Merge: * dhcpd: check if subnet mask is correct

Close #887 * commit '79a5c920a40180b7291d94535e50017d98eb3a63': * dhcpd: check if subnet mask is correct
* dhcpd: check if subnet mask is correct
2019-07-17 12:45:45 +03:00 · 2019-07-17 11:55:21 +03:00 · 2019-07-16 15:35:54 +03:00 · 2019-07-16 15:29:36 +03:00 · 2019-07-16 14:41:23 +03:00 · 2019-07-16 14:32:58 +03:00
131 changed files with 7594 additions and 2879 deletions
--- a/AGHTechDoc.md
+++ b/AGHTechDoc.md
@@ -9,10 +9,24 @@ Contents:
 	* "Check configuration" command
 	* Disable DNSStubListener
 	* "Apply configuration" command
+* Updating
+	* Get version command
+	* Update command
+* Device Names and Per-client Settings
+	* Per-client settings
+	* Get list of clients
+	* Add client
+	* Update client
+	* Delete client
 * Enable DHCP server
+	* "Show DHCP status" command
 	* "Check DHCP" command
 	* "Enable DHCP" command
 	* Static IP check/set
+	* Add a static lease
+* DNS access settings
+	* List access settings
+	* Set access settings


 ## First startup
@@ -187,6 +201,107 @@ On error, server responds with code 400 or 500.  In this case UI should show err
 	ERROR MESSAGE


+## Updating
+
+Algorithm of an update by command:
+
+* UI requests the latest version information from Server
+* Server requests information from Internet;  stores the data in cache for several hours;  sends data to UI
+* If UI sees that a new version is available, it shows notification message and "Update Now" button
+* When user clicks on "Update Now" button, UI sends Update command to Server
+* UI shows "Please wait, AGH is being updated..." message
+* Server performs an update:
+	* Use working directory from `--work-dir` if necessary
+	* Download new package for the current OS and CPU
+	* Unpack the package to a temporary directory `update-vXXX`
+	* Copy the current configuration file to the directory we unpacked new AGH to
+	* Check configuration compatibility by executing `./AGH --check-config`.  If this command fails, we won't be able to update.
+	* Create `backup-vXXX` directory and copy the current configuration file there
+	* Copy supporting files (README, LICENSE, etc.) to backup directory
+	* Copy supporting files from the update directory to the current directory
+	* Move the current binary file to backup directory
+	* Note: if power fails here, AGH won't be able to start at system boot.  Administrator has to fix it manually
+	* Move new binary file to the current directory
+	* Send response to UI
+	* Stop all tasks, including DNS server, DHCP server, HTTP server
+	* If AGH is running as a service, use service control functionality to restart
+	* If AGH is not running as a service, use the current process arguments to start a new process
+	* Exit process
+* UI resends Get Status command until Server responds to it with the new version.  This means that Server is successfully restarted after update.
+* UI reloads itself
+
+
+### Get version command
+
+On receiving this request server downloads version.json data from github and stores it in cache for several hours.
+
+Example of version.json data:
+
+	{
+	"version": "v0.95-hotfix",
+	"announcement": "AdGuard Home v0.95-hotfix is now available!",
+	"announcement_url": "",
+	"download_windows_amd64": "",
+	"download_windows_386": "",
+	"download_darwin_amd64": "",
+	"download_linux_amd64": "",
+	"download_linux_386": "",
+	"download_linux_arm": "",
+	"download_linux_arm64": "",
+	"download_linux_mips": "",
+	"download_linux_mipsle": "",
+	"selfupdate_min_version": "v0.0"
+	}
+
+Server can only auto-update if the current version is equal or higher than `selfupdate_min_version`.
+
+Request:
+
+	POST /control/version.json
+
+	{
+		"recheck_now": true | false // if false, server will check for a new version data only once in several hours
+	}
+
+Response:
+
+	200 OK
+
+	{
+	"new_version": "v0.95",
+	"announcement": "AdGuard Home v0.95 is now available!",
+	"announcement_url": "http://...",
+	"can_autoupdate": true
+	}
+
+If `can_autoupdate` is true, then the server can automatically upgrade to a new version.
+
+Response with empty body:
+
+	200 OK
+
+It means that update check is disabled by user.  UI should do nothing.
+
+
+### Update command
+
+Perform an update procedure to the latest available version
+
+Request:
+
+	POST /control/update
+
+Response:
+
+	200 OK
+
+Error response:
+
+	500
+
+UI shows error message "Auto-update has failed"
+
+
 ## Enable DHCP server

 Algorithm:
@@ -201,6 +316,38 @@ Algorithm:
 * UI shows the status


+### "Show DHCP status" command
+
+Request:
+
+	GET /control/dhcp/status
+
+Response:
+
+	200 OK
+
+	{
+		"config":{
+			"enabled":false,
+			"interface_name":"...",
+			"gateway_ip":"...",
+			"subnet_mask":"...",
+			"range_start":"...",
+			"range_end":"...",
+			"lease_duration":60,
+			"icmp_timeout_msec":0
+		},
+		"leases":[
+			{"ip":"...","mac":"...","hostname":"...","expires":"..."}
+			...
+		],
+		"static_leases":[
+			{"ip":"...","mac":"...","hostname":"..."}
+			...
+		]
+	}
+
+
 ### "Check DHCP" command

 Request:
@@ -325,3 +472,213 @@ Step 2.
 If we would set a different IP address, we'd need to replace the IP address for the current network configuration.  But currently this step isn't necessary.

 	ip addr replace dev eth0 192.168.0.1/24
+
+
+### Add a static lease
+
+Request:
+
+	POST /control/dhcp/add_static_lease
+
+	{
+		"mac":"...",
+		"ip":"...",
+		"hostname":"..."
+	}
+
+Response:
+
+	200 OK
+
+
+### Remove a static lease
+
+Request:
+
+	POST /control/dhcp/remove_static_lease
+
+	{
+		"mac":"...",
+		"ip":"...",
+		"hostname":"..."
+	}
+
+Response:
+
+	200 OK
+
+
+## Device Names and Per-client Settings
+
+When a client requests information from DNS server, he's identified by IP address.
+Administrator can set a name for a client with a known IP and also override global settings for this client.  The name is used to improve readability of DNS logs: client's name is shown in UI next to its IP address.  The names are loaded from 3 sources:
+* automatically from "/etc/hosts" file.  It's a list of `IP<->Name` entries which is loaded once on AGH startup from "/etc/hosts" file.
+* automatically using rDNS.  It's a list of `IP<->Name` entries which is added in runtime using rDNS mechanism when a client first makes a DNS request.
+* manually configured via UI.  It's a list of client's names and their settings which is loaded from configuration file and stored on disk.
+
+### Per-client settings
+
+UI provides means to manage the list of known clients (List/Add/Update/Delete) and their settings.  These settings are stored in configuration file as an array of objects.
+
+Notes:
+
+* `name`, `ip` and `mac` values are unique.
+
+* `ip` & `mac` values can't be set both at the same time.
+
+* If `mac` is set and DHCP server is enabled, IP is taken from DHCP lease table.
+
+* If `use_global_settings` is true, then DNS responses for this client are processed and filtered using global settings.
+
+* If `use_global_settings` is false, then the client-specific settings are used to override (enable or disable) global settings.
+
+
+### Get list of clients
+
+Request:
+
+	GET /control/clients
+
+Response:
+
+	200 OK
+
+	{
+	clients: [
+		{
+			name: "client1"
+			ip: "..."
+			mac: "..."
+			use_global_settings: true
+			filtering_enabled: false
+			parental_enabled: false
+			safebrowsing_enabled: false
+			safesearch_enabled: false
+		}
+	]
+	auto_clients: [
+		{
+			name: "host"
+			ip: "..."
+			source: "etc/hosts" || "rDNS"
+		}
+	]
+	}
+
+
+### Add client
+
+Request:
+
+	POST /control/clients/add
+
+	{
+		name: "client1"
+		ip: "..."
+		mac: "..."
+		use_global_settings: true
+		filtering_enabled: false
+		parental_enabled: false
+		safebrowsing_enabled: false
+		safesearch_enabled: false
+	}
+
+Response:
+
+	200 OK
+
+Error response (Client already exists):
+
+	400
+
+
+### Update client
+
+Request:
+
+	POST /control/clients/update
+
+	{
+		name: "client1"
+		data: {
+			name: "client1"
+			ip: "..."
+			mac: "..."
+			use_global_settings: true
+			filtering_enabled: false
+			parental_enabled: false
+			safebrowsing_enabled: false
+			safesearch_enabled: false
+		}
+	}
+
+Response:
+
+	200 OK
+
+Error response (Client not found):
+
+	400
+
+
+### Delete client
+
+Request:
+
+	POST /control/clients/delete
+
+	{
+		name: "client1"
+	}
+
+Response:
+
+	200 OK
+
+Error response (Client not found):
+
+	400
+
+
+## DNS access settings
+
+There are low-level settings that can block undesired DNS requests.  "Blocking" means not responding to request.
+
+There are 3 types of access settings:
+* allowed_clients: Only these clients are allowed to make DNS requests.
+* disallowed_clients: These clients are not allowed to make DNS requests.
+* blocked_hosts: These hosts are not allowed to be resolved by a DNS request.
+
+
+### List access settings
+
+Request:
+
+	GET /control/access/list
+
+Response:
+
+	200 OK
+
+	{
+		allowed_clients: ["127.0.0.1", ...]
+		disallowed_clients: ["127.0.0.1", ...]
+		blocked_hosts: ["host.com", ...]
+	}
+
+
+### Set access settings
+
+Request:
+
+	POST /control/access/set
+
+	{
+		allowed_clients: ["127.0.0.1", ...]
+		disallowed_clients: ["127.0.0.1", ...]
+		blocked_hosts: ["host.com", ...]
+	}
+
+Response:
+
+	200 OK
--- a/18
+++ b/18
@@ -11,14 +11,22 @@ FROM alpine:latest
 LABEL maintainer="AdGuard Team <devteam@adguard.com>"

 # Update CA certs
-RUN apk --no-cache --update add ca-certificates && \
-    rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome
+RUN apk --no-cache --update add ca-certificates libcap && \
+    rm -rf /var/cache/apk/* && \
+    mkdir -p /opt/adguardhome/conf /opt/adguardhome/work && \
+    chown -R nobody: /opt/adguardhome

-COPY --from=build /src/AdGuardHome/AdGuardHome /opt/adguardhome/AdGuardHome
+COPY --from=build --chown=nobody:nogroup /src/AdGuardHome/AdGuardHome /opt/adguardhome/AdGuardHome

-EXPOSE 53/tcp 53/udp 67/tcp 67/udp 68/tcp 68/udp 80/tcp 443/tcp 853/tcp 853/udp 3000/tcp
+RUN setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome
+
+EXPOSE 53/tcp 53/udp 67/udp 68/udp 80/tcp 443/tcp 853/tcp 3000/tcp

 VOLUME ["/opt/adguardhome/conf", "/opt/adguardhome/work"]

+WORKDIR /opt/adguardhome/work
+
+#USER nobody
+
 ENTRYPOINT ["/opt/adguardhome/AdGuardHome"]
-CMD ["-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work"]
+CMD ["-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work", "--no-check-update"]
--- a/Dockerfile.travis
+++ b/Dockerfile.travis
@@ -2,15 +2,22 @@ FROM alpine:latest
 LABEL maintainer="AdGuard Team <devteam@adguard.com>"

 # Update CA certs
-RUN apk --no-cache --update add ca-certificates && \
-    rm -rf /var/cache/apk/* && mkdir -p /opt/adguardhome
+RUN apk --no-cache --update add ca-certificates libcap && \
+    rm -rf /var/cache/apk/* && \
+    mkdir -p /opt/adguardhome/conf /opt/adguardhome/work && \
+    chown -R nobody: /opt/adguardhome

+COPY --chown=nobody:nogroup ./AdGuardHome /opt/adguardhome/AdGuardHome

-COPY ./AdGuardHome /opt/adguardhome/AdGuardHome
+RUN setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome

-EXPOSE 53/tcp 53/udp 67/tcp 67/udp 68/tcp 68/udp 80/tcp 443/tcp 853/tcp 853/udp 3000/tcp
+EXPOSE 53/tcp 53/udp 67/udp 68/udp 80/tcp 443/tcp 853/tcp 3000/tcp

 VOLUME ["/opt/adguardhome/conf", "/opt/adguardhome/work"]

+WORKDIR /opt/adguardhome/work
+
+#USER nobody
+
 ENTRYPOINT ["/opt/adguardhome/AdGuardHome"]
-CMD ["-h", "0.0.0.0", "-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work"]
+CMD ["-h", "0.0.0.0", "-c", "/opt/adguardhome/conf/AdGuardHome.yaml", "-w", "/opt/adguardhome/work", "--no-check-update"]
--- a/5
+++ b/5
@@ -4,6 +4,7 @@ NATIVE_GOARCH = $(shell unset GOARCH; go env GOARCH)
 GOPATH := $(shell go env GOPATH)
 JSFILES = $(shell find client -path client/node_modules -prune -o -type f -name '*.js')
 STATIC = build/static/index.html
+CHANNEL ?= release

 TARGET=AdGuardHome

@@ -19,10 +20,10 @@ client/node_modules: client/package.json client/package-lock.json
 $(STATIC): $(JSFILES) client/node_modules
 	npm --prefix client run build-prod

-$(TARGET): $(STATIC) *.go dhcpd/*.go dnsfilter/*.go dnsforward/*.go
+$(TARGET): $(STATIC) *.go home/*.go dhcpd/*.go dnsfilter/*.go dnsforward/*.go
 	GOOS=$(NATIVE_GOOS) GOARCH=$(NATIVE_GOARCH) GO111MODULE=off go get -v github.com/gobuffalo/packr/...
 	PATH=$(GOPATH)/bin:$(PATH) packr -z
-	CGO_ENABLED=0 go build -ldflags="-s -w -X main.VersionString=$(GIT_VERSION)" -asmflags="-trimpath=$(PWD)" -gcflags="-trimpath=$(PWD)"
+	CGO_ENABLED=0 go build -ldflags="-s -w -X main.version=$(GIT_VERSION) -X main.channel=$(CHANNEL)" -asmflags="-trimpath=$(PWD)" -gcflags="-trimpath=$(PWD)"
 	PATH=$(GOPATH)/bin:$(PATH) packr clean

 clean:
--- a/README.md
+++ b/README.md
@@ -44,9 +44,15 @@ AdGuard Home is a network-wide software for blocking ads & tracking. After you s
 It operates as a DNS server that re-routes tracking domains to a "black hole," thus preventing your devices from connecting to those servers. It's based on software we use for our public [AdGuard DNS](https://adguard.com/en/adguard-dns/overview.html) servers -- both share a lot of common code.

 * [Getting Started](#getting-started)
+* [Comparing AdGuard Home to other solutions](#comparison)
+    * [How is this different from public AdGuard DNS servers?](#comparison-adguard-dns)
+    * [How does AdGuard Home compare to Pi-Hole](#comparison-pi-hole)
+    * [How does AdGuard Home compare to traditional ad blockers](#comparison-adblock)
 * [How to build from source](#how-to-build)
 * [Contributing](#contributing)
-* [Reporting issues](#reporting-issues)
+    * [Test unstable versions](#test-unstable-versions)
+    * [Reporting issues](#reporting-issues)
+    * [Help with translations](#translate)
 * [Acknowledgments](#acknowledgments)

 <a id="getting-started"></a>
@@ -63,6 +69,57 @@ Alternatively, you can use our [official Docker image](https://hub.docker.com/r/
 * [How to install and run AdGuard Home on Raspberry Pi](https://github.com/AdguardTeam/AdGuardHome/wiki/Raspberry-Pi)
 * [How to install and run AdGuard Home on a Virtual Private Server](https://github.com/AdguardTeam/AdGuardHome/wiki/VPS)

+### API
+
+If you want to integrate with AdGuard Home, you can use our [REST API](https://github.com/AdguardTeam/AdGuardHome/tree/master/openapi).
+Alternatively, you can use this [python client](https://pypi.org/project/adguardhome/), which is used to build the [AdGuard Home Hass.io Add-on](https://community.home-assistant.io/t/community-hass-io-add-on-adguard-home).
+
+<a id="comparison"></a>
+## Comparing AdGuard Home to other solutions
+
+<a id="comparison-adguard-dns"></a>
+### How is this different from public AdGuard DNS servers?
+
+Running your own AdGuard Home server allows you to do much more than using a public DNS server. It's a completely different level. See for yourself:
+
+* Choose what exactly will the server block or not block.
+* Monitor your network activity.
+* Add your own custom filtering rules.
+* **Most importantly, this is your own server, and you are the only one who's in control.**
+
+<a id="comparison-pi-hole"></a>
+### How does AdGuard Home compare to Pi-Hole
+
+At this point, AdGuard Home has a lot in common with Pi-Hole. Both block ads and trackers using "DNS sinkholing" method, and both allow customizing what's blocked.
+
+> We're not going to stop here. DNS sinkholing is not a bad starting point, but this is just the beginning.
+
+AdGuard Home provides a lot of features out-of-the-box with no need to install and configure additional software. We want it to be simple to the point when even casual users can set it up with minimal effort.
+
+> Disclaimer: some of the listed features can be added to Pi-Hole by installing additional software or by manually using SSH terminal and reconfiguring one of the utilities Pi-Hole consists of. However, in our opinion, this cannot be legitimately counted as a Pi-Hole's feature.
+
+| Feature                                                                 | AdGuard&nbsp;Home | Pi-Hole                                                |
+|-------------------------------------------------------------------------|--------------|--------------------------------------------------------|
+| Blocking ads and trackers                                               | ✅            | ✅                                                      |
+| Customizing blocklists                                                  | ✅            | ✅                                                      |
+| Built-in DHCP server                                                    | ✅            | ✅                                                      |
+| HTTPS for the Admin interface                                           | ✅            | Kind of, but you'll need to manually configure lighthttp |
+| Encrypted DNS upstream servers (DNS-over-HTTPS, DNS-over-TLS, DNSCrypt) | ✅            | ❌ (requires additional software)                       |
+| Cross-platform                                                          | ✅            | ❌ (not natively, only via Docker)                      |
+| Running as a DNS-over-HTTPS or DNS-over-TLS server                      | ✅            | ❌ (requires additional software)                       |
+| Blocking phishing and malware domains                                   | ✅            | ❌                                                      |
+| Parental control (blocking adult domains)                               | ✅            | ❌                                                      |
+| Force Safe search on search engines                                     | ✅            | ❌                                                      |
+| Per-client (device) configuration                                       | ✅            | ❌                                                      |
+| Access settings (choose who can use AGH DNS)                            | ✅            | ❌                                                      |
+
+<a id="comparison-adblock"></a>
+### How does AdGuard Home compare to traditional ad blockers
+
+It depends.
+
+"DNS sinkholing" is capable of blocking a big percentage of ads, but it lacks flexibility and power of traditional ad blockers. You can get a good impression about the difference between these methods by reading [this article](https://adguard.com/en/blog/adguard-vs-adaway-dns66/). It compares AdGuard for Android (a traditional ad blocker) to hosts-level ad blockers (which are almost identical to DNS-based blockers in their capabilities). However, this level of protection is enough for some users.
+
 <a id="how-to-build"></a>
 ## How to build from source

@@ -89,12 +146,48 @@ cd AdGuardHome
 make
 ```

+#### (For devs) Upload translations
+```
+node upload.js
+```
+
+#### (For devs) Download translations
+```
+node download.js
+```
+
 <a id="contributing"></a>
 ## Contributing

 You are welcome to fork this repository, make your changes and submit a pull request — https://github.com/AdguardTeam/AdGuardHome/pulls

-### How to update translations
+<a id="test-unstable-versions"></a>
+### Test unstable versions
+
+There are two options how you can install an unstable version.
+You can either install a beta version of AdGuard Home which we update periodically,
+or you can use the Docker image from the `edge` tag, which is synced with the repo master branch.
+
+* [Docker Hub](https://hub.docker.com/r/adguard/adguardhome)
+* Beta builds
+    * [Rapsberry Pi (32-bit ARM)](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_arm.tar.gz)
+    * [MacOS](https://static.adguard.com/adguardhome/beta/AdGuardHome_MacOS.zip)
+    * [Windows 64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_Windows_amd64.zip)
+    * [Windows 32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_Windows_386.zip)
+    * [Linux 64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_amd64.tar.gz)
+    * [Linux 32-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_386.tar.gz)
+    * [FreeBSD 64-bit](https://static.adguard.com/adguardhome/beta/AdGuardHome_freebsd_amd64.tar.gz)
+    * [64-bit ARM](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_arm64.tar.gz)
+    * [MIPS](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mips.tar.gz)
+    * [MIPSLE](https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mipsle.tar.gz)
+
+<a id="reporting-issues"></a>
+### Report issues
+
+If you run into any problem or have a suggestion, head to [this page](https://github.com/AdguardTeam/AdGuardHome/issues) and click on the `New issue` button.
+
+<a id="translate"></a>
+### Help with translations

 If you want to help with AdGuard Home translations, please learn more about translating AdGuard products here: https://kb.adguard.com/en/general/adguard-translations

@@ -118,21 +211,6 @@ Example of `oneskyapp.json`
 }
 ```

-#### Upload translations
-```
-node upload.js
-```
-
-#### Download translations
-```
-node download.js
-```
-
-<a id="reporting-issues"></a>
-## Reporting issues
-
-If you run into any problem or have a suggestion, head to [this page](https://github.com/AdguardTeam/AdGuardHome/issues) and click on the `New issue` button.
-
 <a id="acknowledgments"></a>
 ## Acknowledgments

@@ -145,6 +223,7 @@ This software wouldn't have been possible without:
   * [go-yaml](https://github.com/go-yaml/yaml)
   * [service](https://godoc.org/github.com/kardianos/service)
   * [dnsproxy](https://github.com/AdguardTeam/dnsproxy)
+   * [urlfilter](https://github.com/AdguardTeam/urlfilter)
 * [Node.js](https://nodejs.org/) and it's libraries:
   * [React.js](https://reactjs.org)
   * [Tabler](https://github.com/tabler/tabler)
--- a/client/public/favicon.ico
+++ b/client/public/favicon.ico
--- a/client/public/favicon.png
+++ b/client/public/favicon.png
--- a/client/public/index.html
+++ b/client/public/index.html
@@ -5,7 +5,7 @@
        <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
        <meta name="theme-color" content="#000000">
        <meta name="google" content="notranslate">
-        <link rel="shortcut icon" href="favicon.ico">
+        <link rel="icon" type="image/png" href="favicon.png" sizes="48x48">
        <title>AdGuard Home</title>
    </head>
    <body>
--- a/client/public/install.html
+++ b/client/public/install.html
@@ -5,7 +5,7 @@
        <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
        <meta name="theme-color" content="#000000">
        <meta name="google" content="notranslate">
-        <link rel="shortcut icon" href="favicon.ico">
+        <link rel="icon" type="image/png" href="favicon.png" sizes="48x48">
        <title>Setup AdGuard Home</title>
    </head>
    <body>
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -1,4 +1,5 @@
 {
+    "client_settings": "Client settings",
    "example_upstream_reserved": "you can specify DNS upstream <0>for a specific domain(s)<\/0>",
    "upstream_parallel": "Use parallel queries to speed up resolving by simultaneously querying all upstream servers",
    "bootstrap_dns": "Bootstrap DNS servers",
@@ -15,10 +16,12 @@
    "dhcp_not_found": "It is safe to enable the built-in DHCP server - we didn't find any active DHCP servers on the network. However, we encourage you to re-check it manually as our automatic test currently doesn't give 100% guarantee.",
    "dhcp_found": "An active DHCP server is found on the network. It is not safe to enable the built-in DHCP server.",
    "dhcp_leases": "DHCP leases",
+    "dhcp_static_leases": "DHCP static leases",
    "dhcp_leases_not_found": "No DHCP leases found",
    "dhcp_config_saved": "Saved DHCP server config",
    "form_error_required": "Required field",
    "form_error_ip_format": "Invalid IPv4 format",
+    "form_error_mac_format": "Invalid MAC format",
    "form_error_positive": "Must be greater than 0",
    "dhcp_form_gateway_input": "Gateway IP",
    "dhcp_form_subnet_input": "Subnet mask",
@@ -35,7 +38,14 @@
    "dhcp_warning": "If you want to enable DHCP server anyway, make sure that there is no other active DHCP server in your network. Otherwise, it can break the Internet for connected devices!",
    "dhcp_error": "We could not determine whether there is another DHCP server in the network.",
    "dhcp_static_ip_error": "In order to use DHCP server a static IP address must be set. We failed to determine if this network interface is configured using static IP address. Please set a static IP address manually.",
-    "dhcp_dynamic_ip_found": "Your system uses dynamic IP address configuration for interface <0>{{interfaceName}}</0>. In order to use DHCP server a static IP address must be set. Your current IP address is <0>{{ipAddress}}</0>. We will automatically set this IP address as static if you press Enable DHCP button.",
+    "dhcp_dynamic_ip_found": "Your system uses dynamic IP address configuration for interface <0>{{interfaceName}}<\/0>. In order to use DHCP server a static IP address must be set. Your current IP address is <0>{{ipAddress}}<\/0>. We will automatically set this IP address as static if you press Enable DHCP button.",
+    "dhcp_lease_added": "Static lease \"{{key}}\" successfully added",
+    "dhcp_lease_deleted": "Static lease \"{{key}}\" successfully deleted",
+    "dhcp_new_static_lease": "New static lease",
+    "dhcp_static_leases_not_found": "No DHCP static leases found",
+    "dhcp_add_static_lease": "Add static lease",
+    "delete_confirm": "Are you sure you want to delete \"{{key}}\"?",
+    "form_enter_hostname": "Enter hostname",
    "error_details": "Error details",
    "back": "Back",
    "dashboard": "Dashboard",
@@ -43,7 +53,7 @@
    "filters": "Filters",
    "query_log": "Query Log",
    "faq": "FAQ",
-    "version": "version",
+    "version": "Version",
    "address": "address",
    "on": "ON",
    "off": "OFF",
@@ -87,6 +97,9 @@
    "no_servers_specified": "No servers specified",
    "no_settings": "No settings",
    "general_settings": "General settings",
+    "dns_settings": "DNS settings",
+    "encryption_settings": "Encryption settings",
+    "dhcp_settings": "DHCP settings",
    "upstream_dns": "Upstream DNS servers",
    "upstream_dns_hint": "If you keep this field empty, AdGuard Home will use <a href='https:\/\/1.1.1.1\/' target='_blank'>Cloudflare DNS<\/a> as an upstream.",
    "test_upstream_btn": "Test upstreams",
@@ -105,6 +118,7 @@
    "rules_count_table_header": "Rules count",
    "last_time_updated_table_header": "Last time updated",
    "actions_table_header": "Actions",
+    "edit_table_action": "Edit",
    "delete_table_action": "Delete",
    "filters_and_hosts": "Filters and hosts blocklists",
    "filters_and_hosts_hint": "AdGuard Home understands basic adblock rules and hosts files syntax.",
@@ -125,7 +139,7 @@
    "example_comment": "! Here goes a comment",
    "example_comment_meaning": "just a comment",
    "example_comment_hash": "# Also a comment",
-    "example_regex_meaning": "block access to the domains matching the specified regular expression",
+    "example_regex_meaning": "block access to the domains matching the <0>specified regular expression</0>",
    "example_upstream_regular": "regular DNS (over UDP)",
    "example_upstream_dot": "encrypted <0>DNS-over-TLS<\/0>",
    "example_upstream_doh": "encrypted <0>DNS-over-HTTPS<\/0>",
@@ -187,12 +201,12 @@
    "install_auth_password_enter": "Enter password",
    "install_step": "Step",
    "install_devices_title": "Configure your devices",
-    "install_devices_desc": "In order for AdGuard Home to start working, you need to configure your devices to use it.",
+    "install_devices_desc": "To start using AdGuard Home, you need to configure your devices to use it.",
    "install_submit_title": "Congratulations!",
    "install_submit_desc": "The setup procedure is finished and you are ready to start using AdGuard Home.",
    "install_devices_router": "Router",
    "install_devices_router_desc": "This setup will automatically cover all the devices connected to your home router and you will not need to configure each of them manually.",
-    "install_devices_address": "AdGuard Home DNS server is listening to the following addresses",
+    "install_devices_address": "AdGuard Home DNS server is listening on the following addresses",
    "install_devices_router_list_1": "Open the preferences for your router. Usually, you can access it from your browser via a URL (like http:\/\/192.168.0.1\/ or http:\/\/192.168.1.1\/). You may be asked to enter the password. If you don't remember it, you can often reset the password by pressing a button on the router itself. Some routers require a specific application, which in that case should be already installed on your computer\/phone.",
    "install_devices_router_list_2": "Find the DHCP\/DNS settings. Look for the DNS letters next to a field which allows two or three sets of numbers, each broken into four groups of one to three digits.",
    "install_devices_router_list_3": "Enter your AdGuard Home server addresses there.",
@@ -259,5 +273,63 @@
    "setup_guide": "Setup guide",
    "dns_addresses": "DNS addresses",
    "down": "Down",
-    "fix": "Fix"
+    "fix": "Fix",
+    "dns_providers": "Here is a <0>list of known DNS providers<\/0> to choose from.",
+    "update_now": "Update now",
+    "update_failed": "Auto-update failed. Please <a href='https:\/\/github.com\/AdguardTeam\/AdGuardHome\/wiki\/Getting-Started#update'>follow the steps<\/a> to update manually.",
+    "processing_update": "Please wait, AdGuard Home is being updated",
+    "clients_title": "Clients",
+    "clients_desc": "Configure devices connected to AdGuard Home",
+    "settings_global": "Global",
+    "settings_custom": "Custom",
+    "table_client": "Client",
+    "table_name": "Name",
+    "save_btn": "Save",
+    "client_add": "Add Client",
+    "client_new": "New Client",
+    "client_edit": "Edit Client",
+    "client_identifier": "Identifier",
+    "ip_address": "IP address",
+    "client_identifier_desc": "Clients can be identified by the IP address or MAC address. Please note, that using MAC as identifier is possible only if AdGuard Home is also a <0>DHCP server<\/0>",
+    "form_enter_ip": "Enter IP",
+    "form_enter_mac": "Enter MAC",
+    "form_client_name": "Enter client name",
+    "client_global_settings": "Use global settings",
+    "client_deleted": "Client \"{{key}}\" successfully deleted",
+    "client_added": "Client \"{{key}}\" successfully added",
+    "client_updated": "Client \"{{key}}\" successfully updated",
+    "table_statistics": "Requests count (last 24 hours)",
+    "clients_not_found": "No clients found",
+    "client_confirm_delete": "Are you sure you want to delete client \"{{key}}\"?",
+    "filter_confirm_delete": "Are you sure you want to delete filter?",
+    "auto_clients_title": "Clients (runtime)",
+    "auto_clients_desc": "Data on the clients that use AdGuard Home, but not stored in the configuration",
+    "access_title": "Access settings",
+    "access_desc": "Here you can configure access rules for the AdGuard Home DNS server.",
+    "access_allowed_title": "Allowed clients",
+    "access_allowed_desc": "A list of CIDR or IP addresses. If configured, AdGuard Home will accept requests from these IP addresses only.",
+    "access_disallowed_title": "Disallowed clients",
+    "access_disallowed_desc": "A list of CIDR or IP addresses. If configured, AdGuard Home will drop requests from these IP addresses.",
+    "access_blocked_title": "Blocked domains",
+    "access_blocked_desc": "Don't confuse this with filters. AdGuard Home will drop DNS queries with these domains in query's question.",
+    "access_settings_saved": "Access settings successfully saved",
+    "updates_checked": "Updates successfully checked",
+    "updates_version_equal": "AdGuard Home is up-to-date",
+    "check_updates_now": "Check for updates now",
+    "dns_privacy": "DNS Privacy",
+    "setup_dns_privacy_1": "<0>DNS-over-TLS:</0> Use <1>{{address}}</1> string.",
+    "setup_dns_privacy_2": "<0>DNS-over-HTTPS:</0> Use <1>{{address}}</1> string.",
+    "setup_dns_privacy_3": "<0>Please note that encrypted DNS protocols are supported only on Android 9. So you need to install additional software for other operating systems.</0><0>Here's a list of software you can use.</0>",
+    "setup_dns_privacy_android_1": "Android 9 supports DNS-over-TLS natively. To configure it, go to Settings → Network & internet → Advanced → Private DNS and enter your domain name there.",
+    "setup_dns_privacy_android_2": "<0>AdGuard for Android</0> supports <1>DNS-over-HTTPS</1> and <1>DNS-over-TLS</1>.",
+    "setup_dns_privacy_android_3": "<0>Intra</0> adds <1>DNS-over-HTTPS</1> support to Android.",
+    "setup_dns_privacy_ios_1": "<0>DNSCloak</0> supports <1>DNS-over-HTTPS</1>, but in order to configure it to use your own server, you'll need to generate a <2>DNS Stamp</2> for it.",
+    "setup_dns_privacy_ios_2": "<0>AdGuard for iOS</0> supports <1>DNS-over-HTTPS</1> and <1>DNS-over-TLS</1> setup.",
+    "setup_dns_privacy_other_title": "Other implementations",
+    "setup_dns_privacy_other_1": "AdGuard Home itself can be a secure DNS client on any platform.",
+    "setup_dns_privacy_other_2": "<0>dnsproxy</0> supports all known secure DNS protocols.",
+    "setup_dns_privacy_other_3": "<0>dnscrypt-proxy</0> supports <1>DNS-over-HTTPS</1>.",
+    "setup_dns_privacy_other_4": "<0>Mozilla Firefox</0> supports <1>DNS-over-HTTPS</1>.",
+    "setup_dns_privacy_other_5": "You will find more implementations <0>here</0> and <1>here</1>.",
+    "setup_dns_notice": "In order to use <1>DNS-over-HTTPS</1> or <1>DNS-over-TLS</1>, you need to <0>configure Encryption</0> in AdGuard Home settings."
 }
--- a/client/src/__locales/es.json
+++ b/client/src/__locales/es.json
@@ -2,37 +2,50 @@
    "example_upstream_reserved": "puede especificar el DNS de subida <0>para un dominio espec\u00edfico<\/0>",
    "upstream_parallel": "Usar consultas paralelas para acelerar la resoluci\u00f3n al consultar simult\u00e1neamente a todos los servidores de subida",
    "bootstrap_dns": "Servidores DNS de arranque",
-    "bootstrap_dns_desc": "Los servidores DNS de arranque se utilizan para resolver las direcciones IP de los resolutores DoH\/DoT que especifique como DNS de subida.",
+    "bootstrap_dns_desc": "Los servidores DNS de arranque se utilizan para resolver las direcciones IP de los resolutores DoH\/DoT que usted especifique como DNS de subida.",
    "url_added_successfully": "URL a\u00f1adida correctamente",
-    "check_dhcp_servers": "Compruebe si hay servidores DHCP",
+    "check_dhcp_servers": "Comprobar si hay servidores DHCP",
    "save_config": "Guardar configuraci\u00f3n",
    "enabled_dhcp": "Servidor DHCP habilitado",
    "disabled_dhcp": "Servidor DHCP deshabilitado",
    "dhcp_title": "Servidor DHCP (experimental)",
    "dhcp_description": "Si su router no proporciona la configuraci\u00f3n DHCP, puede utilizar el propio servidor DHCP incorporado de AdGuard.",
    "dhcp_enable": "Habilitar servidor DHCP",
-    "dhcp_disable": "Deshabilitar el servidor DHCP",
-    "dhcp_not_found": "No se han encontrado servidores DHCP activos en la red. Es seguro habilitar el servidor DHCP incorporado.",
-    "dhcp_found": "Algunos servidores DHCP activos se encuentran en la red. No es seguro habilitar el servidor DHCP incorporado.",
-    "dhcp_leases": "Concesi\u00f3nes DHCP",
-    "dhcp_leases_not_found": "No se encontraron concesi\u00f3nes DHCP",
+    "dhcp_disable": "Deshabilitar servidor DHCP",
+    "dhcp_not_found": "Es seguro habilitar el servidor DHCP incorporado. No se ha encontrado ning\u00fan servidor DHCP activo en la red, sin embargo le recomendamos que lo vuelva a comprobar manualmente, ya que nuestra prueba autom\u00e1tica no ofrece actualmente una garant\u00eda del 100%.",
+    "dhcp_found": "Un servidor DHCP activo se encuentra en la red. No es seguro habilitar el servidor DHCP incorporado.",
+    "dhcp_leases": "Asignaciones DHCP",
+    "dhcp_static_leases": "DHCP static leases",
+    "dhcp_leases_not_found": "No se han encontrado asignaciones DHCP",
    "dhcp_config_saved": "Configuraci\u00f3n del servidor DHCP guardada",
    "form_error_required": "Campo obligatorio",
    "form_error_ip_format": "Formato IPv4 no v\u00e1lido",
+    "form_error_mac_format": "Formato MAC no v\u00e1lido",
    "form_error_positive": "Debe ser mayor que 0",
    "dhcp_form_gateway_input": "IP de puerta de enlace",
    "dhcp_form_subnet_input": "M\u00e1scara de subred",
    "dhcp_form_range_title": "Rango de direcciones IP",
    "dhcp_form_range_start": "Inicio de rango",
    "dhcp_form_range_end": "Final de rango",
-    "dhcp_form_lease_title": "Tiempo de concesi\u00f3n DHCP (en segundos)",
-    "dhcp_form_lease_input": "Duraci\u00f3n de la concesi\u00f3n",
+    "dhcp_form_lease_title": "Tiempo de asignaci\u00f3n DHCP (en segundos)",
+    "dhcp_form_lease_input": "Duraci\u00f3n de asignaci\u00f3n",
    "dhcp_interface_select": "Seleccione la interfaz DHCP",
    "dhcp_hardware_address": "Direcci\u00f3n MAC",
    "dhcp_ip_addresses": "Direcciones IP",
    "dhcp_table_hostname": "Nombre del host",
    "dhcp_table_expires": "Expira",
-    "dhcp_warning": "Si desea habilitar el servidor DHCP incorporado, aseg\u00farese de que no hay otro servidor DHCP activo. \u00a1De lo contrario, puede dejar sin Internet a los dispositivos conectados!",
+    "dhcp_warning": "Si de todos modos desea habilitar el servidor DHCP, aseg\u00farese de que no hay otro servidor DHCP activo en su red. \u00a1De lo contrario, puede dejar sin Internet a los dispositivos conectados!",
+    "dhcp_error": "No pudimos determinar si hay otro servidor DHCP en la red.",
+    "dhcp_static_ip_error": "Para poder utilizar el servidor DHCP se debe establecer una direcci\u00f3n IP est\u00e1tica. No hemos podido determinar si esta interfaz de red est\u00e1 configurada utilizando una direcci\u00f3n IP est\u00e1tica. Por favor establezca una direcci\u00f3n IP est\u00e1tica manualmente.",
+    "dhcp_dynamic_ip_found": "Su sistema utiliza la configuraci\u00f3n de direcci\u00f3n IP din\u00e1mica para la interfaz <0>{{interfaceName}}<\/0>. Para poder utilizar el servidor DHCP se debe establecer una direcci\u00f3n IP est\u00e1tica. Su direcci\u00f3n IP actual es <0>{{ipAddress}}<\/0>. Si presiona el bot\u00f3n Habilitar servidor DHCP, estableceremos autom\u00e1ticamente esta direcci\u00f3n IP como est\u00e1tica.",
+    "dhcp_lease_added": "Static lease \"{{key}}\" successfully added",
+    "dhcp_lease_deleted": "Static lease \"{{key}}\" successfully deleted",
+    "dhcp_new_static_lease": "New static lease",
+    "dhcp_static_leases_not_found": "No DHCP static leases found",
+    "dhcp_add_static_lease": "Add static lease",
+    "delete_confirm": "Are you sure you want to delete \"{{key}}\"?",
+    "form_enter_hostname": "Enter hostname",
+    "error_details": "Detalles del error",
    "back": "Atr\u00e1s",
    "dashboard": "Panel de control",
    "settings": "Configuraci\u00f3n",
@@ -46,6 +59,7 @@
    "copyright": "Copyright",
    "homepage": "P\u00e1gina de inicio",
    "report_an_issue": "Reportar un error",
+    "privacy_policy": "Pol\u00edtica de privacidad",
    "enable_protection": "Habilitar protecci\u00f3n",
    "enabled_protection": "Protecci\u00f3n habilitada",
    "disable_protection": "Deshabilitar protecci\u00f3n",
@@ -54,19 +68,19 @@
    "dns_query": "Consultas DNS",
    "blocked_by": "Bloqueado por filtros",
    "stats_malware_phishing": "Malware\/phishing bloqueado",
-    "stats_adult": "Sitios para adultos bloqueado",
+    "stats_adult": "Sitios web para adultos bloqueado",
    "stats_query_domain": "Dominios m\u00e1s consultados",
    "for_last_24_hours": "en las \u00faltimas 24 horas",
-    "no_domains_found": "Dominios no encontrados",
-    "requests_count": "N\u00famero de solicitudes",
+    "no_domains_found": "No se han encontrado dominios",
+    "requests_count": "N\u00famero de peticiones",
    "top_blocked_domains": "Dominios m\u00e1s bloqueados",
    "top_clients": "Clientes m\u00e1s frecuentes",
-    "no_clients_found": "No hay clientes",
+    "no_clients_found": "No se han encontrado clientes",
    "general_statistics": "Estad\u00edsticas generales",
    "number_of_dns_query_24_hours": "N\u00famero de consultas DNS procesadas durante las \u00faltimas 24 horas",
-    "number_of_dns_query_blocked_24_hours": "N\u00famero de peticiones DNS bloqueadas por los filtros de publicidad y listas de bloqueo de hosts",
-    "number_of_dns_query_blocked_24_hours_by_sec": "N\u00famero de peticiones DNS bloqueadas por el m\u00f3dulo de navegaci\u00f3n segura de AdGuard",
-    "number_of_dns_query_blocked_24_hours_adult": "N\u00famero de sitios para adultos bloqueado",
+    "number_of_dns_query_blocked_24_hours": "N\u00famero de peticiones DNS bloqueadas por los filtros y listas de bloqueo de hosts",
+    "number_of_dns_query_blocked_24_hours_by_sec": "N\u00famero de peticiones DNS bloqueadas por el m\u00f3dulo de seguridad de navegaci\u00f3n de AdGuard",
+    "number_of_dns_query_blocked_24_hours_adult": "N\u00famero de sitios web para adultos bloqueado",
    "enforced_save_search": "B\u00fasquedas seguras forzadas",
    "number_of_dns_query_to_safe_search": "N\u00famero de peticiones DNS a los motores de b\u00fasqueda para los que se aplic\u00f3 la b\u00fasqueda segura forzada",
    "average_processing_time": "Tiempo promedio de procesamiento",
@@ -74,14 +88,18 @@
    "block_domain_use_filters_and_hosts": "Bloquear dominios usando filtros y archivos hosts",
    "filters_block_toggle_hint": "Puede configurar las reglas de bloqueo en la configuraci\u00f3n de <a href='#filters'>filtros<\/a>.",
    "use_adguard_browsing_sec": "Usar el servicio web de seguridad de navegaci\u00f3n de AdGuard",
-    "use_adguard_browsing_sec_hint": "AdGuard Home comprobar\u00e1 si el dominio est\u00e1 en la lista negra del servicio web de seguridad de navegaci\u00f3n. Utilizar\u00e1 una API de b\u00fasqueda amigable con la privacidad para realizar la comprobaci\u00f3n: solo se env\u00eda al servidor un prefijo corto de hash del nombre de dominio SHA256.",
+    "use_adguard_browsing_sec_hint": "AdGuard Home comprobar\u00e1 si el dominio est\u00e1 en la lista negra del servicio web de seguridad de navegaci\u00f3n. Utilizar\u00e1 la API de b\u00fasqueda amigable con la privacidad para realizar la comprobaci\u00f3n: solo se env\u00eda al servidor un prefijo corto del nombre de dominio con hash SHA256.",
    "use_adguard_parental": "Usar el control parental de AdGuard",
-    "use_adguard_parental_hint": "AdGuard Home comprobar\u00e1 si el dominio contiene materiales para adultos. Utiliza la misma API amigable con la privacidad que el servicio web de seguridad de navegaci\u00f3n.",
+    "use_adguard_parental_hint": "AdGuard Home comprobar\u00e1 si el dominio contiene materiales para adultos. Utiliza la misma API amigable con la privacidad del servicio web de seguridad de navegaci\u00f3n.",
    "enforce_safe_search": "Forzar b\u00fasqueda segura",
-    "enforce_save_search_hint": "AdGuard Home puede forzar la b\u00fasqueda segura en los siguientes motores de b\u00fasqueda: Google, YouTube, Bing y Yandex.",
+    "enforce_save_search_hint": "AdGuard Home puede forzar la b\u00fasqueda segura en los siguientes motores de b\u00fasqueda: Google, YouTube, Bing, DuckDuckGo y Yandex.",
    "no_servers_specified": "No hay servidores especificados",
    "no_settings": "Sin configuraci\u00f3n",
    "general_settings": "Configuraci\u00f3n general",
+    "dns_settings": "DNS settings",
+    "encryption_settings": "Encryption settings",
+    "dhcp_settings": "DHCP settings",
+    "client_settings": "Client settings",
    "upstream_dns": "Servidores DNS de subida",
    "upstream_dns_hint": "Si mantiene este campo vac\u00edo, AdGuard Home utilizar\u00e1 <a href='https:\/\/1.1.1.1\/' target='_blank'>Cloudflare DNS<\/a> como DNS de subida. Utilice el prefijo tls:\/\/ para los servidores DNS mediante TLS.",
    "test_upstream_btn": "Probar DNS de subida",
@@ -100,19 +118,20 @@
    "rules_count_table_header": "N\u00famero de reglas",
    "last_time_updated_table_header": "\u00daltima actualizaci\u00f3n",
    "actions_table_header": "Acciones",
+    "edit_table_action": "Editar",
    "delete_table_action": "Eliminar",
    "filters_and_hosts": "Filtros y listas de bloqueo de hosts",
-    "filters_and_hosts_hint": "AdGuard Home entiende reglas b\u00e1sicas de bloqueo y la sintaxis de los archivos de hosts.",
+    "filters_and_hosts_hint": "AdGuard Home entiende las reglas b\u00e1sicas de bloqueo y la sintaxis de los archivos hosts.",
    "no_filters_added": "No hay filtros a\u00f1adidos",
    "add_filter_btn": "A\u00f1adir filtro",
    "cancel_btn": "Cancelar",
    "enter_name_hint": "Ingrese el nombre",
    "enter_url_hint": "Ingrese la URL",
    "check_updates_btn": "Buscar actualizaciones",
-    "new_filter_btn": "Nueva suscripci\u00f3n de filtro",
-    "enter_valid_filter_url": "Ingrese una URL v\u00e1lida para suscribirse o un archivo de hosts.",
-    "custom_filter_rules": "Personalizar reglas del filtrado",
-    "custom_filter_rules_hint": "Ingrese una regla en una l\u00ednea. Puede utilizar reglas de bloqueo de anuncios o la sintaxis de archivos de hosts.",
+    "new_filter_btn": "Nueva suscripci\u00f3n a filtro",
+    "enter_valid_filter_url": "Ingrese una URL v\u00e1lida para suscribirse a un filtro o archivo hosts.",
+    "custom_filter_rules": "Reglas de filtrado personalizado",
+    "custom_filter_rules_hint": "Ingrese una regla por l\u00ednea. Puede utilizar reglas de bloqueo o la sintaxis de los archivos hosts.",
    "examples_title": "Ejemplos",
    "example_meaning_filter_block": "bloquea el acceso al dominio ejemplo.org\ny a todos sus subdominios",
    "example_meaning_filter_whitelist": "desbloquea el acceso al dominio ejemplo.org y a todos sus subdominios",
@@ -129,7 +148,7 @@
    "all_filters_up_to_date_toast": "Todos los filtros ya est\u00e1n actualizados",
    "updated_upstream_dns_toast": "Servidores DNS de subida actualizados",
    "dns_test_ok_toast": "Los servidores DNS especificados funcionan correctamente",
-    "dns_test_not_ok_toast": "Servidor \"{{key}}\": no puede ser usado, por favor, revise si lo ha escrito correctamente",
+    "dns_test_not_ok_toast": "Servidor \"{{key}}\": no se puede utilizar, por favor revise si lo ha escrito correctamente",
    "unblock_btn": "Desbloquear",
    "block_btn": "Bloquear",
    "time_table_header": "Hora",
@@ -164,7 +183,7 @@
    "filter_label": "Filtro",
    "unknown_filter": "Filtro desconocido {{filterId}}",
    "install_welcome_title": "\u00a1Bienvenido a AdGuard Home!",
-    "install_welcome_desc": "AdGuard Home es un servidor DNS de bloqueo de anuncios y rastreadores en toda la red. Su prop\u00f3sito es permitirle controlar toda su red y todos sus dispositivos, y no requiere el uso de un programa del lado del cliente.",
+    "install_welcome_desc": "AdGuard Home es un servidor DNS para bloqueo de anuncios y rastreadores a nivel de red. Su prop\u00f3sito es permitirle controlar toda su red y todos sus dispositivos, y no requiere el uso de un programa del lado del cliente.",
    "install_settings_title": "Interfaz web de administraci\u00f3n",
    "install_settings_listen": "Interfaz de escucha",
    "install_settings_port": "Puerto",
@@ -174,7 +193,7 @@
    "install_settings_dns_desc": "Deber\u00e1 configurar sus dispositivos o router para usar el servidor DNS en las siguientes direcciones:",
    "install_settings_all_interfaces": "Todas las interfaces",
    "install_auth_title": "Autenticaci\u00f3n",
-    "install_auth_desc": "Se recomienda encarecidamente configurar la autenticaci\u00f3n por contrase\u00f1a para la interfaz web del administraci\u00f3n de AdGuard Home. Incluso si solo es accesible en su red local, es importante que est\u00e9 protegido contra el acceso no autorizado.",
+    "install_auth_desc": "Se recomienda encarecidamente configurar la autenticaci\u00f3n por contrase\u00f1a para la interfaz web de administraci\u00f3n de AdGuard Home. Incluso si solo es accesible en su red local, es importante que est\u00e9 protegido contra el acceso no autorizado.",
    "install_auth_username": "Usuario",
    "install_auth_password": "Contrase\u00f1a",
    "install_auth_confirm": "Confirmar contrase\u00f1a",
@@ -187,7 +206,7 @@
    "install_submit_desc": "El proceso de configuraci\u00f3n ha finalizado y est\u00e1 listo para comenzar a usar AdGuard Home.",
    "install_devices_router": "Router",
    "install_devices_router_desc": "Esta configuraci\u00f3n cubrir\u00e1 autom\u00e1ticamente todos los dispositivos conectados a su router dom\u00e9stico y no necesitar\u00e1 configurar cada uno de ellos manualmente.",
-    "install_devices_address": "El servidor DNS de AdGuard Home est\u00e1 escuchando las siguientes direcciones",
+    "install_devices_address": "El servidor DNS de AdGuard Home est\u00e1 escuchando en las siguientes direcciones",
    "install_devices_router_list_1": "Abra las preferencias de su router. Por lo general, puede acceder a \u00e9l desde su navegador a trav\u00e9s de una URL (como http:\/\/192.168.0.1\/ o http:\/\/192.168.1.1\/). Se le puede pedir que ingrese la contrase\u00f1a. Si no lo recuerda, a menudo puede restablecer la contrase\u00f1a presionando un bot\u00f3n en el router. Algunos routers requieren una aplicaci\u00f3n espec\u00edfica, que en ese caso ya deber\u00eda estar instalada en su computadora\/tel\u00e9fono.",
    "install_devices_router_list_2": "Busque la configuraci\u00f3n de DHCP\/DNS. Busque las letras DNS junto a un campo que permita ingresar dos o tres grupos de n\u00fameros, cada uno dividido en cuatro grupos de uno a tres d\u00edgitos.",
    "install_devices_router_list_3": "Ingrese las direcciones de su servidor AdGuard Home all\u00ed.",
@@ -209,13 +228,13 @@
    "install_devices_ios_list_1": "En la pantalla de inicio, pulse en Configuraci\u00f3n.",
    "install_devices_ios_list_2": "Elija Wi-Fi en el men\u00fa de la izquierda (es imposible configurar DNS para redes m\u00f3viles).",
    "install_devices_ios_list_3": "Pulse sobre el nombre de la red activa en ese momento.",
-    "install_devices_ios_list_4": "En ese campo DNS ingrese las direcciones de su servidor AdGuard Home.",
+    "install_devices_ios_list_4": "En el campo DNS ingrese las direcciones de su servidor AdGuard Home.",
    "get_started": "Comenzar",
    "next": "Siguiente",
    "open_dashboard": "Abrir panel de control",
    "install_saved": "Guardado correctamente",
    "encryption_title": "Cifrado",
-    "encryption_desc": "Soporte para cifrado (HTTPS\/TLS) tanto para DNS como para la interfaz web de administraci\u00f3n",
+    "encryption_desc": "Soporte de cifrado (HTTPS\/TLS) tanto para DNS como para la interfaz web de administraci\u00f3n",
    "encryption_config_saved": "Configuraci\u00f3n de cifrado guardado",
    "encryption_server": "Nombre del servidor",
    "encryption_server_enter": "Ingrese su nombre de dominio",
@@ -224,7 +243,7 @@
    "encryption_redirect_desc": "Si est\u00e1 marcado, AdGuard Home redireccionar\u00e1 autom\u00e1ticamente de HTTP a las direcciones HTTPS.",
    "encryption_https": "Puerto HTTPS",
    "encryption_https_desc": "Si el puerto HTTPS est\u00e1 configurado, la interfaz de administraci\u00f3n de AdGuard Home ser\u00e1 accesible a trav\u00e9s de HTTPS, y tambi\u00e9n proporcionar\u00e1 DNS mediante HTTPS en la ubicaci\u00f3n '\/dns-query'.",
-    "encryption_dot": "Puerto para DNS mediante TLS",
+    "encryption_dot": "Puerto DNS mediante TLS",
    "encryption_dot_desc": "Si este puerto est\u00e1 configurado, AdGuard Home ejecutar\u00e1 un servidor DNS mediante TLS en este puerto.",
    "encryption_certificates": "Certificados",
    "encryption_certificates_desc": "Para utilizar el cifrado, debe proporcionar una cadena de certificados SSL v\u00e1lida para su dominio. Puede obtener un certificado gratuito en <0>{{link}}<\/0> o puede comprarlo en una de las autoridades de certificaci\u00f3n de confianza.",
@@ -233,7 +252,7 @@
    "encryption_expire": "Expira",
    "encryption_key": "Clave privada",
    "encryption_key_input": "Copie\/pegue aqu\u00ed su clave privada codificada PEM para su certificado.",
-    "encryption_enable": "Habilitar el cifrado (HTTPS, DNS mediante HTTPS y DNS mediante TLS)",
+    "encryption_enable": "Habilitar cifrado (HTTPS, DNS mediante HTTPS y DNS mediante TLS)",
    "encryption_enable_desc": "Si el cifrado est\u00e1 habilitado, la interfaz de administraci\u00f3n de AdGuard Home funcionar\u00e1 a trav\u00e9s de HTTPS, y el servidor DNS escuchar\u00e1 las peticiones DNS mediante HTTPS y DNS mediante TLS.",
    "encryption_chain_valid": "La cadena de certificado es v\u00e1lida",
    "encryption_chain_invalid": "La cadena de certificado no es v\u00e1lida",
@@ -245,12 +264,53 @@
    "encryption_reset": "\u00bfEst\u00e1 seguro de que desea restablecer la configuraci\u00f3n de cifrado?",
    "topline_expiring_certificate": "Su certificado SSL est\u00e1 a punto de expirar. Actualice la <0>configuraci\u00f3n del cifrado<\/0>.",
    "topline_expired_certificate": "Su certificado SSL ha expirado. Actualice la <0>configuraci\u00f3n del cifrado<\/0>.",
-    "form_error_port_range": "Ingrese el valor del puerto en el rango de 80 - 65535",
+    "form_error_port_range": "Ingrese el valor del puerto en el rango de 80 a 65535",
    "form_error_port_unsafe": "Este es un puerto inseguro",
    "form_error_equal": "No deber\u00eda ser igual",
    "form_error_password": "La contrase\u00f1a no coincide",
    "reset_settings": "Restablecer configuraci\u00f3n",
    "update_announcement": "\u00a1AdGuard Home {{version}} ya est\u00e1 disponible! <0>Haga clic aqu\u00ed<\/0> para m\u00e1s informaci\u00f3n.",
    "setup_guide": "Gu\u00eda de configuraci\u00f3n",
-    "dns_addresses": "Direcciones DNS"
+    "dns_addresses": "Direcciones DNS",
+    "down": "Abajo",
+    "fix": "Corregir",
+    "dns_providers": "Aqu\u00ed hay una <0>lista de proveedores DNS<\/0> conocidos para elegir.",
+    "update_now": "Actualizar ahora",
+    "update_failed": "Error en la actualizaci\u00f3n autom\u00e1tica. Por favor <a href='https:\/\/github.com\/AdguardTeam\/AdGuardHome\/wiki\/Getting-Started#update'>siga los pasos<\/a> para actualizar manualmente.",
+    "processing_update": "Por favor espere, AdGuard Home se est\u00e1 actualizando",
+    "clients_title": "Clientes",
+    "clients_desc": "Configurar dispositivos conectados con AdGuard Home",
+    "settings_global": "Global",
+    "settings_custom": "Personalizado",
+    "table_client": "Cliente",
+    "table_name": "Nombre",
+    "save_btn": "Guardar",
+    "client_add": "A\u00f1adir cliente",
+    "client_new": "Cliente nuevo",
+    "client_edit": "Editar cliente",
+    "client_identifier": "Identificador",
+    "ip_address": "Direcci\u00f3n IP",
+    "client_identifier_desc": "Los clientes pueden ser identificados por la direcci\u00f3n IP o MAC. Tenga en cuenta que el uso de MAC como identificador solo es posible si AdGuard Home tambi\u00e9n es un <0>servidor DHCP<\/0>.",
+    "form_enter_ip": "Ingresar IP",
+    "form_enter_mac": "Ingresar MAC",
+    "form_client_name": "Ingrese el nombre del cliente",
+    "client_global_settings": "Usar configuraci\u00f3n global",
+    "client_deleted": "Cliente \"{{key}}\" eliminado correctamente",
+    "client_added": "Cliente \"{{key}}\" a\u00f1adido correctamente",
+    "client_updated": "Cliente \"{{key}}\" actualizado correctamente",
+    "table_statistics": "N\u00famero de peticiones (\u00faltimas 24 horas)",
+    "clients_not_found": "No se han encontrado clientes",
+    "client_confirm_delete": "\u00bfEst\u00e1 seguro de que desea eliminar el cliente \"{{key}}\"?",
+    "filter_confirm_delete": "Are you sure you want to delete filter?",
+    "auto_clients_title": "Clientes (activos)",
+    "auto_clients_desc": "Datos de los clientes que utilizan AdGuard Home pero que no est\u00e1n almacenados en la configuraci\u00f3n",
+    "access_title": "Access settings",
+    "access_desc": "Here you can configure access rules for the AdGuard Home DNS server.",
+    "access_allowed_title": "Allowed clients",
+    "access_allowed_desc": "A list of CIDR or IP addresses. If configured, AdGuard Home will accept requests from these IP addresses only.",
+    "access_disallowed_title": "Disallowed clients",
+    "access_disallowed_desc": "A list of CIDR or IP addresses. If configured, AdGuard Home will drop requests from these IP addresses.",
+    "access_blocked_title": "Blocked domains",
+    "access_blocked_desc": "Don't confuse this with filters. AdGuard Home will drop DNS queries with these domains in query's question.",
+    "access_settings_saved": "Access settings successfully saved"
 }
--- a/client/src/__locales/pt-br.json
+++ b/client/src/__locales/pt-br.json
@@ -15,10 +15,12 @@
    "dhcp_not_found": "Nenhum servidor DHCP ativo foi encontrado na sua rede. \u00c9 seguro ativar o servidor DHCP integrado.",
    "dhcp_found": "Foram encontrados servidores DHCP ativos na rede. N\u00e3o \u00e9 seguro ativar o servidor DHCP integrado.",
    "dhcp_leases": "Concess\u00f5es DHCP",
+    "dhcp_static_leases": "DHCP static leases",
    "dhcp_leases_not_found": "Nenhuma concess\u00e3o DHCP encontrada",
    "dhcp_config_saved": "Salvar configura\u00e7\u00f5es do servidor DHCP",
    "form_error_required": "Campo obrigat\u00f3rio",
    "form_error_ip_format": "formato de endere\u00e7o IPv4 inv\u00e1lido",
+    "form_error_mac_format": "Invalid MAC format",
    "form_error_positive": "Deve ser maior que 0",
    "dhcp_form_gateway_input": "IP do gateway",
    "dhcp_form_subnet_input": "M\u00e1scara de sub-rede",
@@ -32,7 +34,18 @@
    "dhcp_ip_addresses": "Endere\u00e7o de IP",
    "dhcp_table_hostname": "Hostname",
    "dhcp_table_expires": "Expira",
-    "dhcp_warning": "Se voc\u00ea quiser ativar o servidor DHCP interno, certifique-se que n\u00e3o h\u00e1 outro servidor DHCP ativo. Caso contr\u00e1rio, isso pode impedir que outros dispositivos conectem \u00e1 internet!",
+    "dhcp_warning": "Se voc\u00ea quiser ativar o servidor DHCP, verifique se n\u00e3o h\u00e1 outro servidor DHCP ativo na sua rede. Caso contr\u00e1rio, a internet pode parar de funcionar para outros dispositivos conectados!",
+    "dhcp_error": "N\u00e3o foi poss\u00edvel determinar se existe outro servidor DHCP na rede.",
+    "dhcp_static_ip_error": "Para usar o servidor DHCP, voc\u00ea deve definir um endere\u00e7o IP est\u00e1tico. N\u00e3o conseguimos determinar se essa interface de rede est\u00e1 configurada usando o endere\u00e7o de IP est\u00e1tico. Por favor, defina um endere\u00e7o IP est\u00e1tico manualmente.",
+    "dhcp_dynamic_ip_found": "Seu sistema usa a configura\u00e7\u00e3o de endere\u00e7o IP din\u00e2mico para a interface <0>{{interfaceName}}<\/0>. Para usar o servidor DHCP, voc\u00ea deve definir um endere\u00e7o de IP est\u00e1tico. Seu endere\u00e7o IP atual \u00e9 <0> {{ipAddress}} <\/ 0>. Vamos definir automaticamente este endere\u00e7o IP como est\u00e1tico se voc\u00ea pressionar o bot\u00e3o Ativar DHCP.",
+    "dhcp_lease_added": "Static lease \"{{key}}\" successfully added",
+    "dhcp_lease_deleted": "Static lease \"{{key}}\" successfully deleted",
+    "dhcp_new_static_lease": "New static lease",
+    "dhcp_static_leases_not_found": "No DHCP static leases found",
+    "dhcp_add_static_lease": "Add static lease",
+    "delete_confirm": "Are you sure you want to delete \"{{key}}\"?",
+    "form_enter_hostname": "Enter hostname",
+    "error_details": "Detalhes do erro",
    "back": "Voltar",
    "dashboard": "Painel",
    "settings": "Configura\u00e7\u00f5es",
@@ -46,6 +59,7 @@
    "copyright": "Copyright",
    "homepage": "P\u00e1gina inicial",
    "report_an_issue": "Reportar um problema",
+    "privacy_policy": "Pol\u00edtica de privacidade",
    "enable_protection": "Ativar prote\u00e7\u00e3o",
    "enabled_protection": "Prote\u00e7\u00e3o ativada",
    "disable_protection": "Desativar prote\u00e7\u00e3o",
@@ -82,6 +96,10 @@
    "no_servers_specified": "Nenhum servidor especificado",
    "no_settings": "N\u00e3o configurado",
    "general_settings": "Configura\u00e7\u00f5es gerais",
+    "dns_settings": "DNS settings",
+    "encryption_settings": "Encryption settings",
+    "dhcp_settings": "DHCP settings",
+    "client_settings": "Client settings",
    "upstream_dns": "Servidores DNS upstream",
    "upstream_dns_hint": "Se voc\u00ea deixar este campo vazio, o AdGuard Home ir\u00e1 usar o<a href='https:\/\/1.1.1.1\/' target='_blank'>DNS da Cloudflare<\/a> como upstream.",
    "test_upstream_btn": "Testar upstreams",
@@ -100,6 +118,7 @@
    "rules_count_table_header": "Quantidade de regras",
    "last_time_updated_table_header": "\u00daltima atualiza\u00e7\u00e3o",
    "actions_table_header": "A\u00e7\u00f5es",
+    "edit_table_action": "Edit",
    "delete_table_action": "Excluir",
    "filters_and_hosts": "Filtros e listas de bloqueio de hosts",
    "filters_and_hosts_hint": "O AdGuard Home entende regras b\u00e1sicas de bloqueio de an\u00fancios e a sintaxe de arquivos de hosts.",
@@ -252,5 +271,46 @@
    "reset_settings": "Redefinir configura\u00e7\u00f5es",
    "update_announcement": "AdGuard Home {{version}} est\u00e1 dispon\u00edvel!<0>Clique aqui<\/0> para mais informa\u00e7\u00f5es.",
    "setup_guide": "Guia de configura\u00e7\u00e3o",
-    "dns_addresses": "Endere\u00e7os DNS"
+    "dns_addresses": "Endere\u00e7os DNS",
+    "down": "Caiu",
+    "fix": "Corrigido",
+    "dns_providers": "Aqui est\u00e1 uma <0>lista de provedores de DNS conhecidos<\/0> para escolher.",
+    "update_now": "Update now",
+    "update_failed": "Auto-update failed. Please <a href='https:\/\/github.com\/AdguardTeam\/AdGuardHome\/wiki\/Getting-Started#update'>follow the steps<\/a> to update manually.",
+    "processing_update": "Please wait, AdGuard Home is being updated",
+    "clients_title": "Clients",
+    "clients_desc": "Configure devices connected to AdGuard Home",
+    "settings_global": "Global",
+    "settings_custom": "Custom",
+    "table_client": "Client",
+    "table_name": "Name",
+    "save_btn": "Save",
+    "client_add": "Add Client",
+    "client_new": "New Client",
+    "client_edit": "Edit Client",
+    "client_identifier": "Identifier",
+    "ip_address": "IP address",
+    "client_identifier_desc": "Clients can be identified by the IP address or MAC address. Please note, that using MAC as identifier is possible only if AdGuard Home is also a <0>DHCP server<\/0>",
+    "form_enter_ip": "Enter IP",
+    "form_enter_mac": "Enter MAC",
+    "form_client_name": "Enter client name",
+    "client_global_settings": "Use global settings",
+    "client_deleted": "Client \"{{key}}\" successfully deleted",
+    "client_added": "Client \"{{key}}\" successfully added",
+    "client_updated": "Client \"{{key}}\" successfully updated",
+    "table_statistics": "Requests count (last 24 hours)",
+    "clients_not_found": "No clients found",
+    "client_confirm_delete": "Are you sure you want to delete client \"{{key}}\"?",
+    "filter_confirm_delete": "Are you sure you want to delete filter?",
+    "auto_clients_title": "Clients (runtime)",
+    "auto_clients_desc": "Data on the clients that use AdGuard Home, but not stored in the configuration",
+    "access_title": "Access settings",
+    "access_desc": "Here you can configure access rules for the AdGuard Home DNS server.",
+    "access_allowed_title": "Allowed clients",
+    "access_allowed_desc": "A list of CIDR or IP addresses. If configured, AdGuard Home will accept requests from these IP addresses only.",
+    "access_disallowed_title": "Disallowed clients",
+    "access_disallowed_desc": "A list of CIDR or IP addresses. If configured, AdGuard Home will drop requests from these IP addresses.",
+    "access_blocked_title": "Blocked domains",
+    "access_blocked_desc": "Don't confuse this with filters. AdGuard Home will drop DNS queries with these domains in query's question.",
+    "access_settings_saved": "Access settings successfully saved"
 }
--- a/client/src/__locales/zh-tw.json
+++ b/client/src/__locales/zh-tw.json
@@ -1,25 +1,27 @@
 {
-    "example_upstream_reserved": "\u60a8\u53ef\u660e\u78ba\u6307\u5b9a<0>\u7528\u65bc\u7279\u5b9a\u7684\u7db2\u57df<\/0>\u4e4bDNS\u4e0a\u6e38",
+    "example_upstream_reserved": "\u60a8\u53ef\u660e\u78ba\u6307\u5b9a<0>\u7528\u65bc\u7279\u5b9a\u7684\u7db2\u57df<\/0>\u4e4b DNS \u4e0a\u6e38",
    "upstream_parallel": "\u900f\u904e\u540c\u6642\u5730\u67e5\u8a62\u6240\u6709\u4e0a\u6e38\u7684\u4f3a\u670d\u5668\uff0c\u4f7f\u7528\u4e26\u884c\u7684\u67e5\u8a62\u4ee5\u52a0\u901f\u89e3\u6790",
    "bootstrap_dns": "\u81ea\u6211\u555f\u52d5\uff08Bootstrap\uff09DNS \u4f3a\u670d\u5668",
-    "bootstrap_dns_desc": "\u81ea\u6211\u555f\u52d5\uff08Bootstrap\uff09DNS\u4f3a\u670d\u5668\u88ab\u7528\u65bc\u89e3\u6790\u60a8\u660e\u78ba\u6307\u5b9a\u4f5c\u70ba\u4e0a\u6e38\u7684DoH\/DoT\u89e3\u6790\u5668\u4e4bIP\u4f4d\u5740\u3002",
+    "bootstrap_dns_desc": "\u81ea\u6211\u555f\u52d5\uff08Bootstrap\uff09DNS \u4f3a\u670d\u5668\u88ab\u7528\u65bc\u89e3\u6790\u60a8\u660e\u78ba\u6307\u5b9a\u4f5c\u70ba\u4e0a\u6e38\u7684 DoH\/DoT \u89e3\u6790\u5668\u4e4b IP \u4f4d\u5740\u3002",
    "url_added_successfully": "\u7db2\u5740\u88ab\u6210\u529f\u5730\u52a0\u5165",
    "check_dhcp_servers": "\u6aa2\u67e5\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668",
    "save_config": "\u5132\u5b58\u914d\u7f6e",
    "enabled_dhcp": "\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668\u88ab\u555f\u7528",
    "disabled_dhcp": "\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668\u88ab\u7981\u7528",
    "dhcp_title": "\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668\uff08\u5be6\u9a57\u6027\u7684\uff01\uff09",
-    "dhcp_description": "\u5982\u679c\u60a8\u7684\u8def\u7531\u5668\u672a\u63d0\u4f9b\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u8a2d\u5b9a\uff0c\u60a8\u53ef\u4f7f\u7528AdGuard\u81ea\u8eab\u5167\u5efa\u7684DHCP\u4f3a\u670d\u5668\u3002",
+    "dhcp_description": "\u5982\u679c\u60a8\u7684\u8def\u7531\u5668\u672a\u63d0\u4f9b\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u8a2d\u5b9a\uff0c\u60a8\u53ef\u4f7f\u7528 AdGuard \u81ea\u8eab\u5167\u5efa\u7684 DHCP \u4f3a\u670d\u5668\u3002",
    "dhcp_enable": "\u555f\u7528\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668",
    "dhcp_disable": "\u7981\u7528\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668",
-    "dhcp_not_found": "\u65bc\u8a72\u7db2\u8def\u4e0a\u7121\u73fe\u884c\u7684\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668\u88ab\u767c\u73fe\u3002\u555f\u7528\u5167\u5efa\u7684DHCP\u4f3a\u670d\u5668\u70ba\u5b89\u5168\u7684\u3002",
-    "dhcp_found": "\u65bc\u8a72\u7db2\u8def\u4e0a\u67d0\u4e9b\u73fe\u884c\u7684\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668\u88ab\u767c\u73fe\u3002\u555f\u7528\u5167\u5efa\u7684DHCP\u4f3a\u670d\u5668\u70ba\u4e0d\u5b89\u5168\u7684\u3002",
+    "dhcp_not_found": "\u555f\u7528\u5167\u5efa\u7684\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668\u70ba\u5b89\u5168\u7684 - \u65bc\u8a72\u7db2\u8def\u4e0a\uff0c\u6211\u5011\u672a\u767c\u73fe\u4efb\u4f55\u73fe\u884c\u7684 DHCP \u4f3a\u670d\u5668\u3002\u7136\u800c\uff0c\u6211\u5011\u9f13\u52f5\u60a8\u624b\u52d5\u5730\u91cd\u65b0\u6aa2\u67e5\u5b83\uff0c\u56e0\u70ba\u6211\u5011\u7684\u81ea\u52d5\u4e4b\u6e2c\u8a66\u76ee\u524d\u4e0d\u4e88 100\uff05 \u4fdd\u8b49\u3002",
+    "dhcp_found": "\u65bc\u8a72\u7db2\u8def\u4e0a\uff0c\u4e00\u500b\u73fe\u884c\u7684\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668\u88ab\u767c\u73fe\u3002\u555f\u7528\u5167\u5efa\u7684 DHCP \u4f3a\u670d\u5668\u70ba\u4e0d\u5b89\u5168\u7684\u3002",
    "dhcp_leases": "\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u79df\u8cc3",
+    "dhcp_static_leases": "DHCP static leases",
    "dhcp_leases_not_found": "\u7121\u5df2\u767c\u73fe\u4e4b\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u79df\u8cc3",
    "dhcp_config_saved": "\u5df2\u5132\u5b58\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668\u914d\u7f6e",
    "form_error_required": "\u5fc5\u586b\u7684\u6b04\u4f4d",
-    "form_error_ip_format": "\u7121\u6548\u7684IPv4\u683c\u5f0f",
-    "form_error_positive": "\u5fc5\u9808\u5927\u65bc0",
+    "form_error_ip_format": "\u7121\u6548\u7684 IPv4 \u683c\u5f0f",
+    "form_error_mac_format": "\u7121\u6548\u7684\u5a92\u9ad4\u5b58\u53d6\u63a7\u5236\uff08MAC\uff09\u683c\u5f0f",
+    "form_error_positive": "\u5fc5\u9808\u5927\u65bc 0",
    "dhcp_form_gateway_input": "\u9598\u9053 IP",
    "dhcp_form_subnet_input": "\u5b50\u7db2\u8def\u906e\u7f69",
    "dhcp_form_range_title": "IP \u4f4d\u5740\u7bc4\u570d",
@@ -32,7 +34,18 @@
    "dhcp_ip_addresses": "IP \u4f4d\u5740",
    "dhcp_table_hostname": "\u4e3b\u6a5f\u540d\u7a31",
    "dhcp_table_expires": "\u5230\u671f",
-    "dhcp_warning": "\u5982\u679c\u60a8\u60f3\u8981\u555f\u7528\u5167\u5efa\u7684\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668\uff0c\u78ba\u4fdd\u7121\u5176\u5b83\u73fe\u884c\u7684DHCP\u4f3a\u670d\u5668\u3002\u5426\u5247\uff0c\u5b83\u53ef\u80fd\u6703\u7834\u58de\u4f9b\u5df2\u9023\u7dda\u7684\u88dd\u7f6e\u4e4b\u7db2\u969b\u7db2\u8def\uff01",
+    "dhcp_warning": "\u5982\u679c\u60a8\u7121\u8ad6\u5982\u4f55\u60f3\u8981\u555f\u7528\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668\uff0c\u78ba\u4fdd\u5728\u60a8\u7684\u7db2\u8def\u7121\u5176\u5b83\u73fe\u884c\u7684 DHCP \u4f3a\u670d\u5668\u3002\u5426\u5247\uff0c\u5b83\u53ef\u80fd\u6703\u7834\u58de\u4f9b\u5df2\u9023\u7dda\u7684\u88dd\u7f6e\u4e4b\u7db2\u969b\u7db2\u8def\uff01",
+    "dhcp_error": "\u6211\u5011\u7121\u6cd5\u78ba\u5b9a\u5728\u8a72\u7db2\u8def\u662f\u5426\u6709\u53e6\u5916\u7684\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668\u3002",
+    "dhcp_static_ip_error": "\u70ba\u4e86\u4f7f\u7528\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668\uff0c\u975c\u614b IP \u4f4d\u5740\u5fc5\u9808\u88ab\u8a2d\u5b9a\u3002\u6211\u5011\u672a\u80fd\u78ba\u5b9a\u8a72\u7db2\u8def\u4ecb\u9762\u662f\u5426\u88ab\u914d\u7f6e\u4f7f\u7528\u975c\u614b IP \u4f4d\u5740\u3002\u8acb\u624b\u52d5\u5730\u8a2d\u5b9a\u975c\u614b IP \u4f4d\u5740\u3002",
+    "dhcp_dynamic_ip_found": "\u60a8\u7684\u7cfb\u7d71\u4f7f\u7528\u52d5\u614b IP \u4f4d\u5740\u914d\u7f6e\u4f9b\u4ecb\u9762 <0>{{interfaceName}}<\/0>\u3002\u70ba\u4e86\u4f7f\u7528\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668\uff0c\u975c\u614bIP\u4f4d\u5740\u5fc5\u9808\u88ab\u8a2d\u5b9a\u3002\u60a8\u73fe\u884c\u7684 IP \u4f4d\u5740\u70ba <0>{{ipAddress}}<\/0>\u3002\u5982\u679c\u60a8\u6309\u555f\u7528 DHCP \u6309\u9215\uff0c\u6211\u5011\u5c07\u81ea\u52d5\u5730\u8a2d\u5b9a\u6b64 IP \u4f4d\u5740\u4f5c\u70ba\u975c\u614b\u3002",
+    "dhcp_lease_added": "Static lease \"{{key}}\" successfully added",
+    "dhcp_lease_deleted": "Static lease \"{{key}}\" successfully deleted",
+    "dhcp_new_static_lease": "New static lease",
+    "dhcp_static_leases_not_found": "No DHCP static leases found",
+    "dhcp_add_static_lease": "Add static lease",
+    "delete_confirm": "Are you sure you want to delete \"{{key}}\"?",
+    "form_enter_hostname": "Enter hostname",
+    "error_details": "\u932f\u8aa4\u7d30\u7bc0",
    "back": "\u8fd4\u56de",
    "dashboard": "\u5100\u8868\u677f",
    "settings": "\u8a2d\u5b9a",
@@ -46,6 +59,7 @@
    "copyright": "\u7248\u6b0a",
    "homepage": "\u9996\u9801",
    "report_an_issue": "\u5831\u544a\u554f\u984c",
+    "privacy_policy": "\u96b1\u79c1\u653f\u7b56",
    "enable_protection": "\u555f\u7528\u9632\u8b77",
    "enabled_protection": "\u5df2\u555f\u7528\u9632\u8b77",
    "disable_protection": "\u7981\u7528\u9632\u8b77",
@@ -56,34 +70,38 @@
    "stats_malware_phishing": "\u5df2\u5c01\u9396\u7684\u60e1\u610f\u8edf\u9ad4\/\u7db2\u8def\u91e3\u9b5a",
    "stats_adult": "\u5df2\u5c01\u9396\u7684\u6210\u4eba\u7db2\u7ad9",
    "stats_query_domain": "\u71b1\u9580\u5df2\u67e5\u8a62\u7684\u7db2\u57df",
-    "for_last_24_hours": "\u5728\u6700\u8fd1\u768424\u5c0f\u6642\u5167",
+    "for_last_24_hours": "\u5728\u6700\u8fd1\u7684 24 \u5c0f\u6642\u5167",
    "no_domains_found": "\u7121\u5df2\u767c\u73fe\u4e4b\u7db2\u57df",
    "requests_count": "\u8acb\u6c42\u7e3d\u6578",
    "top_blocked_domains": "\u71b1\u9580\u5df2\u5c01\u9396\u7684\u7db2\u57df",
    "top_clients": "\u71b1\u9580\u7528\u6236\u7aef",
    "no_clients_found": "\u7121\u5df2\u767c\u73fe\u4e4b\u7528\u6236\u7aef",
    "general_statistics": "\u4e00\u822c\u7684\u7d71\u8a08\u8cc7\u6599",
-    "number_of_dns_query_24_hours": "\u5728\u6700\u8fd1\u768424\u5c0f\u6642\u5167\u5df2\u8655\u7406\u7684DNS\u67e5\u8a62\u4e4b\u6578\u91cf",
-    "number_of_dns_query_blocked_24_hours": "\u5df2\u88ab\u5ee3\u544a\u5c01\u9396\u904e\u6ffe\u5668\u548c\u4e3b\u6a5f\u5c01\u9396\u6e05\u55ae\u5c01\u9396\u7684DNS\u8acb\u6c42\u4e4b\u6578\u91cf",
-    "number_of_dns_query_blocked_24_hours_by_sec": "\u5df2\u88abAdGuard\u700f\u89bd\u5b89\u5168\u6a21\u7d44\u5c01\u9396\u7684DNS\u8acb\u6c42\u4e4b\u6578\u91cf",
+    "number_of_dns_query_24_hours": "\u5728\u6700\u8fd1\u7684 24 \u5c0f\u6642\u5167\u5df2\u8655\u7406\u7684 DNS \u67e5\u8a62\u4e4b\u6578\u91cf",
+    "number_of_dns_query_blocked_24_hours": "\u5df2\u88ab\u5ee3\u544a\u5c01\u9396\u904e\u6ffe\u5668\u548c\u4e3b\u6a5f\u5c01\u9396\u6e05\u55ae\u5c01\u9396\u7684 DNS \u8acb\u6c42\u4e4b\u6578\u91cf",
+    "number_of_dns_query_blocked_24_hours_by_sec": "\u5df2\u88ab AdGuard \u700f\u89bd\u5b89\u5168\u6a21\u7d44\u5c01\u9396\u7684 DNS \u8acb\u6c42\u4e4b\u6578\u91cf",
    "number_of_dns_query_blocked_24_hours_adult": "\u5df2\u5c01\u9396\u7684\u6210\u4eba\u7db2\u7ad9\u4e4b\u6578\u91cf",
    "enforced_save_search": "\u5df2\u5f37\u5236\u57f7\u884c\u7684\u5b89\u5168\u641c\u5c0b",
-    "number_of_dns_query_to_safe_search": "\u5c0d\u65bc\u90a3\u4e9b\u5b89\u5168\u641c\u5c0b\u5df2\u88ab\u5f37\u5236\u57f7\u884c\u4e4b\u5c6c\u65bc\u641c\u5c0b\u5f15\u64ce\u7684DNS\u8acb\u6c42\u4e4b\u6578\u91cf",
+    "number_of_dns_query_to_safe_search": "\u5c0d\u65bc\u90a3\u4e9b\u5b89\u5168\u641c\u5c0b\u5df2\u88ab\u5f37\u5236\u57f7\u884c\u4e4b\u5c6c\u65bc\u641c\u5c0b\u5f15\u64ce\u7684 DNS \u8acb\u6c42\u4e4b\u6578\u91cf",
    "average_processing_time": "\u5e73\u5747\u7684\u8655\u7406\u6642\u9593",
-    "average_processing_time_hint": "\u65bc\u8655\u7406\u4e00\u9805DNS\u8acb\u6c42\u4e0a\u4ee5\u6beb\u79d2\uff08ms\uff09\u8a08\u4e4b\u5e73\u5747\u7684\u6642\u9593",
+    "average_processing_time_hint": "\u65bc\u8655\u7406\u4e00\u9805 DNS \u8acb\u6c42\u4e0a\u4ee5\u6beb\u79d2\uff08ms\uff09\u8a08\u4e4b\u5e73\u5747\u7684\u6642\u9593",
    "block_domain_use_filters_and_hosts": "\u900f\u904e\u904e\u6ffe\u5668\u548c\u4e3b\u6a5f\u6a94\u6848\u5c01\u9396\u7db2\u57df",
    "filters_block_toggle_hint": "\u60a8\u53ef\u5728<a href='#filters'>\u904e\u6ffe\u5668<\/a>\u8a2d\u5b9a\u4e2d\u8a2d\u7f6e\u5c01\u9396\u898f\u5247\u3002",
-    "use_adguard_browsing_sec": "\u4f7f\u7528AdGuard\u700f\u89bd\u5b89\u5168\u7db2\u8def\u670d\u52d9",
-    "use_adguard_browsing_sec_hint": "AdGuard Home\u5c07\u6aa2\u67e5\u7db2\u57df\u662f\u5426\u88ab\u700f\u89bd\u5b89\u5168\u7db2\u8def\u670d\u52d9\u5217\u5165\u9ed1\u540d\u55ae\u3002\u5b83\u5c07\u4f7f\u7528\u53cb\u597d\u7684\u96b1\u79c1\u67e5\u627e\u61c9\u7528\u7a0b\u5f0f\u4ecb\u9762\uff08API\uff09\u4ee5\u57f7\u884c\u6aa2\u67e5\uff1a\u50c5\u57df\u540dSHA256\u96dc\u6e4a\u7684\u77ed\u524d\u7db4\u88ab\u50b3\u9001\u5230\u4f3a\u670d\u5668\u3002",
-    "use_adguard_parental": "\u4f7f\u7528AdGuard\u5bb6\u9577\u76e3\u63a7\u4e4b\u7db2\u8def\u670d\u52d9",
-    "use_adguard_parental_hint": "AdGuard Home\u5c07\u6aa2\u67e5\u7db2\u57df\u662f\u5426\u5305\u542b\u6210\u4eba\u8cc7\u6599\u3002\u5b83\u4f7f\u7528\u5982\u540c\u700f\u89bd\u5b89\u5168\u7db2\u8def\u670d\u52d9\u4e00\u6a23\u4e4b\u53cb\u597d\u7684\u96b1\u79c1\u61c9\u7528\u7a0b\u5f0f\u4ecb\u9762\uff08API\uff09\u3002",
+    "use_adguard_browsing_sec": "\u4f7f\u7528 AdGuard \u700f\u89bd\u5b89\u5168\u7db2\u8def\u670d\u52d9",
+    "use_adguard_browsing_sec_hint": "AdGuard Home \u5c07\u6aa2\u67e5\u7db2\u57df\u662f\u5426\u88ab\u700f\u89bd\u5b89\u5168\u7db2\u8def\u670d\u52d9\u5217\u5165\u9ed1\u540d\u55ae\u3002\u5b83\u5c07\u4f7f\u7528\u53cb\u597d\u7684\u96b1\u79c1\u67e5\u627e\u61c9\u7528\u7a0b\u5f0f\u4ecb\u9762\uff08API\uff09\u4ee5\u57f7\u884c\u6aa2\u67e5\uff1a\u50c5\u57df\u540d SHA256 \u96dc\u6e4a\u7684\u77ed\u524d\u7db4\u88ab\u50b3\u9001\u5230\u4f3a\u670d\u5668\u3002",
+    "use_adguard_parental": "\u4f7f\u7528 AdGuard \u5bb6\u9577\u76e3\u63a7\u4e4b\u7db2\u8def\u670d\u52d9",
+    "use_adguard_parental_hint": "AdGuard Home \u5c07\u6aa2\u67e5\u7db2\u57df\u662f\u5426\u5305\u542b\u6210\u4eba\u8cc7\u6599\u3002\u5b83\u4f7f\u7528\u5982\u540c\u700f\u89bd\u5b89\u5168\u7db2\u8def\u670d\u52d9\u4e00\u6a23\u4e4b\u53cb\u597d\u7684\u96b1\u79c1\u61c9\u7528\u7a0b\u5f0f\u4ecb\u9762\uff08API\uff09\u3002",
    "enforce_safe_search": "\u5f37\u5236\u57f7\u884c\u5b89\u5168\u641c\u5c0b",
-    "enforce_save_search_hint": "AdGuard Home\u53ef\u5728\u4e0b\u5217\u7684\u641c\u5c0b\u5f15\u64ce\uff1aGoogle\u3001YouTube\u3001Bing\u548cYandex\u4e2d\u5f37\u5236\u57f7\u884c\u5b89\u5168\u641c\u5c0b\u3002",
+    "enforce_save_search_hint": "AdGuard Home \u53ef\u5728\u4e0b\u5217\u7684\u641c\u5c0b\u5f15\u64ce\uff1aGoogle\u3001YouTube\u3001Bing\u3001DuckDuckGo \u548c Yandex \u4e2d\u5f37\u5236\u57f7\u884c\u5b89\u5168\u641c\u5c0b\u3002",
    "no_servers_specified": "\u7121\u5df2\u660e\u78ba\u6307\u5b9a\u7684\u4f3a\u670d\u5668",
    "no_settings": "\u7121\u8a2d\u5b9a",
    "general_settings": "\u4e00\u822c\u7684\u8a2d\u5b9a",
-    "upstream_dns": "\u4e0a\u6e38\u7684DNS\u4f3a\u670d\u5668",
-    "upstream_dns_hint": "\u5982\u679c\u60a8\u5c07\u8a72\u6b04\u4f4d\u7559\u7a7a\uff0cAdGuard Home\u5c07\u4f7f\u7528<a href='https:\/\/1.1.1.1\/' target='_blank'>Cloudflare DNS<\/a>\u4f5c\u70ba\u4e0a\u6e38\u3002",
+    "dns_settings": "DNS settings",
+    "encryption_settings": "Encryption settings",
+    "dhcp_settings": "DHCP settings",
+    "client_settings": "Clients settings",
+    "upstream_dns": "\u4e0a\u6e38\u7684 DNS \u4f3a\u670d\u5668",
+    "upstream_dns_hint": "\u5982\u679c\u60a8\u5c07\u8a72\u6b04\u4f4d\u7559\u7a7a\uff0cAdGuard Home \u5c07\u4f7f\u7528 <a href='https:\/\/1.1.1.1\/' target='_blank'>Cloudflare DNS<\/a> \u4f5c\u70ba\u4e0a\u6e38\u3002",
    "test_upstream_btn": "\u6e2c\u8a66\u4e0a\u884c\u8cc7\u6599\u6d41",
    "apply_btn": "\u5957\u7528",
    "disabled_filtering_toast": "\u5df2\u7981\u7528\u904e\u6ffe",
@@ -100,9 +118,10 @@
    "rules_count_table_header": "\u898f\u5247\u7e3d\u6578",
    "last_time_updated_table_header": "\u6700\u8fd1\u7684\u66f4\u65b0\u6642\u9593",
    "actions_table_header": "\u884c\u52d5",
+    "edit_table_action": "\u7de8\u8f2f",
    "delete_table_action": "\u522a\u9664",
    "filters_and_hosts": "\u904e\u6ffe\u5668\u548c\u4e3b\u6a5f\u5c01\u9396\u6e05\u55ae",
-    "filters_and_hosts_hint": "AdGuard Home\u61c2\u5f97\u57fa\u672c\u7684\u5ee3\u544a\u5c01\u9396\u898f\u5247\u548c\u4e3b\u6a5f\u6a94\u6848\u8a9e\u6cd5\u3002",
+    "filters_and_hosts_hint": "AdGuard Home \u61c2\u5f97\u57fa\u672c\u7684\u5ee3\u544a\u5c01\u9396\u898f\u5247\u548c\u4e3b\u6a5f\u6a94\u6848\u8a9e\u6cd5\u3002",
    "no_filters_added": "\u7121\u5df2\u52a0\u5165\u7684\u904e\u6ffe\u5668",
    "add_filter_btn": "\u589e\u52a0\u904e\u6ffe\u5668",
    "cancel_btn": "\u53d6\u6d88",
@@ -114,21 +133,21 @@
    "custom_filter_rules": "\u81ea\u8a02\u7684\u904e\u6ffe\u898f\u5247",
    "custom_filter_rules_hint": "\u65bc\u4e00\u884c\u4e0a\u8f38\u5165\u4e00\u500b\u898f\u5247\u3002\u60a8\u53ef\u4f7f\u7528\u5ee3\u544a\u5c01\u9396\u898f\u5247\u6216\u4e3b\u6a5f\u6a94\u6848\u8a9e\u6cd5\u3002",
    "examples_title": "\u7bc4\u4f8b",
-    "example_meaning_filter_block": "\u5c01\u9396\u81f3example.org\u7db2\u57df\u53ca\u5176\u6240\u6709\u7684\u5b50\u7db2\u57df\u4e4b\u5b58\u53d6",
-    "example_meaning_filter_whitelist": "\u89e3\u9664\u5c01\u9396\u81f3example.org\u7db2\u57df\u53ca\u5176\u6240\u6709\u7684\u5b50\u7db2\u57df\u4e4b\u5b58\u53d6",
-    "example_meaning_host_block": "AdGuard Home\u73fe\u5728\u5c07\u5c0dexample.org\u7db2\u57df\u8fd4\u56de127.0.0.1\u4f4d\u5740\uff08\u4f46\u975e\u5176\u5b50\u7db2\u57df\uff09\u3002",
+    "example_meaning_filter_block": "\u5c01\u9396\u81f3 example.org \u7db2\u57df\u53ca\u5176\u6240\u6709\u7684\u5b50\u7db2\u57df\u4e4b\u5b58\u53d6",
+    "example_meaning_filter_whitelist": "\u89e3\u9664\u5c01\u9396\u81f3 example.org \u7db2\u57df\u53ca\u5176\u6240\u6709\u7684\u5b50\u7db2\u57df\u4e4b\u5b58\u53d6",
+    "example_meaning_host_block": "AdGuard Home \u73fe\u5728\u5c07\u5c0d example.org \u7db2\u57df\u8fd4\u56de 127.0.0.1 \u4f4d\u5740\uff08\u4f46\u975e\u5176\u5b50\u7db2\u57df\uff09\u3002",
    "example_comment": "! \u770b\uff0c\u4e00\u500b\u8a3b\u89e3",
    "example_comment_meaning": "\u53ea\u662f\u4e00\u500b\u8a3b\u89e3",
    "example_comment_hash": "# \u4e5f\u662f\u4e00\u500b\u8a3b\u89e3",
    "example_regex_meaning": "\u5c01\u9396\u81f3\u8207\u5df2\u660e\u78ba\u6307\u5b9a\u7684\u898f\u5247\u904b\u7b97\u5f0f\uff08Regular Expression\uff09\u76f8\u7b26\u7684\u7db2\u57df\u4e4b\u5b58\u53d6",
-    "example_upstream_regular": "\u4e00\u822c\u7684 DNS\uff08\u900f\u904eUDP\uff09",
+    "example_upstream_regular": "\u4e00\u822c\u7684 DNS\uff08\u900f\u904e UDP\uff09",
    "example_upstream_dot": "\u52a0\u5bc6\u7684 <0>DNS-over-TLS<\/0>",
    "example_upstream_doh": "\u52a0\u5bc6\u7684 <0>DNS-over-HTTPS<\/0>",
    "example_upstream_sdns": "\u60a8\u53ef\u4f7f\u7528\u95dc\u65bc <1>DNSCrypt<\/1> \u6216 <2>DNS-over-HTTPS<\/2> \u89e3\u6790\u5668\u4e4b <0>DNS \u6233\u8a18<\/0>",
-    "example_upstream_tcp": "\u4e00\u822c\u7684 DNS\uff08\u900f\u904eTCP\uff09",
+    "example_upstream_tcp": "\u4e00\u822c\u7684 DNS\uff08\u900f\u904e TCP\uff09",
    "all_filters_up_to_date_toast": "\u6240\u6709\u7684\u904e\u6ffe\u5668\u5df2\u662f\u6700\u65b0\u7684",
-    "updated_upstream_dns_toast": "\u5df2\u66f4\u65b0\u4e0a\u6e38\u7684DNS\u4f3a\u670d\u5668",
-    "dns_test_ok_toast": "\u5df2\u660e\u78ba\u6307\u5b9a\u7684DNS\u4f3a\u670d\u5668\u6b63\u5728\u6b63\u78ba\u5730\u904b\u4f5c",
+    "updated_upstream_dns_toast": "\u5df2\u66f4\u65b0\u4e0a\u6e38\u7684 DNS \u4f3a\u670d\u5668",
+    "dns_test_ok_toast": "\u5df2\u660e\u78ba\u6307\u5b9a\u7684 DNS \u4f3a\u670d\u5668\u6b63\u5728\u6b63\u78ba\u5730\u904b\u4f5c",
    "dns_test_not_ok_toast": "\u4f3a\u670d\u5668 \"{{key}}\"\uff1a\u7121\u6cd5\u88ab\u4f7f\u7528\uff0c\u8acb\u6aa2\u67e5\u60a8\u5df2\u6b63\u78ba\u5730\u586b\u5beb\u5b83",
    "unblock_btn": "\u89e3\u9664\u5c01\u9396",
    "block_btn": "\u5c01\u9396",
@@ -145,7 +164,7 @@
    "download_log_file_btn": "\u4e0b\u8f09\u8a18\u9304\u6a94\u6848",
    "refresh_btn": "\u91cd\u65b0\u6574\u7406",
    "enabled_log_btn": "\u555f\u7528\u8a18\u9304",
-    "last_dns_queries": "\u6700\u8fd1\u76845000\u7b46DNS\u67e5\u8a62",
+    "last_dns_queries": "\u6700\u8fd1\u7684 5000 \u7b46 DNS \u67e5\u8a62",
    "previous_btn": "\u4e0a\u4e00\u9801",
    "next_btn": "\u4e0b\u4e00\u9801",
    "loading_table_status": "\u6b63\u5728\u8f09\u5165...",
@@ -163,18 +182,18 @@
    "rule_label": "\u898f\u5247",
    "filter_label": "\u904e\u6ffe\u5668",
    "unknown_filter": "\u672a\u77e5\u7684\u904e\u6ffe\u5668 {{filterId}}",
-    "install_welcome_title": "\u6b61\u8fce\u81f3AdGuard Home\uff01",
-    "install_welcome_desc": "AdGuard Home\u662f\u5168\u7db2\u8def\u7bc4\u570d\u5ee3\u544a\u548c\u8ffd\u8e64\u5668\u5c01\u9396\u7684DNS\u4f3a\u670d\u5668\u3002\u5b83\u7684\u76ee\u7684\u70ba\u8b93\u60a8\u63a7\u5236\u60a8\u6574\u500b\u7684\u7db2\u8def\u548c\u6240\u6709\u60a8\u7684\u88dd\u7f6e\uff0c\u4e14\u4e0d\u9700\u8981\u4f7f\u7528\u7528\u6236\u7aef\u7a0b\u5f0f\u3002",
+    "install_welcome_title": "\u6b61\u8fce\u81f3 AdGuard Home\uff01",
+    "install_welcome_desc": "AdGuard Home \u662f\u5168\u7db2\u8def\u7bc4\u570d\u5ee3\u544a\u548c\u8ffd\u8e64\u5668\u5c01\u9396\u7684 DNS \u4f3a\u670d\u5668\u3002\u5b83\u7684\u76ee\u7684\u70ba\u8b93\u60a8\u63a7\u5236\u60a8\u6574\u500b\u7684\u7db2\u8def\u548c\u6240\u6709\u60a8\u7684\u88dd\u7f6e\uff0c\u4e14\u4e0d\u9700\u8981\u4f7f\u7528\u7528\u6236\u7aef\u7a0b\u5f0f\u3002",
    "install_settings_title": "\u7ba1\u7406\u54e1\u7db2\u9801\u4ecb\u9762",
    "install_settings_listen": "\u76e3\u807d\u4ecb\u9762",
    "install_settings_port": "\u9023\u63a5\u57e0",
-    "install_settings_interface_link": "\u60a8\u7684AdGuard Home\u7ba1\u7406\u54e1\u7db2\u9801\u4ecb\u9762\u5c07\u65bc\u4e0b\u5217\u7684\u4f4d\u5740\u4e0a\u70ba\u53ef\u7528\u7684\uff1a",
+    "install_settings_interface_link": "\u60a8\u7684 AdGuard Home \u7ba1\u7406\u54e1\u7db2\u9801\u4ecb\u9762\u5c07\u65bc\u4e0b\u5217\u7684\u4f4d\u5740\u4e0a\u70ba\u53ef\u7528\u7684\uff1a",
    "form_error_port": "\u8f38\u5165\u6709\u6548\u7684\u9023\u63a5\u57e0\u503c",
    "install_settings_dns": "DNS \u4f3a\u670d\u5668",
-    "install_settings_dns_desc": "\u60a8\u5c07\u9700\u8981\u914d\u7f6e\u60a8\u7684\u88dd\u7f6e\u6216\u8def\u7531\u5668\u4ee5\u4f7f\u7528\u65bc\u4e0b\u5217\u7684\u4f4d\u5740\u4e0a\u4e4bDNS\u4f3a\u670d\u5668\uff1a",
+    "install_settings_dns_desc": "\u60a8\u5c07\u9700\u8981\u914d\u7f6e\u60a8\u7684\u88dd\u7f6e\u6216\u8def\u7531\u5668\u4ee5\u4f7f\u7528\u65bc\u4e0b\u5217\u7684\u4f4d\u5740\u4e0a\u4e4b DNS \u4f3a\u670d\u5668\uff1a",
    "install_settings_all_interfaces": "\u6240\u6709\u7684\u4ecb\u9762",
    "install_auth_title": "\u9a57\u8b49",
-    "install_auth_desc": "\u88ab\u975e\u5e38\u5efa\u8b70\u914d\u7f6e\u5c6c\u65bc\u60a8\u7684AdGuard Home\u7ba1\u7406\u54e1\u7db2\u9801\u4ecb\u9762\u4e4b\u5bc6\u78bc\u9a57\u8b49\u3002\u5373\u4f7f\u5b83\u50c5\u5728\u60a8\u7684\u5340\u57df\u7db2\u8def\u4e2d\u70ba\u53ef\u5b58\u53d6\u7684\uff0c\u8b93\u5b83\u53d7\u4fdd\u8b77\u514d\u65bc\u4e0d\u53d7\u9650\u5236\u7684\u5b58\u53d6\u70ba\u4ecd\u7136\u91cd\u8981\u7684\u3002",
+    "install_auth_desc": "\u88ab\u975e\u5e38\u5efa\u8b70\u914d\u7f6e\u5c6c\u65bc\u60a8\u7684 AdGuard Home \u7ba1\u7406\u54e1\u7db2\u9801\u4ecb\u9762\u4e4b\u5bc6\u78bc\u9a57\u8b49\u3002\u5373\u4f7f\u5b83\u50c5\u5728\u60a8\u7684\u5340\u57df\u7db2\u8def\u4e2d\u70ba\u53ef\u5b58\u53d6\u7684\uff0c\u8b93\u5b83\u53d7\u4fdd\u8b77\u514d\u65bc\u4e0d\u53d7\u9650\u5236\u7684\u5b58\u53d6\u70ba\u4ecd\u7136\u91cd\u8981\u7684\u3002",
    "install_auth_username": "\u7528\u6236\u540d",
    "install_auth_password": "\u5bc6\u78bc",
    "install_auth_confirm": "\u78ba\u8a8d\u5bc6\u78bc",
@@ -182,50 +201,50 @@
    "install_auth_password_enter": "\u8f38\u5165\u5bc6\u78bc",
    "install_step": "\u6b65\u9a5f",
    "install_devices_title": "\u914d\u7f6e\u60a8\u7684\u88dd\u7f6e",
-    "install_devices_desc": "\u70ba\u4f7fAdGuard Home\u958b\u59cb\u904b\u4f5c\uff0c\u60a8\u9700\u8981\u914d\u7f6e\u60a8\u7684\u88dd\u7f6e\u4ee5\u4f7f\u7528\u5b83\u3002",
+    "install_devices_desc": "\u70ba\u4f7f AdGuard Home \u958b\u59cb\u904b\u4f5c\uff0c\u60a8\u9700\u8981\u914d\u7f6e\u60a8\u7684\u88dd\u7f6e\u4ee5\u4f7f\u7528\u5b83\u3002",
    "install_submit_title": "\u606d\u559c\uff01",
-    "install_submit_desc": "\u8a72\u8a2d\u7f6e\u7a0b\u5e8f\u88ab\u5b8c\u6210\uff0c\u4e14\u60a8\u6e96\u5099\u597d\u958b\u59cb\u4f7f\u7528AdGuard Home\u3002",
+    "install_submit_desc": "\u8a72\u8a2d\u7f6e\u7a0b\u5e8f\u88ab\u5b8c\u6210\uff0c\u4e14\u60a8\u6e96\u5099\u597d\u958b\u59cb\u4f7f\u7528 AdGuard Home\u3002",
    "install_devices_router": "\u8def\u7531\u5668",
    "install_devices_router_desc": "\u8a72\u8a2d\u7f6e\u5c07\u81ea\u52d5\u5730\u6db5\u84cb\u88ab\u9023\u7dda\u81f3\u60a8\u7684\u5bb6\u5ead\u8def\u7531\u5668\u4e4b\u6240\u6709\u7684\u88dd\u7f6e\uff0c\u4e14\u60a8\u5c07\u7121\u9700\u624b\u52d5\u5730\u914d\u7f6e\u5b83\u5011\u6bcf\u500b\u3002",
-    "install_devices_address": "AdGuard Home DNS\u4f3a\u670d\u5668\u6b63\u5728\u76e3\u807d\u4e0b\u5217\u7684\u4f4d\u5740",
+    "install_devices_address": "AdGuard Home DNS \u4f3a\u670d\u5668\u6b63\u5728\u76e3\u807d\u4e0b\u5217\u7684\u4f4d\u5740",
    "install_devices_router_list_1": "\u958b\u555f\u95dc\u65bc\u60a8\u7684\u8def\u7531\u5668\u4e4b\u504f\u597d\u8a2d\u5b9a\u3002\u901a\u5e38\u5730\uff0c\u60a8\u53ef\u900f\u904e\u7db2\u5740\uff08\u5982 http:\/\/192.168.0.1\/ \u6216 http:\/\/192.168.1.1\/\uff09\u5f9e\u60a8\u7684\u700f\u89bd\u5668\u4e2d\u5b58\u53d6\u5b83\u3002\u60a8\u53ef\u80fd\u88ab\u8981\u6c42\u8f38\u5165\u8a72\u5bc6\u78bc\u3002\u5982\u679c\u60a8\u4e0d\u8a18\u5f97\u5b83\uff0c\u60a8\u7d93\u5e38\u53ef\u900f\u904e\u6309\u58d3\u65bc\u8a72\u8def\u7531\u5668\u672c\u8eab\u4e0a\u7684\u6309\u9215\u4f86\u91cd\u7f6e\u5bc6\u78bc\u3002\u67d0\u4e9b\u8def\u7531\u5668\u9700\u8981\u7279\u5b9a\u7684\u61c9\u7528\u7a0b\u5f0f\uff0c\u65e2\u7136\u5982\u6b64\u5176\u61c9\u5df2\u88ab\u5b89\u88dd\u65bc\u60a8\u7684\u96fb\u8166\/\u624b\u6a5f\u4e0a\u3002",
-    "install_devices_router_list_2": "\u627e\u5230DHCP\/DNS\u8a2d\u5b9a\u3002\u5c0b\u627e\u7dca\u9130\u8457\u5141\u8a31\u5169\u7d44\u6216\u4e09\u7d44\u6578\u5b57\u96c6\u7684\u6b04\u4f4d\u4e4bDNS\u5b57\u6bcd\uff0c\u6bcf\u7d44\u88ab\u62c6\u6210\u56db\u500b\u542b\u6709\u4e00\u81f3\u4e09\u500b\u6578\u5b57\u7684\u7fa4\u96c6\u3002",
-    "install_devices_router_list_3": "\u5728\u90a3\u88e1\u8f38\u5165\u60a8\u7684AdGuard Home\u4f3a\u670d\u5668\u4f4d\u5740\u3002",
-    "install_devices_windows_list_1": "\u901a\u904e\u958b\u59cb\u529f\u80fd\u8868\u6216Windows \u641c\u5c0b\uff0c\u958b\u555f\u63a7\u5236\u53f0\u3002",
+    "install_devices_router_list_2": "\u627e\u5230 DHCP\/DNS \u8a2d\u5b9a\u3002\u5c0b\u627e\u7dca\u9130\u8457\u5141\u8a31\u5169\u7d44\u6216\u4e09\u7d44\u6578\u5b57\u96c6\u7684\u6b04\u4f4d\u4e4b DNS \u5b57\u6bcd\uff0c\u6bcf\u7d44\u88ab\u62c6\u6210\u56db\u500b\u542b\u6709\u4e00\u81f3\u4e09\u500b\u6578\u5b57\u7684\u7fa4\u96c6\u3002",
+    "install_devices_router_list_3": "\u5728\u90a3\u88e1\u8f38\u5165\u60a8\u7684 AdGuard Home \u4f3a\u670d\u5668\u4f4d\u5740\u3002",
+    "install_devices_windows_list_1": "\u901a\u904e\u958b\u59cb\u529f\u80fd\u8868\u6216 Windows \u641c\u5c0b\uff0c\u958b\u555f\u63a7\u5236\u53f0\u3002",
    "install_devices_windows_list_2": "\u53bb\u7db2\u8def\u548c\u7db2\u969b\u7db2\u8def\u985e\u5225\uff0c\u7136\u5f8c\u53bb\u7db2\u8def\u548c\u5171\u7528\u4e2d\u5fc3\u3002",
    "install_devices_windows_list_3": "\u65bc\u756b\u9762\u4e4b\u5de6\u5074\u4e0a\u627e\u5230\u8b8a\u66f4\u4ecb\u9762\u5361\u8a2d\u5b9a\u4e26\u65bc\u5b83\u4e0a\u9ede\u64ca\u3002",
    "install_devices_windows_list_4": "\u9078\u64c7\u60a8\u73fe\u884c\u7684\u9023\u7dda\uff0c\u65bc\u5b83\u4e0a\u9ede\u64ca\u6ed1\u9f20\u53f3\u9375\uff0c\u7136\u5f8c\u9078\u64c7\u5167\u5bb9\u3002",
    "install_devices_windows_list_5": "\u5728\u6e05\u55ae\u4e2d\u627e\u5230\u7db2\u969b\u7db2\u8def\u901a\u8a0a\u5354\u5b9a\u7b2c 4 \u7248\uff08TCP\/IPv4\uff09\uff0c\u9078\u64c7\u5b83\uff0c\u7136\u5f8c\u518d\u6b21\u65bc\u5167\u5bb9\u4e0a\u9ede\u64ca\u3002",
-    "install_devices_windows_list_6": "\u9078\u64c7\u4f7f\u7528\u4e0b\u5217\u7684DNS\u4f3a\u670d\u5668\u4f4d\u5740\uff0c\u7136\u5f8c\u8f38\u5165\u60a8\u7684AdGuard Home\u4f3a\u670d\u5668\u4f4d\u5740\u3002",
-    "install_devices_macos_list_1": "\u65bcApple\u5716\u50cf\u4e0a\u9ede\u64ca\uff0c\u7136\u5f8c\u53bb\u7cfb\u7d71\u504f\u597d\u8a2d\u5b9a\u3002",
+    "install_devices_windows_list_6": "\u9078\u64c7\u4f7f\u7528\u4e0b\u5217\u7684 DNS \u4f3a\u670d\u5668\u4f4d\u5740\uff0c\u7136\u5f8c\u8f38\u5165\u60a8\u7684 AdGuard Home \u4f3a\u670d\u5668\u4f4d\u5740\u3002",
+    "install_devices_macos_list_1": "\u65bc Apple \u5716\u50cf\u4e0a\u9ede\u64ca\uff0c\u7136\u5f8c\u53bb\u7cfb\u7d71\u504f\u597d\u8a2d\u5b9a\u3002",
    "install_devices_macos_list_2": "\u65bc\u7db2\u8def\u4e0a\u9ede\u64ca\u3002",
    "install_devices_macos_list_3": "\u9078\u64c7\u5728\u60a8\u7684\u6e05\u55ae\u4e2d\u4e4b\u9996\u8981\u7684\u9023\u7dda\uff0c\u7136\u5f8c\u9ede\u64ca\u9032\u968e\u7684\u3002",
-    "install_devices_macos_list_4": "\u9078\u64c7\u8a72DNS\u5206\u9801\uff0c\u7136\u5f8c\u8f38\u5165\u60a8\u7684AdGuard Home\u4f3a\u670d\u5668\u4f4d\u5740\u3002",
-    "install_devices_android_list_1": "\u5f9eAndroid\u9078\u55ae\u4e3b\u756b\u9762\u4e2d\uff0c\u8f15\u89f8\u8a2d\u5b9a\u3002",
-    "install_devices_android_list_2": "\u65bc\u8a72\u9078\u55ae\u4e0a\u8f15\u89f8Wi-Fi\u3002\u6b63\u5728\u5217\u51fa\u6240\u6709\u53ef\u7528\u7684\u7db2\u8def\u4e4b\u756b\u9762\u5c07\u88ab\u986f\u793a\uff08\u4e0d\u53ef\u80fd\u70ba\u884c\u52d5\u9023\u7dda\u8a2d\u5b9a\u81ea\u8a02\u7684DNS\uff09\u3002",
+    "install_devices_macos_list_4": "\u9078\u64c7\u8a72 DNS \u5206\u9801\uff0c\u7136\u5f8c\u8f38\u5165\u60a8\u7684 AdGuard Home \u4f3a\u670d\u5668\u4f4d\u5740\u3002",
+    "install_devices_android_list_1": "\u5f9e Android \u9078\u55ae\u4e3b\u756b\u9762\u4e2d\uff0c\u8f15\u89f8\u8a2d\u5b9a\u3002",
+    "install_devices_android_list_2": "\u65bc\u8a72\u9078\u55ae\u4e0a\u8f15\u89f8 Wi-Fi\u3002\u6b63\u5728\u5217\u51fa\u6240\u6709\u53ef\u7528\u7684\u7db2\u8def\u4e4b\u756b\u9762\u5c07\u88ab\u986f\u793a\uff08\u4e0d\u53ef\u80fd\u70ba\u884c\u52d5\u9023\u7dda\u8a2d\u5b9a\u81ea\u8a02\u7684 DNS\uff09\u3002",
    "install_devices_android_list_3": "\u9577\u6309\u60a8\u6240\u9023\u7dda\u81f3\u7684\u7db2\u8def\uff0c\u7136\u5f8c\u8f15\u89f8\u4fee\u6539\u7db2\u8def\u3002",
-    "install_devices_android_list_4": "\u65bc\u67d0\u4e9b\u88dd\u7f6e\u4e0a\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u6aa2\u67e5\u95dc\u65bc\u9032\u968e\u7684\u65b9\u6846\u4ee5\u67e5\u770b\u9032\u4e00\u6b65\u7684\u8a2d\u5b9a\u3002\u70ba\u4e86\u8abf\u6574\u60a8\u7684Android DNS\u8a2d\u5b9a\uff0c\u60a8\u5c07\u9700\u8981\u628aIP \u8a2d\u5b9a\u5f9eDHCP\u8f49\u63db\u6210\u975c\u614b\u3002",
-    "install_devices_android_list_5": "\u4f7f\u8a2d\u5b9aDNS 1\u548cDNS 2\u503c\u66f4\u6539\u6210\u60a8\u7684AdGuard Home\u4f3a\u670d\u5668\u4f4d\u5740\u3002",
+    "install_devices_android_list_4": "\u65bc\u67d0\u4e9b\u88dd\u7f6e\u4e0a\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u6aa2\u67e5\u95dc\u65bc\u9032\u968e\u7684\u65b9\u6846\u4ee5\u67e5\u770b\u9032\u4e00\u6b65\u7684\u8a2d\u5b9a\u3002\u70ba\u4e86\u8abf\u6574\u60a8\u7684 Android DNS \u8a2d\u5b9a\uff0c\u60a8\u5c07\u9700\u8981\u628a IP \u8a2d\u5b9a\u5f9e DHCP \u8f49\u63db\u6210\u975c\u614b\u3002",
+    "install_devices_android_list_5": "\u4f7f\u8a2d\u5b9a DNS 1 \u548c DNS 2 \u503c\u66f4\u6539\u6210\u60a8\u7684 AdGuard Home \u4f3a\u670d\u5668\u4f4d\u5740\u3002",
    "install_devices_ios_list_1": "\u5f9e\u4e3b\u756b\u9762\u4e2d\uff0c\u8f15\u89f8\u8a2d\u5b9a\u3002",
-    "install_devices_ios_list_2": "\u5728\u5de6\u5074\u7684\u9078\u55ae\u4e2d\u9078\u64c7Wi-Fi\uff08\u4e0d\u53ef\u80fd\u70ba\u884c\u52d5\u7db2\u8def\u914d\u7f6eDNS\uff09\u3002",
+    "install_devices_ios_list_2": "\u5728\u5de6\u5074\u7684\u9078\u55ae\u4e2d\u9078\u64c7 Wi-Fi\uff08\u4e0d\u53ef\u80fd\u70ba\u884c\u52d5\u7db2\u8def\u914d\u7f6e DNS\uff09\u3002",
    "install_devices_ios_list_3": "\u65bc\u76ee\u524d\u73fe\u884c\u7684\u7db2\u8def\u4e4b\u540d\u7a31\u4e0a\u8f15\u89f8\u3002",
-    "install_devices_ios_list_4": "\u5728\u8a72DNS\u6b04\u4f4d\u4e2d\uff0c\u8f38\u5165\u60a8\u7684AdGuard Home\u4f3a\u670d\u5668\u4f4d\u5740\u3002",
+    "install_devices_ios_list_4": "\u5728\u8a72 DNS \u6b04\u4f4d\u4e2d\uff0c\u8f38\u5165\u60a8\u7684 AdGuard Home \u4f3a\u670d\u5668\u4f4d\u5740\u3002",
    "get_started": "\u958b\u59cb\u5427",
    "next": "\u4e0b\u4e00\u6b65",
    "open_dashboard": "\u958b\u555f\u5100\u8868\u677f",
    "install_saved": "\u5df2\u6210\u529f\u5730\u5132\u5b58",
    "encryption_title": "\u52a0\u5bc6",
-    "encryption_desc": "\u52a0\u5bc6\uff08HTTPS\/TLS\uff09\u652f\u63f4\u4f9bDNS\u548c\u7ba1\u7406\u54e1\u7db2\u9801\u4ecb\u9762\u5169\u8005",
+    "encryption_desc": "\u52a0\u5bc6\uff08HTTPS\/TLS\uff09\u652f\u63f4\u4f9b DNS \u548c\u7ba1\u7406\u54e1\u7db2\u9801\u4ecb\u9762\u5169\u8005",
    "encryption_config_saved": "\u52a0\u5bc6\u914d\u7f6e\u5df2\u88ab\u5132\u5b58",
    "encryption_server": "\u4f3a\u670d\u5668\u540d\u7a31",
    "encryption_server_enter": "\u8f38\u5165\u60a8\u7684\u57df\u540d",
-    "encryption_server_desc": "\u70ba\u4e86\u4f7f\u7528HTTPS\uff0c\u60a8\u9700\u8981\u8f38\u5165\u8207\u60a8\u7684\u5b89\u5168\u901a\u8a0a\u7aef\u5c64\uff08SSL\uff09\u6191\u8b49\u76f8\u7b26\u7684\u4f3a\u670d\u5668\u540d\u7a31\u3002",
-    "encryption_redirect": "\u81ea\u52d5\u5730\u91cd\u5b9a\u5411\u5230HTTPS",
-    "encryption_redirect_desc": "\u5982\u679c\u88ab\u52fe\u9078\uff0cAdGuard Home\u5c07\u81ea\u52d5\u5730\u91cd\u5b9a\u5411\u60a8\u5f9eHTTP\u5230HTTPS\u4f4d\u5740\u3002",
+    "encryption_server_desc": "\u70ba\u4e86\u4f7f\u7528 HTTPS\uff0c\u60a8\u9700\u8981\u8f38\u5165\u8207\u60a8\u7684\u5b89\u5168\u901a\u8a0a\u7aef\u5c64\uff08SSL\uff09\u6191\u8b49\u76f8\u7b26\u7684\u4f3a\u670d\u5668\u540d\u7a31\u3002",
+    "encryption_redirect": "\u81ea\u52d5\u5730\u91cd\u65b0\u5c0e\u5411\u5230 HTTPS",
+    "encryption_redirect_desc": "\u5982\u679c\u88ab\u52fe\u9078\uff0cAdGuard Home \u5c07\u81ea\u52d5\u5730\u91cd\u65b0\u5c0e\u5411\u60a8\u5f9e HTTP \u5230 HTTPS \u4f4d\u5740\u3002",
    "encryption_https": "HTTPS \u9023\u63a5\u57e0",
-    "encryption_https_desc": "\u5982\u679cHTTPS\u9023\u63a5\u57e0\u88ab\u914d\u7f6e\uff0cAdGuard Home\u7ba1\u7406\u54e1\u4ecb\u9762\u900f\u904eHTTPS\u5c07\u70ba\u53ef\u5b58\u53d6\u7684\uff0c\u4e14\u5b83\u4e5f\u5c07\u65bc '\/dns-query' \u4f4d\u7f6e\u4e0a\u63d0\u4f9bDNS-over-HTTPS\u3002",
+    "encryption_https_desc": "\u5982\u679c HTTPS \u9023\u63a5\u57e0\u88ab\u914d\u7f6e\uff0cAdGuard Home \u7ba1\u7406\u54e1\u4ecb\u9762\u900f\u904e HTTPS \u5c07\u70ba\u53ef\u5b58\u53d6\u7684\uff0c\u4e14\u5b83\u4e5f\u5c07\u65bc '\/dns-query' \u4f4d\u7f6e\u4e0a\u63d0\u4f9b DNS-over-HTTPS\u3002",
    "encryption_dot": "DNS-over-TLS \u9023\u63a5\u57e0",
-    "encryption_dot_desc": "\u5982\u679c\u8a72\u9023\u63a5\u57e0\u88ab\u914d\u7f6e\uff0cAdGuard Home\u5c07\u65bc\u6b64\u9023\u63a5\u57e0\u4e0a\u904b\u884cDNS-over-TLS\u4f3a\u670d\u5668\u3002",
+    "encryption_dot_desc": "\u5982\u679c\u8a72\u9023\u63a5\u57e0\u88ab\u914d\u7f6e\uff0cAdGuard Home \u5c07\u65bc\u6b64\u9023\u63a5\u57e0\u4e0a\u904b\u884c DNS-over-TLS \u4f3a\u670d\u5668\u3002",
    "encryption_certificates": "\u6191\u8b49",
    "encryption_certificates_desc": "\u70ba\u4e86\u4f7f\u7528\u52a0\u5bc6\uff0c\u60a8\u9700\u8981\u63d0\u4f9b\u6709\u6548\u7684\u5b89\u5168\u901a\u8a0a\u7aef\u5c64\uff08SSL\uff09\u6191\u8b49\u93c8\u7d50\u4f9b\u60a8\u7684\u7db2\u57df\u3002\u65bc <0>{{link}}<\/0> \u4e0a\u60a8\u53ef\u53d6\u5f97\u514d\u8cbb\u7684\u6191\u8b49\u6216\u60a8\u53ef\u5f9e\u53d7\u4fe1\u4efb\u7684\u6191\u8b49\u6388\u6b0a\u55ae\u4f4d\u4e4b\u4e00\u8cfc\u8cb7\u5b83\u3002",
    "encryption_certificates_input": "\u65bc\u6b64\u8907\u88fd\/\u8cbc\u4e0a\u60a8\u7684\u96b1\u79c1\u589e\u5f37\u90f5\u4ef6\u7de8\u78bc\u4e4b\uff08PEM-encoded\uff09\u6191\u8b49\u3002",
@@ -233,8 +252,8 @@
    "encryption_expire": "\u5230\u671f",
    "encryption_key": "\u79c1\u5bc6\u91d1\u9470",
    "encryption_key_input": "\u65bc\u6b64\u8907\u88fd\/\u8cbc\u4e0a\u60a8\u7684\u96b1\u79c1\u589e\u5f37\u90f5\u4ef6\u7de8\u78bc\u4e4b\uff08PEM-encoded\uff09\u79c1\u5bc6\u91d1\u9470\u4f9b\u60a8\u7684\u6191\u8b49\u3002",
-    "encryption_enable": "\u555f\u7528\u52a0\u5bc6\uff08HTTPS\u3001DNS-over-HTTPS\u548cDNS-over-TLS\uff09",
-    "encryption_enable_desc": "\u5982\u679c\u52a0\u5bc6\u88ab\u555f\u7528\uff0cAdGuard Home\u7ba1\u7406\u54e1\u4ecb\u9762\u900f\u904eHTTPS\u5c07\u904b\u4f5c\uff0c\u4e14\u8a72DNS\u4f3a\u670d\u5668\u5c07\u7559\u5fc3\u76e3\u807d\u900f\u904eDNS-over-HTTPS\u548cDNS-over-TLS\u4e4b\u8acb\u6c42\u3002",
+    "encryption_enable": "\u555f\u7528\u52a0\u5bc6\uff08HTTPS\u3001DNS-over-HTTPS \u548c DNS-over-TLS\uff09",
+    "encryption_enable_desc": "\u5982\u679c\u52a0\u5bc6\u88ab\u555f\u7528\uff0cAdGuard Home \u7ba1\u7406\u54e1\u4ecb\u9762\u900f\u904e HTTPS \u5c07\u904b\u4f5c\uff0c\u4e14\u8a72 DNS \u4f3a\u670d\u5668\u5c07\u7559\u5fc3\u76e3\u807d\u900f\u904e DNS-over-HTTPS \u548c DNS-over-TLS \u4e4b\u8acb\u6c42\u3002",
    "encryption_chain_valid": "\u6191\u8b49\u93c8\u7d50\u70ba\u6709\u6548\u7684",
    "encryption_chain_invalid": "\u6191\u8b49\u93c8\u7d50\u70ba\u7121\u6548\u7684",
    "encryption_key_valid": "\u6b64\u70ba\u6709\u6548\u7684 {{type}} \u79c1\u5bc6\u91d1\u9470",
@@ -245,12 +264,53 @@
    "encryption_reset": "\u60a8\u78ba\u5b9a\u60a8\u60f3\u8981\u91cd\u7f6e\u52a0\u5bc6\u8a2d\u5b9a\u55ce\uff1f",
    "topline_expiring_certificate": "\u60a8\u7684\u5b89\u5168\u901a\u8a0a\u7aef\u5c64\uff08SSL\uff09\u6191\u8b49\u5373\u5c07\u5230\u671f\u3002\u66f4\u65b0<0>\u52a0\u5bc6\u8a2d\u5b9a<\/0>\u3002",
    "topline_expired_certificate": "\u60a8\u7684\u5b89\u5168\u901a\u8a0a\u7aef\u5c64\uff08SSL\uff09\u6191\u8b49\u70ba\u5df2\u5230\u671f\u7684\u3002\u66f4\u65b0<0>\u52a0\u5bc6\u8a2d\u5b9a<\/0>\u3002",
-    "form_error_port_range": "\u572880-65535\u4e4b\u7bc4\u570d\u5167\u8f38\u5165\u9023\u63a5\u57e0\u503c",
+    "form_error_port_range": "\u5728 80-65535 \u4e4b\u7bc4\u570d\u5167\u8f38\u5165\u9023\u63a5\u57e0\u503c",
    "form_error_port_unsafe": "\u6b64\u70ba\u4e0d\u5b89\u5168\u7684\u9023\u63a5\u57e0",
    "form_error_equal": "\u4e0d\u61c9\u70ba\u76f8\u7b49\u7684",
    "form_error_password": "\u4e0d\u76f8\u7b26\u7684\u5bc6\u78bc",
    "reset_settings": "\u91cd\u7f6e\u8a2d\u5b9a",
    "update_announcement": "AdGuard Home {{version}} \u73fe\u70ba\u53ef\u7528\u7684\uff01\u95dc\u65bc\u66f4\u591a\u7684\u8cc7\u8a0a\uff0c<0>\u9ede\u64ca\u9019\u88e1<\/0>\u3002",
    "setup_guide": "\u5b89\u88dd\u6307\u5357",
-    "dns_addresses": "DNS \u4f4d\u5740"
+    "dns_addresses": "DNS \u4f4d\u5740",
+    "down": "\u505c\u6b62\u904b\u4f5c\u7684",
+    "fix": "\u4fee\u5fa9",
+    "dns_providers": "\u9019\u88e1\u662f\u4e00\u500b\u5f9e\u4e2d\u9078\u64c7\u4e4b<0>\u5df2\u77e5\u7684 DNS \u4f9b\u61c9\u5546\u4e4b\u6e05\u55ae<\/0>\u3002",
+    "update_now": "\u7acb\u5373\u66f4\u65b0",
+    "update_failed": "Auto-update failed. Please <a href='https:\/\/github.com\/AdguardTeam\/AdGuardHome\/wiki\/Getting-Started#update'>follow the steps<\/a> to update manually.",
+    "processing_update": "Please wait, AdGuard Home is being updated",
+    "clients_title": "\u7528\u6236\u7aef",
+    "clients_desc": "Configure devices connected to AdGuard Home",
+    "settings_global": "Global",
+    "settings_custom": "Custom",
+    "table_client": "\u7528\u6236\u7aef",
+    "table_name": "\u540d\u7a31",
+    "save_btn": "\u5132\u5b58",
+    "client_add": "\u589e\u52a0\u7528\u6236\u7aef",
+    "client_new": "\u65b0\u7684\u7528\u6236\u7aef",
+    "client_edit": "\u7de8\u8f2f\u7528\u6236\u7aef",
+    "client_identifier": "Identifier",
+    "ip_address": "IP \u4f4d\u5740",
+    "client_identifier_desc": "Clients can be identified by the IP address or MAC address. Please note, that using MAC as identifier is possible only if AdGuard Home is also a <0>DHCP server<\/0>",
+    "form_enter_ip": "\u8f38\u5165 IP",
+    "form_enter_mac": "\u8f38\u5165\u5a92\u9ad4\u5b58\u53d6\u63a7\u5236\uff08MAC\uff09",
+    "form_client_name": "\u8f38\u5165\u7528\u6236\u7aef\u540d\u7a31",
+    "client_global_settings": "Use global settings",
+    "client_deleted": "Client \"{{key}}\" successfully deleted",
+    "client_added": "Client \"{{key}}\" successfully added",
+    "client_updated": "Client \"{{key}}\" successfully updated",
+    "table_statistics": "Requests count (last 24 hours)",
+    "clients_not_found": "No clients found",
+    "client_confirm_delete": "Are you sure you want to delete client \"{{key}}\"?",
+    "filter_confirm_delete": "Are you sure you want to delete filter?",
+    "auto_clients_title": "Clients (runtime)",
+    "auto_clients_desc": "Data on the clients that use AdGuard Home, but not stored in the configuration",
+    "access_title": "Access settings",
+    "access_desc": "Here you can configure access rules for the AdGuard Home DNS server.",
+    "access_allowed_title": "Allowed clients",
+    "access_allowed_desc": "A list of CIDR or IP addresses. If configured, AdGuard Home will accept requests from these IP addresses only.",
+    "access_disallowed_title": "Disallowed clients",
+    "access_disallowed_desc": "A list of CIDR or IP addresses. If configured, AdGuard Home will drop requests from these IP addresses.",
+    "access_blocked_title": "Blocked domains",
+    "access_blocked_desc": "Don't confuse this with filters. AdGuard Home will drop DNS queries with these domains in query's question.",
+    "access_settings_saved": "Access settings successfully saved"
 }
--- a/client/src/actions/access.js
+++ b/client/src/actions/access.js
@@ -0,0 +1,45 @@
+import { createAction } from 'redux-actions';
+import Api from '../api/Api';
+import { addErrorToast, addSuccessToast } from './index';
+import { normalizeTextarea } from '../helpers/helpers';
+
+const apiClient = new Api();
+
+export const getAccessListRequest = createAction('GET_ACCESS_LIST_REQUEST');
+export const getAccessListFailure = createAction('GET_ACCESS_LIST_FAILURE');
+export const getAccessListSuccess = createAction('GET_ACCESS_LIST_SUCCESS');
+
+export const getAccessList = () => async (dispatch) => {
+    dispatch(getAccessListRequest());
+    try {
+        const data = await apiClient.getAccessList();
+        dispatch(getAccessListSuccess(data));
+    } catch (error) {
+        dispatch(addErrorToast({ error }));
+        dispatch(getAccessListFailure());
+    }
+};
+
+export const setAccessListRequest = createAction('SET_ACCESS_LIST_REQUEST');
+export const setAccessListFailure = createAction('SET_ACCESS_LIST_FAILURE');
+export const setAccessListSuccess = createAction('SET_ACCESS_LIST_SUCCESS');
+
+export const setAccessList = config => async (dispatch) => {
+    dispatch(setAccessListRequest());
+    try {
+        const { allowed_clients, disallowed_clients, blocked_hosts } = config;
+
+        const values = {
+            allowed_clients: (allowed_clients && normalizeTextarea(allowed_clients)) || [],
+            disallowed_clients: (disallowed_clients && normalizeTextarea(disallowed_clients)) || [],
+            blocked_hosts: (blocked_hosts && normalizeTextarea(blocked_hosts)) || [],
+        };
+
+        await apiClient.setAccessList(values);
+        dispatch(setAccessListSuccess());
+        dispatch(addSuccessToast('access_settings_saved'));
+    } catch (error) {
+        dispatch(addErrorToast({ error }));
+        dispatch(setAccessListFailure());
+    }
+};
--- a/client/src/actions/clients.js
+++ b/client/src/actions/clients.js
@@ -0,0 +1,84 @@
+import { createAction } from 'redux-actions';
+import { t } from 'i18next';
+import Api from '../api/Api';
+import { addErrorToast, addSuccessToast, getClients } from './index';
+import { CLIENT_ID } from '../helpers/constants';
+
+const apiClient = new Api();
+
+export const toggleClientModal = createAction('TOGGLE_CLIENT_MODAL');
+
+export const addClientRequest = createAction('ADD_CLIENT_REQUEST');
+export const addClientFailure = createAction('ADD_CLIENT_FAILURE');
+export const addClientSuccess = createAction('ADD_CLIENT_SUCCESS');
+
+export const addClient = config => async (dispatch) => {
+    dispatch(addClientRequest());
+    try {
+        let data;
+        if (config.identifier === CLIENT_ID.MAC) {
+            const { ip, identifier, ...values } = config;
+
+            data = { ...values };
+        } else {
+            const { mac, identifier, ...values } = config;
+
+            data = { ...values };
+        }
+
+        await apiClient.addClient(data);
+        dispatch(addClientSuccess());
+        dispatch(toggleClientModal());
+        dispatch(addSuccessToast(t('client_added', { key: config.name })));
+        dispatch(getClients());
+    } catch (error) {
+        dispatch(addErrorToast({ error }));
+        dispatch(addClientFailure());
+    }
+};
+
+export const deleteClientRequest = createAction('DELETE_CLIENT_REQUEST');
+export const deleteClientFailure = createAction('DELETE_CLIENT_FAILURE');
+export const deleteClientSuccess = createAction('DELETE_CLIENT_SUCCESS');
+
+export const deleteClient = config => async (dispatch) => {
+    dispatch(deleteClientRequest());
+    try {
+        await apiClient.deleteClient(config);
+        dispatch(deleteClientSuccess());
+        dispatch(addSuccessToast(t('client_deleted', { key: config.name })));
+        dispatch(getClients());
+    } catch (error) {
+        dispatch(addErrorToast({ error }));
+        dispatch(deleteClientFailure());
+    }
+};
+
+export const updateClientRequest = createAction('UPDATE_CLIENT_REQUEST');
+export const updateClientFailure = createAction('UPDATE_CLIENT_FAILURE');
+export const updateClientSuccess = createAction('UPDATE_CLIENT_SUCCESS');
+
+export const updateClient = (config, name) => async (dispatch) => {
+    dispatch(updateClientRequest());
+    try {
+        let data;
+        if (config.identifier === CLIENT_ID.MAC) {
+            const { ip, identifier, ...values } = config;
+
+            data = { name, data: { ...values } };
+        } else {
+            const { mac, identifier, ...values } = config;
+
+            data = { name, data: { ...values } };
+        }
+
+        await apiClient.updateClient(data);
+        dispatch(updateClientSuccess());
+        dispatch(toggleClientModal());
+        dispatch(addSuccessToast(t('client_updated', { key: name })));
+        dispatch(getClients());
+    } catch (error) {
+        dispatch(addErrorToast({ error }));
+        dispatch(updateClientFailure());
+    }
+};
--- a/client/src/actions/index.js
+++ b/client/src/actions/index.js
@@ -2,15 +2,19 @@ import { createAction } from 'redux-actions';
 import round from 'lodash/round';
 import { t } from 'i18next';
 import { showLoading, hideLoading } from 'react-redux-loading-bar';
+import axios from 'axios';

-import { normalizeHistory, normalizeFilteringStatus, normalizeLogs, normalizeTextarea } from '../helpers/helpers';
-import { SETTINGS_NAMES } from '../helpers/constants';
+import versionCompare from '../helpers/versionCompare';
+import { normalizeHistory, normalizeFilteringStatus, normalizeLogs, normalizeTextarea, sortClients } from '../helpers/helpers';
+import { SETTINGS_NAMES, CHECK_TIMEOUT } from '../helpers/constants';
+import { getTlsStatus } from './encryption';
 import Api from '../api/Api';

 const apiClient = new Api();

 export const addErrorToast = createAction('ADD_ERROR_TOAST');
 export const addSuccessToast = createAction('ADD_SUCCESS_TOAST');
+export const addNoticeToast = createAction('ADD_NOTICE_TOAST');
 export const removeToast = createAction('REMOVE_TOAST');

 export const toggleSettingStatus = createAction('SETTING_STATUS_TOGGLE');
@@ -143,17 +147,84 @@ export const getVersionRequest = createAction('GET_VERSION_REQUEST');
 export const getVersionFailure = createAction('GET_VERSION_FAILURE');
 export const getVersionSuccess = createAction('GET_VERSION_SUCCESS');

-export const getVersion = () => async (dispatch) => {
+export const getVersion = (recheck = false) => async (dispatch, getState) => {
    dispatch(getVersionRequest());
    try {
-        const newVersion = await apiClient.getGlobalVersion();
-        dispatch(getVersionSuccess(newVersion));
+        const data = await apiClient.getGlobalVersion({ recheck_now: recheck });
+        dispatch(getVersionSuccess(data));
+
+        if (recheck) {
+            const { dnsVersion } = getState().dashboard;
+            const currentVersion = dnsVersion === 'undefined' ? 0 : dnsVersion;
+
+            if (data && versionCompare(currentVersion, data.new_version) === -1) {
+                dispatch(addSuccessToast('updates_checked'));
+            } else {
+                dispatch(addSuccessToast('updates_version_equal'));
+            }
+        }
    } catch (error) {
        dispatch(addErrorToast({ error }));
        dispatch(getVersionFailure());
    }
 };

+export const getUpdateRequest = createAction('GET_UPDATE_REQUEST');
+export const getUpdateFailure = createAction('GET_UPDATE_FAILURE');
+export const getUpdateSuccess = createAction('GET_UPDATE_SUCCESS');
+
+export const getUpdate = () => async (dispatch, getState) => {
+    const { dnsVersion } = getState().dashboard;
+
+    dispatch(getUpdateRequest());
+    try {
+        await apiClient.getUpdate();
+
+        const checkUpdate = async (attempts) => {
+            let count = attempts || 1;
+            let timeout;
+
+            if (count > 60) {
+                dispatch(addNoticeToast({ error: 'update_failed' }));
+                dispatch(getUpdateFailure());
+                return false;
+            }
+
+            const rmTimeout = t => t && clearTimeout(t);
+            const setRecursiveTimeout = (time, ...args) => setTimeout(
+                checkUpdate,
+                time,
+                ...args,
+            );
+
+            axios.get('control/status')
+                .then((response) => {
+                    rmTimeout(timeout);
+                    if (response && response.status === 200) {
+                        const responseVersion = response.data && response.data.version;
+
+                        if (dnsVersion !== responseVersion) {
+                            dispatch(getUpdateSuccess());
+                            window.location.reload(true);
+                        }
+                    }
+                    timeout = setRecursiveTimeout(CHECK_TIMEOUT, count += 1);
+                })
+                .catch(() => {
+                    rmTimeout(timeout);
+                    timeout = setRecursiveTimeout(CHECK_TIMEOUT, count += 1);
+                });
+
+            return false;
+        };
+
+        checkUpdate();
+    } catch (error) {
+        dispatch(addNoticeToast({ error: 'update_failed' }));
+        dispatch(getUpdateFailure());
+    }
+};
+
 export const getClientsRequest = createAction('GET_CLIENTS_REQUEST');
 export const getClientsFailure = createAction('GET_CLIENTS_FAILURE');
 export const getClientsSuccess = createAction('GET_CLIENTS_SUCCESS');
@@ -161,14 +232,41 @@ export const getClientsSuccess = createAction('GET_CLIENTS_SUCCESS');
 export const getClients = () => async (dispatch) => {
    dispatch(getClientsRequest());
    try {
-        const clients = await apiClient.getGlobalClients();
-        dispatch(getClientsSuccess(clients));
+        const data = await apiClient.getClients();
+        const sortedClients = data.clients && sortClients(data.clients);
+        const sortedAutoClients = data.auto_clients && sortClients(data.auto_clients);
+
+        dispatch(getClientsSuccess({
+            clients: sortedClients || [],
+            autoClients: sortedAutoClients || [],
+        }));
    } catch (error) {
        dispatch(addErrorToast({ error }));
        dispatch(getClientsFailure());
    }
 };

+export const getTopStatsRequest = createAction('GET_TOP_STATS_REQUEST');
+export const getTopStatsFailure = createAction('GET_TOP_STATS_FAILURE');
+export const getTopStatsSuccess = createAction('GET_TOP_STATS_SUCCESS');
+
+export const getTopStats = () => async (dispatch, getState) => {
+    dispatch(getTopStatsRequest());
+    const timer = setInterval(async () => {
+        const state = getState();
+        if (state.dashboard.isCoreRunning) {
+            clearInterval(timer);
+            try {
+                const stats = await apiClient.getGlobalStatsTop();
+                dispatch(getTopStatsSuccess(stats));
+            } catch (error) {
+                dispatch(addErrorToast({ error }));
+                dispatch(getTopStatsFailure(error));
+            }
+        }
+    }, 100);
+};
+
 export const dnsStatusRequest = createAction('DNS_STATUS_REQUEST');
 export const dnsStatusFailure = createAction('DNS_STATUS_FAILURE');
 export const dnsStatusSuccess = createAction('DNS_STATUS_SUCCESS');
@@ -179,7 +277,7 @@ export const getDnsStatus = () => async (dispatch) => {
        const dnsStatus = await apiClient.getGlobalStatus();
        dispatch(dnsStatusSuccess(dnsStatus));
        dispatch(getVersion());
-        dispatch(getClients());
+        dispatch(getTlsStatus());
    } catch (error) {
        dispatch(addErrorToast({ error }));
        dispatch(initSettingsFailure());
@@ -237,27 +335,6 @@ export const getStats = () => async (dispatch) => {
    }
 };

-export const getTopStatsRequest = createAction('GET_TOP_STATS_REQUEST');
-export const getTopStatsFailure = createAction('GET_TOP_STATS_FAILURE');
-export const getTopStatsSuccess = createAction('GET_TOP_STATS_SUCCESS');
-
-export const getTopStats = () => async (dispatch, getState) => {
-    dispatch(getTopStatsRequest());
-    const timer = setInterval(async () => {
-        const state = getState();
-        if (state.dashboard.isCoreRunning) {
-            clearInterval(timer);
-            try {
-                const stats = await apiClient.getGlobalStatsTop();
-                dispatch(getTopStatsSuccess(stats));
-            } catch (error) {
-                dispatch(addErrorToast({ error }));
-                dispatch(getTopStatsFailure(error));
-            }
-        }
-    }, 100);
-};
-
 export const getLogsRequest = createAction('GET_LOGS_REQUEST');
 export const getLogsFailure = createAction('GET_LOGS_FAILURE');
 export const getLogsSuccess = createAction('GET_LOGS_SUCCESS');
@@ -603,41 +680,18 @@ export const setDhcpConfigRequest = createAction('SET_DHCP_CONFIG_REQUEST');
 export const setDhcpConfigSuccess = createAction('SET_DHCP_CONFIG_SUCCESS');
 export const setDhcpConfigFailure = createAction('SET_DHCP_CONFIG_FAILURE');

-// TODO rewrite findActiveDhcp part
 export const setDhcpConfig = values => async (dispatch, getState) => {
    const { config } = getState().dhcp;
    const updatedConfig = { ...config, ...values };
    dispatch(setDhcpConfigRequest());
-    if (values.interface_name) {
-        dispatch(findActiveDhcpRequest());
-        try {
-            const activeDhcp = await apiClient.findActiveDhcp(values.interface_name);
-            dispatch(findActiveDhcpSuccess(activeDhcp));
-            if (!activeDhcp.found) {
-                try {
-                    await apiClient.setDhcpConfig(updatedConfig);
-                    dispatch(setDhcpConfigSuccess(updatedConfig));
-                    dispatch(addSuccessToast('dhcp_config_saved'));
-                } catch (error) {
-                    dispatch(addErrorToast({ error }));
-                    dispatch(setDhcpConfigFailure());
-                }
-            } else {
-                dispatch(addErrorToast({ error: 'dhcp_found' }));
-            }
-        } catch (error) {
-            dispatch(addErrorToast({ error }));
-            dispatch(findActiveDhcpFailure());
-        }
-    } else {
-        try {
-            await apiClient.setDhcpConfig(updatedConfig);
-            dispatch(setDhcpConfigSuccess(updatedConfig));
-            dispatch(addSuccessToast('dhcp_config_saved'));
-        } catch (error) {
-            dispatch(addErrorToast({ error }));
-            dispatch(setDhcpConfigFailure());
-        }
+    dispatch(findActiveDhcp(values.interface_name));
+    try {
+        await apiClient.setDhcpConfig(updatedConfig);
+        dispatch(setDhcpConfigSuccess(updatedConfig));
+        dispatch(addSuccessToast('dhcp_config_saved'));
+    } catch (error) {
+        dispatch(addErrorToast({ error }));
+        dispatch(setDhcpConfigFailure());
    }
 };

@@ -645,40 +699,60 @@ export const toggleDhcpRequest = createAction('TOGGLE_DHCP_REQUEST');
 export const toggleDhcpFailure = createAction('TOGGLE_DHCP_FAILURE');
 export const toggleDhcpSuccess = createAction('TOGGLE_DHCP_SUCCESS');

-// TODO rewrite findActiveDhcp part
-export const toggleDhcp = config => async (dispatch) => {
+export const toggleDhcp = values => async (dispatch) => {
    dispatch(toggleDhcpRequest());
+    let config = { ...values, enabled: false };
+    let successMessage = 'disabled_dhcp';

-    if (config.enabled) {
-        try {
-            await apiClient.setDhcpConfig({ ...config, enabled: false });
-            dispatch(toggleDhcpSuccess());
-            dispatch(addSuccessToast('disabled_dhcp'));
-        } catch (error) {
-            dispatch(addErrorToast({ error }));
-            dispatch(toggleDhcpFailure());
-        }
-    } else {
-        dispatch(findActiveDhcpRequest());
-        try {
-            const activeDhcp = await apiClient.findActiveDhcp(config.interface_name);
-            dispatch(findActiveDhcpSuccess(activeDhcp));
+    if (!values.enabled) {
+        config = { ...values, enabled: true };
+        successMessage = 'enabled_dhcp';
+        dispatch(findActiveDhcp(values.interface_name));
+    }

-            if (!activeDhcp.found) {
-                try {
-                    await apiClient.setDhcpConfig({ ...config, enabled: true });
-                    dispatch(toggleDhcpSuccess());
-                    dispatch(addSuccessToast('enabled_dhcp'));
-                } catch (error) {
-                    dispatch(addErrorToast({ error }));
-                    dispatch(toggleDhcpFailure());
-                }
-            } else {
-                dispatch(addErrorToast({ error: 'dhcp_found' }));
-            }
-        } catch (error) {
-            dispatch(addErrorToast({ error }));
-            dispatch(findActiveDhcpFailure());
-        }
+    try {
+        await apiClient.setDhcpConfig(config);
+        dispatch(toggleDhcpSuccess());
+        dispatch(addSuccessToast(successMessage));
+    } catch (error) {
+        dispatch(addErrorToast({ error }));
+        dispatch(toggleDhcpFailure());
+    }
+};
+
+export const toggleLeaseModal = createAction('TOGGLE_LEASE_MODAL');
+
+export const addStaticLeaseRequest = createAction('ADD_STATIC_LEASE_REQUEST');
+export const addStaticLeaseFailure = createAction('ADD_STATIC_LEASE_FAILURE');
+export const addStaticLeaseSuccess = createAction('ADD_STATIC_LEASE_SUCCESS');
+
+export const addStaticLease = config => async (dispatch) => {
+    dispatch(addStaticLeaseRequest());
+    try {
+        const name = config.hostname || config.ip;
+        await apiClient.addStaticLease(config);
+        dispatch(addStaticLeaseSuccess(config));
+        dispatch(addSuccessToast(t('dhcp_lease_added', { key: name })));
+        dispatch(toggleLeaseModal());
+    } catch (error) {
+        dispatch(addErrorToast({ error }));
+        dispatch(addStaticLeaseFailure());
+    }
+};
+
+export const removeStaticLeaseRequest = createAction('REMOVE_STATIC_LEASE_REQUEST');
+export const removeStaticLeaseFailure = createAction('REMOVE_STATIC_LEASE_FAILURE');
+export const removeStaticLeaseSuccess = createAction('REMOVE_STATIC_LEASE_SUCCESS');
+
+export const removeStaticLease = config => async (dispatch) => {
+    dispatch(removeStaticLeaseRequest());
+    try {
+        const name = config.hostname || config.ip;
+        await apiClient.removeStaticLease(config);
+        dispatch(removeStaticLeaseSuccess(config));
+        dispatch(addSuccessToast(t('dhcp_lease_deleted', { key: name })));
+    } catch (error) {
+        dispatch(addErrorToast({ error }));
+        dispatch(removeStaticLeaseFailure());
    }
 };
--- a/client/src/api/Api.js
+++ b/client/src/api/Api.js
@@ -36,10 +36,10 @@ export default class Api {
    GLOBAL_QUERY_LOG_DISABLE = { path: 'querylog_disable', method: 'POST' };
    GLOBAL_SET_UPSTREAM_DNS = { path: 'set_upstreams_config', method: 'POST' };
    GLOBAL_TEST_UPSTREAM_DNS = { path: 'test_upstream_dns', method: 'POST' };
-    GLOBAL_VERSION = { path: 'version.json', method: 'GET' };
+    GLOBAL_VERSION = { path: 'version.json', method: 'POST' };
    GLOBAL_ENABLE_PROTECTION = { path: 'enable_protection', method: 'POST' };
    GLOBAL_DISABLE_PROTECTION = { path: 'disable_protection', method: 'POST' };
-    GLOBAL_CLIENTS = { path: 'clients', method: 'GET' }
+    GLOBAL_UPDATE = { path: 'update', method: 'POST' };

    restartGlobalFiltering() {
        const { path, method } = this.GLOBAL_RESTART;
@@ -125,9 +125,13 @@ export default class Api {
        return this.makeRequest(path, method, config);
    }

-    getGlobalVersion() {
+    getGlobalVersion(data) {
        const { path, method } = this.GLOBAL_VERSION;
-        return this.makeRequest(path, method);
+        const config = {
+            data,
+            headers: { 'Content-Type': 'application/json' },
+        };
+        return this.makeRequest(path, method, config);
    }

    enableGlobalProtection() {
@@ -140,8 +144,8 @@ export default class Api {
        return this.makeRequest(path, method);
    }

-    getGlobalClients() {
-        const { path, method } = this.GLOBAL_CLIENTS;
+    getUpdate() {
+        const { path, method } = this.GLOBAL_UPDATE;
        return this.makeRequest(path, method);
    }

@@ -188,15 +192,14 @@ export default class Api {
        return this.makeRequest(path, method, config);
    }

-    removeFilter(url) {
+    removeFilter(config) {
        const { path, method } = this.FILTERING_REMOVE_FILTER;
-        const parameter = 'url';
-        const requestBody = `${parameter}=${url}`;
-        const config = {
-            data: requestBody,
-            header: { 'Content-Type': 'text/plain' },
+        const parameters = {
+            data: config,
+            headers: { 'Content-Type': 'application/json' },
        };
-        return this.makeRequest(path, method, config);
+
+        return this.makeRequest(path, method, parameters);
    }

    setRules(rules) {
@@ -318,6 +321,8 @@ export default class Api {
    DHCP_SET_CONFIG = { path: 'dhcp/set_config', method: 'POST' };
    DHCP_FIND_ACTIVE = { path: 'dhcp/find_active_dhcp', method: 'POST' };
    DHCP_INTERFACES = { path: 'dhcp/interfaces', method: 'GET' };
+    DHCP_ADD_STATIC_LEASE = { path: 'dhcp/add_static_lease', method: 'POST' };
+    DHCP_REMOVE_STATIC_LEASE = { path: 'dhcp/remove_static_lease', method: 'POST' };

    getDhcpStatus() {
        const { path, method } = this.DHCP_STATUS;
@@ -347,6 +352,24 @@ export default class Api {
        return this.makeRequest(path, method, parameters);
    }

+    addStaticLease(config) {
+        const { path, method } = this.DHCP_ADD_STATIC_LEASE;
+        const parameters = {
+            data: config,
+            headers: { 'Content-Type': 'application/json' },
+        };
+        return this.makeRequest(path, method, parameters);
+    }
+
+    removeStaticLease(config) {
+        const { path, method } = this.DHCP_REMOVE_STATIC_LEASE;
+        const parameters = {
+            data: config,
+            headers: { 'Content-Type': 'application/json' },
+        };
+        return this.makeRequest(path, method, parameters);
+    }
+
    // Installation
    INSTALL_GET_ADDRESSES = { path: 'install/get_addresses', method: 'GET' };
    INSTALL_CONFIGURE = { path: 'install/configure', method: 'POST' };
@@ -402,4 +425,60 @@ export default class Api {
        };
        return this.makeRequest(path, method, parameters);
    }
+
+    // Per-client settings
+    GET_CLIENTS = { path: 'clients', method: 'GET' };
+    ADD_CLIENT = { path: 'clients/add', method: 'POST' };
+    DELETE_CLIENT = { path: 'clients/delete', method: 'POST' };
+    UPDATE_CLIENT = { path: 'clients/update', method: 'POST' };
+
+    getClients() {
+        const { path, method } = this.GET_CLIENTS;
+        return this.makeRequest(path, method);
+    }
+
+    addClient(config) {
+        const { path, method } = this.ADD_CLIENT;
+        const parameters = {
+            data: config,
+            headers: { 'Content-Type': 'application/json' },
+        };
+        return this.makeRequest(path, method, parameters);
+    }
+
+    deleteClient(config) {
+        const { path, method } = this.DELETE_CLIENT;
+        const parameters = {
+            data: config,
+            headers: { 'Content-Type': 'application/json' },
+        };
+        return this.makeRequest(path, method, parameters);
+    }
+
+    updateClient(config) {
+        const { path, method } = this.UPDATE_CLIENT;
+        const parameters = {
+            data: config,
+            headers: { 'Content-Type': 'application/json' },
+        };
+        return this.makeRequest(path, method, parameters);
+    }
+
+    // DNS access settings
+    ACCESS_LIST = { path: 'access/list', method: 'GET' };
+    ACCESS_SET = { path: 'access/set', method: 'POST' };
+
+    getAccessList() {
+        const { path, method } = this.ACCESS_LIST;
+        return this.makeRequest(path, method);
+    }
+
+    setAccessList(config) {
+        const { path, method } = this.ACCESS_SET;
+        const parameters = {
+            data: config,
+            headers: { 'Content-Type': 'application/json' },
+        };
+        return this.makeRequest(path, method, parameters);
+    }
 }
--- a/client/src/components/App/index.js
+++ b/client/src/components/App/index.js
@@ -13,13 +13,21 @@ import Header from '../../containers/Header';
 import Dashboard from '../../containers/Dashboard';
 import Settings from '../../containers/Settings';
 import Filters from '../../containers/Filters';
+
+import Dns from '../../containers/Dns';
+import Encryption from '../../containers/Encryption';
+import Dhcp from '../../containers/Dhcp';
+import Clients from '../../containers/Clients';
+
 import Logs from '../../containers/Logs';
 import SetupGuide from '../../containers/SetupGuide';
 import Toasts from '../Toasts';
 import Footer from '../ui/Footer';
 import Status from '../ui/Status';
 import UpdateTopline from '../ui/UpdateTopline';
+import UpdateOverlay from '../ui/UpdateOverlay';
 import EncryptionTopline from '../ui/EncryptionTopline';
+import Icons from '../ui/Icons';
 import i18n from '../../i18n';

 class App extends Component {
@@ -37,6 +45,10 @@ class App extends Component {
        this.props.enableDns();
    };

+    handleUpdate = () => {
+        this.props.getUpdate();
+    };
+
    setLanguage = () => {
        const { processing, language } = this.props.dashboard;

@@ -49,49 +61,57 @@ class App extends Component {
        i18n.on('languageChanged', (lang) => {
            this.props.changeLanguage(lang);
        });
-    }
+    };

    render() {
        const { dashboard, encryption } = this.props;
-        const updateAvailable =
-            !dashboard.processingVersions &&
-            dashboard.isCoreRunning &&
-            dashboard.isUpdateAvailable;
+        const updateAvailable = dashboard.isCoreRunning && dashboard.isUpdateAvailable;

        return (
-            <HashRouter hashType='noslash'>
+            <HashRouter hashType="noslash">
                <Fragment>
-                    {updateAvailable &&
-                        <UpdateTopline
-                            url={dashboard.announcementUrl}
-                            version={dashboard.version}
-                        />
-                    }
-                    {!encryption.processing &&
+                    {updateAvailable && (
+                        <Fragment>
+                            <UpdateTopline
+                                url={dashboard.announcementUrl}
+                                version={dashboard.newVersion}
+                                canAutoUpdate={dashboard.canAutoUpdate}
+                                getUpdate={this.handleUpdate}
+                                processingUpdate={dashboard.processingUpdate}
+                            />
+                            <UpdateOverlay processingUpdate={dashboard.processingUpdate} />
+                        </Fragment>
+                    )}
+                    {!encryption.processing && (
                        <EncryptionTopline notAfter={encryption.not_after} />
-                    }
+                    )}
                    <LoadingBar className="loading-bar" updateTime={1000} />
                    <Route component={Header} />
                    <div className="container container--wrap">
-                        {!dashboard.processing && !dashboard.isCoreRunning &&
+                        {!dashboard.processing && !dashboard.isCoreRunning && (
                            <div className="row row-cards">
                                <div className="col-lg-12">
                                    <Status handleStatusChange={this.handleStatusChange} />
                                </div>
                            </div>
-                        }
-                        {!dashboard.processing && dashboard.isCoreRunning &&
+                        )}
+                        {!dashboard.processing && dashboard.isCoreRunning && (
                            <Fragment>
                                <Route path="/" exact component={Dashboard} />
                                <Route path="/settings" component={Settings} />
+                                <Route path="/dns" component={Dns} />
+                                <Route path="/encryption" component={Encryption} />
+                                <Route path="/dhcp" component={Dhcp} />
+                                <Route path="/clients" component={Clients} />
                                <Route path="/filters" component={Filters} />
                                <Route path="/logs" component={Logs} />
                                <Route path="/guide" component={SetupGuide} />
                            </Fragment>
-                        }
+                        )}
                    </div>
                    <Footer />
                    <Toasts />
+                    <Icons />
                </Fragment>
            </HashRouter>
        );
@@ -100,6 +120,7 @@ class App extends Component {

 App.propTypes = {
    getDnsStatus: PropTypes.func,
+    getUpdate: PropTypes.func,
    enableDns: PropTypes.func,
    dashboard: PropTypes.object,
    isCoreRunning: PropTypes.bool,
--- a/client/src/components/Dashboard/Clients.js
+++ b/client/src/components/Dashboard/Clients.js
@@ -24,7 +24,8 @@ class Clients extends Component {
        Header: 'IP',
        accessor: 'ip',
        Cell: ({ value }) => {
-            const clientName = getClientName(this.props.clients, value);
+            const clientName = getClientName(this.props.clients, value)
+                || getClientName(this.props.autoClients, value);
            let client;

            if (clientName) {
@@ -79,6 +80,7 @@ Clients.propTypes = {
    dnsQueries: PropTypes.number.isRequired,
    refreshButton: PropTypes.node.isRequired,
    clients: PropTypes.array.isRequired,
+    autoClients: PropTypes.array.isRequired,
    t: PropTypes.func,
 };

--- a/client/src/components/Dashboard/index.js
+++ b/client/src/components/Dashboard/index.js
@@ -21,6 +21,7 @@ class Dashboard extends Component {
        this.props.getStats();
        this.props.getStatsHistory();
        this.props.getTopStats();
+        this.props.getClients();
    }

    getToggleFilteringButton = () => {
@@ -49,8 +50,26 @@ class Dashboard extends Component {
            dashboard.processingClients ||
            dashboard.processingTopStats;

-        const refreshFullButton = <button type="button" className="btn btn-outline-primary btn-sm" onClick={() => this.getAllStats()}><Trans>refresh_statics</Trans></button>;
-        const refreshButton = <button type="button" className="btn btn-outline-primary btn-sm card-refresh" onClick={() => this.getAllStats()} />;
+        const refreshFullButton = (
+            <button
+                type="button"
+                className="btn btn-outline-primary btn-sm"
+                onClick={() => this.getAllStats()}
+            >
+                <Trans>refresh_statics</Trans>
+            </button>
+        );
+        const refreshButton = (
+            <button
+                type="button"
+                className="btn btn-icon btn-outline-primary btn-sm"
+                onClick={() => this.getAllStats()}
+            >
+                <svg className="icons">
+                    <use xlinkHref="#refresh" />
+                </svg>
+            </button>
+        );

        return (
            <Fragment>
@@ -96,6 +115,7 @@ class Dashboard extends Component {
                                        refreshButton={refreshButton}
                                        topClients={dashboard.topStats.top_clients}
                                        clients={dashboard.clients}
+                                        autoClients={dashboard.autoClients}
                                    />
                                </div>
                                <div className="col-lg-6">
@@ -131,6 +151,7 @@ Dashboard.propTypes = {
    isCoreRunning: PropTypes.bool,
    getFiltering: PropTypes.func,
    toggleProtection: PropTypes.func,
+    getClients: PropTypes.func,
    processingProtection: PropTypes.bool,
    t: PropTypes.func,
 };
--- a/client/src/components/Filters/Filters.css
+++ b/client/src/components/Filters/Filters.css
@@ -1,13 +0,0 @@
-.remove-icon {
-    position: relative;
-    top: 2px;
-    display: inline-block;
-    width: 20px;
-    height: 18px;
-    opacity: 0.6;
-}
-
-.remove-icon:hover {
-    cursor: pointer;
-    opacity: 1;
-}
--- a/client/src/components/Filters/Modal.js
+++ b/client/src/components/Filters/Modal.js
@@ -4,7 +4,7 @@ import ReactModal from 'react-modal';
 import classnames from 'classnames';
 import { Trans, withNamespaces } from 'react-i18next';
 import { R_URL_REQUIRES_PROTOCOL } from '../../helpers/constants';
-import './Modal.css';
+import '../ui/Modal.css';

 ReactModal.setAppElement('#root');

@@ -17,10 +17,7 @@ const initialState = {
 class Modal extends Component {
    state = initialState;

-    // eslint-disable-next-line
-    isUrlValid = url => {
-        return R_URL_REQUIRES_PROTOCOL.test(url);
-    };
+    isUrlValid = url => R_URL_REQUIRES_PROTOCOL.test(url);

    handleUrlChange = async (e) => {
        const { value: url } = e.currentTarget;
--- a/client/src/components/Filters/UserRules.js
+++ b/client/src/components/Filters/UserRules.js
@@ -17,12 +17,13 @@ class UserRules extends Component {
    render() {
        const { t } = this.props;
        return (
-            <Card
-                title={ t('custom_filter_rules') }
-                subtitle={ t('custom_filter_rules_hint') }
-            >
+            <Card title={t('custom_filter_rules')} subtitle={t('custom_filter_rules_hint')}>
                <form onSubmit={this.handleSubmit}>
-                    <textarea className="form-control form-control--textarea-large" value={this.props.userRules} onChange={this.handleChange} />
+                    <textarea
+                        className="form-control form-control--textarea-large"
+                        value={this.props.userRules}
+                        onChange={this.handleChange}
+                    />
                    <div className="card-actions">
                        <button
                            className="btn btn-success btn-standard"
@@ -33,27 +34,42 @@ class UserRules extends Component {
                        </button>
                    </div>
                </form>
-                <hr/>
+                <hr />
                <div className="list leading-loose">
                    <Trans>examples_title</Trans>:
                    <ol className="leading-loose">
                        <li>
-                            <code>||example.org^</code> - { t('example_meaning_filter_block') }
+                            <code>||example.org^</code> – {t('example_meaning_filter_block')}
                        </li>
                        <li>
-                            <code> @@||example.org^</code> - { t('example_meaning_filter_whitelist') }
+                            <code> @@||example.org^</code> – {t('example_meaning_filter_whitelist')}
                        </li>
                        <li>
-                            <code>127.0.0.1 example.org</code> - { t('example_meaning_host_block') }
+                            <code>127.0.0.1 example.org</code> – {t('example_meaning_host_block')}
                        </li>
                        <li>
-                            <code>{ t('example_comment') }</code> - { t('example_comment_meaning') }
+                            <code>{t('example_comment')}</code> – {t('example_comment_meaning')}
                        </li>
                        <li>
-                            <code>{ t('example_comment_hash') }</code> - { t('example_comment_meaning') }
+                            <code>{t('example_comment_hash')}</code> –&nbsp;
+                            {t('example_comment_meaning')}
                        </li>
                        <li>
-                            <code>/REGEX/</code> - { t('example_regex_meaning') }
+                            <code>/REGEX/</code> –&nbsp;
+                            <Trans
+                                components={[
+                                    <a
+                                        href="https://kb.adguard.com/general/dns-filtering-syntax"
+                                        target="_blank"
+                                        rel="noopener noreferrer"
+                                        key="0"
+                                    >
+                                        link
+                                    </a>,
+                                ]}
+                            >
+                                example_regex_meaning
+                            </Trans>
                        </li>
                    </ol>
                </div>
--- a/client/src/components/Filters/index.js
+++ b/client/src/components/Filters/index.js
@@ -2,11 +2,10 @@ import React, { Component } from 'react';
 import ReactTable from 'react-table';
 import PropTypes from 'prop-types';
 import { Trans, withNamespaces } from 'react-i18next';
-import Modal from '../ui/Modal';
+import Modal from './Modal';
 import PageTitle from '../ui/PageTitle';
 import Card from '../ui/Card';
 import UserRules from './UserRules';
-import './Filters.css';

 class Filters extends Component {
    componentDidMount() {
@@ -33,6 +32,13 @@ class Filters extends Component {
        );
    };

+    handleDelete = (url) => {
+        // eslint-disable-next-line no-alert
+        if (window.confirm(this.props.t('filter_confirm_delete'))) {
+            this.props.removeFilter({ url });
+        }
+    }
+
    columns = [{
        Header: <Trans>enabled_table_header</Trans>,
        accessor: 'enabled',
@@ -59,7 +65,18 @@ class Filters extends Component {
    }, {
        Header: <Trans>actions_table_header</Trans>,
        accessor: 'url',
-        Cell: ({ value }) => (<span title={ this.props.t('delete_table_action') } className='remove-icon fe fe-trash-2' onClick={() => this.props.removeFilter(value)}/>),
+        Cell: ({ value }) => (
+            <button
+                type="button"
+                className="btn btn-icon btn-outline-secondary btn-sm"
+                onClick={() => this.handleDelete(value)}
+                title={this.props.t('delete_table_action')}
+            >
+                <svg className="icons">
+                    <use xlinkHref="#delete" />
+                </svg>
+            </button>
+        ),
        className: 'text-center',
        width: 80,
        sortable: false,
--- a/client/src/components/Header/Header.css
+++ b/client/src/components/Header/Header.css
@@ -16,11 +16,13 @@
    stroke: #9aa0ac;
 }

-.nav-tabs .nav-link.active .nav-icon {
+.nav-tabs .nav-link.active .nav-icon,
+.nav-tabs .nav-item.show .nav-icon {
    stroke: #66b574;
 }

-.nav-tabs .nav-link.active:hover .nav-icon {
+.nav-tabs .nav-link.active:hover .nav-icon,
+.nav-tabs .nav-item.show:hover .nav-icon {
    stroke: #58a273;
 }

@@ -73,7 +75,18 @@
 }

 .nav-version__value {
+    max-width: 110px;
    font-weight: 600;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    overflow: hidden;
+}
+
+@media screen and (min-width: 992px) {
+    .nav-version__value {
+        max-width: 100%;
+        overflow: visible;
+    }
 }

 .nav-version__link {
@@ -83,10 +96,22 @@
    cursor: pointer;
 }

+.nav-version__text {
+    display: flex;
+    align-items: center;
+    justify-content: flex-end;
+}
+
 .header-brand-img {
    height: 32px;
 }

+.nav-tabs .nav-item.show .nav-link {
+    color: #66b574;
+    background-color: #fff;
+    border-bottom-color: #66b574;
+}
+
@media screen and (min-width: 992px) {
    .header {
        padding: 0;
--- a/client/src/components/Header/Menu.js
+++ b/client/src/components/Header/Menu.js
@@ -5,6 +5,9 @@ import enhanceWithClickOutside from 'react-click-outside';
 import classnames from 'classnames';
 import { Trans, withNamespaces } from 'react-i18next';

+import { SETTINGS_URLS } from '../../helpers/constants';
+import Dropdown from '../ui/Dropdown';
+
 class Menu extends Component {
    handleClickOutside = () => {
        this.props.closeMenu();
@@ -14,49 +17,86 @@ class Menu extends Component {
        this.props.toggleMenuOpen();
    };

+    getActiveClassForSettings = () => {
+        const { pathname } = this.props.location;
+        const isSettingsPage = SETTINGS_URLS.some(item => item === pathname);
+
+        return isSettingsPage ? 'active' : '';
+    };
+
    render() {
        const menuClass = classnames({
            'col-lg-6 mobile-menu': true,
            'mobile-menu--active': this.props.isMenuOpen,
        });

+        const dropdownControlClass = `nav-link ${this.getActiveClassForSettings()}`;
+
        return (
            <Fragment>
                <div className={menuClass}>
                    <ul className="nav nav-tabs border-0 flex-column flex-lg-row flex-nowrap">
                        <li className="nav-item border-bottom d-lg-none" onClick={this.toggleMenu}>
                            <div className="nav-link nav-link--back">
-                                <svg className="nav-icon" fill="none" height="24" strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" viewBox="0 0 24 24" width="24" xmlns="http://www.w3.org/2000/svg"><path d="m19 12h-14"/><path d="m12 19-7-7 7-7"/></svg>
+                                <svg className="nav-icon">
+                                    <use xlinkHref="#back" />
+                                </svg>
                                <Trans>back</Trans>
                            </div>
                        </li>
                        <li className="nav-item">
                            <NavLink to="/" exact={true} className="nav-link">
-                                <svg className="nav-icon" fill="none" height="24" stroke="#9aa0ac" strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" viewBox="0 0 24 24" width="24" xmlns="http://www.w3.org/2000/svg"><path d="m3 9 9-7 9 7v11a2 2 0 0 1 -2 2h-14a2 2 0 0 1 -2-2z"/><path d="m9 22v-10h6v10"/></svg>
+                                <svg className="nav-icon">
+                                    <use xlinkHref="#dashboard" />
+                                </svg>
                                <Trans>dashboard</Trans>
                            </NavLink>
                        </li>
-                        <li className="nav-item">
-                            <NavLink to="/settings" className="nav-link">
-                                <svg className="nav-icon" fill="none" height="24" strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" viewBox="0 0 24 24" width="24" xmlns="http://www.w3.org/2000/svg"><circle cx="12" cy="12" r="3"/><path d="m19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 0 1 0 2.83 2 2 0 0 1 -2.83 0l-.06-.06a1.65 1.65 0 0 0 -1.82-.33 1.65 1.65 0 0 0 -1 1.51v.17a2 2 0 0 1 -2 2 2 2 0 0 1 -2-2v-.09a1.65 1.65 0 0 0 -1.08-1.51 1.65 1.65 0 0 0 -1.82.33l-.06.06a2 2 0 0 1 -2.83 0 2 2 0 0 1 0-2.83l.06-.06a1.65 1.65 0 0 0 .33-1.82 1.65 1.65 0 0 0 -1.51-1h-.17a2 2 0 0 1 -2-2 2 2 0 0 1 2-2h.09a1.65 1.65 0 0 0 1.51-1.08 1.65 1.65 0 0 0 -.33-1.82l-.06-.06a2 2 0 0 1 0-2.83 2 2 0 0 1 2.83 0l.06.06a1.65 1.65 0 0 0 1.82.33h.08a1.65 1.65 0 0 0 1-1.51v-.17a2 2 0 0 1 2-2 2 2 0 0 1 2 2v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 0 1 2.83 0 2 2 0 0 1 0 2.83l-.06.06a1.65 1.65 0 0 0 -.33 1.82v.08a1.65 1.65 0 0 0 1.51 1h.17a2 2 0 0 1 2 2 2 2 0 0 1 -2 2h-.09a1.65 1.65 0 0 0 -1.51 1z"/></svg>
-                                <Trans>settings</Trans>
-                            </NavLink>
-                        </li>
+                        <Dropdown
+                            label={this.props.t('settings')}
+                            baseClassName="dropdown nav-item"
+                            controlClassName={dropdownControlClass}
+                            icon="settings"
+                        >
+                            <Fragment>
+                                <NavLink to="/settings" className="dropdown-item">
+                                    <Trans>general_settings</Trans>
+                                </NavLink>
+                                <NavLink to="/dns" className="dropdown-item">
+                                    <Trans>dns_settings</Trans>
+                                </NavLink>
+                                <NavLink to="/encryption" className="dropdown-item">
+                                    <Trans>encryption_settings</Trans>
+                                </NavLink>
+                                <NavLink to="/clients" className="dropdown-item">
+                                    <Trans>client_settings</Trans>
+                                </NavLink>
+                                <NavLink to="/dhcp" className="dropdown-item">
+                                    <Trans>dhcp_settings</Trans>
+                                </NavLink>
+                            </Fragment>
+                        </Dropdown>
                        <li className="nav-item">
                            <NavLink to="/filters" className="nav-link">
-                                <svg className="nav-icon" fill="none" height="24" strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" viewBox="0 0 24 24" width="24" xmlns="http://www.w3.org/2000/svg"><path d="m22 3h-20l8 9.46v6.54l4 2v-8.54z"/></svg>
+                                <svg className="nav-icon">
+                                    <use xlinkHref="#filters" />
+                                </svg>
                                <Trans>filters</Trans>
                            </NavLink>
                        </li>
                        <li className="nav-item">
                            <NavLink to="/logs" className="nav-link">
-                                <svg className="nav-icon" fill="none" height="24" strokeLinecap="round" strokeLinejoin="round" strokeWidth="2" viewBox="0 0 24 24" width="24" xmlns="http://www.w3.org/2000/svg"><path d="m14 2h-8a2 2 0 0 0 -2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2v-12z"/><path d="m14 2v6h6"/><path d="m16 13h-8"/><path d="m16 17h-8"/><path d="m10 9h-1-1"/></svg>
+                                <svg className="nav-icon">
+                                    <use xlinkHref="#log" />
+                                </svg>
                                <Trans>query_log</Trans>
                            </NavLink>
                        </li>
                        <li className="nav-item">
-                            <NavLink to="/guide" href="/guide" className="nav-link">
-                                <svg className="nav-icon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="#66b574" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><circle cx="12" cy="12" r="10"></circle><path d="M9.09 9a3 3 0 0 1 5.83 1c0 2-3 3-3 3"></path><line x1="12" y1="17" x2="12" y2="17"></line></svg>
+                            <NavLink to="/guide" className="nav-link">
+                                <svg className="nav-icon">
+                                    <use xlinkHref="#setup" />
+                                </svg>
                                <Trans>setup_guide</Trans>
                            </NavLink>
                        </li>
@@ -71,6 +111,8 @@ Menu.propTypes = {
    isMenuOpen: PropTypes.bool,
    closeMenu: PropTypes.func,
    toggleMenuOpen: PropTypes.func,
+    location: PropTypes.object,
+    t: PropTypes.func,
 };

 export default withNamespaces()(enhanceWithClickOutside(Menu));
--- a/client/src/components/Header/Version.js
+++ b/client/src/components/Header/Version.js
@@ -2,14 +2,26 @@ import React from 'react';
 import PropTypes from 'prop-types';
 import { Trans, withNamespaces } from 'react-i18next';

-import { getDnsAddress } from '../../helpers/helpers';
+const Version = (props) => {
+    const {
+        dnsVersion, dnsAddresses, processingVersion, t,
+    } = props;

-function Version(props) {
-    const { dnsVersion, dnsAddresses, dnsPort } = props;
    return (
        <div className="nav-version">
            <div className="nav-version__text">
-                <Trans>version</Trans>: <span className="nav-version__value">{dnsVersion}</span>
+                <Trans>version</Trans>:&nbsp;<span className="nav-version__value" title={dnsVersion}>{dnsVersion}</span>
+                <button
+                    type="button"
+                    className="btn btn-icon btn-icon-sm btn-outline-primary btn-sm ml-2"
+                    onClick={() => props.getVersion(true)}
+                    disabled={processingVersion}
+                    title={t('check_updates_now')}
+                >
+                    <svg className="icons">
+                        <use xlinkHref="#refresh" />
+                    </svg>
+                </button>
            </div>
            <div className="nav-version__link">
                <div className="popover__trigger popover__trigger--address">
@@ -17,20 +29,21 @@ function Version(props) {
                </div>
                <div className="popover__body popover__body--address">
                    <div className="popover__list">
-                        {dnsAddresses
-                            .map(ip => <li key={ip}>{getDnsAddress(ip, dnsPort)}</li>)
-                        }
+                        {dnsAddresses.map(ip => <li key={ip}>{ip}</li>)}
                    </div>
                </div>
            </div>
        </div>
    );
-}
+};

 Version.propTypes = {
    dnsVersion: PropTypes.string.isRequired,
    dnsAddresses: PropTypes.array.isRequired,
    dnsPort: PropTypes.number.isRequired,
+    getVersion: PropTypes.func.isRequired,
+    processingVersion: PropTypes.bool.isRequired,
+    t: PropTypes.func.isRequired,
 };

 export default withNamespaces()(Version);
--- a/client/src/components/Header/index.js
+++ b/client/src/components/Header/index.js
@@ -23,7 +23,7 @@ class Header extends Component {
    };

    render() {
-        const { dashboard } = this.props;
+        const { dashboard, getVersion, location } = this.props;
        const { isMenuOpen } = this.state;
        const badgeClass = classnames({
            'badge dns-status': true,
@@ -51,7 +51,7 @@ class Header extends Component {
                            </div>
                        </div>
                        <Menu
-                            location={this.props.location}
+                            location={location}
                            isMenuOpen={isMenuOpen}
                            toggleMenuOpen={this.toggleMenuOpen}
                            closeMenu={this.closeMenu}
@@ -59,7 +59,8 @@ class Header extends Component {
                        {!dashboard.processing &&
                            <div className="col col-sm-6 col-lg-3">
                                <Version
-                                    { ...this.props.dashboard }
+                                    { ...dashboard }
+                                    getVersion={getVersion}
                                />
                            </div>
                        }
@@ -71,8 +72,9 @@ class Header extends Component {
 }

 Header.propTypes = {
-    dashboard: PropTypes.object,
-    location: PropTypes.object,
+    dashboard: PropTypes.object.isRequired,
+    location: PropTypes.object.isRequired,
+    getVersion: PropTypes.func.isRequired,
 };

 export default withNamespaces()(Header);
--- a/client/src/components/Logs/Logs.css
+++ b/client/src/components/Logs/Logs.css
@@ -5,6 +5,10 @@
    min-height: 26px;
 }

+.logs__row--center {
+    justify-content: center;
+}
+
 .logs__row--overflow {
    overflow: hidden;
 }
--- a/client/src/components/Logs/index.js
+++ b/client/src/components/Logs/index.js
@@ -21,6 +21,7 @@ class Logs extends Component {
    componentDidMount() {
        this.getLogs();
        this.props.getFilteringStatus();
+        this.props.getClients();
    }

    componentDidUpdate(prevProps) {
@@ -196,7 +197,8 @@ class Logs extends Component {
            Cell: (row) => {
                const { reason } = row.original;
                const isFiltered = row ? reason.indexOf('Filtered') === 0 : false;
-                const clientName = getClientName(dashboard.clients, row.value);
+                const clientName = getClientName(dashboard.clients, row.value)
+                    || getClientName(dashboard.autoClients, row.value);
                let client;

                if (clientName) {
@@ -355,6 +357,7 @@ Logs.propTypes = {
    processingRules: PropTypes.bool,
    logStatusProcessing: PropTypes.bool,
    t: PropTypes.func,
+    getClients: PropTypes.func.isRequired,
 };

 export default withNamespaces()(Logs);
--- a/client/src/components/Settings/Clients/AutoClients.js
+++ b/client/src/components/Settings/Clients/AutoClients.js
@@ -0,0 +1,118 @@
+import React, { Component } from 'react';
+import PropTypes from 'prop-types';
+import { withNamespaces } from 'react-i18next';
+import ReactTable from 'react-table';
+
+import { CLIENT_ID } from '../../../helpers/constants';
+import Card from '../../ui/Card';
+
+class AutoClients extends Component {
+    getClient = (name, clients) => {
+        const client = clients.find(item => name === item.name);
+
+        if (client) {
+            const identifier = client.mac ? CLIENT_ID.MAC : CLIENT_ID.IP;
+
+            return {
+                identifier,
+                use_global_settings: true,
+                ...client,
+            };
+        }
+
+        return {
+            identifier: 'ip',
+            use_global_settings: true,
+        };
+    };
+
+    getStats = (ip, stats) => {
+        if (stats && stats.top_clients) {
+            return stats.top_clients[ip];
+        }
+
+        return '';
+    };
+
+    cellWrap = ({ value }) => (
+        <div className="logs__row logs__row--overflow">
+            <span className="logs__text" title={value}>
+                {value}
+            </span>
+        </div>
+    );
+
+    columns = [
+        {
+            Header: this.props.t('table_client'),
+            accessor: 'ip',
+            Cell: this.cellWrap,
+        },
+        {
+            Header: this.props.t('table_name'),
+            accessor: 'name',
+            Cell: this.cellWrap,
+        },
+        {
+            Header: this.props.t('source_label'),
+            accessor: 'source',
+            Cell: this.cellWrap,
+        },
+        {
+            Header: this.props.t('table_statistics'),
+            accessor: 'statistics',
+            Cell: (row) => {
+                const clientIP = row.original.ip;
+                const clientStats = clientIP && this.getStats(clientIP, this.props.topStats);
+
+                if (clientStats) {
+                    return (
+                        <div className="logs__row">
+                            <div className="logs__text" title={clientStats}>
+                                {clientStats}
+                            </div>
+                        </div>
+                    );
+                }
+
+                return '–';
+            },
+        },
+    ];
+
+    render() {
+        const { t, autoClients } = this.props;
+
+        return (
+            <Card
+                title={t('auto_clients_title')}
+                subtitle={t('auto_clients_desc')}
+                bodyType="card-body box-body--settings"
+            >
+                <ReactTable
+                    data={autoClients || []}
+                    columns={this.columns}
+                    className="-striped -highlight card-table-overflow"
+                    showPagination={true}
+                    defaultPageSize={10}
+                    minRows={5}
+                    previousText={t('previous_btn')}
+                    nextText={t('next_btn')}
+                    loadingText={t('loading_table_status')}
+                    pageText={t('page_table_footer_text')}
+                    ofText={t('of_table_footer_text')}
+                    rowsText={t('rows_table_footer_text')}
+                    noDataText={t('clients_not_found')}
+                />
+            </Card>
+        );
+    }
+}
+
+AutoClients.propTypes = {
+    t: PropTypes.func.isRequired,
+    autoClients: PropTypes.array.isRequired,
+    topStats: PropTypes.object.isRequired,
+};
+
+export default withNamespaces()(AutoClients);
--- a/client/src/components/Settings/Clients/ClientsTable.js
+++ b/client/src/components/Settings/Clients/ClientsTable.js
@@ -0,0 +1,260 @@
+import React, { Component, Fragment } from 'react';
+import PropTypes from 'prop-types';
+import { Trans, withNamespaces } from 'react-i18next';
+import ReactTable from 'react-table';
+
+import { MODAL_TYPE, CLIENT_ID } from '../../../helpers/constants';
+import Card from '../../ui/Card';
+import Modal from './Modal';
+
+class ClientsTable extends Component {
+    handleFormAdd = (values) => {
+        this.props.addClient(values);
+    };
+
+    handleFormUpdate = (values, name) => {
+        this.props.updateClient(values, name);
+    };
+
+    handleSubmit = (values) => {
+        if (this.props.modalType === MODAL_TYPE.EDIT) {
+            this.handleFormUpdate(values, this.props.modalClientName);
+        } else {
+            this.handleFormAdd(values);
+        }
+    };
+
+    cellWrap = ({ value }) => (
+        <div className="logs__row logs__row--overflow">
+            <span className="logs__text" title={value}>
+                {value}
+            </span>
+        </div>
+    );
+
+    getClient = (name, clients) => {
+        const client = clients.find(item => name === item.name);
+
+        if (client) {
+            const identifier = client.mac ? CLIENT_ID.MAC : CLIENT_ID.IP;
+
+            return {
+                identifier,
+                use_global_settings: true,
+                ...client,
+            };
+        }
+
+        return {
+            identifier: CLIENT_ID.IP,
+            use_global_settings: true,
+        };
+    };
+
+    getStats = (ip, stats) => {
+        if (stats && stats.top_clients) {
+            return stats.top_clients[ip];
+        }
+
+        return '';
+    };
+
+    handleDelete = (data) => {
+        // eslint-disable-next-line no-alert
+        if (window.confirm(this.props.t('client_confirm_delete', { key: data.name }))) {
+            this.props.deleteClient(data);
+        }
+    };
+
+    columns = [
+        {
+            Header: this.props.t('table_client'),
+            accessor: 'ip',
+            Cell: (row) => {
+                if (row.original && row.original.mac) {
+                    return (
+                        <div className="logs__row logs__row--overflow">
+                            <span className="logs__text" title={row.original.mac}>
+                                {row.original.mac} <em>(MAC)</em>
+                            </span>
+                        </div>
+                    );
+                } else if (row.value) {
+                    return (
+                        <div className="logs__row logs__row--overflow">
+                            <span className="logs__text" title={row.value}>
+                                {row.value} <em>(IP)</em>
+                            </span>
+                        </div>
+                    );
+                }
+
+                return '';
+            },
+        },
+        {
+            Header: this.props.t('table_name'),
+            accessor: 'name',
+            Cell: this.cellWrap,
+        },
+        {
+            Header: this.props.t('settings'),
+            accessor: 'use_global_settings',
+            Cell: ({ value }) => {
+                const title = value ? (
+                    <Trans>settings_global</Trans>
+                ) : (
+                    <Trans>settings_custom</Trans>
+                );
+
+                return (
+                    <div className="logs__row logs__row--overflow">
+                        <div className="logs__text" title={title}>
+                            {title}
+                        </div>
+                    </div>
+                );
+            },
+        },
+        {
+            Header: this.props.t('table_statistics'),
+            accessor: 'statistics',
+            Cell: (row) => {
+                const clientIP = row.original.ip;
+                const clientStats = clientIP && this.getStats(clientIP, this.props.topStats);
+
+                if (clientStats) {
+                    return (
+                        <div className="logs__row">
+                            <div className="logs__text" title={clientStats}>
+                                {clientStats}
+                            </div>
+                        </div>
+                    );
+                }
+
+                return '–';
+            },
+        },
+        {
+            Header: this.props.t('actions_table_header'),
+            accessor: 'actions',
+            maxWidth: 150,
+            Cell: (row) => {
+                const clientName = row.original.name;
+                const {
+                    toggleClientModal, processingDeleting, processingUpdating, t,
+                } = this.props;
+
+                return (
+                    <div className="logs__row logs__row--center">
+                        <button
+                            type="button"
+                            className="btn btn-icon btn-outline-primary btn-sm mr-2"
+                            onClick={() =>
+                                toggleClientModal({
+                                    type: MODAL_TYPE.EDIT,
+                                    name: clientName,
+                                })
+                            }
+                            disabled={processingUpdating}
+                            title={t('edit_table_action')}
+                        >
+                            <svg className="icons">
+                                <use xlinkHref="#edit" />
+                            </svg>
+                        </button>
+                        <button
+                            type="button"
+                            className="btn btn-icon btn-outline-secondary btn-sm"
+                            onClick={() => this.handleDelete({ name: clientName })}
+                            disabled={processingDeleting}
+                            title={t('delete_table_action')}
+                        >
+                            <svg className="icons">
+                                <use xlinkHref="#delete" />
+                            </svg>
+                        </button>
+                    </div>
+                );
+            },
+        },
+    ];
+
+    render() {
+        const {
+            t,
+            clients,
+            isModalOpen,
+            modalType,
+            modalClientName,
+            toggleClientModal,
+            processingAdding,
+            processingUpdating,
+        } = this.props;
+
+        const currentClientData = this.getClient(modalClientName, clients);
+
+        return (
+            <Card
+                title={t('clients_title')}
+                subtitle={t('clients_desc')}
+                bodyType="card-body box-body--settings"
+            >
+                <Fragment>
+                    <ReactTable
+                        data={clients || []}
+                        columns={this.columns}
+                        className="-striped -highlight card-table-overflow"
+                        showPagination={true}
+                        defaultPageSize={10}
+                        minRows={5}
+                        previousText={t('previous_btn')}
+                        nextText={t('next_btn')}
+                        loadingText={t('loading_table_status')}
+                        pageText={t('page_table_footer_text')}
+                        ofText={t('of_table_footer_text')}
+                        rowsText={t('rows_table_footer_text')}
+                        noDataText={t('clients_not_found')}
+                    />
+                    <button
+                        type="button"
+                        className="btn btn-success btn-standard mt-3"
+                        onClick={() => toggleClientModal(MODAL_TYPE.ADD)}
+                        disabled={processingAdding}
+                    >
+                        <Trans>client_add</Trans>
+                    </button>
+
+                    <Modal
+                        isModalOpen={isModalOpen}
+                        modalType={modalType}
+                        toggleClientModal={toggleClientModal}
+                        currentClientData={currentClientData}
+                        handleSubmit={this.handleSubmit}
+                        processingAdding={processingAdding}
+                        processingUpdating={processingUpdating}
+                    />
+                </Fragment>
+            </Card>
+        );
+    }
+}
+
+ClientsTable.propTypes = {
+    t: PropTypes.func.isRequired,
+    clients: PropTypes.array.isRequired,
+    topStats: PropTypes.object.isRequired,
+    toggleClientModal: PropTypes.func.isRequired,
+    deleteClient: PropTypes.func.isRequired,
+    addClient: PropTypes.func.isRequired,
+    updateClient: PropTypes.func.isRequired,
+    isModalOpen: PropTypes.bool.isRequired,
+    modalType: PropTypes.string.isRequired,
+    modalClientName: PropTypes.string.isRequired,
+    processingAdding: PropTypes.bool.isRequired,
+    processingDeleting: PropTypes.bool.isRequired,
+    processingUpdating: PropTypes.bool.isRequired,
+};
+
+export default withNamespaces()(ClientsTable);
--- a/client/src/components/Settings/Clients/Form.js
+++ b/client/src/components/Settings/Clients/Form.js
@@ -0,0 +1,217 @@
+import React from 'react';
+import { connect } from 'react-redux';
+import PropTypes from 'prop-types';
+import { Field, reduxForm, formValueSelector } from 'redux-form';
+import { Trans, withNamespaces } from 'react-i18next';
+import flow from 'lodash/flow';
+
+import { renderField, renderSelectField, ipv4, mac, required } from '../../../helpers/form';
+import { CLIENT_ID } from '../../../helpers/constants';
+
+let Form = (props) => {
+    const {
+        t,
+        handleSubmit,
+        reset,
+        pristine,
+        submitting,
+        clientIdentifier,
+        useGlobalSettings,
+        toggleClientModal,
+        processingAdding,
+        processingUpdating,
+    } = props;
+
+    return (
+        <form onSubmit={handleSubmit}>
+            <div className="modal-body">
+                <div className="form__group">
+                    <div className="form-inline mb-3">
+                        <strong className="mr-3">
+                            <Trans>client_identifier</Trans>
+                        </strong>
+                        <label className="mr-3">
+                            <Field
+                                name="identifier"
+                                component={renderField}
+                                type="radio"
+                                className="form-control mr-2"
+                                value="ip"
+                            />{' '}
+                            <Trans>ip_address</Trans>
+                        </label>
+                        <label>
+                            <Field
+                                name="identifier"
+                                component={renderField}
+                                type="radio"
+                                className="form-control mr-2"
+                                value="mac"
+                            />{' '}
+                            MAC
+                        </label>
+                    </div>
+                    {clientIdentifier === CLIENT_ID.IP && (
+                        <div className="form__group">
+                            <Field
+                                id="ip"
+                                name="ip"
+                                component={renderField}
+                                type="text"
+                                className="form-control"
+                                placeholder={t('form_enter_ip')}
+                                validate={[ipv4, required]}
+                            />
+                        </div>
+                    )}
+                    {clientIdentifier === CLIENT_ID.MAC && (
+                        <div className="form__group">
+                            <Field
+                                id="mac"
+                                name="mac"
+                                component={renderField}
+                                type="text"
+                                className="form-control"
+                                placeholder={t('form_enter_mac')}
+                                validate={[mac, required]}
+                            />
+                        </div>
+                    )}
+                    <div className="form__desc">
+                        <Trans
+                            components={[
+                                <a href="#dhcp" key="0">
+                                    link
+                                </a>,
+                            ]}
+                        >
+                            client_identifier_desc
+                        </Trans>
+                    </div>
+                </div>
+
+                <div className="form__group">
+                    <Field
+                        id="name"
+                        name="name"
+                        component={renderField}
+                        type="text"
+                        className="form-control"
+                        placeholder={t('form_client_name')}
+                        validate={[required]}
+                    />
+                </div>
+
+                <div className="mb-4">
+                    <strong>
+                        <Trans>settings</Trans>
+                    </strong>
+                </div>
+
+                <div className="form__group">
+                    <Field
+                        name="use_global_settings"
+                        type="checkbox"
+                        component={renderSelectField}
+                        placeholder={t('client_global_settings')}
+                    />
+                </div>
+
+                <div className="form__group">
+                    <Field
+                        name="filtering_enabled"
+                        type="checkbox"
+                        component={renderSelectField}
+                        placeholder={t('block_domain_use_filters_and_hosts')}
+                        disabled={useGlobalSettings}
+                    />
+                </div>
+
+                <div className="form__group">
+                    <Field
+                        name="safebrowsing_enabled"
+                        type="checkbox"
+                        component={renderSelectField}
+                        placeholder={t('use_adguard_browsing_sec')}
+                        disabled={useGlobalSettings}
+                    />
+                </div>
+
+                <div className="form__group">
+                    <Field
+                        name="parental_enabled"
+                        type="checkbox"
+                        component={renderSelectField}
+                        placeholder={t('use_adguard_parental')}
+                        disabled={useGlobalSettings}
+                    />
+                </div>
+
+                <div className="form__group">
+                    <Field
+                        name="safesearch_enabled"
+                        type="checkbox"
+                        component={renderSelectField}
+                        placeholder={t('enforce_safe_search')}
+                        disabled={useGlobalSettings}
+                    />
+                </div>
+            </div>
+
+            <div className="modal-footer">
+                <div className="btn-list">
+                    <button
+                        type="button"
+                        className="btn btn-secondary btn-standard"
+                        disabled={submitting}
+                        onClick={() => {
+                            reset();
+                            toggleClientModal();
+                        }}
+                    >
+                        <Trans>cancel_btn</Trans>
+                    </button>
+                    <button
+                        type="submit"
+                        className="btn btn-success btn-standard"
+                        disabled={submitting || pristine || processingAdding || processingUpdating}
+                    >
+                        <Trans>save_btn</Trans>
+                    </button>
+                </div>
+            </div>
+        </form>
+    );
+};
+
+Form.propTypes = {
+    pristine: PropTypes.bool.isRequired,
+    handleSubmit: PropTypes.func.isRequired,
+    reset: PropTypes.func.isRequired,
+    submitting: PropTypes.bool.isRequired,
+    toggleClientModal: PropTypes.func.isRequired,
+    clientIdentifier: PropTypes.string,
+    useGlobalSettings: PropTypes.bool,
+    t: PropTypes.func.isRequired,
+    processingAdding: PropTypes.bool.isRequired,
+    processingUpdating: PropTypes.bool.isRequired,
+};
+
+const selector = formValueSelector('clientForm');
+
+Form = connect((state) => {
+    const clientIdentifier = selector(state, 'identifier');
+    const useGlobalSettings = selector(state, 'use_global_settings');
+    return {
+        clientIdentifier,
+        useGlobalSettings,
+    };
+})(Form);
+
+export default flow([
+    withNamespaces(),
+    reduxForm({
+        form: 'clientForm',
+        enableReinitialize: true,
+    }),
+])(Form);
--- a/client/src/components/Settings/Clients/Modal.js
+++ b/client/src/components/Settings/Clients/Modal.js
@@ -0,0 +1,64 @@
+import React from 'react';
+import PropTypes from 'prop-types';
+import { Trans, withNamespaces } from 'react-i18next';
+import ReactModal from 'react-modal';
+
+import { MODAL_TYPE } from '../../../helpers/constants';
+import Form from './Form';
+
+const Modal = (props) => {
+    const {
+        isModalOpen,
+        modalType,
+        currentClientData,
+        handleSubmit,
+        toggleClientModal,
+        processingAdding,
+        processingUpdating,
+    } = props;
+
+    return (
+        <ReactModal
+            className="Modal__Bootstrap modal-dialog modal-dialog-centered modal-dialog--clients"
+            closeTimeoutMS={0}
+            isOpen={isModalOpen}
+            onRequestClose={() => toggleClientModal()}
+        >
+            <div className="modal-content">
+                <div className="modal-header">
+                    <h4 className="modal-title">
+                        {modalType === MODAL_TYPE.EDIT ? (
+                            <Trans>client_edit</Trans>
+                        ) : (
+                            <Trans>client_new</Trans>
+                        )}
+                    </h4>
+                    <button type="button" className="close" onClick={() => toggleClientModal()}>
+                        <span className="sr-only">Close</span>
+                    </button>
+                </div>
+                <Form
+                    initialValues={{
+                        ...currentClientData,
+                    }}
+                    onSubmit={handleSubmit}
+                    toggleClientModal={toggleClientModal}
+                    processingAdding={processingAdding}
+                    processingUpdating={processingUpdating}
+                />
+            </div>
+        </ReactModal>
+    );
+};
+
+Modal.propTypes = {
+    isModalOpen: PropTypes.bool.isRequired,
+    modalType: PropTypes.string.isRequired,
+    currentClientData: PropTypes.object.isRequired,
+    handleSubmit: PropTypes.func.isRequired,
+    toggleClientModal: PropTypes.func.isRequired,
+    processingAdding: PropTypes.bool.isRequired,
+    processingUpdating: PropTypes.bool.isRequired,
+};
+
+export default withNamespaces()(Modal);
--- a/client/src/components/Settings/Clients/index.js
+++ b/client/src/components/Settings/Clients/index.js
@@ -0,0 +1,71 @@
+import React, { Component, Fragment } from 'react';
+import { withNamespaces } from 'react-i18next';
+import PropTypes from 'prop-types';
+
+import ClientsTable from './ClientsTable';
+import AutoClients from './AutoClients';
+import PageTitle from '../../ui/PageTitle';
+import Loading from '../../ui/Loading';
+
+class Clients extends Component {
+    componentDidMount() {
+        this.props.getClients();
+        this.props.getTopStats();
+    }
+
+    render() {
+        const {
+            t,
+            dashboard,
+            clients,
+            addClient,
+            updateClient,
+            deleteClient,
+            toggleClientModal,
+        } = this.props;
+
+        return (
+            <Fragment>
+                <PageTitle title={t('client_settings')} />
+                {(dashboard.processingTopStats || dashboard.processingClients) && <Loading />}
+                {!dashboard.processingTopStats && !dashboard.processingClients && (
+                    <Fragment>
+                        <ClientsTable
+                            clients={dashboard.clients}
+                            topStats={dashboard.topStats}
+                            isModalOpen={clients.isModalOpen}
+                            modalClientName={clients.modalClientName}
+                            modalType={clients.modalType}
+                            addClient={addClient}
+                            updateClient={updateClient}
+                            deleteClient={deleteClient}
+                            toggleClientModal={toggleClientModal}
+                            processingAdding={clients.processingAdding}
+                            processingDeleting={clients.processingDeleting}
+                            processingUpdating={clients.processingUpdating}
+                        />
+                        <AutoClients
+                            autoClients={dashboard.autoClients}
+                            topStats={dashboard.topStats}
+                        />
+                    </Fragment>
+                )}
+            </Fragment>
+        );
+    }
+}
+
+Clients.propTypes = {
+    t: PropTypes.func.isRequired,
+    dashboard: PropTypes.object.isRequired,
+    clients: PropTypes.object.isRequired,
+    toggleClientModal: PropTypes.func.isRequired,
+    deleteClient: PropTypes.func.isRequired,
+    addClient: PropTypes.func.isRequired,
+    updateClient: PropTypes.func.isRequired,
+    getClients: PropTypes.func.isRequired,
+    getTopStats: PropTypes.func.isRequired,
+    topStats: PropTypes.object,
+};
+
+export default withNamespaces()(Clients);
--- a/client/src/components/Settings/Dhcp/Form.js
+++ b/client/src/components/Settings/Dhcp/Form.js
@@ -1,22 +1,97 @@
 import React from 'react';
+import { connect } from 'react-redux';
 import PropTypes from 'prop-types';
-import { Field, reduxForm } from 'redux-form';
-import { withNamespaces } from 'react-i18next';
+import { Field, reduxForm, formValueSelector } from 'redux-form';
+import { Trans, withNamespaces } from 'react-i18next';
 import flow from 'lodash/flow';

 import { renderField, required, ipv4, isPositive, toNumber } from '../../../helpers/form';

-const Form = (props) => {
+const renderInterfaces = (interfaces => (
+    Object.keys(interfaces).map((item) => {
+        const option = interfaces[item];
+        const { name } = option;
+        const onlyIPv6 = option.ip_addresses.every(ip => ip.includes(':'));
+        let interfaceIP = option.ip_addresses[0];
+
+        if (!onlyIPv6) {
+            option.ip_addresses.forEach((ip) => {
+                if (!ip.includes(':')) {
+                    interfaceIP = ip;
+                }
+            });
+        }
+
+        return (
+            <option value={name} key={name} disabled={onlyIPv6}>
+                {name} - {interfaceIP}
+            </option>
+        );
+    })
+));
+
+const renderInterfaceValues = (interfaceValues => (
+    <ul className="list-unstyled mt-1 mb-0">
+        <li>
+            <span className="interface__title">MTU: </span>
+            {interfaceValues.mtu}
+        </li>
+        <li>
+            <span className="interface__title"><Trans>dhcp_hardware_address</Trans>: </span>
+            {interfaceValues.hardware_address}
+        </li>
+        <li>
+            <span className="interface__title"><Trans>dhcp_ip_addresses</Trans>: </span>
+            {
+                interfaceValues.ip_addresses
+                    .map(ip => <span key={ip} className="interface__ip">{ip}</span>)
+            }
+        </li>
+    </ul>
+));
+
+let Form = (props) => {
    const {
        t,
        handleSubmit,
        submitting,
        invalid,
+        enabled,
+        interfaces,
+        interfaceValue,
        processingConfig,
+        processingInterfaces,
    } = props;

    return (
        <form onSubmit={handleSubmit}>
+            {!processingInterfaces && interfaces &&
+                <div className="row">
+                    <div className="col-sm-12 col-md-6">
+                        <div className="form__group form__group--settings">
+                            <label>{t('dhcp_interface_select')}</label>
+                            <Field
+                                name="interface_name"
+                                component="select"
+                                className="form-control custom-select"
+                                validate={[required]}
+                            >
+                                <option value="" disabled={enabled}>
+                                    {t('dhcp_interface_select')}
+                                </option>
+                                {renderInterfaces(interfaces)}
+                            </Field>
+                        </div>
+                    </div>
+                    {interfaceValue &&
+                        <div className="col-sm-12 col-md-6">
+                            {interfaces[interfaceValue] &&
+                                renderInterfaceValues(interfaces[interfaceValue])}
+                        </div>
+                    }
+                </div>
+            }
+            <hr/>
            <div className="row">
                <div className="col-lg-6">
                    <div className="form__group form__group--settings">
@@ -101,11 +176,24 @@ Form.propTypes = {
    submitting: PropTypes.bool,
    invalid: PropTypes.bool,
    interfaces: PropTypes.object,
+    interfaceValue: PropTypes.string,
    initialValues: PropTypes.object,
    processingConfig: PropTypes.bool,
+    processingInterfaces: PropTypes.bool,
+    enabled: PropTypes.bool,
    t: PropTypes.func,
 };

+
+const selector = formValueSelector('dhcpForm');
+
+Form = connect((state) => {
+    const interfaceValue = selector(state, 'interface_name');
+    return {
+        interfaceValue,
+    };
+})(Form);
+
 export default flow([
    withNamespaces(),
    reduxForm({ form: 'dhcpForm' }),
--- a/client/src/components/Settings/Dhcp/Interface.js
+++ b/client/src/components/Settings/Dhcp/Interface.js
@@ -1,114 +0,0 @@
-import React from 'react';
-import { connect } from 'react-redux';
-import PropTypes from 'prop-types';
-import { Field, reduxForm, formValueSelector } from 'redux-form';
-import { withNamespaces, Trans } from 'react-i18next';
-import flow from 'lodash/flow';
-
-const renderInterfaces = (interfaces => (
-    Object.keys(interfaces).map((item) => {
-        const option = interfaces[item];
-        const { name } = option;
-        const onlyIPv6 = option.ip_addresses.every(ip => ip.includes(':'));
-        let interfaceIP = option.ip_addresses[0];
-
-        if (!onlyIPv6) {
-            option.ip_addresses.forEach((ip) => {
-                if (!ip.includes(':')) {
-                    interfaceIP = ip;
-                }
-            });
-        }
-
-        return (
-            <option value={name} key={name} disabled={onlyIPv6}>
-                {name} - {interfaceIP}
-            </option>
-        );
-    })
-));
-
-const renderInterfaceValues = (interfaceValues => (
-    <ul className="list-unstyled mt-1 mb-0">
-        <li>
-            <span className="interface__title">MTU: </span>
-            {interfaceValues.mtu}
-        </li>
-        <li>
-            <span className="interface__title"><Trans>dhcp_hardware_address</Trans>: </span>
-            {interfaceValues.hardware_address}
-        </li>
-        <li>
-            <span className="interface__title"><Trans>dhcp_ip_addresses</Trans>: </span>
-            {
-                interfaceValues.ip_addresses
-                    .map(ip => <span key={ip} className="interface__ip">{ip}</span>)
-            }
-        </li>
-    </ul>
-));
-
-let Interface = (props) => {
-    const {
-        t,
-        handleChange,
-        interfaces,
-        processing,
-        interfaceValue,
-        enabled,
-    } = props;
-
-    return (
-        <form>
-            {!processing && interfaces &&
-                <div className="row">
-                    <div className="col-sm-12 col-md-6">
-                        <div className="form__group form__group--settings">
-                            <label>{t('dhcp_interface_select')}</label>
-                            <Field
-                                name="interface_name"
-                                component="select"
-                                className="form-control custom-select"
-                                onChange={handleChange}
-                            >
-                                <option value="" disabled={enabled}>{t('dhcp_interface_select')}</option>
-                                {renderInterfaces(interfaces)}
-                            </Field>
-                        </div>
-                    </div>
-                    {interfaceValue &&
-                        <div className="col-sm-12 col-md-6">
-                            {interfaces[interfaceValue] &&
-                                renderInterfaceValues(interfaces[interfaceValue])}
-                        </div>
-                    }
-                </div>
-            }
-            <hr/>
-        </form>
-    );
-};
-
-Interface.propTypes = {
-    handleChange: PropTypes.func,
-    interfaces: PropTypes.object,
-    processing: PropTypes.bool,
-    interfaceValue: PropTypes.string,
-    initialValues: PropTypes.object,
-    enabled: PropTypes.bool,
-    t: PropTypes.func,
-};
-
-const selector = formValueSelector('dhcpInterface');
-
-Interface = connect((state) => {
-    const interfaceValue = selector(state, 'interface_name');
-    return {
-        interfaceValue,
-    };
-})(Interface);
-
-export default flow([
-    withNamespaces(),
-    reduxForm({ form: 'dhcpInterface' }),
-])(Interface);
--- a/client/src/components/Settings/Dhcp/StaticLeases/Form.js
+++ b/client/src/components/Settings/Dhcp/StaticLeases/Form.js
@@ -0,0 +1,96 @@
+import React from 'react';
+import PropTypes from 'prop-types';
+import { Field, reduxForm } from 'redux-form';
+import { Trans, withNamespaces } from 'react-i18next';
+import flow from 'lodash/flow';
+
+import { renderField, ipv4, mac, required } from '../../../../helpers/form';
+
+const Form = (props) => {
+    const {
+        t,
+        handleSubmit,
+        reset,
+        pristine,
+        submitting,
+        toggleLeaseModal,
+        processingAdding,
+    } = props;
+
+    return (
+        <form onSubmit={handleSubmit}>
+            <div className="modal-body">
+                <div className="form__group">
+                    <Field
+                        id="mac"
+                        name="mac"
+                        component={renderField}
+                        type="text"
+                        className="form-control"
+                        placeholder={t('form_enter_mac')}
+                        validate={[required, mac]}
+                    />
+                </div>
+                <div className="form__group">
+                    <Field
+                        id="ip"
+                        name="ip"
+                        component={renderField}
+                        type="text"
+                        className="form-control"
+                        placeholder={t('form_enter_ip')}
+                        validate={[required, ipv4]}
+                    />
+                </div>
+                <div className="form__group">
+                    <Field
+                        id="hostname"
+                        name="hostname"
+                        component={renderField}
+                        type="text"
+                        className="form-control"
+                        placeholder={t('form_enter_hostname')}
+                    />
+                </div>
+            </div>
+
+            <div className="modal-footer">
+                <div className="btn-list">
+                    <button
+                        type="button"
+                        className="btn btn-secondary btn-standard"
+                        disabled={submitting}
+                        onClick={() => {
+                            reset();
+                            toggleLeaseModal();
+                        }}
+                    >
+                        <Trans>cancel_btn</Trans>
+                    </button>
+                    <button
+                        type="submit"
+                        className="btn btn-success btn-standard"
+                        disabled={submitting || pristine || processingAdding}
+                    >
+                        <Trans>save_btn</Trans>
+                    </button>
+                </div>
+            </div>
+        </form>
+    );
+};
+
+Form.propTypes = {
+    pristine: PropTypes.bool.isRequired,
+    handleSubmit: PropTypes.func.isRequired,
+    reset: PropTypes.func.isRequired,
+    submitting: PropTypes.bool.isRequired,
+    toggleLeaseModal: PropTypes.func.isRequired,
+    processingAdding: PropTypes.bool.isRequired,
+    t: PropTypes.func.isRequired,
+};
+
+export default flow([
+    withNamespaces(),
+    reduxForm({ form: 'leaseForm' }),
+])(Form);
--- a/client/src/components/Settings/Dhcp/StaticLeases/Modal.js
+++ b/client/src/components/Settings/Dhcp/StaticLeases/Modal.js
@@ -0,0 +1,49 @@
+import React from 'react';
+import PropTypes from 'prop-types';
+import { Trans, withNamespaces } from 'react-i18next';
+import ReactModal from 'react-modal';
+
+import Form from './Form';
+
+const Modal = (props) => {
+    const {
+        isModalOpen,
+        handleSubmit,
+        toggleLeaseModal,
+        processingAdding,
+    } = props;
+
+    return (
+        <ReactModal
+            className="Modal__Bootstrap modal-dialog modal-dialog-centered modal-dialog--clients"
+            closeTimeoutMS={0}
+            isOpen={isModalOpen}
+            onRequestClose={() => toggleLeaseModal()}
+        >
+            <div className="modal-content">
+                <div className="modal-header">
+                    <h4 className="modal-title">
+                        <Trans>dhcp_new_static_lease</Trans>
+                    </h4>
+                    <button type="button" className="close" onClick={() => toggleLeaseModal()}>
+                        <span className="sr-only">Close</span>
+                    </button>
+                </div>
+                <Form
+                    onSubmit={handleSubmit}
+                    toggleLeaseModal={toggleLeaseModal}
+                    processingAdding={processingAdding}
+                />
+            </div>
+        </ReactModal>
+    );
+};
+
+Modal.propTypes = {
+    isModalOpen: PropTypes.bool.isRequired,
+    handleSubmit: PropTypes.func.isRequired,
+    toggleLeaseModal: PropTypes.func.isRequired,
+    processingAdding: PropTypes.bool.isRequired,
+};
+
+export default withNamespaces()(Modal);
--- a/client/src/components/Settings/Dhcp/StaticLeases/index.js
+++ b/client/src/components/Settings/Dhcp/StaticLeases/index.js
@@ -0,0 +1,112 @@
+import React, { Component, Fragment } from 'react';
+import PropTypes from 'prop-types';
+import ReactTable from 'react-table';
+import { Trans, withNamespaces } from 'react-i18next';
+
+import Modal from './Modal';
+
+class StaticLeases extends Component {
+    cellWrap = ({ value }) => (
+        <div className="logs__row logs__row--overflow">
+            <span className="logs__text" title={value}>
+                {value}
+            </span>
+        </div>
+    );
+
+    handleSubmit = (data) => {
+        this.props.addStaticLease(data);
+    }
+
+    handleDelete = (ip, mac, hostname = '') => {
+        const name = hostname || ip;
+        // eslint-disable-next-line no-alert
+        if (window.confirm(this.props.t('delete_confirm', { key: name }))) {
+            this.props.removeStaticLease({ ip, mac, hostname });
+        }
+    }
+
+    render() {
+        const {
+            isModalOpen,
+            toggleLeaseModal,
+            processingAdding,
+            processingDeleting,
+            staticLeases,
+            t,
+        } = this.props;
+        return (
+            <Fragment>
+                <ReactTable
+                    data={staticLeases || []}
+                    columns={[
+                        {
+                            Header: 'MAC',
+                            accessor: 'mac',
+                            Cell: this.cellWrap,
+                        },
+                        {
+                            Header: 'IP',
+                            accessor: 'ip',
+                            Cell: this.cellWrap,
+                        },
+                        {
+                            Header: <Trans>dhcp_table_hostname</Trans>,
+                            accessor: 'hostname',
+                            Cell: this.cellWrap,
+                        },
+                        {
+                            Header: <Trans>actions_table_header</Trans>,
+                            accessor: 'actions',
+                            maxWidth: 150,
+                            Cell: (row) => {
+                                const { ip, mac, hostname } = row.original;
+
+                                return (
+                                    <div className="logs__row logs__row--center">
+                                        <button
+                                            type="button"
+                                            className="btn btn-icon btn-outline-secondary btn-sm"
+                                            title={t('delete_table_action')}
+                                            disabled={processingDeleting}
+                                            onClick={() =>
+                                                this.handleDelete(ip, mac, hostname)
+                                            }
+                                        >
+                                            <svg className="icons">
+                                                <use xlinkHref="#delete" />
+                                            </svg>
+                                        </button>
+                                    </div>
+                                );
+                            },
+                        },
+                    ]}
+                    showPagination={false}
+                    noDataText={t('dhcp_static_leases_not_found')}
+                    className="-striped -highlight card-table-overflow"
+                    minRows={6}
+                />
+                <Modal
+                    isModalOpen={isModalOpen}
+                    toggleLeaseModal={toggleLeaseModal}
+                    handleSubmit={this.handleSubmit}
+                    processingAdding={processingAdding}
+                />
+            </Fragment>
+        );
+    }
+}
+
+StaticLeases.propTypes = {
+    staticLeases: PropTypes.array.isRequired,
+    isModalOpen: PropTypes.bool.isRequired,
+    toggleLeaseModal: PropTypes.func.isRequired,
+    removeStaticLease: PropTypes.func.isRequired,
+    addStaticLease: PropTypes.func.isRequired,
+    processingAdding: PropTypes.bool.isRequired,
+    processingDeleting: PropTypes.bool.isRequired,
+    t: PropTypes.func.isRequired,
+};
+
+export default withNamespaces()(StaticLeases);
--- a/client/src/components/Settings/Dhcp/index.js
+++ b/client/src/components/Settings/Dhcp/index.js
@@ -6,18 +6,27 @@ import { Trans, withNamespaces } from 'react-i18next';
 import { DHCP_STATUS_RESPONSE } from '../../../helpers/constants';
 import Form from './Form';
 import Leases from './Leases';
-import Interface from './Interface';
+import StaticLeases from './StaticLeases/index';
 import Card from '../../ui/Card';
 import Accordion from '../../ui/Accordion';
+import PageTitle from '../../ui/PageTitle';
+import Loading from '../../ui/Loading';

 class Dhcp extends Component {
+    componentDidMount() {
+        this.props.getDhcpStatus();
+        this.props.getDhcpInterfaces();
+    }
+
    handleFormSubmit = (values) => {
-        this.props.setDhcpConfig(values);
+        if (values.interface_name) {
+            this.props.setDhcpConfig(values);
+        }
    };

    handleToggle = (config) => {
        this.props.toggleDhcp(config);
-    }
+    };

    getToggleDhcpButton = () => {
        const {
@@ -52,17 +61,13 @@ class Dhcp extends Component {
                className="btn btn-standard mr-2 btn-success"
                onClick={() => this.handleToggle(config)}
                disabled={
-                    !filledConfig
-                    || !check
-                    || otherDhcpFound
-                    || processingDhcp
-                    || processingConfig
+                    !filledConfig || !check || otherDhcpFound || processingDhcp || processingConfig
                }
            >
                <Trans>dhcp_enable</Trans>
            </button>
        );
-    }
+    };

    getActiveDhcpMessage = (t, check) => {
        const { found } = check.otherServer;
@@ -93,7 +98,7 @@ class Dhcp extends Component {
                )}
            </div>
        );
-    }
+    };

    getDhcpWarning = (check) => {
        if (check.otherServer.found === DHCP_STATUS_RESPONSE.NO) {
@@ -105,7 +110,7 @@ class Dhcp extends Component {
                <Trans>dhcp_warning</Trans>
            </div>
        );
-    }
+    };

    getStaticIpWarning = (t, check, interfaceName) => {
        if (check.staticIP.static === DHCP_STATUS_RESPONSE.ERROR) {
@@ -119,21 +124,19 @@ class Dhcp extends Component {
                            </Accordion>
                        </div>
                    </div>
-                    <hr className="mt-4 mb-4"/>
+                    <hr className="mt-4 mb-4" />
                </Fragment>
            );
        } else if (
-            check.staticIP.static === DHCP_STATUS_RESPONSE.NO
-            && check.staticIP.ip
-            && interfaceName
+            check.staticIP.static === DHCP_STATUS_RESPONSE.NO &&
+            check.staticIP.ip &&
+            interfaceName
        ) {
            return (
                <Fragment>
                    <div className="text-secondary mb-2">
                        <Trans
-                            components={[
-                                <strong key="0">example</strong>,
-                            ]}
+                            components={[<strong key="0">example</strong>]}
                            values={{
                                interfaceName,
                                ipAddress: check.staticIP.ip,
@@ -142,13 +145,13 @@ class Dhcp extends Component {
                            dhcp_dynamic_ip_found
                        </Trans>
                    </div>
-                    <hr className="mt-4 mb-4"/>
+                    <hr className="mt-4 mb-4" />
                </Fragment>
            );
        }

        return '';
-    }
+    };

    render() {
        const { t, dhcp } = this.props;
@@ -156,69 +159,101 @@ class Dhcp extends Component {
            'btn btn-primary btn-standard': true,
            'btn btn-primary btn-standard btn-loading': dhcp.processingStatus,
        });
-        const {
-            enabled,
-            interface_name,
-            ...values
-        } = dhcp.config;
+        const { enabled, interface_name, ...values } = dhcp.config;

        return (
            <Fragment>
-                <Card title={ t('dhcp_title') } subtitle={ t('dhcp_description') } bodyType="card-body box-body--settings">
-                    <div className="dhcp">
-                        {!dhcp.processing &&
-                            <Fragment>
-                                <Interface
-                                    onChange={this.handleFormSubmit}
-                                    initialValues={{ interface_name }}
-                                    interfaces={dhcp.interfaces}
-                                    processing={dhcp.processingInterfaces}
-                                    enabled={dhcp.config.enabled}
-                                />
-                                <Form
-                                    onSubmit={this.handleFormSubmit}
-                                    initialValues={{ ...values }}
-                                    interfaces={dhcp.interfaces}
-                                    processingConfig={dhcp.processingConfig}
-                                />
-                                <hr/>
-                                <div className="card-actions mb-3">
-                                    {this.getToggleDhcpButton()}
-                                    <button
-                                        type="button"
-                                        className={statusButtonClass}
-                                        onClick={() =>
-                                            this.props.findActiveDhcp(dhcp.config.interface_name)
-                                        }
-                                        disabled={
-                                            dhcp.config.enabled
-                                            || !dhcp.config.interface_name
-                                            || dhcp.processingConfig
-                                        }
-                                    >
-                                        <Trans>check_dhcp_servers</Trans>
-                                    </button>
-                                </div>
-                                {!enabled && dhcp.check &&
-                                    <Fragment>
-                                        {this.getStaticIpWarning(t, dhcp.check, interface_name)}
-                                        {this.getActiveDhcpMessage(t, dhcp.check)}
-                                        {this.getDhcpWarning(dhcp.check)}
-                                    </Fragment>
-                                }
-                            </Fragment>
-                        }
-                    </div>
-                </Card>
-                {!dhcp.processing && dhcp.config.enabled &&
-                    <Card title={ t('dhcp_leases') } bodyType="card-body box-body--settings">
-                        <div className="row">
-                            <div className="col">
-                                <Leases leases={dhcp.leases} />
+                <PageTitle title={t('dhcp_settings')} />
+                {(dhcp.processing || dhcp.processingInterfaces) && <Loading />}
+                {!dhcp.processing && !dhcp.processingInterfaces && (
+                    <Fragment>
+                        <Card
+                            title={t('dhcp_title')}
+                            subtitle={t('dhcp_description')}
+                            bodyType="card-body box-body--settings"
+                        >
+                            <div className="dhcp">
+                                <Fragment>
+                                    <Form
+                                        onSubmit={this.handleFormSubmit}
+                                        initialValues={{
+                                            interface_name,
+                                            ...values,
+                                        }}
+                                        interfaces={dhcp.interfaces}
+                                        processingConfig={dhcp.processingConfig}
+                                        processingInterfaces={dhcp.processingInterfaces}
+                                        enabled={enabled}
+                                    />
+                                    <hr />
+                                    <div className="card-actions mb-3">
+                                        {this.getToggleDhcpButton()}
+                                        <button
+                                            type="button"
+                                            className={statusButtonClass}
+                                            onClick={() =>
+                                                this.props.findActiveDhcp(interface_name)
+                                            }
+                                            disabled={
+                                                enabled || !interface_name || dhcp.processingConfig
+                                            }
+                                        >
+                                            <Trans>check_dhcp_servers</Trans>
+                                        </button>
+                                    </div>
+                                    {!enabled && dhcp.check && (
+                                        <Fragment>
+                                            {this.getStaticIpWarning(t, dhcp.check, interface_name)}
+                                            {this.getActiveDhcpMessage(t, dhcp.check)}
+                                            {this.getDhcpWarning(dhcp.check)}
+                                        </Fragment>
+                                    )}
+                                </Fragment>
                            </div>
-                        </div>
-                    </Card>
-                }
+                        </Card>
+                        {dhcp.config.enabled && (
+                            <Fragment>
+                                <Card
+                                    title={t('dhcp_leases')}
+                                    bodyType="card-body box-body--settings"
+                                >
+                                    <div className="row">
+                                        <div className="col">
+                                            <Leases leases={dhcp.leases} />
+                                        </div>
+                                    </div>
+                                </Card>
+                                <Card
+                                    title={t('dhcp_static_leases')}
+                                    bodyType="card-body box-body--settings"
+                                >
+                                    <div className="row">
+                                        <div className="col-12">
+                                            <StaticLeases
+                                                staticLeases={dhcp.staticLeases}
+                                                isModalOpen={dhcp.isModalOpen}
+                                                addStaticLease={this.props.addStaticLease}
+                                                removeStaticLease={this.props.removeStaticLease}
+                                                toggleLeaseModal={this.props.toggleLeaseModal}
+                                                processingAdding={dhcp.processingAdding}
+                                                processingDeleting={dhcp.processingDeleting}
+                                            />
+                                        </div>
+                                        <div className="col-12">
+                                            <button
+                                                type="button"
+                                                className="btn btn-success btn-standard mt-3"
+                                                onClick={() => this.props.toggleLeaseModal()}
+                                            >
+                                                <Trans>dhcp_add_static_lease</Trans>
+                                            </button>
+                                        </div>
+                                    </div>
+                                </Card>
+                            </Fragment>
+                        )}
+                    </Fragment>
+                )}
            </Fragment>
        );
    }
@@ -230,7 +265,10 @@ Dhcp.propTypes = {
    getDhcpStatus: PropTypes.func,
    setDhcpConfig: PropTypes.func,
    findActiveDhcp: PropTypes.func,
-    handleSubmit: PropTypes.func,
+    addStaticLease: PropTypes.func,
+    removeStaticLease: PropTypes.func,
+    toggleLeaseModal: PropTypes.func,
+    getDhcpInterfaces: PropTypes.func,
    t: PropTypes.func,
 };

--- a/client/src/components/Settings/Dns/Access/Form.js
+++ b/client/src/components/Settings/Dns/Access/Form.js
@@ -0,0 +1,80 @@
+import React from 'react';
+import PropTypes from 'prop-types';
+import { Field, reduxForm } from 'redux-form';
+import { Trans, withNamespaces } from 'react-i18next';
+import flow from 'lodash/flow';
+
+const Form = (props) => {
+    const { handleSubmit, submitting, invalid } = props;
+
+    return (
+        <form onSubmit={handleSubmit}>
+            <div className="form__group mb-5">
+                <label className="form__label form__label--with-desc" htmlFor="allowed_clients">
+                    <Trans>access_allowed_title</Trans>
+                </label>
+                <div className="form__desc form__desc--top">
+                    <Trans>access_allowed_desc</Trans>
+                </div>
+                <Field
+                    id="allowed_clients"
+                    name="allowed_clients"
+                    component="textarea"
+                    type="text"
+                    className="form-control form-control--textarea"
+                />
+            </div>
+            <div className="form__group mb-5">
+                <label className="form__label form__label--with-desc" htmlFor="disallowed_clients">
+                    <Trans>access_disallowed_title</Trans>
+                </label>
+                <div className="form__desc form__desc--top">
+                    <Trans>access_disallowed_desc</Trans>
+                </div>
+                <Field
+                    id="disallowed_clients"
+                    name="disallowed_clients"
+                    component="textarea"
+                    type="text"
+                    className="form-control form-control--textarea"
+                />
+            </div>
+            <div className="form__group mb-5">
+                <label className="form__label form__label--with-desc" htmlFor="blocked_hosts">
+                    <Trans>access_blocked_title</Trans>
+                </label>
+                <div className="form__desc form__desc--top">
+                    <Trans>access_blocked_desc</Trans>
+                </div>
+                <Field
+                    id="blocked_hosts"
+                    name="blocked_hosts"
+                    component="textarea"
+                    type="text"
+                    className="form-control form-control--textarea"
+                />
+            </div>
+            <div className="card-actions">
+                <div className="btn-list">
+                    <button
+                        type="submit"
+                        className="btn btn-success btn-standard"
+                        disabled={submitting || invalid}
+                    >
+                        <Trans>save_config</Trans>
+                    </button>
+                </div>
+            </div>
+        </form>
+    );
+};
+
+Form.propTypes = {
+    handleSubmit: PropTypes.func,
+    submitting: PropTypes.bool,
+    invalid: PropTypes.bool,
+    initialValues: PropTypes.object,
+    t: PropTypes.func,
+};
+
+export default flow([withNamespaces(), reduxForm({ form: 'accessForm' })])(Form);
--- a/client/src/components/Settings/Dns/Access/index.js
+++ b/client/src/components/Settings/Dns/Access/index.js
@@ -0,0 +1,43 @@
+import React, { Component } from 'react';
+import PropTypes from 'prop-types';
+import { withNamespaces } from 'react-i18next';
+
+import Form from './Form';
+import Card from '../../../ui/Card';
+
+class Access extends Component {
+    handleFormSubmit = (values) => {
+        this.props.setAccessList(values);
+    };
+
+    render() {
+        const { t, access } = this.props;
+
+        const {
+            processing,
+            processingSet,
+            ...values
+        } = access;
+
+        return (
+            <Card
+                title={t('access_title')}
+                subtitle={t('access_desc')}
+                bodyType="card-body box-body--settings"
+            >
+                <Form
+                    initialValues={values}
+                    onSubmit={this.handleFormSubmit}
+                />
+            </Card>
+        );
+    }
+}
+
+Access.propTypes = {
+    access: PropTypes.object.isRequired,
+    setAccessList: PropTypes.func.isRequired,
+    t: PropTypes.func.isRequired,
+};
+
+export default withNamespaces()(Access);
--- a/client/src/components/Settings/Dns/Upstream/Examples.js
+++ b/client/src/components/Settings/Dns/Upstream/Examples.js
@@ -4,17 +4,38 @@ import { Trans, withNamespaces } from 'react-i18next';

 const Examples = props => (
    <div className="list leading-loose">
+        <p>
+            <Trans
+                components={[
+                    <a
+                        href="https://kb.adguard.com/general/dns-providers"
+                        target="_blank"
+                        rel="noopener noreferrer"
+                        key="0"
+                    >
+                        DNS providers
+                    </a>,
+                ]}
+            >
+                dns_providers
+            </Trans>
+        </p>
        <Trans>examples_title</Trans>:
        <ol className="leading-loose">
            <li>
-                <code>1.1.1.1</code> - { props.t('example_upstream_regular') }
+                <code>1.1.1.1</code> - {props.t('example_upstream_regular')}
            </li>
            <li>
                <code>tls://1dot1dot1dot1.cloudflare-dns.com</code> –&nbsp;
                <span>
                    <Trans
                        components={[
-                            <a href="https://en.wikipedia.org/wiki/DNS_over_TLS" target="_blank" rel="noopener noreferrer" key="0">
+                            <a
+                                href="https://en.wikipedia.org/wiki/DNS_over_TLS"
+                                target="_blank"
+                                rel="noopener noreferrer"
+                                key="0"
+                            >
                                DNS-over-TLS
                            </a>,
                        ]}
@@ -28,7 +49,12 @@ const Examples = props => (
                <span>
                    <Trans
                        components={[
-                            <a href="https://en.wikipedia.org/wiki/DNS_over_HTTPS" target="_blank" rel="noopener noreferrer" key="0">
+                            <a
+                                href="https://en.wikipedia.org/wiki/DNS_over_HTTPS"
+                                target="_blank"
+                                rel="noopener noreferrer"
+                                key="0"
+                            >
                                DNS-over-HTTPS
                            </a>,
                        ]}
@@ -45,13 +71,28 @@ const Examples = props => (
                <span>
                    <Trans
                        components={[
-                            <a href="https://dnscrypt.info/stamps/" target="_blank" rel="noopener noreferrer" key="0">
+                            <a
+                                href="https://dnscrypt.info/stamps/"
+                                target="_blank"
+                                rel="noopener noreferrer"
+                                key="0"
+                            >
                                DNS Stamps
                            </a>,
-                            <a href="https://dnscrypt.info/" target="_blank" rel="noopener noreferrer" key="1">
+                            <a
+                                href="https://dnscrypt.info/"
+                                target="_blank"
+                                rel="noopener noreferrer"
+                                key="1"
+                            >
                                DNSCrypt
                            </a>,
-                            <a href="https://en.wikipedia.org/wiki/DNS_over_HTTPS" target="_blank" rel="noopener noreferrer" key="2">
+                            <a
+                                href="https://en.wikipedia.org/wiki/DNS_over_HTTPS"
+                                target="_blank"
+                                rel="noopener noreferrer"
+                                key="2"
+                            >
                                DNS-over-HTTPS
                            </a>,
                        ]}
@@ -65,7 +106,12 @@ const Examples = props => (
                <span>
                    <Trans
                        components={[
-                            <a href="https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#upstreams-for-domains" target="_blank" rel="noopener noreferrer" key="0">
+                            <a
+                                href="https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#upstreams-for-domains"
+                                target="_blank"
+                                rel="noopener noreferrer"
+                                key="0"
+                            >
                                Link
                            </a>,
                        ]}
--- a/client/src/components/Settings/Dns/Upstream/Form.js
+++ b/client/src/components/Settings/Dns/Upstream/Form.js
@@ -6,7 +6,7 @@ import { Trans, withNamespaces } from 'react-i18next';
 import flow from 'lodash/flow';
 import classnames from 'classnames';

-import { renderSelectField } from '../../../helpers/form';
+import { renderSelectField } from '../../../../helpers/form';
 import Examples from './Examples';

 let Form = (props) => {
@@ -58,11 +58,11 @@ let Form = (props) => {
                </div>
                <div className="col-12">
                    <Examples />
-                    <hr/>
+                    <hr />
                </div>
                <div className="col-12">
                    <div className="form__group">
-                        <label className="form__label" htmlFor="bootstrap_dns">
+                        <label className="form__label form__label--with-desc" htmlFor="bootstrap_dns">
                            <Trans>bootstrap_dns</Trans>
                        </label>
                        <div className="form__desc form__desc--top">
@@ -84,11 +84,13 @@ let Form = (props) => {
                    <button
                        type="button"
                        className={testButtonClass}
-                        onClick={() => testUpstream({
-                            upstream_dns: upstreamDns,
-                            bootstrap_dns: bootstrapDns,
-                            all_servers: allServers,
-                        })}
+                        onClick={() =>
+                            testUpstream({
+                                upstream_dns: upstreamDns,
+                                bootstrap_dns: bootstrapDns,
+                                all_servers: allServers,
+                            })
+                        }
                        disabled={!upstreamDns || processingTestUpstream}
                    >
                        <Trans>test_upstream_btn</Trans>
@@ -97,10 +99,7 @@ let Form = (props) => {
                        type="submit"
                        className="btn btn-success btn-standard"
                        disabled={
-                            submitting
-                            || invalid
-                            || processingSetUpstream
-                            || processingTestUpstream
+                            submitting || invalid || processingSetUpstream || processingTestUpstream
                        }
                    >
                        <Trans>apply_btn</Trans>
@@ -140,5 +139,7 @@ Form = connect((state) => {

 export default flow([
    withNamespaces(),
-    reduxForm({ form: 'upstreamForm' }),
+    reduxForm({
+        form: 'upstreamForm',
+    }),
 ])(Form);
--- a/client/src/components/Settings/Dns/Upstream/index.js
+++ b/client/src/components/Settings/Dns/Upstream/index.js
@@ -3,7 +3,7 @@ import PropTypes from 'prop-types';
 import { withNamespaces } from 'react-i18next';

 import Form from './Form';
-import Card from '../../ui/Card';
+import Card from '../../../ui/Card';

 class Upstream extends Component {
    handleSubmit = (values) => {
@@ -12,7 +12,7 @@ class Upstream extends Component {

    handleTest = (values) => {
        this.props.testUpstream(values);
-    }
+    };

    render() {
        const {
@@ -26,8 +26,8 @@ class Upstream extends Component {

        return (
            <Card
-                title={ t('upstream_dns') }
-                subtitle={ t('upstream_dns_hint') }
+                title={t('upstream_dns')}
+                subtitle={t('upstream_dns_hint')}
                bodyType="card-body box-body--settings"
            >
                <div className="row">
--- a/client/src/components/Settings/Dns/index.js
+++ b/client/src/components/Settings/Dns/index.js
@@ -0,0 +1,60 @@
+import React, { Component, Fragment } from 'react';
+import PropTypes from 'prop-types';
+import { withNamespaces } from 'react-i18next';
+
+import Upstream from './Upstream';
+import Access from './Access';
+import PageTitle from '../../ui/PageTitle';
+import Loading from '../../ui/Loading';
+
+class Dns extends Component {
+    componentDidMount() {
+        this.props.getAccessList();
+    }
+
+    render() {
+        const {
+            t,
+            dashboard,
+            settings,
+            access,
+            setAccessList,
+            testUpstream,
+            setUpstream,
+        } = this.props;
+
+        return (
+            <Fragment>
+                <PageTitle title={t('dns_settings')} />
+                {(dashboard.processing || access.processing) && <Loading />}
+                {!dashboard.processing && !access.processing && (
+                    <Fragment>
+                        <Upstream
+                            upstreamDns={dashboard.upstreamDns}
+                            bootstrapDns={dashboard.bootstrapDns}
+                            allServers={dashboard.allServers}
+                            processingTestUpstream={settings.processingTestUpstream}
+                            processingSetUpstream={settings.processingSetUpstream}
+                            setUpstream={setUpstream}
+                            testUpstream={testUpstream}
+                        />
+                        <Access access={access} setAccessList={setAccessList} />
+                    </Fragment>
+                )}
+            </Fragment>
+        );
+    }
+}
+
+Dns.propTypes = {
+    dashboard: PropTypes.object.isRequired,
+    settings: PropTypes.object.isRequired,
+    setUpstream: PropTypes.func.isRequired,
+    testUpstream: PropTypes.func.isRequired,
+    getAccessList: PropTypes.func.isRequired,
+    setAccessList: PropTypes.func.isRequired,
+    access: PropTypes.object.isRequired,
+    t: PropTypes.func.isRequired,
+};
+
+export default withNamespaces()(Dns);
--- a/client/src/components/Settings/Encryption/Form.js
+++ b/client/src/components/Settings/Encryption/Form.js
@@ -6,7 +6,7 @@ import { Trans, withNamespaces } from 'react-i18next';
 import flow from 'lodash/flow';
 import format from 'date-fns/format';

-import { renderField, renderSelectField, toNumber, port, isSafePort } from '../../../helpers/form';
+import { renderField, renderSelectField, toNumber, port, portTLS, isSafePort } from '../../../helpers/form';
 import { EMPTY_DATE } from '../../../helpers/constants';
 import i18n from '../../../i18n';

@@ -66,14 +66,15 @@ let Form = (props) => {
        setTlsConfig,
    } = props;

-    const isSavingDisabled = invalid
-        || submitting
-        || processingConfig
-        || processingValidate
-        || (isEnabled && (!privateKey || !certificateChain))
-        || (privateKey && !valid_key)
-        || (certificateChain && !valid_cert)
-        || (privateKey && certificateChain && !valid_pair);
+    const isSavingDisabled =
+        invalid ||
+        submitting ||
+        processingConfig ||
+        processingValidate ||
+        (isEnabled && (!privateKey || !certificateChain)) ||
+        (privateKey && !valid_key) ||
+        (certificateChain && !valid_cert) ||
+        (privateKey && certificateChain && !valid_pair);

    return (
        <form onSubmit={handleSubmit}>
@@ -91,7 +92,7 @@ let Form = (props) => {
                    <div className="form__desc">
                        <Trans>encryption_enable_desc</Trans>
                    </div>
-                    <hr/>
+                    <hr />
                </div>
                <div className="col-12">
                    <label className="form__label" htmlFor="server_name">
@@ -166,7 +167,7 @@ let Form = (props) => {
                            type="number"
                            className="form-control"
                            placeholder={t('encryption_dot')}
-                            validate={[port]}
+                            validate={[portTLS]}
                            normalize={toNumber}
                            onChange={handleChange}
                            disabled={!isEnabled}
@@ -180,13 +181,20 @@ let Form = (props) => {
            <div className="row">
                <div className="col-12">
                    <div className="form__group form__group--settings">
-                        <label className="form__label form__label--bold" htmlFor="certificate_chain">
+                        <label
+                            className="form__label form__label--bold"
+                            htmlFor="certificate_chain"
+                        >
                            <Trans>encryption_certificates</Trans>
                        </label>
                        <div className="form__desc form__desc--top">
                            <Trans
                                values={{ link: 'letsencrypt.org' }}
-                                components={[<a href="https://letsencrypt.org/" key="0">link</a>]}
+                                components={[
+                                    <a href="https://letsencrypt.org/" key="0">
+                                        link
+                                    </a>,
+                                ]}
                            >
                                encryption_certificates_desc
                            </Trans>
@@ -202,49 +210,52 @@ let Form = (props) => {
                            disabled={!isEnabled}
                        />
                        <div className="form__status">
-                            {certificateChain &&
+                            {certificateChain && (
                                <Fragment>
                                    <div className="form__label form__label--bold">
                                        <Trans>encryption_status</Trans>:
                                    </div>
                                    <ul className="encryption__list">
-                                        <li className={valid_chain ? 'text-success' : 'text-danger'}>
-                                            {valid_chain ?
+                                        <li
+                                            className={valid_chain ? 'text-success' : 'text-danger'}
+                                        >
+                                            {valid_chain ? (
                                                <Trans>encryption_chain_valid</Trans>
-                                                : <Trans>encryption_chain_invalid</Trans>
-                                            }
+                                            ) : (
+                                                <Trans>encryption_chain_invalid</Trans>
+                                            )}
                                        </li>
-                                        {valid_cert &&
+                                        {valid_cert && (
                                            <Fragment>
-                                                {subject &&
+                                                {subject && (
                                                    <li>
                                                        <Trans>encryption_subject</Trans>:&nbsp;
                                                        {subject}
                                                    </li>
-                                                }
-                                                {issuer &&
+                                                )}
+                                                {issuer && (
                                                    <li>
                                                        <Trans>encryption_issuer</Trans>:&nbsp;
                                                        {issuer}
                                                    </li>
-                                                }
-                                                {not_after && not_after !== EMPTY_DATE &&
+                                                )}
+                                                {not_after && not_after !== EMPTY_DATE && (
                                                    <li>
                                                        <Trans>encryption_expire</Trans>:&nbsp;
                                                        {format(not_after, 'YYYY-MM-DD HH:mm:ss')}
                                                    </li>
-                                                }
-                                                {dns_names &&
+                                                )}
+                                                {dns_names && (
                                                    <li>
                                                        <Trans>encryption_hostnames</Trans>:&nbsp;
                                                        {dns_names}
                                                    </li>
-                                                }
+                                                )}
                                            </Fragment>
-                                        }
+                                        )}
                                    </ul>
                                </Fragment>
-                            }
+                            )}
                        </div>
                    </div>
                </div>
@@ -266,35 +277,34 @@ let Form = (props) => {
                            disabled={!isEnabled}
                        />
                        <div className="form__status">
-                            {privateKey &&
+                            {privateKey && (
                                <Fragment>
                                    <div className="form__label form__label--bold">
                                        <Trans>encryption_status</Trans>:
                                    </div>
                                    <ul className="encryption__list">
                                        <li className={valid_key ? 'text-success' : 'text-danger'}>
-                                            {valid_key ?
+                                            {valid_key ? (
                                                <Trans values={{ type: key_type }}>
                                                    encryption_key_valid
                                                </Trans>
-                                                : <Trans values={{ type: key_type }}>
+                                            ) : (
+                                                <Trans values={{ type: key_type }}>
                                                    encryption_key_invalid
                                                </Trans>
-                                            }
+                                            )}
                                        </li>
                                    </ul>
                                </Fragment>
-                            }
+                            )}
                        </div>
                    </div>
                </div>
-                {warning_validation &&
+                {warning_validation && (
                    <div className="col-12">
-                        <p className="text-danger">
-                            {warning_validation}
-                        </p>
+                        <p className="text-danger">{warning_validation}</p>
                    </div>
-                }
+                )}
            </div>

            <div className="btn-list mt-2">
--- a/client/src/components/Settings/Encryption/index.js
+++ b/client/src/components/Settings/Encryption/index.js
@@ -6,11 +6,15 @@ import debounce from 'lodash/debounce';
 import { DEBOUNCE_TIMEOUT } from '../../../helpers/constants';
 import Form from './Form';
 import Card from '../../ui/Card';
+import PageTitle from '../../ui/PageTitle';
+import Loading from '../../ui/Loading';

 class Encryption extends Component {
    componentDidMount() {
-        if (this.props.encryption.enabled) {
-            this.props.validateTlsConfig(this.props.encryption);
+        const { validateTlsConfig, encryption } = this.props;
+
+        if (encryption.enabled) {
+            validateTlsConfig(encryption);
        }
    }

@@ -36,7 +40,9 @@ class Encryption extends Component {

        return (
            <div className="encryption">
-                {encryption &&
+                <PageTitle title={t('encryption_settings')} />
+                {encryption.processing && <Loading />}
+                {!encryption.processing && (
                    <Card
                        title={t('encryption_title')}
                        subtitle={t('encryption_desc')}
@@ -58,7 +64,7 @@ class Encryption extends Component {
                            {...this.props.encryption}
                        />
                    </Card>
-                }
+                )}
            </div>
        );
    }
--- a/client/src/components/Settings/Settings.css
+++ b/client/src/components/Settings/Settings.css
@@ -63,6 +63,10 @@
    font-weight: 700;
 }

+.form__label--with-desc {
+    margin-bottom: 0;
+}
+
 .form__status {
    margin-top: 10px;
    font-size: 14px;
@@ -76,3 +80,18 @@
 .encryption__list li {
    list-style: inside;
 }
+
+.btn-icon {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    width: 30px;
+    height: 30px;
+}
+
+.btn-icon-sm {
+    width: 23px;
+    height: 23px;
+    min-width: 23px;
+    padding: 5px;
+}
--- a/client/src/components/Settings/index.js
+++ b/client/src/components/Settings/index.js
@@ -1,13 +1,12 @@
 import React, { Component, Fragment } from 'react';
 import PropTypes from 'prop-types';
 import { withNamespaces, Trans } from 'react-i18next';
-import Upstream from './Upstream';
-import Dhcp from './Dhcp';
-import Encryption from './Encryption';
+
 import Checkbox from '../ui/Checkbox';
 import Loading from '../ui/Loading';
 import PageTitle from '../ui/PageTitle';
 import Card from '../ui/Card';
+
 import './Settings.css';

 class Settings extends Component {
@@ -36,9 +35,6 @@ class Settings extends Component {

    componentDidMount() {
        this.props.initSettings(this.settings);
-        this.props.getDhcpStatus();
-        this.props.getDhcpInterfaces();
-        this.props.getTlsStatus();
    }

    renderSettings = (settings) => {
@@ -46,58 +42,41 @@ class Settings extends Component {
            return Object.keys(settings).map((key) => {
                const setting = settings[key];
                const { enabled } = setting;
-                return (<Checkbox
-                    key={key}
-                    {...settings[key]}
-                    handleChange={() => this.props.toggleSetting(key, enabled)}
-                    />);
+                return (
+                    <Checkbox
+                        key={key}
+                        {...settings[key]}
+                        handleChange={() => this.props.toggleSetting(key, enabled)}
+                    />
+                );
            });
        }
        return (
-            <div><Trans>no_settings</Trans></div>
+            <div>
+                <Trans>no_settings</Trans>
+            </div>
        );
-    }
+    };

    render() {
-        const { settings, dashboard, t } = this.props;
+        const { settings, t } = this.props;
        return (
            <Fragment>
-                <PageTitle title={ t('settings') } />
+                <PageTitle title={t('general_settings')} />
                {settings.processing && <Loading />}
-                {!settings.processing &&
+                {!settings.processing && (
                    <div className="content">
                        <div className="row">
                            <div className="col-md-12">
-                                <Card title={ t('general_settings') } bodyType="card-body box-body--settings">
+                                <Card bodyType="card-body box-body--settings">
                                    <div className="form">
                                        {this.renderSettings(settings.settingsList)}
                                    </div>
                                </Card>
-                                <Upstream
-                                    upstreamDns={dashboard.upstreamDns}
-                                    bootstrapDns={dashboard.bootstrapDns}
-                                    allServers={dashboard.allServers}
-                                    setUpstream={this.props.setUpstream}
-                                    testUpstream={this.props.testUpstream}
-                                    processingTestUpstream={settings.processingTestUpstream}
-                                    processingSetUpstream={settings.processingSetUpstream}
-                                />
-                                <Encryption
-                                    encryption={this.props.encryption}
-                                    setTlsConfig={this.props.setTlsConfig}
-                                    validateTlsConfig={this.props.validateTlsConfig}
-                                />
-                                <Dhcp
-                                    dhcp={this.props.dhcp}
-                                    toggleDhcp={this.props.toggleDhcp}
-                                    getDhcpStatus={this.props.getDhcpStatus}
-                                    findActiveDhcp={this.props.findActiveDhcp}
-                                    setDhcpConfig={this.props.setDhcpConfig}
-                                />
                            </div>
                        </div>
                    </div>
-                }
+                )}
            </Fragment>
        );
    }
@@ -108,8 +87,6 @@ Settings.propTypes = {
    settings: PropTypes.object,
    settingsList: PropTypes.object,
    toggleSetting: PropTypes.func,
-    handleUpstreamChange: PropTypes.func,
-    setUpstream: PropTypes.func,
    t: PropTypes.func,
 };

--- a/client/src/components/SetupGuide/index.js
+++ b/client/src/components/SetupGuide/index.js
@@ -2,8 +2,6 @@ import React from 'react';
 import PropTypes from 'prop-types';
 import { Trans, withNamespaces } from 'react-i18next';

-import { getDnsAddress } from '../../helpers/helpers';
-
 import Guide from '../ui/Guide';
 import Card from '../ui/Card';
 import PageTitle from '../ui/PageTitle';
@@ -13,7 +11,6 @@ const SetupGuide = ({
    t,
    dashboard: {
        dnsAddresses,
-        dnsPort,
    },
 }) => (
    <div className="guide">
@@ -28,12 +25,10 @@ const SetupGuide = ({
                    <Trans>install_devices_address</Trans>:
                </div>
                <div className="mt-2 font-weight-bold">
-                    {dnsAddresses
-                        .map(ip => <li key={ip}>{getDnsAddress(ip, dnsPort)}</li>)
-                    }
+                    {dnsAddresses.map(ip => <li key={ip}>{ip}</li>)}
                </div>
            </div>
-            <Guide />
+            <Guide dnsAddresses={dnsAddresses} />
        </Card>
    </div>
 );
--- a/client/src/components/Toasts/Toast.css
+++ b/client/src/components/Toasts/Toast.css
@@ -2,7 +2,7 @@
    position: fixed;
    right: 24px;
    bottom: 24px;
-    z-index: 103;
+    z-index: 105;
    width: 345px;
 }

@@ -32,6 +32,12 @@
    overflow: hidden;
 }

+.toast__content a {
+    font-weight: 600;
+    color: #fff;
+    text-decoration: underline;
+}
+
 .toast__dismiss {
    display: block;
    flex: 0 0 auto;
--- a/client/src/components/Toasts/Toast.js
+++ b/client/src/components/Toasts/Toast.js
@@ -4,7 +4,7 @@ import { Trans, withNamespaces } from 'react-i18next';

 class Toast extends Component {
    componentDidMount() {
-        const timeout = this.props.type === 'error' ? 30000 : 5000;
+        const timeout = this.props.type === 'success' ? 5000 : 30000;

        setTimeout(() => {
            this.props.removeToast(this.props.id);
@@ -15,13 +15,25 @@ class Toast extends Component {
        return false;
    }

+    showMessage(t, type, message) {
+        if (type === 'notice') {
+            return <span dangerouslySetInnerHTML={{ __html: t(message) }} />;
+        }
+
+        return <Trans>{message}</Trans>;
+    }
+
    render() {
+        const {
+            type, id, t, message,
+        } = this.props;
+
        return (
-            <div className={`toast toast--${this.props.type}`}>
+            <div className={`toast toast--${type}`}>
                <p className="toast__content">
-                    <Trans>{this.props.message}</Trans>
+                    {this.showMessage(t, type, message)}
                </p>
-                <button className="toast__dismiss" onClick={() => this.props.removeToast(this.props.id)}>
+                <button className="toast__dismiss" onClick={() => this.props.removeToast(id)}>
                    <svg stroke="#fff" fill="none" width="20" height="20" strokeWidth="2" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><path d="m18 6-12 12"/><path d="m6 6 12 12"/></svg>
                </button>
            </div>
@@ -30,6 +42,7 @@ class Toast extends Component {
 }

 Toast.propTypes = {
+    t: PropTypes.func.isRequired,
    id: PropTypes.string.isRequired,
    message: PropTypes.string.isRequired,
    type: PropTypes.string.isRequired,
--- a/client/src/components/ui/Card.css
+++ b/client/src/components/ui/Card.css
@@ -33,21 +33,6 @@
    text-align: center;
 }

-.card-refresh {
-    height: 26px;
-    width: 26px;
-    background-size: 14px;
-    background-position: center;
-    background-repeat: no-repeat;
-    background-image: url("data:image/svg+xml;base64,PHN2ZyBmaWxsPSJub25lIiBoZWlnaHQ9IjI0IiBzdHJva2U9IiM0NjdmY2YiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIgc3Ryb2tlLXdpZHRoPSIyIiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj48cGF0aCBkPSJtMjMgNHY2aC02Ii8+PHBhdGggZD0ibTEgMjB2LTZoNiIvPjxwYXRoIGQ9Im0zLjUxIDlhOSA5IDAgMCAxIDE0Ljg1LTMuMzZsNC42NCA0LjM2bS0yMiA0IDQuNjQgNC4zNmE5IDkgMCAwIDAgMTQuODUtMy4zNiIvPjwvc3ZnPg==");
-}
-
-.card-refresh:hover,
-.card-refresh:not(:disabled):not(.disabled):active,
-.card-refresh:focus:active {
-    background-image: url("data:image/svg+xml;base64,PHN2ZyBmaWxsPSJub25lIiBoZWlnaHQ9IjI0IiBzdHJva2U9IiNmZmYiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCIgc3Ryb2tlLXdpZHRoPSIyIiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj48cGF0aCBkPSJtMjMgNHY2aC02Ii8+PHBhdGggZD0ibTEgMjB2LTZoNiIvPjxwYXRoIGQ9Im0zLjUxIDlhOSA5IDAgMCAxIDE0Ljg1LTMuMzZsNC42NCA0LjM2bS0yMiA0IDQuNjQgNC4zNmE5IDkgMCAwIDAgMTQuODUtMy4zNiIvPjwvc3ZnPg==");
-}
-
 .card-title-stats {
    font-size: 13px;
    color: #9aa0ac;
--- a/client/src/components/ui/Dropdown.css
+++ b/client/src/components/ui/Dropdown.css
@@ -0,0 +1,8 @@
+.dropdown-item.active,
+.dropdown-item:active {
+    background-color: #66b574;
+}
+
+.dropdown-menu {
+    cursor: default;
+}
--- a/client/src/components/ui/Dropdown.js
+++ b/client/src/components/ui/Dropdown.js
@@ -0,0 +1,89 @@
+import React, { Component } from 'react';
+import PropTypes from 'prop-types';
+import classnames from 'classnames';
+import { withNamespaces } from 'react-i18next';
+import enhanceWithClickOutside from 'react-click-outside';
+
+import './Dropdown.css';
+
+class Dropdown extends Component {
+    state = {
+        isOpen: false,
+    };
+
+    toggleDropdown = () => {
+        this.setState(prevState => ({ isOpen: !prevState.isOpen }));
+    };
+
+    hideDropdown = () => {
+        this.setState({ isOpen: false });
+    };
+
+    handleClickOutside = () => {
+        if (this.state.isOpen) {
+            this.hideDropdown();
+        }
+    };
+
+    render() {
+        const {
+            label,
+            controlClassName,
+            menuClassName,
+            baseClassName,
+            icon,
+            children,
+        } = this.props;
+
+        const { isOpen } = this.state;
+
+        const dropdownClass = classnames({
+            [baseClassName]: true,
+            show: isOpen,
+        });
+
+        const dropdownMenuClass = classnames({
+            [menuClassName]: true,
+            show: isOpen,
+        });
+
+        const ariaSettings = isOpen ? 'true' : 'false';
+
+        return (
+            <div className={dropdownClass}>
+                <a
+                    className={controlClassName}
+                    aria-expanded={ariaSettings}
+                    onClick={this.toggleDropdown}
+                >
+                    {icon && (
+                        <svg className="nav-icon">
+                            <use xlinkHref={`#${icon}`} />
+                        </svg>
+                    )}
+                    {label}
+                </a>
+                <div className={dropdownMenuClass} onClick={this.hideDropdown}>
+                    {children}
+                </div>
+            </div>
+        );
+    }
+}
+
+Dropdown.defaultProps = {
+    baseClassName: 'dropdown',
+    menuClassName: 'dropdown-menu dropdown-menu-arrow',
+    controlClassName: '',
+};
+
+Dropdown.propTypes = {
+    label: PropTypes.string.isRequired,
+    children: PropTypes.node.isRequired,
+    controlClassName: PropTypes.node.isRequired,
+    menuClassName: PropTypes.string.isRequired,
+    baseClassName: PropTypes.string.isRequired,
+    icon: PropTypes.string,
+};
+
+export default withNamespaces()(enhanceWithClickOutside(Dropdown));
--- a/client/src/components/ui/EncryptionTopline.js
+++ b/client/src/components/ui/EncryptionTopline.js
@@ -18,7 +18,7 @@ const EncryptionTopline = (props) => {
    if (isExpired) {
        return (
            <Topline type="danger">
-                <Trans components={[<a href="#settings" key="0">link</a>]}>
+                <Trans components={[<a href="#encryption" key="0">link</a>]}>
                    topline_expired_certificate
                </Trans>
            </Topline>
@@ -26,7 +26,7 @@ const EncryptionTopline = (props) => {
    } else if (isAboutExpire) {
        return (
            <Topline type="warning">
-                <Trans components={[<a href="#settings" key="0">link</a>]}>
+                <Trans components={[<a href="#encryption" key="0">link</a>]}>
                    topline_expiring_certificate
                </Trans>
            </Topline>
--- a/client/src/components/ui/Guide.js
+++ b/client/src/components/ui/Guide.js
@@ -1,83 +1,373 @@
-import React from 'react';
+import React, { Fragment } from 'react';
+import PropTypes from 'prop-types';
 import { Trans, withNamespaces } from 'react-i18next';

 import Tabs from '../ui/Tabs';
 import Icons from '../ui/Icons';

-const Guide = () => (
-    <div>
-        <Icons />
-        <Tabs>
-            <div label="Router">
-                <div className="tab__title">
-                    <Trans>install_devices_router</Trans>
+const Guide = (props) => {
+    const { dnsAddresses } = props;
+    const tlsAddress = (dnsAddresses && dnsAddresses.filter(item => item.includes('tls://'))) || '';
+    const httpsAddress =
+        (dnsAddresses && dnsAddresses.filter(item => item.includes('https://'))) || '';
+    const showDnsPrivacyNotice = httpsAddress.length < 1 && tlsAddress.length < 1;
+
+    return (
+        <div>
+            <Icons />
+            <Tabs>
+                <div label="Router">
+                    <div className="tab__title">
+                        <Trans>install_devices_router</Trans>
+                    </div>
+                    <div className="tab__text">
+                        <p>
+                            <Trans>install_devices_router_desc</Trans>
+                        </p>
+                        <ol>
+                            <li>
+                                <Trans>install_devices_router_list_1</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_router_list_2</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_router_list_3</Trans>
+                            </li>
+                        </ol>
+                    </div>
                </div>
-                <div className="tab__text">
-                    <p><Trans>install_devices_router_desc</Trans></p>
-                    <ol>
-                        <li><Trans>install_devices_router_list_1</Trans></li>
-                        <li><Trans>install_devices_router_list_2</Trans></li>
-                        <li><Trans>install_devices_router_list_3</Trans></li>
-                    </ol>
+                <div label="Windows">
+                    <div className="tab__title">Windows</div>
+                    <div className="tab__text">
+                        <ol>
+                            <li>
+                                <Trans>install_devices_windows_list_1</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_windows_list_2</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_windows_list_3</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_windows_list_4</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_windows_list_5</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_windows_list_6</Trans>
+                            </li>
+                        </ol>
+                    </div>
                </div>
-            </div>
-            <div label="Windows">
-                <div className="tab__title">
-                    Windows
+                <div label="macOS">
+                    <div className="tab__title">macOS</div>
+                    <div className="tab__text">
+                        <ol>
+                            <li>
+                                <Trans>install_devices_macos_list_1</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_macos_list_2</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_macos_list_3</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_macos_list_4</Trans>
+                            </li>
+                        </ol>
+                    </div>
                </div>
-                <div className="tab__text">
-                    <ol>
-                        <li><Trans>install_devices_windows_list_1</Trans></li>
-                        <li><Trans>install_devices_windows_list_2</Trans></li>
-                        <li><Trans>install_devices_windows_list_3</Trans></li>
-                        <li><Trans>install_devices_windows_list_4</Trans></li>
-                        <li><Trans>install_devices_windows_list_5</Trans></li>
-                        <li><Trans>install_devices_windows_list_6</Trans></li>
-                    </ol>
+                <div label="Android">
+                    <div className="tab__title">Android</div>
+                    <div className="tab__text">
+                        <ol>
+                            <li>
+                                <Trans>install_devices_android_list_1</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_android_list_2</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_android_list_3</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_android_list_4</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_android_list_5</Trans>
+                            </li>
+                        </ol>
+                    </div>
                </div>
-            </div>
-            <div label="macOS">
-                <div className="tab__title">
-                    macOS
+                <div label="iOS">
+                    <div className="tab__title">iOS</div>
+                    <div className="tab__text">
+                        <ol>
+                            <li>
+                                <Trans>install_devices_ios_list_1</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_ios_list_2</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_ios_list_3</Trans>
+                            </li>
+                            <li>
+                                <Trans>install_devices_ios_list_4</Trans>
+                            </li>
+                        </ol>
+                    </div>
                </div>
-                <div className="tab__text">
-                    <ol>
-                        <li><Trans>install_devices_macos_list_1</Trans></li>
-                        <li><Trans>install_devices_macos_list_2</Trans></li>
-                        <li><Trans>install_devices_macos_list_3</Trans></li>
-                        <li><Trans>install_devices_macos_list_4</Trans></li>
-                    </ol>
+                <div label="dns_privacy" title={props.t('dns_privacy')}>
+                    <div className="tab__title">
+                        <Trans>dns_privacy</Trans>
+                    </div>
+                    <div className="tab__text">
+                        {tlsAddress && tlsAddress.length > 0 && (
+                            <div className="tab__paragraph">
+                                <Trans
+                                    values={{ address: tlsAddress[0] }}
+                                    components={[
+                                        <strong key="0">text</strong>,
+                                        <code key="1">text</code>,
+                                    ]}
+                                >
+                                    setup_dns_privacy_1
+                                </Trans>
+                            </div>
+                        )}
+                        {httpsAddress && httpsAddress.length > 0 && (
+                            <div className="tab__paragraph">
+                                <Trans
+                                    values={{ address: httpsAddress[0] }}
+                                    components={[
+                                        <strong key="0">text</strong>,
+                                        <code key="1">text</code>,
+                                    ]}
+                                >
+                                    setup_dns_privacy_2
+                                </Trans>
+                            </div>
+                        )}
+                        {showDnsPrivacyNotice && (
+                            <div className="tab__paragraph">
+                                <Trans
+                                    components={[
+                                        <a
+                                            href="https://github.com/AdguardTeam/AdguardHome/wiki/Encryption"
+                                            target="_blank"
+                                            rel="noopener noreferrer"
+                                            key="0"
+                                        >
+                                            link
+                                        </a>,
+                                        <code key="1">text</code>,
+                                    ]}
+                                >
+                                    setup_dns_notice
+                                </Trans>
+                            </div>
+                        )}
+                        {!showDnsPrivacyNotice && (
+                            <Fragment>
+                                <div className="tab__paragraph">
+                                    <Trans components={[<p key="0">text</p>]}>
+                                        setup_dns_privacy_3
+                                    </Trans>
+                                </div>
+                                <div className="tab__paragraph">
+                                    <strong>Android</strong>
+                                    <ul>
+                                        <li>
+                                            <Trans>setup_dns_privacy_android_1</Trans>
+                                        </li>
+                                        <li>
+                                            <Trans
+                                                components={[
+                                                    <a
+                                                        href="https://adguard.com/adguard-android/overview.html"
+                                                        target="_blank"
+                                                        rel="noopener noreferrer"
+                                                        key="0"
+                                                    >
+                                                        link
+                                                    </a>,
+                                                    <code key="1">text</code>,
+                                                ]}
+                                            >
+                                                setup_dns_privacy_android_2
+                                            </Trans>
+                                        </li>
+                                        <li>
+                                            <Trans
+                                                components={[
+                                                    <a
+                                                        href="https://getintra.org/"
+                                                        target="_blank"
+                                                        rel="noopener noreferrer"
+                                                        key="0"
+                                                    >
+                                                        link
+                                                    </a>,
+                                                    <code key="1">text</code>,
+                                                ]}
+                                            >
+                                                setup_dns_privacy_android_3
+                                            </Trans>
+                                        </li>
+                                    </ul>
+                                </div>
+                                <div className="tab__paragraph">
+                                    <strong>iOS</strong>
+                                    <ul>
+                                        <li>
+                                            <Trans
+                                                components={[
+                                                    <a
+                                                        href="https://itunes.apple.com/app/id1452162351"
+                                                        target="_blank"
+                                                        rel="noopener noreferrer"
+                                                        key="0"
+                                                    >
+                                                        link
+                                                    </a>,
+                                                    <code key="1">text</code>,
+                                                    <a
+                                                        href="https://dnscrypt.info/stamps"
+                                                        target="_blank"
+                                                        rel="noopener noreferrer"
+                                                        key="2"
+                                                    >
+                                                        link
+                                                    </a>,
+                                                ]}
+                                            >
+                                                setup_dns_privacy_ios_1
+                                            </Trans>
+                                        </li>
+                                        <li>
+                                            <Trans
+                                                components={[
+                                                    <a
+                                                        href="https://adguard.com/adguard-ios/overview.html"
+                                                        target="_blank"
+                                                        rel="noopener noreferrer"
+                                                        key="0"
+                                                    >
+                                                        link
+                                                    </a>,
+                                                    <code key="1">text</code>,
+                                                ]}
+                                            >
+                                                setup_dns_privacy_ios_2
+                                            </Trans>
+                                        </li>
+                                    </ul>
+                                </div>
+                                <div className="tab__paragraph">
+                                    <strong>
+                                        <Trans>setup_dns_privacy_other_title</Trans>
+                                    </strong>
+                                    <ul>
+                                        <li>
+                                            <Trans>setup_dns_privacy_other_1</Trans>
+                                        </li>
+                                        <li>
+                                            <Trans
+                                                components={[
+                                                    <a
+                                                        href="https://github.com/AdguardTeam/dnsproxy"
+                                                        target="_blank"
+                                                        rel="noopener noreferrer"
+                                                        key="0"
+                                                    >
+                                                        link
+                                                    </a>,
+                                                ]}
+                                            >
+                                                setup_dns_privacy_other_2
+                                            </Trans>
+                                        </li>
+                                        <li>
+                                            <Trans
+                                                components={[
+                                                    <a
+                                                        href="https://github.com/jedisct1/dnscrypt-proxy"
+                                                        target="_blank"
+                                                        rel="noopener noreferrer"
+                                                        key="0"
+                                                    >
+                                                        link
+                                                    </a>,
+                                                    <code key="1">text</code>,
+                                                ]}
+                                            >
+                                                setup_dns_privacy_other_3
+                                            </Trans>
+                                        </li>
+                                        <li>
+                                            <Trans
+                                                components={[
+                                                    <a
+                                                        href="https://www.mozilla.org/firefox/"
+                                                        target="_blank"
+                                                        rel="noopener noreferrer"
+                                                        key="0"
+                                                    >
+                                                        link
+                                                    </a>,
+                                                    <code key="1">text</code>,
+                                                ]}
+                                            >
+                                                setup_dns_privacy_other_4
+                                            </Trans>
+                                        </li>
+                                        <li>
+                                            <Trans
+                                                components={[
+                                                    <a
+                                                        href="https://dnscrypt.info/implementations"
+                                                        target="_blank"
+                                                        rel="noopener noreferrer"
+                                                        key="0"
+                                                    >
+                                                        link
+                                                    </a>,
+                                                    <a
+                                                        href="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients"
+                                                        target="_blank"
+                                                        rel="noopener noreferrer"
+                                                        key="1"
+                                                    >
+                                                        link
+                                                    </a>,
+                                                ]}
+                                            >
+                                                setup_dns_privacy_other_5
+                                            </Trans>
+                                        </li>
+                                    </ul>
+                                </div>
+                            </Fragment>
+                        )}
+                    </div>
                </div>
-            </div>
-            <div label="Android">
-                <div className="tab__title">
-                    Android
-                </div>
-                <div className="tab__text">
-                    <ol>
-                        <li><Trans>install_devices_android_list_1</Trans></li>
-                        <li><Trans>install_devices_android_list_2</Trans></li>
-                        <li><Trans>install_devices_android_list_3</Trans></li>
-                        <li><Trans>install_devices_android_list_4</Trans></li>
-                        <li><Trans>install_devices_android_list_5</Trans></li>
-                    </ol>
-                </div>
-            </div>
-            <div label="iOS">
-                <div className="tab__title">
-                    iOS
-                </div>
-                <div className="tab__text">
-                    <ol>
-                        <li><Trans>install_devices_ios_list_1</Trans></li>
-                        <li><Trans>install_devices_ios_list_2</Trans></li>
-                        <li><Trans>install_devices_ios_list_3</Trans></li>
-                        <li><Trans>install_devices_ios_list_4</Trans></li>
-                    </ol>
-                </div>
-            </div>
-        </Tabs>
-    </div>
-);
+            </Tabs>
+        </div>
+    );
+};
+
+Guide.defaultProps = {
+    dnsAddresses: [],
+};
+
+Guide.propTypes = {
+    dnsAddresses: PropTypes.array,
+    t: PropTypes.func.isRequired,
+};

 export default withNamespaces()(Guide);
--- a/client/src/components/ui/Icons.css
+++ b/client/src/components/ui/Icons.css
@@ -0,0 +1,5 @@
+.icons {
+    display: inline-block;
+    vertical-align: middle;
+    height: 100%;
+}
--- a/client/src/components/ui/Icons.js
+++ b/client/src/components/ui/Icons.js
@@ -1,5 +1,7 @@
 import React from 'react';

+import './Icons.css';
+
 const Icons = () => (
    <svg xmlns="http://www.w3.org/2000/svg" className="hidden">
        <symbol id="android" viewBox="0 0 14 16" fill="currentColor">
@@ -21,6 +23,46 @@ const Icons = () => (
        <symbol id="router" viewBox="0 0 30 30" fill="currentColor">
            <path d="M17.646 2.332a1 1 0 0 0-.697 1.719 6.984 6.984 0 0 1 0 9.898 1 1 0 1 0 1.414 1.414c3.507-3.506 3.507-9.22 0-12.726a1 1 0 0 0-.717-.305zm-12.662.654A1 1 0 0 0 4 4v14a2 2 0 0 0-2 2v4a2 2 0 0 0 2 2h22a2 2 0 0 0 2-2v-4a2 2 0 0 0-2-2H12V9a1 1 0 0 0-1.016-1.014A1 1 0 0 0 10 9v9H6V4a1 1 0 0 0-1.016-1.014zm9.834 2.176a1 1 0 0 0-.697 1.717 2.985 2.985 0 0 1 0 4.242 1 1 0 1 0 1.414 1.414 5.014 5.014 0 0 0 0-7.07 1 1 0 0 0-.717-.303zM5 21a1 1 0 1 1 0 2 1 1 0 0 1 0-2zm4 0a1 1 0 1 1 0 2 1 1 0 0 1 0-2z" />
        </symbol>
+
+        <symbol id="edit" viewBox="0 0 24 24" stroke="currentColor" fill="none" strokeLinecap="round" strokeLinejoin="round" strokeWidth="2">
+            <path d="M11 4H4a2 2 0 0 0-2 2v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2v-7"/><path d="M18.5 2.5a2.121 2.121 0 0 1 3 3L12 15l-4 1 1-4 9.5-9.5z"/>
+        </symbol>
+
+        <symbol id="delete" viewBox="0 0 24 24" stroke="currentColor" fill="none" strokeLinecap="round" strokeLinejoin="round" strokeWidth="2">
+            <path d="m3 6h2 16"/><path d="m19 6v14a2 2 0 0 1 -2 2h-10a2 2 0 0 1 -2-2v-14m3 0v-2a2 2 0 0 1 2-2h4a2 2 0 0 1 2 2v2"/><path d="m10 11v6"/><path d="m14 11v6"/>
+        </symbol>
+
+        <symbol id="back" viewBox="0 0 24 24" stroke="currentColor" fill="none" strokeLinecap="round" strokeLinejoin="round" strokeWidth="2">
+            <path d="m19 12h-14"/><path d="m12 19-7-7 7-7"/>
+        </symbol>
+
+        <symbol id="dashboard" viewBox="0 0 24 24" stroke="currentColor" fill="none" strokeLinecap="round" strokeLinejoin="round" strokeWidth="2">
+            <path d="m3 9 9-7 9 7v11a2 2 0 0 1 -2 2h-14a2 2 0 0 1 -2-2z"/><path d="m9 22v-10h6v10"/>
+        </symbol>
+
+        <symbol id="filters" viewBox="0 0 24 24" stroke="currentColor" fill="none" strokeLinecap="round" strokeLinejoin="round" strokeWidth="2">
+            <path d="m22 3h-20l8 9.46v6.54l4 2v-8.54z"/>
+        </symbol>
+
+        <symbol id="log" viewBox="0 0 24 24" stroke="currentColor" fill="none" strokeLinecap="round" strokeLinejoin="round" strokeWidth="2">
+            <path d="m14 2h-8a2 2 0 0 0 -2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2v-12z"/><path d="m14 2v6h6"/><path d="m16 13h-8"/><path d="m16 17h-8"/><path d="m10 9h-1-1"/>
+        </symbol>
+
+        <symbol id="setup" viewBox="0 0 24 24" stroke="currentColor" fill="none" strokeLinecap="round" strokeLinejoin="round" strokeWidth="2">
+            <circle cx="12" cy="12" r="10"></circle><path d="M9.09 9a3 3 0 0 1 5.83 1c0 2-3 3-3 3"></path><line x1="12" y1="17" x2="12" y2="17"></line>
+        </symbol>
+
+        <symbol id="settings" viewBox="0 0 24 24" stroke="currentColor" fill="none" strokeLinecap="round" strokeLinejoin="round" strokeWidth="2">
+            <circle cx="12" cy="12" r="3"/><path d="m19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 0 1 0 2.83 2 2 0 0 1 -2.83 0l-.06-.06a1.65 1.65 0 0 0 -1.82-.33 1.65 1.65 0 0 0 -1 1.51v.17a2 2 0 0 1 -2 2 2 2 0 0 1 -2-2v-.09a1.65 1.65 0 0 0 -1.08-1.51 1.65 1.65 0 0 0 -1.82.33l-.06.06a2 2 0 0 1 -2.83 0 2 2 0 0 1 0-2.83l.06-.06a1.65 1.65 0 0 0 .33-1.82 1.65 1.65 0 0 0 -1.51-1h-.17a2 2 0 0 1 -2-2 2 2 0 0 1 2-2h.09a1.65 1.65 0 0 0 1.51-1.08 1.65 1.65 0 0 0 -.33-1.82l-.06-.06a2 2 0 0 1 0-2.83 2 2 0 0 1 2.83 0l.06.06a1.65 1.65 0 0 0 1.82.33h.08a1.65 1.65 0 0 0 1-1.51v-.17a2 2 0 0 1 2-2 2 2 0 0 1 2 2v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 0 1 2.83 0 2 2 0 0 1 0 2.83l-.06.06a1.65 1.65 0 0 0 -.33 1.82v.08a1.65 1.65 0 0 0 1.51 1h.17a2 2 0 0 1 2 2 2 2 0 0 1 -2 2h-.09a1.65 1.65 0 0 0 -1.51 1z"/>
+        </symbol>
+
+        <symbol id="refresh" viewBox="0 0 24 24" stroke="currentColor" fill="none" strokeLinecap="round" strokeLinejoin="round" strokeWidth="2">
+            <path d="M23 4v6h-6M1 20v-6h6"/><path d="M3.51 9a9 9 0 0 1 14.85-3.36L23 10M1 14l4.64 4.36A9 9 0 0 0 20.49 15"/>
+        </symbol>
+
+        <symbol id="dns_privacy" viewBox="0 0 30 30" stroke="none" fill="currentColor" strokeLinecap="round" strokeLinejoin="round">
+            <path d="M15 3C10.57 3 6.701 5.419 4.623 9h2.39a10.063 10.063 0 0 1 4.05-3.19c-.524.89-.961 1.973-1.3 3.19h2.108c.79-2.459 1.998-4 3.129-4s2.339 1.541 3.129 4h2.107c-.338-1.217-.774-2.3-1.299-3.19A10.062 10.062 0 0 1 22.989 9h2.389C23.298 5.419 19.43 3 15 3zm7.035 9.129c-1.372 0-2.264.73-2.264 1.842 0 .896.538 1.463 1.579 1.66l.75.15c.65.13.898.3.898.615 0 .375-.37.635-.91.635-.6 0-1.014-.265-1.049-.68h-1.38c.023 1.097.93 1.776 2.37 1.776 1.491 0 2.399-.717 2.399-1.904 0-.903-.504-1.412-1.63-1.63l-.734-.142c-.6-.118-.851-.3-.851-.611 0-.378.336-.62.844-.62.509 0 .891.28.923.682h1.336c-.024-1.053-.948-1.773-2.28-1.773zm-16.185.148v5.696h2.39c1.712 0 2.662-1.033 2.662-2.903 0-1.779-.966-2.793-2.662-2.793H5.85zm6.933.004v5.692h1.373v-3.235h.076l2.377 3.235h1.149V12.28h-1.373v3.203h-.076l-2.372-3.203h-1.154zm-5.486 1.16h.682c.912 0 1.449.596 1.449 1.657 0 1.128-.51 1.713-1.45 1.713h-.681v-3.37zM4.623 21C6.701 24.581 10.57 27 15 27c4.43 0 8.299-2.419 10.377-6h-2.389a10.063 10.063 0 0 1-4.049 3.19c.524-.89.96-1.973 1.297-3.19H18.13c-.79 2.459-1.996 4-3.127 4-1.131 0-2.339-1.541-3.129-4h-2.11c.339 1.217.776 2.3 1.3 3.19A10.056 10.056 0 0 1 7.013 21h-2.39z"></path>
+        </symbol>
    </svg>
 );

--- a/client/src/components/ui/Modal.css
+++ b/client/src/components/ui/Modal.css
@@ -5,7 +5,7 @@
    overflow-x: hidden;
    overflow-y: auto;
    background-color: rgba(0, 0, 0, 0.5);
-    z-index: 1;
+    z-index: 104;
 }

 .ReactModal__Overlay--after-open {
@@ -38,3 +38,9 @@
    border: none;
    background-color: transparent;
 }
+
+@media (min-width: 576px) {
+    .modal-dialog--clients {
+        max-width: 650px;
+    }
+}
--- a/client/src/components/ui/Overlay.css
+++ b/client/src/components/ui/Overlay.css
@@ -0,0 +1,40 @@
+.overlay {
+    display: none;
+    position: fixed;
+    top: 0;
+    left: 0;
+    z-index: 110;
+    width: 100%;
+    height: 100%;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center;
+    padding: 20px;
+    font-size: 28px;
+    font-weight: 600;
+    text-align: center;
+    background-color: rgba(255, 255, 255, 0.8);
+}
+
+.overlay--visible {
+    display: flex;
+}
+
+.overlay__loading {
+    width: 40px;
+    height: 40px;
+    margin-bottom: 20px;
+    background-image: url("data:image/svg+xml;charset=utf-8,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%2047.6%2047.6%22%20height%3D%22100%25%22%20width%3D%22100%25%22%3E%3Cpath%20opacity%3D%22.235%22%20fill%3D%22%23979797%22%20d%3D%22M44.4%2011.9l-5.2%203c1.5%202.6%202.4%205.6%202.4%208.9%200%209.8-8%2017.8-17.8%2017.8-6.6%200-12.3-3.6-15.4-8.9l-5.2%203C7.3%2042.8%2015%2047.6%2023.8%2047.6c13.1%200%2023.8-10.7%2023.8-23.8%200-4.3-1.2-8.4-3.2-11.9z%22%2F%3E%3Cpath%20fill%3D%22%2366b574%22%20d%3D%22M3.2%2035.7C0%2030.2-.8%2023.8.8%2017.6%202.5%2011.5%206.4%206.4%2011.9%203.2%2017.4%200%2023.8-.8%2030%20.8c6.1%201.6%2011.3%205.6%2014.4%2011.1l-5.2%203c-2.4-4.1-6.2-7.1-10.8-8.3C23.8%205.4%2019%206%2014.9%208.4s-7.1%206.2-8.3%2010.8c-1.2%204.6-.6%209.4%201.8%2013.5l-5.2%203z%22%2F%3E%3C%2Fsvg%3E");
+    will-change: transform;
+    animation: clockwise 2s linear infinite;
+}
+
+@keyframes clockwise {
+    0% {
+        transform: rotate(0deg);
+    }
+
+    100% {
+        transform: rotate(360deg);
+    }
+}
--- a/client/src/components/ui/Tab.js
+++ b/client/src/components/ui/Tab.js
@@ -11,6 +11,7 @@ class Tab extends Component {
        const {
            activeTab,
            label,
+            title,
        } = this.props;

        const tabClass = classnames({
@@ -26,7 +27,7 @@ class Tab extends Component {
                <svg className="tab__icon">
                    <use xlinkHref={`#${label.toLowerCase()}`} />
                </svg>
-                {label}
+                {title || label}
            </div>
        );
    }
@@ -36,6 +37,7 @@ Tab.propTypes = {
    activeTab: PropTypes.string.isRequired,
    label: PropTypes.string.isRequired,
    onClick: PropTypes.func.isRequired,
+    title: PropTypes.string,
 };

 export default Tab;
--- a/client/src/components/ui/Tabs.css
+++ b/client/src/components/ui/Tabs.css
@@ -49,3 +49,12 @@
 .tab__text p {
    margin-bottom: 5px;
 }
+
+.tab__text ul,
+.tab__text ol {
+    padding-left: 25px;
+}
+
+.tab__paragraph {
+    margin-bottom: 10px;
+}
--- a/client/src/components/ui/Tabs.js
+++ b/client/src/components/ui/Tabs.js
@@ -27,12 +27,13 @@ class Tabs extends Component {
            <div className="tabs">
                <div className="tabs__controls">
                    {children.map((child) => {
-                        const { label } = child.props;
+                        const { label, title } = child.props;

                        return (
                            <Tab
                                key={label}
                                label={label}
+                                title={title}
                                activeTab={activeTab}
                                onClick={this.onClickTabControl}
                            />
--- a/client/src/components/ui/UpdateOverlay.js
+++ b/client/src/components/ui/UpdateOverlay.js
@@ -0,0 +1,26 @@
+import React from 'react';
+import PropTypes from 'prop-types';
+import { Trans, withNamespaces } from 'react-i18next';
+import classnames from 'classnames';
+
+import './Overlay.css';
+
+const UpdateOverlay = (props) => {
+    const overlayClass = classnames({
+        overlay: true,
+        'overlay--visible': props.processingUpdate,
+    });
+
+    return (
+        <div className={overlayClass}>
+            <div className="overlay__loading"></div>
+            <Trans>processing_update</Trans>
+        </div>
+    );
+};
+
+UpdateOverlay.propTypes = {
+    processingUpdate: PropTypes.bool,
+};
+
+export default withNamespaces()(UpdateOverlay);
--- a/client/src/components/ui/UpdateTopline.js
+++ b/client/src/components/ui/UpdateTopline.js
@@ -1,4 +1,4 @@
-import React from 'react';
+import React, { Fragment } from 'react';
 import PropTypes from 'prop-types';
 import { Trans, withNamespaces } from 'react-i18next';

@@ -6,22 +6,37 @@ import Topline from './Topline';

 const UpdateTopline = props => (
    <Topline type="info">
-        <Trans
-            values={{ version: props.version }}
-            components={[
-                <a href={props.url} target="_blank" rel="noopener noreferrer" key="0">
-                    Click here
-                </a>,
-            ]}
-        >
-            update_announcement
-        </Trans>
+        <Fragment>
+            <Trans
+                values={{ version: props.version }}
+                components={[
+                    <a href={props.url} target="_blank" rel="noopener noreferrer" key="0">
+                        Click here
+                    </a>,
+                ]}
+            >
+                update_announcement
+            </Trans>
+            {props.canAutoUpdate &&
+                <button
+                    type="button"
+                    className="btn btn-sm btn-primary ml-3"
+                    onClick={props.getUpdate}
+                    disabled={props.processingUpdate}
+                >
+                    <Trans>update_now</Trans>
+                </button>
+            }
+        </Fragment>
    </Topline>
 );

 UpdateTopline.propTypes = {
-    version: PropTypes.string.isRequired,
+    version: PropTypes.string,
    url: PropTypes.string.isRequired,
+    canAutoUpdate: PropTypes.bool,
+    getUpdate: PropTypes.func,
+    processingUpdate: PropTypes.bool,
 };

 export default withNamespaces()(UpdateTopline);
--- a/client/src/containers/Clients.js
+++ b/client/src/containers/Clients.js
@@ -0,0 +1,27 @@
+import { connect } from 'react-redux';
+import { getClients, getTopStats } from '../actions';
+import { addClient, updateClient, deleteClient, toggleClientModal } from '../actions/clients';
+import Clients from '../components/Settings/Clients';
+
+const mapStateToProps = (state) => {
+    const { dashboard, clients } = state;
+    const props = {
+        dashboard,
+        clients,
+    };
+    return props;
+};
+
+const mapDispatchToProps = {
+    getClients,
+    getTopStats,
+    addClient,
+    updateClient,
+    deleteClient,
+    toggleClientModal,
+};
+
+export default connect(
+    mapStateToProps,
+    mapDispatchToProps,
+)(Clients);
--- a/client/src/containers/Dhcp.js
+++ b/client/src/containers/Dhcp.js
@@ -0,0 +1,36 @@
+import { connect } from 'react-redux';
+import {
+    toggleDhcp,
+    getDhcpStatus,
+    getDhcpInterfaces,
+    setDhcpConfig,
+    findActiveDhcp,
+    toggleLeaseModal,
+    addStaticLease,
+    removeStaticLease,
+} from '../actions';
+import Dhcp from '../components/Settings/Dhcp';
+
+const mapStateToProps = (state) => {
+    const { dhcp } = state;
+    const props = {
+        dhcp,
+    };
+    return props;
+};
+
+const mapDispatchToProps = {
+    toggleDhcp,
+    getDhcpStatus,
+    getDhcpInterfaces,
+    setDhcpConfig,
+    findActiveDhcp,
+    toggleLeaseModal,
+    addStaticLease,
+    removeStaticLease,
+};
+
+export default connect(
+    mapStateToProps,
+    mapDispatchToProps,
+)(Dhcp);
--- a/client/src/containers/Dns.js
+++ b/client/src/containers/Dns.js
@@ -0,0 +1,27 @@
+import { connect } from 'react-redux';
+import { handleUpstreamChange, setUpstream, testUpstream } from '../actions';
+import { getAccessList, setAccessList } from '../actions/access';
+import Dns from '../components/Settings/Dns';
+
+const mapStateToProps = (state) => {
+    const { dashboard, settings, access } = state;
+    const props = {
+        dashboard,
+        settings,
+        access,
+    };
+    return props;
+};
+
+const mapDispatchToProps = {
+    handleUpstreamChange,
+    setUpstream,
+    testUpstream,
+    getAccessList,
+    setAccessList,
+};
+
+export default connect(
+    mapStateToProps,
+    mapDispatchToProps,
+)(Dns);
--- a/client/src/containers/Encryption.js
+++ b/client/src/containers/Encryption.js
@@ -0,0 +1,22 @@
+import { connect } from 'react-redux';
+import { getTlsStatus, setTlsConfig, validateTlsConfig } from '../actions/encryption';
+import Encryption from '../components/Settings/Encryption';
+
+const mapStateToProps = (state) => {
+    const { encryption } = state;
+    const props = {
+        encryption,
+    };
+    return props;
+};
+
+const mapDispatchToProps = {
+    getTlsStatus,
+    setTlsConfig,
+    validateTlsConfig,
+};
+
+export default connect(
+    mapStateToProps,
+    mapDispatchToProps,
+)(Encryption);
--- a/client/src/containers/Logs.js
+++ b/client/src/containers/Logs.js
@@ -1,5 +1,5 @@
 import { connect } from 'react-redux';
-import { getLogs, toggleLogStatus, downloadQueryLog, getFilteringStatus, setRules, addSuccessToast } from '../actions';
+import { getLogs, toggleLogStatus, downloadQueryLog, getFilteringStatus, setRules, addSuccessToast, getClients } from '../actions';
 import Logs from '../components/Logs';

 const mapStateToProps = (state) => {
@@ -15,6 +15,7 @@ const mapDispatchToProps = {
    getFilteringStatus,
    setRules,
    addSuccessToast,
+    getClients,
 };

 export default connect(
--- a/client/src/containers/Settings.js
+++ b/client/src/containers/Settings.js
@@ -1,36 +1,11 @@
 import { connect } from 'react-redux';
-import {
-    initSettings,
-    toggleSetting,
-    handleUpstreamChange,
-    setUpstream,
-    testUpstream,
-    addErrorToast,
-    toggleDhcp,
-    getDhcpStatus,
-    getDhcpInterfaces,
-    setDhcpConfig,
-    findActiveDhcp,
-} from '../actions';
-import {
-    getTlsStatus,
-    setTlsConfig,
-    validateTlsConfig,
-} from '../actions/encryption';
+import { initSettings, toggleSetting } from '../actions';
 import Settings from '../components/Settings';

 const mapStateToProps = (state) => {
-    const {
-        settings,
-        dashboard,
-        dhcp,
-        encryption,
-    } = state;
+    const { settings } = state;
    const props = {
        settings,
-        dashboard,
-        dhcp,
-        encryption,
    };
    return props;
 };
@@ -38,18 +13,6 @@ const mapStateToProps = (state) => {
 const mapDispatchToProps = {
    initSettings,
    toggleSetting,
-    handleUpstreamChange,
-    setUpstream,
-    testUpstream,
-    addErrorToast,
-    toggleDhcp,
-    getDhcpStatus,
-    getDhcpInterfaces,
-    setDhcpConfig,
-    findActiveDhcp,
-    getTlsStatus,
-    setTlsConfig,
-    validateTlsConfig,
 };

 export default connect(
--- a/client/src/helpers/constants.js
+++ b/client/src/helpers/constants.js
@@ -1,5 +1,6 @@
-export const R_URL_REQUIRES_PROTOCOL = /^https?:\/\/\w[\w_\-.]*\.[a-z]{2,8}[^\s]*$/;
+export const R_URL_REQUIRES_PROTOCOL = /^https?:\/\/[^/\s]+(\/.*)?$/;
 export const R_IPV4 = /^(?:(?:^|\.)(?:2(?:5[0-5]|[0-4]\d)|1?\d?\d)){4}$/g;
+export const R_MAC = /^((([a-fA-F0-9][a-fA-F0-9]+[-]){5}|([a-fA-F0-9][a-fA-F0-9]+[:]){5})([a-fA-F0-9][a-fA-F0-9])$)|(^([a-fA-F0-9][a-fA-F0-9][a-fA-F0-9][a-fA-F0-9]+[.]){2}([a-fA-F0-9][a-fA-F0-9][a-fA-F0-9][a-fA-F0-9]))$/g;

 export const STATS_NAMES = {
    avg_processing_time: 'average_processing_time',
@@ -19,7 +20,8 @@ export const STATUS_COLORS = {

 export const REPOSITORY = {
    URL: 'https://github.com/AdguardTeam/AdGuardHome',
-    TRACKERS_DB: 'https://github.com/AdguardTeam/AdGuardHome/tree/master/client/src/helpers/trackers/adguard.json',
+    TRACKERS_DB:
+        'https://github.com/AdguardTeam/AdGuardHome/tree/master/client/src/helpers/trackers/adguard.json',
 };

 export const PRIVACY_POLICY_LINK = 'https://adguard.com/privacy/home.html';
@@ -39,7 +41,7 @@ export const LANGUAGES = [
    },
    {
        key: 'pt-br',
-        name: 'Português (BR)',
+        name: 'Portuguese (BR)',
    },
    {
        key: 'sv',
@@ -165,3 +167,15 @@ export const DHCP_STATUS_RESPONSE = {
    NO: 'no',
    ERROR: 'error',
 };
+
+export const MODAL_TYPE = {
+    ADD: 'add',
+    EDIT: 'edit',
+};
+
+export const CLIENT_ID = {
+    MAC: 'mac',
+    IP: 'ip',
+};
+
+export const SETTINGS_URLS = ['/encryption', '/dhcp', '/dns', '/settings', '/clients'];
--- a/client/src/helpers/form.js
+++ b/client/src/helpers/form.js
@@ -1,7 +1,7 @@
 import React, { Fragment } from 'react';
 import { Trans } from 'react-i18next';

-import { R_IPV4, UNSAFE_PORTS } from '../helpers/constants';
+import { R_IPV4, R_MAC, UNSAFE_PORTS } from '../helpers/constants';

 export const renderField = ({
    input, id, className, placeholder, type, disabled, meta: { touched, error },
@@ -55,6 +55,13 @@ export const ipv4 = (value) => {
    return false;
 };

+export const mac = (value) => {
+    if (value && !new RegExp(R_MAC).test(value)) {
+        return <Trans>form_error_mac_format</Trans>;
+    }
+    return false;
+};
+
 export const isPositive = (value) => {
    if ((value || value === 0) && (value <= 0)) {
        return <Trans>form_error_positive</Trans>;
@@ -69,6 +76,15 @@ export const port = (value) => {
    return false;
 };

+export const portTLS = (value) => {
+    if (value === 0) {
+        return false;
+    } else if (value && (value < 80 || value > 65535)) {
+        return <Trans>form_error_port_range</Trans>;
+    }
+    return false;
+};
+
 export const isSafePort = (value) => {
    if (UNSAFE_PORTS.includes(value)) {
        return <Trans>form_error_port_unsafe</Trans>;
--- a/client/src/helpers/helpers.js
+++ b/client/src/helpers/helpers.js
@@ -208,3 +208,20 @@ export const getClientName = (clients, ip) => {
    const client = clients.find(item => ip === item.ip);
    return (client && client.name) || '';
 };
+
+export const sortClients = (clients) => {
+    const compare = (a, b) => {
+        const nameA = a.name.toUpperCase();
+        const nameB = b.name.toUpperCase();
+
+        if (nameA > nameB) {
+            return 1;
+        } else if (nameA < nameB) {
+            return -1;
+        }
+
+        return 0;
+    };
+
+    return clients.sort(compare);
+};
--- a/client/src/install/Setup/Settings.js
+++ b/client/src/install/Setup/Settings.js
@@ -63,11 +63,19 @@ const renderInterfaces = (interfaces => (

 class Settings extends Component {
    componentDidMount() {
-        const { web, dns } = this.props.config;
+        const {
+            webIp, webPort, dnsIp, dnsPort,
+        } = this.props;

        this.props.validateForm({
-            web,
-            dns,
+            web: {
+                ip: webIp,
+                port: webPort,
+            },
+            dns: {
+                ip: dnsIp,
+                port: dnsPort,
+            },
        });
    }

--- a/client/src/reducers/access.js
+++ b/client/src/reducers/access.js
@@ -0,0 +1,44 @@
+import { handleActions } from 'redux-actions';
+
+import * as actions from '../actions/access';
+
+const access = handleActions(
+    {
+        [actions.getAccessListRequest]: state => ({ ...state, processing: true }),
+        [actions.getAccessListFailure]: state => ({ ...state, processing: false }),
+        [actions.getAccessListSuccess]: (state, { payload }) => {
+            const {
+                allowed_clients,
+                disallowed_clients,
+                blocked_hosts,
+            } = payload;
+            const newState = {
+                ...state,
+                allowed_clients: (allowed_clients && allowed_clients.join('\n')) || '',
+                disallowed_clients: (disallowed_clients && disallowed_clients.join('\n')) || '',
+                blocked_hosts: (blocked_hosts && blocked_hosts.join('\n')) || '',
+                processing: false,
+            };
+            return newState;
+        },
+
+        [actions.setAccessListRequest]: state => ({ ...state, processingSet: true }),
+        [actions.setAccessListFailure]: state => ({ ...state, processingSet: false }),
+        [actions.setAccessListSuccess]: (state) => {
+            const newState = {
+                ...state,
+                processingSet: false,
+            };
+            return newState;
+        },
+    },
+    {
+        processing: true,
+        processingSet: false,
+        allowed_clients: '',
+        disallowed_clients: '',
+        blocked_hosts: '',
+    },
+);
+
+export default access;
--- a/client/src/reducers/clients.js
+++ b/client/src/reducers/clients.js
@@ -0,0 +1,63 @@
+import { handleActions } from 'redux-actions';
+
+import * as actions from '../actions/clients';
+
+const clients = handleActions({
+    [actions.addClientRequest]: state => ({ ...state, processingAdding: true }),
+    [actions.addClientFailure]: state => ({ ...state, processingAdding: false }),
+    [actions.addClientSuccess]: (state) => {
+        const newState = {
+            ...state,
+            processingAdding: false,
+        };
+        return newState;
+    },
+
+    [actions.deleteClientRequest]: state => ({ ...state, processingDeleting: true }),
+    [actions.deleteClientFailure]: state => ({ ...state, processingDeleting: false }),
+    [actions.deleteClientSuccess]: (state) => {
+        const newState = {
+            ...state,
+            processingDeleting: false,
+        };
+        return newState;
+    },
+
+    [actions.updateClientRequest]: state => ({ ...state, processingUpdating: true }),
+    [actions.updateClientFailure]: state => ({ ...state, processingUpdating: false }),
+    [actions.updateClientSuccess]: (state) => {
+        const newState = {
+            ...state,
+            processingUpdating: false,
+        };
+        return newState;
+    },
+
+    [actions.toggleClientModal]: (state, { payload }) => {
+        if (payload) {
+            const newState = {
+                ...state,
+                modalType: payload.type || '',
+                modalClientName: payload.name || '',
+                isModalOpen: !state.isModalOpen,
+            };
+            return newState;
+        }
+
+        const newState = {
+            ...state,
+            isModalOpen: !state.isModalOpen,
+        };
+        return newState;
+    },
+}, {
+    processing: true,
+    processingAdding: false,
+    processingDeleting: false,
+    processingUpdating: false,
+    isModalOpen: false,
+    modalClientName: '',
+    modalType: '',
+});
+
+export default clients;
--- a/client/src/reducers/index.js
+++ b/client/src/reducers/index.js
@@ -7,6 +7,8 @@ import versionCompare from '../helpers/versionCompare';
 import * as actions from '../actions';
 import toasts from './toasts';
 import encryption from './encryption';
+import clients from './clients';
+import access from './access';

 const settings = handleActions({
    [actions.initSettingsRequest]: state => ({ ...state, processing: true }),
@@ -122,22 +124,35 @@ const dashboard = handleActions({
    [actions.getVersionSuccess]: (state, { payload }) => {
        const currentVersion = state.dnsVersion === 'undefined' ? 0 : state.dnsVersion;

-        if (versionCompare(currentVersion, payload.version) === -1) {
+        if (payload && versionCompare(currentVersion, payload.new_version) === -1) {
            const {
-                version,
                announcement_url: announcementUrl,
+                new_version: newVersion,
+                can_autoupdate: canAutoUpdate,
            } = payload;

            const newState = {
                ...state,
-                version,
                announcementUrl,
+                newVersion,
+                canAutoUpdate,
                isUpdateAvailable: true,
+                processingVersion: false,
            };
            return newState;
        }

-        return state;
+        return {
+            ...state,
+            processingVersion: false,
+        };
+    },
+
+    [actions.getUpdateRequest]: state => ({ ...state, processingUpdate: true }),
+    [actions.getUpdateFailure]: state => ({ ...state, processingUpdate: false }),
+    [actions.getUpdateSuccess]: (state) => {
+        const newState = { ...state, processingUpdate: false };
+        return newState;
    },

    [actions.getFilteringRequest]: state => ({ ...state, processingFiltering: true }),
@@ -173,7 +188,8 @@ const dashboard = handleActions({
    [actions.getClientsSuccess]: (state, { payload }) => {
        const newState = {
            ...state,
-            clients: payload,
+            clients: payload.clients,
+            autoClients: payload.autoClients,
            processingClients: false,
        };
        return newState;
@@ -187,6 +203,7 @@ const dashboard = handleActions({
    processingVersion: true,
    processingFiltering: true,
    processingClients: true,
+    processingUpdate: false,
    upstreamDns: '',
    bootstrapDns: '',
    allServers: false,
@@ -197,6 +214,8 @@ const dashboard = handleActions({
    dnsAddresses: [],
    dnsVersion: '',
    clients: [],
+    autoClients: [],
+    topStats: [],
 });

 const queryLogs = handleActions({
@@ -271,11 +290,18 @@ const dhcp = handleActions({
    [actions.getDhcpStatusRequest]: state => ({ ...state, processing: true }),
    [actions.getDhcpStatusFailure]: state => ({ ...state, processing: false }),
    [actions.getDhcpStatusSuccess]: (state, { payload }) => {
+        const {
+            static_leases: staticLeases,
+            ...values
+        } = payload;
+
        const newState = {
            ...state,
-            ...payload,
+            staticLeases,
            processing: false,
+            ...values,
        };
+
        return newState;
    },

@@ -328,17 +354,62 @@ const dhcp = handleActions({
        const newState = { ...state, config: newConfig, processingConfig: false };
        return newState;
    },
+
+    [actions.toggleLeaseModal]: (state) => {
+        const newState = {
+            ...state,
+            isModalOpen: !state.isModalOpen,
+        };
+        return newState;
+    },
+
+    [actions.addStaticLeaseRequest]: state => ({ ...state, processingAdding: true }),
+    [actions.addStaticLeaseFailure]: state => ({ ...state, processingAdding: false }),
+    [actions.addStaticLeaseSuccess]: (state, { payload }) => {
+        const {
+            ip, mac, hostname,
+        } = payload;
+        const newLease = {
+            ip,
+            mac,
+            hostname: hostname || '',
+        };
+        const leases = [...state.staticLeases, newLease];
+        const newState = {
+            ...state,
+            staticLeases: leases,
+            processingAdding: false,
+        };
+        return newState;
+    },
+
+    [actions.removeStaticLeaseRequest]: state => ({ ...state, processingDeleting: true }),
+    [actions.removeStaticLeaseFailure]: state => ({ ...state, processingDeleting: false }),
+    [actions.removeStaticLeaseSuccess]: (state, { payload }) => {
+        const leaseToRemove = payload.ip;
+        const leases = state.staticLeases.filter(item => item.ip !== leaseToRemove);
+        const newState = {
+            ...state,
+            staticLeases: leases,
+            processingDeleting: false,
+        };
+        return newState;
+    },
 }, {
    processing: true,
    processingStatus: false,
    processingInterfaces: false,
    processingDhcp: false,
    processingConfig: false,
+    processingAdding: false,
+    processingDeleting: false,
    config: {
        enabled: false,
    },
    check: null,
    leases: [],
+    staticLeases: [],
+    isModalOpen: false,
 });

 export default combineReducers({
@@ -349,6 +420,8 @@ export default combineReducers({
    toasts,
    dhcp,
    encryption,
+    clients,
+    access,
    loadingBar: loadingBarReducer,
    form: formReducer,
 });
--- a/client/src/reducers/toasts.js
+++ b/client/src/reducers/toasts.js
@@ -1,7 +1,7 @@
 import { handleActions } from 'redux-actions';
 import nanoid from 'nanoid';

-import { addErrorToast, addSuccessToast, removeToast } from '../actions';
+import { addErrorToast, addSuccessToast, addNoticeToast, removeToast } from '../actions';

 const toasts = handleActions({
    [addErrorToast]: (state, { payload }) => {
@@ -24,6 +24,16 @@ const toasts = handleActions({
        const newState = { ...state, notices: [...state.notices, successToast] };
        return newState;
    },
+    [addNoticeToast]: (state, { payload }) => {
+        const noticeToast = {
+            id: nanoid(),
+            message: payload.error.toString(),
+            type: 'notice',
+        };
+
+        const newState = { ...state, notices: [...state.notices, noticeToast] };
+        return newState;
+    },
    [removeToast]: (state, { payload }) => {
        const filtered = state.notices.filter(notice => notice.id !== payload);
        const newState = { ...state, notices: filtered };
--- a/client/webpack.common.js
+++ b/client/webpack.common.js
@@ -12,7 +12,7 @@ const ENTRY_REACT = path.resolve(RESOURCES_PATH, 'src/index.js');
 const ENTRY_INSTALL = path.resolve(RESOURCES_PATH, 'src/install/index.js');
 const HTML_PATH = path.resolve(RESOURCES_PATH, 'public/index.html');
 const HTML_INSTALL_PATH = path.resolve(RESOURCES_PATH, 'public/install.html');
-const FAVICON_PATH = path.resolve(RESOURCES_PATH, 'public/favicon.ico');
+const FAVICON_PATH = path.resolve(RESOURCES_PATH, 'public/favicon.png');

 const PUBLIC_PATH = path.resolve(__dirname, '../build/static');

--- a/clients.go
+++ b/clients.go
@@ -1,92 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"io/ioutil"
-	"net/http"
-	"os"
-	"runtime"
-	"strings"
-
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// Client information
-type Client struct {
-	IP   string
-	Name string
-	//Source source // Hosts file / User settings / DHCP
-}
-
-type clientJSON struct {
-	IP   string `json:"ip"`
-	Name string `json:"name"`
-}
-
-var clients []Client
-var clientsFilled bool
-
-// Parse system 'hosts' file and fill clients array
-func fillClientInfo() {
-	hostsFn := "/etc/hosts"
-	if runtime.GOOS == "windows" {
-		hostsFn = os.ExpandEnv("$SystemRoot\\system32\\drivers\\etc\\hosts")
-	}
-
-	d, e := ioutil.ReadFile(hostsFn)
-	if e != nil {
-		log.Info("Can't read file %s: %v", hostsFn, e)
-		return
-	}
-
-	lines := strings.Split(string(d), "\n")
-	for _, ln := range lines {
-		ln = strings.TrimSpace(ln)
-		if len(ln) == 0 || ln[0] == '#' {
-			continue
-		}
-
-		fields := strings.Fields(ln)
-		if len(fields) < 2 {
-			continue
-		}
-
-		var c Client
-		c.IP = fields[0]
-		c.Name = fields[1]
-		clients = append(clients, c)
-		log.Tracef("%s -> %s", c.IP, c.Name)
-	}
-
-	log.Info("Added %d client aliases from %s", len(clients), hostsFn)
-	clientsFilled = true
-}
-
-// respond with information about configured clients
-func handleGetClients(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("%s %v", r.Method, r.URL)
-
-	if !clientsFilled {
-		fillClientInfo()
-	}
-
-	data := []clientJSON{}
-	for _, c := range clients {
-		cj := clientJSON{
-			IP:   c.IP,
-			Name: c.Name,
-		}
-		data = append(data, cj)
-	}
-	w.Header().Set("Content-Type", "application/json")
-	e := json.NewEncoder(w).Encode(data)
-	if e != nil {
-		httpError(w, http.StatusInternalServerError, "Failed to encode to json: %v", e)
-		return
-	}
-}
-
-// RegisterClientsHandlers registers HTTP handlers
-func RegisterClientsHandlers() {
-	http.HandleFunc("/control/clients", postInstall(optionalAuth(ensureGET(handleGetClients))))
-}
--- a/dhcpd/db.go
+++ b/dhcpd/db.go
@@ -23,8 +23,20 @@ type leaseJSON struct {
 	Expiry   int64  `json:"exp"`
 }

+// Safe version of dhcp4.IPInRange()
+func ipInRange(start, stop, ip net.IP) bool {
+	if len(start) != len(stop) ||
+		len(start) != len(ip) {
+		return false
+	}
+	return dhcp4.IPInRange(start, stop, ip)
+}
+
 // Load lease table from DB
 func (s *Server) dbLoad() {
+	s.leases = nil
+	s.IPpool = make(map[[4]byte]net.HardwareAddr)
+
 	data, err := ioutil.ReadFile(dbFilename)
 	if err != nil {
 		if !os.IsNotExist(err) {
@@ -40,13 +52,12 @@ func (s *Server) dbLoad() {
 		return
 	}

-	s.leases = nil
-	s.IPpool = make(map[[4]byte]net.HardwareAddr)
-
 	numLeases := len(obj)
 	for i := range obj {

-		if !dhcp4.IPInRange(s.leaseStart, s.leaseStop, obj[i].IP) {
+		if obj[i].Expiry != leaseExpireStatic &&
+			!ipInRange(s.leaseStart, s.leaseStop, obj[i].IP) {
+
 			log.Tracef("Skipping a lease with IP %s: not within current IP range", obj[i].IP)
 			continue
 		}
--- a/dhcpd/dhcpd.go
+++ b/dhcpd/dhcpd.go
@@ -14,6 +14,7 @@ import (
 )

 const defaultDiscoverTime = time.Second * 3
+const leaseExpireStatic = 1

 // Lease contains the necessary information about a DHCP lease
 // field ordering is important -- yaml fields will mirror ordering from here
@@ -21,7 +22,10 @@ type Lease struct {
 	HWAddr   net.HardwareAddr `json:"mac" yaml:"hwaddr"`
 	IP       net.IP           `json:"ip"`
 	Hostname string           `json:"hostname"`
-	Expiry   time.Time        `json:"expires"`
+
+	// Lease expiration time
+	// 1: static lease
+	Expiry time.Time `json:"expires"`
 }

 // ServerConfig - DHCP server configuration
@@ -53,6 +57,7 @@ type Server struct {

 	// leases
 	leases       []*Lease
+	leasesLock   sync.RWMutex
 	leaseStart   net.IP        // parsed from config RangeStart
 	leaseStop    net.IP        // parsed from config RangeEnd
 	leaseTime    time.Duration // parsed from config LeaseDuration
@@ -61,8 +66,7 @@ type Server struct {
 	// IP address pool -- if entry is in the pool, then it's attached to a lease
 	IPpool map[[4]byte]net.HardwareAddr

-	ServerConfig
-	sync.RWMutex
+	conf ServerConfig
 }

 // Print information about the available network interfaces
@@ -75,62 +79,65 @@ func printInterfaces() {
 	log.Info("Available network interfaces: %s", buf.String())
 }

-// Start will listen on port 67 and serve DHCP requests.
-// Even though config can be nil, it is not optional (at least for now), since there are no default values (yet).
-func (s *Server) Start(config *ServerConfig) error {
-	if config != nil {
-		s.ServerConfig = *config
-	}
+// CheckConfig checks the configuration
+func (s *Server) CheckConfig(config ServerConfig) error {
+	tmpServer := Server{}
+	return tmpServer.setConfig(config)
+}

-	iface, err := net.InterfaceByName(s.InterfaceName)
+// Init checks the configuration and initializes the server
+func (s *Server) Init(config ServerConfig) error {
+	err := s.setConfig(config)
+	if err != nil {
+		return err
+	}
+	s.dbLoad()
+	return nil
+}
+
+func (s *Server) setConfig(config ServerConfig) error {
+	s.conf = config
+
+	iface, err := net.InterfaceByName(config.InterfaceName)
 	if err != nil {
-		s.closeConn() // in case it was already started
 		printInterfaces()
-		return wrapErrPrint(err, "Couldn't find interface by name %s", s.InterfaceName)
+		return wrapErrPrint(err, "Couldn't find interface by name %s", config.InterfaceName)
 	}

 	// get ipv4 address of an interface
 	s.ipnet = getIfaceIPv4(iface)
 	if s.ipnet == nil {
-		s.closeConn() // in case it was already started
-		return wrapErrPrint(err, "Couldn't find IPv4 address of interface %s %+v", s.InterfaceName, iface)
+		return wrapErrPrint(err, "Couldn't find IPv4 address of interface %s %+v", config.InterfaceName, iface)
 	}

-	if s.LeaseDuration == 0 {
+	if config.LeaseDuration == 0 {
 		s.leaseTime = time.Hour * 2
-		s.LeaseDuration = uint(s.leaseTime.Seconds())
 	} else {
-		s.leaseTime = time.Second * time.Duration(s.LeaseDuration)
+		s.leaseTime = time.Second * time.Duration(config.LeaseDuration)
 	}

-	s.leaseStart, err = parseIPv4(s.RangeStart)
+	s.leaseStart, err = parseIPv4(config.RangeStart)
 	if err != nil {
-
-		s.closeConn() // in case it was already started
-		return wrapErrPrint(err, "Failed to parse range start address %s", s.RangeStart)
+		return wrapErrPrint(err, "Failed to parse range start address %s", config.RangeStart)
 	}

-	s.leaseStop, err = parseIPv4(s.RangeEnd)
+	s.leaseStop, err = parseIPv4(config.RangeEnd)
 	if err != nil {
-		s.closeConn() // in case it was already started
-		return wrapErrPrint(err, "Failed to parse range end address %s", s.RangeEnd)
+		return wrapErrPrint(err, "Failed to parse range end address %s", config.RangeEnd)
 	}

-	subnet, err := parseIPv4(s.SubnetMask)
-	if err != nil {
-		s.closeConn() // in case it was already started
-		return wrapErrPrint(err, "Failed to parse subnet mask %s", s.SubnetMask)
+	subnet, err := parseIPv4(config.SubnetMask)
+	if err != nil || !isValidSubnetMask(subnet) {
+		return wrapErrPrint(err, "Failed to parse subnet mask %s", config.SubnetMask)
 	}

 	// if !bytes.Equal(subnet, s.ipnet.Mask) {
-	// 	s.closeConn() // in case it was already started
 	// 	return wrapErrPrint(err, "specified subnet mask %s does not meatch interface %s subnet mask %s", s.SubnetMask, s.InterfaceName, s.ipnet.Mask)
 	// }

-	router, err := parseIPv4(s.GatewayIP)
+	router, err := parseIPv4(config.GatewayIP)
 	if err != nil {
-		s.closeConn() // in case it was already started
-		return wrapErrPrint(err, "Failed to parse gateway IP %s", s.GatewayIP)
+		return wrapErrPrint(err, "Failed to parse gateway IP %s", config.GatewayIP)
 	}

 	s.leaseOptions = dhcp4.Options{
@@ -139,12 +146,21 @@ func (s *Server) Start(config *ServerConfig) error {
 		dhcp4.OptionDomainNameServer: s.ipnet.IP,
 	}

+	return nil
+}
+
+// Start will listen on port 67 and serve DHCP requests.
+func (s *Server) Start() error {
+
 	// TODO: don't close if interface and addresses are the same
 	if s.conn != nil {
 		s.closeConn()
 	}

-	s.dbLoad()
+	iface, err := net.InterfaceByName(s.conf.InterfaceName)
+	if err != nil {
+		return wrapErrPrint(err, "Couldn't find interface by name %s", s.conf.InterfaceName)
+	}

 	c, err := newFilterConn(*iface, ":67") // it has to be bound to 0.0.0.0:67, otherwise it won't see DHCP discover/request packets
 	if err != nil {
@@ -191,8 +207,6 @@ func (s *Server) Stop() error {
 		s.cond.Wait()
 	}
 	s.mutex.Unlock()
-
-	s.dbStore()
 	return nil
 }

@@ -219,6 +233,10 @@ func (s *Server) reserveLease(p dhcp4.Packet) (*Lease, error) {
 	lease := &Lease{HWAddr: hwaddr, Hostname: string(hostname)}

 	log.Tracef("Lease not found for %s: creating new one", hwaddr)
+
+	s.leasesLock.Lock()
+	defer s.leasesLock.Unlock()
+
 	ip, err := s.findFreeIP(hwaddr)
 	if err != nil {
 		i := s.findExpiredLease()
@@ -229,9 +247,8 @@ func (s *Server) reserveLease(p dhcp4.Packet) (*Lease, error) {
 		log.Tracef("Assigning IP address %s to %s (lease for %s expired at %s)",
 			s.leases[i].IP, hwaddr, s.leases[i].HWAddr, s.leases[i].Expiry)
 		lease.IP = s.leases[i].IP
-		s.Lock()
 		s.leases[i] = lease
-		s.Unlock()
+		s.dbStore()

 		s.reserveIP(lease.IP, hwaddr)
 		return lease, nil
@@ -239,9 +256,8 @@ func (s *Server) reserveLease(p dhcp4.Packet) (*Lease, error) {

 	log.Tracef("Assigning to %s IP address %s", hwaddr, ip.String())
 	lease.IP = ip
-	s.Lock()
 	s.leases = append(s.leases, lease)
-	s.Unlock()
+	s.dbStore()
 	return lease, nil
 }

@@ -261,7 +277,7 @@ func (s *Server) findLease(p dhcp4.Packet) *Lease {
 func (s *Server) findExpiredLease() int {
 	now := time.Now().Unix()
 	for i, lease := range s.leases {
-		if lease.Expiry.Unix() <= now {
+		if lease.Expiry.Unix() <= now && lease.Expiry.Unix() != leaseExpireStatic {
 			return i
 		}
 	}
@@ -269,11 +285,6 @@ func (s *Server) findExpiredLease() int {
 }

 func (s *Server) findFreeIP(hwaddr net.HardwareAddr) (net.IP, error) {
-	// if IP pool is nil, lazy initialize it
-	if s.IPpool == nil {
-		s.IPpool = make(map[[4]byte]net.HardwareAddr)
-	}
-
 	// go from start to end, find unreserved IP
 	var foundIP net.IP
 	for i := 0; i < dhcp4.IPRange(s.leaseStart, s.leaseStop); i++ {
@@ -361,7 +372,7 @@ func (s *Server) ServeDHCP(p dhcp4.Packet, msgType dhcp4.MessageType, options dh
 // Return TRUE if it doesn't reply, which probably means that the IP is available
 func (s *Server) addrAvailable(target net.IP) bool {

-	if s.ICMPTimeout == 0 {
+	if s.conf.ICMPTimeout == 0 {
 		return true
 	}

@@ -372,7 +383,7 @@ func (s *Server) addrAvailable(target net.IP) bool {
 	}

 	pinger.SetPrivileged(true)
-	pinger.Timeout = time.Duration(s.ICMPTimeout) * time.Millisecond
+	pinger.Timeout = time.Duration(s.conf.ICMPTimeout) * time.Millisecond
 	pinger.Count = 1
 	reply := false
 	pinger.OnRecv = func(pkt *ping.Packet) {
@@ -394,12 +405,13 @@ func (s *Server) addrAvailable(target net.IP) bool {
 // Add the specified IP to the black list for a time period
 func (s *Server) blacklistLease(lease *Lease) {
 	hw := make(net.HardwareAddr, 6)
+	s.leasesLock.Lock()
 	s.reserveIP(lease.IP, hw)
-	s.Lock()
 	lease.HWAddr = hw
 	lease.Hostname = ""
 	lease.Expiry = time.Now().Add(s.leaseTime)
-	s.Unlock()
+	s.dbStore()
+	s.leasesLock.Unlock()
 }

 // Return TRUE if DHCP packet is correct
@@ -516,21 +528,102 @@ func (s *Server) handleDecline(p dhcp4.Packet, options dhcp4.Options) dhcp4.Pack
 	return nil
 }

+// AddStaticLease adds a static lease (thread-safe)
+func (s *Server) AddStaticLease(l Lease) error {
+	if s.IPpool == nil {
+		return fmt.Errorf("DHCP server isn't started")
+	}
+
+	if len(l.IP) != 4 {
+		return fmt.Errorf("Invalid IP")
+	}
+	if len(l.HWAddr) != 6 {
+		return fmt.Errorf("Invalid MAC")
+	}
+	l.Expiry = time.Unix(leaseExpireStatic, 0)
+
+	s.leasesLock.Lock()
+	defer s.leasesLock.Unlock()
+
+	if s.findReservedHWaddr(l.IP) != nil {
+		return fmt.Errorf("IP is already used")
+	}
+	s.leases = append(s.leases, &l)
+	s.reserveIP(l.IP, l.HWAddr)
+	s.dbStore()
+	return nil
+}
+
+// RemoveStaticLease removes a static lease (thread-safe)
+func (s *Server) RemoveStaticLease(l Lease) error {
+	if s.IPpool == nil {
+		return fmt.Errorf("DHCP server isn't started")
+	}
+
+	if len(l.IP) != 4 {
+		return fmt.Errorf("Invalid IP")
+	}
+	if len(l.HWAddr) != 6 {
+		return fmt.Errorf("Invalid MAC")
+	}
+
+	s.leasesLock.Lock()
+	defer s.leasesLock.Unlock()
+
+	if s.findReservedHWaddr(l.IP) == nil {
+		return fmt.Errorf("Lease not found")
+	}
+
+	var newLeases []*Lease
+	for _, lease := range s.leases {
+		if bytes.Equal(lease.IP.To4(), l.IP) {
+			if !bytes.Equal(lease.HWAddr, l.HWAddr) ||
+				lease.Hostname != l.Hostname {
+				return fmt.Errorf("Lease not found")
+			}
+			continue
+		}
+		newLeases = append(newLeases, lease)
+	}
+	s.leases = newLeases
+	s.unreserveIP(l.IP)
+	s.dbStore()
+	return nil
+}
+
 // Leases returns the list of current DHCP leases (thread-safe)
 func (s *Server) Leases() []Lease {
 	var result []Lease
 	now := time.Now().Unix()
-	s.RLock()
+	s.leasesLock.RLock()
 	for _, lease := range s.leases {
 		if lease.Expiry.Unix() > now {
 			result = append(result, *lease)
 		}
 	}
-	s.RUnlock()
+	s.leasesLock.RUnlock()

 	return result
 }

+// StaticLeases returns the list of statically-configured DHCP leases (thread-safe)
+func (s *Server) StaticLeases() []Lease {
+	s.leasesLock.Lock()
+	defer s.leasesLock.Unlock()
+
+	if s.IPpool == nil {
+		s.dbLoad()
+	}
+
+	var result []Lease
+	for _, lease := range s.leases {
+		if lease.Expiry.Unix() == 1 {
+			result = append(result, *lease)
+		}
+	}
+	return result
+}
+
 // Print information about the current leases
 func (s *Server) printLeases() {
 	log.Tracef("Leases:")
@@ -540,10 +633,23 @@ func (s *Server) printLeases() {
 	}
 }

+// FindIPbyMAC finds an IP address by MAC address in the currently active DHCP leases
+func (s *Server) FindIPbyMAC(mac net.HardwareAddr) net.IP {
+	now := time.Now().Unix()
+	s.leasesLock.RLock()
+	defer s.leasesLock.RUnlock()
+	for _, l := range s.leases {
+		if l.Expiry.Unix() > now && bytes.Equal(mac, l.HWAddr) {
+			return l.IP
+		}
+	}
+	return nil
+}
+
 // Reset internal state
 func (s *Server) reset() {
-	s.Lock()
+	s.leasesLock.Lock()
 	s.leases = nil
-	s.Unlock()
 	s.IPpool = make(map[[4]byte]net.HardwareAddr)
+	s.leasesLock.Unlock()
 }
--- a/dhcpd/dhcpd_test.go
+++ b/dhcpd/dhcpd_test.go
@@ -26,6 +26,7 @@ func TestDHCP(t *testing.T) {
 	var lease *Lease
 	var opt dhcp4.Options

+	s.reset()
 	s.leaseStart = []byte{1, 1, 1, 1}
 	s.leaseStop = []byte{1, 1, 1, 2}
 	s.leaseTime = 5 * time.Second
@@ -37,12 +38,19 @@ func TestDHCP(t *testing.T) {

 	p = make(dhcp4.Packet, 241)

-	// Reserve an IP
+	// Discover and reserve an IP
 	hw = []byte{3, 2, 3, 4, 5, 6}
 	p.SetCHAddr(hw)
-	lease, _ = s.reserveLease(p)
-	check(t, bytes.Equal(lease.HWAddr, hw), "lease.HWAddr")
-	check(t, bytes.Equal(lease.IP, []byte{1, 1, 1, 1}), "lease.IP")
+	p.SetCIAddr([]byte{0, 0, 0, 0})
+	opt = make(dhcp4.Options, 10)
+	p2 = s.handleDiscover(p, opt)
+	opt = p2.ParseOptions()
+	check(t, bytes.Equal(opt[dhcp4.OptionDHCPMessageType], []byte{byte(dhcp4.Offer)}), "dhcp4.Offer")
+	check(t, bytes.Equal(p2.YIAddr(), []byte{1, 1, 1, 1}), "p2.YIAddr")
+	check(t, bytes.Equal(p2.CHAddr(), hw), "p2.CHAddr")
+	check(t, bytes.Equal(opt[dhcp4.OptionIPAddressLeaseTime], dhcp4.OptionsLeaseTime(5*time.Second)), "OptionIPAddressLeaseTime")
+	check(t, bytes.Equal(opt[dhcp4.OptionServerIdentifier], s.ipnet.IP), "OptionServerIdentifier")
+
 	lease = s.findLease(p)
 	check(t, bytes.Equal(lease.HWAddr, hw), "lease.HWAddr")
 	check(t, bytes.Equal(lease.IP, []byte{1, 1, 1, 1}), "lease.IP")
@@ -87,6 +95,8 @@ func TestDHCP(t *testing.T) {
 	check(t, bytes.Equal(opt[dhcp4.OptionIPAddressLeaseTime], dhcp4.OptionsLeaseTime(5*time.Second)), "OptionIPAddressLeaseTime")
 	check(t, bytes.Equal(opt[dhcp4.OptionServerIdentifier], s.ipnet.IP), "OptionServerIdentifier")

+	check(t, bytes.Equal(s.FindIPbyMAC(hw), []byte{1, 1, 1, 1}), "FindIPbyMAC")
+
 	// Commit the previously reserved lease #2
 	hw = []byte{2, 2, 3, 4, 5, 6}
 	p.SetCHAddr(hw)
@@ -102,10 +112,28 @@ func TestDHCP(t *testing.T) {
 	lease, _ = s.reserveLease(p)
 	check(t, lease == nil, "lease == nil")

+	s.reset()
+	testStaticLeases(t, &s)
+
 	s.reset()
 	misc(t, &s)
 }

+func testStaticLeases(t *testing.T, s *Server) {
+	var err error
+	var l Lease
+	l.IP = []byte{1, 1, 1, 1}
+	l.HWAddr = []byte{2, 2, 3, 4, 5, 6}
+	err = s.AddStaticLease(l)
+	check(t, err == nil, "AddStaticLease")
+
+	ll := s.StaticLeases()
+	check(t, len(ll) != 0 && bytes.Equal(ll[0].IP, []byte{1, 1, 1, 1}), "StaticLeases")
+
+	err = s.RemoveStaticLease(l)
+	check(t, err == nil, "RemoveStaticLease")
+}
+
 // Small tests that don't require a static server's state
 func misc(t *testing.T, s *Server) {
 	var p, p2 dhcp4.Packet
@@ -132,6 +160,7 @@ func TestDB(t *testing.T) {
 	var hw1, hw2 net.HardwareAddr
 	var lease *Lease

+	s.reset()
 	s.leaseStart = []byte{1, 1, 1, 1}
 	s.leaseStop = []byte{1, 1, 1, 2}
 	s.leaseTime = 5 * time.Second
@@ -168,3 +197,15 @@ func TestDB(t *testing.T) {

 	os.Remove("leases.db")
 }
+
+func TestIsValidSubnetMask(t *testing.T) {
+	if !isValidSubnetMask([]byte{255, 255, 255, 0}) {
+		t.Fatalf("isValidSubnetMask([]byte{255,255,255,0})")
+	}
+	if isValidSubnetMask([]byte{255, 255, 253, 0}) {
+		t.Fatalf("isValidSubnetMask([]byte{255,255,253,0})")
+	}
+	if isValidSubnetMask([]byte{0, 255, 255, 255}) {
+		t.Fatalf("isValidSubnetMask([]byte{255,255,253,0})")
+	}
+}
--- a/dhcpd/helpers.go
+++ b/dhcpd/helpers.go
@@ -1,6 +1,7 @@
 package dhcpd

 import (
+	"encoding/binary"
 	"fmt"
 	"net"

@@ -65,3 +66,19 @@ func parseIPv4(text string) (net.IP, error) {
 	}
 	return result.To4(), nil
 }
+
+// Return TRUE if subnet mask is correct (e.g. 255.255.255.0)
+func isValidSubnetMask(mask net.IP) bool {
+	var n uint32
+	n = binary.BigEndian.Uint32(mask)
+	for i := 0; i != 32; i++ {
+		if n == 0 {
+			break
+		}
+		if (n & 0x80000000) == 0 {
+			return false
+		}
+		n <<= 1
+	}
+	return true
+}
--- a/dhcpd/standalone/main.go
+++ b/dhcpd/standalone/main.go
@@ -54,7 +54,11 @@ func main() {
 		GatewayIP:     "192.168.7.1",
 	}
 	log.Printf("Starting DHCP server")
-	err = server.Start(&config)
+	err = server.Init(config)
+	if err != nil {
+		panic(err)
+	}
+	err = server.Start()
 	if err != nil {
 		panic(err)
 	}
@@ -66,12 +70,12 @@ func main() {
 		panic(err)
 	}
 	log.Printf("Starting DHCP server")
-	err = server.Start(&config)
+	err = server.Start()
 	if err != nil {
 		panic(err)
 	}
 	log.Printf("Starting DHCP server while it's already running")
-	err = server.Start(&config)
+	err = server.Start()
 	if err != nil {
 		panic(err)
 	}
--- a/dns.go
+++ b/dns.go
@@ -1,115 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"net"
-	"os"
-
-	"github.com/AdguardTeam/AdGuardHome/dnsfilter"
-	"github.com/AdguardTeam/AdGuardHome/dnsforward"
-	"github.com/AdguardTeam/dnsproxy/proxy"
-	"github.com/AdguardTeam/golibs/log"
-	"github.com/joomcode/errorx"
-)
-
-var dnsServer *dnsforward.Server
-
-// initDNSServer creates an instance of the dnsforward.Server
-// Please note that we must do it even if we don't start it
-// so that we had access to the query log and the stats
-func initDNSServer(baseDir string) {
-	err := os.MkdirAll(baseDir, 0755)
-	if err != nil {
-		log.Fatalf("Cannot create DNS data dir at %s: %s", baseDir, err)
-	}
-
-	dnsServer = dnsforward.NewServer(baseDir)
-}
-
-func isRunning() bool {
-	return dnsServer != nil && dnsServer.IsRunning()
-}
-
-func generateServerConfig() dnsforward.ServerConfig {
-	filters := []dnsfilter.Filter{}
-	userFilter := userFilter()
-	filters = append(filters, dnsfilter.Filter{
-		ID:    userFilter.ID,
-		Rules: userFilter.Rules,
-	})
-	for _, filter := range config.Filters {
-		filters = append(filters, dnsfilter.Filter{
-			ID:    filter.ID,
-			Rules: filter.Rules,
-		})
-	}
-
-	newconfig := dnsforward.ServerConfig{
-		UDPListenAddr:   &net.UDPAddr{IP: net.ParseIP(config.DNS.BindHost), Port: config.DNS.Port},
-		TCPListenAddr:   &net.TCPAddr{IP: net.ParseIP(config.DNS.BindHost), Port: config.DNS.Port},
-		FilteringConfig: config.DNS.FilteringConfig,
-		Filters:         filters,
-	}
-	bindhost := config.DNS.BindHost
-	if config.DNS.BindHost == "0.0.0.0" {
-		bindhost = "127.0.0.1"
-	}
-	newconfig.ResolverAddress = fmt.Sprintf("%s:%d", bindhost, config.DNS.Port)
-
-	if config.TLS.Enabled {
-		newconfig.TLSConfig = config.TLS.TLSConfig
-		if config.TLS.PortDNSOverTLS != 0 {
-			newconfig.TLSListenAddr = &net.TCPAddr{IP: net.ParseIP(config.DNS.BindHost), Port: config.TLS.PortDNSOverTLS}
-		}
-	}
-
-	upstreamConfig, err := proxy.ParseUpstreamsConfig(config.DNS.UpstreamDNS, config.DNS.BootstrapDNS, dnsforward.DefaultTimeout)
-	if err != nil {
-		log.Error("Couldn't get upstreams configuration cause: %s", err)
-	}
-	newconfig.Upstreams = upstreamConfig.Upstreams
-	newconfig.DomainsReservedUpstreams = upstreamConfig.DomainReservedUpstreams
-	newconfig.AllServers = config.DNS.AllServers
-	return newconfig
-}
-
-func startDNSServer() error {
-	if isRunning() {
-		return fmt.Errorf("unable to start forwarding DNS server: Already running")
-	}
-
-	newconfig := generateServerConfig()
-	err := dnsServer.Start(&newconfig)
-	if err != nil {
-		return errorx.Decorate(err, "Couldn't start forwarding DNS server")
-	}
-
-	return nil
-}
-
-func reconfigureDNSServer() error {
-	if !isRunning() {
-		return fmt.Errorf("Refusing to reconfigure forwarding DNS server: not running")
-	}
-
-	config := generateServerConfig()
-	err := dnsServer.Reconfigure(&config)
-	if err != nil {
-		return errorx.Decorate(err, "Couldn't start forwarding DNS server")
-	}
-
-	return nil
-}
-
-func stopDNSServer() error {
-	if !isRunning() {
-		return fmt.Errorf("Refusing to stop forwarding DNS server: not running")
-	}
-
-	err := dnsServer.Stop()
-	if err != nil {
-		return errorx.Decorate(err, "Couldn't stop forwarding DNS server")
-	}
-
-	return nil
-}
--- a/dnsfilter/dnsfilter.go
+++ b/dnsfilter/dnsfilter.go
@@ -11,15 +11,18 @@ import (
 	"io/ioutil"
 	"net"
 	"net/http"
-	"regexp"
+	"os"
 	"strings"
-	"sync"
 	"sync/atomic"
 	"time"

+	"github.com/joomcode/errorx"
+
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/urlfilter"
 	"github.com/bluele/gcache"
+	"github.com/miekg/dns"
 	"golang.org/x/net/publicsuffix"
 )

@@ -30,28 +33,31 @@ const defaultHTTPTimeout = 5 * time.Minute
 const defaultHTTPMaxIdleConnections = 100

 const defaultSafebrowsingServer = "sb.adtidy.org"
-const defaultSafebrowsingURL = "http://%s/safebrowsing-lookup-hash.html?prefixes=%s"
+const defaultSafebrowsingURL = "%s://%s/safebrowsing-lookup-hash.html?prefixes=%s"
 const defaultParentalServer = "pctrl.adguard.com"
-const defaultParentalURL = "http://%s/check-parental-control-hash?prefixes=%s&sensitivity=%d"
+const defaultParentalURL = "%s://%s/check-parental-control-hash?prefixes=%s&sensitivity=%d"
+const defaultParentalSensitivity = 13 // use "TEEN" by default
+const maxDialCacheSize = 2            // the number of host names for safebrowsing and parental control

-// ErrInvalidSyntax is returned by AddRule when the rule is invalid
-var ErrInvalidSyntax = errors.New("dnsfilter: invalid rule syntax")
-
-// ErrAlreadyExists is returned by AddRule when the rule was already added to the filter
-var ErrAlreadyExists = errors.New("dnsfilter: rule was already added")
-
-const shortcutLength = 6 // used for rule search optimization, 6 hits the sweet spot
-
-const enableFastLookup = true         // flag for debugging, must be true in production for faster performance
-const enableDelayedCompilation = true // flag for debugging, must be true in production for faster performance
+// Custom filtering settings
+type RequestFilteringSettings struct {
+	FilteringEnabled    bool
+	SafeSearchEnabled   bool
+	SafeBrowsingEnabled bool
+	ParentalEnabled     bool
+}

 // Config allows you to configure DNS filtering with New() or just change variables directly.
 type Config struct {
 	ParentalSensitivity int    `yaml:"parental_sensitivity"` // must be either 3, 10, 13 or 17
 	ParentalEnabled     bool   `yaml:"parental_enabled"`
+	UsePlainHTTP        bool   `yaml:"-"` // use plain HTTP for requests to parental and safe browsing servers
 	SafeSearchEnabled   bool   `yaml:"safesearch_enabled"`
 	SafeBrowsingEnabled bool   `yaml:"safebrowsing_enabled"`
 	ResolverAddress     string // DNS server address
+
+	// Filtering callback function
+	FilterHandler func(clientAddr string, settings *RequestFilteringSettings) `yaml:"-"`
 }

 type privateConfig struct {
@@ -59,33 +65,6 @@ type privateConfig struct {
 	safeBrowsingServer string // access via methods
 }

-type rule struct {
-	text         string // text without @@ decorators or $ options
-	shortcut     string // for speeding up lookup
-	originalText string // original text for reporting back to applications
-	ip           net.IP // IP address (for the case when we're matching a hosts file)
-
-	// options
-	options []string // optional options after $
-
-	// parsed options
-	apps        []string
-	isWhitelist bool
-	isImportant bool
-
-	// user-supplied data
-	listID int64
-
-	// suffix matching
-	isSuffix bool
-	suffix   string
-
-	// compiled regexp
-	compiled *regexp.Regexp
-
-	sync.RWMutex
-}
-
 // LookupStats store stats collected during safebrowsing or parental checks
 type LookupStats struct {
 	Requests   uint64 // number of HTTP requests that were sent
@@ -103,13 +82,8 @@ type Stats struct {

 // Dnsfilter holds added rules and performs hostname matches against the rules
 type Dnsfilter struct {
-	storage      map[string]bool // rule storage, not used for matching, just for filtering out duplicates
-	storageMutex sync.RWMutex
-
-	// rules are checked against these lists in the order defined here
-	important *rulesTable // more important than whitelist and is checked first
-	whiteList *rulesTable // more important than blacklist
-	blackList *rulesTable
+	rulesStorage    *urlfilter.RuleStorage
+	filteringEngine *urlfilter.DNSEngine

 	// HTTP lookups for safebrowsing and parental
 	client    http.Client     // handle for http client -- single instance as recommended by docs
@@ -121,8 +95,9 @@ type Dnsfilter struct {

 // Filter represents a filter list
 type Filter struct {
-	ID    int64    `json:"id"`         // auto-assigned when filter is added (see nextFilterID), json by default keeps ID uppercase but we need lowercase
-	Rules []string `json:"-" yaml:"-"` // not in yaml or json
+	ID       int64  `json:"id"`         // auto-assigned when filter is added (see nextFilterID), json by default keeps ID uppercase but we need lowercase
+	Data     []byte `json:"-" yaml:"-"` // List of rules divided by '\n'
+	FilePath string `json:"-" yaml:"-"` // Path to a filtering rules file
 }

 //go:generate stringer -type=Reason
@@ -154,13 +129,15 @@ const (
 	FilteredSafeSearch
 )

-// these variables need to survive coredns reload
-var (
+type dnsFilterContext struct {
 	stats             Stats
+	dialCache         gcache.Cache // "host" -> "IP" cache for safebrowsing and parental control servers
 	safebrowsingCache gcache.Cache
 	parentalCache     gcache.Cache
 	safeSearchCache   gcache.Cache
-)
+}
+
+var gctx dnsFilterContext // global dnsfilter context

 // Result holds state of hostname check
 type Result struct {
@@ -177,7 +154,7 @@ func (r Reason) Matched() bool {
 }

 // CheckHost tries to match host against rules, then safebrowsing and parental if they are enabled
-func (d *Dnsfilter) CheckHost(host string) (Result, error) {
+func (d *Dnsfilter) CheckHost(host string, qtype uint16, clientAddr string) (Result, error) {
 	// sometimes DNS clients will try to resolve ".", which is a request to get root servers
 	if host == "" {
 		return Result{Reason: NotFilteredNotFound}, nil
@@ -188,17 +165,30 @@ func (d *Dnsfilter) CheckHost(host string) (Result, error) {
 		return Result{}, nil
 	}

-	// try filter lists first
-	result, err := d.matchHost(host)
-	if err != nil {
-		return result, err
+	var setts RequestFilteringSettings
+	setts.FilteringEnabled = true
+	setts.SafeSearchEnabled = d.SafeSearchEnabled
+	setts.SafeBrowsingEnabled = d.SafeBrowsingEnabled
+	setts.ParentalEnabled = d.ParentalEnabled
+	if len(clientAddr) != 0 && d.FilterHandler != nil {
+		d.FilterHandler(clientAddr, &setts)
 	}
-	if result.Reason.Matched() {
-		return result, nil
+
+	var result Result
+	var err error
+	// try filter lists first
+	if setts.FilteringEnabled {
+		result, err = d.matchHost(host, qtype)
+		if err != nil {
+			return result, err
+		}
+		if result.Reason.Matched() {
+			return result, nil
+		}
 	}

 	// check safeSearch if no match
-	if d.SafeSearchEnabled {
+	if setts.SafeSearchEnabled {
 		result, err = d.checkSafeSearch(host)
 		if err != nil {
 			log.Printf("Failed to safesearch HTTP lookup, ignoring check: %v", err)
@@ -211,7 +201,7 @@ func (d *Dnsfilter) CheckHost(host string) (Result, error) {
 	}

 	// check safebrowsing if no match
-	if d.SafeBrowsingEnabled {
+	if setts.SafeBrowsingEnabled {
 		result, err = d.checkSafeBrowsing(host)
 		if err != nil {
 			// failed to do HTTP lookup -- treat it as if we got empty response, but don't save cache
@@ -224,7 +214,7 @@ func (d *Dnsfilter) CheckHost(host string) (Result, error) {
 	}

 	// check parental if no match
-	if d.ParentalEnabled {
+	if setts.ParentalEnabled {
 		result, err = d.checkParental(host)
 		if err != nil {
 			// failed to do HTTP lookup -- treat it as if we got empty response, but don't save cache
@@ -240,308 +230,6 @@ func (d *Dnsfilter) CheckHost(host string) (Result, error) {
 	return Result{}, nil
 }

-//
-// rules table
-//
-
-type rulesTable struct {
-	rulesByHost     map[string]*rule
-	rulesByShortcut map[string][]*rule
-	rulesLeftovers  []*rule
-	sync.RWMutex
-}
-
-func newRulesTable() *rulesTable {
-	return &rulesTable{
-		rulesByHost:     make(map[string]*rule),
-		rulesByShortcut: make(map[string][]*rule),
-		rulesLeftovers:  make([]*rule, 0),
-	}
-}
-
-func (r *rulesTable) Add(rule *rule) {
-	r.Lock()
-	if rule.ip != nil {
-		// Hosts syntax
-		r.rulesByHost[rule.text] = rule
-	} else if len(rule.shortcut) == shortcutLength && enableFastLookup {
-		// Adblock syntax with a shortcut
-		r.rulesByShortcut[rule.shortcut] = append(r.rulesByShortcut[rule.shortcut], rule)
-	} else {
-		// Adblock syntax -- too short to have a shortcut
-		r.rulesLeftovers = append(r.rulesLeftovers, rule)
-	}
-	r.Unlock()
-}
-
-func (r *rulesTable) matchByHost(host string) (Result, error) {
-	// First: examine the hosts-syntax rules
-	res, err := r.searchByHost(host)
-	if err != nil {
-		return res, err
-	}
-	if res.Reason.Matched() {
-		return res, nil
-	}
-
-	// Second: examine the adblock-syntax rules with shortcuts
-	res, err = r.searchShortcuts(host)
-	if err != nil {
-		return res, err
-	}
-	if res.Reason.Matched() {
-		return res, nil
-	}
-
-	// Third: examine the others
-	res, err = r.searchLeftovers(host)
-	if err != nil {
-		return res, err
-	}
-	if res.Reason.Matched() {
-		return res, nil
-	}
-
-	return Result{}, nil
-}
-
-func (r *rulesTable) searchByHost(host string) (Result, error) {
-	rule, ok := r.rulesByHost[host]
-
-	if ok {
-		return rule.match(host)
-	}
-
-	return Result{}, nil
-}
-
-func (r *rulesTable) searchShortcuts(host string) (Result, error) {
-	// check in shortcuts first
-	for i := 0; i < len(host); i++ {
-		shortcut := host[i:]
-		if len(shortcut) > shortcutLength {
-			shortcut = shortcut[:shortcutLength]
-		}
-		if len(shortcut) != shortcutLength {
-			continue
-		}
-		rules, ok := r.rulesByShortcut[shortcut]
-		if !ok {
-			continue
-		}
-		for _, rule := range rules {
-			res, err := rule.match(host)
-			// error? stop search
-			if err != nil {
-				return res, err
-			}
-			// matched? stop search
-			if res.Reason.Matched() {
-				return res, err
-			}
-			// continue otherwise
-		}
-	}
-	return Result{}, nil
-}
-
-func (r *rulesTable) searchLeftovers(host string) (Result, error) {
-	for _, rule := range r.rulesLeftovers {
-		res, err := rule.match(host)
-		// error? stop search
-		if err != nil {
-			return res, err
-		}
-		// matched? stop search
-		if res.Reason.Matched() {
-			return res, err
-		}
-		// continue otherwise
-	}
-	return Result{}, nil
-}
-
-func findOptionIndex(text string) int {
-	for i, r := range text {
-		// ignore non-$
-		if r != '$' {
-			continue
-		}
-		// ignore `\$`
-		if i > 0 && text[i-1] == '\\' {
-			continue
-		}
-		// ignore `$/`
-		if i > len(text) && text[i+1] == '/' {
-			continue
-		}
-		return i + 1
-	}
-	return -1
-}
-
-func (rule *rule) extractOptions() error {
-	optIndex := findOptionIndex(rule.text)
-	if optIndex == 0 { // starts with $
-		return ErrInvalidSyntax
-	}
-	if optIndex == len(rule.text) { // ends with $
-		return ErrInvalidSyntax
-	}
-	if optIndex < 0 {
-		return nil
-	}
-
-	optionsStr := rule.text[optIndex:]
-	rule.text = rule.text[:optIndex-1] // remove options from text
-
-	begin := 0
-	i := 0
-	for i = 0; i < len(optionsStr); i++ {
-		switch optionsStr[i] {
-		case ',':
-			if i > 0 {
-				// it might be escaped, if so, ignore
-				if optionsStr[i-1] == '\\' {
-					break // from switch, not for loop
-				}
-			}
-			rule.options = append(rule.options, optionsStr[begin:i])
-			begin = i + 1
-		}
-	}
-	if begin != i {
-		// there's still an option remaining
-		rule.options = append(rule.options, optionsStr[begin:])
-	}
-
-	return nil
-}
-
-func (rule *rule) parseOptions() error {
-	err := rule.extractOptions()
-	if err != nil {
-		return err
-	}
-
-	for _, option := range rule.options {
-		switch {
-		case option == "important":
-			rule.isImportant = true
-		case strings.HasPrefix(option, "app="):
-			option = strings.TrimPrefix(option, "app=")
-			rule.apps = strings.Split(option, "|")
-		default:
-			return ErrInvalidSyntax
-		}
-	}
-
-	return nil
-}
-
-func (rule *rule) extractShortcut() {
-	// regex rules have no shortcuts
-	if rule.text[0] == '/' && rule.text[len(rule.text)-1] == '/' {
-		return
-	}
-
-	fields := strings.FieldsFunc(rule.text, func(r rune) bool {
-		switch r {
-		case '*', '^', '|':
-			return true
-		}
-		return false
-	})
-	longestField := ""
-	for _, field := range fields {
-		if len(field) > len(longestField) {
-			longestField = field
-		}
-	}
-	if len(longestField) > shortcutLength {
-		longestField = longestField[:shortcutLength]
-	}
-	rule.shortcut = strings.ToLower(longestField)
-}
-
-func (rule *rule) compile() error {
-	rule.RLock()
-	isCompiled := rule.isSuffix || rule.compiled != nil
-	rule.RUnlock()
-	if isCompiled {
-		return nil
-	}
-
-	isSuffix, suffix := getSuffix(rule.text)
-	if isSuffix {
-		rule.Lock()
-		rule.isSuffix = isSuffix
-		rule.suffix = suffix
-		rule.Unlock()
-		return nil
-	}
-
-	expr, err := ruleToRegexp(rule.text)
-	if err != nil {
-		return err
-	}
-
-	compiled, err := regexp.Compile(expr)
-	if err != nil {
-		return err
-	}
-
-	rule.Lock()
-	rule.compiled = compiled
-	rule.Unlock()
-
-	return nil
-}
-
-// Checks if the rule matches the specified host and returns a corresponding Result object
-func (rule *rule) match(host string) (Result, error) {
-	res := Result{}
-
-	if rule.ip != nil && rule.text == host {
-		// This is a hosts-syntax rule -- just check that the hostname matches and return the result
-		return Result{
-			IsFiltered: true,
-			Reason:     FilteredBlackList,
-			Rule:       rule.originalText,
-			IP:         rule.ip,
-			FilterID:   rule.listID,
-		}, nil
-	}
-
-	err := rule.compile()
-	if err != nil {
-		return res, err
-	}
-	rule.RLock()
-	matched := false
-	if rule.isSuffix {
-		if host == rule.suffix {
-			matched = true
-		} else if strings.HasSuffix(host, "."+rule.suffix) {
-			matched = true
-		}
-	} else {
-		matched = rule.compiled.MatchString(host)
-	}
-	rule.RUnlock()
-	if matched {
-		res.Reason = FilteredBlackList
-		res.IsFiltered = true
-		res.FilterID = rule.listID
-		res.Rule = rule.originalText
-		if rule.isWhitelist {
-			res.Reason = NotFilteredWhiteList
-			res.IsFiltered = false
-		}
-	}
-	return res, nil
-}
-
 func getCachedReason(cache gcache.Cache, host string) (result Result, isFound bool, err error) {
 	isFound = false // not found yet

@@ -612,14 +300,10 @@ func (d *Dnsfilter) checkSafeSearch(host string) (Result, error) {
 		defer timer.LogElapsed("SafeSearch HTTP lookup for %s", host)
 	}

-	if safeSearchCache == nil {
-		safeSearchCache = gcache.New(defaultCacheSize).LRU().Expiration(defaultCacheTime).Build()
-	}
-
 	// Check cache. Return cached result if it was found
-	cachedValue, isFound, err := getCachedReason(safeSearchCache, host)
+	cachedValue, isFound, err := getCachedReason(gctx.safeSearchCache, host)
 	if isFound {
-		atomic.AddUint64(&stats.Safesearch.CacheHits, 1)
+		atomic.AddUint64(&gctx.stats.Safesearch.CacheHits, 1)
 		log.Tracef("%s: found in SafeSearch cache", host)
 		return cachedValue, nil
 	}
@@ -636,7 +320,7 @@ func (d *Dnsfilter) checkSafeSearch(host string) (Result, error) {
 	res := Result{IsFiltered: true, Reason: FilteredSafeSearch}
 	if ip := net.ParseIP(safeHost); ip != nil {
 		res.IP = ip
-		err = safeSearchCache.Set(host, res)
+		err = gctx.safeSearchCache.Set(host, res)
 		if err != nil {
 			return Result{}, nil
 		}
@@ -663,7 +347,7 @@ func (d *Dnsfilter) checkSafeSearch(host string) (Result, error) {
 	}

 	// Cache result
-	err = safeSearchCache.Set(host, res)
+	err = gctx.safeSearchCache.Set(host, res)
 	if err != nil {
 		return Result{}, nil
 	}
@@ -677,7 +361,11 @@ func (d *Dnsfilter) checkSafeBrowsing(host string) (Result, error) {
 	}

 	format := func(hashparam string) string {
-		url := fmt.Sprintf(defaultSafebrowsingURL, d.safeBrowsingServer, hashparam)
+		schema := "https"
+		if d.UsePlainHTTP {
+			schema = "http"
+		}
+		url := fmt.Sprintf(defaultSafebrowsingURL, schema, d.safeBrowsingServer, hashparam)
 		return url
 	}
 	handleBody := func(body []byte, hashes map[string]bool) (Result, error) {
@@ -705,10 +393,7 @@ func (d *Dnsfilter) checkSafeBrowsing(host string) (Result, error) {
 		}
 		return result, nil
 	}
-	if safebrowsingCache == nil {
-		safebrowsingCache = gcache.New(defaultCacheSize).LRU().Expiration(defaultCacheTime).Build()
-	}
-	result, err := d.lookupCommon(host, &stats.Safebrowsing, safebrowsingCache, true, format, handleBody)
+	result, err := d.lookupCommon(host, &gctx.stats.Safebrowsing, gctx.safebrowsingCache, true, format, handleBody)
 	return result, err
 }

@@ -719,7 +404,15 @@ func (d *Dnsfilter) checkParental(host string) (Result, error) {
 	}

 	format := func(hashparam string) string {
-		url := fmt.Sprintf(defaultParentalURL, d.parentalServer, hashparam, d.ParentalSensitivity)
+		schema := "https"
+		if d.UsePlainHTTP {
+			schema = "http"
+		}
+		sensitivity := d.ParentalSensitivity
+		if sensitivity == 0 {
+			sensitivity = defaultParentalSensitivity
+		}
+		url := fmt.Sprintf(defaultParentalURL, schema, d.parentalServer, hashparam, sensitivity)
 		return url
 	}
 	handleBody := func(body []byte, hashes map[string]bool) (Result, error) {
@@ -752,10 +445,7 @@ func (d *Dnsfilter) checkParental(host string) (Result, error) {
 		}
 		return result, nil
 	}
-	if parentalCache == nil {
-		parentalCache = gcache.New(defaultCacheSize).LRU().Expiration(defaultCacheTime).Build()
-	}
-	result, err := d.lookupCommon(host, &stats.Parental, parentalCache, false, format, handleBody)
+	result, err := d.lookupCommon(host, &gctx.stats.Parental, gctx.parentalCache, false, format, handleBody)
 	return result, err
 }

@@ -836,135 +526,112 @@ func (d *Dnsfilter) lookupCommon(host string, lookupstats *LookupStats, cache gc
 // Adding rule and matching against the rules
 //

-// AddRules is a convinience function to add an array of filters in one call
-func (d *Dnsfilter) AddRules(filters []Filter) error {
-	for _, f := range filters {
-		for _, rule := range f.Rules {
-			err := d.AddRule(rule, f.ID)
-			if err == ErrAlreadyExists || err == ErrInvalidSyntax {
-				continue
-			}
-			if err != nil {
-				log.Printf("Cannot add rule %s: %s", rule, err)
-				// Just ignore invalid rules
-				continue
-			}
-		}
-	}
-	return nil
-}
-
-// AddRule adds a rule, checking if it is a valid rule first and if it wasn't added already
-func (d *Dnsfilter) AddRule(input string, filterListID int64) error {
-	input = strings.TrimSpace(input)
-	d.storageMutex.RLock()
-	_, exists := d.storage[input]
-	d.storageMutex.RUnlock()
-	if exists {
-		// already added
-		return ErrAlreadyExists
-	}
-
-	if !isValidRule(input) {
-		return ErrInvalidSyntax
-	}
-
-	// First, check if this is a hosts-syntax rule
-	if d.parseEtcHosts(input, filterListID) {
-		// This is a valid hosts-syntax rule, no need for further parsing
-		return nil
-	}
-
-	// Start parsing the rule
-	r := rule{
-		text:         input, // will be modified
-		originalText: input,
-		listID:       filterListID,
-	}
-
-	// Mark rule as whitelist if it starts with @@
-	if strings.HasPrefix(r.text, "@@") {
-		r.isWhitelist = true
-		r.text = r.text[2:]
-	}
-
-	err := r.parseOptions()
+// Return TRUE if file exists
+func fileExists(fn string) bool {
+	_, err := os.Stat(fn)
 	if err != nil {
-		return err
-	}
-
-	r.extractShortcut()
-
-	if !enableDelayedCompilation {
-		err := r.compile()
-		if err != nil {
-			return err
-		}
-	}
-
-	destination := d.blackList
-	if r.isImportant {
-		destination = d.important
-	} else if r.isWhitelist {
-		destination = d.whiteList
-	}
-
-	d.storageMutex.Lock()
-	d.storage[input] = true
-	d.storageMutex.Unlock()
-	destination.Add(&r)
-	return nil
-}
-
-// Parses the hosts-syntax rules. Returns false if the input string is not of hosts-syntax.
-func (d *Dnsfilter) parseEtcHosts(input string, filterListID int64) bool {
-	// Strip the trailing comment
-	ruleText := input
-	if pos := strings.IndexByte(ruleText, '#'); pos != -1 {
-		ruleText = ruleText[0:pos]
-	}
-	fields := strings.Fields(ruleText)
-	if len(fields) < 2 {
 		return false
 	}
-	addr := net.ParseIP(fields[0])
-	if addr == nil {
-		return false
-	}
-
-	d.storageMutex.Lock()
-	d.storage[input] = true
-	d.storageMutex.Unlock()
-
-	for _, host := range fields[1:] {
-		r := rule{
-			text:         host,
-			originalText: input,
-			listID:       filterListID,
-			ip:           addr,
-		}
-		d.blackList.Add(&r)
-	}
 	return true
 }

-// matchHost is a low-level way to check only if hostname is filtered by rules, skipping expensive safebrowsing and parental lookups
-func (d *Dnsfilter) matchHost(host string) (Result, error) {
-	lists := []*rulesTable{
-		d.important,
-		d.whiteList,
-		d.blackList,
+// Initialize urlfilter objects
+func (d *Dnsfilter) initFiltering(filters map[int]string) error {
+	listArray := []urlfilter.RuleList{}
+	for id, dataOrFilePath := range filters {
+		var list urlfilter.RuleList
+
+		if id == 0 {
+			list = &urlfilter.StringRuleList{
+				ID:             0,
+				RulesText:      dataOrFilePath,
+				IgnoreCosmetic: false,
+			}
+
+		} else if !fileExists(dataOrFilePath) {
+			list = &urlfilter.StringRuleList{
+				ID:             id,
+				IgnoreCosmetic: false,
+			}
+
+		} else {
+			var err error
+			list, err = urlfilter.NewFileRuleList(id, dataOrFilePath, false)
+			if err != nil {
+				return fmt.Errorf("urlfilter.NewFileRuleList(): %s: %s", dataOrFilePath, err)
+			}
+		}
+		listArray = append(listArray, list)
 	}

-	for _, table := range lists {
-		res, err := table.matchByHost(host)
-		if err != nil {
-			return res, err
-		}
-		if res.Reason.Matched() {
+	var err error
+	d.rulesStorage, err = urlfilter.NewRuleStorage(listArray)
+	if err != nil {
+		return fmt.Errorf("urlfilter.NewRuleStorage(): %s", err)
+	}
+	d.filteringEngine = urlfilter.NewDNSEngine(d.rulesStorage)
+	return nil
+}
+
+// matchHost is a low-level way to check only if hostname is filtered by rules, skipping expensive safebrowsing and parental lookups
+func (d *Dnsfilter) matchHost(host string, qtype uint16) (Result, error) {
+	if d.filteringEngine == nil {
+		return Result{}, nil
+	}
+
+	rules, ok := d.filteringEngine.Match(host)
+	if !ok {
+		return Result{}, nil
+	}
+
+	log.Tracef("%d rules matched for host '%s'", len(rules), host)
+
+	for _, rule := range rules {
+
+		log.Tracef("Found rule for host '%s': '%s'  list_id: %d",
+			host, rule.Text(), rule.GetFilterListID())
+
+		res := Result{}
+		res.Reason = FilteredBlackList
+		res.IsFiltered = true
+		res.FilterID = int64(rule.GetFilterListID())
+		res.Rule = rule.Text()
+
+		if netRule, ok := rule.(*urlfilter.NetworkRule); ok {
+
+			if netRule.Whitelist {
+				res.Reason = NotFilteredWhiteList
+				res.IsFiltered = false
+			}
 			return res, nil
+
+		} else if hostRule, ok := rule.(*urlfilter.HostRule); ok {
+
+			if qtype == dns.TypeA && hostRule.IP.To4() != nil {
+				// either IPv4 or IPv4-mapped IPv6 address
+				res.IP = hostRule.IP.To4()
+				return res, nil
+
+			} else if qtype == dns.TypeAAAA {
+				ip4 := hostRule.IP.To4()
+				if ip4 == nil {
+					res.IP = hostRule.IP
+					return res, nil
+				}
+				if bytes.Equal(ip4, []byte{0, 0, 0, 0}) {
+					// send IP="::" response for a rule "0.0.0.0 blockdomain"
+					res.IP = net.IPv6zero
+					return res, nil
+				}
+			}
+			continue
+
+		} else {
+			log.Tracef("Rule type is unsupported: '%s'  list_id: %d",
+				rule.Text(), rule.GetFilterListID())
 		}
 	}
+
 	return Result{}, nil
 }

@@ -972,10 +639,37 @@ func (d *Dnsfilter) matchHost(host string) (Result, error) {
 // lifecycle helper functions
 //

+// Return TRUE if this host's IP should be cached
+func (d *Dnsfilter) shouldBeInDialCache(host string) bool {
+	return host == d.safeBrowsingServer ||
+		host == d.parentalServer
+}
+
+// Search for an IP address by host name
+func searchInDialCache(host string) string {
+	rawValue, err := gctx.dialCache.Get(host)
+	if err != nil {
+		return ""
+	}
+
+	ip, _ := rawValue.(string)
+	log.Debug("Found in cache: %s -> %s", host, ip)
+	return ip
+}
+
+// Add "hostname" -> "IP address" entry to cache
+func addToDialCache(host, ip string) {
+	err := gctx.dialCache.Set(host, ip)
+	if err != nil {
+		log.Debug("dialCache.Set: %s", err)
+	}
+	log.Debug("Added to cache: %s -> %s", host, ip)
+}
+
 type dialFunctionType func(ctx context.Context, network, addr string) (net.Conn, error)

 // Connect to a remote server resolving hostname using our own DNS server
-func createCustomDialContext(resolverAddr string) dialFunctionType {
+func (d *Dnsfilter) createCustomDialContext(resolverAddr string) dialFunctionType {
 	return func(ctx context.Context, network, addr string) (net.Conn, error) {
 		log.Tracef("network:%v  addr:%v", network, addr)

@@ -993,6 +687,15 @@ func createCustomDialContext(resolverAddr string) dialFunctionType {
 			return con, err
 		}

+		cache := d.shouldBeInDialCache(host)
+		if cache {
+			ip := searchInDialCache(host)
+			if len(ip) != 0 {
+				addr = fmt.Sprintf("%s:%s", ip, port)
+				return dialer.DialContext(ctx, network, addr)
+			}
+		}
+
 		r := upstream.NewResolver(resolverAddr, 30*time.Second)
 		addrs, e := r.LookupIPAddr(ctx, host)
 		log.Tracef("LookupIPAddr: %s: %v", host, addrs)
@@ -1000,31 +703,49 @@ func createCustomDialContext(resolverAddr string) dialFunctionType {
 			return nil, e
 		}

-		var firstErr error
-		firstErr = nil
+		if len(addrs) == 0 {
+			return nil, fmt.Errorf("couldn't lookup host: %s", host)
+		}
+
+		var dialErrs []error
 		for _, a := range addrs {
 			addr = fmt.Sprintf("%s:%s", a.String(), port)
 			con, err := dialer.DialContext(ctx, network, addr)
 			if err != nil {
-				if firstErr == nil {
-					firstErr = err
-				}
+				dialErrs = append(dialErrs, err)
 				continue
 			}
+
+			if cache {
+				addToDialCache(host, a.String())
+			}
+
 			return con, err
 		}
-		return nil, firstErr
+		return nil, errorx.DecorateMany(fmt.Sprintf("couldn't dial to %s", addr), dialErrs...)
 	}
 }

 // New creates properly initialized DNS Filter that is ready to be used
-func New(c *Config) *Dnsfilter {
-	d := new(Dnsfilter)
+func New(c *Config, filters map[int]string) *Dnsfilter {

-	d.storage = make(map[string]bool)
-	d.important = newRulesTable()
-	d.whiteList = newRulesTable()
-	d.blackList = newRulesTable()
+	if c != nil {
+		// initialize objects only once
+		if gctx.safebrowsingCache == nil {
+			gctx.safebrowsingCache = gcache.New(defaultCacheSize).LRU().Expiration(defaultCacheTime).Build()
+		}
+		if gctx.safeSearchCache == nil {
+			gctx.safeSearchCache = gcache.New(defaultCacheSize).LRU().Expiration(defaultCacheTime).Build()
+		}
+		if gctx.parentalCache == nil {
+			gctx.parentalCache = gcache.New(defaultCacheSize).LRU().Expiration(defaultCacheTime).Build()
+		}
+		if len(c.ResolverAddress) != 0 && gctx.dialCache == nil {
+			gctx.dialCache = gcache.New(maxDialCacheSize).LRU().Expiration(defaultCacheTime).Build()
+		}
+	}
+
+	d := new(Dnsfilter)

 	// Customize the Transport to have larger connection pool,
 	// We are not (re)using http.DefaultTransport because of race conditions found by tests
@@ -1037,7 +758,7 @@ func New(c *Config) *Dnsfilter {
 		ExpectContinueTimeout: 1 * time.Second,
 	}
 	if c != nil && len(c.ResolverAddress) != 0 {
-		d.transport.DialContext = createCustomDialContext(c.ResolverAddress)
+		d.transport.DialContext = d.createCustomDialContext(c.ResolverAddress)
 	}
 	d.client = http.Client{
 		Transport: d.transport,
@@ -1049,6 +770,15 @@ func New(c *Config) *Dnsfilter {
 		d.Config = *c
 	}

+	if filters != nil {
+		err := d.initFiltering(filters)
+		if err != nil {
+			log.Error("Can't initialize filtering subsystem: %s", err)
+			d.Destroy()
+			return nil
+		}
+	}
+
 	return d
 }

@@ -1058,6 +788,11 @@ func (d *Dnsfilter) Destroy() {
 	if d != nil && d.transport != nil {
 		d.transport.CloseIdleConnections()
 	}
+
+	if d.rulesStorage != nil {
+		d.rulesStorage.Close()
+		d.rulesStorage = nil
+	}
 }

 //
@@ -1098,10 +833,5 @@ func (d *Dnsfilter) SafeSearchDomain(host string) (string, bool) {

 // GetStats return dns filtering stats since startup
 func (d *Dnsfilter) GetStats() Stats {
-	return stats
-}
-
-// Count returns number of rules added to filter
-func (d *Dnsfilter) Count() int {
-	return len(d.storage)
+	return gctx.stats
 }
--- a/dnsfilter/dnsfilter_test.go
+++ b/dnsfilter/dnsfilter_test.go
--- a/dnsfilter/helpers.go
+++ b/dnsfilter/helpers.go
@@ -1,49 +1,9 @@
 package dnsfilter

 import (
-	"strings"
 	"sync/atomic"
 )

-func isValidRule(rule string) bool {
-	if len(rule) < 4 {
-		return false
-	}
-	if rule[0] == '!' {
-		return false
-	}
-	if rule[0] == '#' {
-		return false
-	}
-	if strings.HasPrefix(rule, "[Adblock") {
-		return false
-	}
-
-	// Filter out all sorts of cosmetic rules:
-	// https://kb.adguard.com/en/general/how-to-create-your-own-ad-filters#cosmetic-rules
-	masks := []string{
-		"##",
-		"#@#",
-		"#?#",
-		"#@?#",
-		"#$#",
-		"#@$#",
-		"#?$#",
-		"#@?$#",
-		"$$",
-		"$@$",
-		"#%#",
-		"#@%#",
-	}
-	for _, mask := range masks {
-		if strings.Contains(rule, mask) {
-			return false
-		}
-	}
-
-	return true
-}
-
 func updateMax(valuePtr *int64, maxPtr *int64) {
 	for {
 		current := atomic.LoadInt64(valuePtr)
--- a/dnsfilter/rule_to_regexp.go
+++ b/dnsfilter/rule_to_regexp.go
@@ -1,91 +0,0 @@
-package dnsfilter
-
-import (
-	"strings"
-)
-
-func ruleToRegexp(rule string) (string, error) {
-	const hostStart = `(?:^|\.)`
-	const hostEnd = `$`
-
-	// empty or short rule -- do nothing
-	if !isValidRule(rule) {
-		return "", ErrInvalidSyntax
-	}
-
-	// if starts with / and ends with /, it's already a regexp, just strip the slashes
-	if rule[0] == '/' && rule[len(rule)-1] == '/' {
-		return rule[1 : len(rule)-1], nil
-	}
-
-	var sb strings.Builder
-
-	if rule[0] == '|' && rule[1] == '|' {
-		sb.WriteString(hostStart)
-		rule = rule[2:]
-	}
-
-	for i, r := range rule {
-		switch {
-		case r == '?' || r == '.' || r == '+' || r == '[' || r == ']' || r == '(' || r == ')' || r == '{' || r == '}' || r == '#' || r == '\\' || r == '$':
-			sb.WriteRune('\\')
-			sb.WriteRune(r)
-		case r == '|' && i == 0:
-			// | at start and it's not || at start
-			sb.WriteRune('^')
-		case r == '|' && i == len(rule)-1:
-			// | at end
-			sb.WriteRune('$')
-		case r == '|' && i != 0 && i != len(rule)-1:
-			sb.WriteString(`\|`)
-		case r == '*':
-			sb.WriteString(`.*`)
-		case r == '^':
-			sb.WriteString(hostEnd)
-		default:
-			sb.WriteRune(r)
-		}
-	}
-
-	return sb.String(), nil
-}
-
-// handle suffix rule ||example.com^ -- either entire string is example.com or *.example.com
-func getSuffix(rule string) (bool, string) {
-	// if starts with / and ends with /, it's already a regexp
-	// TODO: if a regexp is simple `/abracadabra$/`, then simplify it maybe?
-	if rule[0] == '/' && rule[len(rule)-1] == '/' {
-		return false, ""
-	}
-
-	// must start with ||
-	if rule[0] != '|' || rule[1] != '|' {
-		return false, ""
-	}
-	rule = rule[2:]
-
-	// suffix rule must end with ^ or |
-	lastChar := rule[len(rule)-1]
-	if lastChar != '^' && lastChar != '|' {
-		return false, ""
-	}
-	// last char was checked, eat it
-	rule = rule[:len(rule)-1]
-
-	// it might also end with ^|
-	if rule[len(rule)-1] == '^' {
-		rule = rule[:len(rule)-1]
-	}
-
-	// check that it doesn't have any special characters inside
-	for _, r := range rule {
-		switch r {
-		case '|':
-			return false, ""
-		case '*':
-			return false, ""
-		}
-	}
-
-	return true, rule
-}
--- a/dnsforward/dnsforward.go
+++ b/dnsforward/dnsforward.go
@@ -43,8 +43,14 @@ type Server struct {
 	stats     *stats               // General server statistics
 	once      sync.Once

+	AllowedClients         map[string]bool // IP addresses of whitelist clients
+	DisallowedClients      map[string]bool // IP addresses of clients that should be blocked
+	AllowedClientsIPNet    []net.IPNet     // CIDRs of whitelist clients
+	DisallowedClientsIPNet []net.IPNet     // CIDRs of clients that should be blocked
+	BlockedHosts           map[string]bool // hosts that should be blocked
+
 	sync.RWMutex
-	ServerConfig
+	conf ServerConfig
 }

 // NewServer creates a new instance of the dnsforward.Server
@@ -61,6 +67,7 @@ func NewServer(baseDir string) *Server {
 type FilteringConfig struct {
 	ProtectionEnabled  bool     `yaml:"protection_enabled"`   // whether or not use any of dnsfilter features
 	FilteringEnabled   bool     `yaml:"filtering_enabled"`    // whether or not use filter lists
+	BlockingMode       string   `yaml:"blocking_mode"`        // mode how to answer filtered requests
 	BlockedResponseTTL uint32   `yaml:"blocked_response_ttl"` // if 0, then default is used (3600)
 	QueryLogEnabled    bool     `yaml:"querylog_enabled"`     // if true, query log is enabled
 	Ratelimit          int      `yaml:"ratelimit"`            // max number of requests per second from a given IP (0 to disable)
@@ -69,6 +76,10 @@ type FilteringConfig struct {
 	BootstrapDNS       []string `yaml:"bootstrap_dns"`        // a list of bootstrap DNS for DoH and DoT (plain DNS only)
 	AllServers         bool     `yaml:"all_servers"`          // if true, parallel queries to all configured upstream servers are enabled

+	AllowedClients    []string `yaml:"allowed_clients"`    // IP addresses of whitelist clients
+	DisallowedClients []string `yaml:"disallowed_clients"` // IP addresses of clients that should be blocked
+	BlockedHosts      []string `yaml:"blocked_hosts"`      // hosts that should be blocked
+
 	dnsfilter.Config `yaml:",inline"`
 }

@@ -87,6 +98,7 @@ type ServerConfig struct {
 	Upstreams                []upstream.Upstream            // Configured upstreams
 	DomainsReservedUpstreams map[string][]upstream.Upstream // Map of domains and lists of configured upstreams
 	Filters                  []dnsfilter.Filter             // A list of filters to use
+	OnDNSRequest             func(d *proxy.DNSContext)

 	FilteringConfig
 	TLSConfig
@@ -119,10 +131,38 @@ func (s *Server) Start(config *ServerConfig) error {
 	return s.startInternal(config)
 }

+func convertArrayToMap(dst *map[string]bool, src []string) {
+	*dst = make(map[string]bool)
+	for _, s := range src {
+		(*dst)[s] = true
+	}
+}
+
+// Split array of IP or CIDR into 2 containers for fast search
+func processIPCIDRArray(dst *map[string]bool, dstIPNet *[]net.IPNet, src []string) error {
+	*dst = make(map[string]bool)
+
+	for _, s := range src {
+		ip := net.ParseIP(s)
+		if ip != nil {
+			(*dst)[s] = true
+			continue
+		}
+
+		_, ipnet, err := net.ParseCIDR(s)
+		if err != nil {
+			return err
+		}
+		*dstIPNet = append(*dstIPNet, *ipnet)
+	}
+
+	return nil
+}
+
 // startInternal starts without locking
 func (s *Server) startInternal(config *ServerConfig) error {
 	if config != nil {
-		s.ServerConfig = *config
+		s.conf = *config
 	}

 	if s.dnsFilter != nil || s.dnsProxy != nil {
@@ -157,21 +197,34 @@ func (s *Server) startInternal(config *ServerConfig) error {
 	})

 	proxyConfig := proxy.Config{
-		UDPListenAddr:            s.UDPListenAddr,
-		TCPListenAddr:            s.TCPListenAddr,
-		Ratelimit:                s.Ratelimit,
-		RatelimitWhitelist:       s.RatelimitWhitelist,
-		RefuseAny:                s.RefuseAny,
+		UDPListenAddr:            s.conf.UDPListenAddr,
+		TCPListenAddr:            s.conf.TCPListenAddr,
+		Ratelimit:                s.conf.Ratelimit,
+		RatelimitWhitelist:       s.conf.RatelimitWhitelist,
+		RefuseAny:                s.conf.RefuseAny,
 		CacheEnabled:             true,
-		Upstreams:                s.Upstreams,
-		DomainsReservedUpstreams: s.DomainsReservedUpstreams,
-		Handler:                  s.handleDNSRequest,
-		AllServers:               s.AllServers,
+		Upstreams:                s.conf.Upstreams,
+		DomainsReservedUpstreams: s.conf.DomainsReservedUpstreams,
+		BeforeRequestHandler:     s.beforeRequestHandler,
+		RequestHandler:           s.handleDNSRequest,
+		AllServers:               s.conf.AllServers,
 	}

-	if s.TLSListenAddr != nil && s.CertificateChain != "" && s.PrivateKey != "" {
-		proxyConfig.TLSListenAddr = s.TLSListenAddr
-		keypair, err := tls.X509KeyPair([]byte(s.CertificateChain), []byte(s.PrivateKey))
+	err = processIPCIDRArray(&s.AllowedClients, &s.AllowedClientsIPNet, s.conf.AllowedClients)
+	if err != nil {
+		return err
+	}
+
+	err = processIPCIDRArray(&s.DisallowedClients, &s.DisallowedClientsIPNet, s.conf.DisallowedClients)
+	if err != nil {
+		return err
+	}
+
+	convertArrayToMap(&s.BlockedHosts, s.conf.BlockedHosts)
+
+	if s.conf.TLSListenAddr != nil && s.conf.CertificateChain != "" && s.conf.PrivateKey != "" {
+		proxyConfig.TLSListenAddr = s.conf.TLSListenAddr
+		keypair, err := tls.X509KeyPair([]byte(s.conf.CertificateChain), []byte(s.conf.PrivateKey))
 		if err != nil {
 			return errorx.Decorate(err, "Failed to parse TLS keypair")
 		}
@@ -201,14 +254,24 @@ func (s *Server) startInternal(config *ServerConfig) error {
 // Initializes the DNS filter
 func (s *Server) initDNSFilter() error {
 	log.Tracef("Creating dnsfilter")
-	s.dnsFilter = dnsfilter.New(&s.Config)
-	// add rules only if they are enabled
-	if s.FilteringEnabled {
-		err := s.dnsFilter.AddRules(s.Filters)
-		if err != nil {
-			return errorx.Decorate(err, "could not initialize dnsfilter")
+
+	var filters map[int]string
+	filters = nil
+	if s.conf.FilteringEnabled {
+		filters = make(map[int]string)
+		for _, f := range s.conf.Filters {
+			if f.ID == 0 {
+				filters[int(f.ID)] = string(f.Data)
+			} else {
+				filters[int(f.ID)] = f.FilePath
+			}
 		}
 	}
+
+	s.dnsFilter = dnsfilter.New(&s.conf.Config, filters)
+	if s.dnsFilter == nil {
+		return fmt.Errorf("could not initialize dnsfilter")
+	}
 	return nil
 }

@@ -235,7 +298,7 @@ func (s *Server) stopInternal() error {
 	}

 	// flush remainder to file
-	return s.queryLog.flushLogBuffer()
+	return s.queryLog.flushLogBuffer(true)
 }

 // IsRunning returns true if the DNS server is running
@@ -313,10 +376,75 @@ func (s *Server) GetStatsHistory(timeUnit time.Duration, startTime time.Time, en
 	return s.stats.getStatsHistory(timeUnit, startTime, endTime)
 }

+// Return TRUE if this client should be blocked
+func (s *Server) isBlockedIP(ip string) bool {
+	if len(s.AllowedClients) != 0 || len(s.AllowedClientsIPNet) != 0 {
+		_, ok := s.AllowedClients[ip]
+		if ok {
+			return false
+		}
+
+		if len(s.AllowedClientsIPNet) != 0 {
+			ipAddr := net.ParseIP(ip)
+			for _, ipnet := range s.AllowedClientsIPNet {
+				if ipnet.Contains(ipAddr) {
+					return false
+				}
+			}
+		}
+
+		return true
+	}
+
+	_, ok := s.DisallowedClients[ip]
+	if ok {
+		return true
+	}
+
+	if len(s.DisallowedClientsIPNet) != 0 {
+		ipAddr := net.ParseIP(ip)
+		for _, ipnet := range s.DisallowedClientsIPNet {
+			if ipnet.Contains(ipAddr) {
+				return true
+			}
+		}
+	}
+
+	return false
+}
+
+// Return TRUE if this domain should be blocked
+func (s *Server) isBlockedDomain(host string) bool {
+	_, ok := s.BlockedHosts[host]
+	return ok
+}
+
+func (s *Server) beforeRequestHandler(p *proxy.Proxy, d *proxy.DNSContext) (bool, error) {
+	ip, _, _ := net.SplitHostPort(d.Addr.String())
+	if s.isBlockedIP(ip) {
+		log.Tracef("Client IP %s is blocked by settings", ip)
+		return false, nil
+	}
+
+	if len(d.Req.Question) == 1 {
+		host := strings.TrimSuffix(d.Req.Question[0].Name, ".")
+		if s.isBlockedDomain(host) {
+			log.Tracef("Domain %s is blocked by settings", host)
+			return false, nil
+		}
+	}
+
+	return true, nil
+}
+
 // handleDNSRequest filters the incoming DNS requests and writes them to the query log
 func (s *Server) handleDNSRequest(p *proxy.Proxy, d *proxy.DNSContext) error {
 	start := time.Now()

+	if s.conf.OnDNSRequest != nil {
+		s.conf.OnDNSRequest(d)
+	}
+
 	// use dnsfilter before cache -- changed settings or filters would require cache invalidation otherwise
 	res, err := s.filterDNSRequest(d)
 	if err != nil {
@@ -335,11 +463,11 @@ func (s *Server) handleDNSRequest(p *proxy.Proxy, d *proxy.DNSContext) error {
 	msg := d.Req

 	// don't log ANY request if refuseAny is enabled
-	if len(msg.Question) >= 1 && msg.Question[0].Qtype == dns.TypeANY && s.RefuseAny {
+	if len(msg.Question) >= 1 && msg.Question[0].Qtype == dns.TypeANY && s.conf.RefuseAny {
 		shouldLog = false
 	}

-	if s.QueryLogEnabled && shouldLog {
+	if s.conf.QueryLogEnabled && shouldLog {
 		elapsed := time.Since(start)
 		upstreamAddr := ""
 		if d.Upstream != nil {
@@ -360,7 +488,7 @@ func (s *Server) filterDNSRequest(d *proxy.DNSContext) (*dnsfilter.Result, error
 	host := strings.TrimSuffix(msg.Question[0].Name, ".")

 	s.RLock()
-	protectionEnabled := s.ProtectionEnabled
+	protectionEnabled := s.conf.ProtectionEnabled
 	dnsFilter := s.dnsFilter
 	s.RUnlock()

@@ -371,7 +499,11 @@ func (s *Server) filterDNSRequest(d *proxy.DNSContext) (*dnsfilter.Result, error
 	var res dnsfilter.Result
 	var err error

-	res, err = dnsFilter.CheckHost(host)
+	clientAddr := ""
+	if d.Addr != nil {
+		clientAddr, _, _ = net.SplitHostPort(d.Addr.String())
+	}
+	res, err = dnsFilter.CheckHost(host, d.Req.Question[0].Qtype, clientAddr)
 	if err != nil {
 		// Return immediately if there's an error
 		return nil, errorx.Decorate(err, "dnsfilter failed to check host '%s'", host)
@@ -387,7 +519,7 @@ func (s *Server) filterDNSRequest(d *proxy.DNSContext) (*dnsfilter.Result, error
 func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Result) *dns.Msg {
 	m := d.Req

-	if m.Question[0].Qtype != dns.TypeA {
+	if m.Question[0].Qtype != dns.TypeA && m.Question[0].Qtype != dns.TypeAAAA {
 		return s.genNXDomain(m)
 	}

@@ -398,7 +530,25 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
 		return s.genBlockedHost(m, parentalBlockHost, d)
 	default:
 		if result.IP != nil {
-			return s.genARecord(m, result.IP)
+			if m.Question[0].Qtype == dns.TypeA {
+				return s.genARecord(m, result.IP)
+			} else if m.Question[0].Qtype == dns.TypeAAAA {
+				return s.genAAAARecord(m, result.IP)
+			}
+
+			// empty response
+			resp := dns.Msg{}
+			resp.SetReply(m)
+			return &resp
+		}
+
+		if s.conf.BlockingMode == "null_ip" {
+			switch m.Question[0].Qtype {
+			case dns.TypeA:
+				return s.genARecord(m, []byte{0, 0, 0, 0})
+			case dns.TypeAAAA:
+				return s.genAAAARecord(m, net.IPv6zero)
+			}
 		}

 		return s.genNXDomain(m)
@@ -415,15 +565,41 @@ func (s *Server) genServerFailure(request *dns.Msg) *dns.Msg {
 func (s *Server) genARecord(request *dns.Msg, ip net.IP) *dns.Msg {
 	resp := dns.Msg{}
 	resp.SetReply(request)
-	answer, err := dns.NewRR(fmt.Sprintf("%s %d A %s", request.Question[0].Name, s.BlockedResponseTTL, ip.String()))
-	if err != nil {
-		log.Printf("Couldn't generate A record for replacement host '%s': %s", ip.String(), err)
-		return s.genServerFailure(request)
-	}
-	resp.Answer = append(resp.Answer, answer)
+	resp.Answer = append(resp.Answer, s.genAAnswer(request, ip))
 	return &resp
 }

+func (s *Server) genAAAARecord(request *dns.Msg, ip net.IP) *dns.Msg {
+	resp := dns.Msg{}
+	resp.SetReply(request)
+	resp.Answer = append(resp.Answer, s.genAAAAAnswer(request, ip))
+	return &resp
+}
+
+func (s *Server) genAAnswer(req *dns.Msg, ip net.IP) *dns.A {
+	answer := new(dns.A)
+	answer.Hdr = dns.RR_Header{
+		Name:   req.Question[0].Name,
+		Rrtype: dns.TypeA,
+		Ttl:    s.conf.BlockedResponseTTL,
+		Class:  dns.ClassINET,
+	}
+	answer.A = ip
+	return answer
+}
+
+func (s *Server) genAAAAAnswer(req *dns.Msg, ip net.IP) *dns.AAAA {
+	answer := new(dns.AAAA)
+	answer.Hdr = dns.RR_Header{
+		Name:   req.Question[0].Name,
+		Rrtype: dns.TypeAAAA,
+		Ttl:    s.conf.BlockedResponseTTL,
+		Class:  dns.ClassINET,
+	}
+	answer.AAAA = ip
+	return answer
+}
+
 func (s *Server) genBlockedHost(request *dns.Msg, newAddr string, d *proxy.DNSContext) *dns.Msg {
 	// look up the hostname, TODO: cache
 	replReq := dns.Msg{}
@@ -484,7 +660,7 @@ func (s *Server) genSOA(request *dns.Msg) []dns.RR {
 		Hdr: dns.RR_Header{
 			Name:   zone,
 			Rrtype: dns.TypeSOA,
-			Ttl:    s.BlockedResponseTTL,
+			Ttl:    s.conf.BlockedResponseTTL,
 			Class:  dns.ClassINET,
 		},
 		Mbox: "hostmaster.", // zone will be appended later if it's not empty or "."
--- a/dnsforward/dnsforward_test.go
+++ b/dnsforward/dnsforward_test.go
@@ -15,12 +15,10 @@ import (
 	"testing"
 	"time"

-	"github.com/AdguardTeam/dnsproxy/proxy"
-
-	"github.com/stretchr/testify/assert"
-
 	"github.com/AdguardTeam/AdGuardHome/dnsfilter"
+	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/miekg/dns"
+	"github.com/stretchr/testify/assert"
 )

 const (
@@ -86,7 +84,7 @@ func TestDotServer(t *testing.T) {
 	s := createTestServer(t)
 	defer removeDataDir(t)

-	s.TLSConfig = TLSConfig{
+	s.conf.TLSConfig = TLSConfig{
 		TLSListenAddr:    &net.TCPAddr{Port: 0},
 		CertificateChain: string(certPem),
 		PrivateKey:       string(keyPem),
@@ -149,7 +147,7 @@ func TestServerRace(t *testing.T) {

 func TestSafeSearch(t *testing.T) {
 	s := createTestServer(t)
-	s.SafeSearchEnabled = true
+	s.conf.SafeSearchEnabled = true
 	defer removeDataDir(t)
 	err := s.Start(nil)
 	if err != nil {
@@ -177,7 +175,7 @@ func TestSafeSearch(t *testing.T) {

 	ip := ips[0]
 	for _, i := range ips {
-		if len(i) == net.IPv6len && i.To4() != nil {
+		if i.To4() != nil {
 			ip = i
 			break
 		}
@@ -293,6 +291,55 @@ func TestBlockedRequest(t *testing.T) {
 	}
 }

+func TestNullBlockedRequest(t *testing.T) {
+	s := createTestServer(t)
+	s.conf.FilteringConfig.BlockingMode = "null_ip"
+	defer removeDataDir(t)
+	err := s.Start(nil)
+	if err != nil {
+		t.Fatalf("Failed to start server: %s", err)
+	}
+	addr := s.dnsProxy.Addr(proxy.ProtoUDP)
+
+	//
+	// Null filter blocking
+	//
+	req := dns.Msg{}
+	req.Id = dns.Id()
+	req.RecursionDesired = true
+	req.Question = []dns.Question{
+		{Name: "null.example.org.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
+	}
+
+	reply, err := dns.Exchange(&req, addr.String())
+	if err != nil {
+		t.Fatalf("Couldn't talk to server %s: %s", addr, err)
+	}
+	if len(reply.Answer) != 1 {
+		t.Fatalf("DNS server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
+	}
+	if a, ok := reply.Answer[0].(*dns.A); ok {
+		if !net.IPv4zero.Equal(a.A) {
+			t.Fatalf("DNS server %s returned wrong answer instead of 0.0.0.0: %v", addr, a.A)
+		}
+	} else {
+		t.Fatalf("DNS server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
+	}
+
+	// check query log and stats
+	log := s.GetQueryLog()
+	assert.Equal(t, 1, len(log), "Log size")
+	stats := s.GetStatsTop()
+	assert.Equal(t, 1, len(stats.Domains), "Top domains length")
+	assert.Equal(t, 1, len(stats.Blocked), "Top blocked length")
+	assert.Equal(t, 1, len(stats.Clients), "Top clients length")
+
+	err = s.Stop()
+	if err != nil {
+		t.Fatalf("DNS server failed to stop: %s", err)
+	}
+}
+
 func TestBlockedByHosts(t *testing.T) {
 	s := createTestServer(t)
 	defer removeDataDir(t)
@@ -402,21 +449,18 @@ func TestBlockedBySafeBrowsing(t *testing.T) {

 func createTestServer(t *testing.T) *Server {
 	s := NewServer(createDataDir(t))
-	s.UDPListenAddr = &net.UDPAddr{Port: 0}
-	s.TCPListenAddr = &net.TCPAddr{Port: 0}
+	s.conf.UDPListenAddr = &net.UDPAddr{Port: 0}
+	s.conf.TCPListenAddr = &net.TCPAddr{Port: 0}

-	s.QueryLogEnabled = true
-	s.FilteringConfig.FilteringEnabled = true
-	s.FilteringConfig.ProtectionEnabled = true
-	s.FilteringConfig.SafeBrowsingEnabled = true
-	s.Filters = make([]dnsfilter.Filter, 0)
+	s.conf.QueryLogEnabled = true
+	s.conf.FilteringConfig.FilteringEnabled = true
+	s.conf.FilteringConfig.ProtectionEnabled = true
+	s.conf.FilteringConfig.SafeBrowsingEnabled = true
+	s.conf.Filters = make([]dnsfilter.Filter, 0)

-	rules := []string{
-		"||nxdomain.example.org^",
-		"127.0.0.1	host.example.org",
-	}
-	filter := dnsfilter.Filter{ID: 1, Rules: rules}
-	s.Filters = append(s.Filters, filter)
+	rules := "||nxdomain.example.org^\n||null.example.org^\n127.0.0.1	host.example.org\n"
+	filter := dnsfilter.Filter{ID: 0, Data: []byte(rules)}
+	s.conf.Filters = append(s.conf.Filters, filter)
 	return s
 }

@@ -578,3 +622,72 @@ func publicKey(priv interface{}) interface{} {
 		return nil
 	}
 }
+
+func TestIsBlockedIPAllowed(t *testing.T) {
+	s := createTestServer(t)
+	s.conf.AllowedClients = []string{"1.1.1.1", "2.2.0.0/16"}
+
+	err := s.Start(nil)
+	defer removeDataDir(t)
+	if err != nil {
+		t.Fatalf("Failed to start server: %s", err)
+	}
+
+	if s.isBlockedIP("1.1.1.1") {
+		t.Fatalf("isBlockedIP")
+	}
+	if !s.isBlockedIP("1.1.1.2") {
+		t.Fatalf("isBlockedIP")
+	}
+	if s.isBlockedIP("2.2.1.1") {
+		t.Fatalf("isBlockedIP")
+	}
+	if !s.isBlockedIP("2.3.1.1") {
+		t.Fatalf("isBlockedIP")
+	}
+}
+
+func TestIsBlockedIPDisallowed(t *testing.T) {
+	s := createTestServer(t)
+	s.conf.DisallowedClients = []string{"1.1.1.1", "2.2.0.0/16"}
+
+	err := s.Start(nil)
+	defer removeDataDir(t)
+	if err != nil {
+		t.Fatalf("Failed to start server: %s", err)
+	}
+
+	if !s.isBlockedIP("1.1.1.1") {
+		t.Fatalf("isBlockedIP")
+	}
+	if s.isBlockedIP("1.1.1.2") {
+		t.Fatalf("isBlockedIP")
+	}
+	if !s.isBlockedIP("2.2.1.1") {
+		t.Fatalf("isBlockedIP")
+	}
+	if s.isBlockedIP("2.3.1.1") {
+		t.Fatalf("isBlockedIP")
+	}
+}
+
+func TestIsBlockedIPBlockedDomain(t *testing.T) {
+	s := createTestServer(t)
+	s.conf.BlockedHosts = []string{"host1", "host2"}
+
+	err := s.Start(nil)
+	defer removeDataDir(t)
+	if err != nil {
+		t.Fatalf("Failed to start server: %s", err)
+	}
+
+	if !s.isBlockedDomain("host1") {
+		t.Fatalf("isBlockedDomain")
+	}
+	if !s.isBlockedDomain("host2") {
+		t.Fatalf("isBlockedDomain")
+	}
+	if s.isBlockedDomain("host3") {
+		t.Fatalf("isBlockedDomain")
+	}
+}
--- a/dnsforward/helpers.go
+++ b/dnsforward/helpers.go
@@ -0,0 +1,14 @@
+package dnsforward
+
+import "net"
+
+// GetIPString is a helper function that extracts IP address from net.Addr
+func GetIPString(addr net.Addr) string {
+	switch addr := addr.(type) {
+	case *net.UDPAddr:
+		return addr.IP.String()
+	case *net.TCPAddr:
+		return addr.IP.String()
+	}
+	return ""
+}
--- a/dnsforward/querylog.go
+++ b/dnsforward/querylog.go
@@ -30,6 +30,8 @@ type queryLog struct {

 	logBufferLock sync.RWMutex
 	logBuffer     []*logEntry
+	fileFlushLock sync.Mutex // synchronize a file-flushing goroutine and main thread
+	flushPending  bool       // don't start another goroutine while the previous one is still running

 	queryLogCache []*logEntry
 	queryLogLock  sync.RWMutex
@@ -59,7 +61,7 @@ func (l *queryLog) logRequest(question *dns.Msg, answer *dns.Msg, result *dnsfil
 	var q []byte
 	var a []byte
 	var err error
-	ip := getIPString(addr)
+	ip := GetIPString(addr)

 	if question != nil {
 		q, err = question.Pack()
@@ -91,13 +93,15 @@ func (l *queryLog) logRequest(question *dns.Msg, answer *dns.Msg, result *dnsfil
 		IP:       ip,
 		Upstream: upstream,
 	}
-	var flushBuffer []*logEntry

 	l.logBufferLock.Lock()
 	l.logBuffer = append(l.logBuffer, &entry)
-	if len(l.logBuffer) >= logBufferCap {
-		flushBuffer = l.logBuffer
-		l.logBuffer = nil
+	needFlush := false
+	if !l.flushPending {
+		needFlush = len(l.logBuffer) >= logBufferCap
+		if needFlush {
+			l.flushPending = true
+		}
 	}
 	l.logBufferLock.Unlock()
 	l.queryLogLock.Lock()
@@ -116,15 +120,10 @@ func (l *queryLog) logRequest(question *dns.Msg, answer *dns.Msg, result *dnsfil
 	}

 	// if buffer needs to be flushed to disk, do it now
-	if len(flushBuffer) > 0 {
+	if needFlush {
 		// write to file
 		// do it in separate goroutine -- we are stalling DNS response this whole time
-		go func() {
-			err := l.flushToFile(flushBuffer)
-			if err != nil {
-				log.Printf("Failed to flush the query log: %s", err)
-			}
-		}()
+		go l.flushLogBuffer(false) // nolint
 	}

 	return &entry
@@ -245,14 +244,3 @@ func answerToMap(a *dns.Msg) []map[string]interface{} {

 	return answers
 }
-
-// getIPString is a helper function that extracts IP address from net.Addr
-func getIPString(addr net.Addr) string {
-	switch addr := addr.(type) {
-	case *net.UDPAddr:
-		return addr.IP.String()
-	case *net.TCPAddr:
-		return addr.IP.String()
-	}
-	return ""
-}
--- a/dnsforward/querylog_file.go
+++ b/dnsforward/querylog_file.go
@@ -20,11 +20,20 @@ var (
 const enableGzip = false

 // flushLogBuffer flushes the current buffer to file and resets the current buffer
-func (l *queryLog) flushLogBuffer() error {
+func (l *queryLog) flushLogBuffer(fullFlush bool) error {
+	l.fileFlushLock.Lock()
+	defer l.fileFlushLock.Unlock()
+
 	// flush remainder to file
 	l.logBufferLock.Lock()
+	needFlush := len(l.logBuffer) >= logBufferCap
+	if !needFlush && !fullFlush {
+		l.logBufferLock.Unlock()
+		return nil
+	}
 	flushBuffer := l.logBuffer
 	l.logBuffer = nil
+	l.flushPending = false
 	l.logBufferLock.Unlock()
 	err := l.flushToFile(flushBuffer)
 	if err != nil {
@@ -37,6 +46,7 @@ func (l *queryLog) flushLogBuffer() error {
 // flushToFile saves the specified log entries to the query log file
 func (l *queryLog) flushToFile(buffer []*logEntry) error {
 	if len(buffer) == 0 {
+		log.Debug("querylog: there's nothing to write to a file")
 		return nil
 	}
 	start := time.Now()
--- a/go.mod
+++ b/go.mod
@@ -3,26 +3,22 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.12

 require (
-	github.com/AdguardTeam/dnsproxy v0.12.0
+	github.com/AdguardTeam/dnsproxy v0.15.0
 	github.com/AdguardTeam/golibs v0.1.3
+	github.com/AdguardTeam/urlfilter v0.4.0
 	github.com/NYTimes/gziphandler v1.1.1
-	github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f // indirect
 	github.com/bluele/gcache v0.0.0-20190203144525-2016d595ccb0
-	github.com/go-ole/go-ole v1.2.1 // indirect
 	github.com/go-test/deep v1.0.1
 	github.com/gobuffalo/packr v1.19.0
-	github.com/joomcode/errorx v0.1.0
+	github.com/joomcode/errorx v0.8.0
 	github.com/kardianos/osext v0.0.0-20170510131534-ae77be60afb1 // indirect
 	github.com/kardianos/service v0.0.0-20181115005516-4c239ee84e7b
 	github.com/krolaw/dhcp4 v0.0.0-20180925202202-7cead472c414
-	github.com/miekg/dns v1.1.1
-	github.com/shirou/gopsutil v2.18.10+incompatible
-	github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 // indirect
+	github.com/miekg/dns v1.1.8
 	github.com/sparrc/go-ping v0.0.0-20181106165434-ef3ab45e41b0
 	github.com/stretchr/testify v1.3.0
-	go.uber.org/goleak v0.10.0
-	golang.org/x/net v0.0.0-20190119204137-ed066c81e75e
-	golang.org/x/sys v0.0.0-20190122071731-054c452bb702
+	golang.org/x/net v0.0.0-20190424112056-4829fb13d2c6
+	golang.org/x/sys v0.0.0-20190424160641-4347357a82bc
 	gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477
 	gopkg.in/yaml.v2 v2.2.1
 )
--- a/Show More
+++ b/Show More