all: upd urls

Pull request: 4755-youtube-domain
Updates #4755. Squashed commit of the following: commit cb0ab8b26f6f277ef76ee3492c99870cbfc24666 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Jul 28 17:21:02 2022 +0300 filtering: add another youtube domain
2022-07-28 18:35:26 +03:00 · 2022-07-28 17:28:24 +03:00 · 2022-07-28 15:29:03 +03:00 · 2022-07-27 17:02:20 +03:00 · 2022-07-26 19:00:43 +03:00 · 2022-07-13 16:39:03 +03:00
88 changed files with 1346 additions and 827 deletions
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -1,49 +0,0 @@
---
-name: Bug report
-about: Create a bug report to help us improve AdGuard Home
---
-
-Have a question or an idea? Please search it [on our forum](https://github.com/AdguardTeam/AdGuardHome/discussions) to make sure it was not yet asked. If you cannot find what you had in mind, please [submit it here](https://github.com/AdguardTeam/AdGuardHome/discussions/new).
-
-### Prerequisites
-
-Please answer the following questions for yourself before submitting an issue. **YOU MAY DELETE THE PREREQUISITES SECTION.**
-
- [ ] I am running the latest version
- [ ] I checked the documentation and found no answer
- [ ] I checked to make sure that this issue has not already been filed
-
-### Issue Details
-
-<!-- Please include all relevant details about the environment you experienced the bug in.  If possible, include the result of running `./AdGuardHome -v --version` from the installation directory. -->
-
-* **Version of AdGuard Home server:**
-  * <!-- (e.g. v0.123.4) -->
-* **How did you install AdGuard Home:**
-  * <!-- (e.g. Built from source, Snapcraft, Docker, GitHub releases, etc.) -->
-* **How did you setup DNS configuration:**
-  * <!-- (System/Router/IoT) -->
-* **If it's a router or IoT, please write device model:**
-  * <!-- (e.g. Raspberry Pi 3 Model B) -->
-* **CPU architecture:**
-  * <!-- (e.g. AMD64, MIPS, etc.) -->
-* **Operating system and version:**
-  * <!-- (e.g. Ubuntu 18.04.1) -->
-
-### Expected Behavior
-<!-- A clear and concise description of what you expected to happen. -->
-
-### Actual Behavior
-<!-- A clear and concise description of what actually happened. -->
-
-### Screenshots
-<!-- If applicable, add screenshots to help explain your problem. -->
-
-<details><summary>Screenshot:</summary>
-
-<!--- drag and drop, upload or paste your screenshot to this area-->
-
-</details>
-
-### Additional Information
-<!-- Add any other context about the problem here. -->
--- a/.github/ISSUE_TEMPLATE/Feature_request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_request.md
@@ -1,26 +0,0 @@
---
-name: Feature request
-about: Suggest a feature request for AdGuard Home
---
-
-Have a question or an idea? Please search it [on our forum](https://github.com/AdguardTeam/AdGuardHome/discussions) to make sure it was not yet asked. If you cannot find what you had in mind, please [submit it here](https://github.com/AdguardTeam/AdGuardHome/discussions/new).
-
-### Prerequisites
-
-Please answer the following questions for yourself before submitting an issue. **YOU MAY DELETE THE PREREQUISITES SECTION.**
-
- [ ] I am running the latest version
- [ ] I checked the documentation and found no answer
- [ ] I checked to make sure that this issue has not already been filed
-
-### Problem Description
-<!-- Is your feature request related to a problem? Please add a clear and concise description of what the problem is. -->
-
-### Proposed Solution
-<!-- Describe the solution you'd like in a clear and concise manner -->
-
-### Alternatives Considered
-<!-- A clear and concise description of any alternative solutions or features you've considered. -->
-
-### Additional Information
-<!-- Add any other context about the problem here. -->
--- a/.github/ISSUE_TEMPLATE/bug.yml
+++ b/.github/ISSUE_TEMPLATE/bug.yml
@@ -0,0 +1,109 @@
+'body':
+  - 'attributes':
+        'description': >
+            Please make sure that the issue is not a duplicate or a question.
+            If it's a duplicate, please react to the original issue with a
+            thumbs up.  If it's a question, please post it to the GitHub
+            Discussions page.
+        'label': 'Prerequisites'
+        'options':
+          - 'label': >
+                I have checked the
+                [Wiki](https://github.com/AdguardTeam/AdGuardHome/wiki) and
+                [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions)
+                and found no answer
+            'required': true
+          - 'label': >
+                I have searched other issues and found no duplicates
+            'required': true
+          - 'label': >
+                I want to report a bug and not ask a question
+            'required': true
+    'id': 'prerequisites'
+    'type': 'checkboxes'
+  - 'attributes':
+        'description': 'On which operating system type does the issue occur?'
+        'label': 'Operating system type'
+        'options':
+          - 'FreeBSD'
+          - 'Linux, OpenWrt'
+          - 'Linux, Other (please mention the version in the description)'
+          - 'macOS (aka Darwin)'
+          - 'OpenBSD'
+          - 'Windows'
+          - 'Other (please mention in the description)'
+    'id': 'os'
+    'type': 'dropdown'
+    'validations':
+        'required': true
+  - 'attributes':
+        'description': 'On which CPU architecture does the issue occur?'
+        'label': 'CPU architecture'
+        'options':
+          - 'AMD64'
+          - 'x86'
+          - '64-bit ARM'
+          - 'ARMv5'
+          - 'ARMv6'
+          - 'ARMv7'
+          - '64-bit MIPS'
+          - '64-bit MIPS LE'
+          - '32-bit MIPS'
+          - '32-bit MIPS LE'
+          - '64-bit PowerPC LE'
+          - 'Other (please mention in the description)'
+    'id': 'arch'
+    'type': 'dropdown'
+    'validations':
+        'required': true
+  - 'attributes':
+        'description': 'How did you install AdGuard Home?'
+        'label': 'Installation'
+        'options':
+          - 'GitHub releases or script from README'
+          - 'Docker'
+          - 'Snapcraft'
+          - 'Custom port'
+          - 'Other (please mention in the description)'
+    'id': 'install'
+    'type': 'dropdown'
+    'validations':
+        'required': true
+  - 'attributes':
+        'description': 'How did you setup AdGuard Home?'
+        'label': 'Setup'
+        'options':
+          - 'On one machine'
+          - 'On a router, DHCP is handled by the router'
+          - 'On a router, DHCP is handled by AdGuard Home'
+          - 'Other (please mention in the description)'
+    'id': 'setup'
+    'type': 'dropdown'
+    'validations':
+        'required': true
+  - 'attributes':
+        'description': 'What version of AdGuard Home are you using?'
+        'label': 'AdGuard Home version'
+    'id': 'version'
+    'type': 'input'
+    'validations':
+        'required': true
+  - 'attributes':
+        'description': 'Please describe the bug'
+        'label': 'Description'
+        'value': |
+            #### What did you do?
+
+            #### Expected result
+
+            #### Actual result
+
+            #### Screenshots (if applicable)
+
+            #### Additional information
+    'id': 'description'
+    'type': 'textarea'
+    'validations':
+        'required': true
+'description': 'File a bug report'
+'name': 'Bug'
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,17 @@
+'blank_issues_enabled': false
+'contact_links':
+  - 'about': >
+        Please report filtering issues, for example advertising filters
+        misfiring or safe browsing false positives, using the form on our
+        website
+    'name': 'AdGuard filters issues'
+    'url': 'https://reports.adguard.com/en/new_issue.html'
+  - 'about': >
+        Please use GitHub Discussions for questions
+    'name': 'Q&A Discussions'
+    'url': 'https://github.com/AdguardTeam/AdGuardHome/discussions'
+  - 'about': >
+        Please check our Wiki for configuration file description, frequently
+        asked questions, and other documentation
+    'name': 'Wiki'
+    'url': 'https://github.com/AdguardTeam/AdGuardHome/wiki'
--- a/.github/ISSUE_TEMPLATE/feature.yml
+++ b/.github/ISSUE_TEMPLATE/feature.yml
@@ -0,0 +1,41 @@
+'body':
+  - 'attributes':
+        'description': >
+            Please make sure that the issue is not a duplicate or a question.
+            If it's a duplicate, please react to the original issue with a
+            thumbs up.  If it's a question, please post it to the GitHub
+            Discussions page.
+        'label': 'Prerequisites'
+        'options':
+          - 'label': >
+                I have checked the
+                [Wiki](https://github.com/AdguardTeam/AdGuardHome/wiki) and
+                [Discussions](https://github.com/AdguardTeam/AdGuardHome/discussions)
+                and found no answer
+            'required': true
+          - 'label': >
+                I have searched other issues and found no duplicates
+            'required': true
+          - 'label': >
+                I want to request a feature or enhancement and not ask a
+                question
+            'required': true
+    'id': 'prerequisites'
+    'type': 'checkboxes'
+  - 'attributes':
+        'description': 'Please describe the request'
+        'label': 'Description'
+        'value': |
+            #### What problem are you trying to solve?
+
+            #### Proposed solution
+
+            #### Alternatives considered
+
+            #### Additional information
+    'id': 'description'
+    'type': 'textarea'
+    'validations':
+        'required': true
+'description': 'Suggest a feature or an enhancement for AdGuard Home'
+'name': 'Feature request or enhancement'
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,21 +12,88 @@ and this project adheres to
 ## [Unreleased]

 <!--
-## [v0.108.0] - 2022-07-01 (APPROX.)
+## [v0.108.0] - 2022-10-01 (APPROX.)
 -->

 ### Security

- Enforced password strength policy ([#3503]).
 - Weaker cipher suites that use the CBC (cipher block chaining) mode of
  operation have been disabled ([#2993]).

 ### Added

+- Support for Discovery of Designated Resolvers (DDR) according to the [RFC
+  draft][ddr-draft] ([#4463]).
+- `windows/arm64` support ([#3057]).
+
+### Deprecated
+
+- Go 1.17 support.  v0.109.0 will require at least Go 1.18 to build.
+
+[#2993]: https://github.com/AdguardTeam/AdGuardHome/issues/2993
+[#3057]: https://github.com/AdguardTeam/AdGuardHome/issues/3057
+
+[ddr-draft]: https://datatracker.ietf.org/doc/html/draft-ietf-add-ddr-08
+
+
+
+<!--
+## [v0.107.9] - 2022-08-23 (APPROX.)
+-->
+
+
+
+## [v0.107.8] - 2022-07-13
+
+See also the [v0.107.8 GitHub milestone][ms-v0.107.8].
+
+### Security
+
+- Go version was updated to prevent the possibility of exploiting the
+  CVE-2022-1705, CVE-2022-32148, CVE-2022-30631, and other Go vulnerabilities
+  fixed in [Go 1.17.12][go-1.17.12].
+
+  <!--
+      TODO(a.garipov): Use the above format in all similar announcements below.
+  -->
+
+### Fixed
+
+- DHCP lease validation incorrectly letting users assign the IP address of the
+  gateway as the address of the lease ([#4698]).
+- Updater no longer expects a hardcoded name for  `AdGuardHome` executable
+  ([#4219]).
+- Inconsistent names of runtime clients from hosts files ([#4683]).
+- PTR requests for addresses leased by DHCP will now be resolved into hostnames
+  under `dhcp.local_domain_name` ([#4699]).
+- Broken service installation on OpenWrt ([#4677]).
+
+[#4219]: https://github.com/AdguardTeam/AdGuardHome/issues/4219
+[#4677]: https://github.com/AdguardTeam/AdGuardHome/issues/4677
+[#4683]: https://github.com/AdguardTeam/AdGuardHome/issues/4683
+[#4698]: https://github.com/AdguardTeam/AdGuardHome/issues/4698
+[#4699]: https://github.com/AdguardTeam/AdGuardHome/issues/4699
+
+[go-1.17.12]:  https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
+[ms-v0.107.8]: https://github.com/AdguardTeam/AdGuardHome/milestone/44?closed=1
+
+
+
+## [v0.107.7] - 2022-06-06
+
+See also the [v0.107.7 GitHub milestone][ms-v0.107.7].
+
+### Security
+
+- Go version was updated to prevent the possibility of exploiting the
+  [CVE-2022-29526], [CVE-2022-30634], [CVE-2022-30629], [CVE-2022-30580], and
+  [CVE-2022-29804] Go vulnerabilities.
+- Enforced password strength policy ([#3503]).
+
+### Added
+
 - Support for the final DNS-over-QUIC standard, [RFC 9250][rfc-9250] ([#4592]).
 - Support upstreams for subdomains of a domain only ([#4503]).
- Support for Discovery of Designated Resolvers (DDR) according to the [RFC
-  draft][ddr-draft-06] ([#4463]).
 - The ability to control each source of runtime clients separately via
  `clients.runtime_sources` configuration object ([#3020]).
 - The ability to customize the set of networks that are considered private
@@ -38,7 +105,6 @@ and this project adheres to
  ([#4166]).
 - Logs are now collected by default on FreeBSD and OpenBSD when AdGuard Home is
  installed as a service ([#4213]).
- `windows/arm64` support ([#3057]).

 ### Changed

@@ -122,10 +188,9 @@ In this release, the schema version has changed from 12 to 14.

 ### Deprecated

- The `--no-etc-hosts` option.  Its' functionality is now controlled by
+- The `--no-etc-hosts` option.  Its functionality is now controlled by
  `clients.runtime_sources.hosts` configuration property.  v0.109.0 will remove
  the flag completely.
- Go 1.17 support.  v0.109.0 will require at least Go 1.18 to build.

 ### Fixed

@@ -137,9 +202,7 @@ In this release, the schema version has changed from 12 to 14.
 - ARP tables refreshing process causing excessive PTR requests ([#3157]).

 [#1730]: https://github.com/AdguardTeam/AdGuardHome/issues/1730
-[#2993]: https://github.com/AdguardTeam/AdGuardHome/issues/2993
 [#3020]: https://github.com/AdguardTeam/AdGuardHome/issues/3020
-[#3057]: https://github.com/AdguardTeam/AdGuardHome/issues/3057
 [#3142]: https://github.com/AdguardTeam/AdGuardHome/issues/3142
 [#3157]: https://github.com/AdguardTeam/AdGuardHome/issues/3157
 [#3367]: https://github.com/AdguardTeam/AdGuardHome/issues/3367
@@ -161,19 +224,13 @@ In this release, the schema version has changed from 12 to 14.
 [#4591]: https://github.com/AdguardTeam/AdGuardHome/issues/4591
 [#4592]: https://github.com/AdguardTeam/AdGuardHome/issues/4592

-[rfc-9250]:     https://datatracker.ietf.org/doc/html/rfc9250
-[ddr-draft-06]: https://www.ietf.org/archive/id/draft-ietf-add-ddr-06.html
-[repr]:         https://reproducible-builds.org/docs/source-date-epoch/
-
-
-
-<!--
-## [v0.107.7] - 2022-05-18 (APPROX.)
-
-See also the [v0.107.7 GitHub milestone][ms-v0.107.7].
-
-[ms-v0.107.7]: https://github.com/AdguardTeam/AdGuardHome/milestone/43?closed=1
-->
+[CVE-2022-29526]: https://www.cvedetails.com/cve/CVE-2022-29526
+[CVE-2022-29804]: https://www.cvedetails.com/cve/CVE-2022-29804
+[CVE-2022-30580]: https://www.cvedetails.com/cve/CVE-2022-30580
+[CVE-2022-30629]: https://www.cvedetails.com/cve/CVE-2022-30629
+[CVE-2022-30634]: https://www.cvedetails.com/cve/CVE-2022-30634
+[ms-v0.107.7]:    https://github.com/AdguardTeam/AdGuardHome/milestone/43?closed=1
+[rfc-9250]:       https://datatracker.ietf.org/doc/html/rfc9250



@@ -185,7 +242,7 @@ See also the [v0.107.6 GitHub milestone][ms-v0.107.6].

 - `User-Agent` HTTP header removed from outgoing DNS-over-HTTPS requests.
 - Go version was updated to prevent the possibility of exploiting the
-  [CVE-2022-24675], [CVE-2022-27536], and [CVE-2022-28327] vulnerabilities.
+  [CVE-2022-24675], [CVE-2022-27536], and [CVE-2022-28327] Go vulnerabilities.

 ### Added

@@ -227,6 +284,7 @@ See also the [v0.107.6 GitHub milestone][ms-v0.107.6].
 [CVE-2022-28327]: https://www.cvedetails.com/cve/CVE-2022-28327
 [dns-draft-02]:   https://datatracker.ietf.org/doc/html/draft-ietf-add-svcb-dns-02#section-5.1
 [ms-v0.107.6]:    https://github.com/AdguardTeam/AdGuardHome/milestone/42?closed=1
+[repr]:           https://reproducible-builds.org/docs/source-date-epoch/
 [svcb-draft-08]:  https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-08.html


@@ -239,7 +297,7 @@ were resolved.
 ### Security

 - Go version was updated to prevent the possibility of exploiting the
-  [CVE-2022-24921] vulnerability.
+  [CVE-2022-24921] Go vulnerability.

 [CVE-2022-24921]: https://www.cvedetails.com/cve/CVE-2022-24921

@@ -252,7 +310,7 @@ See also the [v0.107.4 GitHub milestone][ms-v0.107.4].
 ### Security

 - Go version was updated to prevent the possibility of exploiting the
-  [CVE-2022-23806], [CVE-2022-23772], and [CVE-2022-23773] vulnerabilities.
+  [CVE-2022-23806], [CVE-2022-23772], and [CVE-2022-23773] Go vulnerabilities.

 ### Fixed

@@ -988,11 +1046,13 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].


 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.7...HEAD
-[v0.107.7]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.6...v0.107.7
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.9...HEAD
+[v0.107.9]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.8...v0.107.9
 -->

-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.6...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.8...HEAD
+[v0.107.8]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.7...v0.107.8
+[v0.107.7]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.6...v0.107.7
 [v0.107.6]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.5...v0.107.6
 [v0.107.5]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.4...v0.107.5
 [v0.107.4]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.3...v0.107.4
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 &nbsp;
 <p align="center">
-  <img src="https://cdn.adguard.com/public/Adguard/Common/adguard_home.svg" width="300px" alt="AdGuard Home" />
+  <img src="https://cdn.adtidy.org/public/Adguard/Common/adguard_home.svg" width="300px" alt="AdGuard Home" />
 </p>
 <h3 align="center">Privacy protection center for you and your devices</h3>
 <p align="center">
@@ -38,7 +38,7 @@
 <br />

 <p align="center">
-    <img src="https://cdn.adguard.com/public/Adguard/Common/adguard_home.gif" width="800" />
+    <img src="https://cdn.adtidy.org/public/Adguard/Common/adguard_home.gif" width="800" />
 </p>

 <hr />
@@ -281,28 +281,28 @@ curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/s
 ```

 *  Beta channel builds
-     *  Linux: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_386.tar.gz)
-     *  Linux ARM: [32-bit ARMv6](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv6.tar.gz) (recommended for Raspberry Pi OS stable), [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv5.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv7.tar.gz)
-     *  Linux MIPS: [32-bit MIPS](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips_softfloat.tar.gz), [32-bit MIPSLE](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mipsle_softfloat.tar.gz), [64-bit MIPS](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips64_softfloat.tar.gz), [64-bit MIPSLE](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips64le_softfloat.tar.gz)
-     *  Windows: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_windows_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_windows_386.zip)
-     *  macOS: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_386.zip)
-     *  macOS ARM: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_arm64.zip)
-     *  FreeBSD: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_386.tar.gz)
-     *  FreeBSD ARM: [64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv5.tar.gz), [32-bit ARMv6](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv6.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv7.tar.gz)
+     *  Linux: [64-bit](https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_amd64.tar.gz), [32-bit](https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_386.tar.gz)
+     *  Linux ARM: [32-bit ARMv6](https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_armv6.tar.gz) (recommended for Raspberry Pi OS stable), [64-bit](https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_arm64.tar.gz), [32-bit ARMv5](https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_armv5.tar.gz), [32-bit ARMv7](https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_armv7.tar.gz)
+     *  Linux MIPS: [32-bit MIPS](https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_mips_softfloat.tar.gz), [32-bit MIPSLE](https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_mipsle_softfloat.tar.gz), [64-bit MIPS](https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_mips64_softfloat.tar.gz), [64-bit MIPSLE](https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_mips64le_softfloat.tar.gz)
+     *  Windows: [64-bit](https://static.adtidy.org/adguardhome/beta/AdGuardHome_windows_amd64.zip), [32-bit](https://static.adtidy.org/adguardhome/beta/AdGuardHome_windows_386.zip)
+     *  macOS: [64-bit](https://static.adtidy.org/adguardhome/beta/AdGuardHome_darwin_amd64.zip), [32-bit](https://static.adtidy.org/adguardhome/beta/AdGuardHome_darwin_386.zip)
+     *  macOS ARM: [64-bit](https://static.adtidy.org/adguardhome/beta/AdGuardHome_darwin_arm64.zip)
+     *  FreeBSD: [64-bit](https://static.adtidy.org/adguardhome/beta/AdGuardHome_freebsd_amd64.tar.gz), [32-bit](https://static.adtidy.org/adguardhome/beta/AdGuardHome_freebsd_386.tar.gz)
+     *  FreeBSD ARM: [64-bit](https://static.adtidy.org/adguardhome/beta/AdGuardHome_freebsd_arm64.tar.gz), [32-bit ARMv5](https://static.adtidy.org/adguardhome/beta/AdGuardHome_freebsd_armv5.tar.gz), [32-bit ARMv6](https://static.adtidy.org/adguardhome/beta/AdGuardHome_freebsd_armv6.tar.gz), [32-bit ARMv7](https://static.adtidy.org/adguardhome/beta/AdGuardHome_freebsd_armv7.tar.gz)
     *  OpenBSD: (coming soon)
     *  OpenBSD ARM: (coming soon)

 *  Edge channel builds
-     *  Linux: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_386.tar.gz)
-     *  Linux ARM: [32-bit ARMv6](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_armv6.tar.gz) (recommended for Raspberry Pi OS stable), [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_armv5.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_armv7.tar.gz)
-     *  Linux MIPS: [32-bit MIPS](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mips_softfloat.tar.gz), [32-bit MIPSLE](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mipsle_softfloat.tar.gz), [64-bit MIPS](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mips64_softfloat.tar.gz), [64-bit MIPSLE](https://static.adguard.com/adguardhome/edge/AdGuardHome_linux_mips64le_softfloat.tar.gz)
-     *  Windows: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_windows_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_windows_386.zip)
-     *  macOS: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_darwin_amd64.zip), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_darwin_386.zip)
-     *  macOS ARM: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_darwin_arm64.zip)
-     *  FreeBSD: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_amd64.tar.gz), [32-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_386.tar.gz)
-     *  FreeBSD ARM: [64-bit](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_arm64.tar.gz), [32-bit ARMv5](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_armv5.tar.gz), [32-bit ARMv6](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_armv6.tar.gz), [32-bit ARMv7](https://static.adguard.com/adguardhome/edge/AdGuardHome_freebsd_armv7.tar.gz)
-     *  OpenBSD: [64-bit (experimental)](https://static.adguard.com/adguardhome/edge/AdGuardHome_openbsd_amd64.tar.gz)
-     *  OpenBSD ARM: [64-bit (experimental)](https://static.adguard.com/adguardhome/edge/AdGuardHome_openbsd_arm64.tar.gz)
+     *  Linux: [64-bit](https://static.adtidy.org/adguardhome/edge/AdGuardHome_linux_amd64.tar.gz), [32-bit](https://static.adtidy.org/adguardhome/edge/AdGuardHome_linux_386.tar.gz)
+     *  Linux ARM: [32-bit ARMv6](https://static.adtidy.org/adguardhome/edge/AdGuardHome_linux_armv6.tar.gz) (recommended for Raspberry Pi OS stable), [64-bit](https://static.adtidy.org/adguardhome/edge/AdGuardHome_linux_arm64.tar.gz), [32-bit ARMv5](https://static.adtidy.org/adguardhome/edge/AdGuardHome_linux_armv5.tar.gz), [32-bit ARMv7](https://static.adtidy.org/adguardhome/edge/AdGuardHome_linux_armv7.tar.gz)
+     *  Linux MIPS: [32-bit MIPS](https://static.adtidy.org/adguardhome/edge/AdGuardHome_linux_mips_softfloat.tar.gz), [32-bit MIPSLE](https://static.adtidy.org/adguardhome/edge/AdGuardHome_linux_mipsle_softfloat.tar.gz), [64-bit MIPS](https://static.adtidy.org/adguardhome/edge/AdGuardHome_linux_mips64_softfloat.tar.gz), [64-bit MIPSLE](https://static.adtidy.org/adguardhome/edge/AdGuardHome_linux_mips64le_softfloat.tar.gz)
+     *  Windows: [64-bit](https://static.adtidy.org/adguardhome/edge/AdGuardHome_windows_amd64.zip), [32-bit](https://static.adtidy.org/adguardhome/edge/AdGuardHome_windows_386.zip)
+     *  macOS: [64-bit](https://static.adtidy.org/adguardhome/edge/AdGuardHome_darwin_amd64.zip), [32-bit](https://static.adtidy.org/adguardhome/edge/AdGuardHome_darwin_386.zip)
+     *  macOS ARM: [64-bit](https://static.adtidy.org/adguardhome/edge/AdGuardHome_darwin_arm64.zip)
+     *  FreeBSD: [64-bit](https://static.adtidy.org/adguardhome/edge/AdGuardHome_freebsd_amd64.tar.gz), [32-bit](https://static.adtidy.org/adguardhome/edge/AdGuardHome_freebsd_386.tar.gz)
+     *  FreeBSD ARM: [64-bit](https://static.adtidy.org/adguardhome/edge/AdGuardHome_freebsd_arm64.tar.gz), [32-bit ARMv5](https://static.adtidy.org/adguardhome/edge/AdGuardHome_freebsd_armv5.tar.gz), [32-bit ARMv6](https://static.adtidy.org/adguardhome/edge/AdGuardHome_freebsd_armv6.tar.gz), [32-bit ARMv7](https://static.adtidy.org/adguardhome/edge/AdGuardHome_freebsd_armv7.tar.gz)
+     *  OpenBSD: [64-bit (experimental)](https://static.adtidy.org/adguardhome/edge/AdGuardHome_openbsd_amd64.tar.gz)
+     *  OpenBSD ARM: [64-bit (experimental)](https://static.adtidy.org/adguardhome/edge/AdGuardHome_openbsd_arm64.tar.gz)


 <a id="reporting-issues"></a>
--- a/bamboo-specs/release.yaml
+++ b/bamboo-specs/release.yaml
@@ -7,7 +7,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
  'channel': 'edge'
-  'dockerGo': 'adguard/golang-ubuntu:4.3'
+  'dockerGo': 'adguard/golang-ubuntu:4.5'

 'stages':
 - 'Make release':
@@ -22,11 +22,11 @@
    'jobs':
    - 'Make and publish docker'

- 'Publish to static.adguard.com':
+- 'Publish to static storage':
    'manual': false
    'final': false
    'jobs':
-    - 'Publish to static.adguard.com'
+    - 'Publish to static storage'

 - 'Publish to Snapstore':
    'manual': false
@@ -132,7 +132,7 @@
  'requirements':
  - 'adg-docker': 'true'

-'Publish to static.adguard.com':
+'Publish to static storage':
  'key': 'PUB'
  'other':
    'clean-working-dir': true
@@ -285,7 +285,7 @@
    # need to build a few of these.
    'variables':
      'channel': 'beta'
-      'dockerGo': 'adguard/golang-ubuntu:4.3'
+      'dockerGo': 'adguard/golang-ubuntu:4.5'
 # release-vX.Y.Z branches are the branches from which the actual final release
 # is built.
 - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
@@ -300,4 +300,4 @@
    # are the ones that actually get released.
    'variables':
      'channel': 'release'
-      'dockerGo': 'adguard/golang-ubuntu:4.3'
+      'dockerGo': 'adguard/golang-ubuntu:4.5'
--- a/bamboo-specs/test.yaml
+++ b/bamboo-specs/test.yaml
@@ -5,7 +5,7 @@
  'key': 'AHBRTSPECS'
  'name': 'AdGuard Home - Build and run tests'
 'variables':
-  'dockerGo': 'adguard/golang-ubuntu:4.3'
+  'dockerGo': 'adguard/golang-ubuntu:4.5'

 'stages':
 - 'Tests':
--- a/client/src/__locales/be.json
+++ b/client/src/__locales/be.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Няслушнае імя сервера",
    "form_error_subnet": "Падсетка «{{cidr}}» не ўтрымвае IP-адраса «{{ip}}»",
    "form_error_positive": "Павінна быць больш 0",
+    "form_error_gateway_ip": "Арэнда не можа мець IP-адрас шлюза",
    "out_of_range_error": "Павінна быць па-за дыяпазонам «{{start}}»-«{{end}}»",
    "lower_range_start_error": "Павінна быць менш за пачатак дыяпазону",
    "greater_range_start_error": "Павінна быць больш за пачатак дыяпазону",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "звычайны DNS (праз UDP, імя хаста);",
    "example_upstream_dot": "зашыфраваны <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "зашыфраваны <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "зашыфраваны <0>DNS-over-QUIC (эксперыментальны)</0>;",
+    "example_upstream_doq": "зашыфраваны <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "<0>DNS Stamps</0> для <1>DNSCrypt</1> ці <2>DNS-over-HTTPS</2> рэзалвераў;",
    "example_upstream_tcp": "звычайны DNS (наўзверх TCP);",
    "example_upstream_tcp_hostname": "звычайны DNS (праз TCP, імя хаста);",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Калі порт HTTPS наладжаны, ўэб-інтэрфейс адміністравання AdGuard Home будзе даступны праз HTTPS, а таксама DNS-over-HTTPS сервер будзе даступны па шляху '/dns-query'.",
    "encryption_dot": "Порт DNS-over-TLS",
    "encryption_dot_desc": "Калі гэты порт наладжаны, AdGuard Home запусціць DNS-over-TLS-сервер на гэтаму порту.",
-    "encryption_doq": "Порт DNS-over-QUIC (эксперыментальны)",
-    "encryption_doq_desc": "Калі гэты порт наладжаны, AdGuard Home запусціць сервер DNS-over-QUIC на гэтым порце. Гэта эксперыментальна і можа быць ненадзейна. Апроч таго, не так шмат кліентаў падтрымвае гэты спосаб цяпер.",
+    "encryption_doq": "Порт DNS-over-QUIC",
+    "encryption_doq_desc": "Калі гэты порт наладжаны, AdGuard Home запусціць сервер DNS-over-QUIC на гэтым порце.",
    "encryption_certificates": "Сертыфікаты",
    "encryption_certificates_desc": "Для выкарыстання шыфравання вам трэба падаць валідны ланцужок SSL-сертыфікатаў для вашага дамена. Вы можаце атрымаць дармовы сертыфікат на <0>{{link}}</0> ці вы можаце купіць яго ў аднаго з давераных Цэнтраў Сертыфікацыі.",
    "encryption_certificates_input": "Скапіюйце сюды сертыфікаты ў PEM-кадоўцы.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Заблакаваныя дамены",
    "access_blocked_desc": "Не блытайце гэта з фільтрамі. AdGuard Home будзе ігнараваць DNS-запыты з гэтымі даменамі.",
    "access_settings_saved": "Налады доступу паспяхова захаваны",
-    "updates_checked": "Праверка абнаўленняў прайшла паспяхова",
+    "updates_checked": "Даступная новая версія AdGuard Home",
    "updates_version_equal": "Версія AdGuard Home актуальная",
    "check_updates_now": "Праверыць абнаўленні",
    "dns_privacy": "Зашыфраваны DNS",
--- a/client/src/__locales/cs.json
+++ b/client/src/__locales/cs.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Neplatný název serveru",
    "form_error_subnet": "Podsíť \"{{cidr}}\" neobsahuje IP adresu \"{{ip}}\"",
    "form_error_positive": "Musí být větší než 0",
+    "form_error_gateway_ip": "Pronájem nemůže mít IP adresu brány",
    "out_of_range_error": "Musí být mimo rozsah \"{{start}}\"-\"{{end}}\"",
    "lower_range_start_error": "Musí být menší než začátek rozsahu",
    "greater_range_start_error": "Musí být větší než začátek rozsahu",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "obvyklý DNS (skrze UDP, název hostitele);",
    "example_upstream_dot": "šifrovaný <0>DNS skrze TLS</0>;",
    "example_upstream_doh": "šifrovaný <0>DNS skrze HTTPS</0>;",
-    "example_upstream_doq": "šifrovaný <0>DNS skrze QUIC</0> (experimentální);",
+    "example_upstream_doq": "šifrovaný <0>DNS skrze QUIC</0>;",
    "example_upstream_sdns": "<0>DNS razítka</0> pro <1>DNSCrypt</1> nebo <2>DNS skrze HTTPS</2> řešitele;",
    "example_upstream_tcp": "obvyklý DNS (přes TCP);",
    "example_upstream_tcp_hostname": "obvyklý DNS (skrze TCP, název hostitele);",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Pokud je nakonfigurován port HTTPS, AdGuard Home administrátorské rozhraní bude přístupné přes HTTPS a bude také poskytovat DNS skrze HTTPS na '/dns-query'.",
    "encryption_dot": "DNS skrze TLS port",
    "encryption_dot_desc": "Pokud je tento port nakonfigurován, AdGuard Home bude na tomto portu spouštět DNS skrze TLS server.",
-    "encryption_doq": "Port DNS skrze QUIC (experimentální)",
-    "encryption_doq_desc": "Pokud je tento port nakonfigurován, AdGuard Home spustí na tomto portu server DNS skrze QUIC. Je to experimentální a nemusí být spolehlivé. V současnosti také není příliš mnoho klientů, kteří to podporují.",
+    "encryption_doq": "Port DNS skrze QUIC",
+    "encryption_doq_desc": "Pokud je tento port nakonfigurován, AdGuard Home bude na tomto portu spouštět DNS skrze QUIC server.",
    "encryption_certificates": "Certifikáty",
    "encryption_certificates_desc": "Chcete-li používat šifrování, musíte pro svou doménu poskytnout platný řetězec certifikátů SSL. Certifikát můžete získat bezplatně na adrese <0>{{link}}</ 0>, nebo jej můžete zakoupit od jednoho z důvěryhodných certifikačních úřadů.",
    "encryption_certificates_input": "Zde můžete nakopírovat/vložit certifikáty PEM.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Blokované domény",
    "access_blocked_desc": "Nezaměňujte to s filtry. AdGuard Home zruší dotazy DNS odpovídající těmto doménám a tyto dotazy se neobjeví ani v protokolu dotazů. Zde můžete určit přesné názvy domén, zástupné znaky a pravidla filtrování URL adres, např. \"example.org\", \"*.example.org\" nebo \"||example.org^\".",
    "access_settings_saved": "Nastavení přístupu bylo úspěšně uloženo",
-    "updates_checked": "Aktualizace úspěšně zkontrolovány",
+    "updates_checked": "Nová verze AdGuard Home je k dispozici\n",
    "updates_version_equal": "AdGuard Home je aktuální",
    "check_updates_now": "Zkontrolovat aktualizace nyní",
    "dns_privacy": "Soukromí DNS",
--- a/client/src/__locales/da.json
+++ b/client/src/__locales/da.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "almindelig DNS (over UDP, værtsnavn);",
    "example_upstream_dot": "krypteret <0>DNS-over-TLS</0>",
    "example_upstream_doh": "krypteret <0>DNS-over-HTTPS</0>",
-    "example_upstream_doq": "krypteret <0>DNS-over-QUIC</0>(eksperimentel);",
+    "example_upstream_doq": "krypteret <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "<0>DNS Stamps</0> til <1>DNSCrypt</1> eller <2>DNS-over-HTTPS</2>-opløsere;",
    "example_upstream_tcp": "almindelig DNS (over TCP)",
    "example_upstream_tcp_hostname": "almindelig DNS (over TCP, værtsnavn);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Er HTTPS-porten opsat, vil AdGuard Home admin grænsefladen være tilgængelig via HTTPS, og den vil muliggøre DNS-over-HTTPS på '/dns-query' placeringen.",
    "encryption_dot": "DNS-over-TLS port",
    "encryption_dot_desc": "Er denne port opsat, vil AdGuard Home køre en DNS-over-TLS server på denne port.",
-    "encryption_doq": "DNS-over-QUIC port (eksperimentel)",
-    "encryption_doq_desc": "Er denne port opsat, vil AdGuard Home køre en DNS-over-QUIC server på denne port. Den er eksperimentel og er måske ikke pålidelig. Derudover understøttes den pt. heller ikke af ret mange klienter.",
+    "encryption_doq": "DNS-over-QUIC port",
+    "encryption_doq_desc": "Er denne port opsat, vil AdGuard Home køre en DNS-over-QUIC server på denne port. ",
    "encryption_certificates": "Certifikater",
    "encryption_certificates_desc": "For at kunne bruge kryptering skal du angive en gyldig SSL-certifikatkæde til dit domæne. Du kan få et gratis certifikat via <0>{{link}}</ 0>, eller du kan købe det via en af de betroede Certifikatmyndigheder.",
    "encryption_certificates_input": "Kopiér/indsæt dine PEM-kodede certifikater hér.",
@@ -445,7 +445,7 @@
    "access_blocked_title": "Ikke tilladte domæner",
    "access_blocked_desc": "Ikke at forveksle med filtre. AdGuard Home dropper DNS-forespørgsler matchende disse domæner, ej heller vil forespørgslerne optræde i forespørgselsloggen. Der kan angives præcise domænenavne, jokertegn eller URL-filterregler, f.eks. \"eksempel.org\", \"*.eksempel.org\", \"||eksempel.org^\" eller tilsvarende.",
    "access_settings_saved": "Adgangsindstillinger gemt",
-    "updates_checked": "Opdateringstjek foretaget",
+    "updates_checked": "En ny version af AdGuard Home er tilgængelig\n",
    "updates_version_equal": "AdGuard Home er opdateret",
    "check_updates_now": "Søg efter opdateringer nu",
    "dns_privacy": "DNS-fortrolighed",
--- a/client/src/__locales/de.json
+++ b/client/src/__locales/de.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Ungültiger Servername",
    "form_error_subnet": "Subnetz „{{cidr}}“ enthält nicht die IP-Adresse „{{ip}}“",
    "form_error_positive": "Muss größer als 0 sein",
+    "form_error_gateway_ip": "Lease kann nicht die IP-Adresse des Gateways haben",
    "out_of_range_error": "Muss außerhalb des Bereichs „{{start}}“-„{{end}}“ liegen",
    "lower_range_start_error": "Muss niedriger als der Bereichsbeginn sein",
    "greater_range_start_error": "Muss größer als der Bereichsbeginn sein",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "normales DNS (über UDP, Hostname);",
    "example_upstream_dot": "verschlüsseltes <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "verschlüsseltes <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "verschlüsseltes <0>DNS-over-QUIC</0> (experimentell);",
+    "example_upstream_doq": "verschlüsseltes <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "<0>DNS-Stempel</0> für <1>DNSCrypt</1> oder <2>DNS-over-HTTPS</2> Resolver;",
    "example_upstream_tcp": "reguläres DNS (over TCP);",
    "example_upstream_tcp_hostname": "normales DNS (über TCP, Hostname);",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Wenn der HTTPS-Port konfiguriert ist, ist die AdGuard Home-Administrationsschnittstelle über HTTPS zugänglich und bietet auch DNS-over-HTTPS am Server „/dns-query“.",
    "encryption_dot": "DNS-over-TLS",
    "encryption_dot_desc": "Wenn dieser Port konfiguriert ist, führt AdGuard Home auf diesem Port einen DNS-over-TLS-Server aus.",
-    "encryption_doq": "Port für DNS-over-QUIC (experimentell)",
-    "encryption_doq_desc": "Wenn dieser Port eingerichtet ist, wird AdGuard Home einen DNS-over-QUIC-Server auf diesem Port ausführen. Es ist experimentell und möglicherweise nicht zuverlässig. Außerdem gibt es im Moment nicht allzu viele Clients, die ihn unterstützen.",
+    "encryption_doq": "Port für DNS-over-QUIC",
+    "encryption_doq_desc": "Wenn dieser Port eingerichtet ist, wird AdGuard Home einen DNS-over-QUIC-Server auf diesem Port ausführen. ",
    "encryption_certificates": "Zertifikate",
    "encryption_certificates_desc": "Um die Verschlüsselung verwenden zu können, müssen Sie eine gültige SSL-Zertifikatskette für Ihre Domain angeben. Sie können ein kostenloses Zertifikat für <0>{{link}}</0> erhalten oder es bei einer der vertrauenswürdigen Zertifizierungsstellen kaufen.",
    "encryption_certificates_input": "Kopieren Sie Ihre PEM-codierten Zertifikate und fügen Sie sie hier ein.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Nicht zugelassene Domains",
    "access_blocked_desc": "Verwechseln Sie dies nicht mit Filtern. AdGuard Home verwirft DNS-Abfragen, die mit diesen Domänen übereinstimmen, und diese Abfragen erscheinen nicht einmal im Abfrageprotokoll. Hier können Sie die genauen Domain-Namen, Wildcards und URL-Filter-Regeln angeben, z.B. 'beispiel.org', '*.beispiel.org' oder '||beispiel.org^'.",
    "access_settings_saved": "Zugriffseinstellungen erfolgreich gespeichert",
-    "updates_checked": "Erfolgreich auf Aktualisierungen geprüft",
+    "updates_checked": "Neue Version von AdGuard Home ist jetzt verfügbar",
    "updates_version_equal": "AdGuard Home ist aktuell",
    "check_updates_now": "Jetzt nach Aktualisierungen suchen",
    "dns_privacy": "DNS-Datenschutz",
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Invalid server name",
    "form_error_subnet": "Subnet \"{{cidr}}\" does not contain the IP address \"{{ip}}\"",
    "form_error_positive": "Must be greater than 0",
+    "form_error_gateway_ip": "Lease can't have the IP address of the gateway",
    "out_of_range_error": "Must be out of range \"{{start}}\"-\"{{end}}\"",
    "lower_range_start_error": "Must be lower than range start",
    "greater_range_start_error": "Must be greater than range start",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "regular DNS (over UDP, hostname);",
    "example_upstream_dot": "encrypted <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "encrypted <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "encrypted <0>DNS-over-QUIC</0> (experimental);",
+    "example_upstream_doq": "encrypted <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "<0>DNS Stamps</0> for <1>DNSCrypt</1> or <2>DNS-over-HTTPS</2> resolvers;",
    "example_upstream_tcp": "regular DNS (over TCP);",
    "example_upstream_tcp_hostname": "regular DNS (over TCP, hostname);",
@@ -362,15 +363,15 @@
    "encryption_config_saved": "Encryption configuration saved",
    "encryption_server": "Server name",
    "encryption_server_enter": "Enter your domain name",
-    "encryption_server_desc": "In order to use HTTPS, you need to enter the server name that matches your SSL certificate or wildcard certificate. If the field is not set, it will accept TLS connections for any domain.",
+    "encryption_server_desc": "If set, AdGuard Home detects ClientIDs, responds to DDR queries, and performs additional connection validations. If not set, these features are disabled. Must match one of the DNS Names in the certificate.",
    "encryption_redirect": "Redirect to HTTPS automatically",
    "encryption_redirect_desc": "If checked, AdGuard Home will automatically redirect you from HTTP to HTTPS addresses.",
    "encryption_https": "HTTPS port",
    "encryption_https_desc": "If HTTPS port is configured, AdGuard Home admin interface will be accessible via HTTPS, and it will also provide DNS-over-HTTPS on '/dns-query' location.",
    "encryption_dot": "DNS-over-TLS port",
    "encryption_dot_desc": "If this port is configured, AdGuard Home will run a DNS-over-TLS server on this port.",
-    "encryption_doq": "DNS-over-QUIC port (experimental)",
-    "encryption_doq_desc": "If this port is configured, AdGuard Home will run a DNS-over-QUIC server on this port. It's experimental and may not be reliable. Also, there are not too many clients that support it at the moment.",
+    "encryption_doq": "DNS-over-QUIC port",
+    "encryption_doq_desc": "If this port is configured, AdGuard Home will run a DNS-over-QUIC server on this port.",
    "encryption_certificates": "Certificates",
    "encryption_certificates_desc": "In order to use encryption, you need to provide a valid SSL certificates chain for your domain. You can get a free certificate on <0>{{link}}</0> or you can buy it from one of the trusted Certificate Authorities.",
    "encryption_certificates_input": "Copy/paste your PEM-encoded certificates here.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Disallowed domains",
    "access_blocked_desc": "Not to be confused with filters. AdGuard Home drops DNS queries matching these domains, and these queries don't even appear in the query log. You can specify exact domain names, wildcards, or URL filter rules, e.g. \"example.org\", \"*.example.org\", or \"||example.org^\" correspondingly.",
    "access_settings_saved": "Access settings successfully saved",
-    "updates_checked": "Updates successfully checked",
+    "updates_checked": "A new version of AdGuard Home is available",
    "updates_version_equal": "AdGuard Home is up-to-date",
    "check_updates_now": "Check for updates now",
    "dns_privacy": "DNS Privacy",
--- a/client/src/__locales/es.json
+++ b/client/src/__locales/es.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Nombre de servidor no válido",
    "form_error_subnet": "La subred \"{{cidr}}\" no contiene la dirección IP \"{{ip}}\"",
    "form_error_positive": "Debe ser mayor que 0",
+    "form_error_gateway_ip": "Asignación no puede tener la dirección IP de la puerta de enlace",
    "out_of_range_error": "Debe estar fuera del rango \"{{start}}\"-\"{{end}}\"",
    "lower_range_start_error": "Debe ser inferior que el inicio de rango",
    "greater_range_start_error": "Debe ser mayor que el inicio de rango",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "DNS regular (mediante UDP, nombre del host).",
    "example_upstream_dot": "cifrado <0>DNS mediante TLS</0>.",
    "example_upstream_doh": "cifrado <0>DNS mediante HTTPS</0>.",
-    "example_upstream_doq": "cifrado <0>DNS mediante QUIC</0> (experimental).",
+    "example_upstream_doq": "cifrado <0>DNS mediante QUIC</0>.",
    "example_upstream_sdns": "<0>DNS Stamps</0> para <1>DNSCrypt</1> o resolutores <2>DNS mediante HTTPS</2>.",
    "example_upstream_tcp": "DNS regular (mediante TCP).",
    "example_upstream_tcp_hostname": "DNS regular (mediante TCP, nombre del host).",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Si el puerto HTTPS está configurado, la interfaz de administración de AdGuard Home será accesible a través de HTTPS, y también proporcionará DNS mediante HTTPS en la ubicación '/dns-query'.",
    "encryption_dot": "Puerto DNS mediante TLS",
    "encryption_dot_desc": "Si este puerto está configurado, AdGuard Home ejecutará un servidor DNS mediante TLS en este puerto.",
-    "encryption_doq": "Puerto DNS mediante QUIC (experimental)",
-    "encryption_doq_desc": "Si este puerto está configurado, AdGuard Home ejecutará un servidor DNS mediante QUIC en este puerto. Es experimental y puede no ser confiable. Además, no hay muchos clientes que lo soporten por el momento.",
+    "encryption_doq": "Puerto DNS mediante QUIC",
+    "encryption_doq_desc": "Si este puerto está configurado, AdGuard Home ejecutará un servidor DNS mediante QUIC en este puerto.",
    "encryption_certificates": "Certificados",
    "encryption_certificates_desc": "Para utilizar el cifrado, debes proporcionar una cadena de certificado SSL válida para tu dominio. Puedes obtener un certificado gratuito en <0>{{link}}</0> o puedes comprarlo en una de las autoridades de certificación de confianza.",
    "encryption_certificates_input": "Copia/pega aquí tu certificado codificado PEM.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Dominios no permitidos",
    "access_blocked_desc": "No debe confundirse con filtros. AdGuard Home descartará las consultas DNS que coincidan con estos dominios, y estas consultas ni siquiera aparecerán en el registro de consultas. Puedes especificar nombres de dominio exactos, comodines o reglas de filtrado de URL, por ejemplo: \"ejemplo.org\", \"*.ejemplo.org\" o \"||ejemplo.org^\" correspondientemente.",
    "access_settings_saved": "Configuración de acceso guardado correctamente",
-    "updates_checked": "Actualizaciones comprobadas correctamente",
+    "updates_checked": "La nueva versión de AdGuard Home está disponible",
    "updates_version_equal": "AdGuard Home está actualizado",
    "check_updates_now": "Buscar actualizaciones ahora",
    "dns_privacy": "DNS cifrado",
--- a/client/src/__locales/fa.json
+++ b/client/src/__locales/fa.json
@@ -6,7 +6,6 @@
    "bootstrap_dns": "خودراه انداز سرورهای DNS",
    "bootstrap_dns_desc": "خودراه انداز سرورهای DNS برای تفکیک آدرس آی پی  تفکیک کننده های DoH/DoT که شما بعنوان جریان ارسالی تعیین کردید استفاده میشود.",
    "local_ptr_title": "سرورهای خصوصی DNS",
-    "local_ptr_desc": "سرور یا سرور های DNS ای که AdGuard Home برای درخواست های منابع محلی ارائه شده مورد استفاده قرار خواهد داد. برای مثال، این سرور برای تعیین نام های سرویس دهنده برای سرویس گیرنده با آدرس های آی پی خصوصی مورد استفاده قرار خواهد گرفت. اگر تعیین نشود،AdGuard Home به طور خودکار از تعیین کننده ی DNS پیش فرض شما استفاده خواهد کرد.",
    "local_ptr_default_resolver": "به طور پیش فرض، AdGuard Home از تعیین کننده های DNS معکوس زیر استفاده می کند: {{ip}}.",
    "local_ptr_no_default_resolver": "AdGuard Home نتوانست برای این دستگاه تعیین کننده های DNS معکوس محرمانه مناسب را معین کند.",
    "local_ptr_placeholder": "در هر خط یک آدرس سرور را وارد کنید",
@@ -321,7 +320,6 @@
    "install_devices_android_list_5": "گروه مقادیر DNS 1 و DNS 2 را به آدرس سرور AdGuard Home خود تغییر دهید.",
    "install_devices_ios_list_1": "از صفحه خانه،تنظیمات را فشار دهید.",
    "install_devices_ios_list_2": "وای فای را از منوی چپ انتخاب کنید (پیکربندی DNS دستی برای ارتباط موبایلی غیرممکن است).",
-    "install_devices_ios_list_3": "روی نام شبکه فعال فعلی کلیک کنید.",
    "install_devices_ios_list_4": "در فیلد DNS آدرس سرور AdGuard Home را وارد کنید",
    "get_started": "شروع به کار",
    "next": "بعدی",
@@ -413,7 +411,7 @@
    "access_blocked_title": "دامنه های مسدود شده",
    "access_blocked_desc": "این را با فیلتر ها به اشتباه نگیرید.AdGuard Home  جستار DNS را با این دامنه ها در جستار سوال ها نمی پذیرد.",
    "access_settings_saved": "تنظیمات دسترسی با موفقیت ذخیره شد",
-    "updates_checked": "بروز رسانی با موفقیت بررسی شد",
+    "updates_checked": "نسخه جدیدی از AdGuard Home در دسترس است",
    "updates_version_equal": "AdGuard Home بروز است",
    "check_updates_now": "حالا بررسی برای بروز رسانی",
    "dns_privacy": "حریم خصوصی DNS",
--- a/client/src/__locales/fi.json
+++ b/client/src/__locales/fi.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Virheellinen palvelimen nimi",
    "form_error_subnet": "Aliverkko \"{{cidr}}\" ei sisällä IP-osoitetta \"{{ip}}\"",
    "form_error_positive": "Oltava suurempi kuin 0",
+    "form_error_gateway_ip": "Lainalla ei voi olla yhdyskäytävän IP-osoitetta",
    "out_of_range_error": "Oltava alueen \"{{start}}\" - \"{{end}}\" ulkopuolella",
    "lower_range_start_error": "Oltava alueen aloitusarvoa pienempi",
    "greater_range_start_error": "Oltava alueen aloitusarvoa suurempi",
@@ -70,7 +71,7 @@
    "dhcp_error": "AdGuard Home ei voinut tunnistaa, onko verkossa toista aktiivista DHCP-palvelinta",
    "dhcp_static_ip_error": "Jotta DHCP-palvelinta voidaan käyttää, on määritettävä kiinteä IP-osoite. AdGuard Home ei voinut tunnistaa, onko tälle verkkosovittimelle määritetty IP-osoite kiinteä. Määritä kiinteä IP-osoite itse.",
    "dhcp_dynamic_ip_found": "Järjestelmäsi käyttää verkkosovittimelle <0>{{interfaceName}}</0> dynaamista IP-osoitetta. Jotta voit käyttää DHCP-palvelinta, on sovittimelle määritettävä kiinteä IP-osoite. Nykyinen IP-osoitteesi on <0>{{ipAddress}}</0>. Tämä osoite määritetään automaattisesti kiinteäksi, jos painat \"Ota DHCP-palvelin käyttöön\" -painiketta.",
-    "dhcp_lease_added": "Kiinteä laina \"{{key}}\" on lisätty",
+    "dhcp_lease_added": "Kiinteä laina \"{{key}}\" lisättiin",
    "dhcp_lease_deleted": "Kiinteä laina \"{{key}}\" poistettiin",
    "dhcp_new_static_lease": "Uusi kiinteä laina",
    "dhcp_static_leases_not_found": "Kiinteitä DHCP-lainoja ei löytynyt",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "tavallinen DNS (UDP, isäntänimi);",
    "example_upstream_dot": "salattu <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "salattu <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "salattu <0>DNS-over-QUIC</0> (kokeellinen);",
+    "example_upstream_doq": "salattu <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "<0>DNS Stamp</0> -merkinnät <1>DNSCrypt</1> tai <2>DNS-over-HTTPS</2> -resolvereille;",
    "example_upstream_tcp": "tavallinen DNS (TCP:n välityksellä);",
    "example_upstream_tcp_hostname": "tavallinen DNS (TCP, isäntänimi);",
@@ -344,12 +345,12 @@
    "install_devices_macos_list_2": "Paina \"Verkko\".",
    "install_devices_macos_list_3": "Valitse listan ensimmäinen yhteys ja paina \"Lisävalinnat\".",
    "install_devices_macos_list_4": "Valitse DNS-välilehti ja syötä AdGuard Home -palvelimesi osoitteet.",
-    "install_devices_android_list_1": "Napauta Android-laitteesi aloitusnäytöstä tai sovellusvalikosta \"Asetukset\".",
-    "install_devices_android_list_2": "Napauta \"Yhteydet\" ja sitten \"Wi-Fi\". Näytetään kaikki käytettävissä olevat langattomat verkot (mobiiliverkolle ei ole mahdollista määrittää omaa DNS-palvelinta).",
-    "install_devices_android_list_3": "Napauta yhdistetyn verkon vieressä olevaa asetuskuvaketta tai paina verkkoa pitkään ja valitse \"Muokkaa verkkoa\".",
-    "install_devices_android_list_4": "Saatat joutua napauttamaan \"Lisäasetukset\" nähdäksesi lisää valintoja. Muuttaaksesi DNS-asetuksia, on \"IP-asetukset\" -kohdan \"DHCP\" -valinta vaihdettava \"Staattinen\" -valintaan.",
+    "install_devices_android_list_1": "Paina Android-laitteesi aloitusnäytöstä tai sovellusvalikosta \"Asetukset\".",
+    "install_devices_android_list_2": "Paina \"Yhteydet\" ja sitten \"Wi-Fi\". Kaikki käytettävissä olevat langattomat verkot näytetään (mobiiliverkolle ei ole mahdollista määrittää omaa DNS-palvelinta).",
+    "install_devices_android_list_3": "Paina yhdistetyn verkon vieressä olevaa asetuskuvaketta tai paina verkkoa pitkään ja valitse \"Muokkaa verkkoa\".",
+    "install_devices_android_list_4": "Saatat joutua painamaan \"Lisäasetukset\" nähdäksesi enemmän valintoja. Muuttaaksesi DNS-asetuksia, on \"IP-asetukset\" -kohdan \"DHCP\" -valinta vaihdettava \"Staattinen\" -valintaan.",
    "install_devices_android_list_5": "Syötä \"DNS 1\" ja \"DNS 2\" -kenttiin AdGuard Home -palvelimesi osoitteet.",
-    "install_devices_ios_list_1": "Napauta aloitusnäytöstä \"Asetukset\".",
+    "install_devices_ios_list_1": "Paina aloitusnäytöstä \"Asetukset\".",
    "install_devices_ios_list_2": "Valitse vasemmalta \"Wi-Fi\" (mobiiliverkolle ei ole mahdollista määrittää omaa DNS-palvelinta).",
    "install_devices_ios_list_3": "Valitse tällä hetkellä aktiivinen verkko.",
    "install_devices_ios_list_4": "Syötä \"DNS\" -kenttään AdGuard Home -palvelimesi osoitteet.",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Jos HTTPS-portti on määritetty, on AdGuard Homen hallintapaneeli käytettävissä HTTPS-yhteydellä ja lisäksi tämä mahdollistaa myös DNS-over-HTTPS -yhteyden '/dns-query' -kohteessa.",
    "encryption_dot": "DNS-over-TLS -portti",
    "encryption_dot_desc": "Jos portti on määritetty, AdGuard Home suorittaa DNS-over-TLS -palvelimen tässä portissa.",
-    "encryption_doq": "DNS-over-QUIC -portti (kokeellinen)",
-    "encryption_doq_desc": "Jos portti on määritetty, AdGuard Home suorittaa DNS-over-QUIC -palvelimen tässä portissa. Ominaisuus on kokeellinen, eikä välttämättä luotettava. Lisäksi tätä tukevia päätelaitteita ei vielä ole kovin paljon.",
+    "encryption_doq": "DNS-over-QUIC-portti",
+    "encryption_doq_desc": "Jos portti on määritetty, AdGuard Home suorittaa DNS-over-QUIC-palvelimen tässä portissa.",
    "encryption_certificates": "Varmenteet",
    "encryption_certificates_desc": "Salauksen käyttämiseksi, on syötettävä verkkotunnuksellesi myönnetty, aito SSL-varmenneketju. Voit hankkia ilmaisen varmenteen osoitteesta <0>{{link}}</0> tai ostaa sellaisen joltakin luotetulta varmentajalta.",
    "encryption_certificates_input": "Kopioi/liitä PEM-koodatut varmenteesi tähän.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Kielletyt verkkotunnukset",
    "access_blocked_desc": "Ei pidä sekoittaa suodattimiin. AdGuard Home hylkää näiden verkkotunnusten DNS-pyynnöt, eivätkä nämä pyynnöt näy edes pyyntöhistoriassa. Tähän voidaan syöttää tarkkoja verkkotunnuksia, jokerimerkkejä tai URL-suodatussääntöjä, kuten \"example.org\", \"*.example.org\" tai \"||example.org^\".",
    "access_settings_saved": "Käytön asetukset tallennettiin",
-    "updates_checked": "Päivitykset tarkastettiin",
+    "updates_checked": "Uusi versio AdGuard Home -ohjelmasta on saatavana\n",
    "updates_version_equal": "AdGuard Home on ajan tasalla",
    "check_updates_now": "Tarkista päivitykset nyt",
    "dns_privacy": "DNS-tietosuoja",
--- a/client/src/__locales/fr.json
+++ b/client/src/__locales/fr.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Nom de serveur invalide",
    "form_error_subnet": "Le sous-réseau « {{cidr}} » ne contient pas l'adresse IP « {{ip}} »",
    "form_error_positive": "Doit être supérieur à 0",
+    "form_error_gateway_ip": "Le bail ne peut pas avoir d'adresse IP de la passerelle",
    "out_of_range_error": "Doit être hors plage « {{start}} » - « {{end}} »",
    "lower_range_start_error": "Doit être inférieur au début de plage",
    "greater_range_start_error": "Doit être supérieur au début de plage",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "DNS normal (sur UDP, nom d’hôte) ;",
    "example_upstream_dot": "<0>DNS-over-TLS</0> chiffré ;",
    "example_upstream_doh": "<0>DNS-over-HTTPS</0> chiffré ;",
-    "example_upstream_doq": "<0>DNS-over-QUIC</0> chiffré (expérimental) ;",
+    "example_upstream_doq": "<0>DNS-over-QUIC</0> chiffré;",
    "example_upstream_sdns": "vous pouvez utiliser <0>DNS Stamps</0> pour <1>DNSCrypt</1> ou les résolveurs <2>DNS_over_HTTPS</2> ;",
    "example_upstream_tcp": "DNS classique (au-dessus de TCP) ;",
    "example_upstream_tcp_hostname": "DNS normal (sur TCP, nom d’hôte) ;",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Si le port HTTPS est configuré, l'interface administrateur de AdGuard Home sera accessible via HTTPS et fournira aussi un service DNS-over-HTTPS sur l'emplacement '/dns-query'.",
    "encryption_dot": "Port DNS-over-TLS",
    "encryption_dot_desc": "Si ce port est configuré, AdGuard Home exécutera un serveur DNS-over-TLS sur ce port.",
-    "encryption_doq": "Port DNS sur QUIC (expérimental)",
-    "encryption_doq_desc": "Si ce port est configuré, AdGuard Home exécutera un serveur DNS sur QUIC sur ce port. Ceci est expérimental et possiblement pas entièrement fiable. Peu de clients le prennent en charge actuellement.",
+    "encryption_doq": "Port DNS sur QUIC",
+    "encryption_doq_desc": "Si ce port est configuré, AdGuard Home exécutera un serveur DNS sur QUIC sur ce port. ",
    "encryption_certificates": "Certificats",
    "encryption_certificates_desc": "Pour utiliser le chiffrement, vous devez fournir une chaîne de certificats SSL valide pour votre domaine. Vous pouvez en obtenir une gratuitement sur <0>{{link}}</0> ou vous pouvez en acheter une via les Autorités de Certification de confiance.",
    "encryption_certificates_input": "Copiez/coller vos certificats encodés PEM ici.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Domaines interdits",
    "access_blocked_desc": "A ne pas confondre avec les filtres. AdGuard Home rejette les requêtes DNS correspondant à ces domaines, et ces requêtes n'apparaissent même pas dans le journal des requêtes. Vous pouvez spécifier des noms de domaine exacts, des caractères génériques ou des règles de filtrage d'URL, par exemple « exemple.org », « *.exemple.org » ou « ||example.org^ » de manière correspondante.",
    "access_settings_saved": "Paramètres d'accès enregistrés avec succès",
-    "updates_checked": "Mises à jour vérifiées",
+    "updates_checked": "Une nouvelle version de AdGuard Home est disponible",
    "updates_version_equal": "AdGuard Home est à jour",
    "check_updates_now": "Vérifier les mises à jour",
    "dns_privacy": "Confidentialité DNS",
--- a/client/src/__locales/hr.json
+++ b/client/src/__locales/hr.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Nevažeće ime poslužitelja",
    "form_error_subnet": "Podmrežu \"{{cidr}}\" ne sadrži IP adresu \"{{ip}}\"",
    "form_error_positive": "Mora biti veće od 0",
+    "form_error_gateway_ip": "Najam ne može imati IP adresu pristupnika",
    "out_of_range_error": "Mora biti izvan ranga \"{{start}}\"-\"{{end}}\"",
    "lower_range_start_error": "Mora biti niže od početnog ranga",
    "greater_range_start_error": "Mora biti veće od krajnjeg ranga",
@@ -370,7 +371,7 @@
    "encryption_dot": "DNS-over-TLS port",
    "encryption_dot_desc": "Ako je ovaj port postavljen, AdGuard Home će pokrenuti DNS-over-TLS poslužitelj na ovom portu.",
    "encryption_doq": "DNS-over-QUIC port (eksperimentalno)",
-    "encryption_doq_desc": "Ako je ovaj port postavljen, AdGuard Home će na ovom portu pokrenuti DNS-over-QUIC poslužitelj. Eksperimentalno je i možda nije pouzdano. Također, trenutno nema previše klijenata koji to podržavaju.",
+    "encryption_doq_desc": "Ako je ovaj priključak konfiguriran, AdGuard Home će na ovom priključku pokretati DNS-over-QUIC poslužitelj.",
    "encryption_certificates": "Certifikati",
    "encryption_certificates_desc": "Da biste koristili šifriranje, za svoju domenu morate osigurati važeći lanac SSL certifikata. Besplatan certifikat možete dobiti na <0>{{link}}</0> ili ga možete kupiti od jednog od pouzdanih izdavatelja certifikata.",
    "encryption_certificates_input": "Zalijepite svoje PEM-kodirane certifikate ovdje.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Nedopuštene domene",
    "access_blocked_desc": "Ne smije se miješati s filterima. AdGuard Home ispušta DNS upite koji odgovaraju tim domenama, a ti se upiti čak i ne pojavljuju u zapisniku upita. Možete navesti točne nazive domena, zamjenske znakove ili pravila filtriranja URL-a, npr || example.org example.org. example.org^\" u skladu s tim.",
    "access_settings_saved": "Postavke pristupa su uspješno spremljene",
-    "updates_checked": "Uspješna provjera ažuriranja",
+    "updates_checked": "Dostupna je nova verzija AdGuard Home-a",
    "updates_version_equal": "AdGuard Home je ažuriran",
    "check_updates_now": "Provjeri ažuriranja sada",
    "dns_privacy": "DNS privatnost",
@@ -511,7 +512,7 @@
    "statistics_configuration": "Postavke statistike",
    "statistics_retention": "Spremanje statistike",
    "statistics_retention_desc": "Ako smanjite vrijednost intervala, neki će podaci biti izgubljeni",
-    "statistics_clear": " Poništi statistiku",
+    "statistics_clear": "Poništi statistiku",
    "statistics_clear_confirm": "Jeste li sigurni da želite poništiti statistiku?",
    "statistics_retention_confirm": "Jeste li sigurni da želite promijeniti zadržavanje statistike? Ako smanjite vrijednost intervala, neki će podaci biti izgubljeni",
    "statistics_cleared": "Statistika je uspješno uklonjenja",
--- a/client/src/__locales/hu.json
+++ b/client/src/__locales/hu.json
@@ -9,7 +9,7 @@
    "bootstrap_dns": "Bootstrap DNS kiszolgálók",
    "bootstrap_dns_desc": "A Bootstrap DNS szerverek a DoH/DoT feloldók IP-címeinek feloldására szolgálnak.",
    "local_ptr_title": "Privát DNS szerverek",
-    "local_ptr_desc": "Azok a DNS szerverek, amiket az AdGuard Home a helyi PTR kérésekhez használ. Ezeket a szervereket arra használjuk, hogy reverse DNS által feloldjuk a kliensek hosztneveit privát IP címekre, például \"192.168.12.34\". Ha nincs beállítva, akkor az AdGuard Home, kivéve az ő saját címét, az operációs rendszer alapértelmezett DNS feloldók címeit fogja használni.",
+    "local_ptr_desc": "Azok a DNS szerverek, amiket az AdGuard Home a helyi PTR kérésekhez használ. ",
    "local_ptr_default_resolver": "Alapesetben az AdGuard Home a következő reverse DNS feloldókat használja: {{ip}}.",
    "local_ptr_no_default_resolver": "Az AdGuard Home nem tudta meghatározni a privát reverse DNS feloldókat ehhez a rendszerhez.",
    "local_ptr_placeholder": "Adjon meg soronként egy kiszolgáló címet",
@@ -47,6 +47,7 @@
    "form_error_server_name": "Érvénytelen szervernév",
    "form_error_subnet": "A(z) \"{{cidr}}\" alhálózat nem tartalmazza a(z) \"{{ip}}\" IP címet",
    "form_error_positive": "0-nál nagyobbnak kell lennie",
+    "form_error_gateway_ip": "A bérleti szerződés nem tartalmazhatja az átjáró IP-címét",
    "out_of_range_error": "A következő tartományon kívül legyen: \"{{start}}\"-\"{{end}}\"",
    "lower_range_start_error": "Kisebb legyen, mint a tartomány kezdete",
    "greater_range_start_error": "Nagyobbnak kell lennie, mint a tartomány kezdete",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "normál DNS (UDP felett, hostnév);",
    "example_upstream_dot": "titkosított <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "titkosított <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "titkosított <0>DNS-over-QUIC</0> (kísérleti);",
+    "example_upstream_doq": "titkosított <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "<0>DNS Stamps</0> a <1>DNSCrypt</1> vagy <2>DNS-over-HTTPS</2> feloldókhoz;",
    "example_upstream_tcp": "hagyományos DNS (TCP felett);",
    "example_upstream_tcp_hostname": "normál DNS (TCP felett, hostnév);",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Ha a HTTPS port konfigurálva van, akkor az AdGuard Home admin felülete elérhető lesz a HTTPS-en keresztül, és ezenkívül DNS-over-HTTPS-t is biztosít a '/dns-query' helyen.",
    "encryption_dot": "DNS-over-TLS port",
    "encryption_dot_desc": "Ha ez a port be van állítva, az AdGuard Home DNS-over-TLS szerverként tud futni ezen a porton.",
-    "encryption_doq": "DNS-over-QUIC port (kísérleti)",
-    "encryption_doq_desc": "Ha ez a port be van állítva, akkor az AdGuard Home egy DNS-over-QUIC szerverként fog futni ezen a porton. Ez egy kísérleti funkció és nem biztos, hogy megbízható. Emellett nincs sok olyan kliens, ami támogatná ezt jelenleg.",
+    "encryption_doq": "DNS-over-QUIC port",
+    "encryption_doq_desc": "Ha ez a port be van állítva, akkor az AdGuard Home egy DNS-over-QUIC szerverként fog futni ezen a porton. ",
    "encryption_certificates": "Tanúsítványok",
    "encryption_certificates_desc": "A titkosítás használatához érvényes SSL tanúsítványláncot kell megadnia a domainjéhez. Ingyenes tanúsítványt kaphat a <0>{{link}}</0> webhelyen, vagy megvásárolhatja az egyik megbízható tanúsítványkibocsátó hatóságtól.",
    "encryption_certificates_input": "Másolja be ide a PEM-kódolt tanúsítványt.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Nem engedélyezett domainek",
    "access_blocked_desc": "Ne keverje össze ezt a szűrőkkel. Az AdGuard Home az összes DNS kérést el fogja dobni, ami ezekkel a domainekkel megegyezik, és ezek a lekérések nem is fognak megjelenni a lekérdezési naplóban sem. Megadhatja a pontos domain neveket, a helyettesítő karaktereket vagy az URL szűrési szabályokat, pl. ennek megfelelően \"example.org\", \"*.example.org\", vagy \"||example.org^\".",
    "access_settings_saved": "A hozzáférési beállítások sikeresen mentésre kerültek",
-    "updates_checked": "A frissítések sikeresen ellenőrizve lettek",
+    "updates_checked": "Elérhető az AdGuard Home új verziója",
    "updates_version_equal": "Az AdGuard Home naprakész",
    "check_updates_now": "Frissítések ellenőrzése most",
    "dns_privacy": "DNS Adatvédelem",
--- a/client/src/__locales/id.json
+++ b/client/src/__locales/id.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "DNS biasa (lebih dari UDP, nama host);",
    "example_upstream_dot": "terenkripsi <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "terenkripsi <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "terenkripsi <0>DNS-over-QUIC</0> (eksperimental);",
+    "example_upstream_doq": "terenkripsi <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "<0>Stempel DNS</0> untuk <1>DNSCrypt</1> atau pengarah <2>DNS-over-HTTPS</2>;",
    "example_upstream_tcp": "DNS reguler (melalui TCP);",
    "example_upstream_tcp_hostname": "DNS biasa (lebih dari TCP, nama host);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Jika port HTTPS dikonfigurasi, antarmuka admin Home AdGuard akan dapat diakses melalui HTTPS, dan itu juga akan memberikan DNS-over-HTTPS di lokasi '/ dns-query'.",
    "encryption_dot": "Port DNS-over-TLS",
    "encryption_dot_desc": "Jika port ini terkonfigurasi, AdGuard Home akan menjalankan server DNS-over-TLS dalam port ini",
-    "encryption_doq": "Port DNS-over-QUIC (eksperimental)",
-    "encryption_doq_desc": "Jika port ini diatur secara sepesifik, AdGuard Home akan menjalankan server DNS-lewat-QUIC pada port ini. Ini adalah eksperimental dan mungkin tidak dapat diandalkan. Juga, tidak banyak klien yang mendukungnya saat ini.",
+    "encryption_doq": "Port DNS-over-QUIC ",
+    "encryption_doq_desc": "Jika port ini diatur secara sepesifik, AdGuard Home akan menjalankan server DNS-lewat-QUIC pada port ini.",
    "encryption_certificates": "Sertifikat",
    "encryption_certificates_desc": "Untuk menggunakan enkripsi, Anda perlu memberikan rantai sertifikat SSL yang valid untuk domain Anda. Anda bisa mendapatkan sertifikat gratis di <0>{{link}}</0> atau Anda dapat membelinya dari salah satu Otoritas Sertifikat tepercaya.",
    "encryption_certificates_input": "Salin / rekatkan sertifikat PEM yang disandikan di sini.",
@@ -445,7 +445,7 @@
    "access_blocked_title": "Domain yang diblokir",
    "access_blocked_desc": "Jangan bingung dengan filter. AdGuard Home menghapus kueri DNS yang cocok dengan domain ini, dan kueri ini bahkan tidak muncul di log kueri. Anda dapat menentukan nama domain, karakter pengganti, atau aturan filter URL yang tepat, mis. \"example.org\", \"*.example.org\", atau \"||example.org^\" yang sesuai.",
    "access_settings_saved": "Pengaturan akses berhasil disimpan",
-    "updates_checked": "Pembaruan berhasil dicek",
+    "updates_checked": "Versi baru AdGuard Home tersedia\n",
    "updates_version_equal": "AdGuard Home sudah tebaru",
    "check_updates_now": "Periksa pembaruan sekarang",
    "dns_privacy": "DNS Privasi",
--- a/client/src/__locales/it.json
+++ b/client/src/__locales/it.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Nome server non valido",
    "form_error_subnet": "Il subnet \"{{cidr}}\" non contiene l'indirizzo IP \"{{ip}}\"",
    "form_error_positive": "Deve essere maggiore di 0",
+    "form_error_gateway_ip": "Il leasing non può avere l'indirizzo IP del gateway",
    "out_of_range_error": "Deve essere fuori intervallo \"{{start}}\"-\"{{end}}\"",
    "lower_range_start_error": "Deve essere inferiore dell'intervallo di inizio",
    "greater_range_start_error": "Deve essere maggiore dell'intervallo di inizio",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "DNS regolare (over UDP, nome host);",
    "example_upstream_dot": "<0>DNS su TLS</0> crittografato;",
    "example_upstream_doh": "<0>DNS su HTTPS</0> crittografato;",
-    "example_upstream_doq": "<0>DNS su QUIC</0> crittografato (sperimentale);",
+    "example_upstream_doq": "<0>DNS su QUIC</0> crittografato;",
    "example_upstream_sdns": "<0>DNS Stamps</0> per <1>DNSCrypt</1> oppure i risolutori <2>DNS su HTTPS</2>;",
    "example_upstream_tcp": "DNS regolare (over TCP);",
    "example_upstream_tcp_hostname": "DNS regolare (over TCP, nome host);",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Se la porta HTTPS è configurata, l'interfaccia di amministrazione di AdGuard Home sarà accessibile tramite HTTPS e fornirà anche DNS su HTTPS nella posizione \"/ dns-query\".",
    "encryption_dot": "DNS su porta TLS",
    "encryption_dot_desc": "Se questa porta è configurata, AdGuard Home eseguirà un server DNS su TLS su questa porta.",
-    "encryption_doq": "Porta DNS su QUIC (sperimentale)",
-    "encryption_doq_desc": "Se questa porta è configurata, AdGuard Home eseguirà un server DNS su porta QUIC. Questa opzione è sperimentale e potrebbe non risultare affidabile. Inoltre, al momento non sono molti i client a supportarla.",
+    "encryption_doq": "Porta DNS su QUIC",
+    "encryption_doq_desc": "Se questa porta è configurata, AdGuard Home eseguirà un server DNS su porta QUIC. ",
    "encryption_certificates": "Certificati",
    "encryption_certificates_desc": "Per utilizzare la crittografia, è necessario fornire una catena di certificati SSL valida per il proprio dominio. Puoi ottenere un certificato gratuito su <0> {{link}} </ 0> o puoi acquistarlo da una delle Autorità di certificazione attendibili.",
    "encryption_certificates_input": "Copia / incolla qui i certificati codificati PEM.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Domini bloccati",
    "access_blocked_desc": "Da non confondere con i filtri. AdGuard Home eliminerà le richieste DNS corrispondenti a questi domini e queste richieste non verranno visualizzate nel relativo registro. Puoi specificare nomi di dominio esatti, caratteri jolly o regole di filtraggio URL, ad esempio \"esempio.org\", \"*.esempio.org\" o \"||esempio.org^\".",
    "access_settings_saved": "Impostazioni di accesso salvate correttamente",
-    "updates_checked": "Verifica aggiornamenti riuscita",
+    "updates_checked": "Nuova versione di AdGuard Home è disponibile",
    "updates_version_equal": "AdGuard Home è aggiornato",
    "check_updates_now": "Ricerca aggiornamenti ora",
    "dns_privacy": "Privacy DNS",
--- a/client/src/__locales/ja.json
+++ b/client/src/__locales/ja.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "サーバー名が無効です",
    "form_error_subnet": "IPアドレス「{{ip}}」がサブネット「{{cidr}}」に含まれていません",
    "form_error_positive": "0より大きい値でなければなりません",
+    "form_error_gateway_ip": "リースはゲートウェイのIPアドレスになっていることができません",
    "out_of_range_error": "\"{{start}}\"〜\"{{end}}\" の範囲外である必要があります",
    "lower_range_start_error": "範囲開始よりも低い値である必要があります",
    "greater_range_start_error": "範囲開始値より大きい値でなければなりません",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "通常のDNS（over UDP, ホスト名）。",
    "example_upstream_dot": "暗号化されている <0>DNS-over-TLS</0>。",
    "example_upstream_doh": "暗号化されている <0>DNS-over-HTTPS</0>。",
-    "example_upstream_doq": "暗号化 <0>DNS-over-QUIC</0>（実験的）。",
+    "example_upstream_doq": "暗号化 <0>DNS-over-QUIC</0>。",
    "example_upstream_sdns": "<1>DNSCrypt</1> または <2>DNS-over-HTTPS</2> リゾルバのための <0>DNS Stamps</0>。",
    "example_upstream_tcp": "通常のDNS（over TCP）。",
    "example_upstream_tcp_hostname": "通常のDNS（over TCP, ホスト名）。",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "HTTPSポートが設定されていると、AdGuard Home 管理インターフェースはHTTPS経由でアクセス可能になり、そして「/dns-query」の場所にDNS-over-HTTPSも提供されます。",
    "encryption_dot": "DNS-over-TLS ポート",
    "encryption_dot_desc": "このポートが設定されていると、AdGuard HomeはこのポートでDNS-over-TLSサーバを実行します。",
-    "encryption_doq": "DNS-over-QUIC ポート (実験的)",
-    "encryption_doq_desc": "このポートが設定されていると、AdGuard HomeはこのポートにてDNS-over-QUICサーバーを実行します。これは実験的なものであり、頼りにならない可能性があります。また、現時点ではこのサーバーをサポートするクライアントも少ないです。",
+    "encryption_doq": "DNS-over-QUIC ポート",
+    "encryption_doq_desc": "このポートが設定されていると、AdGuard HomeはこのポートにてDNS-over-QUICサーバーを実行します。",
    "encryption_certificates": "証明書",
    "encryption_certificates_desc": "暗号化を使用するには、ドメインに有効なSSL証明書チェーンを提供する必要があります。無料の証明書は<0> {{link}} </0>で入手できます。または、信頼できる認証局のいずれかから購入することもできます。",
    "encryption_certificates_input": "ここにPEM形式の証明書をコピー／ペーストしてください。",
@@ -445,7 +446,7 @@
    "access_blocked_title": "拒否するドメイン",
    "access_blocked_desc": "こちらをフィルタと混同しないでください。AdGuard Homeは、ここで入力されたドメインに一致するDNSクエリをドロップし、そういったクエリはクエリログにも表示されません。ここでは、「example.org」、「*.example.org」、「 ||example.org^ 」など、特定のドメイン名、ワイルドカード、URLフィルタルールを入力できます。",
    "access_settings_saved": "アクセス設定の保存に成功しました",
-    "updates_checked": "アップデートの確認に成功しました",
+    "updates_checked": "AdGuard Homeの新バージョンが利用可能です。",
    "updates_version_equal": "AdGuard Homeは既に最新です",
    "check_updates_now": "今すぐアップデートを確認する",
    "dns_privacy": "DNSプライバシー",
--- a/client/src/__locales/ko.json
+++ b/client/src/__locales/ko.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "유효하지 않은 서버 이름",
    "form_error_subnet": "서브넷 \"{{cidr}}\"에 \"{{ip}}\" IP 주소가 없습니다",
    "form_error_positive": "0보다 커야 합니다",
+    "form_error_gateway_ip": "임대는 게이트웨이의 IP 주소를 가질 수 없습니다",
    "out_of_range_error": "\"{{start}}\"-\"{{end}}\" 범위 밖이어야 합니다",
    "lower_range_start_error": "범위 시작보다 작은 값이어야 합니다",
    "greater_range_start_error": "범위 시작보다 큰 값이어야 합니다",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "일반 DNS (UDP를 통한, 호스트명);",
    "example_upstream_dot": "암호화된 <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "암호화된 <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "암호화된 <0>DNS-over-QUIC</0> (실험);",
+    "example_upstream_doq": "암호화된 <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "<1>DNSCrypt</1> 또는 <2>DNS-over-HTTPS</2> 리졸버를 위한 <0>DNS 스탬프</0>;",
    "example_upstream_tcp": "일반 DNS (TCP를 통한 접속);",
    "example_upstream_tcp_hostname": "일반 DNS (TCP를 통한, 호스트명);",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "HTTPS 포트가 구성되면 HTTPS를 통해 AdGuard Home 관리자 인터페이스에 액세스할 수 있으며, '/dns-query' 위치에 DNS-over-HTTPS도 제공합니다.",
    "encryption_dot": "DNS-over-TLS 포트",
    "encryption_dot_desc": "이 포트가 구성된 경우 AdGuard Home 이 포트에서 DNS-over-TLS 서버를 실행합니다.",
-    "encryption_doq": "DNS-over-QUIC 포트 (실험)",
-    "encryption_doq_desc": "이 포트가 설정된 경우 AdGuard Home은 해당 포트에서 DNS-over-QUIC 서버를 실행합니다. 이것은 실험적이며 신뢰할 수 없습니다. 또한 현재 이를 지원하는 클라이언트가 많지 않습니다.",
+    "encryption_doq": "DNS-over-QUIC 포트",
+    "encryption_doq_desc": "이 포트가 설정된 경우 AdGuard Home은 해당 포트에서 DNS-over-QUIC 서버를 실행합니다. ",
    "encryption_certificates": "인증서",
    "encryption_certificates_desc": "암호화를 사용하려면 도메인에 대해 올바른 SSL 인증서 체인을 제공해야 합니다. <0>{{link}}</0>에서 무료 증명서를 받을 수도 있고, 신뢰할 수있는 인증 기관에서 구입할 수 있습니다.",
    "encryption_certificates_input": "PEM으로 인코딩된 인증서 여기에 복사/붙여넣기하세요.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "차단된 도메인",
    "access_blocked_desc": "이 기능을 필터와 혼동하지 마세요. AdGuard Home은 이 도메인에 대한 DNS 요청을 무시합니다. 여기에서는 'example.org' '*. example.org', '|| example.org ^'와 같은 특정 도메인 이름, 와일드 카드, URL 필터 규칙을 지정할 수 있습니다.",
    "access_settings_saved": "액세스 설정이 성공적으로 저장되었습니다.",
-    "updates_checked": "업데이트가 성공적으로 확인되었습니다",
+    "updates_checked": "AdGuard Home의 새 버전을 사용할 수 있습니다",
    "updates_version_equal": "AdGuard Home 최신 상태입니다.",
    "check_updates_now": "지금 업데이트 확인",
    "dns_privacy": "DNS 프라이버시",
--- a/client/src/__locales/nl.json
+++ b/client/src/__locales/nl.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Ongeldige servernaam",
    "form_error_subnet": "Subnet “{{cidr}}” bevat niet het IP-adres “{{ip}}”",
    "form_error_positive": "Moet groter zijn dan 0",
+    "form_error_gateway_ip": "Lease kan niet het IP-adres van de gateway hebben",
    "out_of_range_error": "Moet buiten bereik zijn \"{{start}}\"-\"{{end}}\"",
    "lower_range_start_error": "Moet lager zijn dan begin reeks",
    "greater_range_start_error": "Moet groter zijn dan begin reeks",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "standaard DNS (via UDP, hostnaam);",
    "example_upstream_dot": "versleutelde <0>DNS-via-TLS</0>;",
    "example_upstream_doh": "versleutelde <0>DNS-via-HTTPS</0>;",
-    "example_upstream_doq": "versleutelde <0>DNS-via-QUIC</0> (experimenteel);",
+    "example_upstream_doq": "versleutelde <0>DNS-via-QUIC</0>;",
    "example_upstream_sdns": "<0>DNS Stamps</0> voor <1>DNSCrypt</1> of <2>DNS-via-HTTPS</2> oplossingen;",
    "example_upstream_tcp": "standaard DNS (over TCP);",
    "example_upstream_tcp_hostname": "standaard DNS (via TCP, hostnaam);",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Als de HTTPS-poort is geconfigureerd, is de AdGuard Home beheerders interface toegankelijk via HTTPS en biedt deze ook DNS-via-HTTPS op de locatie '/ dns-query'.",
    "encryption_dot": "DNS-via-TLS poort",
    "encryption_dot_desc": "Indien deze poort is geconfigureerd, zal AdGuard Home gebruik maken van een DNS-via-TLS server via deze poort.",
-    "encryption_doq": "DNS-via-QUIC poort (experimenteel)",
-    "encryption_doq_desc": "Als deze poort is geconfigureerd, zal AdGuard Home een DNS-via-QUIC server gebruiken via deze poort. Dit is experimenteel en kan onbetrouwbaar zijn. Er zijn overigens nog niet veel systemen die dit nu al ondersteunen.",
+    "encryption_doq": "DNS-over-QUIC poort",
+    "encryption_doq_desc": "Als deze poort is geconfigureerd, zal AdGuard Home een DNS-via-QUIC server gebruiken via deze poort.",
    "encryption_certificates": "Certificaten",
    "encryption_certificates_desc": "Om encryptie te gebruiken, moet u een geldige SSL certificaat voor uw domein opgeven. U kunt een gratis certificaat krijgen op <0> {{link}} </0> of u kunt het kopen bij een van de vertrouwde certificaatautoriteiten.",
    "encryption_certificates_input": "Kopieër en plak je PEM-gecodeerde certificaten hier.",
@@ -408,7 +409,7 @@
    "manual_update": "<a>Volg deze stappen</a> om handmatig bij te werken.",
    "processing_update": "Even geduld, AdGuard Home wordt bijgewerkt",
    "clients_title": "Permanente clients",
-    "clients_desc": "Permanente client-records configureren voor apparaten verboden met AdGuard Home",
+    "clients_desc": "Permanente client-records configureren voor apparaten verbonden met AdGuard Home",
    "settings_global": "Globaal",
    "settings_custom": "Aangepast",
    "table_client": "Gebruiker",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Niet toegelaten domeinen",
    "access_blocked_desc": "Verwar dit niet met filters. AdGuard Home zal deze DNS-zoekopdrachten niet uitvoeren die deze domeinen in de zoekopdracht bevatten. Hier kan je de exacte domeinnamen, wildcards en URL-filter-regels specifiëren, bijv. \"example.org\", \"*.example.org\" of \"||example.org^\".",
    "access_settings_saved": "Toegangsinstellingen succesvol opgeslagen",
-    "updates_checked": "Met succes op updates gecontroleerd",
+    "updates_checked": "Een nieuwe versie van AdGuard Home is beschikbaar\n",
    "updates_version_equal": "AdGuard Home is actueel",
    "check_updates_now": "Controleer op updates",
    "dns_privacy": "DNS Privacy",
--- a/client/src/__locales/no.json
+++ b/client/src/__locales/no.json
@@ -104,7 +104,7 @@
    "stats_adult": "Blokkerte voksennettsteder",
    "stats_query_domain": "Mest forespurte domener",
    "for_last_24_hours": "de siste 24 timene",
-    "for_last_days": "det siste døgnet",
+    "for_last_days": "for den siste {{count}} dagen",
    "for_last_days_plural": "de siste {{count}} dagene",
    "stats_disabled": "Statistikkene har blitt skrudd av. Du kan skru den på fra <0>innstillingssiden</0>.",
    "stats_disabled_short": "Statistikkene har blitt skrudd av",
@@ -114,7 +114,7 @@
    "top_clients": "Vanligste klienter",
    "no_clients_found": "Ingen klienter ble funnet",
    "general_statistics": "Generelle statistikker",
-    "number_of_dns_query_days": "Antall DNS-forespørsler som ble behandlet det siste døgnet",
+    "number_of_dns_query_days": "Antall DNS-spørringer behandlet for de siste {{count}} dagene",
    "number_of_dns_query_days_plural": "Antall DNS-forespørsler som ble behandlet de siste {{count}} dagene",
    "number_of_dns_query_24_hours": "Antall DNS-forespørsler som ble behandlet de siste 24 timene",
    "number_of_dns_query_blocked_24_hours": "Antall DNS-forespørsler som ble blokkert av adblock-filtre, hosts-lister, og domene-lister",
@@ -199,7 +199,7 @@
    "example_upstream_regular": "vanlig DNS (over UDP)",
    "example_upstream_dot": "kryptert <0>DNS-over-TLS</0>",
    "example_upstream_doh": "kryptert <0>DNS-over-HTTPS</0>",
-    "example_upstream_doq": "kryptert <0>DNS-over-QUIC</0>",
+    "example_upstream_doq": "kryptert <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "du kan bruke <0>DNS-stempler</0> med <1>DNSCrypt</1> eller <2>DNS-over-HTTPS</2>-behandlere",
    "example_upstream_tcp": "vanlig DNS (over TCP)",
    "all_lists_up_to_date_toast": "Alle listene er allerede oppdatert",
@@ -354,8 +354,8 @@
    "encryption_https_desc": "Dersom HTTPS-porten er satt opp, vil AdGuard Home sitt admin-grensesnitt være tilgjengelig gjennom HTTPS, og vil også sørge for DNS-over-HTTPS på «/dns-query»-plasseringen.",
    "encryption_dot": "'DNS-over-TLS'-port",
    "encryption_dot_desc": "Dersom denne porten er satt opp, vil AdGuard Home kjøre en 'DNS-over-TLS'-tjener på denne porten.",
-    "encryption_doq": "'DNS-over-QUIC'-port",
-    "encryption_doq_desc": "Dersom denne porten er satt opp, vil AdGuard Home kjøre en DNS-over-QUIC-tjener på denne porten. Den er eksperimentell og vil kanskje ikke være pålitelig. I tillegg er det ikke så altfor mange klienter som støtter det for øyeblikket.",
+    "encryption_doq": "DNS-over-QUIC-port",
+    "encryption_doq_desc": "Dersom denne porten er satt opp, vil AdGuard Home kjøre en DNS-over-QUIC-tjener på denne porten. ",
    "encryption_certificates": "Sertifikater",
    "encryption_certificates_desc": "For å bruke kryptering, må du skrive inn et gyldig SSL-sertifikatkjede for domenet ditt. Du kan få et gratis sertifikat hos <0>{{link}}</0>, eller kjøpe et fra en av de troverdige sertifikatsautoritetene.",
    "encryption_certificates_input": "Kopier / lim inn dine PEM-kodede sertifikater her.",
@@ -429,7 +429,7 @@
    "access_blocked_title": "Blokkerte domener",
    "access_blocked_desc": "Ikke forveksle dette med filtre. AdGuard Home vil nekte å behandle DNS-forespørsler som har disse domenene, og disse forespørslene dukker ikke engang opp i forespørselsloggen. Du kan spesifisere nøyaktige domene navn, jokertegn, eller URL-filterregler, f.eks. «example.org», «*.example.log» eller «||example.org^» derav.",
    "access_settings_saved": "Tilgangsinnstillingene ble vellykket lagret",
-    "updates_checked": "Oppdateringene ble vellykket sett etter",
+    "updates_checked": "En ny versjon av AdGuard Home er tilgjengelig",
    "updates_version_equal": "AdGuard Home er fullt oppdatert",
    "check_updates_now": "Se etter oppdateringer nå",
    "dns_privacy": "DNS-privatliv",
--- a/client/src/__locales/pl.json
+++ b/client/src/__locales/pl.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Nieprawidłowa nazwa serwera",
    "form_error_subnet": "Podsieć \"{{cidr}}\" nie zawiera adresu IP \"{{ip}}\"",
    "form_error_positive": "Musi być większa niż 0",
+    "form_error_gateway_ip": "Lease nie może mieć adresu IP bramy",
    "out_of_range_error": "Musi być spoza zakresu \"{{start}}\"-\"{{end}}\"",
    "lower_range_start_error": "Musi być niższy niż początek zakresu",
    "greater_range_start_error": "Musi być większy niż początek zakresu",
@@ -117,7 +118,7 @@
    "stats_adult": "Zablokowane witryny dla dorosłych",
    "stats_query_domain": "Najczęściej wyszukiwane domeny",
    "for_last_24_hours": "przez ostatnie 24 godziny",
-    "for_last_days": "z ostatniego dnia",
+    "for_last_days": "za ostatni dzień {{count}}",
    "for_last_days_plural": "z ostatnich {{count}} dni",
    "stats_disabled": "Statystyki zostały wyłączone. Można je włączyć na <0>stronie ustawień</0>.",
    "stats_disabled_short": "Statystyki zostały wyłączone",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "zwykły DNS (przez UDP, nazwa hosta);",
    "example_upstream_dot": "zaszyfrowany <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "zaszyfrowany <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "zaszyfrowany <0>DNS-over-QUIC</0> (eksperymentalny);",
+    "example_upstream_doq": "zaszyfrowany <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "<0>Stempel DNS</0> dla resolwerów <1>DNSCrypt</1> lub <2>DNS-over-HTTPS</2>;",
    "example_upstream_tcp": "zwykły DNS (przez TCP);",
    "example_upstream_tcp_hostname": "zwykły DNS (przez TCP, nazwa hosta);",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Jeśli port HTTPS jest skonfigurowany, interfejs administratora AdGuard Home będzie dostępny za pośrednictwem protokołu HTTPS i zapewni DNS przez HTTPS w lokalizacji zapytania '/dns-query'.",
    "encryption_dot": "Port DNS-over-TLS",
    "encryption_dot_desc": "Jeśli ten port jest skonfigurowany, AdGuard Home uruchomi serwer DNS-over-TLS na tym porcie.",
-    "encryption_doq": "Port DNS-over-QUIC (eksperymentalny)",
-    "encryption_doq_desc": "Jeśli ten port jest skonfigurowany, AdGuard Home uruchomi serwer DNS-over-QUIC na tym porcie. Jest to funkcja eksperymentalna i może nie być stabilna. Ponadto, w tej chwili nie ma zbyt wielu klientów, którzy go obsługują.",
+    "encryption_doq": "Port DNS-over-QUIC",
+    "encryption_doq_desc": "Jeśli ten port jest skonfigurowany, AdGuard Home uruchomi serwer DNS-over-QUIC na tym porcie.",
    "encryption_certificates": "Certyfikaty",
    "encryption_certificates_desc": "Aby korzystać z szyfrowania, musisz podać prawidłowy łańcuch certyfikatów SSL dla swojej domeny. Możesz uzyskać bezpłatny certyfikat na  <0>{{link}}</0> lub możesz go kupić od jednego z zaufanych urzędów certyfikacji.",
    "encryption_certificates_input": "Kopiuj/wklej tutaj swoje zakodowane certyfikaty PEM.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Niedozwolone domeny",
    "access_blocked_desc": "Nie należy ich mylić z filtrami. AdGuard Home usuwa zapytania DNS pasujące do tych domen, a zapytania te nie pojawiają się nawet w dzienniku zapytań. Możesz określić dokładne nazwy domen, symbole wieloznaczne lub reguły filtrowania adresów URL, np. \"example.org\", \"*.example.org\" lub \"||example.org^\".",
    "access_settings_saved": "Ustawienia dostępu zostały pomyślnie zapisane",
-    "updates_checked": "Aktualizacje pomyślnie sprawdzone",
+    "updates_checked": "Dostępna jest nowa wersja programu AdGuard Home\n",
    "updates_version_equal": "AdGuard Home jest aktualny",
    "check_updates_now": "Sprawdź aktualizacje teraz",
    "dns_privacy": "Prywatny DNS",
--- a/client/src/__locales/pt-br.json
+++ b/client/src/__locales/pt-br.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "DNS normal (através do UDP, nome do servidor);",
    "example_upstream_dot": "<0>DNS-sobre-TLS</0> criptografado;",
    "example_upstream_doh": "<0>DNS-sobre-HTTPS</0> criptografado;",
-    "example_upstream_doq": "<0>DNS-sobre-QUIC</0> criptografado (experimental);",
+    "example_upstream_doq": "<0>DNS-sobre-QUIC</0> criptografado;",
    "example_upstream_sdns": "<0>DNS Stamps</0> para o <1>DNSCrypt</1> ou usar os resolvedores <2>DNS-sobre-HTTPS</2>;",
    "example_upstream_tcp": "DNS regular (através do TCP);",
    "example_upstream_tcp_hostname": "DNS normal (através do TCP, nome do servidor);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Se a porta HTTPS estiver configurada, a interface administrativa do AdGuard Home será acessível via HTTPS e também fornecerá o DNS-sobre-HTTPS no local '/dns-query'.",
    "encryption_dot": "Porta DNS-sobre-TLS",
    "encryption_dot_desc": "Se essa porta estiver configurada, o AdGuard Home irá executar o servidor DNS-sobre- TSL nesta porta.",
-    "encryption_doq": "Porta DNS-sobre-QUIC (experimental)",
-    "encryption_doq_desc": "Se esta porta estiver configurada, o AdGuard Home executará um servidor DNS-sobre-QUIC nesta porta. É experimental e pode não ser confiável. Além disso, não há muitos clientes que ofereçam suporte no momento.",
+    "encryption_doq": "Porta DNS-sobre-QUIC",
+    "encryption_doq_desc": "Se esta porta estiver configurada, o AdGuard Home executará um servidor DNS-sobre-QUIC nesta porta. ",
    "encryption_certificates": "Certificados",
    "encryption_certificates_desc": "Para usar criptografia, você precisa fornecer uma cadeia de certificados SSL válida para seu domínio. Você pode obter um certificado gratuito em <0> {{link}}</0> ou pode comprá-lo de uma das autoridades de certificação confiáveis.",
    "encryption_certificates_input": "Copie/cole aqui seu certificado codificado em PEM.",
@@ -445,7 +445,7 @@
    "access_blocked_title": "Domínios bloqueados",
    "access_blocked_desc": "Não deve ser confundido com filtros. O AdGuard Home elimina as consultas DNS que correspondem a esses domínios, e essas consultas nem aparecem no registro de consultas. Você pode especificar nomes de domínio exatos, caracteres curinga ou regras de filtro de URL, por exemplo \"exemplo.org\", \"*.exemplo.org\", ou \"||exemplo.org^\" correspondentemente.",
    "access_settings_saved": "Configurações de acesso foram salvas com sucesso",
-    "updates_checked": "Atualizações verificadas com sucesso",
+    "updates_checked": "Uma nova versão do AdGuard Home está disponível\n",
    "updates_version_equal": "O AdGuard Home está atualizado.",
    "check_updates_now": "Verificar atualizações",
    "dns_privacy": "Privacidade de DNS",
--- a/client/src/__locales/pt-pt.json
+++ b/client/src/__locales/pt-pt.json
@@ -213,7 +213,7 @@
    "example_upstream_udp": "DNS normal (através do UDP, nome do servidor);",
    "example_upstream_dot": "<0>DNS-sobre-TLS</0> criptografado;",
    "example_upstream_doh": "<0>DNS-sobre-HTTPS</0> criptografado;",
-    "example_upstream_doq": "<0>DNS-sobre-QUIC</0> criptografado (experimental);",
+    "example_upstream_doq": "<0>DNS-sobre-QUIC</0> criptografado;",
    "example_upstream_sdns": "<0>DNS Stamps</0> para o <1>DNSCrypt</1> ou usar os resolvedores <2>DNS-sobre-HTTPS</2>;",
    "example_upstream_tcp": "DNS regular (através do TCP);",
    "example_upstream_tcp_hostname": "DNS normal (através do TCP, nome do servidor);",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Se a porta HTTPS estiver configurada, a interface administrativa do AdGuard Home será acessível via HTTPS e também fornecerá o DNS-sobre-HTTPS no local '/dns-query'.",
    "encryption_dot": "Porta DNS-sobre-TLS",
    "encryption_dot_desc": "Se essa porta estiver configurada, o AdGuard Home irá executar o servidor DNS-sobre- TSL nesta porta.",
-    "encryption_doq": "Porta DNS-sobre-QUIC (experimental)",
-    "encryption_doq_desc": "Se esta porta estiver configurada, o AdGuard Home executará um servidor DNS-sobre-QUIC nesta porta. É experimental e pode não ser confiável. Além disso, não há demasiados clientes que ofereçam suporte no momento.",
+    "encryption_doq": "Porta DNS-sobre-QUIC",
+    "encryption_doq_desc": "Se esta porta estiver configurada, o AdGuard Home executará um servidor DNS-sobre-QUIC nesta porta. ",
    "encryption_certificates": "Certificados",
    "encryption_certificates_desc": "Para usar criptografia, precisa de fornecer uma cadeia de certificados SSL válida para o seu domínio. Pode obter um certificado gratuito em <0> {{link}}</0> ou pode comprá-lo numa das autoridades de certificação confiáveis.",
    "encryption_certificates_input": "Copie/cole aqui o seu certificado codificado em PEM.",
@@ -445,7 +445,7 @@
    "access_blocked_title": "Domínios bloqueados",
    "access_blocked_desc": "Não deve ser confundido com filtros. O AdGuard Home elimina as consultas DNS que correspondem a esses domínios, e essas consultas nem aparecem no registro de consultas. Você pode especificar nomes de domínio exatos, caracteres curinga ou regras de filtro de URL, por exemplo \"exemplo.org\", \"*.exemplo.org\", ou \"||exemplo.org^\" correspondentemente.",
    "access_settings_saved": "Definições de acesso foram guardadas com sucesso",
-    "updates_checked": "Atualizações verificadas com sucesso",
+    "updates_checked": "Uma nova versão do AdGuard Home está disponível\n",
    "updates_version_equal": "O AdGuard Home está atualizado",
    "check_updates_now": "Verificar atualizações",
    "dns_privacy": "Privacidade de DNS",
--- a/client/src/__locales/ro.json
+++ b/client/src/__locales/ro.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Nume de server nevalid",
    "form_error_subnet": "Subrețeaua „{{cidr}}” nu conține adresa IP „{{ip}}”",
    "form_error_positive": "Trebuie să fie mai mare de 0",
+    "form_error_gateway_ip": "Locația nu poate avea adresa IP a gateway-ului",
    "out_of_range_error": "Trebuie să fie în afara intervalului „{{start}}”-„{{end}}”",
    "lower_range_start_error": "Trebuie să fie mai mică decât începutul intervalului",
    "greater_range_start_error": "Trebuie să fie mai mare decât începutul intervalului",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "DNS obișnuit (over UDP, nume de gazdă);",
    "example_upstream_dot": "<0>DNS-over-TLS</0> criptat;",
    "example_upstream_doh": "<0>DNS-over-HTTPS</0> criptat;",
-    "example_upstream_doq": "<0>DNS-over-QUIC</0> criptat (experimental);",
+    "example_upstream_doq": "criptat <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "<0>DNS Stamps</0> pentru <1>DNSCrypt</1> sau rezolvatori <2>DNS-over-HTTPS</2>;",
    "example_upstream_tcp": "DNS clasic (over TCP);",
    "example_upstream_tcp_hostname": "DNS obișnuit (over TCP, nume de gazdă);",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Dacă portul HTTPS este configurat, interfața administrator AdGuard Home va fi accesibilă prin HTTPS și va oferi de asemenea DNS-over-HTTPS în locația '/DNS-query'.",
    "encryption_dot": "Port DNS-over-TLS",
    "encryption_dot_desc": "Dacă acest port este configurat, AdGuard Home va rula un server DNS-over-TLS pe acest port.",
-    "encryption_doq": "Port DNS-over-QUIC (experimental)",
-    "encryption_doq_desc": "Dacă acest port este configurat, AdGuard Home va rula un server DNS-over-QUIC pe acest port. Este experimental și este posibil să nu fie fiabil. De asemenea, nu există prea mulți clienți care să-l susțină în acest moment.",
+    "encryption_doq": "Portul DNS-over-QUIC",
+    "encryption_doq_desc": "Dacă este configurat acest port, AdGuard Home va rula un server DNS-over-QUIC pe acest port.",
    "encryption_certificates": "Certificate",
    "encryption_certificates_desc": "Pentru a utiliza criptarea, trebuie furnizate o serie de certificate SSL valabile pentru domeniul dvs.. Puteți obține un certificat gratuit pe <0>{{link}}</0> sau îl puteți cumpăra de la una din Autoritățile Certificate de încredere.",
    "encryption_certificates_input": "Copiați/lipiți certificatele dvs. PEM-codate aici.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Domenii blocate",
    "access_blocked_desc": "A nu se confunda cu filtrele. AdGuard Home respinge cererile DNS pentru aceste domenii, iar aceste cereri nici măcar nu apar în jurnalul de solicitări. Puteți specifica nume exacte de domenii, metacaractere sau reguli de filtrare URL, cum ar fi \"example.org\", \"*.exemple.org\" sau \"||example.org^\" în mod corespunzător.",
    "access_settings_saved": "Setările de acces au fost salvate cu succes",
-    "updates_checked": "Actualizările au fost verificate cu succes",
+    "updates_checked": "Este disponibilă o nouă versiune de AdGuard Home\n",
    "updates_version_equal": "AdGuard Home este la zi",
    "check_updates_now": "Verificați actualizările acum",
    "dns_privacy": "Confidențialitate DNS",
--- a/client/src/__locales/ru.json
+++ b/client/src/__locales/ru.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Некорректное имя сервера",
    "form_error_subnet": "Подсеть «{{cidr}}» не содержит IP-адрес «{{ip}}»",
    "form_error_positive": "Должно быть больше 0",
+    "form_error_gateway_ip": "Аренда не может иметь IP-адрес шлюза",
    "out_of_range_error": "Должно быть вне диапазона «{{start}}»-«{{end}}»",
    "lower_range_start_error": "Должно быть меньше начала диапазона",
    "greater_range_start_error": "Должно быть больше начала диапазона",
@@ -66,7 +67,7 @@
    "ip": "IP-адрес",
    "dhcp_table_hostname": "Имя хоста",
    "dhcp_table_expires": "Истекает",
-    "dhcp_warning": "Если вы все равно хотите включить DHCP-сервер, убедитесь, что в сети больше нет активных DHCP-серверов. Иначе это может сломать доступ в сеть для подключённых устройств!",
+    "dhcp_warning": "Если вы всё равно хотите включить DHCP-сервер, убедитесь, что в сети больше нет активных DHCP-серверов. Иначе это может сломать доступ в сеть для подключённых устройств!",
    "dhcp_error": "AdGuard Home не смог определить присутствие других DHCP-серверов в сети",
    "dhcp_static_ip_error": "Чтобы использовать DHCP-сервер, должен быть установлен статический IP-адрес. AdGuard Home не смог определить, использует ли этот сетевой интерфейс статический IP-адрес. Пожалуйста, установите его вручную.",
    "dhcp_dynamic_ip_found": "Ваша система использует динамический IP-адрес для интерфейса <0>{{interfaceName}}</0>. Чтобы использовать DHCP-сервер, необходимо установить статический IP-адрес. Ваш текущий IP-адрес – <0>{{ipAddress}}</0>. Мы автоматически установим его как статический, если вы нажмёте кнопку «Включить DHCP-сервер».",
@@ -163,8 +164,8 @@
    "apply_btn": "Применить",
    "disabled_filtering_toast": "Фильтрация выкл.",
    "enabled_filtering_toast": "Фильтрация вкл.",
-    "disabled_safe_browsing_toast": "Антифишинг отключен",
-    "enabled_safe_browsing_toast": "Антифишинг включен",
+    "disabled_safe_browsing_toast": "Антифишинг отключён",
+    "enabled_safe_browsing_toast": "Антифишинг включён",
    "disabled_parental_toast": "Родительский контроль выкл.",
    "enabled_parental_toast": "Родительский контроль вкл.",
    "disabled_safe_search_toast": "Безопасный поиск выкл.",
@@ -179,7 +180,7 @@
    "edit_table_action": "Редактировать",
    "delete_table_action": "Удалить",
    "elapsed": "Затрачено",
-    "filters_and_hosts_hint": "AdGuard Home распознает базовые правила блокировки и синтаксис файлов hosts.",
+    "filters_and_hosts_hint": "AdGuard Home распознаёт базовые правила блокировки и синтаксис файлов hosts.",
    "no_blocklist_added": "Чёрные списки не добавлены",
    "no_whitelist_added": "Белые списки не добавлены",
    "add_blocklist": "Добавить чёрный список",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "обычный DNS (поверх UDP, с именем хоста);",
    "example_upstream_dot": "зашифрованный <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "зашифрованный <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "зашифрованный <0>DNS-over-QUIC</0> (эксперементальный);",
+    "example_upstream_doq": "зашифрован <0>DNS-over-QUIC</0>",
    "example_upstream_sdns": "<0>DNS Stamps</0> для <1>DNSCrypt</1> или <2>DNS-over-HTTPS</2> серверов;",
    "example_upstream_tcp": "обычный DNS (поверх TCP);",
    "example_upstream_tcp_hostname": "обычный DNS (поверх TCP, с именем хоста);",
@@ -328,10 +329,10 @@
    "install_submit_title": "Поздравляем!",
    "install_submit_desc": "Настройка завершена, AdGuard Home готов к использованию.",
    "install_devices_router": "Роутер",
-    "install_devices_router_desc": "Эта настройка покроет все устройства, подключенные к вашему домашнему роутеру, и вам не нужно будет настраивать каждое вручную.",
+    "install_devices_router_desc": "Эта настройка покроет все устройства, подключённые к вашему домашнему роутеру, и вам не нужно будет настраивать каждое вручную.",
    "install_devices_address": "DNS-сервер AdGuard Home доступен по следующим адресам",
    "install_devices_router_list_1": "Откройте настройки вашего роутера. Обычно вы можете открыть их в вашем браузере, например, http://192.168.0.1/ или http://192.168.1.1/. Вас могут попросить ввести пароль. Если вы не помните его, пароль часто можно сбросить, нажав на кнопку на самом роутере, но помните, что эта процедура может привести к потере всей конфигурации роутера. Если вашему роутеру необходимо приложение для настройки, установите его на свой телефон или ПК и воспользуйтесь им для настройки роутера.",
-    "install_devices_router_list_2": "Найдите настройки DHCP или DNS. Найдите буквы «DNS» рядом с текстовым полем, в которое можно ввести два или три ряда цифр, разделенных на 4 группы от одной до трёх цифр.",
+    "install_devices_router_list_2": "Найдите настройки DHCP или DNS. Найдите буквы «DNS» рядом с текстовым полем, в которое можно ввести два или три ряда цифр, разделённых на 4 группы от одной до трёх цифр.",
    "install_devices_router_list_3": "Введите туда адрес вашего AdGuard Home.",
    "install_devices_router_list_4": "Вы не можете установить собственный DNS-сервер на некоторых типах маршрутизаторов. В этом случае может помочь настройка AdGuard Home в качестве <0>DHCP-сервера</0>. В противном случае вам следует обратиться к руководству по настройке DNS-серверов для вашей конкретной модели маршрутизатора.",
    "install_devices_windows_list_1": "Откройте Панель управления через меню «Пуск» или через поиск Windows.",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Если порт HTTPS настроен, веб-интерфейс администрирования AdGuard Home будет доступен через HTTPS, а также DNS-over-HTTPS сервер будет доступен по пути '/dns-query'.",
    "encryption_dot": "Порт DNS-over-TLS",
    "encryption_dot_desc": "Если этот порт настроен, AdGuard Home запустит DNS-over-TLS-сервер на этому порту.",
-    "encryption_doq": "Порт DNS-over-QUIC (экспериментальный)",
-    "encryption_doq_desc": "Если этот порт настроен, AdGuard Home запустит сервер DNS-over-QUIC на этом порте. Это экспериментально и может быть ненадёжно. Кроме того, не так много клиентов поддерживает этот способ в настоящий момент.",
+    "encryption_doq": "Порт DNS-over-QUIC",
+    "encryption_doq_desc": "Если этот порт настроен, AdGuard Home запустит сервер DNS-over-QUIC на этом порте.",
    "encryption_certificates": "Сертификаты",
    "encryption_certificates_desc": "Для использования шифрования вам необходимо предоставить корректную цепочку SSL-сертификатов для вашего домена. Вы можете получить бесплатный сертификат на <0>{{link}}</0> или вы можете купить его у одного из доверенных Центров Сертификации.",
    "encryption_certificates_input": "Скопируйте сюда сертификаты в PEM-кодировке.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Неразрешённые домены",
    "access_blocked_desc": "Не путать с фильтрами. AdGuard Home будет игнорировать DNS-запросы с этими доменами. Здесь вы можете уточнить точные имена доменов, шаблоны, правила URL-фильтрации, например, «example.org», «*.example.org» или «||example.org».",
    "access_settings_saved": "Настройки доступа успешно сохранены",
-    "updates_checked": "Проверка обновлений прошла успешно",
+    "updates_checked": "Доступна новая версия AdGuard Home",
    "updates_version_equal": "Версия AdGuard Home актуальна",
    "check_updates_now": "Проверить обновления",
    "dns_privacy": "Зашифрованный DNS",
@@ -589,7 +590,7 @@
    "validated_with_dnssec": "Подтверждено с помощью DNSSEC",
    "all_queries": "Все запросы",
    "show_blocked_responses": "Заблокировано",
-    "show_whitelisted_responses": "В белом списке",
+    "show_whitelisted_responses": "Разрешённые",
    "show_processed_responses": "Обработан",
    "blocked_safebrowsing": "Заблокировано согласно базе данных Safe Browsing",
    "blocked_adult_websites": "Заблокировано Родительским контролем",
--- a/client/src/__locales/si-lk.json
+++ b/client/src/__locales/si-lk.json
@@ -335,7 +335,7 @@
    "encryption_dot": "TLS-හරහා-ව.නා.ප. තොට",
    "encryption_dot_desc": "මෙම තොට වින්‍යාසගත කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් මෙම කවුළුව හරහා TLS-හරහා-ව.නා.ප. සේවාදායකයක් ධාවනය කරනු ඇත.",
    "encryption_doq": "QUIC-හරහා-ව.නා.ප. තොට",
-    "encryption_doq_desc": "මෙම තොට වින්‍යාසගත කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් මෙම තොට හරහා QUIC-හරහා-ව.නා.ප. සේවාදායකයක් ධාවනය කරනු ඇත. එය පරීක්‍ෂාත්මක වන අතර විශ්වාසදායක නොවිය හැකිය. එසේම, මේ වන විට එයට සහාය දක්වන බොහෝ අනුග්‍රාහක නැත.",
+    "encryption_doq_desc": "මෙම තොට වින්‍යාසගත කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් මෙම තොට හරහා QUIC-හරහා-ව.නා.ප. සේවාදායකයක් ධාවනය කරනු ඇත.",
    "encryption_certificates": "සහතික",
    "encryption_certificates_input": "ඔබගේ PEM-කේතනය කළ සහතික පිටපත් කර මෙහි අලවන්න.",
    "encryption_status": "තත්වය",
@@ -406,7 +406,7 @@
    "access_disallowed_desc": "CIDR හෝ අ.ජා. කෙ. ලිපින ලැයිස්තුවක් වින්‍යාසගත කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් එම අ.ජා. කෙ. ලිපින වලින් ඉල්ලීම් අත්හරිනු ඇත.",
    "access_blocked_title": "නොඉඩ ලත් වසම්",
    "access_settings_saved": "ප්‍රවේශ වීමේ සැකසුම් සාර්ථකව සුරකින ලදි",
-    "updates_checked": "යාවත්කාල සාර්ථකව පරික්‍ෂා කෙරිණි",
+    "updates_checked": "ඇඩ්ගාර්ඩ් හෝම් හි නව අනුවාදයක් තිබේ",
    "updates_version_equal": "ඇඩ්ගාර්ඩ් හෝම් යාවත්කාලීනයි",
    "check_updates_now": "දැන් යාවත්කාල පරීක්‍ෂා කරන්න",
    "dns_privacy": "ව.නා.ප. රහස්‍යතා",
@@ -414,12 +414,12 @@
    "setup_dns_privacy_android_2": "<1>HTTPS-හරහා-ව.නා.ප.</1> සහ <1>TLS-හරහා-ව.නා.ප.</1> සඳහා <0>ඇන්ඩ්‍රොයිඩ් සඳහා ඇඩ්ගාර්ඩ්</0> සහාය දක්වයි.",
    "setup_dns_privacy_other_title": "වෙනත් ක්‍රියාවට නැංවූ දෑ",
    "setup_dns_privacy_other_2": "<0>ඩීඑන්එස්ප්‍රොක්සි</0> දන්නා සියලුම ආරක්‍ෂිත ව.නා.ප. කෙටුම්පත් සඳහා සහාය දක්වයි.",
-    "setup_dns_privacy_other_3": "<1>DNS-over-HTTPS</1> සඳහා <0>dnscrypt-පෙරකලාසිය</0> සහාය දක්වයි.",
    "setup_dns_privacy_other_4": "<1>DNS-over-HTTPS</1> සඳහා <0>මොසිල්ලා ෆයර්ෆොක්ස්</0> සහාය දක්වයි.",
    "setup_dns_privacy_other_5": "<0>මෙහි</0> සහ <1>මෙහි</1> තවත් ක්‍රියාවට නැංවූ දෑ ඔබට හමුවනු ඇත.",
    "setup_dns_privacy_ioc_mac": "අයිඕඑස් සහ මැක්ඕඑස් වින්‍යාසය",
    "setup_dns_notice": "ඔබට <1>DNS-over-HTTPS</1> හෝ <1>DNS-over-TLS</1> භාවිතයට ඇඩ්ගාර්ඩ් හෝම් සැකසුම් තුළ <0>සංකේතනය වින්‍යාසගත</0> කිරීමට ඇවැසිය.",
    "rewrite_added": "\"{{key}}\" සඳහා ව.නා.ප. නැවත ලිවීම සාර්ථකව එකතු කෙරිණි",
+    "rewrite_deleted": "\"{{key}}\" සඳහා ව. නා. ප. නැවත ලිවීම සාර්ථකව ඉවත් කෙරිණි",
    "rewrite_add": "ව.නා.ප. නැවත ලිවීමක් එකතු කරන්න",
    "rewrite_not_found": "ව.නා.ප. නැවත ලිවීම් හමු නොවිණි",
    "rewrite_confirm_delete": "\"{{key}}\" සඳහා ව.නා.ප. නැවත ලිවීම ඉවත් කිරීමට අවශ්‍ය බව ඔබට විශ්වාසද?",
--- a/client/src/__locales/sk.json
+++ b/client/src/__locales/sk.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Neplatné meno servera",
    "form_error_subnet": "Podsieť \"{{cidr}}\" neobsahuje IP adresu \"{{ip}}\"",
    "form_error_positive": "Musí byť väčšie ako 0",
+    "form_error_gateway_ip": "Prenájom nemôže mať IP adresu brány",
    "out_of_range_error": "Musí byť mimo rozsahu \"{{start}}\"-\"{{end}}\"",
    "lower_range_start_error": "Musí byť nižšie ako začiatok rozsahu",
    "greater_range_start_error": "Musí byť väčšie ako začiatok rozsahu",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "štandardné DNS (cez UDP, hostname);",
    "example_upstream_dot": "šifrované <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "šifrované <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "šifrované <0>DNS-over-QUIC</0> (experimentálne);",
+    "example_upstream_doq": "šifrované <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "<0>DNS pečiatky</0> pre <1>DNSCrypt</1> alebo <2>DNS-over-HTTPS</2> rezolvery;",
    "example_upstream_tcp": "obyčajná DNS (cez TCP);",
    "example_upstream_tcp_hostname": "štandardné DNS (cez TCP, hostname);",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Ak je nakonfigurovaný HTTPS port, AdGuard Home administrátorské rozhranie bude prístupné cez HTTPS a bude tiež poskytovať DNS-cez-HTTPS na '/dns-query'.",
    "encryption_dot": "Port DNS-cez-TLS",
    "encryption_dot_desc": "Ak je tento port nakonfigurovaný, AdGuard Home bude na tomto porte spúšťať DNS-cez-TLS server.",
-    "encryption_doq": "DNS-over-QUIC (experimentálne)",
-    "encryption_doq_desc": "Ak je tento port nakonfigurovaný, AdGuard Home na tomto porte spustí server DNS-over-QUIC. Je to experimentálne a nemusí to byť spoľahlivé. Momentálne tiež nie je príliš veľa klientov, ktorí by ju podporovali.",
+    "encryption_doq": "Port DNS-cez-QUIC",
+    "encryption_doq_desc": "Ak je tento port nakonfigurovaný, AdGuard Home na tomto porte spustí server DNS-over-QUIC. ",
    "encryption_certificates": "Certifikáty",
    "encryption_certificates_desc": "Ak chcete používať šifrovanie, musíte pre svoju doménu poskytnúť platný reťazec certifikátov SSL. Certifikát môžete získať bezplatne na adrese <0>{{link}}</0> alebo si ho môžete kúpiť od jedného z dôveryhodných certifikačných orgánov.",
    "encryption_certificates_input": "Skopírujte alebo prilepte sem certifikáty vo formáte PEM.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Nepovolené domény",
    "access_blocked_desc": "Nesmie byť zamieňaná s filtrami. AdGuard Home zruší DNS dopyty, ktoré sa zhodujú s týmito doménami, a tieto dopyty sa nezobrazia ani v denníku dopytov. Môžete určiť presné názvy domén, zástupné znaky alebo pravidlá filtrovania URL adries, napr. \"example.org\", \"*.example.org\" alebo ||example.org^\" zodpovedajúcim spôsobom.",
    "access_settings_saved": "Nastavenia prístupu úspešne uložené",
-    "updates_checked": "Aktualizácie úspešne skontrolované",
+    "updates_checked": "K dispozícii je nová verzia aplikácie AdGuard Home\n",
    "updates_version_equal": "AdGuard Home je aktuálny",
    "check_updates_now": "Skontrolovať aktualizácie teraz",
    "dns_privacy": "DNS súkromie",
--- a/client/src/__locales/sl.json
+++ b/client/src/__locales/sl.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Neveljavno ime strežnika",
    "form_error_subnet": "Podomrežje \"{{cidr}}\" ne vsebuje naslova IP \"{{ip}}\"",
    "form_error_positive": "Mora biti večja od 0",
+    "form_error_gateway_ip": "Najem ne more imeti naslova IP prehoda",
    "out_of_range_error": "Mora biti izven razpona \"{{start}}\"-\"{{end}}\"",
    "lower_range_start_error": "Mora biti manjši od začetka razpona",
    "greater_range_start_error": "Mora biti večji od začetka razpona",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "redni DNS (nad UDP, ime gostitelja);",
    "example_upstream_dot": "šifriran <0>DNS-prek-TLS</0>;",
    "example_upstream_doh": "šifriran <0>DNS-prek-HTTPS</0>;",
-    "example_upstream_doq": "šifriran <0>DNS-prek-QUIC</0> (eksperimentalno);",
+    "example_upstream_doq": "šifriran <0>DNS-prek-QUIC</0>;",
    "example_upstream_sdns": "lahko uporabite <0>DNS Žige</0> za reševalce <1>DNSCrypt</1> ali <2>DNS-prek-HTTPS</2>;",
    "example_upstream_tcp": "redni DNS (nad TCP);",
    "example_upstream_tcp_hostname": "redni DNS (nad TCP, ime gostitelja);",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Če so vrata HTTPS konfigurirana, bo skrbniški vmesnik AdGuard Home dostopen prek protokola HTTPS, prav tako pa bo zagotovil DNS-prek-HTTPS na mestu '/dns-query'.",
    "encryption_dot": "Vrata DNS-prek-TLS",
    "encryption_dot_desc": "Če so ta vrata konfigurirana, bo AdGuard Home na teh vratih zagnal DNS-prek-TLS strežnika.",
-    "encryption_doq": "DNS-prek-vrat QUIC (eksperimentalno)",
-    "encryption_doq_desc": "Če so nastavljena ta vrata bo AdGuard Home na teh vratih zagnal strežnik DNS-prek-QUIC. To je eksperimentalno in morda ni zanesljivo. Prav tako trenutno ni preveč odjemalcev, ki to podpirajo.",
+    "encryption_doq": "DNS-prek-vrat QUIC",
+    "encryption_doq_desc": "Če so nastavljena ta vrata bo AdGuard Home na teh vratih zagnal strežnik DNS-prek-QUIC. ",
    "encryption_certificates": "Digitalna potrdila",
    "encryption_certificates_desc": "Za uporabo šifriranja morate za svojo domeno zagotoviti veljavno verigo potrdil SSL. Brezplačno digitalno potrdilo lahko dobite na <0>{{link}}</0> ali pa ga kupite pri enem od   zaupanja vrednih overiteljev.\n\n",
    "encryption_certificates_input": "Tukaj kopirajte/prilepite PEM šifrirana digitalna potrdila.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Prepovedane domene",
    "access_blocked_desc": "Ne gre zamenjati s filtri. AdGuard Home spusti poizvedbe DNS, ki se ujemajo s temi domenami, in te poizvedbe se niti ne pojavijo v dnevniku poizvedb. Določite lahko natančna imena domen, nadomestne znake ali pravila filtriranja URL-jev, npr. ustrezno \"example.org\", \"*.example.org\" ali \"|| example.org ^\".",
    "access_settings_saved": "Nastavitve dostopa so uspešno shranjene",
-    "updates_checked": "Posodobitve so uspešno preverjene",
+    "updates_checked": "Na voljo je nova različica programa AdGuard Home\n",
    "updates_version_equal": "AdGuard Home je posodobljen",
    "check_updates_now": "Preveri obstoj posodobitev zdaj",
    "dns_privacy": "Zasebnost DNS",
--- a/client/src/__locales/sr-cs.json
+++ b/client/src/__locales/sr-cs.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Nevažeće ime servera",
    "form_error_subnet": "Subnet \"{{cidr}}\" ne sadrži IP adresu \"{{ip}}\"",
    "form_error_positive": "Mora biti veće od 0",
+    "form_error_gateway_ip": "Zakup ne može imati IP adresu mrežnog prolaza",
    "out_of_range_error": "Mora biti izvan opsega \"{{start}}\"-\"{{end}}\"",
    "lower_range_start_error": "Mora biti manje od početnog opsega",
    "greater_range_start_error": "Mora biti veće od početnog opsega",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "uobičajen DNS (preko UDP, imena domaćina);",
    "example_upstream_dot": "šifrovano <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "šifrovano <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "šifrovano <0>DNS-over-QUIC</0> (eksperimentalno);",
+    "example_upstream_doq": "šifrovano <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "<0>DNS brojeve</0> za <1>DNSCrypt</1> ili <2>DNS-over-HTTPS</2> razrešivače;",
    "example_upstream_tcp": "uobičajeni DNS (preko TCP);",
    "example_upstream_tcp_hostname": "uobičajen DNS (preko TCP, imena domaćina);",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Ako je HTTPS port konfigurisan, AdGuard Home administratorskom okruženju će se moći pristupati preko HTTPS, a to će takođe omogućiti DNS-over-HTTPS na '/dns-query' lokaciji.",
    "encryption_dot": "DNS-over-TLS port",
    "encryption_dot_desc": "Ako je ovaj port konfigurisan, AdGuard Home će pokretati DNS-over-TLS server na ovom portu.",
-    "encryption_doq": "DNS-over-QUIC port (eksperimentalno)",
-    "encryption_doq_desc": "Ako je ovaj port konfigurisan, AdGuard Home će pokrenuti DNS-over-QUIC server na tom portu. To je eksperiment i možda neće biti stabilno. Takođe, u ovom trenutku ne postoji puno klijenata koji ovo podržavaju.",
+    "encryption_doq": "DNS-over-QUIC port",
+    "encryption_doq_desc": "Ako je ovaj port konfigurisan, AdGuard Home će pokrenuti DNS-over-QUIC server na tom portu.",
    "encryption_certificates": "Sertifikati",
    "encryption_certificates_desc": "Da biste koristili šifrovanje, morate obezbediti važeći lanac SSL sertifikata za vaš domen. Besplatan sertifikat možete nabaviti na <0>{{link}}</0> ili ga možete kupiti od nekog od pouzdanih izdavalaca sertifikata.",
    "encryption_certificates_input": "Kopirajte/nalepite vaše PEM-kodirane sertifikate ovde.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Blokirani domeni",
    "access_blocked_desc": "Da ne bude zabune sa filterima. AdGuard Home odustaje od DNS upita koji se podudaraju sa ovim domenima, a ovi upiti se čak i ne pojavljuju u evidenciji upita. Možete da navedete tačna imena domena, džoker znakove ili pravila URL filtera, npr. \"example.org\", \"*.example.org\" ili \"|| example.org^\" dopisno.",
    "access_settings_saved": "Postavke pristupa su uspešno sačuvane",
-    "updates_checked": "Ažuriranja su uspešno proverena",
+    "updates_checked": "Dostupna je nova verzija AdGuard Home-a",
    "updates_version_equal": "AdGuard Home je ažuriran na najnoviju verziju",
    "check_updates_now": "Proveri da li postoje ispravke",
    "dns_privacy": "DNS privatnost",
--- a/client/src/__locales/sv.json
+++ b/client/src/__locales/sv.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Ogiltigt servernamn",
    "form_error_subnet": "Subnätet \"{{cidr}}\" innehåller inte IP-adressen \"{{ip}}\"",
    "form_error_positive": "Måste vara större än noll",
+    "form_error_gateway_ip": "Lease kan inte ha IP-adressen för gatewayen",
    "out_of_range_error": "Måste vara utanför intervallet \"{{start}}\"-\"{{end}}\"",
    "lower_range_start_error": "Måste vara lägre än starten på intervallet",
    "greater_range_start_error": "Måste vara högre än starten på intervallet",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "vanlig DNS (över UDP, värdnamn);",
    "example_upstream_dot": "krypterat <0>DNS-over-TLS</0>",
    "example_upstream_doh": "krypterat <0>DNS-over-HTTPS</0>",
-    "example_upstream_doq": "krypterat <0>DNS-over-QUIC</0> (experimentell);",
+    "example_upstream_doq": "krypterat <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "Du kan använda <0>DNS-stamps</0> för <1>DNSCrypt</1> eller <2>DNS-over-HTTPS</2>-resolvers",
    "example_upstream_tcp": "vanlig DNS (över UDP)",
    "example_upstream_tcp_hostname": "vanlig DNS (över TCP, värdnamn);",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Om en HTTPS-port är inställd kommer gränssnittet till AdGuard Home administrering att kunna nås via HTTPS och kommer också att erbjuda DNS-over-HTTPS på '/dns-query' plats.",
    "encryption_dot": "DNS-över-TLS port",
    "encryption_dot_desc": "Om den här porten ställs in kommer AdGuard Home att använda DNS-over-TLS-server på porten.",
-    "encryption_doq": "DNS-over-QUIC port (experimentell)",
-    "encryption_doq_desc": "Om denna port är konfigurerad kommer AdGuard Home att köra en DNS-over-QUIC-server på denna port. Det är experimentellt och kanske inte är tillförlitligt. Dessutom finns det inte så många klienter som stödjer det för tillfället.",
+    "encryption_doq": "DNS-over-QUIC port",
+    "encryption_doq_desc": "Om denna port är konfigurerad kommer AdGuard Home att köra en DNS-over-QUIC-server på denna port. ",
    "encryption_certificates": "Certifikat",
    "encryption_certificates_desc": "För att använda kryptering måste du ange ett giltigt SSL-certifikat för din domän. Du kan skaffa ett certifikat gratis på <0>{{link}}</0> eller köpa ett från någon av de godkända certifikatutfärdare.",
    "encryption_certificates_input": "Kopiera/klistra in dina PEM-kodade certifikat här.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Blockerade domäner",
    "access_blocked_desc": "Ej att förväxla med filter. AdGuard Home kastar DNS-frågor som matchar dessa domäner, och dessa frågor visas inte ens i frågeloggen. Du kan ange exakta domännamn, jokertecken eller URL-filterregler, t.ex. \"example.org\", \"*.example.org\" eller \"||example.org^\" på motsvarande sätt.",
    "access_settings_saved": "Åtkomstinställningar sparade",
-    "updates_checked": "Sökning efter uppdateringar genomförd",
+    "updates_checked": "En ny version av AdGuard Home är tillgänglig\n",
    "updates_version_equal": "AdGuard Home är uppdaterat",
    "check_updates_now": "Sök efter uppdateringar nu",
    "dns_privacy": "DNS-Integritet",
--- a/client/src/__locales/tr.json
+++ b/client/src/__locales/tr.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Geçersiz sunucu adı",
    "form_error_subnet": "\"{{cidr}}\" alt ağı, \"{{ip}}\" IP adresini içermiyor",
    "form_error_positive": "0'dan büyük olmalıdır",
+    "form_error_gateway_ip": "Kiralama, ağ geçidinin IP adresine sahip olamaz",
    "out_of_range_error": "\"{{start}}\"-\"{{end}}\" aralığının dışında olmalıdır",
    "lower_range_start_error": "Başlangıç aralığından daha düşük olmalıdır",
    "greater_range_start_error": "Başlangıç aralığından daha büyük olmalıdır",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "normal DNS (UDP üzerinden, ana makine adı);",
    "example_upstream_dot": "şifrelenmiş <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "şifrelenmiş <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "şifrelenmiş <0>DNS-over-QUIC</0> (deneysel);",
+    "example_upstream_doq": "şifrelenmiş <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "<1>DNSCrypt</1> veya <2>DNS-over-HTTPS</2> çözümleyicileri için <0>DNS Damgaları</0>;",
    "example_upstream_tcp": "normal DNS (TCP üzerinden);",
    "example_upstream_tcp_hostname": "normal DNS (TCP üzerinden, ana makine adı);",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "HTTPS bağlantı noktası yapılandırılırsa, AdGuard Home yönetici arayüzüne HTTPS aracılığıyla erişilebilir olacak ve ayrıca '/dns-query' üzerinden DNS-over-HTTPS bağlantısı sağlayacaktır.",
    "encryption_dot": "DNS-over-TLS bağlantı noktası",
    "encryption_dot_desc": "Bu bağlantı noktası yapılandırılırsa, AdGuard Home, DNS-over-TLS sunucusunu bu bağlantı noktası üzerinden çalıştıracaktır.",
-    "encryption_doq": "DNS-over-QUIC bağlantı noktası (deneysel)",
-    "encryption_doq_desc": "Bu bağlantı noktası yapılandırılırsa, AdGuard Home, DNS-over-QUIC sunucusunu bu bağlantı noktası üzerinden çalıştıracaktır. Bu özellik deneme aşamasındadır ve güvenilir olmayabilir. Ayrıca, şu anda bu özelliği destekleyen çok fazla istemci yok.",
+    "encryption_doq": "DNS-over-QUIC bağlantı noktası",
+    "encryption_doq_desc": "Bu bağlantı noktası yapılandırılırsa, AdGuard Home, bu bağlantı noktasında bir DNS-over-QUIC sunucusu çalıştıracaktır.",
    "encryption_certificates": "Sertifikalar",
    "encryption_certificates_desc": "Şifrelemeyi kullanmak için alan adınıza geçerli bir SSL sertifika zinciri sağlamanız gerekir. <0>{{link}}</0> adresinden ücretsiz bir sertifika alabilir veya güvenilir Sertifika Yetkililerinden satın alabilirsiniz.",
    "encryption_certificates_input": "PEM biçimindeki sertifikalarınızı kopyalayıp buraya yapıştırın.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "İzin verilmeyen alan adları",
    "access_blocked_desc": "Bu işlem filtrelerle ilgili değildir. AdGuard Home, bu alan adlarından gelen DNS sorgularını yanıtsız bırakır ve bu sorgular sorgu günlüğünde görünmez. Tam alan adlarını, joker karakterleri veya URL filtre kurallarını belirtebilirsiniz, ör. \"example.org\", \"*.example.org\" veya \"||example.org^\".",
    "access_settings_saved": "Erişim ayarları başarıyla kaydedildi!",
-    "updates_checked": "Güncelleme kontrolü başarılı",
+    "updates_checked": "AdGuard Home'un yeni bir sürümü mevcut",
    "updates_version_equal": "AdGuard Home yazılımı güncel durumda",
    "check_updates_now": "Güncellemeleri şimdi denetle",
    "dns_privacy": "DNS Gizliliği",
--- a/client/src/__locales/uk.json
+++ b/client/src/__locales/uk.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "Неправильна назва сервера",
    "form_error_subnet": "Підмережа «{{cidr}}» не містить IP-адресу «{{ip}}»",
    "form_error_positive": "Повинно бути більше за 0",
+    "form_error_gateway_ip": "Оренда не може мати IP-адресу шлюзу",
    "out_of_range_error": "Не повинна бути в діапазоні «{{start}}»−«{{end}}»",
    "lower_range_start_error": "Має бути меншим за початкову адресу",
    "greater_range_start_error": "Має бути більшим за початкову адресу",
@@ -77,7 +78,7 @@
    "dhcp_add_static_lease": "Додати статичну оренду",
    "dhcp_reset_leases": "Скинути всі аренди",
    "dhcp_reset_leases_confirm": "Ви дійсно хочете скинути усі аренди?",
-    "dhcp_reset_leases_success": "Аренди DHCP успішно скинуто",
+    "dhcp_reset_leases_success": "Оренду DHCP успішно скинуто",
    "dhcp_reset": "Ви дійсно хочете скинути DHCP-конфігурацію?",
    "country": "Країна",
    "city": "Місто",
@@ -105,7 +106,7 @@
    "copyright": "Авторське право",
    "homepage": "Домашня сторінка",
    "report_an_issue": "Повідомити про проблему",
-    "privacy_policy": "Політика приватності",
+    "privacy_policy": "Політика конфіденційності",
    "enable_protection": "Увімкнути захист",
    "enabled_protection": "Захист увімкнено",
    "disable_protection": "Вимкнути захист",
@@ -213,12 +214,12 @@
    "example_upstream_udp": "звичайний DNS (поверх UDP, з назвою вузла);",
    "example_upstream_dot": "зашифрований <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "зашифрований <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "зашифрований <0>DNS-over-QUIC</0> (експериментальний);",
+    "example_upstream_doq": "зашифрований <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "<0>DNS Stamps</0> для <1>DNSCrypt-</1> або <2>DNS-over-HTTPS-</2>вирішувачів;",
    "example_upstream_tcp": "звичайний DNS (через TCP);",
    "example_upstream_tcp_hostname": "звичайний DNS (поверх TCP, з назвою вузла);",
    "all_lists_up_to_date_toast": "Всі списки вже оновлені",
-    "updated_upstream_dns_toast": "DNS-сервери оновлено",
+    "updated_upstream_dns_toast": "DNS-сервери успішно збережено",
    "dns_test_ok_toast": "Вказані DNS сервери працюють правильно",
    "dns_test_not_ok_toast": "Сервер «{{key}}»: неможливо використати. Перевірте правильність введення",
    "unblock": "Дозволити",
@@ -245,7 +246,7 @@
    "loading_table_status": "Завантаження...",
    "page_table_footer_text": "Сторінка",
    "rows_table_footer_text": "рядків",
-    "updated_custom_filtering_toast": "Власні правила фільтрування збережено",
+    "updated_custom_filtering_toast": "Власні правила фільтрування успішно збережено",
    "rule_removed_from_custom_filtering_toast": "Правило вилучено з власних правил фільтрування: {{rule}}",
    "rule_added_to_custom_filtering_toast": "Правило додано до власних правил фільтрування: {{rule}}",
    "query_log_response_status": "Стан: {{value}}",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "Якщо HTTPS-порт налаштовано, інтерфейс адміністратора AdGuard Home буде доступний через HTTPS, а також DNS-over-HTTPS-сервер буде доступний за адресою /dns-query.",
    "encryption_dot": "Порт DNS-over-TLS",
    "encryption_dot_desc": "Якщо цей порт налаштовано, AdGuard Home запустить на цьому порту сервер DNS-over-TLS.",
-    "encryption_doq": "Порт DNS-over-QUIC (експериментальний)",
-    "encryption_doq_desc": "Якщо цей порт налаштовано, AdGuard Home запустить на цьому порту сервер DNS-over-QUIC. Це експериментально і може бути ненадійним. Крім того, зараз не так багато клієнтів, які це підтримують.",
+    "encryption_doq": "Порт DNS-over-QUIC",
+    "encryption_doq_desc": "Якщо цей порт налаштовано, AdGuard Home запустить на ньому сервер DNS-over-QUIC.",
    "encryption_certificates": "Сертифікати",
    "encryption_certificates_desc": "Для використання шифрування потрібно надати дійсний ланцюжок сертифікатів SSL для вашого домену. Ви можете отримати безплатний сертифікат на <0>{{link}}</0> або придбати його в одному з надійних Центрів Сертифікації.",
    "encryption_certificates_input": "Скопіюйте/вставте сюди свої кодовані PEM сертифікати.",
@@ -445,7 +446,7 @@
    "access_blocked_title": "Заборонені домени",
    "access_blocked_desc": "Не плутайте з фільтрами. AdGuard Home буде ігнорувати DNS-запити з цими доменами, такі запити навіть не будуть записані до журналу. Ви можете вказати точні доменні імена, замінні знаки та правила фільтрування URL-адрес, наприклад, 'example.org', '*.example.org' або '||example.org^' відповідно.",
    "access_settings_saved": "Налаштування доступу успішно збережено",
-    "updates_checked": "Оновлення успішно перевірені",
+    "updates_checked": "Доступна нова версія AdGuard Home",
    "updates_version_equal": "AdGuard Home останньої версії",
    "check_updates_now": "Перевірити наявність оновлень",
    "dns_privacy": "Конфіденційність DNS",
@@ -514,7 +515,7 @@
    "statistics_clear": "Очистити статистику",
    "statistics_clear_confirm": "Ви впевнені, що хочете очистити статистику?",
    "statistics_retention_confirm": "Ви впевнені, що хочете змінити тривалість статистики? Якщо зменшити значення інтервалу, деякі дані будуть втрачені",
-    "statistics_cleared": "Статистика успішно очищена",
+    "statistics_cleared": "Статистику успішно очищено",
    "statistics_enable": "Увімкнути статистику",
    "interval_hours": "{{count}} година",
    "interval_hours_plural": "{{count}} годин(и)",
@@ -591,7 +592,7 @@
    "show_blocked_responses": "Заблоковані",
    "show_whitelisted_responses": "Дозволені",
    "show_processed_responses": "Оброблені",
-    "blocked_safebrowsing": "Заблоковано Безпечним переглядом",
+    "blocked_safebrowsing": "Заблоковано модулем «Безпека перегляду»",
    "blocked_adult_websites": "Заблоковано «Батьківським контролем»",
    "blocked_threats": "Заблоковано загроз",
    "allowed": "Дозволено",
--- a/client/src/__locales/vi.json
+++ b/client/src/__locales/vi.json
@@ -213,14 +213,14 @@
    "example_upstream_udp": "DNS thông thường (qua UDP, tên máy chủ);",
    "example_upstream_dot": "được mã hoá <0>DNS-over-TLS</0>;",
    "example_upstream_doh": "được mã hoá <0>DNS-over-HTTPS</0>;",
-    "example_upstream_doq": "được mã hoá <0>DNS-over-QUIC</0> (thử nghiệm);",
+    "example_upstream_doq": "được mã hoá <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "bạn có thể sử dụng <0>DNS Stamps</0> for <1>DNSCrypt</1> hoặc <2>DNS-over-HTTPS</2> ",
    "example_upstream_tcp": "DNS thông thường(dùng TCP);",
    "example_upstream_tcp_hostname": "DNS thông thường (qua TCP, tên máy chủ);",
    "all_lists_up_to_date_toast": "Tất cả danh sách đã ở phiên bản mới nhất",
    "updated_upstream_dns_toast": "Các máy chủ thượng nguồn đã được lưu thành công",
    "dns_test_ok_toast": "Máy chủ DNS có thể sử dụng",
-    "dns_test_not_ok_toast": "Máy chủ \"\"': không thể sử dụng, vui lòng kiểm tra lại",
+    "dns_test_not_ok_toast": "Máy chủ \"{{key}}\"': không thể sử dụng, vui lòng kiểm tra lại",
    "unblock": "Bỏ chặn",
    "block": "Chặn",
    "disallow_this_client": "Không cho phép client này",
@@ -369,8 +369,8 @@
    "encryption_https_desc": "Nếu cổng HTTPS được định cấu hình, giao diện quản trị viên AdGuard Home sẽ có thể truy cập thông qua HTTPS và nó cũng sẽ cung cấp DNS-over-HTTPS trên vị trí '/dns-query'.",
    "encryption_dot": "Cổng DNS-over-TLS",
    "encryption_dot_desc": "Nếu cổng này được định cấu hình, AdGuard Home sẽ chạy máy chủ DNS-over-TLS trên cổng này.",
-    "encryption_doq": "Cổng DNS-over-QUIC (thử nghiệm)",
-    "encryption_doq_desc": "Nếu cổng này được định cấu hình, AdGuard Home sẽ chạy máy chủ DNS qua QUIC trên cổng này. Đó là thử nghiệm và có thể không đáng tin cậy. Ngoài ra, không có quá nhiều khách hàng hỗ trợ nó vào lúc này.",
+    "encryption_doq": "Cổng DNS-over-QUIC",
+    "encryption_doq_desc": "Nếu cổng này được định cấu hình, AdGuard Home sẽ chạy máy chủ DNS qua QUIC trên cổng này. ",
    "encryption_certificates": "Chứng chỉ",
    "encryption_certificates_desc": "Để sử dụng mã hóa, bạn cần cung cấp chuỗi chứng chỉ SSL hợp lệ cho miền của mình. Bạn có thể nhận chứng chỉ miễn phí trên <0>{{link}}</0> hoặc bạn có thể mua chứng chỉ từ một trong các Cơ Quan Chứng Nhận tin cậy.",
    "encryption_certificates_input": "Sao chép/dán chứng chỉ được mã hóa PEM của bạn tại đây.",
@@ -445,7 +445,7 @@
    "access_blocked_title": "Tên miền bị chặn",
    "access_blocked_desc": "Đừng nhầm lẫn điều này với các bộ lọc. AdGuard Home sẽ bỏ các truy vấn DNS với các tên miền này trong câu hỏi của truy vấn.",
    "access_settings_saved": "Cài đặt truy cập đã lưu thành công",
-    "updates_checked": "Đã kiểm tra thành công cập nhật",
+    "updates_checked": "Phiên bản mới của AdGuard Home có sẵn",
    "updates_version_equal": "AdGuard Home đã được cập nhật",
    "check_updates_now": "Kiểm tra cập nhật ngay bây giờ",
    "dns_privacy": "DNS Riêng Tư",
--- a/client/src/__locales/zh-cn.json
+++ b/client/src/__locales/zh-cn.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "无效的服务器名",
    "form_error_subnet": "子网 \"{{cidr}}\" 不包含 IP 地址 \"{{ip}}\"",
    "form_error_positive": "必须大于 0",
+    "form_error_gateway_ip": "租约期限不能有网关的 IP 地址",
    "out_of_range_error": "必定超出了范围 \"{{start}}\"-\"{{end}}\"",
    "lower_range_start_error": "必须小于范围起始值",
    "greater_range_start_error": "必须大于范围起始值",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "常规 DNS（通过 UDP、主机名）；",
    "example_upstream_dot": "加密 <0>DNS-over-TLS</0>；",
    "example_upstream_doh": "加密 <0>DNS-over-HTTPS</0>；",
-    "example_upstream_doq": "加密 <0>DNS-over-QUIC</0>（实验性的）；",
+    "example_upstream_doq": "加密 <0>DNS-over-QUIC</0>",
    "example_upstream_sdns": "<1>DNSCrypt</1> 的 <0>DNS Stamps</0> 或者 <2>DNS-over-HTTPS</2> 解析器；",
    "example_upstream_tcp": "常规 DNS（基于 TCP ）；",
    "example_upstream_tcp_hostname": "常规 DNS（通过 TCP、主机名）；",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "如果配置了 HTTPS 端口，AdGuard Home 管理界面将可以通过 HTTPS 访问，它还将在在 '/dns-query' 位置提供 DNS-over-HTTPS 。",
    "encryption_dot": "DNS-over-TLS 端口",
    "encryption_dot_desc": "如果配置了此端口，AdGuard Home 将在此端口上运行一个 DNS-over-TLS 服务器。",
-    "encryption_doq": "DNS-over-QUIC 端口（实验性的）",
-    "encryption_doq_desc": "如果配置了此端口，AdGuard Home将在此端口上运行一个DNS-over-QUIC服务器。这是实验性的，可能不可靠。而且，支持此特性的客户端并不多。",
+    "encryption_doq": "DNS-over-QUIC 端口",
+    "encryption_doq_desc": "如果配置了此端口，AdGuard Home 将在此端口上运行一个 DNS-over-QUIC 服务器。",
    "encryption_certificates": "证书",
    "encryption_certificates_desc": "为了使用加密，您需要为域提供有效的 SSL 证书链。您可以在 <0>{{link}}</0> 上获得免费证书，也可以从受信任的证书颁发机构购买证书。",
    "encryption_certificates_input": "将您以 PEM 格式编码的证书复制粘贴到此处。",
@@ -445,7 +446,7 @@
    "access_blocked_title": "不允许的域名",
    "access_blocked_desc": "不要将此功能与过滤器混淆。AdGuard Home 将排除匹配这些网域的 DNS 查询，并且这些查询将不会在查询日志中显示。在此可以明确指定域名、通配符（wildcard）和网址过滤的规则，例如 \"example.org\"、\"*.example.org\" 或 \"||example.org^\"。",
    "access_settings_saved": "访问设置保存成功",
-    "updates_checked": "检查更新成功",
+    "updates_checked": "AdGuard Home 的新版本现在可用",
    "updates_version_equal": "AdGuard Home已经是最新版本",
    "check_updates_now": "立即检查更新",
    "dns_privacy": "DNS 隐私",
--- a/client/src/__locales/zh-tw.json
+++ b/client/src/__locales/zh-tw.json
@@ -47,6 +47,7 @@
    "form_error_server_name": "無效的伺服器名稱",
    "form_error_subnet": "子網路 \"{{cidr}}\" 不包含該 IP 位址 \"{{ip}}\"",
    "form_error_positive": "必須大於 0",
+    "form_error_gateway_ip": "租約不能有閘道的 IP 位址",
    "out_of_range_error": "必須在\"{{start}}\"-\"{{end}}\"範圍之外",
    "lower_range_start_error": "必須低於起始範圍",
    "greater_range_start_error": "必須大於起始範圍",
@@ -213,7 +214,7 @@
    "example_upstream_udp": "常規 DNS（透過 UDP，主機名稱）；",
    "example_upstream_dot": "加密的 <0>DNS-over-TLS</0>；",
    "example_upstream_doh": "加密的 <0>DNS-over-HTTPS</0>；",
-    "example_upstream_doq": "加密的 <0>DNS-over-QUIC</0>（實驗性的）；",
+    "example_upstream_doq": "加密的 <0>DNS-over-QUIC</0>;",
    "example_upstream_sdns": "關於 <1>DNSCrypt</1> 或 <2>DNS-over-HTTPS</2> 解析器之 <0>DNS 戳記</0>；",
    "example_upstream_tcp": "常規 DNS（透過 TCP）；",
    "example_upstream_tcp_hostname": "常規 DNS（透過 TCP，主機名稱）；",
@@ -369,8 +370,8 @@
    "encryption_https_desc": "如果 HTTPS 連接埠被配置，AdGuard Home 管理員介面透過 HTTPS 將為可存取的，且它也將於 '/dns-query' 位置上提供 DNS-over-HTTPS。",
    "encryption_dot": "DNS-over-TLS 連接埠",
    "encryption_dot_desc": "如果該連接埠被配置，AdGuard Home 將於此連接埠上運行 DNS-over-TLS 伺服器。",
-    "encryption_doq": "DNS-over-QUIC 連接埠（實驗性的）",
-    "encryption_doq_desc": "如果此連接埠被配置，AdGuard Home 將於此連接埠上運行 DNS-over-QUIC 伺服器。它是實驗性的並可能為不可靠的。再者，此刻沒有太多支援它的用戶端。",
+    "encryption_doq": "DNS-over-QUIC 連接埠",
+    "encryption_doq_desc": "如果此連接埠被配置，AdGuard Home 將於此連接埠上運行 DNS-over-QUIC 伺服器。",
    "encryption_certificates": "憑證",
    "encryption_certificates_desc": "為了使用加密，您需要提供有效的安全通訊端層（SSL）憑證鏈結供您的網域。於 <0>{{link}}</0> 上您可取得免費的憑證或您可從受信任的憑證授權單位之一購買它。",
    "encryption_certificates_input": "於此複製/貼上您的隱私增強郵件編碼之（PEM-encoded）憑證。",
@@ -445,7 +446,7 @@
    "access_blocked_title": "未被允許的網域",
    "access_blocked_desc": "不要把這個和過濾器混淆。AdGuard Home 排除與這些網域相符的 DNS 查詢，且這些查詢甚至不會出現在查詢記錄中。您可相應地明確指定確切的域名、萬用字元（wildcard）或網址過濾器的規則，例如，\"example.org\"、\"*.example.org\" 或 \"||example.org^\"。",
    "access_settings_saved": "存取設定被成功地儲存",
-    "updates_checked": "更新被成功地檢查",
+    "updates_checked": "AdGuard Home 的新版本為可用的",
    "updates_version_equal": "AdGuard Home 為最新的",
    "check_updates_now": "立即檢查更新",
    "dns_privacy": "DNS 隱私",
@@ -630,6 +631,6 @@
    "use_saved_key": "使用該先前已儲存的金鑰",
    "parental_control": "家長控制",
    "safe_browsing": "安全瀏覽",
-    "served_from_cache": "{{value}} <i>（由快取提供）</i>",
+    "served_from_cache": "{{value}} <i>(由快取提供)</i>",
    "form_error_password_length": "密碼必須為至少長 {{value}} 個字元"
 }
--- a/client/src/actions/encryption.js
+++ b/client/src/actions/encryption.js
@@ -24,6 +24,7 @@ export const getTlsStatus = () => async (dispatch) => {
 export const setTlsConfigRequest = createAction('SET_TLS_CONFIG_REQUEST');
 export const setTlsConfigFailure = createAction('SET_TLS_CONFIG_FAILURE');
 export const setTlsConfigSuccess = createAction('SET_TLS_CONFIG_SUCCESS');
+export const dnsStatusSuccess = createAction('DNS_STATUS_SUCCESS');

 export const setTlsConfig = (config) => async (dispatch, getState) => {
    dispatch(setTlsConfigRequest());
@@ -39,6 +40,12 @@ export const setTlsConfig = (config) => async (dispatch, getState) => {
        const response = await apiClient.setTlsConfig(values);
        response.certificate_chain = atob(response.certificate_chain);
        response.private_key = atob(response.private_key);
+
+        const dnsStatus = await apiClient.getGlobalStatus();
+        if (dnsStatus) {
+            dispatch(dnsStatusSuccess(dnsStatus));
+        }
+
        dispatch(setTlsConfigSuccess(response));
        dispatch(addSuccessToast('encryption_config_saved'));
        redirectToCurrentProtocol(response, httpPort);
--- a/client/src/components/Filters/Rewrites/Table.js
+++ b/client/src/components/Filters/Rewrites/Table.js
@@ -29,6 +29,8 @@ class Table extends Component {
            Header: this.props.t('actions_table_header'),
            accessor: 'actions',
            maxWidth: 100,
+            sortable: false,
+            resizable: false,
            Cell: (value) => (
                <div className="logs__row logs__row--center">
                    <button
--- a/client/src/components/Filters/Table.js
+++ b/client/src/components/Filters/Table.js
@@ -36,6 +36,7 @@ class Table extends Component {
            Cell: this.renderCheckbox,
            width: 90,
            className: 'text-center',
+            resizable: false,
        },
        {
            Header: <Trans>name_table_header</Trans>,
@@ -77,12 +78,14 @@ class Table extends Component {
        },
        {
            Header: <Trans>actions_table_header</Trans>,
-            accessor: 'url',
+            accessor: 'actions',
            className: 'text-center',
            width: 100,
            sortable: false,
+            resizable: false,
            Cell: (row) => {
-                const { value } = row;
+                const { original } = row;
+                const { url } = original;
                const { t, toggleFilteringModal, handleDelete } = this.props;

                return (
@@ -93,7 +96,7 @@ class Table extends Component {
                            title={t('edit_table_action')}
                            onClick={() => toggleFilteringModal({
                                type: MODAL_TYPE.EDIT_FILTERS,
-                                url: value,
+                                url,
                            })
                            }
                        >
@@ -104,7 +107,7 @@ class Table extends Component {
                        <button
                            type="button"
                            className="btn btn-icon btn-outline-secondary btn-sm"
-                            onClick={() => handleDelete(value)}
+                            onClick={() => handleDelete(url)}
                            title={t('delete_table_action')}
                        >
                            <svg className="icons">
--- a/client/src/components/Logs/Logs.css
+++ b/client/src/components/Logs/Logs.css
@@ -338,10 +338,19 @@
    text-overflow: ellipsis;
 }

+.logs__row--icons {
+    flex-wrap: wrap;
+}
+
 .logs__table .logs__row {
    border-bottom: 2px solid var(--gray-216);
 }

+.logs__tag {
+    text-overflow: ellipsis;
+    overflow: hidden;
+}
+
 /* QUERY_STATUS_COLORS */
 .logs__row--blue {
    background-color: var(--blue);
--- a/client/src/components/Settings/Clients/ClientsTable.js
+++ b/client/src/components/Settings/Clients/ClientsTable.js
@@ -193,7 +193,7 @@ class ClientsTable extends Component {
                    <div className="logs__row o-hidden">
                        <span className="logs__text">
                            {value.map((tag) => (
-                                <div key={tag} title={tag} className="small">
+                                <div key={tag} title={tag} className="logs__tag small">
                                    {tag}
                                </div>
                            ))}
@@ -225,6 +225,8 @@ class ClientsTable extends Component {
            Header: this.props.t('actions_table_header'),
            accessor: 'actions',
            maxWidth: 100,
+            sortable: false,
+            resizable: false,
            Cell: (row) => {
                const clientName = row.original.name;
                const {
--- a/client/src/components/Settings/Dhcp/StaticLeases/Form.js
+++ b/client/src/components/Settings/Dhcp/StaticLeases/Form.js
@@ -10,6 +10,7 @@ import {
    validateMac,
    validateRequiredValue,
    validateIpv4InCidr,
+    validateIpGateway,
 } from '../../../../helpers/validators';
 import { FORM_NAME } from '../../../../helpers/constants';
 import { toggleLeaseModal } from '../../../../actions';
@@ -57,6 +58,7 @@ const Form = ({
                            validateRequiredValue,
                            validateIpv4,
                            validateIpv4InCidr,
+                            validateIpGateway,
                        ]}
                    />
                </div>
@@ -101,6 +103,7 @@ Form.propTypes = {
        ip: PropTypes.string.isRequired,
        hostname: PropTypes.string.isRequired,
        cidr: PropTypes.string.isRequired,
+        gatewayIp: PropTypes.string,
    }),
    pristine: PropTypes.bool.isRequired,
    handleSubmit: PropTypes.func.isRequired,
--- a/client/src/components/Settings/Dhcp/StaticLeases/Modal.js
+++ b/client/src/components/Settings/Dhcp/StaticLeases/Modal.js
@@ -13,6 +13,7 @@ const Modal = ({
    cidr,
    rangeStart,
    rangeEnd,
+    gatewayIp,
 }) => {
    const dispatch = useDispatch();

@@ -42,6 +43,7 @@ const Modal = ({
                        cidr,
                        rangeStart,
                        rangeEnd,
+                        gatewayIp,
                    }}
                    onSubmit={handleSubmit}
                    processingAdding={processingAdding}
@@ -61,6 +63,7 @@ Modal.propTypes = {
    cidr: PropTypes.string.isRequired,
    rangeStart: PropTypes.string,
    rangeEnd: PropTypes.string,
+    gatewayIp: PropTypes.string,
 };

 export default withTranslation()(Modal);
--- a/client/src/components/Settings/Dhcp/StaticLeases/index.js
+++ b/client/src/components/Settings/Dhcp/StaticLeases/index.js
@@ -24,6 +24,7 @@ const StaticLeases = ({
    cidr,
    rangeStart,
    rangeEnd,
+    gatewayIp,
 }) => {
    const [t] = useTranslation();
    const dispatch = useDispatch();
@@ -70,6 +71,8 @@ const StaticLeases = ({
                        Header: <Trans>actions_table_header</Trans>,
                        accessor: 'actions',
                        maxWidth: 150,
+                        sortable: false,
+                        resizable: false,
                        // eslint-disable-next-line react/display-name
                        Cell: (row) => {
                            const { ip, mac, hostname } = row.original;
@@ -104,6 +107,7 @@ const StaticLeases = ({
                cidr={cidr}
                rangeStart={rangeStart}
                rangeEnd={rangeEnd}
+                gatewayIp={gatewayIp}
            />
        </>
    );
@@ -117,6 +121,7 @@ StaticLeases.propTypes = {
    cidr: PropTypes.string.isRequired,
    rangeStart: PropTypes.string,
    rangeEnd: PropTypes.string,
+    gatewayIp: PropTypes.string,
 };

 cellWrap.propTypes = {
--- a/client/src/components/Settings/Dhcp/index.js
+++ b/client/src/components/Settings/Dhcp/index.js
@@ -278,6 +278,7 @@ const Dhcp = () => {
                            cidr={cidr}
                            rangeStart={dhcp?.values?.v4?.range_start}
                            rangeEnd={dhcp?.values?.v4?.range_end}
+                            gatewayIp={dhcp?.values?.v4?.gateway_ip}
                        />
                        <div className="btn-list mt-2">
                            <button
--- a/client/src/components/Settings/Dns/Upstream/Examples.js
+++ b/client/src/components/Settings/Dns/Upstream/Examples.js
@@ -11,16 +11,16 @@ const Examples = (props) => (
                <code>94.140.14.140</code>: {props.t('example_upstream_regular')}
            </li>
            <li>
-                <code>udp://dns-unfiltered.adguard.com</code>: <Trans>example_upstream_udp</Trans>
+                <code>udp://unfiltered.adguard-dns.com</code>: <Trans>example_upstream_udp</Trans>
            </li>
            <li>
                <code>tcp://94.140.14.140</code>: <Trans>example_upstream_tcp</Trans>
            </li>
            <li>
-                <code>tcp://dns-unfiltered.adguard.com</code>: <Trans>example_upstream_tcp_hostname</Trans>
+                <code>tcp://unfiltered.adguard-dns.com</code>: <Trans>example_upstream_tcp_hostname</Trans>
            </li>
            <li>
-                <code>tls://dns-unfiltered.adguard.com</code>:
+                <code>tls://unfiltered.adguard-dns.com</code>:
                <span>
                    <Trans
                        components={[
@@ -39,7 +39,7 @@ const Examples = (props) => (
                </span>
            </li>
            <li>
-                <code>https://dns-unfiltered.adguard.com/dns-query</code>:
+                <code>https://unfiltered.adguard-dns.com/dns-query</code>:
                <span>
                    <Trans
                        components={[
@@ -58,7 +58,7 @@ const Examples = (props) => (
                </span>
            </li>
            <li>
-                <code>quic://dns-unfiltered.adguard.com:784</code>:
+                <code>quic://unfiltered.adguard-dns.com:784</code>:
                <span>
                    <Trans
                        components={[
--- a/client/src/components/Settings/Settings.css
+++ b/client/src/components/Settings/Settings.css
@@ -113,6 +113,7 @@
    width: 30px;
    height: 30px;
    background-color: transparent;
+    overflow: hidden;
 }

 .btn-icon--green {
--- a/client/src/helpers/validators.js
+++ b/client/src/helpers/validators.js
@@ -339,3 +339,14 @@ export const validatePasswordLength = (value) => {
    }
    return undefined;
 };
+
+/**
+ * @param value {string}
+ * @returns {Function}
+ */
+export const validateIpGateway = (value, allValues) => {
+    if (value === allValues.gatewayIp) {
+        return i18next.t('form_error_gateway_ip');
+    }
+    return undefined;
+};
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.17

 require (
-	github.com/AdguardTeam/dnsproxy v0.43.0
+	github.com/AdguardTeam/dnsproxy v0.43.1
 	github.com/AdguardTeam/golibs v0.10.8
 	github.com/AdguardTeam/urlfilter v0.16.0
 	github.com/NYTimes/gziphandler v1.1.1
@@ -15,6 +15,7 @@ require (
 	github.com/google/go-cmp v0.5.7
 	github.com/google/gopacket v1.1.19
 	github.com/google/renameio v1.0.1
+	github.com/google/uuid v1.3.0
 	github.com/insomniacslk/dhcp v0.0.0-20220405050111-12fbdcb11b41
 	github.com/kardianos/service v1.2.1
 	github.com/lucas-clemente/quic-go v0.27.1
@@ -23,8 +24,7 @@ require (
 	// TODO(a.garipov): This package is deprecated; find a new one or use
 	// our own code for that.
 	github.com/mdlayher/raw v0.0.0-20211126142749-4eae47f3d54b
-	github.com/miekg/dns v1.1.48
-	github.com/satori/go.uuid v1.2.0
+	github.com/miekg/dns v1.1.49
 	github.com/stretchr/testify v1.7.0
 	github.com/ti-mo/netfilter v0.4.0
 	go.etcd.io/bbolt v1.3.6
@@ -45,7 +45,6 @@ require (
 	github.com/cheekybits/genny v1.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
-	github.com/google/uuid v1.3.0 // indirect
 	github.com/josharian/native v1.0.0 // indirect
 	github.com/marten-seemann/qtls-go1-16 v0.1.5 // indirect
 	github.com/marten-seemann/qtls-go1-17 v0.1.1 // indirect
@@ -66,6 +65,3 @@ require (
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 )
-
-// TODO(a.garipov): Return to the main repo once miekg/dns#1359 is merged.
-replace github.com/miekg/dns => github.com/ainar-g/dns v1.1.49-0.20220411125901-8a162bbc18d8
--- a/go.sum
+++ b/go.sum
@@ -7,8 +7,8 @@ dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBr
 dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
-github.com/AdguardTeam/dnsproxy v0.43.0 h1:K082nx37DaNqSyT3kDtAfgBACNWc+ZDI1Yr/kGppu1k=
-github.com/AdguardTeam/dnsproxy v0.43.0/go.mod h1:JUGTm5dmlll47JltztsT0N//pVJjdg6zu0SNeUeaA7g=
+github.com/AdguardTeam/dnsproxy v0.43.1 h1:E777KfQAi+VurOoWEdGQ5iqjSOOAzzbTfLOEzj8heCs=
+github.com/AdguardTeam/dnsproxy v0.43.1/go.mod h1:JUGTm5dmlll47JltztsT0N//pVJjdg6zu0SNeUeaA7g=
 github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
@@ -28,8 +28,6 @@ github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmH
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635/go.mod h1:lmLxL+FV291OopO93Bwf9fQLQeLyt33VJRUg5VJ30us=
-github.com/ainar-g/dns v1.1.49-0.20220411125901-8a162bbc18d8 h1:Hp2waLwK989ui3bDkFpedlIHfyWdZ77gynvd+GPEqXY=
-github.com/ainar-g/dns v1.1.49-0.20220411125901-8a162bbc18d8/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/ameshkov/dnscrypt/v2 v2.2.3 h1:X9UP5AHtwp46Ji+sGFfF/1Is6OPI/SjxLqhKpx0P5UI=
 github.com/ameshkov/dnscrypt/v2 v2.2.3/go.mod h1:xJB9cE1/GF+NB6EEQqRlkoa4bjcV2w7VYn1G+zVq7Bs=
 github.com/ameshkov/dnsstamps v1.0.1/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A=
@@ -176,6 +174,11 @@ github.com/mdlayher/socket v0.2.1/go.mod h1:QLlNPkFR88mRUNQIzRBMfXxwKal8H7u1h3bL
 github.com/mdlayher/socket v0.2.3 h1:XZA2X2TjdOwNoNPVPclRCURoX/hokBY8nkTmRZFEheM=
 github.com/mdlayher/socket v0.2.3/go.mod h1:bz12/FozYNH/VbvC3q7TRIK/Y6dH1kCKsXaUeXi/FmY=
 github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
+github.com/miekg/dns v1.1.40/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
+github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
+github.com/miekg/dns v1.1.44/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
+github.com/miekg/dns v1.1.49 h1:qe0mQU3Z/XpFeE+AEBo2rqaS1IPBJ3anmqZ4XiZJVG8=
+github.com/miekg/dns v1.1.49/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
@@ -209,8 +212,6 @@ github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:
 github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
-github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/shirou/gopsutil/v3 v3.21.8 h1:nKct+uP0TV8DjjNiHanKf8SAuub+GNsbrOtM9Nl9biA=
 github.com/shirou/gopsutil/v3 v3.21.8/go.mod h1:YWp/H8Qs5fVmf17v7JNZzA0mPJ+mS2e9JdiUF9LlKzQ=
@@ -307,6 +308,7 @@ golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@@ -356,6 +358,7 @@ golang.org/x/sys v0.0.0-20190606122018-79a91cf218c4/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -372,6 +375,7 @@ golang.org/x/sys v0.0.0-20201017003518-b09fb700fbb7/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -410,6 +414,7 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
--- a/internal/aghalg/nullbool.go
+++ b/internal/aghalg/nullbool.go
@@ -0,0 +1,67 @@
+package aghalg
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+)
+
+// NullBool is a nullable boolean.  Use these in JSON requests and responses
+// instead of pointers to bool.
+type NullBool uint8
+
+// NullBool values
+const (
+	NBNull NullBool = iota
+	NBTrue
+	NBFalse
+)
+
+// String implements the fmt.Stringer interface for NullBool.
+func (nb NullBool) String() (s string) {
+	switch nb {
+	case NBNull:
+		return "null"
+	case NBTrue:
+		return "true"
+	case NBFalse:
+		return "false"
+	}
+
+	return fmt.Sprintf("!invalid NullBool %d", uint8(nb))
+}
+
+// BoolToNullBool converts a bool into a NullBool.
+func BoolToNullBool(cond bool) (nb NullBool) {
+	if cond {
+		return NBTrue
+	}
+
+	return NBFalse
+}
+
+// type check
+var _ json.Marshaler = NBNull
+
+// MarshalJSON implements the json.Marshaler interface for NullBool.
+func (nb NullBool) MarshalJSON() (b []byte, err error) {
+	return []byte(nb.String()), nil
+}
+
+// type check
+var _ json.Unmarshaler = (*NullBool)(nil)
+
+// UnmarshalJSON implements the json.Unmarshaler interface for *NullBool.
+func (nb *NullBool) UnmarshalJSON(b []byte) (err error) {
+	if len(b) == 0 || bytes.Equal(b, []byte("null")) {
+		*nb = NBNull
+	} else if bytes.Equal(b, []byte("true")) {
+		*nb = NBTrue
+	} else if bytes.Equal(b, []byte("false")) {
+		*nb = NBFalse
+	} else {
+		return fmt.Errorf("unmarshalling json data into aghalg.NullBool: bad value %q", b)
+	}
+
+	return nil
+}
--- a/internal/aghalg/nullbool_test.go
+++ b/internal/aghalg/nullbool_test.go
@@ -0,0 +1,113 @@
+package aghalg_test
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
+	"github.com/AdguardTeam/golibs/testutil"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNullBool_MarshalJSON(t *testing.T) {
+	testCases := []struct {
+		name       string
+		wantErrMsg string
+		want       []byte
+		in         aghalg.NullBool
+	}{{
+		name:       "null",
+		wantErrMsg: "",
+		want:       []byte("null"),
+		in:         aghalg.NBNull,
+	}, {
+		name:       "true",
+		wantErrMsg: "",
+		want:       []byte("true"),
+		in:         aghalg.NBTrue,
+	}, {
+		name:       "false",
+		wantErrMsg: "",
+		want:       []byte("false"),
+		in:         aghalg.NBFalse,
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			got, err := tc.in.MarshalJSON()
+			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
+
+			assert.Equal(t, tc.want, got)
+		})
+	}
+
+	t.Run("json", func(t *testing.T) {
+		in := &struct {
+			A aghalg.NullBool
+		}{
+			A: aghalg.NBTrue,
+		}
+
+		got, err := json.Marshal(in)
+		require.NoError(t, err)
+
+		assert.Equal(t, []byte(`{"A":true}`), got)
+	})
+}
+
+func TestNullBool_UnmarshalJSON(t *testing.T) {
+	testCases := []struct {
+		name       string
+		wantErrMsg string
+		data       []byte
+		want       aghalg.NullBool
+	}{{
+		name:       "empty",
+		wantErrMsg: "",
+		data:       []byte{},
+		want:       aghalg.NBNull,
+	}, {
+		name:       "null",
+		wantErrMsg: "",
+		data:       []byte("null"),
+		want:       aghalg.NBNull,
+	}, {
+		name:       "true",
+		wantErrMsg: "",
+		data:       []byte("true"),
+		want:       aghalg.NBTrue,
+	}, {
+		name:       "false",
+		wantErrMsg: "",
+		data:       []byte("false"),
+		want:       aghalg.NBFalse,
+	}, {
+		name:       "invalid",
+		wantErrMsg: `unmarshalling json data into aghalg.NullBool: bad value "invalid"`,
+		data:       []byte("invalid"),
+		want:       aghalg.NBNull,
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			var got aghalg.NullBool
+			err := got.UnmarshalJSON(tc.data)
+			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
+
+			assert.Equal(t, tc.want, got)
+		})
+	}
+
+	t.Run("json", func(t *testing.T) {
+		want := aghalg.NBTrue
+		var got struct {
+			A aghalg.NullBool
+		}
+
+		err := json.Unmarshal([]byte(`{"A":true}`), &got)
+		require.NoError(t, err)
+
+		assert.Equal(t, want, got.A)
+	})
+}
--- a/internal/aghnet/hostscontainer.go
+++ b/internal/aghnet/hostscontainer.go
@@ -198,7 +198,7 @@ func (hc *HostsContainer) Close() (err error) {
 }

 // Upd returns the channel into which the updates are sent.  The receivable
-// map's values are guaranteed to be of type of *stringutil.Set.
+// map's values are guaranteed to be of type of *HostsRecord.
 func (hc *HostsContainer) Upd() (updates <-chan *netutil.IPMap) {
 	return hc.updates
 }
@@ -290,7 +290,7 @@ func (hp *hostsParser) parseFile(r io.Reader) (patterns []string, cont bool, err
 			continue
 		}

-		hp.addPairs(ip, hosts)
+		hp.addRecord(ip, hosts)
 	}

 	return nil, true, s.Err()
@@ -335,39 +335,66 @@ func (hp *hostsParser) parseLine(line string) (ip net.IP, hosts []string) {
 	return ip, hosts
 }

-// addPair puts the pair of ip and host to the rules builder if needed.  For
-// each ip the first member of hosts will become the main one.
-func (hp *hostsParser) addPairs(ip net.IP, hosts []string) {
+// HostsRecord represents a single hosts file record.
+type HostsRecord struct {
+	Aliases   *stringutil.Set
+	Canonical string
+}
+
+// Equal returns true if all fields of rec are equal to field in other or they
+// both are nil.
+func (rec *HostsRecord) Equal(other *HostsRecord) (ok bool) {
+	if rec == nil {
+		return other == nil
+	}
+
+	return rec.Canonical == other.Canonical && rec.Aliases.Equal(other.Aliases)
+}
+
+// addRecord puts the record for the IP address to the rules builder if needed.
+// The first host is considered to be the canonical name for the IP address.
+// hosts must have at least one name.
+func (hp *hostsParser) addRecord(ip net.IP, hosts []string) {
+	line := strings.Join(append([]string{ip.String()}, hosts...), " ")
+
+	var rec *HostsRecord
 	v, ok := hp.table.Get(ip)
 	if !ok {
-		// This ip is added at the first time.
-		v = stringutil.NewSet()
-		hp.table.Set(ip, v)
+		rec = &HostsRecord{
+			Aliases: stringutil.NewSet(),
+		}
+
+		rec.Canonical, hosts = hosts[0], hosts[1:]
+		hp.addRules(ip, rec.Canonical, line)
+		hp.table.Set(ip, rec)
+	} else {
+		rec, ok = v.(*HostsRecord)
+		if !ok {
+			log.Error("%s: adding pairs: unexpected type %T", hostsContainerPref, v)
+
+			return
+		}
 	}

-	var set *stringutil.Set
-	set, ok = v.(*stringutil.Set)
-	if !ok {
-		log.Debug("%s: adding pairs: unexpected value type %T", hostsContainerPref, v)
-
-		return
-	}
-
-	processed := strings.Join(append([]string{ip.String()}, hosts...), " ")
-	for _, h := range hosts {
-		if set.Has(h) {
+	for _, host := range hosts {
+		if rec.Canonical == host || rec.Aliases.Has(host) {
 			continue
 		}

-		set.Add(h)
+		rec.Aliases.Add(host)

-		rule, rulePtr := hp.writeRules(h, ip)
-		hp.translations[rule], hp.translations[rulePtr] = processed, processed
-
-		log.Debug("%s: added ip-host pair %q-%q", hostsContainerPref, ip, h)
+		hp.addRules(ip, host, line)
 	}
 }

+// addRules adds rules and rule translations for the line.
+func (hp *hostsParser) addRules(ip net.IP, host, line string) {
+	rule, rulePtr := hp.writeRules(host, ip)
+	hp.translations[rule], hp.translations[rulePtr] = line, line
+
+	log.Debug("%s: added ip-host pair %q-%q", hostsContainerPref, ip, host)
+}
+
 // writeRules writes the actual rule for the qtype and the PTR for the host-ip
 // pair into internal builders.
 func (hp *hostsParser) writeRules(host string, ip net.IP) (rule, rulePtr string) {
@@ -417,6 +444,7 @@ func (hp *hostsParser) writeRules(host string, ip net.IP) (rule, rulePtr string)
 }

 // equalSet returns true if the internal hosts table just parsed equals target.
+// target's values must be of type *HostsRecord.
 func (hp *hostsParser) equalSet(target *netutil.IPMap) (ok bool) {
 	if target == nil {
 		// hp.table shouldn't appear nil since it's initialized on each refresh.
@@ -427,22 +455,35 @@ func (hp *hostsParser) equalSet(target *netutil.IPMap) (ok bool) {
 		return false
 	}

-	hp.table.Range(func(ip net.IP, b interface{}) (cont bool) {
-		// ok is set to true if the target doesn't contain ip or if the
-		// appropriate hosts set isn't equal to the checked one.
-		if a, hasIP := target.Get(ip); !hasIP {
-			ok = true
-		} else if hosts, aok := a.(*stringutil.Set); aok {
-			ok = !hosts.Equal(b.(*stringutil.Set))
+	hp.table.Range(func(ip net.IP, recVal interface{}) (cont bool) {
+		var targetVal interface{}
+		targetVal, ok = target.Get(ip)
+		if !ok {
+			return false
 		}

-		// Continue only if maps has no discrepancies.
-		return !ok
+		var rec *HostsRecord
+		rec, ok = recVal.(*HostsRecord)
+		if !ok {
+			log.Error("%s: comparing: unexpected type %T", hostsContainerPref, recVal)
+
+			return false
+		}
+
+		var targetRec *HostsRecord
+		targetRec, ok = targetVal.(*HostsRecord)
+		if !ok {
+			log.Error("%s: comparing: target: unexpected type %T", hostsContainerPref, targetVal)
+
+			return false
+		}
+
+		ok = rec.Equal(targetRec)
+
+		return ok
 	})

-	// Return true if every value from the IP map has no discrepancies with the
-	// appropriate one from the target.
-	return !ok
+	return ok
 }

 // sendUpd tries to send the parsed data to the ch.
--- a/internal/aghnet/hostscontainer_test.go
+++ b/internal/aghnet/hostscontainer_test.go
@@ -12,6 +12,7 @@ import (

 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
 	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/AdguardTeam/urlfilter"
@@ -159,31 +160,47 @@ func TestHostsContainer_refresh(t *testing.T) {
 	require.NoError(t, err)
 	testutil.CleanupAndRequireSuccess(t, hc.Close)

-	checkRefresh := func(t *testing.T, wantHosts *stringutil.Set) {
-		upd, ok := <-hc.Upd()
-		require.True(t, ok)
-		require.NotNil(t, upd)
+	checkRefresh := func(t *testing.T, want *HostsRecord) {
+		t.Helper()
+
+		var ok bool
+		var upd *netutil.IPMap
+		select {
+		case upd, ok = <-hc.Upd():
+			require.True(t, ok)
+			require.NotNil(t, upd)
+		case <-time.After(1 * time.Second):
+			t.Fatal("did not receive after 1s")
+		}

 		assert.Equal(t, 1, upd.Len())

 		v, ok := upd.Get(ip)
 		require.True(t, ok)

-		var set *stringutil.Set
-		set, ok = v.(*stringutil.Set)
-		require.True(t, ok)
+		require.IsType(t, (*HostsRecord)(nil), v)

-		assert.True(t, set.Equal(wantHosts))
+		rec, _ := v.(*HostsRecord)
+		require.NotNil(t, rec)
+
+		assert.Truef(t, rec.Equal(want), "%+v != %+v", rec, want)
 	}

 	t.Run("initial_refresh", func(t *testing.T) {
-		checkRefresh(t, stringutil.NewSet("hostname"))
+		checkRefresh(t, &HostsRecord{
+			Aliases:   stringutil.NewSet(),
+			Canonical: "hostname",
+		})
 	})

 	t.Run("second_refresh", func(t *testing.T) {
 		testFS["dir/file2"] = &fstest.MapFile{Data: []byte(ipStr + ` alias` + nl)}
 		eventsCh <- event{}
-		checkRefresh(t, stringutil.NewSet("hostname", "alias"))
+
+		checkRefresh(t, &HostsRecord{
+			Aliases:   stringutil.NewSet("alias"),
+			Canonical: "hostname",
+		})
 	})

 	t.Run("double_refresh", func(t *testing.T) {
@@ -363,10 +380,15 @@ func TestHostsContainer(t *testing.T) {
 	require.NoError(t, fstest.TestFS(testdata, "etc_hosts"))

 	testCases := []struct {
-		want []*rules.DNSRewrite
-		name string
 		req  *urlfilter.DNSRequest
+		name string
+		want []*rules.DNSRewrite
 	}{{
+		req: &urlfilter.DNSRequest{
+			Hostname: "simplehost",
+			DNSType:  dns.TypeA,
+		},
+		name: "simple",
 		want: []*rules.DNSRewrite{{
 			RCode:  dns.RcodeSuccess,
 			Value:  net.IPv4(1, 0, 0, 1),
@@ -376,27 +398,12 @@ func TestHostsContainer(t *testing.T) {
 			Value:  net.ParseIP("::1"),
 			RRType: dns.TypeAAAA,
 		}},
-		name: "simple",
-		req: &urlfilter.DNSRequest{
-			Hostname: "simplehost",
-			DNSType:  dns.TypeA,
-		},
 	}, {
-		want: []*rules.DNSRewrite{{
-			RCode:  dns.RcodeSuccess,
-			Value:  net.IPv4(1, 0, 0, 0),
-			RRType: dns.TypeA,
-		}, {
-			RCode:  dns.RcodeSuccess,
-			Value:  net.ParseIP("::"),
-			RRType: dns.TypeAAAA,
-		}},
-		name: "hello_alias",
 		req: &urlfilter.DNSRequest{
 			Hostname: "hello.world",
 			DNSType:  dns.TypeA,
 		},
-	}, {
+		name: "hello_alias",
 		want: []*rules.DNSRewrite{{
 			RCode:  dns.RcodeSuccess,
 			Value:  net.IPv4(1, 0, 0, 0),
@@ -406,26 +413,41 @@ func TestHostsContainer(t *testing.T) {
 			Value:  net.ParseIP("::"),
 			RRType: dns.TypeAAAA,
 		}},
-		name: "other_line_alias",
+	}, {
 		req: &urlfilter.DNSRequest{
 			Hostname: "hello.world.again",
 			DNSType:  dns.TypeA,
 		},
+		name: "other_line_alias",
+		want: []*rules.DNSRewrite{{
+			RCode:  dns.RcodeSuccess,
+			Value:  net.IPv4(1, 0, 0, 0),
+			RRType: dns.TypeA,
+		}, {
+			RCode:  dns.RcodeSuccess,
+			Value:  net.ParseIP("::"),
+			RRType: dns.TypeAAAA,
+		}},
 	}, {
-		want: []*rules.DNSRewrite{},
-		name: "hello_subdomain",
 		req: &urlfilter.DNSRequest{
 			Hostname: "say.hello",
 			DNSType:  dns.TypeA,
 		},
-	}, {
+		name: "hello_subdomain",
 		want: []*rules.DNSRewrite{},
-		name: "hello_alias_subdomain",
+	}, {
 		req: &urlfilter.DNSRequest{
 			Hostname: "say.hello.world",
 			DNSType:  dns.TypeA,
 		},
+		name: "hello_alias_subdomain",
+		want: []*rules.DNSRewrite{},
 	}, {
+		req: &urlfilter.DNSRequest{
+			Hostname: "for.testing",
+			DNSType:  dns.TypeA,
+		},
+		name: "lots_of_aliases",
 		want: []*rules.DNSRewrite{{
 			RCode:  dns.RcodeSuccess,
 			RRType: dns.TypeA,
@@ -435,37 +457,37 @@ func TestHostsContainer(t *testing.T) {
 			RRType: dns.TypeAAAA,
 			Value:  net.ParseIP("::2"),
 		}},
-		name: "lots_of_aliases",
-		req: &urlfilter.DNSRequest{
-			Hostname: "for.testing",
-			DNSType:  dns.TypeA,
-		},
 	}, {
+		req: &urlfilter.DNSRequest{
+			Hostname: "1.0.0.1.in-addr.arpa",
+			DNSType:  dns.TypePTR,
+		},
+		name: "reverse",
 		want: []*rules.DNSRewrite{{
 			RCode:  dns.RcodeSuccess,
 			RRType: dns.TypePTR,
 			Value:  "simplehost.",
 		}},
-		name: "reverse",
-		req: &urlfilter.DNSRequest{
-			Hostname: "1.0.0.1.in-addr.arpa",
-			DNSType:  dns.TypePTR,
-		},
 	}, {
-		want: []*rules.DNSRewrite{},
-		name: "non-existing",
 		req: &urlfilter.DNSRequest{
 			Hostname: "nonexisting",
 			DNSType:  dns.TypeA,
 		},
+		name: "non-existing",
+		want: []*rules.DNSRewrite{},
 	}, {
-		want: nil,
-		name: "bad_type",
 		req: &urlfilter.DNSRequest{
 			Hostname: "1.0.0.1.in-addr.arpa",
 			DNSType:  dns.TypeSRV,
 		},
+		name: "bad_type",
+		want: nil,
 	}, {
+		req: &urlfilter.DNSRequest{
+			Hostname: "domain",
+			DNSType:  dns.TypeA,
+		},
+		name: "issue_4216_4_6",
 		want: []*rules.DNSRewrite{{
 			RCode:  dns.RcodeSuccess,
 			RRType: dns.TypeA,
@@ -475,12 +497,12 @@ func TestHostsContainer(t *testing.T) {
 			RRType: dns.TypeAAAA,
 			Value:  net.ParseIP("::42"),
 		}},
-		name: "issue_4216_4_6",
+	}, {
 		req: &urlfilter.DNSRequest{
-			Hostname: "domain",
+			Hostname: "domain4",
 			DNSType:  dns.TypeA,
 		},
-	}, {
+		name: "issue_4216_4",
 		want: []*rules.DNSRewrite{{
 			RCode:  dns.RcodeSuccess,
 			RRType: dns.TypeA,
@@ -490,12 +512,12 @@ func TestHostsContainer(t *testing.T) {
 			RRType: dns.TypeA,
 			Value:  net.IPv4(1, 3, 5, 7),
 		}},
-		name: "issue_4216_4",
-		req: &urlfilter.DNSRequest{
-			Hostname: "domain4",
-			DNSType:  dns.TypeA,
-		},
 	}, {
+		req: &urlfilter.DNSRequest{
+			Hostname: "domain6",
+			DNSType:  dns.TypeAAAA,
+		},
+		name: "issue_4216_6",
 		want: []*rules.DNSRewrite{{
 			RCode:  dns.RcodeSuccess,
 			RRType: dns.TypeAAAA,
@@ -505,11 +527,6 @@ func TestHostsContainer(t *testing.T) {
 			RRType: dns.TypeAAAA,
 			Value:  net.ParseIP("::31"),
 		}},
-		name: "issue_4216_6",
-		req: &urlfilter.DNSRequest{
-			Hostname: "domain6",
-			DNSType:  dns.TypeAAAA,
-		},
 	}}

 	stubWatcher := aghtest.FSWatcher{
--- a/internal/aghnet/systemresolvers.go
+++ b/internal/aghnet/systemresolvers.go
@@ -19,7 +19,7 @@ type SystemResolvers interface {
 }

 // NewSystemResolvers returns a SystemResolvers with the cache refresh rate
-// defined by refreshIvl. It disables auto-resfreshing if refreshIvl is 0.  If
+// defined by refreshIvl. It disables auto-refreshing if refreshIvl is 0.  If
 // nil is passed for hostGenFunc, the default generator will be used.
 func NewSystemResolvers(
 	hostGenFunc HostGenFunc,
--- a/internal/dhcpd/http.go
+++ b/internal/dhcpd/http.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/errors"
@@ -145,7 +146,7 @@ type dhcpServerConfigJSON struct {
 	V4            *v4ServerConfJSON `json:"v4"`
 	V6            *v6ServerConfJSON `json:"v6"`
 	InterfaceName string            `json:"interface_name"`
-	Enabled       nullBool          `json:"enabled"`
+	Enabled       aghalg.NullBool   `json:"enabled"`
 }

 func (s *Server) handleDHCPSetConfigV4(
@@ -156,7 +157,7 @@ func (s *Server) handleDHCPSetConfigV4(
 	}

 	v4Conf := v4JSONToServerConf(conf.V4)
-	v4Conf.Enabled = conf.Enabled == nbTrue
+	v4Conf.Enabled = conf.Enabled == aghalg.NBTrue
 	if len(v4Conf.RangeStart) == 0 {
 		v4Conf.Enabled = false
 	}
@@ -183,7 +184,7 @@ func (s *Server) handleDHCPSetConfigV6(
 	}

 	v6Conf := v6JSONToServerConf(conf.V6)
-	v6Conf.Enabled = conf.Enabled == nbTrue
+	v6Conf.Enabled = conf.Enabled == aghalg.NBTrue
 	if len(v6Conf.RangeStart) == 0 {
 		v6Conf.Enabled = false
 	}
@@ -206,7 +207,7 @@ func (s *Server) handleDHCPSetConfigV6(

 func (s *Server) handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
 	conf := &dhcpServerConfigJSON{}
-	conf.Enabled = boolToNullBool(s.conf.Enabled)
+	conf.Enabled = aghalg.BoolToNullBool(s.conf.Enabled)
 	conf.InterfaceName = s.conf.InterfaceName

 	err := json.NewDecoder(r.Body).Decode(conf)
@@ -230,7 +231,7 @@ func (s *Server) handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if conf.Enabled == nbTrue && !v4Enabled && !v6Enabled {
+	if conf.Enabled == aghalg.NBTrue && !v4Enabled && !v6Enabled {
 		aghhttp.Error(r, w, http.StatusBadRequest, "dhcpv4 or dhcpv6 configuration must be complete")

 		return
@@ -243,8 +244,8 @@ func (s *Server) handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if conf.Enabled != nbNull {
-		s.conf.Enabled = conf.Enabled == nbTrue
+	if conf.Enabled != aghalg.NBNull {
+		s.conf.Enabled = conf.Enabled == aghalg.NBTrue
 	}

 	if conf.InterfaceName != "" {
@@ -279,11 +280,11 @@ func (s *Server) handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {

 type netInterfaceJSON struct {
 	Name         string   `json:"name"`
-	GatewayIP    net.IP   `json:"gateway_ip"`
 	HardwareAddr string   `json:"hardware_address"`
+	Flags        string   `json:"flags"`
+	GatewayIP    net.IP   `json:"gateway_ip"`
 	Addrs4       []net.IP `json:"ipv4_addresses"`
 	Addrs6       []net.IP `json:"ipv6_addresses"`
-	Flags        string   `json:"flags"`
 }

 func (s *Server) handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
@@ -497,7 +498,6 @@ func (s *Server) handleDHCPAddStaticLease(w http.ResponseWriter, r *http.Request
 	}

 	ip4 := l.IP.To4()
-
 	if ip4 == nil {
 		l.IP = l.IP.To16()

--- a/internal/dhcpd/nullbool.go
+++ b/internal/dhcpd/nullbool.go
@@ -1,58 +0,0 @@
-package dhcpd
-
-import (
-	"bytes"
-	"fmt"
-)
-
-// nullBool is a nullable boolean.  Use these in JSON requests and responses
-// instead of pointers to bool.
-//
-// TODO(a.garipov): Inspect uses of *bool, move this type into some new package
-// if we need it somewhere else.
-type nullBool uint8
-
-// nullBool values
-const (
-	nbNull nullBool = iota
-	nbTrue
-	nbFalse
-)
-
-// String implements the fmt.Stringer interface for nullBool.
-func (nb nullBool) String() (s string) {
-	switch nb {
-	case nbNull:
-		return "null"
-	case nbTrue:
-		return "true"
-	case nbFalse:
-		return "false"
-	}
-
-	return fmt.Sprintf("!invalid nullBool %d", uint8(nb))
-}
-
-// boolToNullBool converts a bool into a nullBool.
-func boolToNullBool(cond bool) (nb nullBool) {
-	if cond {
-		return nbTrue
-	}
-
-	return nbFalse
-}
-
-// UnmarshalJSON implements the json.Unmarshaler interface for *nullBool.
-func (nb *nullBool) UnmarshalJSON(b []byte) (err error) {
-	if len(b) == 0 || bytes.Equal(b, []byte("null")) {
-		*nb = nbNull
-	} else if bytes.Equal(b, []byte("true")) {
-		*nb = nbTrue
-	} else if bytes.Equal(b, []byte("false")) {
-		*nb = nbFalse
-	} else {
-		return fmt.Errorf("invalid nullBool value %q", b)
-	}
-
-	return nil
-}
--- a/internal/dhcpd/nullbool_test.go
+++ b/internal/dhcpd/nullbool_test.go
@@ -1,66 +0,0 @@
-package dhcpd
-
-import (
-	"encoding/json"
-	"testing"
-
-	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestNullBool_UnmarshalJSON(t *testing.T) {
-	testCases := []struct {
-		name       string
-		wantErrMsg string
-		data       []byte
-		want       nullBool
-	}{{
-		name:       "empty",
-		wantErrMsg: "",
-		data:       []byte{},
-		want:       nbNull,
-	}, {
-		name:       "null",
-		wantErrMsg: "",
-		data:       []byte("null"),
-		want:       nbNull,
-	}, {
-		name:       "true",
-		wantErrMsg: "",
-		data:       []byte("true"),
-		want:       nbTrue,
-	}, {
-		name:       "false",
-		wantErrMsg: "",
-		data:       []byte("false"),
-		want:       nbFalse,
-	}, {
-		name:       "invalid",
-		wantErrMsg: `invalid nullBool value "invalid"`,
-		data:       []byte("invalid"),
-		want:       nbNull,
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			var got nullBool
-			err := got.UnmarshalJSON(tc.data)
-			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
-
-			assert.Equal(t, tc.want, got)
-		})
-	}
-
-	t.Run("json", func(t *testing.T) {
-		want := nbTrue
-		var got struct {
-			A nullBool
-		}
-
-		err := json.Unmarshal([]byte(`{"A":true}`), &got)
-		require.NoError(t, err)
-
-		assert.Equal(t, want, got.A)
-	})
-}
--- a/internal/dhcpd/v4.go
+++ b/internal/dhcpd/v4.go
@@ -333,12 +333,16 @@ func (s *v4Server) rmLease(lease *Lease) (err error) {
 	return errors.Error("lease not found")
 }

-// AddStaticLease adds a static lease.  It is safe for concurrent use.
+// AddStaticLease implements the DHCPServer interface for *v4Server.  It is safe
+// for concurrent use.
 func (s *v4Server) AddStaticLease(l *Lease) (err error) {
 	defer func() { err = errors.Annotate(err, "dhcpv4: adding static lease: %w") }()

-	if ip4 := l.IP.To4(); ip4 == nil {
+	ip := l.IP.To4()
+	if ip == nil {
 		return fmt.Errorf("invalid ip %q, only ipv4 is supported", l.IP)
+	} else if gwIP := s.conf.GatewayIP; gwIP.Equal(ip) {
+		return fmt.Errorf("can't assign the gateway IP %s to the lease", gwIP)
 	}

 	l.Expiry = time.Unix(leaseExpireStatic, 0)
@@ -377,7 +381,7 @@ func (s *v4Server) AddStaticLease(l *Lease) (err error) {
 		if err != nil {
 			err = fmt.Errorf(
 				"removing dynamic leases for %s (%s): %w",
-				l.IP,
+				ip,
 				l.HWAddr,
 				err,
 			)
@@ -387,7 +391,7 @@ func (s *v4Server) AddStaticLease(l *Lease) (err error) {

 		err = s.addLease(l)
 		if err != nil {
-			err = fmt.Errorf("adding static lease for %s (%s): %w", l.IP, l.HWAddr, err)
+			err = fmt.Errorf("adding static lease for %s (%s): %w", ip, l.HWAddr, err)

 			return
 		}
--- a/internal/dhcpd/v4_test.go
+++ b/internal/dhcpd/v4_test.go
@@ -4,6 +4,7 @@
 package dhcpd

 import (
+	"fmt"
 	"net"
 	"strings"
 	"testing"
@@ -16,6 +17,13 @@ import (
 	"github.com/stretchr/testify/require"
 )

+var (
+	DefaultRangeStart = net.IP{192, 168, 10, 100}
+	DefaultRangeEnd   = net.IP{192, 168, 10, 200}
+	DefaultGatewayIP  = net.IP{192, 168, 10, 1}
+	DefaultSubnetMask = net.IP{255, 255, 255, 0}
+)
+
 func notify4(flags uint32) {
 }

@@ -24,10 +32,10 @@ func notify4(flags uint32) {
 func defaultV4ServerConf() (conf V4ServerConf) {
 	return V4ServerConf{
 		Enabled:    true,
-		RangeStart: net.IP{192, 168, 10, 100},
-		RangeEnd:   net.IP{192, 168, 10, 200},
-		GatewayIP:  net.IP{192, 168, 10, 1},
-		SubnetMask: net.IP{255, 255, 255, 0},
+		RangeStart: DefaultRangeStart,
+		RangeEnd:   DefaultRangeEnd,
+		GatewayIP:  DefaultGatewayIP,
+		SubnetMask: DefaultSubnetMask,
 		notify:     notify4,
 	}
 }
@@ -44,44 +52,86 @@ func defaultSrv(t *testing.T) (s DHCPServer) {
 	return s
 }

-func TestV4_AddRemove_static(t *testing.T) {
+func TestV4Server_AddRemove_static(t *testing.T) {
 	s := defaultSrv(t)

 	ls := s.GetLeases(LeasesStatic)
-	assert.Empty(t, ls)
+	require.Empty(t, ls)

-	// Add static lease.
-	l := &Lease{
-		Hostname: "static-1.local",
-		HWAddr:   net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
-		IP:       net.IP{192, 168, 10, 150},
+	testCases := []struct {
+		lease      *Lease
+		name       string
+		wantErrMsg string
+	}{{
+		lease: &Lease{
+			Hostname: "success.local",
+			HWAddr:   net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+			IP:       net.IP{192, 168, 10, 150},
+		},
+		name:       "success",
+		wantErrMsg: "",
+	}, {
+		lease: &Lease{
+			Hostname: "probably-router.local",
+			HWAddr:   net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+			IP:       DefaultGatewayIP,
+		},
+		name: "with_gateway_ip",
+		wantErrMsg: "dhcpv4: adding static lease: " +
+			"can't assign the gateway IP 192.168.10.1 to the lease",
+	}, {
+		lease: &Lease{
+			Hostname: "ip6.local",
+			HWAddr:   net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+			IP:       net.ParseIP("ffff::1"),
+		},
+		name: "ipv6",
+		wantErrMsg: `dhcpv4: adding static lease: ` +
+			`invalid ip "ffff::1", only ipv4 is supported`,
+	}, {
+		lease: &Lease{
+			Hostname: "bad-mac.local",
+			HWAddr:   net.HardwareAddr{0xAA, 0xAA},
+			IP:       net.IP{192, 168, 10, 150},
+		},
+		name: "bad_mac",
+		wantErrMsg: `dhcpv4: adding static lease: bad mac address "aa:aa": ` +
+			`bad mac address length 2, allowed: [6 8 20]`,
+	}, {
+		lease: &Lease{
+			Hostname: "bad-lbl-.local",
+			HWAddr:   net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+			IP:       net.IP{192, 168, 10, 150},
+		},
+		name: "bad_hostname",
+		wantErrMsg: `dhcpv4: adding static lease: validating hostname: ` +
+			`bad domain name "bad-lbl-.local": ` +
+			`bad domain name label "bad-lbl-": bad domain name label rune '-'`,
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			err := s.AddStaticLease(tc.lease)
+			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
+			if tc.wantErrMsg != "" {
+				return
+			}
+
+			err = s.RemoveStaticLease(&Lease{
+				IP:     tc.lease.IP,
+				HWAddr: tc.lease.HWAddr,
+			})
+			diffErrMsg := fmt.Sprintf("dhcpv4: lease for ip %s is different: %+v", tc.lease.IP, tc.lease)
+			testutil.AssertErrorMsg(t, diffErrMsg, err)
+
+			// Remove static lease.
+			err = s.RemoveStaticLease(tc.lease)
+			require.NoError(t, err)
+		})
+
+		ls = s.GetLeases(LeasesStatic)
+		require.Emptyf(t, ls, "after %s", tc.name)
 	}
-
-	err := s.AddStaticLease(l)
-	require.NoError(t, err)
-
-	err = s.AddStaticLease(l)
-	assert.Error(t, err)
-
-	ls = s.GetLeases(LeasesStatic)
-	require.Len(t, ls, 1)
-
-	assert.True(t, l.IP.Equal(ls[0].IP))
-	assert.Equal(t, l.HWAddr, ls[0].HWAddr)
-	assert.True(t, ls[0].IsStatic())
-
-	// Try to remove static lease.
-	err = s.RemoveStaticLease(&Lease{
-		IP:     net.IP{192, 168, 10, 110},
-		HWAddr: net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
-	})
-	assert.Error(t, err)
-
-	// Remove static lease.
-	err = s.RemoveStaticLease(l)
-	require.NoError(t, err)
-	ls = s.GetLeases(LeasesStatic)
-	assert.Empty(t, ls)
 }

 func TestV4_AddReplace(t *testing.T) {
--- a/internal/dnsforward/config.go
+++ b/internal/dnsforward/config.go
@@ -134,8 +134,9 @@ type FilteringConfig struct {

 // TLSConfig is the TLS configuration for HTTPS, DNS-over-HTTPS, and DNS-over-TLS
 type TLSConfig struct {
-	TLSListenAddrs  []*net.TCPAddr `yaml:"-" json:"-"`
-	QUICListenAddrs []*net.UDPAddr `yaml:"-" json:"-"`
+	TLSListenAddrs   []*net.TCPAddr `yaml:"-" json:"-"`
+	QUICListenAddrs  []*net.UDPAddr `yaml:"-" json:"-"`
+	HTTPSListenAddrs []*net.TCPAddr `yaml:"-" json:"-"`

 	// Reject connection if the client uses server name (in SNI) that doesn't match the certificate
 	StrictSNICheck bool `yaml:"strict_sni_check" json:"-"`
@@ -277,6 +278,11 @@ func (s *Server) createProxyConfig() (proxy.Config, error) {
 	return proxyConfig, nil
 }

+const (
+	defaultSafeBrowsingBlockHost = "standard-block.dns.adguard.com"
+	defaultParentalBlockHost     = "family-block.dns.adguard.com"
+)
+
 // initDefaultSettings initializes default settings if nothing
 // is configured
 func (s *Server) initDefaultSettings() {
@@ -288,12 +294,12 @@ func (s *Server) initDefaultSettings() {
 		s.conf.BootstrapDNS = defaultBootstrap
 	}

-	if len(s.conf.ParentalBlockHost) == 0 {
-		s.conf.ParentalBlockHost = parentalBlockHost
+	if s.conf.ParentalBlockHost == "" {
+		s.conf.ParentalBlockHost = defaultParentalBlockHost
 	}

-	if len(s.conf.SafeBrowsingBlockHost) == 0 {
-		s.conf.SafeBrowsingBlockHost = safeBrowsingBlockHost
+	if s.conf.SafeBrowsingBlockHost == "" {
+		s.conf.SafeBrowsingBlockHost = defaultSafeBrowsingBlockHost
 	}

 	if s.conf.UDPListenAddrs == nil {
--- a/internal/dnsforward/dns.go
+++ b/internal/dnsforward/dns.go
@@ -100,9 +100,9 @@ func (s *Server) handleDNSRequest(_ *proxy.Proxy, d *proxy.DNSContext) error {
 		s.processInitial,
 		s.processDDRQuery,
 		s.processDetermineLocal,
-		s.processInternalHosts,
+		s.processDHCPHosts,
 		s.processRestrictLocal,
-		s.processInternalIPAddrs,
+		s.processDHCPAddrs,
 		s.processFilteringBeforeRequest,
 		s.processLocalPTR,
 		s.processUpstream,
@@ -230,12 +230,10 @@ func (s *Server) onDHCPLeaseChanged(flags int) {
 				)
 			}

-			lowhost := strings.ToLower(l.Hostname)
+			lowhost := strings.ToLower(l.Hostname + "." + s.localDomainSuffix)
+			ip := netutil.CloneIP(l.IP)

-			ipToHost.Set(l.IP, lowhost)
-
-			ip := make(net.IP, 4)
-			copy(ip, l.IP.To4())
+			ipToHost.Set(ip, lowhost)
 			hostToIP[lowhost] = ip
 		}

@@ -260,9 +258,8 @@ func (s *Server) processDDRQuery(ctx *dnsContext) (rc resultCode) {
 	}

 	if question.Name == ddrHostFQDN {
-		// TODO(a.garipov): Check DoQ support in next RFC drafts.
-		if s.dnsProxy.TLSListenAddr == nil && s.dnsProxy.HTTPSListenAddr == nil ||
-			question.Qtype != dns.TypeSVCB {
+		if s.dnsProxy.TLSListenAddr == nil && s.conf.HTTPSListenAddrs == nil &&
+			s.dnsProxy.QUICListenAddr == nil || question.Qtype != dns.TypeSVCB {
 			d.Res = s.makeResponse(d.Req)

 			return resultCodeFinish
@@ -276,12 +273,18 @@ func (s *Server) processDDRQuery(ctx *dnsContext) (rc resultCode) {
 	return resultCodeSuccess
 }

-// makeDDRResponse creates DDR answer according to server configuration.
+// makeDDRResponse creates DDR answer according to server configuration.  The
+// contructed SVCB resource records have the priority of 1 for each entry,
+// similar to examples provided by https://www.ietf.org/archive/id/draft-ietf-add-ddr-06.html.
+//
+// TODO(a.meshkov):  Consider setting the priority values based on the protocol.
 func (s *Server) makeDDRResponse(req *dns.Msg) (resp *dns.Msg) {
 	resp = s.makeResponse(req)
-	domainName := s.conf.ServerName
+	// TODO(e.burkov):  Think about storing the FQDN version of the server's
+	// name somewhere.
+	domainName := dns.Fqdn(s.conf.ServerName)

-	for _, addr := range s.dnsProxy.HTTPSListenAddr {
+	for _, addr := range s.conf.HTTPSListenAddrs {
 		values := []dns.SVCBKeyValue{
 			&dns.SVCBAlpn{Alpn: []string{"h2"}},
 			&dns.SVCBPort{Port: uint16(addr.Port)},
@@ -306,7 +309,23 @@ func (s *Server) makeDDRResponse(req *dns.Msg) (resp *dns.Msg) {

 		ans := &dns.SVCB{
 			Hdr:      s.hdr(req, dns.TypeSVCB),
-			Priority: 2,
+			Priority: 1,
+			Target:   domainName,
+			Value:    values,
+		}
+
+		resp.Answer = append(resp.Answer, ans)
+	}
+
+	for _, addr := range s.dnsProxy.QUICListenAddr {
+		values := []dns.SVCBKeyValue{
+			&dns.SVCBAlpn{Alpn: []string{"doq"}},
+			&dns.SVCBPort{Port: uint16(addr.Port)},
+		}
+
+		ans := &dns.SVCB{
+			Hdr:      s.hdr(req, dns.TypeSVCB),
+			Priority: 1,
 			Target:   domainName,
 			Value:    values,
 		}
@@ -355,11 +374,11 @@ func (s *Server) hostToIP(host string) (ip net.IP, ok bool) {
 	return ip, true
 }

-// processInternalHosts respond to A requests if the target hostname is known to
+// processDHCPHosts respond to A requests if the target hostname is known to
 // the server.
 //
 // TODO(a.garipov): Adapt to AAAA as well.
-func (s *Server) processInternalHosts(dctx *dnsContext) (rc resultCode) {
+func (s *Server) processDHCPHosts(dctx *dnsContext) (rc resultCode) {
 	if !s.dhcpServer.Enabled() {
 		return resultCodeSuccess
 	}
@@ -374,11 +393,10 @@ func (s *Server) processInternalHosts(dctx *dnsContext) (rc resultCode) {
 		return resultCodeSuccess
 	}

-	reqHost := strings.ToLower(q.Name)
+	reqHost := strings.ToLower(q.Name[:len(q.Name)-1])
 	// TODO(a.garipov): Move everything related to DHCP local domain to the DHCP
 	// server.
-	host := strings.TrimSuffix(reqHost, s.localDomainSuffix)
-	if host == reqHost {
+	if !strings.HasSuffix(reqHost, s.localDomainSuffix) {
 		return resultCodeSuccess
 	}

@@ -391,7 +409,7 @@ func (s *Server) processInternalHosts(dctx *dnsContext) (rc resultCode) {
 		return resultCodeFinish
 	}

-	ip, ok := s.hostToIP(host)
+	ip, ok := s.hostToIP(reqHost)
 	if !ok {
 		// TODO(e.burkov): Inspect special cases when user want to apply some
 		// rules handled by other processors to the hosts with TLD.
@@ -448,7 +466,7 @@ func (s *Server) processRestrictLocal(ctx *dnsContext) (rc resultCode) {

 	// Restrict an access to local addresses for external clients.  We also
 	// assume that all the DHCP leases we give are locally-served or at least
-	// don't need to be inaccessible externally.
+	// don't need to be accessible externally.
 	if !s.privateNets.Contains(ip) {
 		log.Debug("dns: addr %s is not from locally-served network", ip)

@@ -505,7 +523,7 @@ func (s *Server) ipToHost(ip net.IP) (host string, ok bool) {

 // Respond to PTR requests if the target IP is leased by our DHCP server and the
 // requestor is inside the local network.
-func (s *Server) processInternalIPAddrs(ctx *dnsContext) (rc resultCode) {
+func (s *Server) processDHCPAddrs(ctx *dnsContext) (rc resultCode) {
 	d := ctx.proxyCtx
 	if d.Res != nil {
 		return resultCodeSuccess
--- a/internal/dnsforward/dns_test.go
+++ b/internal/dnsforward/dns_test.go
@@ -14,12 +14,15 @@ import (
 	"github.com/stretchr/testify/require"
 )

-const ddrTestDomainName = "dns.example.net"
+const (
+	ddrTestDomainName = "dns.example.net"
+	ddrTestFQDN       = ddrTestDomainName + "."
+)

 func TestServer_ProcessDDRQuery(t *testing.T) {
 	dohSVCB := &dns.SVCB{
 		Priority: 1,
-		Target:   ddrTestDomainName,
+		Target:   ddrTestFQDN,
 		Value: []dns.SVCBKeyValue{
 			&dns.SVCBAlpn{Alpn: []string{"h2"}},
 			&dns.SVCBPort{Port: 8044},
@@ -28,14 +31,23 @@ func TestServer_ProcessDDRQuery(t *testing.T) {
 	}

 	dotSVCB := &dns.SVCB{
-		Priority: 2,
-		Target:   ddrTestDomainName,
+		Priority: 1,
+		Target:   ddrTestFQDN,
 		Value: []dns.SVCBKeyValue{
 			&dns.SVCBAlpn{Alpn: []string{"dot"}},
 			&dns.SVCBPort{Port: 8043},
 		},
 	}

+	doqSVCB := &dns.SVCB{
+		Priority: 1,
+		Target:   ddrTestFQDN,
+		Value: []dns.SVCBKeyValue{
+			&dns.SVCBAlpn{Alpn: []string{"doq"}},
+			&dns.SVCBPort{Port: 8042},
+		},
+	}
+
 	testCases := []struct {
 		name       string
 		host       string
@@ -43,6 +55,7 @@ func TestServer_ProcessDDRQuery(t *testing.T) {
 		wantRes    resultCode
 		portDoH    int
 		portDoT    int
+		portDoQ    int
 		qtype      uint16
 		ddrEnabled bool
 	}{{
@@ -88,6 +101,14 @@ func TestServer_ProcessDDRQuery(t *testing.T) {
 		qtype:      dns.TypeSVCB,
 		ddrEnabled: true,
 		portDoH:    8044,
+	}, {
+		name:       "doq",
+		wantRes:    resultCodeFinish,
+		want:       []*dns.SVCB{doqSVCB},
+		host:       ddrHostFQDN,
+		qtype:      dns.TypeSVCB,
+		ddrEnabled: true,
+		portDoQ:    8042,
 	}, {
 		name:       "dot_doh",
 		wantRes:    resultCodeFinish,
@@ -101,7 +122,7 @@ func TestServer_ProcessDDRQuery(t *testing.T) {

 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			s := prepareTestServer(t, tc.portDoH, tc.portDoT, tc.ddrEnabled)
+			s := prepareTestServer(t, tc.portDoH, tc.portDoT, tc.portDoQ, tc.ddrEnabled)

 			req := createTestMessageWithType(tc.host, tc.qtype)

@@ -130,19 +151,19 @@ func TestServer_ProcessDDRQuery(t *testing.T) {
 	}
 }

-func prepareTestServer(t *testing.T, portDoH, portDoT int, ddrEnabled bool) (s *Server) {
+func prepareTestServer(t *testing.T, portDoH, portDoT, portDoQ int, ddrEnabled bool) (s *Server) {
 	t.Helper()

 	proxyConf := proxy.Config{}

-	if portDoH > 0 {
-		proxyConf.HTTPSListenAddr = []*net.TCPAddr{{Port: portDoH}}
-	}
-
 	if portDoT > 0 {
 		proxyConf.TLSListenAddr = []*net.TCPAddr{{Port: portDoT}}
 	}

+	if portDoQ > 0 {
+		proxyConf.QUICListenAddr = []*net.UDPAddr{{Port: portDoQ}}
+	}
+
 	s = &Server{
 		dnsProxy: &proxy.Proxy{
 			Config: proxyConf,
@@ -157,6 +178,10 @@ func prepareTestServer(t *testing.T, portDoH, portDoT int, ddrEnabled bool) (s *
 		},
 	}

+	if portDoH > 0 {
+		s.conf.TLSConfig.HTTPSListenAddrs = []*net.TCPAddr{{Port: portDoH}}
+	}
+
 	return s
 }

@@ -204,7 +229,7 @@ func TestServer_ProcessDetermineLocal(t *testing.T) {
 	}
 }

-func TestServer_ProcessInternalHosts_localRestriction(t *testing.T) {
+func TestServer_ProcessDHCPHosts_localRestriction(t *testing.T) {
 	knownIP := net.IP{1, 2, 3, 4}

 	testCases := []struct {
@@ -245,7 +270,7 @@ func TestServer_ProcessInternalHosts_localRestriction(t *testing.T) {
 				dhcpServer:        &testDHCP{},
 				localDomainSuffix: defaultLocalDomainSuffix,
 				tableHostToIP: hostToIPTable{
-					"example": knownIP,
+					"example." + defaultLocalDomainSuffix: knownIP,
 				},
 			}

@@ -267,7 +292,7 @@ func TestServer_ProcessInternalHosts_localRestriction(t *testing.T) {
 				isLocalClient: tc.isLocalCli,
 			}

-			res := s.processInternalHosts(dctx)
+			res := s.processDHCPHosts(dctx)
 			require.Equal(t, tc.wantRes, res)
 			pctx := dctx.proxyCtx
 			if tc.wantRes == resultCodeFinish {
@@ -293,10 +318,10 @@ func TestServer_ProcessInternalHosts_localRestriction(t *testing.T) {
 	}
 }

-func TestServer_ProcessInternalHosts(t *testing.T) {
+func TestServer_ProcessDHCPHosts(t *testing.T) {
 	const (
 		examplecom = "example.com"
-		examplelan = "example.lan"
+		examplelan = "example." + defaultLocalDomainSuffix
 	)

 	knownIP := net.IP{1, 2, 3, 4}
@@ -345,41 +370,41 @@ func TestServer_ProcessInternalHosts(t *testing.T) {
 	}, {
 		name:    "success_custom_suffix",
 		host:    "example.custom",
-		suffix:  ".custom.",
+		suffix:  "custom",
 		wantIP:  knownIP,
 		wantRes: resultCodeSuccess,
 		qtyp:    dns.TypeA,
 	}}

 	for _, tc := range testCases {
+		s := &Server{
+			dhcpServer:        &testDHCP{},
+			localDomainSuffix: tc.suffix,
+			tableHostToIP: hostToIPTable{
+				"example." + tc.suffix: knownIP,
+			},
+		}
+
+		req := &dns.Msg{
+			MsgHdr: dns.MsgHdr{
+				Id: 1234,
+			},
+			Question: []dns.Question{{
+				Name:   dns.Fqdn(tc.host),
+				Qtype:  tc.qtyp,
+				Qclass: dns.ClassINET,
+			}},
+		}
+
+		dctx := &dnsContext{
+			proxyCtx: &proxy.DNSContext{
+				Req: req,
+			},
+			isLocalClient: true,
+		}
+
 		t.Run(tc.name, func(t *testing.T) {
-			s := &Server{
-				dhcpServer:        &testDHCP{},
-				localDomainSuffix: tc.suffix,
-				tableHostToIP: hostToIPTable{
-					"example": knownIP,
-				},
-			}
-
-			req := &dns.Msg{
-				MsgHdr: dns.MsgHdr{
-					Id: 1234,
-				},
-				Question: []dns.Question{{
-					Name:   dns.Fqdn(tc.host),
-					Qtype:  tc.qtyp,
-					Qclass: dns.ClassINET,
-				}},
-			}
-
-			dctx := &dnsContext{
-				proxyCtx: &proxy.DNSContext{
-					Req: req,
-				},
-				isLocalClient: true,
-			}
-
-			res := s.processInternalHosts(dctx)
+			res := s.processDHCPHosts(dctx)
 			pctx := dctx.proxyCtx
 			assert.Equal(t, tc.wantRes, res)
 			if tc.wantRes == resultCodeFinish {
--- a/internal/dnsforward/dnsforward.go
+++ b/internal/dnsforward/dnsforward.go
@@ -33,11 +33,6 @@ const DefaultTimeout = 10 * time.Second
 // requests between the BeforeRequestHandler stage and the actual processing.
 const defaultClientIDCacheCount = 1024

-const (
-	safeBrowsingBlockHost = "standard-block.dns.adguard.com"
-	parentalBlockHost     = "family-block.dns.adguard.com"
-)
-
 var defaultDNS = []string{
 	"https://dns10.quad9.net/dns-query",
 }
@@ -107,7 +102,7 @@ type Server struct {
 // when no suffix is provided.
 //
 // See the documentation for Server.localDomainSuffix.
-const defaultLocalDomainSuffix = ".lan."
+const defaultLocalDomainSuffix = "lan"

 // DNSCreateParams are parameters to create a new server.
 type DNSCreateParams struct {
@@ -120,17 +115,6 @@ type DNSCreateParams struct {
 	LocalDomain string
 }

-// domainNameToSuffix converts a domain name into a local domain suffix.
-func domainNameToSuffix(tld string) (suffix string) {
-	l := len(tld) + 2
-	b := make([]byte, l)
-	b[0] = '.'
-	copy(b[1:], tld)
-	b[l-1] = '.'
-
-	return string(b)
-}
-
 const (
 	// recursionTTL is the time recursive request is cached for.
 	recursionTTL = 1 * time.Second
@@ -151,7 +135,7 @@ func NewServer(p DNSCreateParams) (s *Server, err error) {
 			return nil, fmt.Errorf("local domain: %w", err)
 		}

-		localDomainSuffix = domainNameToSuffix(p.LocalDomain)
+		localDomainSuffix = p.LocalDomain
 	}

 	if p.Anonymizer == nil {
--- a/internal/dnsforward/dnsforward_test.go
+++ b/internal/dnsforward/dnsforward_test.go
@@ -1016,10 +1016,13 @@ func (d *testDHCP) Leases(flags dhcpd.GetLeasesFlags) (leases []*dhcpd.Lease) {
 func (d *testDHCP) SetOnLeaseChanged(onLeaseChanged dhcpd.OnLeaseChangedT) {}

 func TestPTRResponseFromDHCPLeases(t *testing.T) {
+	const localDomain = "lan"
+
 	s, err := NewServer(DNSCreateParams{
 		DNSFilter:   filtering.New(&filtering.Config{}, nil),
 		DHCPServer:  &testDHCP{},
 		PrivateNets: netutil.SubnetSetFunc(netutil.IsLocallyServed),
+		LocalDomain: localDomain,
 	})
 	require.NoError(t, err)

@@ -1033,14 +1036,13 @@ func TestPTRResponseFromDHCPLeases(t *testing.T) {

 	err = s.Start()
 	require.NoError(t, err)
-
 	t.Cleanup(s.Close)

 	addr := s.dnsProxy.Addr(proxy.ProtoUDP)
 	req := createTestMessageWithType("34.12.168.192.in-addr.arpa.", dns.TypePTR)

 	resp, err := dns.Exchange(req, addr.String())
-	require.NoError(t, err)
+	require.NoErrorf(t, err, "%s", addr)

 	require.Len(t, resp.Answer, 1)

@@ -1049,7 +1051,7 @@ func TestPTRResponseFromDHCPLeases(t *testing.T) {

 	ptr, ok := resp.Answer[0].(*dns.PTR)
 	require.True(t, ok)
-	assert.Equal(t, "myhost.", ptr.Ptr)
+	assert.Equal(t, dns.Fqdn("myhost."+localDomain), ptr.Ptr)
 }

 func TestPTRResponseFromHosts(t *testing.T) {
--- a/internal/filtering/blocked.go
+++ b/internal/filtering/blocked.go
@@ -43,13 +43,14 @@ var serviceRulesArray = []svc{{
 }, {
 	name: "youtube",
 	rules: []string{
-		"||youtube.com^",
-		"||ytimg.com^",
-		"||youtu.be^",
 		"||googlevideo.com^",
-		"||youtubei.googleapis.com^",
-		"||youtube-nocookie.com^",
+		"||wide-youtube.l.google.com^",
+		"||youtu.be^",
 		"||youtube",
+		"||youtube-nocookie.com^",
+		"||youtube.com^",
+		"||youtubei.googleapis.com^",
+		"||ytimg.com^",
 	},
 }, {
 	name:  "twitch",
--- a/internal/filtering/safebrowsing.go
+++ b/internal/filtering/safebrowsing.go
@@ -24,10 +24,11 @@ import (

 // Safe browsing and parental control methods.

+// TODO(a.garipov): Make configurable.
 const (
 	dnsTimeout                = 3 * time.Second
-	defaultSafebrowsingServer = `https://dns-family.adguard.com/dns-query`
-	defaultParentalServer     = `https://dns-family.adguard.com/dns-query`
+	defaultSafebrowsingServer = `https://family.adguard-dns.com/dns-query`
+	defaultParentalServer     = `https://family.adguard-dns.com/dns-query`
 	sbTXTSuffix               = `sb.dns.adguard.com.`
 	pcTXTSuffix               = `pc.dns.adguard.com.`
 )
--- a/internal/home/clients.go
+++ b/internal/home/clients.go
@@ -743,8 +743,7 @@ func (clients *clientsContainer) AddHost(ip net.IP, host string, src clientSourc

 // addHostLocked adds a new IP-hostname pairing.  For internal use only.
 func (clients *clientsContainer) addHostLocked(ip net.IP, host string, src clientSource) (ok bool) {
-	var rc *RuntimeClient
-	rc, ok = clients.findRuntimeClientLocked(ip)
+	rc, ok := clients.findRuntimeClientLocked(ip)
 	if ok {
 		if rc.Source > src {
 			return false
@@ -799,25 +798,20 @@ func (clients *clientsContainer) addFromHostsFile(hosts *netutil.IPMap) {

 	n := 0
 	hosts.Range(func(ip net.IP, v interface{}) (cont bool) {
-		hosts, ok := v.(*stringutil.Set)
+		rec, ok := v.(*aghnet.HostsRecord)
 		if !ok {
 			log.Error("dns: bad type %T in ipToRC for %s", v, ip)

 			return true
 		}

-		hosts.Range(func(name string) (cont bool) {
-			if clients.addHostLocked(ip, name, ClientSourceHostsFile) {
-				n++
-			}
-
-			return true
-		})
+		clients.addHostLocked(ip, rec.Canonical, ClientSourceHostsFile)
+		n++

 		return true
 	})

-	log.Debug("clients: added %d client aliases from system hosts-file", n)
+	log.Debug("clients: added %d client aliases from system hosts file", n)
 }

 // addFromSystemARP adds the IP-hostname pairings from the output of the arp -a
--- a/internal/home/controlupdate.go
+++ b/internal/home/controlupdate.go
@@ -7,11 +7,11 @@ import (
 	"net/http"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"runtime"
 	"syscall"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/updater"
@@ -117,7 +117,18 @@ func handleUpdate(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	err := Context.updater.Update()
+	// Retain the current absolute path of the executable, since the updater is
+	// likely to change the position current one to the backup directory.
+	//
+	// See https://github.com/AdguardTeam/AdGuardHome/issues/4735.
+	execPath, err := os.Executable()
+	if err != nil {
+		aghhttp.Error(r, w, http.StatusInternalServerError, "getting path: %s", err)
+
+		return
+	}
+
+	err = Context.updater.Update()
 	if err != nil {
 		aghhttp.Error(r, w, http.StatusInternalServerError, "%s", err)

@@ -129,13 +140,10 @@ func handleUpdate(w http.ResponseWriter, r *http.Request) {
 		f.Flush()
 	}

-	// The background context is used because the underlying functions wrap
-	// it with timeout and shut down the server, which handles current
-	// request. It also should be done in a separate goroutine due to the
-	// same reason.
-	go func() {
-		finishUpdate(context.Background())
-	}()
+	// The background context is used because the underlying functions wrap it
+	// with timeout and shut down the server, which handles current request.  It
+	// also should be done in a separate goroutine for the same reason.
+	go finishUpdate(context.Background(), execPath)
 }

 // versionResponse is the response for /control/version.json endpoint.
@@ -147,8 +155,8 @@ type versionResponse struct {
 // setAllowedToAutoUpdate sets CanAutoUpdate to true if AdGuard Home is actually
 // allowed to perform an automatic update by the OS.
 func (vr *versionResponse) setAllowedToAutoUpdate() (err error) {
-	if vr.CanAutoUpdate == nil || !*vr.CanAutoUpdate {
-		return
+	if vr.CanAutoUpdate != aghalg.NBTrue {
+		return nil
 	}

 	tlsConf := &tlsConfigSettings{}
@@ -162,7 +170,7 @@ func (vr *versionResponse) setAllowedToAutoUpdate() (err error) {
 		}
 	}

-	vr.CanAutoUpdate = &canUpdate
+	vr.CanAutoUpdate = aghalg.BoolToNullBool(canUpdate)

 	return nil
 }
@@ -174,46 +182,46 @@ func tlsConfUsesPrivilegedPorts(c *tlsConfigSettings) (ok bool) {
 }

 // finishUpdate completes an update procedure.
-func finishUpdate(ctx context.Context) {
-	log.Info("Stopping all tasks")
+func finishUpdate(ctx context.Context, execPath string) {
+	var err error
+
+	log.Info("stopping all tasks")
+
 	cleanup(ctx)
 	cleanupAlways()

-	exeName := "AdGuardHome"
-	if runtime.GOOS == "windows" {
-		exeName = "AdGuardHome.exe"
-	}
-	curBinName := filepath.Join(Context.workDir, exeName)
-
 	if runtime.GOOS == "windows" {
 		if Context.runningAsService {
-			// Note:
-			// we can't restart the service via "kardianos/service" package - it kills the process first
-			// we can't start a new instance - Windows doesn't allow it
+			// NOTE: We can't restart the service via "kardianos/service"
+			// package, because it kills the process first we can't start a new
+			// instance, because Windows doesn't allow it.
+			//
+			// TODO(a.garipov): Recheck the claim above.
 			cmd := exec.Command("cmd", "/c", "net stop AdGuardHome & net start AdGuardHome")
-			err := cmd.Start()
+			err = cmd.Start()
 			if err != nil {
-				log.Fatalf("exec.Command() failed: %s", err)
+				log.Fatalf("restarting: stopping: %s", err)
 			}
+
 			os.Exit(0)
 		}

-		cmd := exec.Command(curBinName, os.Args[1:]...)
-		log.Info("Restarting: %v", cmd.Args)
+		cmd := exec.Command(execPath, os.Args[1:]...)
+		log.Info("restarting: %q %q", execPath, os.Args[1:])
 		cmd.Stdin = os.Stdin
 		cmd.Stdout = os.Stdout
 		cmd.Stderr = os.Stderr
-		err := cmd.Start()
+		err = cmd.Start()
 		if err != nil {
-			log.Fatalf("exec.Command() failed: %s", err)
+			log.Fatalf("restarting:: %s", err)
 		}
+
 		os.Exit(0)
-	} else {
-		log.Info("Restarting: %v", os.Args)
-		err := syscall.Exec(curBinName, os.Args, os.Environ())
-		if err != nil {
-			log.Fatalf("syscall.Exec() failed: %s", err)
-		}
-		// Unreachable code
+	}
+
+	log.Info("restarting: %q %q", execPath, os.Args[1:])
+	err = syscall.Exec(execPath, os.Args, os.Environ())
+	if err != nil {
+		log.Fatalf("restarting: %s", err)
 	}
 }
--- a/internal/home/dns.go
+++ b/internal/home/dns.go
@@ -221,6 +221,10 @@ func generateServerConfig() (newConf dnsforward.ServerConfig, err error) {
 		newConf.TLSConfig = tlsConf.TLSConfig
 		newConf.TLSConfig.ServerName = tlsConf.ServerName

+		if tlsConf.PortHTTPS != 0 {
+			newConf.HTTPSListenAddrs = ipsToTCPAddrs(hosts, tlsConf.PortHTTPS)
+		}
+
 		if tlsConf.PortDNSOverTLS != 0 {
 			newConf.TLSListenAddrs = ipsToTCPAddrs(hosts, tlsConf.PortDNSOverTLS)
 		}
--- a/internal/home/mobileconfig.go
+++ b/internal/home/mobileconfig.go
@@ -11,7 +11,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
-	uuid "github.com/satori/go.uuid"
+	"github.com/google/uuid"
 	"howett.net/plist"
 )

@@ -47,9 +47,9 @@ type payloadContent struct {

 	PayloadType        string
 	PayloadIdentifier  string
-	PayloadUUID        string
 	PayloadDisplayName string
 	PayloadDescription string
+	PayloadUUID        uuid.UUID
 	PayloadVersion     int
 }

@@ -63,18 +63,14 @@ const dnsSettingsPayloadType = "com.apple.dnsSettings.managed"
 type mobileConfig struct {
 	PayloadDescription       string
 	PayloadDisplayName       string
-	PayloadIdentifier        string
 	PayloadType              string
-	PayloadUUID              string
 	PayloadContent           []*payloadContent
+	PayloadIdentifier        uuid.UUID
+	PayloadUUID              uuid.UUID
 	PayloadVersion           int
 	PayloadRemovalDisallowed bool
 }

-func genUUIDv4() string {
-	return uuid.NewV4().String()
-}
-
 const (
 	dnsProtoHTTPS = "HTTPS"
 	dnsProtoTLS   = "TLS"
@@ -104,23 +100,23 @@ func encodeMobileConfig(d *dnsSettings, clientID string) ([]byte, error) {
 		return nil, fmt.Errorf("bad dns protocol %q", proto)
 	}

-	payloadID := fmt.Sprintf("%s.%s", dnsSettingsPayloadType, genUUIDv4())
+	payloadID := fmt.Sprintf("%s.%s", dnsSettingsPayloadType, uuid.New())
 	data := &mobileConfig{
-		PayloadDescription: "Adds AdGuard Home to macOS Big Sur " +
-			"and iOS 14 or newer systems",
+		PayloadDescription: "Adds AdGuard Home to macOS Big Sur and iOS 14 or newer systems",
 		PayloadDisplayName: dspName,
-		PayloadIdentifier:  genUUIDv4(),
 		PayloadType:        "Configuration",
-		PayloadUUID:        genUUIDv4(),
 		PayloadContent: []*payloadContent{{
+			DNSSettings: d,
+
 			PayloadType:        dnsSettingsPayloadType,
 			PayloadIdentifier:  payloadID,
-			PayloadUUID:        genUUIDv4(),
 			PayloadDisplayName: dspName,
 			PayloadDescription: "Configures device to use AdGuard Home",
+			PayloadUUID:        uuid.New(),
 			PayloadVersion:     1,
-			DNSSettings:        d,
 		}},
+		PayloadIdentifier:        uuid.New(),
+		PayloadUUID:              uuid.New(),
 		PayloadVersion:           1,
 		PayloadRemovalDisallowed: false,
 	}
--- a/internal/home/service_linux.go
+++ b/internal/home/service_linux.go
@@ -0,0 +1,83 @@
+//go:build linux
+// +build linux
+
+package home
+
+import (
+	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
+	"github.com/kardianos/service"
+)
+
+func chooseSystem() {
+	sys := service.ChosenSystem()
+	// By default, package service uses the SysV system if it cannot detect
+	// anything other, but the update-rc.d fix should not be applied on OpenWrt,
+	// so exclude it explicitly.
+	//
+	// See https://github.com/AdguardTeam/AdGuardHome/issues/4480 and
+	// https://github.com/AdguardTeam/AdGuardHome/issues/4677.
+	if sys.String() == "unix-systemv" && !aghos.IsOpenWrt() {
+		service.ChooseSystem(sysvSystem{System: sys})
+	}
+}
+
+// sysvSystem is a wrapper for service.System that wraps the service.Service
+// while creating a new one.
+//
+// TODO(e.burkov):  File a PR to github.com/kardianos/service.
+type sysvSystem struct {
+	// System is expected to have an unexported type
+	// *service.linuxSystemService.
+	service.System
+}
+
+// New returns a wrapped service.Service.
+func (sys sysvSystem) New(i service.Interface, c *service.Config) (s service.Service, err error) {
+	s, err = sys.System.New(i, c)
+	if err != nil {
+		return s, err
+	}
+
+	return sysvService{
+		Service: s,
+		name:    c.Name,
+	}, nil
+}
+
+// sysvService is a wrapper for a service.Service that also calls update-rc.d in
+// a proper way on installing and uninstalling.
+type sysvService struct {
+	// Service is expected to have an unexported type *service.sysv.
+	service.Service
+	// name stores the name of the service to call updating script with it.
+	name string
+}
+
+// Install wraps service.Service.Install call with calling the updating script.
+func (svc sysvService) Install() (err error) {
+	err = svc.Service.Install()
+	if err != nil {
+		// Don't wrap an error since it's informative enough as is.
+		return err
+	}
+
+	_, _, err = aghos.RunCommand("update-rc.d", svc.name, "defaults")
+
+	// Don't wrap an error since it's informative enough as is.
+	return err
+}
+
+// Uninstall wraps service.Service.Uninstall call with calling the updating
+// script.
+func (svc sysvService) Uninstall() (err error) {
+	err = svc.Service.Uninstall()
+	if err != nil {
+		// Don't wrap an error since it's informative enough as is.
+		return err
+	}
+
+	_, _, err = aghos.RunCommand("update-rc.d", svc.name, "remove")
+
+	// Don't wrap an error since it's informative enough as is.
+	return err
+}
--- a/internal/home/service_others.go
+++ b/internal/home/service_others.go
@@ -1,6 +1,8 @@
-//go:build !openbsd
-// +build !openbsd
+//go:build !(openbsd || linux)
+// +build !openbsd,!linux

 package home

+// chooseSystem checks the current system detected and substitutes it with local
+// implementation if needed.
 func chooseSystem() {}
--- a/internal/querylog/qlogfile_test.go
+++ b/internal/querylog/qlogfile_test.go
@@ -303,7 +303,7 @@ func NewTestQLogFileData(t *testing.T, data string) (file *QLogFile) {
 func TestQLog_Seek(t *testing.T) {
 	const nl = "\n"
 	const strV = "%s"
-	const recs = `{"T":"` + strV + `","QH":"wfqvjymurpwegyv","QT":"A","QC":"IN","CP":"","Answer":"","Result":{},"Elapsed":66286385,"Upstream":"tls://dns-unfiltered.adguard.com:853"}` + nl +
+	const recs = `{"T":"` + strV + `","QH":"wfqvjymurpwegyv","QT":"A","QC":"IN","CP":"","Answer":"","Result":{},"Elapsed":66286385,"Upstream":"tls://unfiltered.adguard-dns.com:853"}` + nl +
 		`{"T":"` + strV + `"}` + nl +
 		`{"T":"` + strV + `"}` + nl
 	timestamp, _ := time.Parse(time.RFC3339Nano, "2020-08-31T18:44:25.376690873+03:00")
--- a/internal/updater/check.go
+++ b/internal/updater/check.go
@@ -5,9 +5,9 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"strings"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghio"
 	"github.com/AdguardTeam/golibs/errors"
 )
@@ -17,11 +17,12 @@ const versionCheckPeriod = 8 * time.Hour

 // VersionInfo contains information about a new version.
 type VersionInfo struct {
-	CanAutoUpdate        *bool  `json:"can_autoupdate,omitempty"`
-	NewVersion           string `json:"new_version,omitempty"`
-	Announcement         string `json:"announcement,omitempty"`
-	AnnouncementURL      string `json:"announcement_url,omitempty"`
-	SelfUpdateMinVersion string `json:"-"`
+	NewVersion      string `json:"new_version,omitempty"`
+	Announcement    string `json:"announcement,omitempty"`
+	AnnouncementURL string `json:"announcement_url,omitempty"`
+	// TODO(a.garipov): See if the frontend actually still cares about
+	// nullability.
+	CanAutoUpdate aghalg.NullBool `json:"can_autoupdate,omitempty"`
 }

 // MaxResponseSize is responses on server's requests maximum length in bytes.
@@ -67,15 +68,13 @@ func (u *Updater) VersionInfo(forceRecheck bool) (vi VersionInfo, err error) {
 }

 func (u *Updater) parseVersionResponse(data []byte) (VersionInfo, error) {
-	var canAutoUpdate bool
 	info := VersionInfo{
-		CanAutoUpdate: &canAutoUpdate,
+		CanAutoUpdate: aghalg.NBFalse,
 	}
 	versionJSON := map[string]string{
-		"version":                "",
-		"announcement":           "",
-		"announcement_url":       "",
-		"selfupdate_min_version": "",
+		"version":          "",
+		"announcement":     "",
+		"announcement_url": "",
 	}
 	err := json.Unmarshal(data, &versionJSON)
 	if err != nil {
@@ -91,14 +90,9 @@ func (u *Updater) parseVersionResponse(data []byte) (VersionInfo, error) {
 	info.NewVersion = versionJSON["version"]
 	info.Announcement = versionJSON["announcement"]
 	info.AnnouncementURL = versionJSON["announcement_url"]
-	info.SelfUpdateMinVersion = versionJSON["selfupdate_min_version"]

 	packageURL, ok := u.downloadURL(versionJSON)
-	if ok &&
-		info.NewVersion != u.version &&
-		strings.TrimPrefix(u.version, "v") >= strings.TrimPrefix(info.SelfUpdateMinVersion, "v") {
-		canAutoUpdate = true
-	}
+	info.CanAutoUpdate = aghalg.BoolToNullBool(ok && info.NewVersion != u.version)

 	u.newVersion = info.NewVersion
 	u.packageURL = packageURL
--- a/internal/updater/updater.go
+++ b/internal/updater/updater.go
@@ -82,8 +82,9 @@ type Config struct {
 func NewUpdater(conf *Config) *Updater {
 	u := &url.URL{
 		Scheme: "https",
-		Host:   "static.adguard.com",
-		Path:   path.Join("adguardhome", conf.Channel, "version.json"),
+		// TODO(a.garipov): Make configurable.
+		Host: "static.adtidy.org",
+		Path: path.Join("adguardhome", conf.Channel, "version.json"),
 	}
 	return &Updater{
 		client: conf.Client,
@@ -104,11 +105,19 @@ func NewUpdater(conf *Config) *Updater {
 }

 // Update performs the auto-update.
-func (u *Updater) Update() error {
+func (u *Updater) Update() (err error) {
 	u.mu.Lock()
 	defer u.mu.Unlock()

-	err := u.prepare()
+	log.Info("updater: updating")
+	defer func() { log.Info("updater: finished; errors: %v", err) }()
+
+	execPath, err := os.Executable()
+	if err != nil {
+		return err
+	}
+
+	err = u.prepare(filepath.Base(execPath))
 	if err != nil {
 		return err
 	}
@@ -159,7 +168,8 @@ func (u *Updater) VersionCheckURL() (vcu string) {
 	return u.versionCheckURL
 }

-func (u *Updater) prepare() (err error) {
+// prepare fills all necessary fields in Updater object.
+func (u *Updater) prepare(exeName string) (err error) {
 	u.updateDir = filepath.Join(u.workDir, fmt.Sprintf("agh-update-%s", u.newVersion))

 	_, pkgNameOnly := filepath.Split(u.packageURL)
@@ -170,17 +180,21 @@ func (u *Updater) prepare() (err error) {
 	u.packageName = filepath.Join(u.updateDir, pkgNameOnly)
 	u.backupDir = filepath.Join(u.workDir, "agh-backup")

-	exeName := "AdGuardHome"
+	updateExeName := "AdGuardHome"
 	if u.goos == "windows" {
-		exeName = "AdGuardHome.exe"
+		updateExeName = "AdGuardHome.exe"
 	}

 	u.backupExeName = filepath.Join(u.backupDir, exeName)
-	u.updateExeName = filepath.Join(u.updateDir, exeName)
+	u.updateExeName = filepath.Join(u.updateDir, updateExeName)

-	log.Info("Updating from %s to %s.  URL:%s", version.Version(), u.newVersion, u.packageURL)
+	log.Debug(
+		"updater: updating from %s to %s using url: %s",
+		version.Version(),
+		u.newVersion,
+		u.packageURL,
+	)

-	// TODO(a.garipov): Use os.Args[0] instead?
 	u.currentExeName = filepath.Join(u.workDir, exeName)
 	_, err = os.Stat(u.currentExeName)
 	if err != nil {
@@ -194,7 +208,7 @@ func (u *Updater) unpack() error {
 	var err error
 	_, pkgNameOnly := filepath.Split(u.packageURL)

-	log.Debug("updater: unpacking the package")
+	log.Debug("updater: unpacking package")
 	if strings.HasSuffix(pkgNameOnly, ".zip") {
 		u.unpackedFiles, err = zipFileUnpack(u.packageName, u.updateDir)
 		if err != nil {
@@ -229,7 +243,7 @@ func (u *Updater) check() error {
 }

 func (u *Updater) backup() error {
-	log.Debug("updater: backing up the current configuration")
+	log.Debug("updater: backing up current configuration")
 	_ = os.Mkdir(u.backupDir, 0o755)
 	err := copyFile(u.confName, filepath.Join(u.backupDir, "AdGuardHome.yaml"))
 	if err != nil {
@@ -252,7 +266,7 @@ func (u *Updater) replace() error {
 		return fmt.Errorf("copySupportingFiles(%s, %s) failed: %s", u.updateDir, u.workDir, err)
 	}

-	log.Debug("updater: renaming: %s -> %s", u.currentExeName, u.backupExeName)
+	log.Debug("updater: renaming: %s to %s", u.currentExeName, u.backupExeName)
 	err = os.Rename(u.currentExeName, u.backupExeName)
 	if err != nil {
 		return err
@@ -268,7 +282,7 @@ func (u *Updater) replace() error {
 		return err
 	}

-	log.Debug("updater: renamed: %s -> %s", u.updateExeName, u.currentExeName)
+	log.Debug("updater: renamed: %s to %s", u.updateExeName, u.currentExeName)

 	return nil
 }
@@ -297,7 +311,7 @@ func (u *Updater) downloadPackageFile(url, filename string) (err error) {
 		return fmt.Errorf("http request failed: %w", err)
 	}

-	log.Debug("updater: reading HTTP body")
+	log.Debug("updater: reading http body")
 	// This use of ReadAll is now safe, because we limited body's Reader.
 	body, err := io.ReadAll(r)
 	if err != nil {
@@ -343,7 +357,7 @@ func tarGzFileUnpackOne(outDir string, tr *tar.Reader, hdr *tar.Header) (name st
 	}

 	if hdr.Typeflag != tar.TypeReg {
-		log.Debug("updater: %s: unknown file type %d, skipping", name, hdr.Typeflag)
+		log.Info("updater: %s: unknown file type %d, skipping", name, hdr.Typeflag)

 		return "", nil
 	}
@@ -364,7 +378,7 @@ func tarGzFileUnpackOne(outDir string, tr *tar.Reader, hdr *tar.Header) (name st
 		return "", fmt.Errorf("io.Copy(): %w", err)
 	}

-	log.Tracef("updater: created file %s", outputName)
+	log.Debug("updater: created file %q", outputName)

 	return name, nil
 }
@@ -440,7 +454,7 @@ func zipFileUnpackOne(outDir string, zf *zip.File) (name string, err error) {
 			return "", fmt.Errorf("os.Mkdir(%q): %w", outputName, err)
 		}

-		log.Tracef("created directory %q", outputName)
+		log.Debug("updater: created directory %q", outputName)

 		return "", nil
 	}
@@ -457,7 +471,7 @@ func zipFileUnpackOne(outDir string, zf *zip.File) (name string, err error) {
 		return "", fmt.Errorf("io.Copy(): %w", err)
 	}

-	log.Tracef("created file %s", outputName)
+	log.Debug("updater: created file %q", outputName)

 	return name, nil
 }
@@ -516,7 +530,7 @@ func copySupportingFiles(files []string, srcdir, dstdir string) error {
 			return err
 		}

-		log.Debug("updater: copied: %q -> %q", src, dst)
+		log.Debug("updater: copied: %q to %q", src, dst)
 	}

 	return nil
--- a/internal/updater/updater_test.go
+++ b/internal/updater/updater_test.go
@@ -10,6 +10,7 @@ import (
 	"strconv"
 	"testing"

+	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
 	"github.com/AdguardTeam/AdGuardHome/internal/version"
 	"github.com/AdguardTeam/golibs/testutil"
@@ -44,28 +45,28 @@ func TestUpdateGetVersion(t *testing.T) {
  "announcement": "AdGuard Home v0.103.0-beta.2 is now available!",
  "announcement_url": "https://github.com/AdguardTeam/AdGuardHome/internal/releases",
  "selfupdate_min_version": "v0.0",
-  "download_windows_amd64": "https://static.adguard.com/adguardhome/beta/AdGuardHome_windows_amd64.zip",
-  "download_windows_386": "https://static.adguard.com/adguardhome/beta/AdGuardHome_windows_386.zip",
-  "download_darwin_amd64": "https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_amd64.zip",
-  "download_darwin_386": "https://static.adguard.com/adguardhome/beta/AdGuardHome_darwin_386.zip",
-  "download_linux_amd64": "https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_amd64.tar.gz",
-  "download_linux_386": "https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_386.tar.gz",
-  "download_linux_arm": "https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv6.tar.gz",
-  "download_linux_armv5": "https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv5.tar.gz",
-  "download_linux_armv6": "https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv6.tar.gz",
-  "download_linux_armv7": "https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv7.tar.gz",
-  "download_linux_arm64": "https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_arm64.tar.gz",
-  "download_linux_mips": "https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips_softfloat.tar.gz",
-  "download_linux_mipsle": "https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mipsle_softfloat.tar.gz",
-  "download_linux_mips64": "https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips64_softfloat.tar.gz",
-  "download_linux_mips64le": "https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips64le_softfloat.tar.gz",
-  "download_freebsd_386": "https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_386.tar.gz",
-  "download_freebsd_amd64": "https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_amd64.tar.gz",
-  "download_freebsd_arm": "https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv6.tar.gz",
-  "download_freebsd_armv5": "https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv5.tar.gz",
-  "download_freebsd_armv6": "https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv6.tar.gz",
-  "download_freebsd_armv7": "https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_armv7.tar.gz",
-  "download_freebsd_arm64": "https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_arm64.tar.gz"
+  "download_windows_amd64": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_windows_amd64.zip",
+  "download_windows_386": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_windows_386.zip",
+  "download_darwin_amd64": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_darwin_amd64.zip",
+  "download_darwin_386": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_darwin_386.zip",
+  "download_linux_amd64": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_amd64.tar.gz",
+  "download_linux_386": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_386.tar.gz",
+  "download_linux_arm": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_armv6.tar.gz",
+  "download_linux_armv5": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_armv5.tar.gz",
+  "download_linux_armv6": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_armv6.tar.gz",
+  "download_linux_armv7": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_armv7.tar.gz",
+  "download_linux_arm64": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_arm64.tar.gz",
+  "download_linux_mips": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_mips_softfloat.tar.gz",
+  "download_linux_mipsle": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_mipsle_softfloat.tar.gz",
+  "download_linux_mips64": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_mips64_softfloat.tar.gz",
+  "download_linux_mips64le": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_mips64le_softfloat.tar.gz",
+  "download_freebsd_386": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_freebsd_386.tar.gz",
+  "download_freebsd_amd64": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_freebsd_amd64.tar.gz",
+  "download_freebsd_arm": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_freebsd_armv6.tar.gz",
+  "download_freebsd_armv5": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_freebsd_armv5.tar.gz",
+  "download_freebsd_armv6": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_freebsd_armv6.tar.gz",
+  "download_freebsd_armv7": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_freebsd_armv7.tar.gz",
+  "download_freebsd_arm64": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_freebsd_arm64.tar.gz"
 }`

 	l, lport := startHTTPServer(jsonData)
@@ -92,10 +93,7 @@ func TestUpdateGetVersion(t *testing.T) {
 	assert.Equal(t, "v0.103.0-beta.2", info.NewVersion)
 	assert.Equal(t, "AdGuard Home v0.103.0-beta.2 is now available!", info.Announcement)
 	assert.Equal(t, "https://github.com/AdguardTeam/AdGuardHome/internal/releases", info.AnnouncementURL)
-	assert.Equal(t, "v0.0", info.SelfUpdateMinVersion)
-	if assert.NotNil(t, info.CanAutoUpdate) {
-		assert.True(t, *info.CanAutoUpdate)
-	}
+	assert.Equal(t, aghalg.NBTrue, info.CanAutoUpdate)

 	// check cached
 	_, err = u.VersionInfo(false)
@@ -133,7 +131,7 @@ func TestUpdate(t *testing.T) {
 	u.newVersion = "v0.103.1"
 	u.packageURL = fakeURL.String()

-	require.NoError(t, u.prepare())
+	require.NoError(t, u.prepare("AdGuardHome"))

 	u.currentExeName = filepath.Join(wd, "AdGuardHome")

@@ -211,7 +209,7 @@ func TestUpdateWindows(t *testing.T) {
 	u.newVersion = "v0.103.1"
 	u.packageURL = fakeURL.String()

-	require.NoError(t, u.prepare())
+	require.NoError(t, u.prepare("AdGuardHome.exe"))

 	u.currentExeName = filepath.Join(wd, "AdGuardHome.exe")

@@ -262,7 +260,7 @@ func TestUpdater_VersionInto_ARM(t *testing.T) {
  "announcement": "AdGuard Home v0.103.0-beta.2 is now available!",
  "announcement_url": "https://github.com/AdguardTeam/AdGuardHome/internal/releases",
  "selfupdate_min_version": "v0.0",
-  "download_linux_armv7": "https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_armv7.tar.gz"
+  "download_linux_armv7": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_armv7.tar.gz"
 }`

 	l, lport := startHTTPServer(jsonData)
@@ -290,10 +288,7 @@ func TestUpdater_VersionInto_ARM(t *testing.T) {
 	assert.Equal(t, "v0.103.0-beta.2", info.NewVersion)
 	assert.Equal(t, "AdGuard Home v0.103.0-beta.2 is now available!", info.Announcement)
 	assert.Equal(t, "https://github.com/AdguardTeam/AdGuardHome/internal/releases", info.AnnouncementURL)
-	assert.Equal(t, "v0.0", info.SelfUpdateMinVersion)
-	if assert.NotNil(t, info.CanAutoUpdate) {
-		assert.True(t, *info.CanAutoUpdate)
-	}
+	assert.Equal(t, aghalg.NBTrue, info.CanAutoUpdate)
 }

 func TestUpdater_VersionInto_MIPS(t *testing.T) {
@@ -302,7 +297,7 @@ func TestUpdater_VersionInto_MIPS(t *testing.T) {
  "announcement": "AdGuard Home v0.103.0-beta.2 is now available!",
  "announcement_url": "https://github.com/AdguardTeam/AdGuardHome/internal/releases",
  "selfupdate_min_version": "v0.0",
-  "download_linux_mips_softfloat": "https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips_softfloat.tar.gz"
+  "download_linux_mips_softfloat": "https://static.adtidy.org/adguardhome/beta/AdGuardHome_linux_mips_softfloat.tar.gz"
 }`

 	l, lport := startHTTPServer(jsonData)
@@ -330,8 +325,5 @@ func TestUpdater_VersionInto_MIPS(t *testing.T) {
 	assert.Equal(t, "v0.103.0-beta.2", info.NewVersion)
 	assert.Equal(t, "AdGuard Home v0.103.0-beta.2 is now available!", info.Announcement)
 	assert.Equal(t, "https://github.com/AdguardTeam/AdGuardHome/internal/releases", info.AnnouncementURL)
-	assert.Equal(t, "v0.0", info.SelfUpdateMinVersion)
-	if assert.NotNil(t, info.CanAutoUpdate) {
-		assert.True(t, *info.CanAutoUpdate)
-	}
+	assert.Equal(t, aghalg.NBTrue, info.CanAutoUpdate)
 }
--- a/openapi/v1.yaml
+++ b/openapi/v1.yaml
@@ -4888,12 +4888,12 @@

         *  `94.140.14.140`: plain DNS-over-UDP.

-         *  `tls://dns-unfiltered.adguard.com`: encrypted DNS-over-TLS.
+         *  `tls://unfiltered.adguard-dns.com`: encrypted DNS-over-TLS.

-         *  `https://dns-unfiltered.adguard.com/dns-query`: encrypted
+         *  `https://unfiltered.adguard-dns.com/dns-query`: encrypted
             DNS-over-HTTPS.

-         *  `quic://dns-unfiltered.adguard.com:784`: encrypted DNS-over-QUIC
+         *  `quic://unfiltered.adguard-dns.com:784`: encrypted DNS-over-QUIC
             (experimental).

         *  `tcp://94.140.14.140`: plain DNS-over-TCP.
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -381,7 +381,7 @@ configure() {
 	check_out_dir

 	pkg_name="AdGuardHome_${os}_${cpu}.${pkg_ext}"
-	url="https://static.adguard.com/adguardhome/${channel}/${pkg_name}"
+	url="https://static.adtidy.org/adguardhome/${channel}/${pkg_name}"
 	agh_dir="${out_dir}/AdGuardHome"
 	readonly pkg_name url agh_dir

--- a/scripts/make/Dockerfile
+++ b/scripts/make/Dockerfile
@@ -1,6 +1,6 @@
 # A docker file for scripts/make/build-docker.sh.

-FROM alpine:3.13
+FROM alpine:3.16

 ARG BUILD_DATE
 ARG VERSION
@@ -21,8 +21,7 @@ LABEL\
 	org.opencontainers.image.version=$VERSION

 # Update certificates.
-RUN apk --no-cache --update add ca-certificates libcap tzdata && \
-	rm -rf /var/cache/apk/* && \
+RUN apk --no-cache add ca-certificates libcap tzdata && \
 	mkdir -p /opt/adguardhome/conf /opt/adguardhome/work && \
 	chown -R nobody: /opt/adguardhome

--- a/scripts/make/build-docker.sh
+++ b/scripts/make/build-docker.sh
@@ -50,6 +50,11 @@ readonly docker_image_name

 # Set DOCKER_OUTPUT to 'type=image,name=adguard/adguard-home,push=true' if you
 # want (and are allowed) to push to DockerHub.
+#
+# If you want to inspect the resulting image using commands like "docker image
+# ls", change type to docker and also set docker_platforms to a single platform.
+#
+# See https://github.com/docker/buildx/issues/166.
 docker_output="${DOCKER_OUTPUT:-type=image,name=${docker_image_name},push=false}"
 readonly docker_output

--- a/scripts/make/build-release.sh
+++ b/scripts/make/build-release.sh
@@ -349,7 +349,7 @@ echo "version=$version" > "./${dist}/version.txt"

 # Create the version.json file.

-version_download_url="https://static.adguard.com/adguardhome/${channel}"
+version_download_url="https://static.adtidy.org/adguardhome/${channel}"
 version_json="./${dist}/version.json"
 readonly version_download_url version_json

@@ -363,6 +363,7 @@ else
 fi
 readonly announcement_url

+# TODO(a.garipov): Remove "selfupdate_min_version" in future versions.
 rm -f "$version_json"
 echo "{
  \"version\": \"${version}\",
--- a/scripts/querylog/test/querylog.json
+++ b/scripts/querylog/test/querylog.json
@@ -1,5 +1,5 @@
-{"IP":"192.168.0.0","T":"2020-08-31T16:43:37.724457416+03:00","QH":"mtalk.google.com","QT":"A","QC":"IN","CP":"","Answer":"rm+BgAABAAIAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAcAMAAUAAQAAnwUAEQxtb2JpbGUtZ3RhbGsBbMASwC4AAQABAAAAWQAEjvobvA==","Result":{},"Elapsed":48051030,"Upstream":"tls://dns-unfiltered.adguard.com:853"}
+{"IP":"192.168.0.0","T":"2020-08-31T16:43:37.724457416+03:00","QH":"mtalk.google.com","QT":"A","QC":"IN","CP":"","Answer":"rm+BgAABAAIAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAcAMAAUAAQAAnwUAEQxtb2JpbGUtZ3RhbGsBbMASwC4AAQABAAAAWQAEjvobvA==","Result":{},"Elapsed":48051030,"Upstream":"tls://unfiltered.adguard-dns.com:853"}
 {"IP":"127.0.0.1","T":"2020-09-09T13:56:35.532956+03:00","QH":"example.org","QT":"AAAA","QC":"IN","CP":"","Answer":"mrOBgAABAAEAAAAAB2V4YW1wbGUDb3JnAAAcAAHADAAcAAEAAKjAABAmBigAAiAAAQJIGJMlyBlG","Result":{},"Elapsed":132164793,"Upstream":"https://dns10.quad9.net:443/dns-query"}
 {"IP":"127.0.0.1","T":"2020-09-09T13:56:54.255453+03:00","QH":"ad.doubleclick.net","QT":"A","QC":"IN","CP":"","Answer":"wqmBgAABAAIAAAAAAmFkC2RvdWJsZWNsaWNrA25ldAAAAQABwAwABQABAACTawAJBGRhcnQBbMAPwDAAAQABAAAA5gAErNkQhg==","Result":{},"Elapsed":48131793,"Upstream":"https://dns10.quad9.net:443/dns-query"}
 {"IP":"127.0.0.1","T":"2020-09-09T13:57:07.495948+03:00","QH":"ad.doubleclick.net","QT":"A","QC":"IN","CP":"","Answer":"JP2BhQABAAAAAAAAAmFkC2RvdWJsZWNsaWNrA25ldAAAAQAB","Result":{"IsFiltered":true,"Reason":3,"Rule":"||ad.doubleclick.net^","FilterID":1},"Elapsed":369806}
-{"IP":"192.168.0.15","T":"2020-01-17T17:39:40.306375885+03:00","QH":"push.apple.com","QT":"TXT","QC":"IN","Answer":"8AWBgAABAAEAAAABBHB1c2gFYXBwbGUDY29tAAAQAAHADAAQAAEAABOsAAkIY291bnQ9NTAAACkFrAAAAAAAQAAMADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=","Result":{},"Elapsed":30271893,"Upstream":"https://cloudflare-dns.com:443/dns-query"}
+{"IP":"192.168.0.15","T":"2020-01-17T17:39:40.306375885+03:00","QH":"push.apple.com","QT":"TXT","QC":"IN","Answer":"8AWBgAABAAEAAAABBHB1c2gFYXBwbGUDY29tAAAQAAHADAAQAAEAABOsAAkIY291bnQ9NTAAACkFrAAAAAAAQAAMADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=","Result":{},"Elapsed":30271893,"Upstream":"https://cloudflare-dns.com:443/dns-query"}
Author	SHA1	Message	Date
Ainar Garipov	931d61bd9e	all: upd urls	2022-07-28 18:35:26 +03:00
Ainar Garipov	07d48af10c	Pull request: 4755-youtube-domain Updates #4755. Squashed commit of the following: commit cb0ab8b26f6f277ef76ee3492c99870cbfc24666 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Jul 28 17:21:02 2022 +0300 filtering: add another youtube domain	2022-07-28 17:28:24 +03:00
Ainar Garipov	e58a415d10	Pull request: imp-issue-tmpl Merge in DNS/adguard-home from imp-issue-tmpl to master Squashed commit of the following: commit 3941dd135911d850f3ec9b01f55bc45269a7b91c Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Jul 28 15:24:26 2022 +0300 all: fix links in issue tmpls commit 438375a4666f951fc24ab47e4b0de5a61714973b Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Jul 28 15:23:00 2022 +0300 all: imp issue tmpls	2022-07-28 15:29:03 +03:00
Ainar Garipov	ae43ca0605	Pull request: issue-templates Merge in DNS/adguard-home from issue-templates to master Squashed commit of the following: commit 989253530047a463804e81c8fda82ac268f39adc Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Jul 27 16:56:35 2022 +0300 all: fix issue tmpl schema commit e69df09ab4b4f713d124dc6eeb1ed34e0f4aaa70 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Jul 27 16:41:14 2022 +0300 all: rename tmpl files commit 542306da1ea1bdc09ca328856367c64139a8ec60 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Jul 27 16:37:02 2022 +0300 all: imp github issue templates	2022-07-27 17:02:20 +03:00
Ainar Garipov	9acb1f364b	Pull request: 4782-server-name-label Updates #4782. Squashed commit of the following: commit d350b3853bf722c0f2a8d1fc4a1c28dc384c5ca0 Author: Natalia Sokolova <n.sokolova@adguard.com> Date: Tue Jul 26 18:39:38 2022 +0300 client: imp wording commit d0785311bfe38fb10477bf8971a46d6c61aecfda Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jul 26 17:16:41 2022 +0300 client: imp tls server name label	2022-07-26 19:00:43 +03:00
Ainar Garipov	84cd528103	Pull request: all: upd chlog Merge in DNS/adguard-home from upd-chlog to master Squashed commit of the following: commit 43ecba8a5892102fbf635b54d50dbefa9fc9d174 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Jul 13 16:29:24 2022 +0300 all: upd chlog	2022-07-13 16:39:03 +03:00
Ainar Garipov	56519548f1	Pull request: all: upd go Merge in DNS/adguard-home from upd-go to master Squashed commit of the following: commit 132358d69178050ca2eacf8a988b4e4cb0e0ef57 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Jul 13 13:29:07 2022 +0300 all: upd go	2022-07-13 14:43:21 +03:00
Ainar Garipov	bdcd17a41a	Pull request: client: upd i18n Merge in DNS/adguard-home from upd-i18n to master Squashed commit of the following: commit ea24a933626a0cea715d8d04953a55a48df9de15 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jul 12 17:36:53 2022 +0300 client: fix si-lk commit 924b9d8a2b9b6a933799c739ab623c244b02a9a6 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jul 12 17:29:16 2022 +0300 client: upd i18n	2022-07-12 17:48:54 +03:00
Ainar Garipov	1eafb4e7cf	Pull request: home: fix exe path finding Closes #4735. Squashed commit of the following: commit 8228e5f82c9d8056d5567a7f1b13b1365346c4d4 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jul 11 17:41:19 2022 +0300 home: fix exe path finding	2022-07-11 18:18:17 +03:00
Ainar Garipov	bf024fb985	Pull request: aghalg: impl json.Marshaler for NullBool Updates #4735. Squashed commit of the following: commit 93a0b1dc6b668f7d9fd89d06b8f0f24dcd345356 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jul 11 17:02:36 2022 +0300 aghalg: impl json.Marshaler for NullBool	2022-07-11 17:40:00 +03:00
Eugene Burkov	a832987f7c	Pull request: 4698 Gateway IP in DHCP Lease Closes #4698. Squashed commit of the following: commit 6be0caee58926f8cea1e10650fbde0c8d97d0dac Author: Ildar Kamalov <ik@adguard.com> Date: Fri Jul 8 13:41:50 2022 +0300 update translation commit e0370656d05e8463d73ea73568cae81187c6b2e3 Author: Ildar Kamalov <ik@adguard.com> Date: Fri Jul 8 13:40:54 2022 +0300 client: validate static lease ip commit 7f4d00f9f3a54dc93ce5d5c45e9c21745f6e39d1 Merge: 2ee79626 `77e5e27d` Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Jul 8 13:20:15 2022 +0300 Merge branch 'master' into 4698-lease-with-gateway commit 2ee79626a1b0c7b113dbd22ba4ef6e85ea9913ec Merge: 471b96b8 `3505ce87` Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Jul 7 19:34:33 2022 +0300 Merge branch 'master' into 4698-lease-with-gateway commit 471b96b81da8920c1e71b7110050154f912677d2 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Jul 7 16:07:23 2022 +0300 dhcpd: imp docs commit 67dd6c76f7d2df4712a57281e0f40f2ee1a1efa2 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Jul 7 15:48:47 2022 +0300 dhcpd: restrict gateway ip for lease	2022-07-08 15:17:47 +03:00
Dimitry Kolyshev	77e5e27d75	Pull request: all: updater exe name Merge in DNS/adguard-home from 4219-updater to master Squashed commit of the following: commit f569a5f232330b83c234838a5bff8ae5277f152f Merge: a90b4fa7 `3505ce87` Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu Jul 7 22:14:50 2022 +0530 Merge remote-tracking branch 'origin/master' into 4219-updater # Conflicts: # CHANGELOG.md commit a90b4fa7782c5ec4531d8e305c0d448e84898239 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu Jul 7 21:56:17 2022 +0530 home: imp code commit da0f96b976e430fffc531072ef3e2384bc8b1f09 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu Jul 7 21:48:40 2022 +0530 updater: exe name commit 246dc9ca3b133cbc93ea59edd272674b87ff8de3 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu Jul 7 19:18:02 2022 +0530 all: imp docs commit 042382d170c4d68ff67fe5544a75371337529623 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu Jul 7 18:02:25 2022 +0530 all: updater exe name commit a180c4673ead66788969865784348634af1a739e Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu Jul 7 17:47:46 2022 +0530 docs: updater exe name commit 1a98a6eadbd96add0a488fb8f89fb7d8b0ffb3d0 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu Jul 7 17:40:44 2022 +0530 all: updater exe name commit 1b13f5d85550dc71b08fd8e5b4258f8414a38759 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu Jul 7 17:14:57 2022 +0530 all: updater exe name	2022-07-07 19:49:47 +03:00
Ainar Garipov	3505ce8739	Pull request: all: use canonical names for hosts file runtime clients Updates #4683. Squashed commit of the following: commit daa8fdaee574d4ac2171f6b13c5ce3f3fedd9801 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Jul 7 19:13:29 2022 +0300 all: use canonical names for hosts file runtime clients	2022-07-07 19:33:32 +03:00
Eugene Burkov	14d8f58592	Pull request: 4699 dhcp ptr Merge in DNS/adguard-home from 4699-dhcp-ptr to master Closes #4699. Squashed commit of the following: commit 0a8e2b3e22b7fad28a53db65031cc39d8755ecf4 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jun 28 18:40:53 2022 +0300 dnsforward: imp naming again commit 0b0884a8305f18f7f69560b86be8837933e220e9 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jun 28 18:26:58 2022 +0300 dnsforward: imp naming commit e193f53d9a1dd76d41396c06e2ec5a1e7d176557 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jun 28 17:26:00 2022 +0300 all: imp chlog commit 8ac9f84f086d9cb0b0f9da72bfc51f9b70a3dab7 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jun 28 17:18:48 2022 +0300 all: log changes commit 7cdc175d02b6eacfcb6ba62a5424d11e2561a879 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jun 28 17:03:52 2022 +0300 dnsforward: add tld to dhcp leased hostnames	2022-06-28 19:09:26 +03:00
Ainar Garipov	006cd98869	Pull request: client: upd i18n Merge in DNS/adguard-home from upd-i18n to master Squashed commit of the following: commit 0d2956422f6b417b0a58da176315818a92e8c466 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jun 27 15:42:07 2022 +0300 client: upd i18n	2022-06-27 15:50:50 +03:00
Eugene Burkov	ce1b2bc4f1	Pull request: 4463 Improve DDR priority Merge in DNS/adguard-home from 4463-ddr-prior to master Updates #4463. Squashed commit of the following: commit 30b470abe6ea6a58b50a49715c77342018be9491 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Jun 20 17:33:56 2022 +0300 dnsforward: imp docs commit 1ba099c2cc318e00b390c4e1b8770aee970d5c20 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Jun 20 17:12:46 2022 +0300 dnsforward: imp ddr priority	2022-06-20 17:48:56 +03:00
Eugene Burkov	8f4acce44a	Pull request: 4677 openwrt service Merge in DNS/adguard-home from 4677-openwrt-service to master Updates #4677. Squashed commit of the following: commit 6aed4036d3338a601a7ec5ef1ca74a407ae4c0e2 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Jun 20 14:49:33 2022 +0300 home: imp docs commit 54e32fa47ed11e50c6405ced90a400e4e69f021d Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Jun 20 14:30:08 2022 +0300 home: fix wrt svc	2022-06-20 15:24:11 +03:00
Ainar Garipov	b04d1ed6c8	Pull request: 4326 improve dockerfile Updates #4326. * commit 'f987c2559825923b22e910d01c2d42fb06231acc': scripts: imp docs; upd alpine Simplify Dockerfile Alpine Linux apk usage	2022-06-14 20:12:31 +03:00
Ainar Garipov	f987c25598	scripts: imp docs; upd alpine	2022-06-14 20:02:12 +03:00
Ainar Garipov	b9b93f1286	Merge branch 'master' into 4326-improve-dockerfile	2022-06-14 19:34:56 +03:00
Ainar Garipov	a7a5e50620	Pull request: client: upd i18n Updates #4665. Squashed commit of the following: commit 848dee4caf1f52b7b71dcef8c488ba939003e56f Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jun 14 18:59:56 2022 +0300 client: upd i18n	2022-06-14 19:09:49 +03:00
Ildar Kamalov	0edf71a4af	Pull request: 4659 fix url value in filter table actions Updates #4659 Squashed commit of the following: commit e1bcda9566bd9f1cca965f4308c337a9adf2ce04 Author: Ildar Kamalov <ik@adguard.com> Date: Tue Jun 14 17:40:09 2022 +0300 client: fix url value in filter table actions	2022-06-14 18:55:08 +03:00
Eugene Burkov	5956b97e7f	Pull request: more sysv Merge in DNS/adguard-home from 4480-sysv-again to master Updates #4480. Squashed commit of the following: commit 263fa05ab19de95b18fb07f6c89e4b9a1b24657b Merge: 360a6468 `d3f39b0a` Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jun 14 13:36:15 2022 +0300 Merge branch 'master' into 4480-sysv-again commit 360a646833ca9e0e01cb6d085e70b898a30dc2d0 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Jun 9 18:15:41 2022 +0300 home: rename linux file commit c3032533b7e00136c25d15a4ad771bb8a9c13e31 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Jun 9 18:06:25 2022 +0300 home: imp code commit 2381c4a6ab4f6dca88123ff7b0a92f2cf9a420a8 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Jun 9 17:48:22 2022 +0300 home: wrap sysv service	2022-06-14 14:01:51 +03:00
Ildar Kamalov	d3f39b0aa1	Pull request: 4637 fix blocked services icons and actions highlight Updates #4637 Squashed commit of the following: commit d69887586d15582406fab642e576a46f8984107b Merge: 65453371 `e738508d` Author: Ildar Kamalov <ik@adguard.com> Date: Fri Jun 10 12:07:29 2022 +0300 Merge branch 'master' into 4637-table commit 65453371fc7309e772a12fb9f522247e1392a64a Author: Ildar Kamalov <ik@adguard.com> Date: Thu Jun 9 18:43:44 2022 +0300 client: fix blocked services icons and actions highlight	2022-06-10 12:41:20 +03:00
Ainar Garipov	e738508d7a	Pull request: all: imp updater Merge in DNS/adguard-home from imp-updater to master Squashed commit of the following: commit 6ed487359e56a35b36f13dcbf2efbf2a7a2d8734 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Jun 9 16:29:35 2022 +0300 all: imp logs, err handling commit e930044cb619a43e5a44c230dadbe2228e9a93f5 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Jun 9 15:53:35 2022 +0300 all: imp updater	2022-06-09 17:47:05 +03:00
Ildar Kamalov	302faca32f	Pull request: 4642 update dns addresses on encryption update Updates #4642 Squashed commit of the following: commit 75729120d3532dc2bd12b6c9e724a691043a1870 Merge: 5b681867 `1c1ca1c6` Author: Ildar Kamalov <ik@adguard.com> Date: Thu Jun 9 11:58:13 2022 +0300 Merge branch 'master' into 4642-dns-privacy commit 5b68186705c3a9287a44e33c8cf7ab79060f35a4 Author: Ildar Kamalov <ik@adguard.com> Date: Tue Jun 7 18:39:02 2022 +0300 fix commit 46a9346154d33206e829a97021f3ef47ac2a5611 Author: Ildar Kamalov <ik@adguard.com> Date: Tue Jun 7 18:18:18 2022 +0300 client: update dns addresses on encryption update	2022-06-09 12:07:29 +03:00
Ildar Kamalov	1c1ca1c6e3	Pull request: 4641 fix button clickable area Updates #4641 Squashed commit of the following: commit f9f018388a198d7712e5caabba94035e42e393c4 Author: Ildar Kamalov <ik@adguard.com> Date: Tue Jun 7 16:21:37 2022 +0300 client: fix button clickable area	2022-06-09 11:57:58 +03:00
Ainar Garipov	a497dc09ca	Pull request: all: upd chlog Merge in DNS/adguard-home from upd-chlog to master Squashed commit of the following: commit 1ca912f4be4a452abc0c8c95a8d6022d547b3394 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jun 6 18:35:12 2022 +0300 all: upd chlog	2022-06-06 18:43:35 +03:00
Ainar Garipov	3ce04f48ca	Pull request: all: fix quic reply id Merge in DNS/adguard-home from upd-dnsproxy-quic-fix to master Squashed commit of the following: commit a6ffa24769259c73e397e02d087dc155ed58a3e2 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jun 6 15:06:00 2022 +0300 all: fix quic reply id	2022-06-06 15:34:08 +03:00
Ainar Garipov	368a98fb29	Pull request: client: upd i18n Merge in DNS/adguard-home from upd-i18n to master Squashed commit of the following: commit 3feadfe31609ef52726b582ad6ba18bfa435a081 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Jun 3 16:34:36 2022 +0300 client: upd i18n	2022-06-03 16:39:36 +03:00
Ainar Garipov	cbe32c5a73	Pull request: all: replace uuid pkg; upd deps Merge in DNS/adguard-home from 4622-upd-deps to master Squashed commit of the following: commit 36f407d8ab103da0f7eacdf91c153c23a5b7c3f2 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Jun 3 15:22:47 2022 +0300 home: imp mobileconfig uuid gen commit dddd162461a4830f7c0636338430cd6e77199214 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Jun 3 13:54:29 2022 +0300 all: replace uuid pkg; upd deps	2022-06-03 15:53:21 +03:00
Ainar Garipov	f46c9f74d5	Pull request: all: upd go Merge in DNS/adguard-home from upd-go to master Squashed commit of the following: commit b0bec8926508fb7ee3f26c2303d9628e21f0b62f Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Jun 2 15:47:51 2022 +0300 all: upd go	2022-06-02 15:57:06 +03:00
Dimitry Kolyshev	4b884ace62	Pull request: all: fix doh ddr Merge in DNS/adguard-home from fix-ddr-doh to master Squashed commit of the following: commit 53d3147b22044061d78b3bf4badca60505ac245a Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue May 31 15:02:17 2022 +0200 all: fix doh ddr	2022-05-31 17:28:50 +03:00
Eugene Burkov	7ce7e90865	Pull request: dnsforward: fix ddr target Updates #4463. Squashed commit of the following: commit 047155b585a1c762d709874f44abb2d8c5a9dbca Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon May 30 15:34:38 2022 +0300 dnsforward: imp code commit b0508ffec13ccf5fc5d3d2e37c9e1bd83c3c039e Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon May 30 15:27:02 2022 +0300 dnsforward: fix ddr target	2022-05-30 16:04:28 +03:00
Dimitry Kolyshev	756c932e37	Pull request: dnsforward: add doq alpn Merge in DNS/adguard-home from 4592-doq-alpn to master Squashed commit of the following: commit 5985445dbf5158ae1e5b0235b404dd188c856e60 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu May 26 16:42:06 2022 +0200 dnsforward: add doq alpn commit 9dcd6fee615a1a5ac1f80641ac16c18371b67096 Merge: 2564c870 `c3d5fcc6` Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu May 26 15:24:07 2022 +0200 Merge remote-tracking branch 'origin/master' into 4592-doq-alpn commit 2564c870e704ff453d0ad2fb22fa295ef725dd13 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu May 26 15:20:16 2022 +0200 dnsforward: add doq alpn	2022-05-26 17:53:11 +03:00
Dimitry Kolyshev	c3d5fcc669	Pull request: locales: DoQ status Merge in DNS/adguard-home from 4592-doq-status to master Squashed commit of the following: commit 96bc041b736a45711419160aebb79296f13ff84d Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Thu May 26 14:21:10 2022 +0200 all: locales	2022-05-26 16:21:59 +03:00
Peter Dave Hello	b29f320fd4	Simplify Dockerfile Alpine Linux apk usage Remove additional `--update` and manual clean up for apk in Dockerfile	2022-02-23 22:42:28 +08:00