all: sync with master; upd chlog

2023-08-02 16:26:34 +03:00 · 2023-08-02 16:26:34 +03:00 · 3be7676970
parent 48ee2f8a42
commit 3be7676970
35 changed files with 361 additions and 147 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -1,7 +1,7 @@
 'name': 'build'

 'env':
-  'GO_VERSION': '1.19.11'
+  'GO_VERSION': '1.20.7'
  'NODE_VERSION': '14'

 'on':
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -1,7 +1,7 @@
 'name': 'lint'

 'env':
-  'GO_VERSION': '1.19.11'
+  'GO_VERSION': '1.20.7'

 'on':
  'push':
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,11 +14,11 @@ and this project adheres to
 <!--
 ## [v0.108.0] - TBA

-## [v0.107.36] - 2023-08-09 (APPROX.)
+## [v0.107.37] - 2023-08-16 (APPROX.)

-See also the [v0.107.36 GitHub milestone][ms-v0.107.36].
+See also the [v0.107.37 GitHub milestone][ms-v0.107.37].

-[ms-v0.107.36]: https://github.com/AdguardTeam/AdGuardHome/milestone/71?closed=1
+[ms-v0.107.37]: https://github.com/AdguardTeam/AdGuardHome/milestone/72?closed=1

 NOTE: Add new changes BELOW THIS COMMENT.
 -->
@ -29,6 +29,36 @@ NOTE: Add new changes ABOVE THIS COMMENT.



+## [v0.107.36] - 2023-08-02
+
+See also the [v0.107.36 GitHub milestone][ms-v0.107.36].
+
+### Security
+
+- Go version has been updated to prevent the possibility of exploiting the
+  CVE-2023-29409 Go vulnerability fixed in [Go 1.20.7][go-1.20.7].
+
+### Deprecated
+
+- Go 1.20 support.  Future versions will require at least Go 1.21 to build.
+
+### Fixed
+
+- Inability to block queries for the root domain, such as `NS .` queries, using
+  the *Disallowed domains* feature on the *DNS settings* page ([#6049]).  Users
+  who want to block `.` queries should use the `|.^` AdBlock rule or a similar
+  regular expression.
+- Client hostnames not resolving when upstream server responds with zero-TTL
+  records ([#6046]).
+
+[#6046]: https://github.com/AdguardTeam/AdGuardHome/issues/6046
+[#6049]: https://github.com/AdguardTeam/AdGuardHome/issues/6049
+
+[go-1.20.7]:    https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ
+[ms-v0.107.36]: https://github.com/AdguardTeam/AdGuardHome/milestone/71?closed=1
+
+
+
 ## [v0.107.35] - 2023-07-26

 See also the [v0.107.35 GitHub milestone][ms-v0.107.35].
@ -2270,11 +2300,12 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].


 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.36...HEAD
-[v0.107.36]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.35...v0.107.36
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.37...HEAD
+[v0.107.37]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.36...v0.107.37
 -->

-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.35...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.36...HEAD
+[v0.107.36]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.35...v0.107.36
 [v0.107.35]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.34...v0.107.35
 [v0.107.34]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.33...v0.107.34
 [v0.107.33]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.32...v0.107.33
--- a/README.md
+++ b/README.md
@ -54,7 +54,7 @@ code.


 *  [Getting Started](#getting-started)
-     *  [Automated install (Unix)](#automated-install-linux-and-mac)
+     *  [Automated install (Linux/Unix/MacOS/FreeBSD/OpenBSD)](#automated-install-linux-and-mac)
     *  [Alternative methods](#alternative-methods)
     *  [Guides](#guides)
     *  [API](#api)
@ -79,7 +79,7 @@ code.

 ##  <a href="#getting-started" id="getting-started" name="getting-started">Getting Started</a>

-   ###  <a href="#automated-install-linux-and-mac" id="automated-install-linux-and-mac" name="automated-install-linux-and-mac">Automated install (Unix)</a>
+   ###  <a href="#automated-install-linux-and-mac" id="automated-install-linux-and-mac" name="automated-install-linux-and-mac">Automated install (Linux/Unix/MacOS/FreeBSD/OpenBSD)</a>

 To install with `curl` run the following command:

@ -261,7 +261,7 @@ Run `make init` to prepare the development environment.

 You will need this to build AdGuard Home:

- *  [Go](https://golang.org/dl/) v1.19 or later;
+ *  [Go](https://golang.org/dl/) v1.20 or later;
 *  [Node.js](https://nodejs.org/en/download/) v10.16.2 or later;
 *  [npm](https://www.npmjs.com/) v6.14 or later;
 *  [yarn](https://yarnpkg.com/) v1.22.5 or later.
--- a/bamboo-specs/release.yaml
+++ b/bamboo-specs/release.yaml
@ -7,7 +7,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
    'channel': 'edge'
-    'dockerGo': 'adguard/golang-ubuntu:6.8'
+    'dockerGo': 'adguard/golang-ubuntu:7.0'

 'stages':
  - 'Build frontend':
@ -272,7 +272,7 @@
        # need to build a few of these.
        'variables':
            'channel': 'beta'
-            'dockerGo': 'adguard/golang-ubuntu:6.8'
+            'dockerGo': 'adguard/golang-ubuntu:7.0'
    # release-vX.Y.Z branches are the branches from which the actual final
    # release is built.
  - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
@ -287,4 +287,4 @@
        # are the ones that actually get released.
        'variables':
            'channel': 'release'
-            'dockerGo': 'adguard/golang-ubuntu:6.8'
+            'dockerGo': 'adguard/golang-ubuntu:7.0'
--- a/bamboo-specs/snapcraft.yaml
+++ b/bamboo-specs/snapcraft.yaml
@ -10,7 +10,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
    'channel': 'edge'
-    'dockerGo': 'adguard/golang-ubuntu:6.8'
+    'dockerGo': 'adguard/golang-ubuntu:7.0'
    'snapcraftChannel': 'edge'

 'stages':
@ -191,7 +191,7 @@
        # need to build a few of these.
        'variables':
            'channel': 'beta'
-            'dockerGo': 'adguard/golang-ubuntu:6.8'
+            'dockerGo': 'adguard/golang-ubuntu:7.0'
            'snapcraftChannel': 'beta'
    # release-vX.Y.Z branches are the branches from which the actual final
    # release is built.
@ -207,5 +207,5 @@
        # are the ones that actually get released.
        'variables':
            'channel': 'release'
-            'dockerGo': 'adguard/golang-ubuntu:6.8'
+            'dockerGo': 'adguard/golang-ubuntu:7.0'
            'snapcraftChannel': 'candidate'
--- a/bamboo-specs/test.yaml
+++ b/bamboo-specs/test.yaml
@ -5,7 +5,7 @@
    'key': 'AHBRTSPECS'
    'name': 'AdGuard Home - Build and run tests'
 'variables':
-    'dockerGo': 'adguard/golang-ubuntu:6.8'
+    'dockerGo': 'adguard/golang-ubuntu:7.0'

 'stages':
  - 'Tests':
--- a/client/src/__locales/hr.json
+++ b/client/src/__locales/hr.json
@ -444,7 +444,7 @@
    "client_confirm_delete": "Jeste li sigurni da želite ukloniti \"{{key}}\" klijenta?",
    "list_confirm_delete": "Jeste li sigurni da želite ukloniti ovaj popis?",
    "auto_clients_title": "Runtime klijenti",
-    "auto_clients_desc": "Podaci na klijentu koji koriste AdGuard Home, ali se ne mijenjaju u postavkama",
+    "auto_clients_desc": "Informacije o IP adresama uređaja koji koriste ili bi mogli koristiti AdGuard Home. Ove informacije prikupljaju se iz nekoliko izvora, uključujući datoteke hostova, obrnuti DNS itd.",
    "access_title": "Postavke pristupa",
    "access_desc": "Ovdje možete konfigurirati pravila pristupa za AdGuard Home DNS poslužitelj",
    "access_allowed_title": "Dopušteni klijenti",
--- a/client/src/__locales/hu.json
+++ b/client/src/__locales/hu.json
@ -444,7 +444,7 @@
    "client_confirm_delete": "Biztosan törölni szeretné a(z) \"{{key}}\" klienst?",
    "list_confirm_delete": "Biztosan törölni kívánja ezt a listát?",
    "auto_clients_title": "Futási idejű kliensek",
-    "auto_clients_desc": "Ezek az eszközök nem szerepelnek a fenntartott kliensek listáján, de használják az AdGuard Home-ot",
+    "auto_clients_desc": "Az AdGuard Home-ot használó vagy esetleg használó eszközök IP-címeire vonatkozó információk. Ezeket az információkat több forrásból gyűjtik, beleértve a hosts fájlokat, a fordított DNS-t stb.",
    "access_title": "Hozzáférési beállítások",
    "access_desc": "Itt konfigurálhatja az AdGuard Home DNS-kiszolgáló hozzáférési szabályait",
    "access_allowed_title": "Engedélyezett kliensek",
--- a/client/src/__locales/ro.json
+++ b/client/src/__locales/ro.json
@ -444,7 +444,7 @@
    "client_confirm_delete": "Sunteți sigur că doriți să ștergeți clientul \"{{key}}\"?",
    "list_confirm_delete": "Sigur doriți să ștergeți această listă?",
    "auto_clients_title": "Clienți runtime",
-    "auto_clients_desc": "Dispozitivele care nu se află pe lista de clienți Persistent care pot utiliza în continuare AdGuard Home",
+    "auto_clients_desc": "Informații despre adresele IP ale dispozitivelor care utilizează sau pot utiliza AdGuard Home. Aceste informații sunt colectate din mai multe surse, inclusiv din fișiere hosts, DNS inversat etc.",
    "access_title": "Setări de acces",
    "access_desc": "Aici puteți configura regulile de acces pentru serverul DNS AdGuard Home",
    "access_allowed_title": "Clienți autorizați",
--- a/client/src/__locales/sk.json
+++ b/client/src/__locales/sk.json
@ -444,7 +444,7 @@
    "client_confirm_delete": "Naozaj chcete vymazať \"{{key}}\" klienta?",
    "list_confirm_delete": "Naozaj chcete vymazať tento zoznam?",
    "auto_clients_title": "Runtime klienti",
-    "auto_clients_desc": "Zariadenia, ktoré nie sú na zozname trvalých klientov, ktorí môžu stále používať AdGuard Home",
+    "auto_clients_desc": "Informácie o IP adresách zariadení, ktoré používajú alebo môžu používať AdGuard Home. Tieto informácie sa získavajú z viacerých zdrojov vrátane súborov hosts, reverzného DNS atď.",
    "access_title": "Nastavenia prístupu",
    "access_desc": "Tu môžete konfigurovať pravidlá prístupu pre server DNS AdGuard Home.",
    "access_allowed_title": "Povolení klienti",
--- a/client/src/__locales/th.json
+++ b/client/src/__locales/th.json
@ -172,6 +172,7 @@
    "dnscrypt": "DNSCrypt",
    "dns_over_https": "DNS-over-HTTPS",
    "dns_over_tls": "DNS-over-TLS",
+    "dns_over_quic": "DNS-over-QUIC",
    "form_enter_rate_limit": "ป้อนขีดจำกัดอัตรา",
    "rate_limit": "จำกัดอัตรา",
    "edns_enable": "เปิดใช้งานซับเน็ตไคลเอ็นต์ EDNS",
@ -392,6 +393,7 @@
    "show_processed_responses": "การประมวลผล",
    "blocked_adult_websites": "ถูกปิดกั้นโดยการควบคุมของผู้ปกครอง",
    "safe_search": "ค้นหาอย่างปลอดภัย",
+    "blocklist": "บัญชีดำ",
    "filter_category_other": "อื่น ๆ",
    "parental_control": "ควบคุมโดยผู้ปกครอง"
 }
--- a/client/src/__locales/uk.json
+++ b/client/src/__locales/uk.json
@ -444,7 +444,7 @@
    "client_confirm_delete": "Ви впевнені, що хочете видалити клієнта «{{key}}»?",
    "list_confirm_delete": "Ви впевнені, що хочете видалити цей список?",
    "auto_clients_title": "Runtime-клієнти",
-    "auto_clients_desc": "Клієнти, які використовують AdGuard Home, незалежно від того, чи збережені вони в списку постійних",
+    "auto_clients_desc": "Інформація про IP-адреси пристроїв, які використовують або можуть використовувати AdGuard Home. Ця інформація збирається з кількох джерел, зокрема з файлів hosts, зворотного DNS тощо.",
    "access_title": "Налаштування доступу",
    "access_desc": "Тут ви можете налаштувати правила доступу для DNS-сервера AdGuard Home",
    "access_allowed_title": "Дозволені клієнти",
--- a/client/src/__locales/vi.json
+++ b/client/src/__locales/vi.json
@ -444,7 +444,7 @@
    "client_confirm_delete": "Bạn có chắc chắn muốn xóa máy khách \"{{key}}\" không?",
    "list_confirm_delete": "Bạn có muốn xóa bộ lọc này?",
    "auto_clients_title": "Máy khách (thời gian chạy)",
-    "auto_clients_desc": "Các thiết bị không có trong danh sách khách hàng ổn định vẫn có thể sử dụng AdGuard Home",
+    "auto_clients_desc": "Thông tin về địa chỉ IP của thiết bị đang sử dụng hoặc có thể sử dụng AdGuard Home. Thông tin này được thu thập từ nhiều nguồn, bao gồm tệp máy chủ, DNS ngược, v.v.",
    "access_title": "Cài đặt truy cập",
    "access_desc": "Tại đây bạn có thể định cấu hình quy tắc truy cập cho máy chủ AdGuard Home DNS",
    "access_allowed_title": "Máy chủ được phép",
--- a/client/src/__locales/zh-tw.json
+++ b/client/src/__locales/zh-tw.json
@ -138,9 +138,9 @@
    "block_domain_use_filters_and_hosts": "透過過濾器和主機檔案封鎖網域",
    "filters_block_toggle_hint": "您可在<a>過濾器</a>設定中設置封鎖規則。",
    "use_adguard_browsing_sec": "使用 AdGuard 瀏覽安全網路服務",
-    "use_adguard_browsing_sec_hint": "AdGuard Home 將檢查該網域是否被瀏覽安全網路服務封鎖。它將使用友好的隱私查找應用程式介面（API）以執行檢查：僅域名 SHA256 雜湊的短前綴被傳送到該伺服器。",
+    "use_adguard_browsing_sec_hint": "AdGuard Home 將檢查該網域是否被瀏覽安全網路服務封鎖。它將使用對隱私友好的查找應用程式介面（API）以執行檢查：僅域名 SHA256 雜湊的短前綴被傳送到該伺服器。",
    "use_adguard_parental": "使用 AdGuard 家長控制之網路服務",
-    "use_adguard_parental_hint": "AdGuard Home 將檢查網域是否包含成人資料。它使用如同瀏覽安全網路服務一樣之友好的隱私應用程式介面（API）。",
+    "use_adguard_parental_hint": "AdGuard Home 將檢查網域是否包含成人資料。它使用如同瀏覽安全網路服務一樣之對隱私友好的應用程式介面（API）。",
    "enforce_safe_search": "使用安全搜尋",
    "enforce_save_search_hint": "AdGuard Home 將在下列的搜尋引擎：Google、YouTube、Bing、DuckDuckGo、Yandex 和 Pixabay 中強制執行安全搜尋。",
    "no_servers_specified": "無已明確指定的伺服器",
--- a/client/src/helpers/trackers/trackers.json
+++ b/client/src/helpers/trackers/trackers.json
@ -1,5 +1,5 @@
 {
-    "timeUpdated": "2023-07-15T00:10:47.501Z",
+    "timeUpdated": "2023-08-01T00:10:42.759Z",
    "categories": {
        "0": "audio_video_player",
        "1": "comments",
@ -42,7 +42,8 @@
            "name": "1822direkt.de",
            "categoryId": 8,
            "url": "https://www.1822direkt.de/",
-            "companyId": null
+            "companyId": "1822direkt",
+            "source": "AdGuard"
        },
        "1dmp.io": {
            "name": "1DMP",
@ -69,16 +70,18 @@
            "companyId": "dentsu_aegis_network"
        },
        "1und1": {
-            "name": "1&1 Internet",
+            "name": "1&1 IONOS",
            "categoryId": 8,
-            "url": null,
-            "companyId": null
+            "url": "http://www.ionos.com/",
+            "companyId": "1und1",
+            "source": "AdGuard"
        },
        "24-ads.com": {
-            "name": "24-ADS GmbH",
+            "name": "24-ADS",
            "categoryId": 4,
            "url": "http://www.24-ads.com/",
-            "companyId": null
+            "companyId": "24-ads.com",
+            "source": "AdGuard"
        },
        "24_7": {
            "name": "[24]7",
@ -93,10 +96,11 @@
            "companyId": "24log"
        },
        "24smi": {
-            "name": "24СМИ",
+            "name": "24SMI",
            "categoryId": 8,
            "url": "https://24smi.org/",
-            "companyId": null
+            "companyId": "24smi",
+            "source": "AdGuard"
        },
        "2leep": {
            "name": "2leep",
@ -127,13 +131,15 @@
            "name": "4Chan",
            "categoryId": 8,
            "url": "https://www.4chan.org/",
-            "companyId": null
+            "companyId": "4chan",
+            "source": "AdGuard"
        },
        "4finance_com": {
-            "name": "4finance.com",
+            "name": "4finance",
            "categoryId": 2,
-            "url": "http://4finance.com/",
-            "companyId": null
+            "url": "https://4finance.com/",
+            "companyId": "4finance",
+            "source": "AdGuard"
        },
        "4w_marketplace": {
            "name": "4w Marketplace",
@ -179,10 +185,11 @@
            "source": "AdGuard"
        },
        "7tv.de": {
-            "name": "7tv.de",
+            "name": "7tv.app",
            "categoryId": 0,
-            "url": "https://www.7tv.de/",
-            "companyId": null
+            "url": "https://www.7tv.app/",
+            "companyId": "7tv",
+            "source": "AdGuard"
        },
        "888media": {
            "name": "888media",
@ -2554,7 +2561,7 @@
            "name": "Microsoft App Center",
            "categoryId": 5,
            "url": "https://appcenter.ms/",
-            "companyId": null,
+            "companyId": "microsoft",
            "source": "AdGuard"
        },
        "appcues": {
@ -3925,7 +3932,7 @@
            "name": "Button",
            "categoryId": 4,
            "url": "https://www.usebutton.com/",
-            "companyId": null,
+            "companyId": "button",
            "source": "AdGuard"
        },
        "buysellads": {
@ -5276,7 +5283,7 @@
            "name": "Crashlytics",
            "categoryId": 101,
            "url": "https://crashlytics.com/",
-            "companyId": null,
+            "companyId": "google",
            "source": "AdGuard"
        },
        "crazy_egg": {
@ -6427,6 +6434,13 @@
            "url": "http://www.amazon.com/",
            "companyId": "amazon_associates"
        },
+        "electronic_arts": {
+            "name": "Electronic Arts",
+            "categoryId": 2,
+            "url": "https://www.ea.com/",
+            "companyId": "electronic_arts",
+            "source": "AdGuard"
+        },
        "element": {
            "name": "Element",
            "categoryId": 7,
@ -7014,6 +7028,13 @@
            "url": null,
            "companyId": null
        },
+        "farlight_pte_ltd": {
+            "name": "Farlight Pte Ltd.",
+            "categoryId": 8,
+            "url": "https://farlightgames.com/",
+            "companyId": "farlight",
+            "source": "AdGuard"
+        },
        "fastly_insights": {
            "name": "Fastly Insights",
            "categoryId": 6,
@ -8655,7 +8676,7 @@
            "name": "HockeyApp",
            "categoryId": 101,
            "url": "https://hockeyapp.net/",
-            "companyId": null,
+            "companyId": "microsoft",
            "source": "AdGuard"
        },
        "hoholikik.club": {
@ -16729,6 +16750,13 @@
            "url": "http://www.sundaysky.com/",
            "companyId": "sundaysky"
        },
+        "supercell": {
+            "name": "Supercell",
+            "categoryId": 2,
+            "url": "https://supercell.com/",
+            "companyId": "supercell",
+            "source": "AdGuard"
+        },
        "supercounters": {
            "name": "SuperCounters",
            "categoryId": 6,
@ -19318,10 +19346,11 @@
            "companyId": "xapads"
        },
        "xen-media.com": {
-            "name": "xen-media.com",
+            "name": "Xen Media",
            "categoryId": 11,
-            "url": null,
-            "companyId": null
+            "url": "https://www.xenmedia.net/",
+            "companyId": "xenmedia",
+            "source": "AdGuard"
        },
        "xfreeservice.com": {
            "name": "xfreeservice.com",
@ -19332,8 +19361,9 @@
        "xhamster": {
            "name": "xHamster",
            "categoryId": 3,
-            "url": null,
-            "companyId": null
+            "url": "https://xhamster.com/",
+            "companyId": "xhamster",
+            "source": "AdGuard"
        },
        "xing": {
            "name": "Xing",
@ -19348,10 +19378,11 @@
            "companyId": "exoclick"
        },
        "xnxx_cdn": {
-            "name": "xnxx CDN",
+            "name": "XNXX",
            "categoryId": 9,
            "url": "https://www.xnxx.com",
-            "companyId": null
+            "companyId": "xnxx",
+            "source": "AdGuard"
        },
        "xplosion": {
            "name": "xplosion",
@ -19366,16 +19397,18 @@
            "companyId": "matomy_media"
        },
        "xvideos_com": {
-            "name": "xvideos.com",
+            "name": "Xvideos",
            "categoryId": 8,
-            "url": null,
-            "companyId": null
+            "url": "https://www.xvideos.com",
+            "companyId": "xvideos",
+            "source": "AdGuard"
        },
        "xxxlshop.de": {
-            "name": "xxxlshop.de",
+            "name": "XXXLutz",
            "categoryId": 8,
-            "url": "https://www.xxxlshop.de/",
-            "companyId": null
+            "url": "https://www.xxxlutz.de/",
+            "companyId": "xxxlutz",
+            "source": "AdGuard"
        },
        "xxxlutz": {
            "name": "XXXLutz",
@ -19387,7 +19420,8 @@
            "name": "Yabbi",
            "categoryId": 4,
            "url": "https://yabbi.me/",
-            "companyId": null
+            "companyId": "yabbi",
+            "source": "AdGuard"
        },
        "yabuka": {
            "name": "Yabuka",
@ -19649,10 +19683,11 @@
            "companyId": "yomedia"
        },
        "yoochoose.net": {
-            "name": "YOOCHOOSE",
+            "name": "Ibexa Personalizaton Software",
            "categoryId": 4,
-            "url": "https://yoochoose.com/",
-            "companyId": null
+            "url": "https://yoochoose.net/",
+            "companyId": "ibexa",
+            "source": "AdGuard"
        },
        "yotpo": {
            "name": "Yotpo",
@ -19687,8 +19722,9 @@
        "youporn": {
            "name": "YouPorn",
            "categoryId": 3,
-            "url": null,
-            "companyId": null
+            "url": "https://www.youporn.com/",
+            "companyId": "youporn",
+            "source": "AdGuard"
        },
        "youtube": {
            "name": "YouTube",
@ -19826,7 +19862,8 @@
            "name": "ZeusClicks",
            "categoryId": 4,
            "url": "http://zeusclicks.com/",
-            "companyId": null
+            "companyId": "zeusclicks",
+            "source": "AdGuard"
        },
        "ziff_davis": {
            "name": "Ziff Davis",
@ -19844,7 +19881,8 @@
            "name": "Zimbio",
            "categoryId": 8,
            "url": "http://www.zimbio.com/",
-            "companyId": null
+            "companyId": "livinglymedia",
+            "source": "AdGuard"
        },
        "zippyshare_widget": {
            "name": "Zippyshare Widget",
@ -21450,6 +21488,9 @@
        "ekomi.de": "ekomi",
        "elasticad.net": "elastic_ad",
        "elasticbeanstalk.com": "elastic_beanstalk",
+        "cloudcell.com": "electronic_arts",
+        "ea.com": "electronic_arts",
+        "eamobile.com": "electronic_arts",
        "element.io": "element",
        "riot.im": "element",
        "elicitapp.com": "elicit",
@ -21570,6 +21611,7 @@
        "thefancy.com": "fancy_widget",
        "d1q7pknmpq2wkm.cloudfront.net": "fanplayr",
        "fap.to": "fap.to",
+        "farlightgames.com": "farlight_pte_ltd",
        "fastly-insights.com": "fastly_insights",
        "fastly.net": "fastlylb.net",
        "fastlylb.net": "fastlylb.net",
@ -24146,6 +24188,8 @@
        "sumo.com": "sumome",
        "sumome.com": "sumome",
        "sundaysky.com": "sundaysky",
+        "supercell.com": "supercell",
+        "supercellsupport.com": "supercell",
        "supercounters.com": "supercounters",
        "superfastcdn.com": "superfastcdn.com",
        "socdm.com": "supership",
--- a/go.mod
+++ b/go.mod
@ -1,9 +1,9 @@
 module github.com/AdguardTeam/AdGuardHome

-go 1.19
+go 1.20

 require (
-	github.com/AdguardTeam/dnsproxy v0.52.0
+	github.com/AdguardTeam/dnsproxy v0.52.1-0.20230726165924-30c459b0cdef
 	github.com/AdguardTeam/golibs v0.13.6
 	github.com/AdguardTeam/urlfilter v0.16.1
 	github.com/NYTimes/gziphandler v1.1.1
@ -17,7 +17,7 @@ require (
 	github.com/google/gopacket v1.1.19
 	github.com/google/renameio/v2 v2.0.0
 	github.com/google/uuid v1.3.0
-	github.com/insomniacslk/dhcp v0.0.0-20230612134759-b20c9ba983df
+	github.com/insomniacslk/dhcp v0.0.0-20230720093626-5648422c16cd
 	github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86
 	github.com/kardianos/service v1.2.2
 	github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118
@ -27,12 +27,15 @@ require (
 	// own code for that.  Perhaps, use gopacket.
 	github.com/mdlayher/raw v0.1.0
 	github.com/miekg/dns v1.1.55
-	github.com/quic-go/quic-go v0.36.1
+	// TODO(a.garipov): Update to ≥ v0.37.0 once we update to Go 1.20.
+	github.com/quic-go/quic-go v0.36.2
 	github.com/stretchr/testify v1.8.4
 	github.com/ti-mo/netfilter v0.5.0
 	go.etcd.io/bbolt v1.3.7
 	golang.org/x/crypto v0.11.0
-	golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1
+	// TODO(a.garipov): Update after updating slices.Sort and friends to
+	// stdlib versions in dnsproxy and golibs in Go 1.20.
+	golang.org/x/exp v0.0.0-20230724220655-d98519c11495
 	golang.org/x/net v0.12.0
 	golang.org/x/sys v0.10.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
@ -48,7 +51,7 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/golang/mock v1.6.0 // indirect
-	github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 // indirect
+	github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8 // indirect
 	github.com/mdlayher/socket v0.4.1 // indirect
 	github.com/onsi/ginkgo/v2 v2.11.0 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
@ -59,8 +62,8 @@ require (
 	github.com/quic-go/qtls-go1-19 v0.3.2 // indirect
 	github.com/quic-go/qtls-go1-20 v0.2.2 // indirect
 	github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 // indirect
-	golang.org/x/mod v0.11.0 // indirect
+	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/sync v0.3.0 // indirect
 	golang.org/x/text v0.11.0 // indirect
-	golang.org/x/tools v0.10.0 // indirect
+	golang.org/x/tools v0.11.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,5 +1,5 @@
-github.com/AdguardTeam/dnsproxy v0.52.0 h1:uZxCXflHSAwtJ7uTYXP6qgWcxaBsH0pJvldpwTqIDJk=
-github.com/AdguardTeam/dnsproxy v0.52.0/go.mod h1:Jo2zeRe97Rxt3yikXc+fn0LdLtqCj0Xlyh1PNBj6bpM=
+github.com/AdguardTeam/dnsproxy v0.52.1-0.20230726165924-30c459b0cdef h1:3ZJieG+PV+wJEXLgUndW4yL9/7iubyipbDmA0w3sa7Y=
+github.com/AdguardTeam/dnsproxy v0.52.1-0.20230726165924-30c459b0cdef/go.mod h1:Jo2zeRe97Rxt3yikXc+fn0LdLtqCj0Xlyh1PNBj6bpM=
 github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
 github.com/AdguardTeam/golibs v0.13.6 h1:z/0Q25pRLdaQxtoxvfSaooz5mdv8wj0R8KREj54q8yQ=
@ -50,16 +50,16 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
 github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
-github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs=
-github.com/google/pprof v0.0.0-20230602150820-91b7bce49751/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA=
+github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8 h1:n6vlPhxsA+BW/XsS5+uqi7GyzaLa5MH7qlSLBZtRdiA=
+github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA=
 github.com/google/renameio/v2 v2.0.0 h1:UifI23ZTGY8Tt29JbYFiuyIU3eX+RNFtUwefq9qAhxg=
 github.com/google/renameio/v2 v2.0.0/go.mod h1:BtmJXm5YlszgC+TD4HOEEUFgkJP3nLxehU6hfe7jRt4=
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8CrSJVmaolDVOxTfS9kc36uB6H40kdbQq8=
-github.com/insomniacslk/dhcp v0.0.0-20230612134759-b20c9ba983df h1:pF1MMIzEJzJ/MyI4bXYXVYyN8CJgoQ2PPKT2z3O/Cl4=
-github.com/insomniacslk/dhcp v0.0.0-20230612134759-b20c9ba983df/go.mod h1:7474bZ1YNCvarT6WFKie4kEET6J0KYRDC4XJqqXzQW4=
+github.com/insomniacslk/dhcp v0.0.0-20230720093626-5648422c16cd h1:D772X7igTag7yKErVWAR7boXpOml3fqqBzH1wNaD/jk=
+github.com/insomniacslk/dhcp v0.0.0-20230720093626-5648422c16cd/go.mod h1:7474bZ1YNCvarT6WFKie4kEET6J0KYRDC4XJqqXzQW4=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
 github.com/josharian/native v1.0.1-0.20221213033349-c1e37c09b531/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
@ -108,8 +108,8 @@ github.com/quic-go/qtls-go1-19 v0.3.2 h1:tFxjCFcTQzK+oMxG6Zcvp4Dq8dx4yD3dDiIiyc8
 github.com/quic-go/qtls-go1-19 v0.3.2/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
 github.com/quic-go/qtls-go1-20 v0.2.2 h1:WLOPx6OY/hxtTxKV1Zrq20FtXtDEkeY00CGQm8GEa3E=
 github.com/quic-go/qtls-go1-20 v0.2.2/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
-github.com/quic-go/quic-go v0.36.1 h1:WsG73nVtnDy1TiACxFxhQ3TqaW+DipmqzLEtNlAwZyY=
-github.com/quic-go/quic-go v0.36.1/go.mod h1:zPetvwDlILVxt15n3hr3Gf/I3mDf7LpLKPhR4Ez0AZQ=
+github.com/quic-go/quic-go v0.36.2 h1:ZX/UNQ4gvpCv2RmwdbA6lrRjF6EBm5yZ7TMoT4NQVrA=
+github.com/quic-go/quic-go v0.36.2/go.mod h1:zPetvwDlILVxt15n3hr3Gf/I3mDf7LpLKPhR4Ez0AZQ=
 github.com/shirou/gopsutil/v3 v3.21.8 h1:nKct+uP0TV8DjjNiHanKf8SAuub+GNsbrOtM9Nl9biA=
 github.com/shirou/gopsutil/v3 v3.21.8/go.mod h1:YWp/H8Qs5fVmf17v7JNZzA0mPJ+mS2e9JdiUF9LlKzQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@ -136,13 +136,13 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
 golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
-golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 h1:MGwJjxBy0HJshjDNfLsYO8xppfqWlA5ZT9OhtUUhTNw=
-golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
+golang.org/x/exp v0.0.0-20230724220655-d98519c11495 h1:zKGKw2WlGb8oPoRGqQ2PT8g2YoCN1w/YbbQjHXCdUWE=
+golang.org/x/exp v0.0.0-20230724220655-d98519c11495/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
-golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@ -191,8 +191,8 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg=
-golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM=
+golang.org/x/tools v0.11.0 h1:EMCa6U9S2LtZXLAMoWiR/R8dAQFRqbAitmbJ2UKhoi8=
+golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/internal/client/addrproc.go
+++ b/internal/client/addrproc.go
@ -58,6 +58,12 @@ type DefaultAddrProcConfig struct {
 	// immediately by [NewDefaultAddrProc].
 	InitialAddresses []netip.Addr

+	// CatchPanics, if true, makes the address processor catch and log panics.
+	//
+	// TODO(a.garipov): Consider better ways to do this or apply this method to
+	// other parts of the codebase.
+	CatchPanics bool
+
 	// UseRDNS, if true, enables resolving of client IP addresses using reverse
 	// DNS.
 	UseRDNS bool
@ -151,7 +157,7 @@ func NewDefaultAddrProc(c *DefaultAddrProcConfig) (p *DefaultAddrProc) {
 		p.whois = newWHOIS(c.DialContext)
 	}

-	go p.process()
+	go p.process(c.CatchPanics)

 	for _, ip := range c.InitialAddresses {
 		p.Process(ip)
@ -214,8 +220,10 @@ func (p *DefaultAddrProc) Process(ip netip.Addr) {

 // process processes the incoming client IP-address information.  It is intended
 // to be used as a goroutine.  Once clientIPs is closed, process exits.
-func (p *DefaultAddrProc) process() {
-	defer log.OnPanic("addrProcessor.process")
+func (p *DefaultAddrProc) process(catchPanics bool) {
+	if catchPanics {
+		defer log.OnPanic("addrProcessor.process")
+	}

 	log.Info("clients: processing addresses")

--- a/internal/client/addrproc_test.go
+++ b/internal/client/addrproc_test.go
@ -2,6 +2,7 @@ package client_test

 import (
 	"context"
+	"fmt"
 	"io"
 	"net"
 	"net/netip"
@ -112,6 +113,7 @@ func TestDefaultAddrProc_Process_rDNS(t *testing.T) {
 				AddressUpdater: &aghtest.AddressUpdater{
 					OnUpdateAddress: newOnUpdateAddress(tc.wantUpd, updIPCh, updHostCh, updInfoCh),
 				},
+				CatchPanics:    false,
 				UseRDNS:        true,
 				UsePrivateRDNS: tc.usePrivate,
 				UseWHOIS:       false,
@ -146,8 +148,8 @@ func newOnUpdateAddress(
 	infos chan<- *whois.Info,
 ) (f func(ip netip.Addr, host string, info *whois.Info)) {
 	return func(ip netip.Addr, host string, info *whois.Info) {
-		if !want {
-			panic("got unexpected update")
+		if !want && (host != "" || info != nil) {
+			panic(fmt.Errorf("got unexpected update for %v with %q and %v", ip, host, info))
 		}

 		ips <- ip
@ -222,6 +224,7 @@ func TestDefaultAddrProc_Process_WHOIS(t *testing.T) {
 				AddressUpdater: &aghtest.AddressUpdater{
 					OnUpdateAddress: newOnUpdateAddress(tc.wantUpd, updIPCh, updHostCh, updInfoCh),
 				},
+				CatchPanics:    false,
 				UseRDNS:        false,
 				UsePrivateRDNS: false,
 				UseWHOIS:       true,
--- a/internal/dnsforward/access.go
+++ b/internal/dnsforward/access.go
@ -90,7 +90,7 @@ func newAccessCtx(allowed, blocked, blockedHosts []string) (a *accessManager, er

 	lists := []filterlist.RuleList{
 		&filterlist.StringRuleList{
-			ID:             int(0),
+			ID:             0,
 			RulesText:      b.String(),
 			IgnoreCosmetic: true,
 		},
--- a/internal/dnsforward/access_test.go
+++ b/internal/dnsforward/access_test.go
@ -31,6 +31,7 @@ func TestIsBlockedHost(t *testing.T) {
 		"*.host.com",
 		"||host3.com^",
 		"||*^$dnstype=HTTPS",
+		"|.^",
 	})
 	require.NoError(t, err)

@ -94,6 +95,11 @@ func TestIsBlockedHost(t *testing.T) {
 		name: "by_qtype_other",
 		host: "site-with-https-record.example",
 		qt:   dns.TypeA,
+	}, {
+		want: assert.True,
+		name: "ns_root",
+		host: ".",
+		qt:   dns.TypeNS,
 	}}

 	for _, tc := range testCases {
--- a/internal/dnsforward/dnsforward.go
+++ b/internal/dnsforward/dnsforward.go
@ -346,19 +346,21 @@ func (s *Server) Exchange(ip netip.Addr) (host string, ttl time.Duration, err er
 	}

 	var resolver *proxy.Proxy
+	var errMsg string
 	if s.privateNets.Contains(ip.AsSlice()) {
 		if !s.conf.UsePrivateRDNS {
 			return "", 0, nil
 		}

 		resolver = s.localResolvers
+		errMsg = "resolving a private address: %w"
 		s.recDetector.add(*req)
 	} else {
 		resolver = s.internalProxy
+		errMsg = "resolving an address: %w"
 	}
-
 	if err = resolver.Resolve(dctx); err != nil {
-		return "", 0, err
+		return "", 0, fmt.Errorf(errMsg, err)
 	}

 	return hostFromPTR(dctx.Res)
@ -377,13 +379,18 @@ func hostFromPTR(resp *dns.Msg) (host string, ttl time.Duration, err error) {

 	var ttlSec uint32

+	log.Debug("dnsforward: resolving ptr, received %d answers", len(resp.Answer))
 	for _, ans := range resp.Answer {
 		ptr, ok := ans.(*dns.PTR)
 		if !ok {
 			continue
 		}

-		if ptr.Hdr.Ttl > ttlSec {
+		// Respect zero TTL records since some DNS servers use it to
+		// locally-resolved addresses.
+		//
+		// See https://github.com/AdguardTeam/AdGuardHome/issues/6046.
+		if ptr.Hdr.Ttl >= ttlSec {
 			host = ptr.Ptr
 			ttlSec = ptr.Hdr.Ttl
 		}
@ -465,6 +472,7 @@ func (s *Server) filterOurDNSAddrs(addrs []string) (filtered []string, err error
 	}

 	ourAddrsSet := stringutil.NewSet(ourAddrs...)
+	log.Debug("dnsforward: filtering out %s", ourAddrsSet.String())

 	// TODO(e.burkov): The approach of subtracting sets of strings is not
 	// really applicable here since in case of listening on all network
@ -501,7 +509,7 @@ func (s *Server) setupLocalResolvers() (err error) {
 		PreferIPv6: s.conf.BootstrapPreferIPv6,
 	})
 	if err != nil {
-		return fmt.Errorf("parsing private upstreams: %w", err)
+		return fmt.Errorf("preparing private upstreams: %w", err)
 	}

 	s.localResolvers = &proxy.Proxy{
--- a/internal/dnsforward/dnsforward_test.go
+++ b/internal/dnsforward/dnsforward_test.go
@ -72,13 +72,6 @@ func startDeferStop(t *testing.T, s *Server) {
 	testutil.CleanupAndRequireSuccess(t, s.Stop)
 }

-// packageUpstreamVariableMu is used to serialize access to the package-level
-// variables of package upstream.
-//
-// TODO(s.chzhen): Move these parameters to upstream options and remove this
-// crutch.
-var packageUpstreamVariableMu = &sync.Mutex{}
-
 func createTestServer(
 	t *testing.T,
 	filterConf *filtering.Config,
@ -87,9 +80,6 @@ func createTestServer(
 ) (s *Server) {
 	t.Helper()

-	packageUpstreamVariableMu.Lock()
-	defer packageUpstreamVariableMu.Unlock()
-
 	rules := `||nxdomain.example.org
 ||NULL.example.org^
 127.0.0.1	host.example.org
@ -1374,6 +1364,24 @@ func TestServer_Exchange(t *testing.T) {
 	refusingUpstream := aghtest.NewUpstreamMock(func(req *dns.Msg) (resp *dns.Msg, err error) {
 		return new(dns.Msg).SetRcode(req, dns.RcodeRefused), nil
 	})
+	zeroTTLUps := &aghtest.UpstreamMock{
+		OnAddress: func() (addr string) { return "zero.ttl.example" },
+		OnExchange: func(req *dns.Msg) (resp *dns.Msg, err error) {
+			resp = new(dns.Msg).SetReply(req)
+			hdr := dns.RR_Header{
+				Name:   req.Question[0].Name,
+				Rrtype: dns.TypePTR,
+				Class:  dns.ClassINET,
+				Ttl:    0,
+			}
+			resp.Answer = []dns.RR{&dns.PTR{
+				Hdr: hdr,
+				Ptr: localDomainHost,
+			}}
+
+			return resp, nil
+		},
+	}

 	srv := &Server{
 		recDetector: newRecursionDetector(0, 1),
@ -1445,6 +1453,13 @@ func TestServer_Exchange(t *testing.T) {
 		locUpstream: nil,
 		req:         twosIP,
 		wantTTL:     defaultTTL * 2,
+	}, {
+		name:        "zero_ttl",
+		want:        localDomainHost,
+		wantErr:     nil,
+		locUpstream: zeroTTLUps,
+		req:         localIP,
+		wantTTL:     0,
 	}}

 	for _, tc := range testCases {
@ -1468,6 +1483,7 @@ func TestServer_Exchange(t *testing.T) {

 	t.Run("resolving_disabled", func(t *testing.T) {
 		srv.conf.UsePrivateRDNS = false
+		t.Cleanup(func() { srv.conf.UsePrivateRDNS = true })

 		host, _, eerr := srv.Exchange(localIP)

--- a/internal/dnsforward/filter.go
+++ b/internal/dnsforward/filter.go
@ -5,6 +5,7 @@ import (
 	"fmt"
 	"strings"

+	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/golibs/log"
@ -33,9 +34,9 @@ func (s *Server) beforeRequestHandler(
 	if len(pctx.Req.Question) == 1 {
 		q := pctx.Req.Question[0]
 		qt := q.Qtype
-		host := strings.TrimSuffix(q.Name, ".")
+		host := aghnet.NormalizeDomain(q.Name)
 		if s.access.isBlockedHost(host, qt) {
-			log.Debug("request %s %s is in access blocklist", dns.Type(qt), host)
+			log.Debug("access: request %s %s is in access blocklist", dns.Type(qt), host)

 			return s.preBlockedResponse(pctx)
 		}
@ -79,7 +80,12 @@ func (s *Server) filterDNSRequest(dctx *dnsContext) (res *filtering.Result, err
 	res = &resVal
 	switch {
 	case res.IsFiltered:
-		log.Tracef("host %q is filtered, reason %q, rule: %q", host, res.Reason, res.Rules[0].Text)
+		log.Debug(
+			"dnsforward: host %q is filtered, reason: %q; rule: %q",
+			host,
+			res.Reason,
+			res.Rules[0].Text,
+		)
 		pctx.Res = s.genDNSFilterMessage(pctx, res)
 	case res.Reason.In(filtering.Rewritten, filtering.RewrittenRule) &&
 		res.CanonName != "" &&
@ -189,7 +195,7 @@ func (s *Server) filterDNSResponse(
 			continue
 		} else if res.IsFiltered {
 			pctx.Res = s.genDNSFilterMessage(pctx, res)
-			log.Debug("DNSFwd: Matched %s by response: %s", pctx.Req.Question[0].Name, host)
+			log.Debug("dnsforward: matched %q by response: %q", pctx.Req.Question[0].Name, host)

 			return res, nil
 		}
--- a/internal/dnsforward/process.go
+++ b/internal/dnsforward/process.go
@ -719,6 +719,8 @@ func (s *Server) processLocalPTR(dctx *dnsContext) (rc resultCode) {
 	if s.conf.UsePrivateRDNS {
 		s.recDetector.add(*pctx.Req)
 		if err := s.localResolvers.Resolve(pctx); err != nil {
+			log.Debug("dnsforward: resolving private address: %s", err)
+
 			// Generate the server failure if the private upstream configuration
 			// is empty.
 			//
--- a/internal/dnsforward/upstreams.go
+++ b/internal/dnsforward/upstreams.go
@ -42,16 +42,6 @@ func (s *Server) loadUpstreams() (upstreams []string, err error) {

 // prepareUpstreamSettings sets upstream DNS server settings.
 func (s *Server) prepareUpstreamSettings() (err error) {
-	// Use a customized set of RootCAs, because Go's default mechanism of
-	// loading TLS roots does not always work properly on some routers so we're
-	// loading roots manually and pass it here.
-	//
-	// See [aghtls.SystemRootCAs].
-	//
-	// TODO(a.garipov): Investigate if that's true.
-	upstream.RootCAs = s.conf.TLSv12Roots
-	upstream.CipherSuites = s.conf.TLSCiphers
-
 	// Load upstreams either from the file, or from the settings
 	var upstreams []string
 	upstreams, err = s.loadUpstreams()
@ -64,6 +54,15 @@ func (s *Server) prepareUpstreamSettings() (err error) {
 		Timeout:      s.conf.UpstreamTimeout,
 		HTTPVersions: UpstreamHTTPVersions(s.conf.UseHTTP3Upstreams),
 		PreferIPv6:   s.conf.BootstrapPreferIPv6,
+		// Use a customized set of RootCAs, because Go's default mechanism of
+		// loading TLS roots does not always work properly on some routers so we're
+		// loading roots manually and pass it here.
+		//
+		// See [aghtls.SystemRootCAs].
+		//
+		// TODO(a.garipov): Investigate if that's true.
+		RootCAs:      s.conf.TLSv12Roots,
+		CipherSuites: s.conf.TLSCiphers,
 	})
 	if err != nil {
 		return fmt.Errorf("preparing upstream config: %w", err)
--- a/internal/filtering/servicelist.go
+++ b/internal/filtering/servicelist.go
@ -253,6 +253,30 @@ var blockedServices = []blockedService{{
 		"||z.cn^",
 		"||zappos^",
 	},
+}, {
+	ID:      "apple_streaming",
+	Name:    "Apple Streaming",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 50 50\"><path d=\"M33.375 0c-2.836.191-5.871 1.879-7.75 4.156-1.645 2.004-3.023 4.946-2.5 8-.469-.144-.895-.16-1.406-.344-1.395-.496-2.989-1.03-4.969-1.03-3.934 0-7.96 2.34-10.5 6.25C2.555 22.71 3.297 32.706 8.906 41.25c.989 1.5 2.14 3.137 3.563 4.438 1.422 1.3 3.14 2.292 5.156 2.312 1.723.02 2.922-.555 4-1.031 1.078-.477 2.082-.899 3.969-.907h.031c1.879-.015 2.852.399 3.906.876 1.055.476 2.242 1.078 3.969 1.062 2.055-.016 3.8-1.14 5.25-2.531 1.45-1.39 2.64-3.098 3.625-4.594 1.41-2.148 1.977-3.32 3.063-5.719a1.001 1.001 0 0 0-.563-1.344C41.32 32.47 39.293 29.325 39 26c-.293-3.324 1.113-6.746 4.656-8.688a1 1 0 0 0 .508-.675 1.007 1.007 0 0 0-.195-.825c-2.543-3.16-6.121-5.03-9.625-5.03-2.235 0-3.875.527-5.219 1.03-.223.086-.387.079-.594.157 1.364-.719 2.567-1.715 3.469-2.875 1.64-2.106 2.906-5.102 2.438-8.25A.999.999 0 0 0 33.374 0Zm-1.063 2.375c-.066 2.02-.757 3.996-1.906 5.469-1.203 1.547-3.226 2.617-5.187 2.937.035-1.941.8-3.953 1.968-5.375 1.227-1.484 3.258-2.554 5.125-3.031ZM16.75 12.781c1.613 0 2.906.418 4.281.906 1.375.489 2.824 1.063 4.532 1.063 1.667 0 2.988-.578 4.28-1.063 1.294-.484 2.583-.906 4.5-.906 2.505 0 5.212 1.301 7.344 3.563-3.414 2.41-5.011 6.168-4.687 9.812.324 3.684 2.543 7.18 6.188 9-.79 1.719-1.31 2.856-2.47 4.625-.956 1.457-2.093 3.051-3.343 4.25-1.25 1.2-2.574 1.957-3.906 1.969-1.285.012-2.016-.371-3.125-.875-1.11-.504-2.543-1.082-4.75-1.063-2.203.012-3.657.567-4.782 1.063s-1.863.887-3.156.875c-1.367-.012-2.636-.676-3.843-1.781-1.208-1.106-2.297-2.614-3.25-4.063-5.25-8-5.672-17.398-2.657-22.031 2.211-3.402 5.723-5.344 8.844-5.344Z\"/></svg>"),
+	Rules: []string{
+		"||applemusic.apple^",
+		"||hls-svod-aoc-ve.itunes.g.aaplimg.com^",
+		"||itun.es^",
+		"||itunes.apple.com^",
+		"||itunes.ca^",
+		"||itunes.co.th^",
+		"||itunes.co^",
+		"||itunes.com^",
+		"||itunes.es^",
+		"||itunes.g.aaplimg.com^",
+		"||itunes.hk^",
+		"||itunes.mx^",
+		"||itunes.org^",
+		"||itunes.us^",
+		"||music.apple.com^",
+		"||tv.apple.com^",
+		"||tv.g.apple.com^",
+		"||tv.v.aaplimg.com^",
+	},
 }, {
 	ID:      "battle_net",
 	Name:    "Battle.net",
@ -327,6 +351,34 @@ var blockedServices = []blockedService{{
 		"||bnet.cn^",
 		"||lizzard.com^",
 	},
+}, {
+	ID:      "claro",
+	Name:    "Claro",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 -21 67 67\"><path d=\"M49.004 0c.933.01 1.866.002 2.8.003.003 2.842.001 5.684 0 8.525-.934.001-1.867.002-2.8.001 0-2.842-.002-5.686 0-8.529ZM55.2 9.622c2.564-2.63 5.1-5.292 7.662-7.926.657.69 1.334 1.36 1.978 2.064-2.535 2.654-5.096 5.282-7.632 7.933-.68-.679-1.339-1.38-2.008-2.07ZM6.091 8.06a7.942 7.942 0 0 1 2.155-.233c2.405-.058 4.742 1.202 6.232 3.131a8.516 8.516 0 0 1 1.514 3.12c-1.102.004-2.204 0-3.306 0-.486-1.001-1.23-1.893-2.2-2.413a4.756 4.756 0 0 0-1.728-.58c-.565-.012-1.142-.062-1.695.086a4.798 4.798 0 0 0-2.452 1.427c-.859.836-1.434 2.013-1.485 3.243-.11 1.171.105 2.399.749 3.384.619.944 1.494 1.73 2.53 2.135 1.739.666 3.843.265 5.174-1.095a6.18 6.18 0 0 0 1.118-1.604c1.098-.006 2.195-.006 3.292 0-.271 1.202-.863 2.316-1.611 3.27-.513.556-1.016 1.138-1.648 1.552-2.835 2.024-6.953 1.91-9.618-.379-.829-.73-1.586-1.572-2.107-2.57-.96-1.765-1.199-3.886-.859-5.863.286-1.676 1.135-3.22 2.305-4.4.987-1.065 2.25-1.868 3.64-2.21Zm11.58-.234h3.142c0 5.723.003 11.446-.002 17.169-1.047.002-2.093-.002-3.14-.001V7.826Zm9.493 3.417c.596-.125 1.205-.054 1.807-.07.698.062 1.398.166 2.062.41.665.24 1.35.54 1.817 1.111.548.676.742 1.574.785 2.435-.002 3.288.002 6.577-.002 9.866-1.062-.006-2.126.023-3.187-.015-.01-.447.009-.895-.007-1.341-.924.826-2.147 1.207-3.346 1.303-.756.135-1.54.013-2.261-.238a3.151 3.151 0 0 1-1.968-2.1c-.297-1.042-.235-2.183.112-3.204.377-1.04 1.285-1.78 2.284-2.117 1.28-.469 2.647-.541 3.97-.812.458 0 .91-.294 1.08-.74.123-.486.017-1.096-.397-1.405-.455-.311-1.011-.376-1.543-.392-.473.015-.973.02-1.392.28-.544.32-.788.956-.895 1.564-1.052-.023-2.105.001-3.157-.018.13-1.072.347-2.217 1.09-3.031.777-.943 1.982-1.392 3.148-1.486Zm2.316 7.423c-.622.149-1.234.34-1.866.44-.502.103-1.031.271-1.389.674-.497.608-.533 1.547-.148 2.224.168.31.5.463.809.574.997.2 2.091-.122 2.819-.864.746-.967.614-2.278.612-3.437-.294.097-.53.33-.837.389Zm11.644-7.032c.648-.164 1.284-.44 1.965-.375.007 1.111.065 2.224.043 3.337-.58-.083-1.184-.15-1.752.03-1.225.351-2.25 1.471-2.394 2.801-.008.293-.084.58-.087.873-.002 2.233.003 4.464 0 6.696-1.044-.002-2.09.008-3.134-.006-.012-4.395-.003-8.791.006-13.187 1.012-.01 2.023.03 3.035.068.001.543-.013 1.086.006 1.63.592-.819 1.369-1.527 2.312-1.867Zm7.824-.34c.466-.049.94-.095 1.409-.055 2.817.037 5.389 2.29 6.06 5.1.58 2.296.017 4.946-1.66 6.612-.97 1.086-2.302 1.823-3.714 2.044-.681.006-1.362.002-2.042.001-2.033-.296-3.8-1.735-4.802-3.557-1.042-2-1.046-4.535-.024-6.545.97-1.849 2.736-3.299 4.773-3.6Zm.253 3.255c-.938.22-1.737.902-2.215 1.757-.714 1.244-.6 2.94.29 4.06.907 1.354 2.77 1.811 4.194 1.117.828-.386 1.46-1.144 1.811-2.002.39-.985.32-2.141-.148-3.084-.492-.954-1.395-1.703-2.436-1.875-.497-.042-1.003-.057-1.496.027Zm9.407.496c2.796 0 5.594-.002 8.392.002-.002.963.002 1.927-.001 2.892-2.797-.004-5.593.006-8.39.001-.004-.965.003-1.93-.002-2.895Z\"/></svg>"),
+	Rules: []string{
+		"||claro.com.ar^",
+		"||claro.com.br^",
+		"||claro.com.co^",
+		"||claro.com.do^",
+		"||claro.com.ec^",
+		"||claro.com.gt^",
+		"||claro.com.hn^",
+		"||claro.com.ni^",
+		"||claro.com.pa^",
+		"||claro.com.pe^",
+		"||claro.com.py^",
+		"||claro.com.sv^",
+		"||claro.com.uy^",
+		"||claro.com^",
+		"||claro.cr^",
+		"||claro.net.br^",
+		"||claro.net.co^",
+		"||clarochile.cl^",
+		"||claromusica.com^",
+		"||claropr.com^",
+		"||clarovideo.com^",
+		"||usclaro.com^",
+	},
 }, {
 	ID:      "cloudflare",
 	Name:    "CloudFlare",
@ -1505,6 +1557,7 @@ var blockedServices = []blockedService{{
 		"||aus.social^",
 		"||awscommunity.social^",
 		"||climatejustice.social^",
+		"||cupoftea.social^",
 		"||cyberplace.social^",
 		"||defcon.social^",
 		"||det.social^",
@ -1595,7 +1648,6 @@ var blockedServices = []blockedService{{
 		"||toot.io^",
 		"||toot.wales^",
 		"||troet.cafe^",
-		"||twingyeo.kr^",
 		"||union.place^",
 		"||universeodon.com^",
 		"||urbanists.social^",
--- a/internal/home/dns.go
+++ b/internal/home/dns.go
@ -254,6 +254,7 @@ func newServerConfig(
 		Exchanger:        Context.dnsServer,
 		AddressUpdater:   &Context.clients,
 		InitialAddresses: initialAddresses,
+		CatchPanics:      true,
 		UseRDNS:          config.Clients.Sources.RDNS,
 		UseWHOIS:         config.Clients.Sources.WHOIS,
 	}
--- a/internal/querylog/decode_test.go
+++ b/internal/querylog/decode_test.go
@ -127,7 +127,7 @@ func TestDecodeLogEntry(t *testing.T) {
 	}, {
 		name: "bad_time",
 		log:  `{"IP":"127.0.0.1","T":"12/09/1998T15:00:00.000000+05:00","QH":"an.yandex.ru","QT":"A","QC":"IN","CP":"","Answer":"Qz+BgAABAAEAAAAAAmFuBnlhbmRleAJydQAAAQABwAwAAQABAAAACgAEAAAAAA==","Result":{"IsFiltered":true,"Reason":3},"Elapsed":837429}`,
-		want: "decodeLogEntry handler err: parsing time \"12/09/1998T15:00:00.000000+05:00\" as \"2006-01-02T15:04:05Z07:00\": cannot parse \"9/1998T15:00:00.000000+05:00\" as \"2006\"\n",
+		want: "decodeLogEntry handler err: parsing time \"12/09/1998T15:00:00.000000+05:00\" as \"2006-01-02T15:04:05Z07:00\": cannot parse \"12/09/1998T15:00:00.000000+05:00\" as \"2006\"\n",
 	}, {
 		name: "bad_host",
 		log:  `{"IP":"127.0.0.1","T":"2020-11-25T18:55:56.519796+03:00","QH":6,"QT":"A","QC":"IN","CP":"","Answer":"Qz+BgAABAAEAAAAAAmFuBnlhbmRleAJydQAAAQABwAwAAQABAAAACgAEAAAAAA==","Result":{"IsFiltered":true,"Reason":3},"Elapsed":837429}`,
--- a/internal/rdns/rdns.go
+++ b/internal/rdns/rdns.go
@ -101,6 +101,8 @@ func (r *Default) Process(ip netip.Addr) (host string, changed bool) {
 		log.Debug("rdns: cache: adding item %q: %s", ip, err)
 	}

+	// TODO(e.burkov):  The name doesn't change if it's neither stored in cache
+	// nor resolved successfully.  Is it correct?
 	return host, fromCache == "" || host != fromCache
 }

--- a/internal/rdns/rdns_test.go
+++ b/internal/rdns/rdns_test.go
@ -25,11 +25,6 @@ func TestDefault_Process(t *testing.T) {
 	localRevAddr1, err := netutil.IPToReversedAddr(localIP.AsSlice())
 	require.NoError(t, err)

-	config := &rdns.Config{
-		CacheSize: 100,
-		CacheTTL:  time.Hour,
-	}
-
 	testCases := []struct {
 		name string
 		addr netip.Addr
@ -60,21 +55,21 @@ func TestDefault_Process(t *testing.T) {

 				switch ip {
 				case ip1:
-					return revAddr1, 0, nil
+					return revAddr1, time.Hour, nil
 				case ip2:
-					return revAddr2, 0, nil
+					return revAddr2, time.Hour, nil
 				case localIP:
-					return localRevAddr1, 0, nil
+					return localRevAddr1, time.Hour, nil
 				default:
-					return "", 0, nil
+					return "", time.Hour, nil
 				}
 			}
-			exchanger := &aghtest.Exchanger{
-				OnExchange: onExchange,
-			}

-			config.Exchanger = exchanger
-			r := rdns.New(config)
+			r := rdns.New(&rdns.Config{
+				CacheSize: 100,
+				CacheTTL:  time.Hour,
+				Exchanger: &aghtest.Exchanger{OnExchange: onExchange},
+			})

 			got, changed := r.Process(tc.addr)
 			require.True(t, changed)
@ -90,4 +85,40 @@ func TestDefault_Process(t *testing.T) {
 			assert.Equal(t, 1, hit)
 		})
 	}
+
+	t.Run("zero_ttl", func(t *testing.T) {
+		const cacheTTL = time.Second / 2
+
+		zeroTTLExchanger := &aghtest.Exchanger{
+			OnExchange: func(ip netip.Addr) (host string, ttl time.Duration, err error) {
+				return revAddr1, 0, nil
+			},
+		}
+
+		r := rdns.New(&rdns.Config{
+			CacheSize: 1,
+			CacheTTL:  cacheTTL,
+			Exchanger: zeroTTLExchanger,
+		})
+
+		got, changed := r.Process(ip1)
+		require.True(t, changed)
+		assert.Equal(t, revAddr1, got)
+
+		zeroTTLExchanger.OnExchange = func(ip netip.Addr) (host string, ttl time.Duration, err error) {
+			return revAddr2, time.Hour, nil
+		}
+
+		require.EventuallyWithT(t, func(t *assert.CollectT) {
+			got, changed = r.Process(ip1)
+			assert.True(t, changed)
+			assert.Equal(t, revAddr2, got)
+		}, 2*cacheTTL, time.Millisecond*100)
+
+		assert.Never(t, func() (changed bool) {
+			_, changed = r.Process(ip1)
+
+			return changed
+		}, 2*cacheTTL, time.Millisecond*100)
+	})
 }
--- a/internal/tools/go.mod
+++ b/internal/tools/go.mod
@ -1,6 +1,6 @@
 module github.com/AdguardTeam/AdGuardHome/internal/tools

-go 1.19
+go 1.20

 require (
 	github.com/fzipp/gocyclo v0.6.0
@ -10,7 +10,7 @@ require (
 	github.com/kyoh86/looppointer v0.2.1
 	github.com/securego/gosec/v2 v2.16.0
 	github.com/uudashr/gocognit v1.0.7
-	golang.org/x/tools v0.11.0
+	golang.org/x/tools v0.11.1
 	golang.org/x/vuln v1.0.0
 	// TODO(a.garipov): Return to tagged releases once a new one appears.
 	honnef.co/go/tools v0.5.0-0.dev.0.20230709092525-bc759185c5ee
@ -27,7 +27,7 @@ require (
 	github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/exp/typeparams v0.0.0-20230725093048-515e97ebf090 // indirect
+	golang.org/x/exp/typeparams v0.0.0-20230801115018-d63ba01acd4b // indirect
 	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/sync v0.3.0 // indirect
 	golang.org/x/sys v0.10.0 // indirect
--- a/internal/tools/go.sum
+++ b/internal/tools/go.sum
@ -52,8 +52,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
-golang.org/x/exp/typeparams v0.0.0-20230725093048-515e97ebf090 h1:qOYhjyK9OeXREdh7Zrta8JRvnmnFIzhkosQpp+852Ag=
-golang.org/x/exp/typeparams v0.0.0-20230725093048-515e97ebf090/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
+golang.org/x/exp/typeparams v0.0.0-20230801115018-d63ba01acd4b h1:3dfup1Bt5y1sKG6rbyAX4qNymwAtJcqx+Aqm1DPP/Qg=
+golang.org/x/exp/typeparams v0.0.0-20230801115018-d63ba01acd4b/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
@ -96,8 +96,8 @@ golang.org/x/tools v0.0.0-20201007032633-0806396f153e/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4=
-golang.org/x/tools v0.11.0 h1:EMCa6U9S2LtZXLAMoWiR/R8dAQFRqbAitmbJ2UKhoi8=
-golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8=
+golang.org/x/tools v0.11.1 h1:ojD5zOW8+7dOGzdnNgersm8aPfcDjhMp12UfG93NIMc=
+golang.org/x/tools v0.11.1/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8=
 golang.org/x/vuln v1.0.0 h1:tYLAU3jD9LQr98Y+3el06lWyGMCnvzw06PIWP3LIy7g=
 golang.org/x/vuln v1.0.0/go.mod h1:V0eyhHwaAaHrt42J9bgrN6rd12f6GU4T0Lu0ex2wDg4=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/scripts/make/go-lint.sh
+++ b/scripts/make/go-lint.sh
@ -35,7 +35,7 @@ set -f -u
 go_version="$( "${GO:-go}" version )"
 readonly go_version

-go_min_version='go1.19.11'
+go_min_version='go1.20.7'
 go_version_msg="
 warning: your go version (${go_version}) is different from the recommended minimal one (${go_min_version}).
 if you have the version installed, please set the GO environment variable.