
-		PayloadUUID:        genUUIDv4(),
 		PayloadContent: []*payloadContent{{
+			DNSSettings: d,
+
 			PayloadType:        dnsSettingsPayloadType,
 			PayloadIdentifier:  payloadID,
-			PayloadUUID:        genUUIDv4(),
 			PayloadDisplayName: dspName,
 			PayloadDescription: "Configures device to use AdGuard Home",
+			PayloadUUID:        uuid.New(),
 			PayloadVersion:     1,
-			DNSSettings:        d,
 		}},
+		PayloadIdentifier:        uuid.New(),
+		PayloadUUID:              uuid.New(),
 		PayloadVersion:           1,
 		PayloadRemovalDisallowed: false,
 	}

internal/home/service.go

@@ -433,8 +433,11 @@ EnvironmentFile=-/etc/sysconfig/{{.Name}}
 WantedBy=multi-user.target
 `
 
-// Note: we should keep it in sync with the template from service_sysv_linux.go file
-// Use "ps | grep -v grep | grep $(get_pid)" because "ps PID" may not work on OpenWrt
+// sysvScript is the source of the daemon script for SysV-based Linux systems.
+// Keep as close as possible to the https://github.com/kardianos/service/blob/29f8c79c511bc18422bb99992779f96e6bc33921/service_sysv_linux.go#L187.
+//
+// Use ps command instead of reading the procfs since it's a more
+// implementation-independent approach.
 const sysvScript = `#!/bin/sh
 # For RedHat and cousins:
 # chkconfig: - 99 01
@@ -465,7 +468,7 @@ get_pid() {
 }
 
 is_running() {
-    [ -f "$pid_file" ] && ps | grep -v grep | grep $(get_pid) > /dev/null 2>&1
+    [ -f "$pid_file" ] && ps -p "$(get_pid)" > /dev/null 2>&1
 }
 
 case "$1" in
@@ -609,7 +612,7 @@ command_args="-P ${pidfile} -p ${pidfile_child} -T ${name} -r {{.WorkingDirector
 run_rc_command "$1"
 `
 
-const openBSDScript = `#!/bin/sh
+const openBSDScript = `#!/bin/ksh
 #
 # $OpenBSD: {{ .SvcInfo }}
 

internal/home/tls.go

@@ -26,6 +26,7 @@ import (
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/google/go-cmp/cmp"
+	"golang.org/x/sys/cpu"
 )
 
 var tlsWebHandlersRegistered = false
@@ -730,3 +731,52 @@ func LoadSystemRootCAs() (roots *x509.CertPool) {
 
 	return nil
 }
+
+// InitTLSCiphers performs the same work as initDefaultCipherSuites() from
+// crypto/tls/common.go but don't uses lots of other default ciphers.
+func InitTLSCiphers() (ciphers []uint16) {
+	// Check the cpu flags for each platform that has optimized GCM
+	// implementations.  The worst case is when all these variables are
+	// false.
+	var (
+		hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ
+		hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL
+		// Keep in sync with crypto/aes/cipher_s390x.go.
+		hasGCMAsmS390X = cpu.S390X.HasAES &&
+			cpu.S390X.HasAESCBC &&
+			cpu.S390X.HasAESCTR &&
+			(cpu.S390X.HasGHASH || cpu.S390X.HasAESGCM)
+
+		hasGCMAsm = hasGCMAsmAMD64 || hasGCMAsmARM64 || hasGCMAsmS390X
+	)
+
+	if hasGCMAsm {
+		// If AES-GCM hardware is provided then prioritize AES-GCM
+		// cipher suites.
+		ciphers = []uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+		}
+	} else {
+		// Without AES-GCM hardware, we put the ChaCha20-Poly1305 cipher
+		// suites first.
+		ciphers = []uint16{
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		}
+	}
+
+	return append(
+		ciphers,
+		tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+		tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+	)
+}

internal/home/web.go

@@ -10,7 +10,6 @@ import (
 	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtls"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
@@ -265,9 +264,9 @@ func (web *Web) tlsServerLoop() {
 			Addr:     address,
 			TLSConfig: &tls.Config{
 				Certificates: []tls.Certificate{web.httpsServer.cert},
-				RootCAs:      Context.tlsRoots,
-				CipherSuites: aghtls.SaferCipherSuites(),
 				MinVersion:   tls.VersionTLS12,
+				RootCAs:      Context.tlsRoots,
+				CipherSuites: Context.tlsCiphers,
 			},
 			Handler:           withMiddlewares(Context.mux, limitRequestBody),
 			ReadTimeout:       web.conf.ReadTimeout,

internal/querylog/http.go

@@ -19,10 +19,10 @@ import (
 )
 
 type qlogConfig struct {
-	Enabled bool `json:"enabled"`
 	// Use float64 here to support fractional numbers and not mess the API
 	// users by changing the units.
 	Interval          float64 `json:"interval"`
+	Enabled           bool    `json:"enabled"`
 	AnonymizeClientIP bool    `json:"anonymize_client_ip"`
 }
 

internal/querylog/qlog.go

@@ -149,7 +149,7 @@ func (l *queryLog) clear() {
 		log.Error("removing log file %q: %s", l.logFile, err)
 	}
 
-	log.Debug("Query log: cleared")
+	log.Debug("querylog: cleared")
 }
 
 func (l *queryLog) Add(params *AddParams) {

internal/querylog/qlog_test.go

@@ -285,8 +285,8 @@ func addEntry(l *queryLog, host string, answerStr, client net.IP) {
 		Answer:     &a,
 		OrigAnswer: &a,
 		Result:     &res,
-		ClientIP:   client,
 		Upstream:   "upstream",
+		ClientIP:   client,
 	}
 
 	l.Add(params)

internal/querylog/querylog.go

@@ -28,8 +28,11 @@ type QueryLog interface {
 	WriteDiskConfig(c *Config)
 }
 
-// Config - configuration object
+// Config is the query log configuration structure.
 type Config struct {
+	// Anonymizer processes the IP addresses to anonymize those if needed.
+	Anonymizer *aghnet.IPMut
+
 	// ConfigModified is called when the configuration is changed, for
 	// example by HTTP requests.
 	ConfigModified func()
@@ -68,9 +71,6 @@ type Config struct {
 	// AnonymizeClientIP tells if the query log should anonymize clients' IP
 	// addresses.
 	AnonymizeClientIP bool
-
-	// Anonymizer processes the IP addresses to anonymize those if needed.
-	Anonymizer *aghnet.IPMut
 }
 
 // AddParams is the parameters for adding an entry.
@@ -91,18 +91,18 @@ type AddParams struct {
 	// Result is the filtering result (optional).
 	Result *filtering.Result
 
-	// Elapsed is the time spent for processing the request.
-	Elapsed time.Duration
-
 	ClientID string
 
-	ClientIP net.IP
-
 	// Upstream is the URL of the upstream DNS server.
 	Upstream string
 
 	ClientProto ClientProto
 
+	ClientIP net.IP
+
+	// Elapsed is the time spent for processing the request.
+	Elapsed time.Duration
+
 	// Cached indicates if the response is served from cache.
 	Cached bool
 

internal/querylog/search.go

@@ -73,7 +73,7 @@ func (l *queryLog) searchMemory(params *searchParams, cache clientCache) (entrie
 
 // search - searches log entries in the query log using specified parameters
 // returns the list of entries found + time of the oldest entry
-func (l *queryLog) search(params *searchParams) ([]*logEntry, time.Time) {
+func (l *queryLog) search(params *searchParams) (entries []*logEntry, oldest time.Time) {
 	now := time.Now()
 
 	if params.limit == 0 {
@@ -88,7 +88,7 @@ func (l *queryLog) search(params *searchParams) ([]*logEntry, time.Time) {
 	totalLimit := params.offset + params.limit
 
 	// now let's get a unified collection
-	entries := append(memoryEntries, fileEntries...)
+	entries = append(memoryEntries, fileEntries...)
 	if len(entries) > totalLimit {
 		// remove extra records
 		entries = entries[:totalLimit]
@@ -111,13 +111,18 @@ func (l *queryLog) search(params *searchParams) ([]*logEntry, time.Time) {
 		}
 	}
 
-	if len(entries) > 0 && len(entries) <= totalLimit {
+	if len(entries) > 0 {
 		// Update oldest after merging in the memory buffer.
 		oldest = entries[len(entries)-1].Time
 	}
 
-	log.Debug("QueryLog: prepared data (%d/%d) older than %s in %s",
-		len(entries), total, params.olderThan, time.Since(now))
+	log.Debug(
+		"querylog: prepared data (%d/%d) older than %s in %s",
+		len(entries),
+		total,
+		params.olderThan,
+		time.Since(now),
+	)
 
 	return entries, oldest
 }
@@ -180,6 +185,8 @@ func (l *queryLog) searchFiles(
 		e, ts, err = l.readNextEntry(r, params, cache)
 		if err != nil {
 			if err == io.EOF {
+				oldestNano = 0
+
 				break
 			}
 

internal/v1/agh/agh.go

@@ -1,33 +0,0 @@
-// Package agh contains common entities and interfaces of AdGuard Home.
-//
-// TODO(a.garipov): Move to the upper-level internal/.
-package agh
-
-import "context"
-
-// Service is the interface for API servers.
-//
-// TODO(a.garipov): Consider adding a context to Start.
-//
-// TODO(a.garipov): Consider adding a Wait method or making an extension
-// interface for that.
-type Service interface {
-	// Start starts the service.  It does not block.
-	Start() (err error)
-
-	// Shutdown gracefully stops the service.  ctx is used to determine
-	// a timeout before trying to stop the service less gracefully.
-	Shutdown(ctx context.Context) (err error)
-}
-
-// type check
-var _ Service = EmptyService{}
-
-// EmptyService is a Service that does nothing.
-type EmptyService struct{}
-
-// Start implements the Service interface for EmptyService.
-func (EmptyService) Start() (err error) { return nil }
-
-// Shutdown implements the Service interface for EmptyService.
-func (EmptyService) Shutdown(_ context.Context) (err error) { return nil }

internal/v1/cmd/cmd.go

@@ -1,69 +0,0 @@
-// Package cmd is the AdGuard Home entry point.  It contains the on-disk
-// configuration file utilities, signal processing logic, and so on.
-//
-// TODO(a.garipov): Move to the upper-level internal/.
-package cmd
-
-import (
-	"context"
-	"io/fs"
-	"math/rand"
-	"net"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/v1/websvc"
-	"github.com/AdguardTeam/golibs/log"
-	"github.com/AdguardTeam/golibs/netutil"
-)
-
-// Main is the entry point of application.
-func Main(clientBuildFS fs.FS) {
-	// # Initial Configuration
-
-	rand.Seed(time.Now().UnixNano())
-
-	// TODO(a.garipov): Set up logging.
-
-	// # Web Service
-
-	// TODO(a.garipov): Use in the Web service.
-	_ = clientBuildFS
-
-	// TODO(a.garipov): Make configurable.
-	web := websvc.New(&websvc.Config{
-		Addresses: []*netutil.IPPort{{
-			IP:   net.IP{127, 0, 0, 1},
-			Port: 3001,
-		}},
-		Timeout: 60 * time.Second,
-	})
-
-	err := web.Start()
-	fatalOnError(err)
-
-	sigHdlr := newSignalHandler(
-		web,
-	)
-
-	go sigHdlr.handle()
-
-	select {}
-}
-
-// defaultTimeout is the timeout used for some operations where another timeout
-// hasn't been defined yet.
-const defaultTimeout = 15 * time.Second
-
-// ctxWithDefaultTimeout is a helper function that returns a context with
-// timeout set to defaultTimeout.
-func ctxWithDefaultTimeout() (ctx context.Context, cancel context.CancelFunc) {
-	return context.WithTimeout(context.Background(), defaultTimeout)
-}
-
-// fatalOnError is a helper that exits the program with an error code if err is
-// not nil.  It must only be used within Main.
-func fatalOnError(err error) {
-	if err != nil {
-		log.Fatal(err)
-	}
-}

internal/v1/cmd/signal.go

@@ -1,70 +0,0 @@
-package cmd
-
-import (
-	"os"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/AdGuardHome/internal/v1/agh"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// signalHandler processes incoming signals and shuts services down.
-type signalHandler struct {
-	signal chan os.Signal
-
-	// services are the services that are shut down before application
-	// exiting.
-	services []agh.Service
-}
-
-// handle processes OS signals.
-func (h *signalHandler) handle() {
-	defer log.OnPanic("signalProcessor.handle")
-
-	for sig := range h.signal {
-		log.Info("sigproc: received signal %q", sig)
-
-		if aghos.IsShutdownSignal(sig) {
-			h.shutdown()
-		}
-	}
-}
-
-// Exit status constants.
-const (
-	statusSuccess = 0
-	statusError   = 1
-)
-
-// shutdown gracefully shuts down all services.
-func (h *signalHandler) shutdown() {
-	ctx, cancel := ctxWithDefaultTimeout()
-	defer cancel()
-
-	status := statusSuccess
-
-	log.Info("sigproc: shutting down services")
-	for i, service := range h.services {
-		err := service.Shutdown(ctx)
-		if err != nil {
-			log.Error("sigproc: shutting down service at index %d: %s", i, err)
-			status = statusError
-		}
-	}
-
-	log.Info("sigproc: shutting down adguard home")
-
-	os.Exit(status)
-}
-
-// newSignalHandler returns a new signalHandler that shuts down svcs.
-func newSignalHandler(svcs ...agh.Service) (h *signalHandler) {
-	h = &signalHandler{
-		signal:   make(chan os.Signal, 1),
-		services: svcs,
-	}
-
-	aghos.NotifyShutdownSignal(h.signal)
-
-	return h
-}

internal/v1/websvc/websvc.go

@@ -1,185 +0,0 @@
-// Package websvc contains the AdGuard Home web service.
-//
-// TODO(a.garipov): Add tests.
-package websvc
-
-import (
-	"context"
-	"crypto/tls"
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"sync"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/v1/agh"
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/log"
-	"github.com/AdguardTeam/golibs/netutil"
-)
-
-// Config is the AdGuard Home web service configuration structure.
-type Config struct {
-	// TLS is the optional TLS configuration.  If TLS is not nil,
-	// SecureAddresses must not be empty.
-	TLS *tls.Config
-
-	// Addresses are the addresses on which to serve the plain HTTP API.
-	Addresses []*netutil.IPPort
-
-	// SecureAddresses are the addresses on which to serve the HTTPS API.  If
-	// SecureAddresses is not empty, TLS must not be nil.
-	SecureAddresses []*netutil.IPPort
-
-	// Timeout is the timeout for all server operations.
-	Timeout time.Duration
-}
-
-// Service is the AdGuard Home web service.  A nil *Service is a valid service
-// that does nothing.
-type Service struct {
-	tls     *tls.Config
-	servers []*http.Server
-	timeout time.Duration
-}
-
-// New returns a new properly initialized *Service.  If c is nil, svc is a nil
-// *Service that does nothing.
-func New(c *Config) (svc *Service) {
-	if c == nil {
-		return nil
-	}
-
-	svc = &Service{
-		tls:     c.TLS,
-		timeout: c.Timeout,
-	}
-
-	mux := http.NewServeMux()
-	mux.HandleFunc("/health-check", svc.handleGetHealthCheck)
-
-	for _, a := range c.Addresses {
-		addr := a.String()
-		errLog := log.StdLog("websvc: http: "+addr, log.ERROR)
-		svc.servers = append(svc.servers, &http.Server{
-			Addr:              addr,
-			Handler:           mux,
-			ErrorLog:          errLog,
-			ReadTimeout:       c.Timeout,
-			WriteTimeout:      c.Timeout,
-			IdleTimeout:       c.Timeout,
-			ReadHeaderTimeout: c.Timeout,
-		})
-	}
-
-	for _, a := range c.SecureAddresses {
-		addr := a.String()
-		errLog := log.StdLog("websvc: https: "+addr, log.ERROR)
-		svc.servers = append(svc.servers, &http.Server{
-			Addr:              addr,
-			Handler:           mux,
-			TLSConfig:         c.TLS,
-			ErrorLog:          errLog,
-			ReadTimeout:       c.Timeout,
-			WriteTimeout:      c.Timeout,
-			IdleTimeout:       c.Timeout,
-			ReadHeaderTimeout: c.Timeout,
-		})
-	}
-
-	return svc
-}
-
-// Addrs returns all addresses on which this server serves the HTTP API.  Addrs
-// must not be called until Start returns.
-func (svc *Service) Addrs() (addrs []string) {
-	addrs = make([]string, 0, len(svc.servers))
-	for _, srv := range svc.servers {
-		addrs = append(addrs, srv.Addr)
-	}
-
-	return addrs
-}
-
-// handleGetHealthCheck is the handler for the GET /health-check HTTP API.
-func (svc *Service) handleGetHealthCheck(w http.ResponseWriter, _ *http.Request) {
-	_, _ = io.WriteString(w, "OK")
-}
-
-// unit is a convenient alias for struct{}.
-type unit = struct{}
-
-// type check
-var _ agh.Service = (*Service)(nil)
-
-// Start implements the agh.Service interface for *Service.  svc may be nil.
-// After Start exits, all HTTP servers have tried to start, possibly failing and
-// writing error messages to the log.
-func (svc *Service) Start() (err error) {
-	if svc == nil {
-		return nil
-	}
-
-	srvs := svc.servers
-
-	wg := &sync.WaitGroup{}
-	wg.Add(len(srvs))
-	for _, srv := range srvs {
-		go serve(srv, wg)
-	}
-
-	wg.Wait()
-
-	return nil
-}
-
-// serve starts and runs srv and writes all errors into its log.
-func serve(srv *http.Server, wg *sync.WaitGroup) {
-	addr := srv.Addr
-	defer log.OnPanic(addr)
-
-	var l net.Listener
-	var err error
-	if srv.TLSConfig == nil {
-		l, err = net.Listen("tcp", addr)
-	} else {
-		l, err = tls.Listen("tcp", addr, srv.TLSConfig)
-	}
-	if err != nil {
-		srv.ErrorLog.Printf("starting srv %s: binding: %s", addr, err)
-	}
-
-	// Update the server's address in case the address had the port zero, which
-	// would mean that a random available port was automatically chosen.
-	srv.Addr = l.Addr().String()
-
-	log.Info("websvc: starting srv http://%s", srv.Addr)
-	wg.Done()
-
-	err = srv.Serve(l)
-	if err != nil && !errors.Is(err, http.ErrServerClosed) {
-		srv.ErrorLog.Printf("starting srv %s: %s", addr, err)
-	}
-}
-
-// Shutdown implements the agh.Service interface for *Service.  svc may be nil.
-func (svc *Service) Shutdown(ctx context.Context) (err error) {
-	if svc == nil {
-		return nil
-	}
-
-	var errs []error
-	for _, srv := range svc.servers {
-		serr := srv.Shutdown(ctx)
-		if serr != nil {
-			errs = append(errs, fmt.Errorf("shutting down srv %s: %w", srv.Addr, serr))
-		}
-	}
-
-	if len(errs) > 0 {
-		return errors.List("shutting down")
-	}
-
-	return nil
-}

internal/v1/websvc/websvc_test.go

@@ -1,69 +0,0 @@
-package websvc_test
-
-import (
-	"context"
-	"io"
-	"net"
-	"net/http"
-	"net/url"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/v1/websvc"
-	"github.com/AdguardTeam/golibs/netutil"
-	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-const testTimeout = 1 * time.Second
-
-func TestService_Start_getHealthCheck(t *testing.T) {
-	c := &websvc.Config{
-		TLS: nil,
-		Addresses: []*netutil.IPPort{{
-			IP:   net.IP{127, 0, 0, 1},
-			Port: 0,
-		}},
-		SecureAddresses: nil,
-		Timeout:         testTimeout,
-	}
-
-	svc := websvc.New(c)
-
-	err := svc.Start()
-	require.NoError(t, err)
-	t.Cleanup(func() {
-		ctx, cancel := context.WithTimeout(context.Background(), testTimeout)
-		t.Cleanup(cancel)
-
-		err = svc.Shutdown(ctx)
-		require.NoError(t, err)
-	})
-
-	addrs := svc.Addrs()
-	require.Len(t, addrs, 1)
-
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addrs[0],
-		Path:   "/health-check",
-	}
-	req, err := http.NewRequest(http.MethodGet, u.String(), nil)
-	require.NoError(t, err)
-
-	httpCli := &http.Client{
-		Timeout: testTimeout,
-	}
-	resp, err := httpCli.Do(req)
-	require.NoError(t, err)
-
-	testutil.CleanupAndRequireSuccess(t, resp.Body.Close)
-
-	assert.Equal(t, http.StatusOK, resp.StatusCode)
-
-	body, err := io.ReadAll(resp.Body)
-	require.NoError(t, err)
-
-	assert.Equal(t, []byte("OK"), body)
-}

main.go

@@ -1,6 +1,3 @@
-//go:build !v1
-// +build !v1
-
 package main
 
 import (

main_v1.go

@@ -1,21 +0,0 @@
-//go:build v1
-// +build v1
-
-package main
-
-import (
-	"embed"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/v1/cmd"
-)
-
-// Embed the prebuilt client here since we strive to keep .go files inside the
-// internal directory and the embed package is unable to embed files located
-// outside of the same or underlying directory.
-
-//go:embed build2
-var clientBuildFS embed.FS
-
-func main() {
-	cmd.Main(clientBuildFS)
-}

openapi/CHANGELOG.md

@@ -4,10 +4,7 @@
 
 ## v0.108.0: API changes
 
-### The new optional field `"ecs"` in `QueryLogItem`
-
-* The new optional field `"ecs"` in `GET /control/querylog` contains the IP
-  network from an EDNS Client-Subnet option from the request message if any.
+## v0.107.7: API changes
 
 ### The new possible status code in `/install/configure` response.
 
@@ -15,6 +12,11 @@
   `POST /install/configure` which means that the specified password does not
   meet the strength requirements.
 
+### The new optional field `"ecs"` in `QueryLogItem`
+
+* The new optional field `"ecs"` in `GET /control/querylog` contains the IP
+  network from an EDNS Client-Subnet option from the request message if any.
+
 ## v0.107.3: API changes
 
 ### The new field `"version"` in `AddressesInfo`

scripts/make/go-build.sh

@@ -123,14 +123,4 @@ CGO_ENABLED="$cgo_enabled"
 GO111MODULE='on'
 export CGO_ENABLED GO111MODULE
 
-# Build the new binary if requested.
-if [ "${V1API:-0}" -eq '0' ]
-then
-	tags_flags='--tags='
-else
-	tags_flags='--tags=v1'
-fi
-readonly tags_flags
-
-"$go" build --ldflags "$ldflags" "$race_flags" "$tags_flags" --trimpath "$o_flags" "$v_flags"\
-	"$x_flags"
+"$go" build --ldflags "$ldflags" "$race_flags" --trimpath "$o_flags" "$v_flags" "$x_flags"

scripts/make/go-lint.sh

@@ -140,7 +140,6 @@ underscores() {
 			-e '_others.go'\
 			-e '_test.go'\
 			-e '_unix.go'\
-			-e '_v1.go'\
 			-e '_windows.go' \
 			-v\
 			| sed -e 's/./\t\0/'
@@ -223,7 +222,7 @@ gocyclo --over 17 ./internal/dhcpd/ ./internal/dnsforward/\
 # Apply stricter standards to new or somewhat refactored code.
 gocyclo --over 10 ./internal/aghio/ ./internal/aghnet/ ./internal/aghos/\
 	./internal/aghtest/ ./internal/stats/ ./internal/tools/\
-	./internal/updater/ ./internal/v1/ ./internal/version/ ./main.go\
+	./internal/updater/ ./internal/version/ ./main.go
 
 ineffassign ./...