From 2dc2a0946a28f41736228db1065654716907c5b8 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Tue, 26 Feb 2019 15:32:56 +0300
Subject: [PATCH 01/95] Fix #595 - Start using GO 1.12

---
 .travis.yml |  6 +++---
 README.md   |  2 +-
 app.go      | 11 +++++++++++
 go.mod      |  2 ++
 4 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 6d690463..f4319221 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,7 +2,7 @@ language: go
 sudo: false
 
 go:
-  - 1.11.x
+  - 1.12.x
   - 1.x
 os:
   - linux
@@ -38,7 +38,7 @@ matrix:
     # Release build configuration
     - name: release
       go:
-        - 1.11.x
+        - 1.12.x
       os:
         - linux
 
@@ -66,7 +66,7 @@ matrix:
     - name: docker
       if: type != pull_request AND (branch = master OR tag = true)
       go:
-        - 1.11.x
+        - 1.12.x
       os:
         - linux
       services:
diff --git a/README.md b/README.md
index 054fc951..84f1a194 100644
--- a/README.md
+++ b/README.md
@@ -70,7 +70,7 @@ Alternatively, you can use our [official Docker image](https://hub.docker.com/r/
 
 You will need:
 
- * [go](https://golang.org/dl/) v1.11 or later.
+ * [go](https://golang.org/dl/) v1.12 or later.
  * [node.js](https://nodejs.org/en/download/) v10 or later.
 
 You can either install it via the provided links or use [brew.sh](https://brew.sh/) if you're on Mac:
diff --git a/app.go b/app.go
index 0b55b6fa..1178678e 100644
--- a/app.go
+++ b/app.go
@@ -71,6 +71,9 @@ func run(args options) {
 	// configure log level and output
 	configureLogger(args)
 
+	// enable TLS 1.3
+	enableTLS13()
+
 	// print the first message after logger is configured
 	log.Printf("AdGuard Home, version %s\n", VersionString)
 	log.Tracef("Current working directory is %s", config.ourWorkingDir)
@@ -291,6 +294,14 @@ func configureLogger(args options) {
 	}
 }
 
+// TODO after GO 1.13 release TLS 1.3 will be enabled by default. Remove this afterward
+func enableTLS13() {
+	err := os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1")
+	if err != nil {
+		log.Fatalf("Failed to enable TLS 1.3: %s", err)
+	}
+}
+
 func cleanup() {
 	log.Printf("Stopping AdGuard Home")
 
diff --git a/go.mod b/go.mod
index cba63387..2f28b7e8 100644
--- a/go.mod
+++ b/go.mod
@@ -1,5 +1,7 @@
 module github.com/AdguardTeam/AdGuardHome
 
+go 1.12
+
 require (
 	github.com/AdguardTeam/dnsproxy v0.11.1
 	github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f // indirect

From 5bc6d00aa03baa826ed84b3c134ed80db05e1388 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Tue, 26 Feb 2019 18:19:05 +0300
Subject: [PATCH 02/95] Fix #596 - Intelligent Optimal DNS Resolution

---
 config.go                |  1 +
 control.go               | 36 ++++++++++++++++++++++++++++++++++++
 dnsforward/dnsforward.go |  2 ++
 openapi/openapi.yaml     | 33 +++++++++++++++++++++++++++++++++
 4 files changed, 72 insertions(+)

diff --git a/config.go b/config.go
index 87e5c6a8..2df9ec07 100644
--- a/config.go
+++ b/config.go
@@ -114,6 +114,7 @@ var config = configuration{
 			QueryLogEnabled:    true,
 			Ratelimit:          20,
 			RefuseAny:          true,
+			AllServers:         false,
 			BootstrapDNS:       "8.8.8.8:53",
 		},
 		UpstreamDNS: defaultDNS,
diff --git a/control.go b/control.go
index fd1759e3..70ff0e7c 100644
--- a/control.go
+++ b/control.go
@@ -94,6 +94,7 @@ func handleStatus(w http.ResponseWriter, r *http.Request) {
 		"running":            isRunning(),
 		"bootstrap_dns":      config.DNS.BootstrapDNS,
 		"upstream_dns":       config.DNS.UpstreamDNS,
+		"all_servers":        config.DNS.AllServers,
 		"version":            VersionString,
 		"language":           config.Language,
 	}
@@ -361,6 +362,38 @@ func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func handleAllServersEnable(w http.ResponseWriter, r *http.Request) {
+	config.DNS.AllServers = true
+	httpUpdateConfigReloadDNSReturnOK(w, r)
+}
+
+func handleAllServersDisable(w http.ResponseWriter, r *http.Request) {
+	config.DNS.AllServers = false
+	httpUpdateConfigReloadDNSReturnOK(w, r)
+}
+
+func handleAllServersStatus(w http.ResponseWriter, r *http.Request) {
+	data := map[string]interface{}{
+		"enabled": config.DNS.AllServers,
+	}
+	jsonVal, err := json.Marshal(data)
+	if err != nil {
+		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
+		log.Println(errorText)
+		http.Error(w, errorText, 500)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	_, err = w.Write(jsonVal)
+	if err != nil {
+		errorText := fmt.Sprintf("Unable to write response json: %s", err)
+		log.Println(errorText)
+		http.Error(w, errorText, 500)
+		return
+	}
+}
+
 func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
@@ -1317,6 +1350,9 @@ func registerControlHandlers() {
 	http.HandleFunc("/control/querylog_disable", postInstall(optionalAuth(ensurePOST(handleQueryLogDisable))))
 	http.HandleFunc("/control/set_upstream_dns", postInstall(optionalAuth(ensurePOST(handleSetUpstreamDNS))))
 	http.HandleFunc("/control/test_upstream_dns", postInstall(optionalAuth(ensurePOST(handleTestUpstreamDNS))))
+	http.HandleFunc("/control/all_servers/enable", postInstall(optionalAuth(ensurePOST(handleAllServersEnable))))
+	http.HandleFunc("/control/all_servers/disable", postInstall(optionalAuth(ensurePOST(handleAllServersDisable))))
+	http.HandleFunc("/control/all_servers/status", postInstall(optionalAuth(ensureGET(handleAllServersStatus))))
 	http.HandleFunc("/control/i18n/change_language", postInstall(optionalAuth(ensurePOST(handleI18nChangeLanguage))))
 	http.HandleFunc("/control/i18n/current_language", postInstall(optionalAuth(ensureGET(handleI18nCurrentLanguage))))
 	http.HandleFunc("/control/stats_top", postInstall(optionalAuth(ensureGET(handleStatsTop))))
diff --git a/dnsforward/dnsforward.go b/dnsforward/dnsforward.go
index 99f09e6d..bf975ac5 100644
--- a/dnsforward/dnsforward.go
+++ b/dnsforward/dnsforward.go
@@ -67,6 +67,7 @@ type FilteringConfig struct {
 	RatelimitWhitelist []string `yaml:"ratelimit_whitelist"`
 	RefuseAny          bool     `yaml:"refuse_any"`
 	BootstrapDNS       string   `yaml:"bootstrap_dns"`
+	AllServers         bool     `yaml:"all_servers"`
 
 	dnsfilter.Config `yaml:",inline"`
 }
@@ -163,6 +164,7 @@ func (s *Server) startInternal(config *ServerConfig) error {
 		CacheEnabled:       true,
 		Upstreams:          s.Upstreams,
 		Handler:            s.handleDNSRequest,
+		AllServers:         s.AllServers,
 	}
 
 	if s.TLSListenAddr != nil && s.CertificateChain != "" && s.PrivateKey != "" {
diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml
index f1e23f86..e83d6360 100644
--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@@ -111,6 +111,39 @@ paths:
                 200:
                     description: OK
 
+    /all_servers/enable:
+        post:
+            tags:
+                - global
+            operationId: allServersEnable
+            summary: 'Enable parallel queries'
+            responses:
+                200:
+                    description: OK
+
+    /all_servers/disable:
+        post:
+            tags:
+                - global
+            operationId: allServersDisable
+            summary: 'Disable parallel queries'
+            responses:
+                200:
+                    description: OK
+
+    /all_servers/status:
+        get:
+            tags:
+                - global
+            operationId: allServersStatus
+            summary: 'Get parallel queries status'
+            responses:
+                200:
+                    description: OK
+                    examples:
+                        application/json:
+                            enabled: false
+
     /test_upstream_dns:
         post:
             tags:

From dc05556c5afa69f3dcf360ad650447cd752a09d9 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 27 Feb 2019 11:15:18 +0300
Subject: [PATCH 03/95] Fix #542 - Add Bootstrap DNS resolver settings

---
 config.go                |  3 ++-
 control.go               | 40 ++++++++++++++++++++++++++++++++++++++++
 dns.go                   |  2 +-
 dnsforward/dnsforward.go |  2 +-
 openapi/openapi.yaml     | 24 ++++++++++++++++++++++++
 5 files changed, 68 insertions(+), 3 deletions(-)

diff --git a/config.go b/config.go
index 87e5c6a8..4f34f1c9 100644
--- a/config.go
+++ b/config.go
@@ -61,6 +61,7 @@ type dnsConfig struct {
 }
 
 var defaultDNS = []string{"tls://1.1.1.1", "tls://1.0.0.1"}
+var defaultBootstrap = []string{"1.1.1.1"}
 
 type tlsConfigSettings struct {
 	Enabled        bool   `yaml:"enabled" json:"enabled"`                               // Enabled is the encryption (DOT/DOH/HTTPS) status
@@ -114,7 +115,7 @@ var config = configuration{
 			QueryLogEnabled:    true,
 			Ratelimit:          20,
 			RefuseAny:          true,
-			BootstrapDNS:       "8.8.8.8:53",
+			BootstrapDNS:       defaultBootstrap,
 		},
 		UpstreamDNS: defaultDNS,
 	},
diff --git a/control.go b/control.go
index fd1759e3..480f9fdc 100644
--- a/control.go
+++ b/control.go
@@ -437,6 +437,45 @@ func checkDNS(input string) error {
 	return nil
 }
 
+func handleSetBootstrapDNS(w http.ResponseWriter, r *http.Request) {
+	body, err := ioutil.ReadAll(r.Body)
+	if err != nil {
+		errorText := fmt.Sprintf("Failed to read request body: %s", err)
+		log.Println(errorText)
+		http.Error(w, errorText, http.StatusBadRequest)
+		return
+	}
+	// if empty body -- user is asking for default servers
+	hosts := strings.Fields(string(body))
+
+	if len(hosts) == 0 {
+		config.DNS.BootstrapDNS = defaultBootstrap
+	} else {
+		config.DNS.BootstrapDNS = hosts
+	}
+
+	err = writeAllConfigs()
+	if err != nil {
+		errorText := fmt.Sprintf("Couldn't write config file: %s", err)
+		log.Println(errorText)
+		http.Error(w, errorText, http.StatusInternalServerError)
+		return
+	}
+	err = reconfigureDNSServer()
+	if err != nil {
+		errorText := fmt.Sprintf("Couldn't reconfigure the DNS server: %s", err)
+		log.Println(errorText)
+		http.Error(w, errorText, http.StatusInternalServerError)
+		return
+	}
+	_, err = fmt.Fprintf(w, "OK %d bootsrap servers\n", len(hosts))
+	if err != nil {
+		errorText := fmt.Sprintf("Couldn't write body: %s", err)
+		log.Println(errorText)
+		http.Error(w, errorText, http.StatusInternalServerError)
+	}
+}
+
 func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
 	now := time.Now()
 	if now.Sub(versionCheckLastTime) <= versionCheckPeriod && len(versionCheckJSON) != 0 {
@@ -1317,6 +1356,7 @@ func registerControlHandlers() {
 	http.HandleFunc("/control/querylog_disable", postInstall(optionalAuth(ensurePOST(handleQueryLogDisable))))
 	http.HandleFunc("/control/set_upstream_dns", postInstall(optionalAuth(ensurePOST(handleSetUpstreamDNS))))
 	http.HandleFunc("/control/test_upstream_dns", postInstall(optionalAuth(ensurePOST(handleTestUpstreamDNS))))
+	http.HandleFunc("/control/set_bootstrap_dns", postInstall(optionalAuth(ensurePOST(handleSetBootstrapDNS))))
 	http.HandleFunc("/control/i18n/change_language", postInstall(optionalAuth(ensurePOST(handleI18nChangeLanguage))))
 	http.HandleFunc("/control/i18n/current_language", postInstall(optionalAuth(ensureGET(handleI18nCurrentLanguage))))
 	http.HandleFunc("/control/stats_top", postInstall(optionalAuth(ensureGET(handleStatsTop))))
diff --git a/dns.go b/dns.go
index b7f0d130..c70a4300 100644
--- a/dns.go
+++ b/dns.go
@@ -61,7 +61,7 @@ func generateServerConfig() dnsforward.ServerConfig {
 	for _, u := range config.DNS.UpstreamDNS {
 		opts := upstream.Options{
 			Timeout:   dnsforward.DefaultTimeout,
-			Bootstrap: []string{config.DNS.BootstrapDNS},
+			Bootstrap: config.DNS.BootstrapDNS,
 		}
 		dnsUpstream, err := upstream.AddressToUpstream(u, opts)
 		if err != nil {
diff --git a/dnsforward/dnsforward.go b/dnsforward/dnsforward.go
index 99f09e6d..30dd5449 100644
--- a/dnsforward/dnsforward.go
+++ b/dnsforward/dnsforward.go
@@ -66,7 +66,7 @@ type FilteringConfig struct {
 	Ratelimit          int      `yaml:"ratelimit"`
 	RatelimitWhitelist []string `yaml:"ratelimit_whitelist"`
 	RefuseAny          bool     `yaml:"refuse_any"`
-	BootstrapDNS       string   `yaml:"bootstrap_dns"`
+	BootstrapDNS       []string `yaml:"bootstrap_dns"`
 
 	dnsfilter.Config `yaml:",inline"`
 }
diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml
index f1e23f86..067def2a 100644
--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@@ -142,6 +142,30 @@ paths:
                             8.8.4.4: OK
                             "192.168.1.104:53535": "Couldn't communicate with DNS server"
 
+    /set_bootstrap_dns:
+        post:
+            tags:
+                - global
+            operationId: setBootstrapDNS
+            summary: 'Set bootstrap DNS for DNS-over-HTTPS and DNS-over-TLS upstreams, empty value will reset it to default values'
+            consumes:
+                - text/plain
+            parameters:
+                -   in: body
+                    name: upstream
+                    description: 'Bootstrap servers, separated by newline or space, port is optional after colon'
+                    schema:
+                        # TODO: use JSON
+                        type: string
+                        example: |
+                            1.1.1.1
+                            1.0.0.1
+                            8.8.8.8 8.8.4.4
+                            192.168.1.104:53535
+            responses:
+                200:
+                    description: OK
+
     /version.json:
         get:
             tags:

From 5ba43a59f4ea6035b4428c9bde9dfa2c65bb8beb Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 27 Feb 2019 11:31:25 +0300
Subject: [PATCH 04/95] Fix server reconfig

---
 dns.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dns.go b/dns.go
index b7f0d130..6dfa2e8c 100644
--- a/dns.go
+++ b/dns.go
@@ -71,6 +71,7 @@ func generateServerConfig() dnsforward.ServerConfig {
 		}
 		newconfig.Upstreams = append(newconfig.Upstreams, dnsUpstream)
 	}
+	newconfig.AllServers = config.DNS.AllServers
 	return newconfig
 }
 

From 2a93e45b671b422bf384548b221360d0c8e22d33 Mon Sep 17 00:00:00 2001
From: Carl Bennett <carl@carlbennett.me>
Date: Tue, 26 Feb 2019 17:28:34 -0600
Subject: [PATCH 05/95] Fix typo in client/src/__locales/en.json

---
 client/src/__locales/en.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json
index 4d8ac38c..45c33828 100644
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -215,7 +215,7 @@
     "encryption_config_saved": "Encryption config saved",
     "encryption_server": "Server name",
     "encryption_server_enter": "Enter your domain name",
-    "encryption_server_desc": "In order to use HTTPS, you need yo enter the server name that matches your SSL certificate.",
+    "encryption_server_desc": "In order to use HTTPS, you need to enter the server name that matches your SSL certificate.",
     "encryption_redirect": "Redirect to HTTPS automatically",
     "encryption_redirect_desc": "If checked, AdGuard Home will automatically redirect you from HTTP to HTTPS addresses.",
     "encryption_https": "HTTPS port",
@@ -247,4 +247,4 @@
     "form_error_password": "Password mismatched",
     "reset_settings": "Reset settings",
     "update_announcement": "AdGuard Home {{version}} is now available! <0>Click here</0> for more info."
-}
\ No newline at end of file
+}

From bf893d488afbb306e341f5bcc8e651053d92de97 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 27 Feb 2019 12:58:42 +0300
Subject: [PATCH 06/95] Refactoring for set upstream and bootstrap DNS

---
 control.go | 105 +++++++++++++++++++++++++++++------------------------
 1 file changed, 58 insertions(+), 47 deletions(-)

diff --git a/control.go b/control.go
index 480f9fdc..726bf2b7 100644
--- a/control.go
+++ b/control.go
@@ -323,44 +323,94 @@ func sortByValue(m map[string]int) []string {
 // -----------------------
 
 func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
+	setDNSServers(&w, r, true)
+}
+
+func handleSetBootstrapDNS(w http.ResponseWriter, r *http.Request) {
+	setDNSServers(&w, r, false)
+}
+
+// setDNSServers sets upstream and bootstrap DNS servers
+func setDNSServers(w *http.ResponseWriter, r *http.Request, upstreams bool) {
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("Failed to read request body: %s", err)
 		log.Println(errorText)
-		http.Error(w, errorText, http.StatusBadRequest)
+		http.Error(*w, errorText, http.StatusBadRequest)
 		return
 	}
 	// if empty body -- user is asking for default servers
 	hosts := strings.Fields(string(body))
 
-	if len(hosts) == 0 {
-		config.DNS.UpstreamDNS = defaultDNS
+	// bootstrap servers are plain DNS only. We should remove tls:// https:// and sdns:// hosts from slice
+	bootstraps := []string{}
+	if !upstreams && len(hosts) > 0 {
+		for _, host := range hosts {
+			err = checkBootstrapDNS(host)
+			if err != nil {
+				log.Tracef("%s can not be used as bootstrap DNS cause: %s", host, err)
+				continue
+			}
+			hosts = append(bootstraps, host)
+		}
+	}
+
+	// count of upstream or bootstrap servers
+	var count int
+	if upstreams {
+		count = len(hosts)
 	} else {
-		config.DNS.UpstreamDNS = hosts
+		count = len(bootstraps)
+	}
+
+	if upstreams {
+		if count == 0 {
+			config.DNS.UpstreamDNS = defaultDNS
+		} else {
+			config.DNS.UpstreamDNS = hosts
+		}
+	} else {
+		if count == 0 {
+			config.DNS.BootstrapDNS = defaultBootstrap
+		} else {
+			config.DNS.BootstrapDNS = bootstraps
+		}
 	}
 
 	err = writeAllConfigs()
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't write config file: %s", err)
 		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		http.Error(*w, errorText, http.StatusInternalServerError)
 		return
 	}
 	err = reconfigureDNSServer()
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't reconfigure the DNS server: %s", err)
 		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		http.Error(*w, errorText, http.StatusInternalServerError)
 		return
 	}
-	_, err = fmt.Fprintf(w, "OK %d servers\n", len(hosts))
+
+	_, err = fmt.Fprintf(*w, "OK %d servers\n", count)
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't write body: %s", err)
 		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		http.Error(*w, errorText, http.StatusInternalServerError)
 	}
 }
 
+func checkBootstrapDNS(host string) error {
+	// Check if host is ip without port
+	if net.ParseIP(host) != nil {
+		return nil
+	}
+
+	// Check if host is ip with port
+	_, _, err := net.SplitHostPort(host)
+	return err
+}
+
 func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
@@ -437,45 +487,6 @@ func checkDNS(input string) error {
 	return nil
 }
 
-func handleSetBootstrapDNS(w http.ResponseWriter, r *http.Request) {
-	body, err := ioutil.ReadAll(r.Body)
-	if err != nil {
-		errorText := fmt.Sprintf("Failed to read request body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusBadRequest)
-		return
-	}
-	// if empty body -- user is asking for default servers
-	hosts := strings.Fields(string(body))
-
-	if len(hosts) == 0 {
-		config.DNS.BootstrapDNS = defaultBootstrap
-	} else {
-		config.DNS.BootstrapDNS = hosts
-	}
-
-	err = writeAllConfigs()
-	if err != nil {
-		errorText := fmt.Sprintf("Couldn't write config file: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
-		return
-	}
-	err = reconfigureDNSServer()
-	if err != nil {
-		errorText := fmt.Sprintf("Couldn't reconfigure the DNS server: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
-		return
-	}
-	_, err = fmt.Fprintf(w, "OK %d bootsrap servers\n", len(hosts))
-	if err != nil {
-		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
-	}
-}
-
 func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
 	now := time.Now()
 	if now.Sub(versionCheckLastTime) <= versionCheckPeriod && len(versionCheckJSON) != 0 {

From d218e047a3de91895b873d627de557722c84814c Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Wed, 27 Feb 2019 13:07:29 +0300
Subject: [PATCH 07/95] + add tests for validateCertificates()

---
 control_test.go | 81 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 control_test.go

diff --git a/control_test.go b/control_test.go
new file mode 100644
index 00000000..725457b9
--- /dev/null
+++ b/control_test.go
@@ -0,0 +1,81 @@
+package main
+
+import (
+	"testing"
+	"time"
+)
+
+/* Tests performed:
+. Bad certificate
+. Bad private key
+. Valid certificate & private key */
+func TestValidateCertificates(t *testing.T) {
+	var data tlsConfig
+
+	// bad cert
+	data.CertificateChain = "bad cert"
+	data.PrivateKey = ""
+	data = validateCertificates(data)
+	if !(data.WarningValidation != "" &&
+		!data.ValidCert &&
+		!data.ValidChain) {
+		t.Fatalf("bad cert: validateCertificates(): %v", data)
+	}
+
+	// bad priv key
+	data.CertificateChain = ""
+	data.PrivateKey = "bad priv key"
+	data = validateCertificates(data)
+	if !(data.WarningValidation != "" &&
+		!data.ValidKey) {
+		t.Fatalf("bad priv key: validateCertificates(): %v", data)
+	}
+
+	// valid cert & priv key
+	data.CertificateChain = `-----BEGIN CERTIFICATE-----
+MIICKzCCAZSgAwIBAgIJAMT9kPVJdM7LMA0GCSqGSIb3DQEBCwUAMC0xFDASBgNV
+BAoMC0FkR3VhcmQgTHRkMRUwEwYDVQQDDAxBZEd1YXJkIEhvbWUwHhcNMTkwMjI3
+MDkyNDIzWhcNNDYwNzE0MDkyNDIzWjAtMRQwEgYDVQQKDAtBZEd1YXJkIEx0ZDEV
+MBMGA1UEAwwMQWRHdWFyZCBIb21lMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQCwvwUnPJiOvLcOaWmGu6Y68ksFr13nrXBcsDlhxlXy8PaohVi3XxEmt2OrVjKW
+QFw/bdV4fZ9tdWFAVRRkgeGbIZzP7YBD1Ore/O5SQ+DbCCEafvjJCcXQIrTeKFE6
+i9G3aSMHs0Pwq2LgV8U5mYotLrvyFiE8QPInJbDDMpaFYwIDAQABo1MwUTAdBgNV
+HQ4EFgQUdLUmQpEqrhn4eKO029jYd2AAZEQwHwYDVR0jBBgwFoAUdLUmQpEqrhn4
+eKO029jYd2AAZEQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQB8
+LwlXfbakf7qkVTlCNXgoY7RaJ8rJdPgOZPoCTVToEhT6u/cb1c2qp8QB0dNExDna
+b0Z+dnODTZqQOJo6z/wIXlcUrnR4cQVvytXt8lFn+26l6Y6EMI26twC/xWr+1swq
+Muj4FeWHVDerquH4yMr1jsYLD3ci+kc5sbIX6TfVxQ==
+-----END CERTIFICATE-----`
+	data.PrivateKey = `-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALC/BSc8mI68tw5p
+aYa7pjrySwWvXeetcFywOWHGVfLw9qiFWLdfESa3Y6tWMpZAXD9t1Xh9n211YUBV
+FGSB4ZshnM/tgEPU6t787lJD4NsIIRp++MkJxdAitN4oUTqL0bdpIwezQ/CrYuBX
+xTmZii0uu/IWITxA8iclsMMyloVjAgMBAAECgYEAmjzoG1h27UDkIlB9BVWl95TP
+QVPLB81D267xNFDnWk1Lgr5zL/pnNjkdYjyjgpkBp1yKyE4gHV4skv5sAFWTcOCU
+QCgfPfUn/rDFcxVzAdJVWAa/CpJNaZgjTPR8NTGU+Ztod+wfBESNCP5tbnuw0GbL
+MuwdLQJGbzeJYpsNysECQQDfFHYoRNfgxHwMbX24GCoNZIgk12uDmGTA9CS5E+72
+9t3V1y4CfXxSkfhqNbd5RWrUBRLEw9BKofBS7L9NMDKDAkEAytQoIueE1vqEAaRg
+a3A1YDUekKesU5wKfKfKlXvNgB7Hwh4HuvoQS9RCvVhf/60Dvq8KSu6hSjkFRquj
+FQ5roQJBAMwKwyiCD5MfJPeZDmzcbVpiocRQ5Z4wPbffl9dRTDnIA5AciZDthlFg
+An/jMjZSMCxNl6UyFcqt5Et1EGVhuFECQQCZLXxaT+qcyHjlHJTMzuMgkz1QFbEp
+O5EX70gpeGQMPDK0QSWpaazg956njJSDbNCFM4BccrdQbJu1cW4qOsfBAkAMgZuG
+O88slmgTRHX4JGFmy3rrLiHNI2BbJSuJ++Yllz8beVzh6NfvuY+HKRCmPqoBPATU
+kXS9jgARhhiWXJrk
+-----END PRIVATE KEY-----`
+	data = validateCertificates(data)
+	notBefore, _ := time.Parse(time.RFC3339, "2019-02-27T09:24:23Z")
+	notAfter, _ := time.Parse(time.RFC3339, "2046-07-14T09:24:23Z")
+	if !(data.WarningValidation != "" /* self signed */ &&
+		data.ValidCert &&
+		!data.ValidChain &&
+		data.ValidKey &&
+		data.KeyType == "RSA" &&
+		data.Subject == "CN=AdGuard Home,O=AdGuard Ltd" &&
+		data.Issuer == "CN=AdGuard Home,O=AdGuard Ltd" &&
+		data.NotBefore == notBefore &&
+		data.NotAfter == notAfter &&
+		// data.DNSNames[0] ==  &&
+		data.usable) {
+		t.Fatalf("valid cert & priv key: validateCertificates(): %v", data)
+	}
+}

From 87c8114291179880a75f83943e33551774ae09f0 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 27 Feb 2019 13:12:06 +0300
Subject: [PATCH 08/95] Use gotools

---
 control.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/control.go b/control.go
index 726bf2b7..e9890575 100644
--- a/control.go
+++ b/control.go
@@ -391,7 +391,6 @@ func setDNSServers(w *http.ResponseWriter, r *http.Request, upstreams bool) {
 		http.Error(*w, errorText, http.StatusInternalServerError)
 		return
 	}
-
 	_, err = fmt.Fprintf(*w, "OK %d servers\n", count)
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't write body: %s", err)
@@ -400,6 +399,7 @@ func setDNSServers(w *http.ResponseWriter, r *http.Request, upstreams bool) {
 	}
 }
 
+// checkBootstrapDNS checks if host is plain DNS
 func checkBootstrapDNS(host string) error {
 	// Check if host is ip without port
 	if net.ParseIP(host) != nil {

From 766fbab0718f2b02fb3864e521820033ab015e36 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Wed, 27 Feb 2019 14:11:41 +0300
Subject: [PATCH 09/95] * validateCertificates(): change input parameters; 
 added short description

---
 app.go          |  4 ++--
 control.go      | 31 +++++++++++++++++--------------
 control_test.go | 16 ++++++----------
 3 files changed, 25 insertions(+), 26 deletions(-)

diff --git a/app.go b/app.go
index 0b55b6fa..07c67916 100644
--- a/app.go
+++ b/app.go
@@ -178,13 +178,13 @@ func run(args options) {
 			}
 			address := net.JoinHostPort(config.BindHost, strconv.Itoa(config.TLS.PortHTTPS))
 			// validate current TLS config and update warnings (it could have been loaded from file)
-			data := validateCertificates(config.TLS)
+			data := validateCertificates(config.TLS.CertificateChain, config.TLS.PrivateKey, config.TLS.ServerName)
 			if !data.usable {
 				log.Fatal(data.WarningValidation)
 				os.Exit(1)
 			}
 			config.Lock()
-			config.TLS = data // update warnings
+			config.TLS.tlsConfigStatus = data // update warnings
 			config.Unlock()
 
 			// prepare certs for HTTPS server
diff --git a/control.go b/control.go
index fd1759e3..f6b4bab1 100644
--- a/control.go
+++ b/control.go
@@ -1025,7 +1025,7 @@ func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	data = validateCertificates(data)
+	data.tlsConfigStatus = validateCertificates(data.CertificateChain, data.PrivateKey, data.ServerName)
 	marshalTLS(w, data)
 }
 
@@ -1051,7 +1051,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 	}
 
 	restartHTTPS := false
-	data = validateCertificates(data)
+	data.tlsConfigStatus = validateCertificates(data.CertificateChain, data.PrivateKey, data.ServerName)
 	if !reflect.DeepEqual(config.TLS.tlsConfigSettings, data.tlsConfigSettings) {
 		log.Printf("tls config settings have changed, will restart HTTPS server")
 		restartHTTPS = true
@@ -1078,21 +1078,24 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-func validateCertificates(data tlsConfig) tlsConfig {
+/* Process certificate data and its private key.
+CertificateChain, PrivateKey parameters are optional.
+On error, return partially set object
+ with 'WarningValidation' field containing error description.
+*/
+func validateCertificates(CertificateChain, PrivateKey, ServerName string) tlsConfigStatus {
 	var err error
-
-	// clear out status for certificates
-	data.tlsConfigStatus = tlsConfigStatus{}
+	var data tlsConfigStatus
 
 	// check only public certificate separately from the key
-	if data.CertificateChain != "" {
-		log.Tracef("got certificate: %s", data.CertificateChain)
+	if CertificateChain != "" {
+		log.Tracef("got certificate: %s", CertificateChain)
 
 		// now do a more extended validation
 		var certs []*pem.Block    // PEM-encoded certificates
 		var skippedBytes []string // skipped bytes
 
-		pemblock := []byte(data.CertificateChain)
+		pemblock := []byte(CertificateChain)
 		for {
 			var decoded *pem.Block
 			decoded, pemblock = pem.Decode(pemblock)
@@ -1127,7 +1130,7 @@ func validateCertificates(data tlsConfig) tlsConfig {
 		// spew.Dump(parsedCerts)
 
 		opts := x509.VerifyOptions{
-			DNSName: data.ServerName,
+			DNSName: ServerName,
 		}
 
 		log.Printf("number of certs - %d", len(parsedCerts))
@@ -1164,13 +1167,13 @@ func validateCertificates(data tlsConfig) tlsConfig {
 	}
 
 	// validate private key (right now the only validation possible is just parsing it)
-	if data.PrivateKey != "" {
+	if PrivateKey != "" {
 		// now do a more extended validation
 		var key *pem.Block        // PEM-encoded certificates
 		var skippedBytes []string // skipped bytes
 
 		// go through all pem blocks, but take first valid pem block and drop the rest
-		pemblock := []byte(data.PrivateKey)
+		pemblock := []byte(PrivateKey)
 		for {
 			var decoded *pem.Block
 			decoded, pemblock = pem.Decode(pemblock)
@@ -1202,8 +1205,8 @@ func validateCertificates(data tlsConfig) tlsConfig {
 	}
 
 	// if both are set, validate both in unison
-	if data.PrivateKey != "" && data.CertificateChain != "" {
-		_, err = tls.X509KeyPair([]byte(data.CertificateChain), []byte(data.PrivateKey))
+	if PrivateKey != "" && CertificateChain != "" {
+		_, err = tls.X509KeyPair([]byte(CertificateChain), []byte(PrivateKey))
 		if err != nil {
 			data.WarningValidation = fmt.Sprintf("Invalid certificate or key: %s", err)
 			return data
diff --git a/control_test.go b/control_test.go
index 725457b9..c5df3b45 100644
--- a/control_test.go
+++ b/control_test.go
@@ -10,12 +10,10 @@ import (
 . Bad private key
 . Valid certificate & private key */
 func TestValidateCertificates(t *testing.T) {
-	var data tlsConfig
+	var data tlsConfigStatus
 
 	// bad cert
-	data.CertificateChain = "bad cert"
-	data.PrivateKey = ""
-	data = validateCertificates(data)
+	data = validateCertificates("bad cert", "", "")
 	if !(data.WarningValidation != "" &&
 		!data.ValidCert &&
 		!data.ValidChain) {
@@ -23,16 +21,14 @@ func TestValidateCertificates(t *testing.T) {
 	}
 
 	// bad priv key
-	data.CertificateChain = ""
-	data.PrivateKey = "bad priv key"
-	data = validateCertificates(data)
+	data = validateCertificates("", "bad priv key", "")
 	if !(data.WarningValidation != "" &&
 		!data.ValidKey) {
 		t.Fatalf("bad priv key: validateCertificates(): %v", data)
 	}
 
 	// valid cert & priv key
-	data.CertificateChain = `-----BEGIN CERTIFICATE-----
+	CertificateChain := `-----BEGIN CERTIFICATE-----
 MIICKzCCAZSgAwIBAgIJAMT9kPVJdM7LMA0GCSqGSIb3DQEBCwUAMC0xFDASBgNV
 BAoMC0FkR3VhcmQgTHRkMRUwEwYDVQQDDAxBZEd1YXJkIEhvbWUwHhcNMTkwMjI3
 MDkyNDIzWhcNNDYwNzE0MDkyNDIzWjAtMRQwEgYDVQQKDAtBZEd1YXJkIEx0ZDEV
@@ -46,7 +42,7 @@ LwlXfbakf7qkVTlCNXgoY7RaJ8rJdPgOZPoCTVToEhT6u/cb1c2qp8QB0dNExDna
 b0Z+dnODTZqQOJo6z/wIXlcUrnR4cQVvytXt8lFn+26l6Y6EMI26twC/xWr+1swq
 Muj4FeWHVDerquH4yMr1jsYLD3ci+kc5sbIX6TfVxQ==
 -----END CERTIFICATE-----`
-	data.PrivateKey = `-----BEGIN PRIVATE KEY-----
+	PrivateKey := `-----BEGIN PRIVATE KEY-----
 MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALC/BSc8mI68tw5p
 aYa7pjrySwWvXeetcFywOWHGVfLw9qiFWLdfESa3Y6tWMpZAXD9t1Xh9n211YUBV
 FGSB4ZshnM/tgEPU6t787lJD4NsIIRp++MkJxdAitN4oUTqL0bdpIwezQ/CrYuBX
@@ -62,7 +58,7 @@ O5EX70gpeGQMPDK0QSWpaazg956njJSDbNCFM4BccrdQbJu1cW4qOsfBAkAMgZuG
 O88slmgTRHX4JGFmy3rrLiHNI2BbJSuJ++Yllz8beVzh6NfvuY+HKRCmPqoBPATU
 kXS9jgARhhiWXJrk
 -----END PRIVATE KEY-----`
-	data = validateCertificates(data)
+	data = validateCertificates(CertificateChain, PrivateKey, "")
 	notBefore, _ := time.Parse(time.RFC3339, "2019-02-27T09:24:23Z")
 	notAfter, _ := time.Parse(time.RFC3339, "2046-07-14T09:24:23Z")
 	if !(data.WarningValidation != "" /* self signed */ &&

From f4a6ca726c56febfac49ff72cb05533f404ae4c9 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Wed, 27 Feb 2019 14:31:53 +0300
Subject: [PATCH 10/95] * validateCertificates(): split the function's code

---
 control.go | 240 ++++++++++++++++++++++++++++-------------------------
 1 file changed, 128 insertions(+), 112 deletions(-)

diff --git a/control.go b/control.go
index f6b4bab1..57e614ca 100644
--- a/control.go
+++ b/control.go
@@ -1078,135 +1078,151 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+// Return 0 on success
+func verifyCertChain(data *tlsConfigStatus, certChain string, serverName string) int {
+	log.Tracef("got certificate: %s", certChain)
+
+	// now do a more extended validation
+	var certs []*pem.Block    // PEM-encoded certificates
+	var skippedBytes []string // skipped bytes
+
+	pemblock := []byte(certChain)
+	for {
+		var decoded *pem.Block
+		decoded, pemblock = pem.Decode(pemblock)
+		if decoded == nil {
+			break
+		}
+		if decoded.Type == "CERTIFICATE" {
+			certs = append(certs, decoded)
+		} else {
+			skippedBytes = append(skippedBytes, decoded.Type)
+		}
+	}
+
+	var parsedCerts []*x509.Certificate
+
+	for _, cert := range certs {
+		parsed, err := x509.ParseCertificate(cert.Bytes)
+		if err != nil {
+			data.WarningValidation = fmt.Sprintf("Failed to parse certificate: %s", err)
+			return 1
+		}
+		parsedCerts = append(parsedCerts, parsed)
+	}
+
+	if len(parsedCerts) == 0 {
+		data.WarningValidation = fmt.Sprintf("You have specified an empty certificate")
+		return 1
+	}
+
+	data.ValidCert = true
+
+	// spew.Dump(parsedCerts)
+
+	opts := x509.VerifyOptions{
+		DNSName: serverName,
+	}
+
+	log.Printf("number of certs - %d", len(parsedCerts))
+	if len(parsedCerts) > 1 {
+		// set up an intermediate
+		pool := x509.NewCertPool()
+		for _, cert := range parsedCerts[1:] {
+			log.Printf("got an intermediate cert")
+			pool.AddCert(cert)
+		}
+		opts.Intermediates = pool
+	}
+
+	// TODO: save it as a warning rather than error it out -- shouldn't be a big problem
+	mainCert := parsedCerts[0]
+	_, err := mainCert.Verify(opts)
+	if err != nil {
+		// let self-signed certs through
+		data.WarningValidation = fmt.Sprintf("Your certificate does not verify: %s", err)
+	} else {
+		data.ValidChain = true
+	}
+	// spew.Dump(chains)
+
+	// update status
+	if mainCert != nil {
+		notAfter := mainCert.NotAfter
+		data.Subject = mainCert.Subject.String()
+		data.Issuer = mainCert.Issuer.String()
+		data.NotAfter = notAfter
+		data.NotBefore = mainCert.NotBefore
+		data.DNSNames = mainCert.DNSNames
+	}
+
+	return 0
+}
+
+// Return 0 on success
+func validatePkey(data *tlsConfigStatus, pkey string) int {
+	// now do a more extended validation
+	var key *pem.Block        // PEM-encoded certificates
+	var skippedBytes []string // skipped bytes
+
+	// go through all pem blocks, but take first valid pem block and drop the rest
+	pemblock := []byte(pkey)
+	for {
+		var decoded *pem.Block
+		decoded, pemblock = pem.Decode(pemblock)
+		if decoded == nil {
+			break
+		}
+		if decoded.Type == "PRIVATE KEY" || strings.HasSuffix(decoded.Type, " PRIVATE KEY") {
+			key = decoded
+			break
+		} else {
+			skippedBytes = append(skippedBytes, decoded.Type)
+		}
+	}
+
+	if key == nil {
+		data.WarningValidation = "No valid keys were found"
+		return 1
+	}
+
+	// parse the decoded key
+	_, keytype, err := parsePrivateKey(key.Bytes)
+	if err != nil {
+		data.WarningValidation = fmt.Sprintf("Failed to parse private key: %s", err)
+		return 1
+	}
+
+	data.ValidKey = true
+	data.KeyType = keytype
+	return 0
+}
+
 /* Process certificate data and its private key.
-CertificateChain, PrivateKey parameters are optional.
+All parameters are optional.
 On error, return partially set object
  with 'WarningValidation' field containing error description.
 */
-func validateCertificates(CertificateChain, PrivateKey, ServerName string) tlsConfigStatus {
-	var err error
+func validateCertificates(certChain, pkey, serverName string) tlsConfigStatus {
 	var data tlsConfigStatus
 
 	// check only public certificate separately from the key
-	if CertificateChain != "" {
-		log.Tracef("got certificate: %s", CertificateChain)
-
-		// now do a more extended validation
-		var certs []*pem.Block    // PEM-encoded certificates
-		var skippedBytes []string // skipped bytes
-
-		pemblock := []byte(CertificateChain)
-		for {
-			var decoded *pem.Block
-			decoded, pemblock = pem.Decode(pemblock)
-			if decoded == nil {
-				break
-			}
-			if decoded.Type == "CERTIFICATE" {
-				certs = append(certs, decoded)
-			} else {
-				skippedBytes = append(skippedBytes, decoded.Type)
-			}
-		}
-
-		var parsedCerts []*x509.Certificate
-
-		for _, cert := range certs {
-			parsed, err := x509.ParseCertificate(cert.Bytes)
-			if err != nil {
-				data.WarningValidation = fmt.Sprintf("Failed to parse certificate: %s", err)
-				return data
-			}
-			parsedCerts = append(parsedCerts, parsed)
-		}
-
-		if len(parsedCerts) == 0 {
-			data.WarningValidation = fmt.Sprintf("You have specified an empty certificate")
+	if certChain != "" {
+		if verifyCertChain(&data, certChain, serverName) != 0 {
 			return data
 		}
-
-		data.ValidCert = true
-
-		// spew.Dump(parsedCerts)
-
-		opts := x509.VerifyOptions{
-			DNSName: ServerName,
-		}
-
-		log.Printf("number of certs - %d", len(parsedCerts))
-		if len(parsedCerts) > 1 {
-			// set up an intermediate
-			pool := x509.NewCertPool()
-			for _, cert := range parsedCerts[1:] {
-				log.Printf("got an intermediate cert")
-				pool.AddCert(cert)
-			}
-			opts.Intermediates = pool
-		}
-
-		// TODO: save it as a warning rather than error it out -- shouldn't be a big problem
-		mainCert := parsedCerts[0]
-		_, err := mainCert.Verify(opts)
-		if err != nil {
-			// let self-signed certs through
-			data.WarningValidation = fmt.Sprintf("Your certificate does not verify: %s", err)
-		} else {
-			data.ValidChain = true
-		}
-		// spew.Dump(chains)
-
-		// update status
-		if mainCert != nil {
-			notAfter := mainCert.NotAfter
-			data.Subject = mainCert.Subject.String()
-			data.Issuer = mainCert.Issuer.String()
-			data.NotAfter = notAfter
-			data.NotBefore = mainCert.NotBefore
-			data.DNSNames = mainCert.DNSNames
-		}
 	}
 
 	// validate private key (right now the only validation possible is just parsing it)
-	if PrivateKey != "" {
-		// now do a more extended validation
-		var key *pem.Block        // PEM-encoded certificates
-		var skippedBytes []string // skipped bytes
-
-		// go through all pem blocks, but take first valid pem block and drop the rest
-		pemblock := []byte(PrivateKey)
-		for {
-			var decoded *pem.Block
-			decoded, pemblock = pem.Decode(pemblock)
-			if decoded == nil {
-				break
-			}
-			if decoded.Type == "PRIVATE KEY" || strings.HasSuffix(decoded.Type, " PRIVATE KEY") {
-				key = decoded
-				break
-			} else {
-				skippedBytes = append(skippedBytes, decoded.Type)
-			}
-		}
-
-		if key == nil {
-			data.WarningValidation = "No valid keys were found"
+	if pkey != "" {
+		if validatePkey(&data, pkey) != 0 {
 			return data
 		}
-
-		// parse the decoded key
-		_, keytype, err := parsePrivateKey(key.Bytes)
-		if err != nil {
-			data.WarningValidation = fmt.Sprintf("Failed to parse private key: %s", err)
-			return data
-		}
-
-		data.ValidKey = true
-		data.KeyType = keytype
 	}
 
 	// if both are set, validate both in unison
-	if PrivateKey != "" && CertificateChain != "" {
-		_, err = tls.X509KeyPair([]byte(CertificateChain), []byte(PrivateKey))
+	if pkey != "" && certChain != "" {
+		_, err := tls.X509KeyPair([]byte(certChain), []byte(pkey))
 		if err != nil {
 			data.WarningValidation = fmt.Sprintf("Invalid certificate or key: %s", err)
 			return data

From 5cb6d97cd7b80047cfff2628cb56f1d54735e3d0 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Mon, 25 Feb 2019 16:44:22 +0300
Subject: [PATCH 11/95] * use new logger - AdguardTeam/golibs/log

---
 app.go                      |  30 ++++----
 config.go                   |  24 +++----
 control.go                  | 139 +++++++++++++++++++++++-------------
 dhcp.go                     |   8 +--
 dhcpd/check_other_dhcp.go   |   2 +-
 dhcpd/dhcpd.go              |   2 +-
 dhcpd/helpers.go            |   2 +-
 dhcpd/standalone/main.go    |   2 +-
 dns.go                      |   2 +-
 dnsfilter/dnsfilter.go      |   2 +-
 dnsfilter/dnsfilter_test.go |   2 +-
 dnsforward/dnsforward.go    |   2 +-
 dnsforward/querylog.go      |   2 +-
 dnsforward/querylog_file.go |  42 +++++------
 dnsforward/querylog_top.go  |   2 +-
 filter.go                   |   2 +-
 go.mod                      |   2 +-
 helpers_test.go             |   2 +-
 i18n.go                     |   2 +-
 service.go                  |   2 +-
 upgrade.go                  |   2 +-
 21 files changed, 157 insertions(+), 118 deletions(-)

diff --git a/app.go b/app.go
index 0b55b6fa..a9ced17f 100644
--- a/app.go
+++ b/app.go
@@ -3,7 +3,6 @@ package main
 import (
 	"crypto/tls"
 	"fmt"
-	stdlog "log"
 	"net"
 	"net/http"
 	"os"
@@ -15,9 +14,8 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/gobuffalo/packr"
-
-	"github.com/hmage/golibs/log"
 )
 
 // VersionString will be set through ldflags, contains current version
@@ -73,9 +71,9 @@ func run(args options) {
 
 	// print the first message after logger is configured
 	log.Printf("AdGuard Home, version %s\n", VersionString)
-	log.Tracef("Current working directory is %s", config.ourWorkingDir)
+	log.Debug("Current working directory is %s", config.ourWorkingDir)
 	if args.runningAsService {
-		log.Printf("AdGuard Home is running as a service")
+		log.Info("AdGuard Home is running as a service")
 	}
 
 	config.firstRun = detectFirstRun()
@@ -110,7 +108,7 @@ func run(args options) {
 		err = filter.load()
 		if err != nil {
 			// This is okay for the first start, the filter will be loaded later
-			log.Printf("Couldn't load filter %d contents due to %s", filter.ID, err)
+			log.Debug("Couldn't load filter %d contents due to %s", filter.ID, err)
 			// clear LastUpdated so it gets fetched right away
 		}
 
@@ -161,7 +159,7 @@ func run(args options) {
 
 	// add handlers for /install paths, we only need them when we're not configured yet
 	if config.firstRun {
-		log.Printf("This is the first launch of AdGuard Home, redirecting everything to /install.html ")
+		log.Info("This is the first launch of AdGuard Home, redirecting everything to /install.html ")
 		http.Handle("/install.html", preInstallHandler(http.FileServer(box)))
 		registerInstallHandlers()
 	}
@@ -263,7 +261,11 @@ func configureLogger(args options) {
 		ls.LogFile = args.logFile
 	}
 
-	log.Verbose = ls.Verbose
+	level := log.INFO
+	if ls.Verbose {
+		level = log.DEBUG
+	}
+	log.SetLevel(level)
 
 	if args.runningAsService && ls.LogFile == "" && runtime.GOOS == "windows" {
 		// When running as a Windows service, use eventlog by default if nothing else is configured
@@ -287,20 +289,20 @@ func configureLogger(args options) {
 		if err != nil {
 			log.Fatalf("cannot create a log file: %s", err)
 		}
-		stdlog.SetOutput(file)
+		log.SetOutput(file)
 	}
 }
 
 func cleanup() {
-	log.Printf("Stopping AdGuard Home")
+	log.Info("Stopping AdGuard Home")
 
 	err := stopDNSServer()
 	if err != nil {
-		log.Printf("Couldn't stop DNS server: %s", err)
+		log.Error("Couldn't stop DNS server: %s", err)
 	}
 	err = stopDHCPServer()
 	if err != nil {
-		log.Printf("Couldn't stop DHCP server: %s", err)
+		log.Error("Couldn't stop DHCP server: %s", err)
 	}
 }
 
@@ -373,7 +375,7 @@ func loadOptions() options {
 			if v == "--"+opt.longName || (opt.shortName != "" && v == "-"+opt.shortName) {
 				if opt.callbackWithValue != nil {
 					if i+1 >= len(os.Args) {
-						log.Printf("ERROR: Got %s without argument\n", v)
+						log.Error("Got %s without argument\n", v)
 						os.Exit(64)
 					}
 					i++
@@ -386,7 +388,7 @@ func loadOptions() options {
 			}
 		}
 		if !knownParam {
-			log.Printf("ERROR: unknown option %v\n", v)
+			log.Error("unknown option %v\n", v)
 			printHelp()
 			os.Exit(64)
 		}
diff --git a/config.go b/config.go
index 87e5c6a8..f9ba9b28 100644
--- a/config.go
+++ b/config.go
@@ -10,7 +10,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/dhcpd"
 	"github.com/AdguardTeam/AdGuardHome/dnsfilter"
 	"github.com/AdguardTeam/AdGuardHome/dnsforward"
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 	yaml "gopkg.in/yaml.v2"
 )
 
@@ -152,7 +152,7 @@ func getLogSettings() logSettings {
 	}
 	err = yaml.Unmarshal(yamlFile, &l)
 	if err != nil {
-		log.Printf("Couldn't get logging settings from the configuration: %s", err)
+		log.Error("Couldn't get logging settings from the configuration: %s", err)
 	}
 	return l
 }
@@ -160,19 +160,19 @@ func getLogSettings() logSettings {
 // parseConfig loads configuration from the YAML file
 func parseConfig() error {
 	configFile := config.getConfigFilename()
-	log.Printf("Reading config file: %s", configFile)
+	log.Debug("Reading config file: %s", configFile)
 	yamlFile, err := readConfigFile()
 	if err != nil {
-		log.Printf("Couldn't read config file: %s", err)
+		log.Error("Couldn't read config file: %s", err)
 		return err
 	}
 	if yamlFile == nil {
-		log.Printf("YAML file doesn't exist, skipping it")
+		log.Error("YAML file doesn't exist, skipping it")
 		return nil
 	}
 	err = yaml.Unmarshal(yamlFile, &config)
 	if err != nil {
-		log.Printf("Couldn't parse config file: %s", err)
+		log.Error("Couldn't parse config file: %s", err)
 		return err
 	}
 
@@ -199,19 +199,19 @@ func (c *configuration) write() error {
 	c.Lock()
 	defer c.Unlock()
 	if config.firstRun {
-		log.Tracef("Silently refusing to write config because first run and not configured yet")
+		log.Debug("Silently refusing to write config because first run and not configured yet")
 		return nil
 	}
 	configFile := config.getConfigFilename()
-	log.Tracef("Writing YAML file: %s", configFile)
+	log.Debug("Writing YAML file: %s", configFile)
 	yamlText, err := yaml.Marshal(&config)
 	if err != nil {
-		log.Printf("Couldn't generate YAML file: %s", err)
+		log.Error("Couldn't generate YAML file: %s", err)
 		return err
 	}
 	err = safeWriteFile(configFile, yamlText)
 	if err != nil {
-		log.Printf("Couldn't save YAML config: %s", err)
+		log.Error("Couldn't save YAML config: %s", err)
 		return err
 	}
 
@@ -221,14 +221,14 @@ func (c *configuration) write() error {
 func writeAllConfigs() error {
 	err := config.write()
 	if err != nil {
-		log.Printf("Couldn't write config: %s", err)
+		log.Error("Couldn't write config: %s", err)
 		return err
 	}
 
 	userFilter := userFilter()
 	err = userFilter.save()
 	if err != nil {
-		log.Printf("Couldn't save the user filter: %s", err)
+		log.Error("Couldn't save the user filter: %s", err)
 		return err
 	}
 
diff --git a/control.go b/control.go
index fd1759e3..52b85615 100644
--- a/control.go
+++ b/control.go
@@ -24,8 +24,8 @@ import (
 	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/dnsforward"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/dnsproxy/upstream"
-	"github.com/hmage/golibs/log"
 	"github.com/joomcode/errorx"
 	"github.com/miekg/dns"
 	govalidator "gopkg.in/asaskevich/govalidator.v4"
@@ -52,14 +52,14 @@ func returnOK(w http.ResponseWriter) {
 	_, err := fmt.Fprintf(w, "OK\n")
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 	}
 }
 
 func httpError(w http.ResponseWriter, code int, format string, args ...interface{}) {
 	text := fmt.Sprintf(format, args...)
-	log.Println(text)
+	log.Info(text)
 	http.Error(w, text, code)
 }
 
@@ -69,7 +69,7 @@ func httpError(w http.ResponseWriter, code int, format string, args ...interface
 func writeAllConfigsAndReloadDNS() error {
 	err := writeAllConfigs()
 	if err != nil {
-		log.Printf("Couldn't write all configs: %s", err)
+		log.Error("Couldn't write all configs: %s", err)
 		return err
 	}
 	return reconfigureDNSServer()
@@ -85,6 +85,7 @@ func httpUpdateConfigReloadDNSReturnOK(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := map[string]interface{}{
 		"dns_address":        config.DNS.BindHost,
 		"http_port":          config.BindPort,
@@ -101,7 +102,7 @@ func handleStatus(w http.ResponseWriter, r *http.Request) {
 	jsonVal, err := json.Marshal(data)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 500)
 		return
 	}
@@ -109,18 +110,20 @@ func handleStatus(w http.ResponseWriter, r *http.Request) {
 	_, err = w.Write(jsonVal)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 500)
 		return
 	}
 }
 
 func handleProtectionEnable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.ProtectionEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleProtectionDisable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.ProtectionEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
@@ -129,22 +132,25 @@ func handleProtectionDisable(w http.ResponseWriter, r *http.Request) {
 // stats
 // -----
 func handleQueryLogEnable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.QueryLogEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleQueryLogDisable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.QueryLogEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleQueryLog(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := dnsServer.GetQueryLog()
 
 	jsonVal, err := json.Marshal(data)
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't marshal data into json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 		return
 	}
@@ -153,12 +159,13 @@ func handleQueryLog(w http.ResponseWriter, r *http.Request) {
 	_, err = w.Write(jsonVal)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 	}
 }
 
 func handleStatsTop(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	s := dnsServer.GetStatsTop()
 
 	// use manual json marshalling because we want maps to be sorted by value
@@ -200,30 +207,32 @@ func handleStatsTop(w http.ResponseWriter, r *http.Request) {
 	_, err := w.Write(statsJSON.Bytes())
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 	}
 }
 
 // handleStatsReset resets the stats caches
 func handleStatsReset(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	dnsServer.PurgeStats()
 	_, err := fmt.Fprintf(w, "OK\n")
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 	}
 }
 
 // handleStats returns aggregated stats data for the 24 hours
 func handleStats(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	summed := dnsServer.GetAggregatedStats()
 
 	statsJSON, err := json.Marshal(summed)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 500)
 		return
 	}
@@ -231,7 +240,7 @@ func handleStats(w http.ResponseWriter, r *http.Request) {
 	_, err = w.Write(statsJSON)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 500)
 		return
 	}
@@ -239,6 +248,7 @@ func handleStats(w http.ResponseWriter, r *http.Request) {
 
 // HandleStatsHistory returns historical stats data for the 24 hours
 func handleStatsHistory(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	// handle time unit and prepare our time window size
 	timeUnitString := r.URL.Query().Get("time_unit")
 	var timeUnit time.Duration
@@ -260,14 +270,14 @@ func handleStatsHistory(w http.ResponseWriter, r *http.Request) {
 	startTime, err := time.Parse(time.RFC3339, r.URL.Query().Get("start_time"))
 	if err != nil {
 		errorText := fmt.Sprintf("Must specify valid start_time parameter: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusBadRequest)
 		return
 	}
 	endTime, err := time.Parse(time.RFC3339, r.URL.Query().Get("end_time"))
 	if err != nil {
 		errorText := fmt.Sprintf("Must specify valid end_time parameter: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusBadRequest)
 		return
 	}
@@ -282,7 +292,7 @@ func handleStatsHistory(w http.ResponseWriter, r *http.Request) {
 	statsJSON, err := json.Marshal(data)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 		return
 	}
@@ -291,7 +301,7 @@ func handleStatsHistory(w http.ResponseWriter, r *http.Request) {
 	_, err = w.Write(statsJSON)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 		return
 	}
@@ -323,10 +333,11 @@ func sortByValue(m map[string]int) []string {
 // -----------------------
 
 func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("Failed to read request body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusBadRequest)
 		return
 	}
@@ -342,30 +353,31 @@ func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	err = writeAllConfigs()
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't write config file: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 		return
 	}
 	err = reconfigureDNSServer()
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't reconfigure the DNS server: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 		return
 	}
 	_, err = fmt.Fprintf(w, "OK %d servers\n", len(hosts))
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 	}
 }
 
 func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("Failed to read request body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 400)
 		return
 	}
@@ -373,7 +385,7 @@ func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 
 	if len(hosts) == 0 {
 		errorText := fmt.Sprintf("No servers specified")
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusBadRequest)
 		return
 	}
@@ -383,7 +395,7 @@ func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	for _, host := range hosts {
 		err = checkDNS(host)
 		if err != nil {
-			log.Println(err)
+			log.Info("%v", err)
 			result[host] = err.Error()
 		} else {
 			result[host] = "OK"
@@ -393,7 +405,7 @@ func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	jsonVal, err := json.Marshal(result)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 		return
 	}
@@ -402,13 +414,13 @@ func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	_, err = w.Write(jsonVal)
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 	}
 }
 
 func checkDNS(input string) error {
-	log.Printf("Checking if DNS %s works...", input)
+	log.Debug("Checking if DNS %s works...", input)
 	u, err := upstream.AddressToUpstream(input, upstream.Options{Timeout: dnsforward.DefaultTimeout})
 	if err != nil {
 		return fmt.Errorf("failed to choose upstream for %s: %s", input, err)
@@ -433,11 +445,12 @@ func checkDNS(input string) error {
 		}
 	}
 
-	log.Printf("DNS %s works OK", input)
+	log.Debug("DNS %s works OK", input)
 	return nil
 }
 
 func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	now := time.Now()
 	if now.Sub(versionCheckLastTime) <= versionCheckPeriod && len(versionCheckJSON) != 0 {
 		// return cached copy
@@ -449,7 +462,7 @@ func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
 	resp, err := client.Get(versionCheckURL)
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't get version check json from %s: %T %s\n", versionCheckURL, err, err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusBadGateway)
 		return
 	}
@@ -461,7 +474,7 @@ func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
 	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't read response body from %s: %s", versionCheckURL, err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusBadGateway)
 		return
 	}
@@ -470,7 +483,7 @@ func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
 	_, err = w.Write(body)
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 	}
 
@@ -483,16 +496,19 @@ func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
 // ---------
 
 func handleFilteringEnable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.FilteringEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleFilteringDisable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.FilteringEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleFilteringStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := map[string]interface{}{
 		"enabled": config.DNS.FilteringEnabled,
 	}
@@ -505,7 +521,7 @@ func handleFilteringStatus(w http.ResponseWriter, r *http.Request) {
 
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 500)
 		return
 	}
@@ -514,13 +530,14 @@ func handleFilteringStatus(w http.ResponseWriter, r *http.Request) {
 	_, err = w.Write(jsonVal)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 500)
 		return
 	}
 }
 
 func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	f := filter{}
 	err := json.NewDecoder(r.Body).Decode(&f)
 	if err != nil {
@@ -542,7 +559,7 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 	for i := range config.Filters {
 		if config.Filters[i].URL == f.URL {
 			errorText := fmt.Sprintf("Filter URL already added -- %s", f.URL)
-			log.Println(errorText)
+			log.Error(errorText)
 			http.Error(w, errorText, http.StatusBadRequest)
 			return
 		}
@@ -556,19 +573,19 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 	ok, err := f.update(true)
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't fetch filter from url %s: %s", f.URL, err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusBadRequest)
 		return
 	}
 	if f.RulesCount == 0 {
 		errorText := fmt.Sprintf("Filter at the url %s has no rules (maybe it points to blank page?)", f.URL)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusBadRequest)
 		return
 	}
 	if !ok {
 		errorText := fmt.Sprintf("Filter at the url %s is invalid (maybe it points to blank page?)", f.URL)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusBadRequest)
 		return
 	}
@@ -577,7 +594,7 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 	err = f.save()
 	if err != nil {
 		errorText := fmt.Sprintf("Failed to save filter %d due to %s", f.ID, err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusBadRequest)
 		return
 	}
@@ -588,7 +605,7 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 	err = writeAllConfigs()
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't write config file: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 		return
 	}
@@ -596,23 +613,24 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 	err = reconfigureDNSServer()
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't reconfigure the DNS server: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 	}
 
 	_, err = fmt.Fprintf(w, "OK %d rules\n", f.RulesCount)
 	if err != nil {
 		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusInternalServerError)
 	}
 }
 
 func handleFilteringRemoveURL(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("failed to parse parameters from body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 400)
 		return
 	}
@@ -649,10 +667,11 @@ func handleFilteringRemoveURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringEnableURL(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("failed to parse parameters from body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 400)
 		return
 	}
@@ -688,10 +707,11 @@ func handleFilteringEnableURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringDisableURL(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("failed to parse parameters from body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 400)
 		return
 	}
@@ -725,10 +745,11 @@ func handleFilteringDisableURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringSetRules(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("Failed to read request body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 400)
 		return
 	}
@@ -738,6 +759,7 @@ func handleFilteringSetRules(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringRefresh(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	force := r.URL.Query().Get("force")
 	updated := refreshFiltersIfNecessary(force != "")
 	fmt.Fprintf(w, "OK %d filters updated\n", updated)
@@ -748,23 +770,26 @@ func handleFilteringRefresh(w http.ResponseWriter, r *http.Request) {
 // ------------
 
 func handleSafeBrowsingEnable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.SafeBrowsingEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeBrowsingDisable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.SafeBrowsingEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeBrowsingStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := map[string]interface{}{
 		"enabled": config.DNS.SafeBrowsingEnabled,
 	}
 	jsonVal, err := json.Marshal(data)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 500)
 	}
 
@@ -772,7 +797,7 @@ func handleSafeBrowsingStatus(w http.ResponseWriter, r *http.Request) {
 	_, err = w.Write(jsonVal)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 500)
 		return
 	}
@@ -782,10 +807,11 @@ func handleSafeBrowsingStatus(w http.ResponseWriter, r *http.Request) {
 // parental
 // --------
 func handleParentalEnable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("failed to parse parameters from body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 400)
 		return
 	}
@@ -828,11 +854,13 @@ func handleParentalEnable(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleParentalDisable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.ParentalEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleParentalStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := map[string]interface{}{
 		"enabled": config.DNS.ParentalEnabled,
 	}
@@ -842,7 +870,7 @@ func handleParentalStatus(w http.ResponseWriter, r *http.Request) {
 	jsonVal, err := json.Marshal(data)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 500)
 		return
 	}
@@ -851,7 +879,7 @@ func handleParentalStatus(w http.ResponseWriter, r *http.Request) {
 	_, err = w.Write(jsonVal)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 500)
 		return
 	}
@@ -862,23 +890,26 @@ func handleParentalStatus(w http.ResponseWriter, r *http.Request) {
 // ------------
 
 func handleSafeSearchEnable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.SafeSearchEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeSearchDisable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.SafeSearchEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeSearchStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := map[string]interface{}{
 		"enabled": config.DNS.SafeSearchEnabled,
 	}
 	jsonVal, err := json.Marshal(data)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 500)
 		return
 	}
@@ -887,7 +918,7 @@ func handleSafeSearchStatus(w http.ResponseWriter, r *http.Request) {
 	_, err = w.Write(jsonVal)
 	if err != nil {
 		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, 500)
 		return
 	}
@@ -908,6 +939,7 @@ type firstRunData struct {
 }
 
 func handleInstallGetAddresses(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := firstRunData{}
 
 	// find out if port 80 is available -- if not, fall back to 3000
@@ -943,6 +975,7 @@ func handleInstallGetAddresses(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	newSettings := firstRunData{}
 	err := json.NewDecoder(r.Body).Decode(&newSettings)
 	if err != nil {
@@ -1001,10 +1034,12 @@ func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
 // TLS
 // ---
 func handleTLSStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	marshalTLS(w, config.TLS)
 }
 
 func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data, err := unmarshalTLS(r)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
@@ -1030,6 +1065,7 @@ func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data, err := unmarshalTLS(r)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
@@ -1287,6 +1323,7 @@ func marshalTLS(w http.ResponseWriter, data tlsConfig) {
 // DNS-over-HTTPS
 // --------------
 func handleDOH(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	if r.TLS == nil {
 		httpError(w, http.StatusNotFound, "Not Found")
 		return
diff --git a/dhcp.go b/dhcp.go
index a67b0ef6..fe780305 100644
--- a/dhcp.go
+++ b/dhcp.go
@@ -10,7 +10,7 @@ import (
 	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/dhcpd"
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/joomcode/errorx"
 )
 
@@ -60,7 +60,7 @@ func handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
 	if !newconfig.Enabled {
 		err := dhcpServer.Stop()
 		if err != nil {
-			log.Printf("failed to stop the DHCP server: %s", err)
+			log.Error("failed to stop the DHCP server: %s", err)
 		}
 	}
 	config.DHCP = newconfig
@@ -131,7 +131,7 @@ func handleDHCPFindActiveServer(w http.ResponseWriter, r *http.Request) {
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("failed to read request body: %s", err)
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusBadRequest)
 		return
 	}
@@ -139,7 +139,7 @@ func handleDHCPFindActiveServer(w http.ResponseWriter, r *http.Request) {
 	interfaceName := strings.TrimSpace(string(body))
 	if interfaceName == "" {
 		errorText := fmt.Sprintf("empty interface name specified")
-		log.Println(errorText)
+		log.Error(errorText)
 		http.Error(w, errorText, http.StatusBadRequest)
 		return
 	}
diff --git a/dhcpd/check_other_dhcp.go b/dhcpd/check_other_dhcp.go
index b2d64b9f..46fbec57 100644
--- a/dhcpd/check_other_dhcp.go
+++ b/dhcpd/check_other_dhcp.go
@@ -9,7 +9,7 @@ import (
 	"os"
 	"time"
 
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/krolaw/dhcp4"
 )
 
diff --git a/dhcpd/dhcpd.go b/dhcpd/dhcpd.go
index 0fcb8168..05d753b8 100644
--- a/dhcpd/dhcpd.go
+++ b/dhcpd/dhcpd.go
@@ -7,7 +7,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/krolaw/dhcp4"
 )
 
diff --git a/dhcpd/helpers.go b/dhcpd/helpers.go
index 24cfb029..c3e9f4fe 100644
--- a/dhcpd/helpers.go
+++ b/dhcpd/helpers.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"net"
 
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/joomcode/errorx"
 )
 
diff --git a/dhcpd/standalone/main.go b/dhcpd/standalone/main.go
index 9154e063..9dd37285 100644
--- a/dhcpd/standalone/main.go
+++ b/dhcpd/standalone/main.go
@@ -8,7 +8,7 @@ import (
 	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/dhcpd"
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/krolaw/dhcp4"
 )
 
diff --git a/dns.go b/dns.go
index b7f0d130..8cf5c40d 100644
--- a/dns.go
+++ b/dns.go
@@ -8,7 +8,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/dnsfilter"
 	"github.com/AdguardTeam/AdGuardHome/dnsforward"
 	"github.com/AdguardTeam/dnsproxy/upstream"
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/joomcode/errorx"
 )
 
diff --git a/dnsfilter/dnsfilter.go b/dnsfilter/dnsfilter.go
index dd5fe2e4..561ccb04 100644
--- a/dnsfilter/dnsfilter.go
+++ b/dnsfilter/dnsfilter.go
@@ -17,7 +17,7 @@ import (
 	"time"
 
 	"github.com/bluele/gcache"
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 	"golang.org/x/net/publicsuffix"
 )
 
diff --git a/dnsfilter/dnsfilter_test.go b/dnsfilter/dnsfilter_test.go
index b617dd41..85e0c4bf 100644
--- a/dnsfilter/dnsfilter_test.go
+++ b/dnsfilter/dnsfilter_test.go
@@ -18,7 +18,7 @@ import (
 	"os"
 	"runtime"
 
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/shirou/gopsutil/process"
 	"go.uber.org/goleak"
 )
diff --git a/dnsforward/dnsforward.go b/dnsforward/dnsforward.go
index 99f09e6d..26f7dfb4 100644
--- a/dnsforward/dnsforward.go
+++ b/dnsforward/dnsforward.go
@@ -13,7 +13,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/dnsfilter"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/joomcode/errorx"
 	"github.com/miekg/dns"
 )
diff --git a/dnsforward/querylog.go b/dnsforward/querylog.go
index 52fa115c..14325354 100644
--- a/dnsforward/querylog.go
+++ b/dnsforward/querylog.go
@@ -10,7 +10,7 @@ import (
 	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/dnsfilter"
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/miekg/dns"
 )
 
diff --git a/dnsforward/querylog_file.go b/dnsforward/querylog_file.go
index 8aadd5ae..97f86cf0 100644
--- a/dnsforward/querylog_file.go
+++ b/dnsforward/querylog_file.go
@@ -9,8 +9,8 @@ import (
 	"sync"
 	"time"
 
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/go-test/deep"
-	"github.com/hmage/golibs/log"
 )
 
 var (
@@ -28,7 +28,7 @@ func (l *queryLog) flushLogBuffer() error {
 	l.logBufferLock.Unlock()
 	err := l.flushToFile(flushBuffer)
 	if err != nil {
-		log.Printf("Saving querylog to file failed: %s", err)
+		log.Error("Saving querylog to file failed: %s", err)
 		return err
 	}
 	return nil
@@ -46,17 +46,17 @@ func (l *queryLog) flushToFile(buffer []*logEntry) error {
 	for _, entry := range buffer {
 		err := e.Encode(entry)
 		if err != nil {
-			log.Printf("Failed to marshal entry: %s", err)
+			log.Error("Failed to marshal entry: %s", err)
 			return err
 		}
 	}
 
 	elapsed := time.Since(start)
-	log.Printf("%d elements serialized via json in %v: %d kB, %v/entry, %v/entry", len(buffer), elapsed, b.Len()/1024, float64(b.Len())/float64(len(buffer)), elapsed/time.Duration(len(buffer)))
+	log.Debug("%d elements serialized via json in %v: %d kB, %v/entry, %v/entry", len(buffer), elapsed, b.Len()/1024, float64(b.Len())/float64(len(buffer)), elapsed/time.Duration(len(buffer)))
 
 	err := checkBuffer(buffer, b)
 	if err != nil {
-		log.Printf("failed to check buffer: %s", err)
+		log.Error("failed to check buffer: %s", err)
 		return err
 	}
 
@@ -73,13 +73,13 @@ func (l *queryLog) flushToFile(buffer []*logEntry) error {
 
 		_, err = zw.Write(b.Bytes())
 		if err != nil {
-			log.Printf("Couldn't compress to gzip: %s", err)
+			log.Error("Couldn't compress to gzip: %s", err)
 			zw.Close()
 			return err
 		}
 
 		if err = zw.Close(); err != nil {
-			log.Printf("Couldn't close gzip writer: %s", err)
+			log.Error("Couldn't close gzip writer: %s", err)
 			return err
 		}
 	} else {
@@ -90,18 +90,18 @@ func (l *queryLog) flushToFile(buffer []*logEntry) error {
 	defer fileWriteLock.Unlock()
 	f, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
 	if err != nil {
-		log.Printf("failed to create file \"%s\": %s", filename, err)
+		log.Error("failed to create file \"%s\": %s", filename, err)
 		return err
 	}
 	defer f.Close()
 
 	n, err := f.Write(zb.Bytes())
 	if err != nil {
-		log.Printf("Couldn't write to file: %s", err)
+		log.Error("Couldn't write to file: %s", err)
 		return err
 	}
 
-	log.Printf("ok \"%s\": %v bytes written", filename, n)
+	log.Debug("ok \"%s\": %v bytes written", filename, n)
 
 	return nil
 }
@@ -115,21 +115,21 @@ func checkBuffer(buffer []*logEntry, b bytes.Buffer) error {
 		entry := &logEntry{}
 		err := d.Decode(entry)
 		if err != nil {
-			log.Printf("Failed to decode: %s", err)
+			log.Error("Failed to decode: %s", err)
 			return err
 		}
 		if diff := deep.Equal(entry, buffer[i]); diff != nil {
-			log.Printf("decoded buffer differs: %s", diff)
+			log.Error("decoded buffer differs: %s", diff)
 			return fmt.Errorf("decoded buffer differs: %s", diff)
 		}
 		i++
 	}
 	if i != l {
 		err := fmt.Errorf("check fail: %d vs %d entries", l, i)
-		log.Print(err)
+		log.Error("%v", err)
 		return err
 	}
-	log.Printf("check ok: %d entries", i)
+	log.Debug("check ok: %d entries", i)
 
 	return nil
 }
@@ -150,11 +150,11 @@ func (l *queryLog) rotateQueryLog() error {
 
 	err := os.Rename(from, to)
 	if err != nil {
-		log.Printf("Failed to rename querylog: %s", err)
+		log.Error("Failed to rename querylog: %s", err)
 		return err
 	}
 
-	log.Printf("Rotated from %s to %s successfully", from, to)
+	log.Debug("Rotated from %s to %s successfully", from, to)
 
 	return nil
 }
@@ -163,7 +163,7 @@ func (l *queryLog) periodicQueryLogRotate() {
 	for range time.Tick(queryLogRotationPeriod) {
 		err := l.rotateQueryLog()
 		if err != nil {
-			log.Printf("Failed to rotate querylog: %s", err)
+			log.Error("Failed to rotate querylog: %s", err)
 			// do nothing, continue rotating
 		}
 	}
@@ -198,7 +198,7 @@ func (l *queryLog) genericLoader(onEntry func(entry *logEntry) error, needMore f
 
 		f, err := os.Open(file)
 		if err != nil {
-			log.Printf("Failed to open file \"%s\": %s", file, err)
+			log.Error("Failed to open file \"%s\": %s", file, err)
 			// try next file
 			continue
 		}
@@ -209,7 +209,7 @@ func (l *queryLog) genericLoader(onEntry func(entry *logEntry) error, needMore f
 		if enableGzip {
 			zr, err := gzip.NewReader(f)
 			if err != nil {
-				log.Printf("Failed to create gzip reader: %s", err)
+				log.Error("Failed to create gzip reader: %s", err)
 				continue
 			}
 			defer zr.Close()
@@ -231,7 +231,7 @@ func (l *queryLog) genericLoader(onEntry func(entry *logEntry) error, needMore f
 			var entry logEntry
 			err := d.Decode(&entry)
 			if err != nil {
-				log.Printf("Failed to decode: %s", err)
+				log.Error("Failed to decode: %s", err)
 				// next entry can be fine, try more
 				continue
 			}
@@ -260,7 +260,7 @@ func (l *queryLog) genericLoader(onEntry func(entry *logEntry) error, needMore f
 			perunit = elapsed / time.Duration(i)
 			avg = sum / time.Duration(i)
 		}
-		log.Printf("file \"%s\": read %d entries in %v, %v/entry, %v over %v, %v avg", file, i, elapsed, perunit, over, max, avg)
+		log.Debug("file \"%s\": read %d entries in %v, %v/entry, %v over %v, %v avg", file, i, elapsed, perunit, over, max, avg)
 	}
 	return nil
 }
diff --git a/dnsforward/querylog_top.go b/dnsforward/querylog_top.go
index 25ad9791..a2ffffdc 100644
--- a/dnsforward/querylog_top.go
+++ b/dnsforward/querylog_top.go
@@ -10,7 +10,7 @@ import (
 	"time"
 
 	"github.com/bluele/gcache"
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/miekg/dns"
 )
 
diff --git a/filter.go b/filter.go
index 84db3a47..280c403f 100644
--- a/filter.go
+++ b/filter.go
@@ -12,7 +12,7 @@ import (
 	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/dnsfilter"
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 )
 
 var (
diff --git a/go.mod b/go.mod
index cba63387..49f35dc7 100644
--- a/go.mod
+++ b/go.mod
@@ -2,12 +2,12 @@ module github.com/AdguardTeam/AdGuardHome
 
 require (
 	github.com/AdguardTeam/dnsproxy v0.11.1
+	github.com/AdguardTeam/golibs v0.1
 	github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f // indirect
 	github.com/bluele/gcache v0.0.0-20171010155617-472614239ac7
 	github.com/go-ole/go-ole v1.2.1 // indirect
 	github.com/go-test/deep v1.0.1
 	github.com/gobuffalo/packr v1.19.0
-	github.com/hmage/golibs v0.0.0-20190121112702-20153bd03c24
 	github.com/joomcode/errorx v0.1.0
 	github.com/kardianos/osext v0.0.0-20170510131534-ae77be60afb1 // indirect
 	github.com/kardianos/service v0.0.0-20181115005516-4c239ee84e7b
diff --git a/helpers_test.go b/helpers_test.go
index 66fc3d27..e70b2d5f 100644
--- a/helpers_test.go
+++ b/helpers_test.go
@@ -3,7 +3,7 @@ package main
 import (
 	"testing"
 
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 )
 
 func TestGetValidNetInterfacesForWeb(t *testing.T) {
diff --git a/i18n.go b/i18n.go
index 4ed850a3..962443d6 100644
--- a/i18n.go
+++ b/i18n.go
@@ -6,7 +6,7 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 )
 
 // --------------------
diff --git a/service.go b/service.go
index fd233f4e..d0bb7f67 100644
--- a/service.go
+++ b/service.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"runtime"
 
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/kardianos/service"
 )
 
diff --git a/upgrade.go b/upgrade.go
index 0b3ddc5c..c988700a 100644
--- a/upgrade.go
+++ b/upgrade.go
@@ -6,7 +6,7 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/hmage/golibs/log"
+	"github.com/AdguardTeam/golibs/log"
 	yaml "gopkg.in/yaml.v2"
 )
 

From 01548c236e3b444bc29af8f91ef2df5a12258efb Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Wed, 27 Feb 2019 16:04:05 +0300
Subject: [PATCH 12/95] * update go.sum

---
 go.sum | 2 --
 1 file changed, 2 deletions(-)

diff --git a/go.sum b/go.sum
index 5ba6426d..3f19484f 100644
--- a/go.sum
+++ b/go.sum
@@ -26,8 +26,6 @@ github.com/gobuffalo/packd v0.0.0-20181031195726-c82734870264 h1:roWyi0eEdiFreSq
 github.com/gobuffalo/packd v0.0.0-20181031195726-c82734870264/go.mod h1:Yf2toFaISlyQrr5TfO3h6DB9pl9mZRmyvBGQb/aQ/pI=
 github.com/gobuffalo/packr v1.19.0 h1:3UDmBDxesCOPF8iZdMDBBWKfkBoYujIMIZePnobqIUI=
 github.com/gobuffalo/packr v1.19.0/go.mod h1:MstrNkfCQhd5o+Ct4IJ0skWlxN8emOq8DsoT1G98VIU=
-github.com/hmage/golibs v0.0.0-20190121112702-20153bd03c24 h1:yyDtaSMcAZdm1I6uL8YLghpWiJljfBHs8NC/P86PYQk=
-github.com/hmage/golibs v0.0.0-20190121112702-20153bd03c24/go.mod h1:H6Ev6svFxUVPFThxLtdnFfcE9e3GWufpfmcVFpqV6HM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jessevdk/go-flags v1.4.0 h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGARJA=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=

From 3a9d436f8ae72a74f9e248d857c3d875aa81fcec Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 27 Feb 2019 16:15:36 +0300
Subject: [PATCH 13/95] Add schema migration

---
 control.go | 52 ++++++++++++++++++------------------------
 dhcp.go    | 16 ++++++-------
 go.mod     |  1 +
 upgrade.go | 66 +++++++++++++++++++++++++++++++++++++++++++++++++-----
 4 files changed, 91 insertions(+), 44 deletions(-)

diff --git a/control.go b/control.go
index e9890575..dd368380 100644
--- a/control.go
+++ b/control.go
@@ -57,10 +57,10 @@ func returnOK(w http.ResponseWriter) {
 	}
 }
 
-func httpError(w http.ResponseWriter, code int, format string, args ...interface{}) {
+func httpError(w *http.ResponseWriter, code int, format string, args ...interface{}) {
 	text := fmt.Sprintf(format, args...)
 	log.Println(text)
-	http.Error(w, text, code)
+	http.Error(*w, text, code)
 }
 
 // ---------------
@@ -78,7 +78,7 @@ func writeAllConfigsAndReloadDNS() error {
 func httpUpdateConfigReloadDNSReturnOK(w http.ResponseWriter, r *http.Request) {
 	err := writeAllConfigsAndReloadDNS()
 	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
+		httpError(&w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
 		return
 	}
 	returnOK(w)
@@ -334,9 +334,7 @@ func handleSetBootstrapDNS(w http.ResponseWriter, r *http.Request) {
 func setDNSServers(w *http.ResponseWriter, r *http.Request, upstreams bool) {
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
-		errorText := fmt.Sprintf("Failed to read request body: %s", err)
-		log.Println(errorText)
-		http.Error(*w, errorText, http.StatusBadRequest)
+		httpError(w, http.StatusBadRequest, "Failed to read request body: %s", err)
 		return
 	}
 	// if empty body -- user is asking for default servers
@@ -379,23 +377,17 @@ func setDNSServers(w *http.ResponseWriter, r *http.Request, upstreams bool) {
 
 	err = writeAllConfigs()
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't write config file: %s", err)
-		log.Println(errorText)
-		http.Error(*w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
 		return
 	}
 	err = reconfigureDNSServer()
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't reconfigure the DNS server: %s", err)
-		log.Println(errorText)
-		http.Error(*w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't reconfigure the DNS server: %s", err)
 		return
 	}
 	_, err = fmt.Fprintf(*w, "OK %d servers\n", count)
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
-		http.Error(*w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't write body: %s", err)
 	}
 }
 
@@ -574,7 +566,7 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 	f := filter{}
 	err := json.NewDecoder(r.Body).Decode(&f)
 	if err != nil {
-		httpError(w, http.StatusBadRequest, "Failed to parse request body json: %s", err)
+		httpError(&w, http.StatusBadRequest, "Failed to parse request body json: %s", err)
 		return
 	}
 
@@ -975,7 +967,7 @@ func handleInstallGetAddresses(w http.ResponseWriter, r *http.Request) {
 
 	ifaces, err := getValidNetInterfacesForWeb()
 	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Couldn't get interfaces: %s", err)
+		httpError(&w, http.StatusInternalServerError, "Couldn't get interfaces: %s", err)
 		return
 	}
 
@@ -987,7 +979,7 @@ func handleInstallGetAddresses(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	err = json.NewEncoder(w).Encode(data)
 	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Unable to marshal default addresses to json: %s", err)
+		httpError(&w, http.StatusInternalServerError, "Unable to marshal default addresses to json: %s", err)
 		return
 	}
 }
@@ -996,7 +988,7 @@ func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
 	newSettings := firstRunData{}
 	err := json.NewDecoder(r.Body).Decode(&newSettings)
 	if err != nil {
-		httpError(w, http.StatusBadRequest, "Failed to parse new config json: %s", err)
+		httpError(&w, http.StatusBadRequest, "Failed to parse new config json: %s", err)
 		return
 	}
 
@@ -1010,14 +1002,14 @@ func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
 	if restartHTTP {
 		err = checkPortAvailable(newSettings.Web.IP, newSettings.Web.Port)
 		if err != nil {
-			httpError(w, http.StatusBadRequest, "Impossible to listen on IP:port %s due to %s", net.JoinHostPort(newSettings.Web.IP, strconv.Itoa(newSettings.Web.Port)), err)
+			httpError(&w, http.StatusBadRequest, "Impossible to listen on IP:port %s due to %s", net.JoinHostPort(newSettings.Web.IP, strconv.Itoa(newSettings.Web.Port)), err)
 			return
 		}
 	}
 
 	err = checkPacketPortAvailable(newSettings.DNS.IP, newSettings.DNS.Port)
 	if err != nil {
-		httpError(w, http.StatusBadRequest, "Impossible to listen on IP:port %s due to %s", net.JoinHostPort(newSettings.DNS.IP, strconv.Itoa(newSettings.DNS.Port)), err)
+		httpError(&w, http.StatusBadRequest, "Impossible to listen on IP:port %s due to %s", net.JoinHostPort(newSettings.DNS.IP, strconv.Itoa(newSettings.DNS.Port)), err)
 		return
 	}
 
@@ -1032,7 +1024,7 @@ func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
 	if config.DNS.Port != 0 {
 		err = startDNSServer()
 		if err != nil {
-			httpError(w, http.StatusInternalServerError, "Couldn't start DNS server: %s", err)
+			httpError(&w, http.StatusInternalServerError, "Couldn't start DNS server: %s", err)
 			return
 		}
 	}
@@ -1057,7 +1049,7 @@ func handleTLSStatus(w http.ResponseWriter, r *http.Request) {
 func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 	data, err := unmarshalTLS(r)
 	if err != nil {
-		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
+		httpError(&w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
 		return
 	}
 
@@ -1070,7 +1062,7 @@ func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 	if !alreadyRunning {
 		err = checkPortAvailable(config.BindHost, data.PortHTTPS)
 		if err != nil {
-			httpError(w, http.StatusBadRequest, "port %d is not available, cannot enable HTTPS on it", data.PortHTTPS)
+			httpError(&w, http.StatusBadRequest, "port %d is not available, cannot enable HTTPS on it", data.PortHTTPS)
 			return
 		}
 	}
@@ -1082,7 +1074,7 @@ func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 	data, err := unmarshalTLS(r)
 	if err != nil {
-		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
+		httpError(&w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
 		return
 	}
 
@@ -1095,7 +1087,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 	if !alreadyRunning {
 		err = checkPortAvailable(config.BindHost, data.PortHTTPS)
 		if err != nil {
-			httpError(w, http.StatusBadRequest, "port %d is not available, cannot enable HTTPS on it", data.PortHTTPS)
+			httpError(&w, http.StatusBadRequest, "port %d is not available, cannot enable HTTPS on it", data.PortHTTPS)
 			return
 		}
 	}
@@ -1109,7 +1101,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 	config.TLS = data
 	err = writeAllConfigsAndReloadDNS()
 	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
+		httpError(&w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
 		return
 	}
 	marshalTLS(w, data)
@@ -1328,7 +1320,7 @@ func marshalTLS(w http.ResponseWriter, data tlsConfig) {
 	}
 	err := json.NewEncoder(w).Encode(data)
 	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Failed to marshal json with TLS status: %s", err)
+		httpError(&w, http.StatusInternalServerError, "Failed to marshal json with TLS status: %s", err)
 		return
 	}
 }
@@ -1338,12 +1330,12 @@ func marshalTLS(w http.ResponseWriter, data tlsConfig) {
 // --------------
 func handleDOH(w http.ResponseWriter, r *http.Request) {
 	if r.TLS == nil {
-		httpError(w, http.StatusNotFound, "Not Found")
+		httpError(&w, http.StatusNotFound, "Not Found")
 		return
 	}
 
 	if !isRunning() {
-		httpError(w, http.StatusInternalServerError, "DNS server is not running")
+		httpError(&w, http.StatusInternalServerError, "DNS server is not running")
 		return
 	}
 
diff --git a/dhcp.go b/dhcp.go
index a67b0ef6..6098a1a2 100644
--- a/dhcp.go
+++ b/dhcp.go
@@ -37,7 +37,7 @@ func handleDHCPStatus(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	err := json.NewEncoder(w).Encode(status)
 	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Unable to marshal DHCP status json: %s", err)
+		httpError(&w, http.StatusInternalServerError, "Unable to marshal DHCP status json: %s", err)
 		return
 	}
 }
@@ -46,14 +46,14 @@ func handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
 	newconfig := dhcpd.ServerConfig{}
 	err := json.NewDecoder(r.Body).Decode(&newconfig)
 	if err != nil {
-		httpError(w, http.StatusBadRequest, "Failed to parse new DHCP config json: %s", err)
+		httpError(&w, http.StatusBadRequest, "Failed to parse new DHCP config json: %s", err)
 		return
 	}
 
 	if newconfig.Enabled {
 		err := dhcpServer.Start(&newconfig)
 		if err != nil {
-			httpError(w, http.StatusBadRequest, "Failed to start DHCP server: %s", err)
+			httpError(&w, http.StatusBadRequest, "Failed to start DHCP server: %s", err)
 			return
 		}
 	}
@@ -72,7 +72,7 @@ func handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
 
 	ifaces, err := getValidNetInterfaces()
 	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Couldn't get interfaces: %s", err)
+		httpError(&w, http.StatusInternalServerError, "Couldn't get interfaces: %s", err)
 		return
 	}
 
@@ -87,7 +87,7 @@ func handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
 		}
 		addrs, err := iface.Addrs()
 		if err != nil {
-			httpError(w, http.StatusInternalServerError, "Failed to get addresses for interface %s: %s", iface.Name, err)
+			httpError(&w, http.StatusInternalServerError, "Failed to get addresses for interface %s: %s", iface.Name, err)
 			return
 		}
 
@@ -105,7 +105,7 @@ func handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
 			ipnet, ok := addr.(*net.IPNet)
 			if !ok {
 				// not an IPNet, should not happen
-				httpError(w, http.StatusInternalServerError, "SHOULD NOT HAPPEN: got iface.Addrs() element %s that is not net.IPNet, it is %T", addr, addr)
+				httpError(&w, http.StatusInternalServerError, "SHOULD NOT HAPPEN: got iface.Addrs() element %s that is not net.IPNet, it is %T", addr, addr)
 				return
 			}
 			// ignore link-local
@@ -122,7 +122,7 @@ func handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
 
 	err = json.NewEncoder(w).Encode(response)
 	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Failed to marshal json with available interfaces: %s", err)
+		httpError(&w, http.StatusInternalServerError, "Failed to marshal json with available interfaces: %s", err)
 		return
 	}
 }
@@ -153,7 +153,7 @@ func handleDHCPFindActiveServer(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	err = json.NewEncoder(w).Encode(result)
 	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Failed to marshal DHCP found json: %s", err)
+		httpError(&w, http.StatusInternalServerError, "Failed to marshal DHCP found json: %s", err)
 		return
 	}
 }
diff --git a/go.mod b/go.mod
index cba63387..ebc1b9f3 100644
--- a/go.mod
+++ b/go.mod
@@ -13,6 +13,7 @@ require (
 	github.com/kardianos/service v0.0.0-20181115005516-4c239ee84e7b
 	github.com/krolaw/dhcp4 v0.0.0-20180925202202-7cead472c414
 	github.com/miekg/dns v1.1.1
+	github.com/pkg/errors v0.8.0
 	github.com/shirou/gopsutil v2.18.10+incompatible
 	github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 // indirect
 	github.com/stretchr/testify v1.2.2
diff --git a/upgrade.go b/upgrade.go
index 0b3ddc5c..b431dc71 100644
--- a/upgrade.go
+++ b/upgrade.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"errors"
 	"fmt"
 	"io/ioutil"
 	"os"
@@ -10,7 +11,7 @@ import (
 	yaml "gopkg.in/yaml.v2"
 )
 
-const currentSchemaVersion = 2 // used for upgrading from old configs to new config
+const currentSchemaVersion = 3 // used for upgrading from old configs to new config
 
 // Performs necessary upgrade operations if needed
 func upgradeConfig() error {
@@ -59,12 +60,17 @@ func upgradeConfig() error {
 func upgradeConfigSchema(oldVersion int, diskConfig *map[string]interface{}) error {
 	switch oldVersion {
 	case 0:
-		err := upgradeSchema0to2(diskConfig)
+		err := upgradeSchema0to3(diskConfig)
 		if err != nil {
 			return err
 		}
 	case 1:
-		err := upgradeSchema1to2(diskConfig)
+		err := upgradeSchema1to3(diskConfig)
+		if err != nil {
+			return err
+		}
+	case 2:
+		err := upgradeSchema2to3(diskConfig)
 		if err != nil {
 			return err
 		}
@@ -135,12 +141,60 @@ func upgradeSchema1to2(diskConfig *map[string]interface{}) error {
 	return nil
 }
 
-// jump two schemas at once -- this time we just do it sequentially
-func upgradeSchema0to2(diskConfig *map[string]interface{}) error {
+// Third schema upgrade:
+// Bootstrap DNS becomes an array
+func upgradeSchema2to3(diskConfig *map[string]interface{}) error {
+	log.Printf("%s(): called", _Func())
+
+	// Let's read dns configuration from diskConfig
+	dnsConfig, ok := (*diskConfig)["dns"]
+	if !ok {
+		return errors.New("no DNS configuration in config file")
+	}
+
+	// Convert interface{} to map[string]interface{}
+	newDNSConfig := make(map[string]interface{})
+
+	switch v := dnsConfig.(type) {
+	case map[interface{}]interface{}:
+		for k, v := range v {
+			newDNSConfig[fmt.Sprint(k)] = v
+		}
+	default:
+		return errors.New("DNS configuration is not a map")
+	}
+
+	// Replace bootstrap_dns value filed with new array contains old bootstrap_dns inside
+	if bootstrapDNS, ok := (newDNSConfig)["bootstrap_dns"]; ok {
+		newBootstrapConfig := []string{fmt.Sprint(bootstrapDNS)}
+		(newDNSConfig)["bootstrap_dns"] = newBootstrapConfig
+		(*diskConfig)["dns"] = newDNSConfig
+	} else {
+		return errors.New("no bootstrap DNS in DNS config")
+	}
+
+	// Bump schema version
+	(*diskConfig)["schema_version"] = 3
+
+	return nil
+}
+
+// jump three schemas at once -- this time we just do it sequentially
+func upgradeSchema0to3(diskConfig *map[string]interface{}) error {
 	err := upgradeSchema0to1(diskConfig)
 	if err != nil {
 		return err
 	}
 
-	return upgradeSchema1to2(diskConfig)
+	return upgradeSchema1to3(diskConfig)
+}
+
+// jump two schemas at once -- this time we just do it sequentially
+func upgradeSchema1to3(diskConfig *map[string]interface{}) error {
+	err := upgradeSchema1to2(diskConfig)
+	if err != nil {
+		return err
+	}
+
+	return upgradeSchema2to3(diskConfig)
 }

From 141b14c94a1ef319188e555a51044d4b52f9dddf Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 27 Feb 2019 16:19:45 +0300
Subject: [PATCH 14/95] Remove unuseful library

---
 go.mod     | 1 -
 upgrade.go | 7 +++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index ebc1b9f3..cba63387 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,6 @@ require (
 	github.com/kardianos/service v0.0.0-20181115005516-4c239ee84e7b
 	github.com/krolaw/dhcp4 v0.0.0-20180925202202-7cead472c414
 	github.com/miekg/dns v1.1.1
-	github.com/pkg/errors v0.8.0
 	github.com/shirou/gopsutil v2.18.10+incompatible
 	github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 // indirect
 	github.com/stretchr/testify v1.2.2
diff --git a/upgrade.go b/upgrade.go
index b431dc71..8932b9c7 100644
--- a/upgrade.go
+++ b/upgrade.go
@@ -1,7 +1,6 @@
 package main
 
 import (
-	"errors"
 	"fmt"
 	"io/ioutil"
 	"os"
@@ -149,7 +148,7 @@ func upgradeSchema2to3(diskConfig *map[string]interface{}) error {
 	// Let's read dns configuration from diskConfig
 	dnsConfig, ok := (*diskConfig)["dns"]
 	if !ok {
-		return errors.New("no DNS configuration in config file")
+		return fmt.Errorf("no DNS configuration in config file")
 	}
 
 	// Convert interface{} to map[string]interface{}
@@ -161,7 +160,7 @@ func upgradeSchema2to3(diskConfig *map[string]interface{}) error {
 			newDNSConfig[fmt.Sprint(k)] = v
 		}
 	default:
-		return errors.New("DNS configuration is not a map")
+		return fmt.Errorf("DNS configuration is not a map")
 	}
 
 	// Replace bootstrap_dns value filed with new array contains old bootstrap_dns inside
@@ -170,7 +169,7 @@ func upgradeSchema2to3(diskConfig *map[string]interface{}) error {
 		(newDNSConfig)["bootstrap_dns"] = newBootstrapConfig
 		(*diskConfig)["dns"] = newDNSConfig
 	} else {
-		return errors.New("no bootstrap DNS in DNS config")
+		return fmt.Errorf("no bootstrap DNS in DNS config")
 	}
 
 	// Bump schema version

From 1223965cd43a50b96e7f76f78d936f6995370b65 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 27 Feb 2019 16:42:50 +0300
Subject: [PATCH 15/95] Code simplify

---
 control.go | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/control.go b/control.go
index dd368380..e5d88082 100644
--- a/control.go
+++ b/control.go
@@ -354,23 +354,19 @@ func setDNSServers(w *http.ResponseWriter, r *http.Request, upstreams bool) {
 	}
 
 	// count of upstream or bootstrap servers
-	var count int
-	if upstreams {
-		count = len(hosts)
-	} else {
+	count := len(hosts)
+	if !upstreams {
 		count = len(bootstraps)
 	}
 
 	if upstreams {
-		if count == 0 {
-			config.DNS.UpstreamDNS = defaultDNS
-		} else {
+		config.DNS.UpstreamDNS = defaultDNS
+		if count != 0 {
 			config.DNS.UpstreamDNS = hosts
 		}
 	} else {
-		if count == 0 {
-			config.DNS.BootstrapDNS = defaultBootstrap
-		} else {
+		config.DNS.BootstrapDNS = defaultBootstrap
+		if count != 0 {
 			config.DNS.BootstrapDNS = bootstraps
 		}
 	}

From a9839e95a0f1b3a0d8af09cdaa94308cb2f49c16 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 27 Feb 2019 16:50:19 +0300
Subject: [PATCH 16/95] pointer is unuseful for httpError func

---
 control.go | 44 ++++++++++++++++++++++----------------------
 dhcp.go    | 16 ++++++++--------
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/control.go b/control.go
index e5d88082..3136ae2c 100644
--- a/control.go
+++ b/control.go
@@ -57,10 +57,10 @@ func returnOK(w http.ResponseWriter) {
 	}
 }
 
-func httpError(w *http.ResponseWriter, code int, format string, args ...interface{}) {
+func httpError(w http.ResponseWriter, code int, format string, args ...interface{}) {
 	text := fmt.Sprintf(format, args...)
 	log.Println(text)
-	http.Error(*w, text, code)
+	http.Error(w, text, code)
 }
 
 // ---------------
@@ -78,7 +78,7 @@ func writeAllConfigsAndReloadDNS() error {
 func httpUpdateConfigReloadDNSReturnOK(w http.ResponseWriter, r *http.Request) {
 	err := writeAllConfigsAndReloadDNS()
 	if err != nil {
-		httpError(&w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
+		httpError(w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
 		return
 	}
 	returnOK(w)
@@ -323,15 +323,15 @@ func sortByValue(m map[string]int) []string {
 // -----------------------
 
 func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
-	setDNSServers(&w, r, true)
+	setDNSServers(w, r, true)
 }
 
 func handleSetBootstrapDNS(w http.ResponseWriter, r *http.Request) {
-	setDNSServers(&w, r, false)
+	setDNSServers(w, r, false)
 }
 
 // setDNSServers sets upstream and bootstrap DNS servers
-func setDNSServers(w *http.ResponseWriter, r *http.Request, upstreams bool) {
+func setDNSServers(w http.ResponseWriter, r *http.Request, upstreams bool) {
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to read request body: %s", err)
@@ -381,7 +381,7 @@ func setDNSServers(w *http.ResponseWriter, r *http.Request, upstreams bool) {
 		httpError(w, http.StatusInternalServerError, "Couldn't reconfigure the DNS server: %s", err)
 		return
 	}
-	_, err = fmt.Fprintf(*w, "OK %d servers\n", count)
+	_, err = fmt.Fprintf(w, "OK %d servers\n", count)
 	if err != nil {
 		httpError(w, http.StatusInternalServerError, "Couldn't write body: %s", err)
 	}
@@ -562,7 +562,7 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 	f := filter{}
 	err := json.NewDecoder(r.Body).Decode(&f)
 	if err != nil {
-		httpError(&w, http.StatusBadRequest, "Failed to parse request body json: %s", err)
+		httpError(w, http.StatusBadRequest, "Failed to parse request body json: %s", err)
 		return
 	}
 
@@ -963,7 +963,7 @@ func handleInstallGetAddresses(w http.ResponseWriter, r *http.Request) {
 
 	ifaces, err := getValidNetInterfacesForWeb()
 	if err != nil {
-		httpError(&w, http.StatusInternalServerError, "Couldn't get interfaces: %s", err)
+		httpError(w, http.StatusInternalServerError, "Couldn't get interfaces: %s", err)
 		return
 	}
 
@@ -975,7 +975,7 @@ func handleInstallGetAddresses(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	err = json.NewEncoder(w).Encode(data)
 	if err != nil {
-		httpError(&w, http.StatusInternalServerError, "Unable to marshal default addresses to json: %s", err)
+		httpError(w, http.StatusInternalServerError, "Unable to marshal default addresses to json: %s", err)
 		return
 	}
 }
@@ -984,7 +984,7 @@ func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
 	newSettings := firstRunData{}
 	err := json.NewDecoder(r.Body).Decode(&newSettings)
 	if err != nil {
-		httpError(&w, http.StatusBadRequest, "Failed to parse new config json: %s", err)
+		httpError(w, http.StatusBadRequest, "Failed to parse new config json: %s", err)
 		return
 	}
 
@@ -998,14 +998,14 @@ func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
 	if restartHTTP {
 		err = checkPortAvailable(newSettings.Web.IP, newSettings.Web.Port)
 		if err != nil {
-			httpError(&w, http.StatusBadRequest, "Impossible to listen on IP:port %s due to %s", net.JoinHostPort(newSettings.Web.IP, strconv.Itoa(newSettings.Web.Port)), err)
+			httpError(w, http.StatusBadRequest, "Impossible to listen on IP:port %s due to %s", net.JoinHostPort(newSettings.Web.IP, strconv.Itoa(newSettings.Web.Port)), err)
 			return
 		}
 	}
 
 	err = checkPacketPortAvailable(newSettings.DNS.IP, newSettings.DNS.Port)
 	if err != nil {
-		httpError(&w, http.StatusBadRequest, "Impossible to listen on IP:port %s due to %s", net.JoinHostPort(newSettings.DNS.IP, strconv.Itoa(newSettings.DNS.Port)), err)
+		httpError(w, http.StatusBadRequest, "Impossible to listen on IP:port %s due to %s", net.JoinHostPort(newSettings.DNS.IP, strconv.Itoa(newSettings.DNS.Port)), err)
 		return
 	}
 
@@ -1020,7 +1020,7 @@ func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
 	if config.DNS.Port != 0 {
 		err = startDNSServer()
 		if err != nil {
-			httpError(&w, http.StatusInternalServerError, "Couldn't start DNS server: %s", err)
+			httpError(w, http.StatusInternalServerError, "Couldn't start DNS server: %s", err)
 			return
 		}
 	}
@@ -1045,7 +1045,7 @@ func handleTLSStatus(w http.ResponseWriter, r *http.Request) {
 func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 	data, err := unmarshalTLS(r)
 	if err != nil {
-		httpError(&w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
+		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
 		return
 	}
 
@@ -1058,7 +1058,7 @@ func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 	if !alreadyRunning {
 		err = checkPortAvailable(config.BindHost, data.PortHTTPS)
 		if err != nil {
-			httpError(&w, http.StatusBadRequest, "port %d is not available, cannot enable HTTPS on it", data.PortHTTPS)
+			httpError(w, http.StatusBadRequest, "port %d is not available, cannot enable HTTPS on it", data.PortHTTPS)
 			return
 		}
 	}
@@ -1070,7 +1070,7 @@ func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 	data, err := unmarshalTLS(r)
 	if err != nil {
-		httpError(&w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
+		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
 		return
 	}
 
@@ -1083,7 +1083,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 	if !alreadyRunning {
 		err = checkPortAvailable(config.BindHost, data.PortHTTPS)
 		if err != nil {
-			httpError(&w, http.StatusBadRequest, "port %d is not available, cannot enable HTTPS on it", data.PortHTTPS)
+			httpError(w, http.StatusBadRequest, "port %d is not available, cannot enable HTTPS on it", data.PortHTTPS)
 			return
 		}
 	}
@@ -1097,7 +1097,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 	config.TLS = data
 	err = writeAllConfigsAndReloadDNS()
 	if err != nil {
-		httpError(&w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
+		httpError(w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
 		return
 	}
 	marshalTLS(w, data)
@@ -1316,7 +1316,7 @@ func marshalTLS(w http.ResponseWriter, data tlsConfig) {
 	}
 	err := json.NewEncoder(w).Encode(data)
 	if err != nil {
-		httpError(&w, http.StatusInternalServerError, "Failed to marshal json with TLS status: %s", err)
+		httpError(w, http.StatusInternalServerError, "Failed to marshal json with TLS status: %s", err)
 		return
 	}
 }
@@ -1326,12 +1326,12 @@ func marshalTLS(w http.ResponseWriter, data tlsConfig) {
 // --------------
 func handleDOH(w http.ResponseWriter, r *http.Request) {
 	if r.TLS == nil {
-		httpError(&w, http.StatusNotFound, "Not Found")
+		httpError(w, http.StatusNotFound, "Not Found")
 		return
 	}
 
 	if !isRunning() {
-		httpError(&w, http.StatusInternalServerError, "DNS server is not running")
+		httpError(w, http.StatusInternalServerError, "DNS server is not running")
 		return
 	}
 
diff --git a/dhcp.go b/dhcp.go
index 6098a1a2..a67b0ef6 100644
--- a/dhcp.go
+++ b/dhcp.go
@@ -37,7 +37,7 @@ func handleDHCPStatus(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	err := json.NewEncoder(w).Encode(status)
 	if err != nil {
-		httpError(&w, http.StatusInternalServerError, "Unable to marshal DHCP status json: %s", err)
+		httpError(w, http.StatusInternalServerError, "Unable to marshal DHCP status json: %s", err)
 		return
 	}
 }
@@ -46,14 +46,14 @@ func handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
 	newconfig := dhcpd.ServerConfig{}
 	err := json.NewDecoder(r.Body).Decode(&newconfig)
 	if err != nil {
-		httpError(&w, http.StatusBadRequest, "Failed to parse new DHCP config json: %s", err)
+		httpError(w, http.StatusBadRequest, "Failed to parse new DHCP config json: %s", err)
 		return
 	}
 
 	if newconfig.Enabled {
 		err := dhcpServer.Start(&newconfig)
 		if err != nil {
-			httpError(&w, http.StatusBadRequest, "Failed to start DHCP server: %s", err)
+			httpError(w, http.StatusBadRequest, "Failed to start DHCP server: %s", err)
 			return
 		}
 	}
@@ -72,7 +72,7 @@ func handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
 
 	ifaces, err := getValidNetInterfaces()
 	if err != nil {
-		httpError(&w, http.StatusInternalServerError, "Couldn't get interfaces: %s", err)
+		httpError(w, http.StatusInternalServerError, "Couldn't get interfaces: %s", err)
 		return
 	}
 
@@ -87,7 +87,7 @@ func handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
 		}
 		addrs, err := iface.Addrs()
 		if err != nil {
-			httpError(&w, http.StatusInternalServerError, "Failed to get addresses for interface %s: %s", iface.Name, err)
+			httpError(w, http.StatusInternalServerError, "Failed to get addresses for interface %s: %s", iface.Name, err)
 			return
 		}
 
@@ -105,7 +105,7 @@ func handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
 			ipnet, ok := addr.(*net.IPNet)
 			if !ok {
 				// not an IPNet, should not happen
-				httpError(&w, http.StatusInternalServerError, "SHOULD NOT HAPPEN: got iface.Addrs() element %s that is not net.IPNet, it is %T", addr, addr)
+				httpError(w, http.StatusInternalServerError, "SHOULD NOT HAPPEN: got iface.Addrs() element %s that is not net.IPNet, it is %T", addr, addr)
 				return
 			}
 			// ignore link-local
@@ -122,7 +122,7 @@ func handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
 
 	err = json.NewEncoder(w).Encode(response)
 	if err != nil {
-		httpError(&w, http.StatusInternalServerError, "Failed to marshal json with available interfaces: %s", err)
+		httpError(w, http.StatusInternalServerError, "Failed to marshal json with available interfaces: %s", err)
 		return
 	}
 }
@@ -153,7 +153,7 @@ func handleDHCPFindActiveServer(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	err = json.NewEncoder(w).Encode(result)
 	if err != nil {
-		httpError(&w, http.StatusInternalServerError, "Failed to marshal DHCP found json: %s", err)
+		httpError(w, http.StatusInternalServerError, "Failed to marshal DHCP found json: %s", err)
 		return
 	}
 }

From 523c5ef10a064cd9f75742fc84d6ecbf0a764e58 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 27 Feb 2019 17:28:10 +0300
Subject: [PATCH 17/95] Refactor httpErrors

---
 control.go | 206 ++++++++++++++---------------------------------------
 1 file changed, 55 insertions(+), 151 deletions(-)

diff --git a/control.go b/control.go
index 70ff0e7c..23caf56e 100644
--- a/control.go
+++ b/control.go
@@ -51,9 +51,7 @@ var client = &http.Client{
 func returnOK(w http.ResponseWriter) {
 	_, err := fmt.Fprintf(w, "OK\n")
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't write body: %s", err)
 	}
 }
 
@@ -101,17 +99,13 @@ func handleStatus(w http.ResponseWriter, r *http.Request) {
 
 	jsonVal, err := json.Marshal(data)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 500)
+		httpError(w, http.StatusInternalServerError, "Unable to marshal status json: %s", err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	_, err = w.Write(jsonVal)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 500)
+		httpError(w, http.StatusInternalServerError, "Unable to write response json: %s", err)
 		return
 	}
 }
@@ -144,18 +138,14 @@ func handleQueryLog(w http.ResponseWriter, r *http.Request) {
 
 	jsonVal, err := json.Marshal(data)
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't marshal data into json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't marshal data into json: %s", err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	_, err = w.Write(jsonVal)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Unable to write response json: %s", err)
 	}
 }
 
@@ -200,9 +190,7 @@ func handleStatsTop(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	_, err := w.Write(statsJSON.Bytes())
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't write body: %s", err)
 	}
 }
 
@@ -211,9 +199,7 @@ func handleStatsReset(w http.ResponseWriter, r *http.Request) {
 	dnsServer.PurgeStats()
 	_, err := fmt.Fprintf(w, "OK\n")
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't write body: %s", err)
 	}
 }
 
@@ -223,17 +209,13 @@ func handleStats(w http.ResponseWriter, r *http.Request) {
 
 	statsJSON, err := json.Marshal(summed)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 500)
+		httpError(w, http.StatusInternalServerError, "Unable to marshal status json: %s", err)
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
 	_, err = w.Write(statsJSON)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 500)
+		httpError(w, http.StatusInternalServerError, "Unable to write response json: %s", err)
 		return
 	}
 }
@@ -260,40 +242,31 @@ func handleStatsHistory(w http.ResponseWriter, r *http.Request) {
 	// parse start and end time
 	startTime, err := time.Parse(time.RFC3339, r.URL.Query().Get("start_time"))
 	if err != nil {
-		errorText := fmt.Sprintf("Must specify valid start_time parameter: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusBadRequest)
+		httpError(w, http.StatusBadRequest, "Must specify valid start_time parameter: %s", err)
 		return
 	}
 	endTime, err := time.Parse(time.RFC3339, r.URL.Query().Get("end_time"))
 	if err != nil {
-		errorText := fmt.Sprintf("Must specify valid end_time parameter: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusBadRequest)
+		httpError(w, http.StatusBadRequest, "Must specify valid end_time parameter: %s", err)
 		return
 	}
 
 	data, err := dnsServer.GetStatsHistory(timeUnit, startTime, endTime)
 	if err != nil {
-		errorText := fmt.Sprintf("Cannot get stats history: %s", err)
-		http.Error(w, errorText, http.StatusBadRequest)
+		httpError(w, http.StatusBadRequest, "Cannot get stats history: %s", err)
 		return
 	}
 
 	statsJSON, err := json.Marshal(data)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Unable to marshal status json: %s", err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	_, err = w.Write(statsJSON)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Unable to write response json: %s", err)
 		return
 	}
 }
@@ -326,9 +299,7 @@ func sortByValue(m map[string]int) []string {
 func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
-		errorText := fmt.Sprintf("Failed to read request body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusBadRequest)
+		httpError(w, http.StatusBadRequest, "Failed to read request body: %s", err)
 		return
 	}
 	// if empty body -- user is asking for default servers
@@ -342,23 +313,17 @@ func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 
 	err = writeAllConfigs()
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't write config file: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
 		return
 	}
 	err = reconfigureDNSServer()
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't reconfigure the DNS server: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't reconfigure the DNS server: %s", err)
 		return
 	}
 	_, err = fmt.Fprintf(w, "OK %d servers\n", len(hosts))
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't write body: %s", err)
 	}
 }
 
@@ -378,18 +343,14 @@ func handleAllServersStatus(w http.ResponseWriter, r *http.Request) {
 	}
 	jsonVal, err := json.Marshal(data)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 500)
+		httpError(w, http.StatusInternalServerError, "Unable to marshal status json: %s", err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	_, err = w.Write(jsonVal)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 500)
+		httpError(w, http.StatusInternalServerError, "Unable to write response json: %s", err)
 		return
 	}
 }
@@ -397,17 +358,13 @@ func handleAllServersStatus(w http.ResponseWriter, r *http.Request) {
 func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
-		errorText := fmt.Sprintf("Failed to read request body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 400)
+		httpError(w, http.StatusBadRequest, "Failed to read request body: %s", err)
 		return
 	}
 	hosts := strings.Fields(string(body))
 
 	if len(hosts) == 0 {
-		errorText := fmt.Sprintf("No servers specified")
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusBadRequest)
+		httpError(w, http.StatusBadRequest, "No servers specified")
 		return
 	}
 
@@ -425,18 +382,14 @@ func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 
 	jsonVal, err := json.Marshal(result)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Unable to marshal status json: %s", err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	_, err = w.Write(jsonVal)
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't write body: %s", err)
 	}
 }
 
@@ -481,9 +434,7 @@ func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
 
 	resp, err := client.Get(versionCheckURL)
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't get version check json from %s: %T %s\n", versionCheckURL, err, err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusBadGateway)
+		httpError(w, http.StatusBadGateway, "Couldn't get version check json from %s: %T %s\n", versionCheckURL, err, err)
 		return
 	}
 	if resp != nil && resp.Body != nil {
@@ -493,18 +444,14 @@ func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
 	// read the body entirely
 	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't read response body from %s: %s", versionCheckURL, err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusBadGateway)
+		httpError(w, http.StatusBadGateway, "Couldn't read response body from %s: %s", versionCheckURL, err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	_, err = w.Write(body)
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't write body: %s", err)
 	}
 
 	versionCheckLastTime = now
@@ -537,18 +484,14 @@ func handleFilteringStatus(w http.ResponseWriter, r *http.Request) {
 	config.RUnlock()
 
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 500)
+		httpError(w, http.StatusInternalServerError, "Unable to marshal status json: %s", err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	_, err = w.Write(jsonVal)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 500)
+		httpError(w, http.StatusInternalServerError, "Unable to write response json: %s", err)
 		return
 	}
 }
@@ -562,21 +505,19 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if len(f.URL) == 0 {
-		http.Error(w, "URL parameter was not specified", 400)
+		http.Error(w, "URL parameter was not specified", http.StatusBadRequest)
 		return
 	}
 
 	if valid := govalidator.IsRequestURL(f.URL); !valid {
-		http.Error(w, "URL parameter is not valid request URL", 400)
+		http.Error(w, "URL parameter is not valid request URL", http.StatusBadRequest)
 		return
 	}
 
 	// Check for duplicates
 	for i := range config.Filters {
 		if config.Filters[i].URL == f.URL {
-			errorText := fmt.Sprintf("Filter URL already added -- %s", f.URL)
-			log.Println(errorText)
-			http.Error(w, errorText, http.StatusBadRequest)
+			httpError(w, http.StatusBadRequest, "Filter URL already added -- %s", f.URL)
 			return
 		}
 	}
@@ -588,30 +529,22 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 	// Download the filter contents
 	ok, err := f.update(true)
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't fetch filter from url %s: %s", f.URL, err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusBadRequest)
+		httpError(w, http.StatusBadRequest, "Couldn't fetch filter from url %s: %s", f.URL, err)
 		return
 	}
 	if f.RulesCount == 0 {
-		errorText := fmt.Sprintf("Filter at the url %s has no rules (maybe it points to blank page?)", f.URL)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusBadRequest)
+		httpError(w, http.StatusBadRequest, "Filter at the url %s has no rules (maybe it points to blank page?)", f.URL)
 		return
 	}
 	if !ok {
-		errorText := fmt.Sprintf("Filter at the url %s is invalid (maybe it points to blank page?)", f.URL)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusBadRequest)
+		httpError(w, http.StatusBadRequest, "Filter at the url %s is invalid (maybe it points to blank page?)", f.URL)
 		return
 	}
 
 	// Save the filter contents
 	err = f.save()
 	if err != nil {
-		errorText := fmt.Sprintf("Failed to save filter %d due to %s", f.ID, err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusBadRequest)
+		httpError(w, http.StatusBadRequest, "Failed to save filter %d due to %s", f.ID, err)
 		return
 	}
 
@@ -620,44 +553,36 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 	config.Filters = append(config.Filters, f)
 	err = writeAllConfigs()
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't write config file: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
 		return
 	}
 
 	err = reconfigureDNSServer()
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't reconfigure the DNS server: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't reconfigure the DNS server: %s", err)
 	}
 
 	_, err = fmt.Fprintf(w, "OK %d rules\n", f.RulesCount)
 	if err != nil {
-		errorText := fmt.Sprintf("Couldn't write body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, http.StatusInternalServerError)
+		httpError(w, http.StatusInternalServerError, "Couldn't write body: %s", err)
 	}
 }
 
 func handleFilteringRemoveURL(w http.ResponseWriter, r *http.Request) {
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
-		errorText := fmt.Sprintf("failed to parse parameters from body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 400)
+		httpError(w, http.StatusBadRequest, "failed to parse parameters from body: %s", err)
 		return
 	}
 
 	url, ok := parameters["url"]
 	if !ok {
-		http.Error(w, "URL parameter was not specified", 400)
+		http.Error(w, "URL parameter was not specified", http.StatusBadRequest)
 		return
 	}
 
 	if valid := govalidator.IsRequestURL(url); !valid {
-		http.Error(w, "URL parameter is not valid request URL", 400)
+		http.Error(w, "URL parameter is not valid request URL", http.StatusBadRequest)
 		return
 	}
 
@@ -670,8 +595,7 @@ func handleFilteringRemoveURL(w http.ResponseWriter, r *http.Request) {
 			// Remove the filter file
 			err := os.Remove(filter.Path())
 			if err != nil && !os.IsNotExist(err) {
-				errorText := fmt.Sprintf("Couldn't remove the filter file: %s", err)
-				http.Error(w, errorText, http.StatusInternalServerError)
+				httpError(w, http.StatusInternalServerError, "Couldn't remove the filter file: %s", err)
 				return
 			}
 		}
@@ -684,15 +608,13 @@ func handleFilteringRemoveURL(w http.ResponseWriter, r *http.Request) {
 func handleFilteringEnableURL(w http.ResponseWriter, r *http.Request) {
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
-		errorText := fmt.Sprintf("failed to parse parameters from body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 400)
+		httpError(w, http.StatusBadRequest, "failed to parse parameters from body: %s", err)
 		return
 	}
 
 	url, ok := parameters["url"]
 	if !ok {
-		http.Error(w, "URL parameter was not specified", 400)
+		http.Error(w, "URL parameter was not specified", http.StatusBadRequest)
 		return
 	}
 
@@ -723,15 +645,13 @@ func handleFilteringEnableURL(w http.ResponseWriter, r *http.Request) {
 func handleFilteringDisableURL(w http.ResponseWriter, r *http.Request) {
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
-		errorText := fmt.Sprintf("failed to parse parameters from body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 400)
+		httpError(w, http.StatusBadRequest, "failed to parse parameters from body: %s", err)
 		return
 	}
 
 	url, ok := parameters["url"]
 	if !ok {
-		http.Error(w, "URL parameter was not specified", 400)
+		http.Error(w, "URL parameter was not specified", http.StatusBadRequest)
 		return
 	}
 
@@ -760,9 +680,7 @@ func handleFilteringDisableURL(w http.ResponseWriter, r *http.Request) {
 func handleFilteringSetRules(w http.ResponseWriter, r *http.Request) {
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
-		errorText := fmt.Sprintf("Failed to read request body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 400)
+		httpError(w, http.StatusBadRequest, "Failed to read request body: %s", err)
 		return
 	}
 
@@ -796,17 +714,13 @@ func handleSafeBrowsingStatus(w http.ResponseWriter, r *http.Request) {
 	}
 	jsonVal, err := json.Marshal(data)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 500)
+		httpError(w, http.StatusInternalServerError, "Unable to marshal status json: %s", err)
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	_, err = w.Write(jsonVal)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 500)
+		httpError(w, http.StatusInternalServerError, "Unable to write response json: %s", err)
 		return
 	}
 }
@@ -817,9 +731,7 @@ func handleSafeBrowsingStatus(w http.ResponseWriter, r *http.Request) {
 func handleParentalEnable(w http.ResponseWriter, r *http.Request) {
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
-		errorText := fmt.Sprintf("failed to parse parameters from body: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 400)
+		httpError(w, http.StatusBadRequest, "failed to parse parameters from body: %s", err)
 		return
 	}
 
@@ -874,18 +786,14 @@ func handleParentalStatus(w http.ResponseWriter, r *http.Request) {
 	}
 	jsonVal, err := json.Marshal(data)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 500)
+		httpError(w, http.StatusInternalServerError, "Unable to marshal status json: %s", err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	_, err = w.Write(jsonVal)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 500)
+		httpError(w, http.StatusInternalServerError, "Unable to write response json: %s", err)
 		return
 	}
 }
@@ -910,18 +818,14 @@ func handleSafeSearchStatus(w http.ResponseWriter, r *http.Request) {
 	}
 	jsonVal, err := json.Marshal(data)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to marshal status json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 500)
+		httpError(w, http.StatusInternalServerError, "Unable to marshal status json: %s", err)
 		return
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	_, err = w.Write(jsonVal)
 	if err != nil {
-		errorText := fmt.Sprintf("Unable to write response json: %s", err)
-		log.Println(errorText)
-		http.Error(w, errorText, 500)
+		httpError(w, http.StatusInternalServerError, "Unable to write response json: %s", err)
 		return
 	}
 }

From 5ad9f8ead26b85c4475363df94bf13f2600c84d8 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Wed, 27 Feb 2019 17:36:02 +0300
Subject: [PATCH 18/95] * tlsConfigStatus.usable is public, renamed
 ("ValidPair") and is exported to json ("valid_pair")

---
 app.go               | 2 +-
 config.go            | 2 +-
 control.go           | 2 +-
 control_test.go      | 2 +-
 openapi/openapi.yaml | 4 ++++
 5 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/app.go b/app.go
index 07c67916..90575090 100644
--- a/app.go
+++ b/app.go
@@ -179,7 +179,7 @@ func run(args options) {
 			address := net.JoinHostPort(config.BindHost, strconv.Itoa(config.TLS.PortHTTPS))
 			// validate current TLS config and update warnings (it could have been loaded from file)
 			data := validateCertificates(config.TLS.CertificateChain, config.TLS.PrivateKey, config.TLS.ServerName)
-			if !data.usable {
+			if !data.ValidPair {
 				log.Fatal(data.WarningValidation)
 				os.Exit(1)
 			}
diff --git a/config.go b/config.go
index 87e5c6a8..1afc8f17 100644
--- a/config.go
+++ b/config.go
@@ -87,7 +87,7 @@ type tlsConfigStatus struct {
 	KeyType  string `yaml:"-" json:"key_type,omitempty"` // KeyType is one of RSA or ECDSA
 
 	// is usable? set by validator
-	usable bool
+	ValidPair bool `yaml:"-" json:"valid_pair"` // ValidPair is true if both certificate and private key are correct
 
 	// warnings
 	WarningValidation string `yaml:"-" json:"warning_validation,omitempty"` // WarningValidation is a validation warning message with the issue description
diff --git a/control.go b/control.go
index 57e614ca..eba3fd6e 100644
--- a/control.go
+++ b/control.go
@@ -1227,7 +1227,7 @@ func validateCertificates(certChain, pkey, serverName string) tlsConfigStatus {
 			data.WarningValidation = fmt.Sprintf("Invalid certificate or key: %s", err)
 			return data
 		}
-		data.usable = true
+		data.ValidPair = true
 	}
 
 	return data
diff --git a/control_test.go b/control_test.go
index c5df3b45..b823b252 100644
--- a/control_test.go
+++ b/control_test.go
@@ -71,7 +71,7 @@ kXS9jgARhhiWXJrk
 		data.NotBefore == notBefore &&
 		data.NotAfter == notAfter &&
 		// data.DNSNames[0] ==  &&
-		data.usable) {
+		data.ValidPair) {
 		t.Fatalf("valid cert & priv key: validateCertificates(): %v", data)
 	}
 }
diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml
index f1e23f86..4cf406e0 100644
--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@@ -1247,6 +1247,10 @@ definitions:
                 type: "string"
                 example: "You have specified an empty certificate"
                 description: "warning_validation is a validation warning message with the issue description"
+            valid_pair:
+                type: "boolean"
+                example: "true"
+                description: "valid_pair is true if both certificate and private key are correct"
     NetInterface:
         type: "object"
         description: "Network interface info"

From 1ed3a9673dfca48deed23099105d336ee632a9ff Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 27 Feb 2019 17:39:07 +0300
Subject: [PATCH 19/95] Add handles logging

---
 control.go | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/control.go b/control.go
index 23caf56e..b17e1c2e 100644
--- a/control.go
+++ b/control.go
@@ -83,6 +83,7 @@ func httpUpdateConfigReloadDNSReturnOK(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := map[string]interface{}{
 		"dns_address":        config.DNS.BindHost,
 		"http_port":          config.BindPort,
@@ -111,11 +112,13 @@ func handleStatus(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleProtectionEnable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.ProtectionEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleProtectionDisable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.ProtectionEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
@@ -124,16 +127,19 @@ func handleProtectionDisable(w http.ResponseWriter, r *http.Request) {
 // stats
 // -----
 func handleQueryLogEnable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.QueryLogEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleQueryLogDisable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.QueryLogEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleQueryLog(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := dnsServer.GetQueryLog()
 
 	jsonVal, err := json.Marshal(data)
@@ -150,6 +156,7 @@ func handleQueryLog(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleStatsTop(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	s := dnsServer.GetStatsTop()
 
 	// use manual json marshalling because we want maps to be sorted by value
@@ -196,6 +203,7 @@ func handleStatsTop(w http.ResponseWriter, r *http.Request) {
 
 // handleStatsReset resets the stats caches
 func handleStatsReset(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	dnsServer.PurgeStats()
 	_, err := fmt.Fprintf(w, "OK\n")
 	if err != nil {
@@ -205,6 +213,7 @@ func handleStatsReset(w http.ResponseWriter, r *http.Request) {
 
 // handleStats returns aggregated stats data for the 24 hours
 func handleStats(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	summed := dnsServer.GetAggregatedStats()
 
 	statsJSON, err := json.Marshal(summed)
@@ -222,6 +231,7 @@ func handleStats(w http.ResponseWriter, r *http.Request) {
 
 // HandleStatsHistory returns historical stats data for the 24 hours
 func handleStatsHistory(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	// handle time unit and prepare our time window size
 	timeUnitString := r.URL.Query().Get("time_unit")
 	var timeUnit time.Duration
@@ -297,6 +307,7 @@ func sortByValue(m map[string]int) []string {
 // -----------------------
 
 func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to read request body: %s", err)
@@ -328,16 +339,19 @@ func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleAllServersEnable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.AllServers = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleAllServersDisable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.AllServers = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleAllServersStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := map[string]interface{}{
 		"enabled": config.DNS.AllServers,
 	}
@@ -356,6 +370,7 @@ func handleAllServersStatus(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to read request body: %s", err)
@@ -424,6 +439,7 @@ func checkDNS(input string) error {
 }
 
 func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	now := time.Now()
 	if now.Sub(versionCheckLastTime) <= versionCheckPeriod && len(versionCheckJSON) != 0 {
 		// return cached copy
@@ -463,16 +479,19 @@ func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
 // ---------
 
 func handleFilteringEnable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.FilteringEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleFilteringDisable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.FilteringEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleFilteringStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := map[string]interface{}{
 		"enabled": config.DNS.FilteringEnabled,
 	}
@@ -497,6 +516,7 @@ func handleFilteringStatus(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	f := filter{}
 	err := json.NewDecoder(r.Body).Decode(&f)
 	if err != nil {
@@ -569,6 +589,7 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringRemoveURL(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "failed to parse parameters from body: %s", err)
@@ -606,6 +627,7 @@ func handleFilteringRemoveURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringEnableURL(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "failed to parse parameters from body: %s", err)
@@ -643,6 +665,7 @@ func handleFilteringEnableURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringDisableURL(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "failed to parse parameters from body: %s", err)
@@ -678,6 +701,7 @@ func handleFilteringDisableURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringSetRules(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to read request body: %s", err)
@@ -689,6 +713,7 @@ func handleFilteringSetRules(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringRefresh(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	force := r.URL.Query().Get("force")
 	updated := refreshFiltersIfNecessary(force != "")
 	fmt.Fprintf(w, "OK %d filters updated\n", updated)
@@ -699,16 +724,19 @@ func handleFilteringRefresh(w http.ResponseWriter, r *http.Request) {
 // ------------
 
 func handleSafeBrowsingEnable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.SafeBrowsingEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeBrowsingDisable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.SafeBrowsingEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeBrowsingStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := map[string]interface{}{
 		"enabled": config.DNS.SafeBrowsingEnabled,
 	}
@@ -729,6 +757,7 @@ func handleSafeBrowsingStatus(w http.ResponseWriter, r *http.Request) {
 // parental
 // --------
 func handleParentalEnable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "failed to parse parameters from body: %s", err)
@@ -773,11 +802,13 @@ func handleParentalEnable(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleParentalDisable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.ParentalEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleParentalStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := map[string]interface{}{
 		"enabled": config.DNS.ParentalEnabled,
 	}
@@ -803,16 +834,19 @@ func handleParentalStatus(w http.ResponseWriter, r *http.Request) {
 // ------------
 
 func handleSafeSearchEnable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.SafeSearchEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeSearchDisable(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	config.DNS.SafeSearchEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeSearchStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := map[string]interface{}{
 		"enabled": config.DNS.SafeSearchEnabled,
 	}
@@ -845,6 +879,7 @@ type firstRunData struct {
 }
 
 func handleInstallGetAddresses(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data := firstRunData{}
 
 	// find out if port 80 is available -- if not, fall back to 3000
@@ -880,6 +915,7 @@ func handleInstallGetAddresses(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	newSettings := firstRunData{}
 	err := json.NewDecoder(r.Body).Decode(&newSettings)
 	if err != nil {
@@ -938,10 +974,12 @@ func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
 // TLS
 // ---
 func handleTLSStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	marshalTLS(w, config.TLS)
 }
 
 func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data, err := unmarshalTLS(r)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
@@ -967,6 +1005,7 @@ func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	data, err := unmarshalTLS(r)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
@@ -1224,6 +1263,7 @@ func marshalTLS(w http.ResponseWriter, data tlsConfig) {
 // DNS-over-HTTPS
 // --------------
 func handleDOH(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("")
 	if r.TLS == nil {
 		httpError(w, http.StatusNotFound, "Not Found")
 		return

From eb22d9cdd9d74a150bd31ef0efb497e3bdc9fae1 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Wed, 27 Feb 2019 17:55:23 +0300
Subject: [PATCH 20/95] * use golibs v0.1.0

---
 go.mod | 2 +-
 go.sum | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 49f35dc7..17d3e7f6 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module github.com/AdguardTeam/AdGuardHome
 
 require (
 	github.com/AdguardTeam/dnsproxy v0.11.1
-	github.com/AdguardTeam/golibs v0.1
+	github.com/AdguardTeam/golibs v0.1.0
 	github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f // indirect
 	github.com/bluele/gcache v0.0.0-20171010155617-472614239ac7
 	github.com/go-ole/go-ole v1.2.1 // indirect
diff --git a/go.sum b/go.sum
index 3f19484f..08cbdd65 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,7 @@
 github.com/AdguardTeam/dnsproxy v0.11.1 h1:qO5VH0GYF9vdksQRG8frEfJ+CJjsPBwuct8FH6Mij7o=
 github.com/AdguardTeam/dnsproxy v0.11.1/go.mod h1:lEi2srAWwfSQWoy8GeZR6lwS+FSMoiZid8bQPreOLb0=
+github.com/AdguardTeam/golibs v0.1.0 h1:Mo1QNKC8eSbqczhxfdBXYCrUMwvgCyCwZFyWv+2Gdng=
+github.com/AdguardTeam/golibs v0.1.0/go.mod h1:zhi6xGwK4cMpjDocybhhLgvcGkstiSIjlpKbvyxC5Yc=
 github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f h1:5ZfJxyXo8KyX8DgGXC5B7ILL8y51fci/qYz2B4j8iLY=
 github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=

From 1626b6bd5aace36f86cc7ea9c399396b4aa1f73b Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 27 Feb 2019 18:09:57 +0300
Subject: [PATCH 21/95] Fix empty logging

---
 control.go | 80 +++++++++++++++++++++++++++---------------------------
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/control.go b/control.go
index b17e1c2e..ed5fc682 100644
--- a/control.go
+++ b/control.go
@@ -83,7 +83,7 @@ func httpUpdateConfigReloadDNSReturnOK(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := map[string]interface{}{
 		"dns_address":        config.DNS.BindHost,
 		"http_port":          config.BindPort,
@@ -112,13 +112,13 @@ func handleStatus(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleProtectionEnable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.ProtectionEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleProtectionDisable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.ProtectionEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
@@ -127,19 +127,19 @@ func handleProtectionDisable(w http.ResponseWriter, r *http.Request) {
 // stats
 // -----
 func handleQueryLogEnable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.QueryLogEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleQueryLogDisable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.QueryLogEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleQueryLog(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := dnsServer.GetQueryLog()
 
 	jsonVal, err := json.Marshal(data)
@@ -156,7 +156,7 @@ func handleQueryLog(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleStatsTop(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	s := dnsServer.GetStatsTop()
 
 	// use manual json marshalling because we want maps to be sorted by value
@@ -203,7 +203,7 @@ func handleStatsTop(w http.ResponseWriter, r *http.Request) {
 
 // handleStatsReset resets the stats caches
 func handleStatsReset(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	dnsServer.PurgeStats()
 	_, err := fmt.Fprintf(w, "OK\n")
 	if err != nil {
@@ -213,7 +213,7 @@ func handleStatsReset(w http.ResponseWriter, r *http.Request) {
 
 // handleStats returns aggregated stats data for the 24 hours
 func handleStats(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	summed := dnsServer.GetAggregatedStats()
 
 	statsJSON, err := json.Marshal(summed)
@@ -231,7 +231,7 @@ func handleStats(w http.ResponseWriter, r *http.Request) {
 
 // HandleStatsHistory returns historical stats data for the 24 hours
 func handleStatsHistory(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	// handle time unit and prepare our time window size
 	timeUnitString := r.URL.Query().Get("time_unit")
 	var timeUnit time.Duration
@@ -307,7 +307,7 @@ func sortByValue(m map[string]int) []string {
 // -----------------------
 
 func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to read request body: %s", err)
@@ -339,19 +339,19 @@ func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleAllServersEnable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.AllServers = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleAllServersDisable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.AllServers = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleAllServersStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := map[string]interface{}{
 		"enabled": config.DNS.AllServers,
 	}
@@ -370,7 +370,7 @@ func handleAllServersStatus(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to read request body: %s", err)
@@ -439,7 +439,7 @@ func checkDNS(input string) error {
 }
 
 func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	now := time.Now()
 	if now.Sub(versionCheckLastTime) <= versionCheckPeriod && len(versionCheckJSON) != 0 {
 		// return cached copy
@@ -479,19 +479,19 @@ func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
 // ---------
 
 func handleFilteringEnable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.FilteringEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleFilteringDisable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.FilteringEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleFilteringStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := map[string]interface{}{
 		"enabled": config.DNS.FilteringEnabled,
 	}
@@ -516,7 +516,7 @@ func handleFilteringStatus(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	f := filter{}
 	err := json.NewDecoder(r.Body).Decode(&f)
 	if err != nil {
@@ -589,7 +589,7 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringRemoveURL(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "failed to parse parameters from body: %s", err)
@@ -627,7 +627,7 @@ func handleFilteringRemoveURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringEnableURL(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "failed to parse parameters from body: %s", err)
@@ -665,7 +665,7 @@ func handleFilteringEnableURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringDisableURL(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "failed to parse parameters from body: %s", err)
@@ -701,7 +701,7 @@ func handleFilteringDisableURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringSetRules(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to read request body: %s", err)
@@ -713,7 +713,7 @@ func handleFilteringSetRules(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringRefresh(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	force := r.URL.Query().Get("force")
 	updated := refreshFiltersIfNecessary(force != "")
 	fmt.Fprintf(w, "OK %d filters updated\n", updated)
@@ -724,19 +724,19 @@ func handleFilteringRefresh(w http.ResponseWriter, r *http.Request) {
 // ------------
 
 func handleSafeBrowsingEnable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.SafeBrowsingEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeBrowsingDisable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.SafeBrowsingEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeBrowsingStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := map[string]interface{}{
 		"enabled": config.DNS.SafeBrowsingEnabled,
 	}
@@ -757,7 +757,7 @@ func handleSafeBrowsingStatus(w http.ResponseWriter, r *http.Request) {
 // parental
 // --------
 func handleParentalEnable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "failed to parse parameters from body: %s", err)
@@ -802,13 +802,13 @@ func handleParentalEnable(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleParentalDisable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.ParentalEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleParentalStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := map[string]interface{}{
 		"enabled": config.DNS.ParentalEnabled,
 	}
@@ -834,19 +834,19 @@ func handleParentalStatus(w http.ResponseWriter, r *http.Request) {
 // ------------
 
 func handleSafeSearchEnable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.SafeSearchEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeSearchDisable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.SafeSearchEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeSearchStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := map[string]interface{}{
 		"enabled": config.DNS.SafeSearchEnabled,
 	}
@@ -879,7 +879,7 @@ type firstRunData struct {
 }
 
 func handleInstallGetAddresses(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := firstRunData{}
 
 	// find out if port 80 is available -- if not, fall back to 3000
@@ -915,7 +915,7 @@ func handleInstallGetAddresses(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	newSettings := firstRunData{}
 	err := json.NewDecoder(r.Body).Decode(&newSettings)
 	if err != nil {
@@ -974,12 +974,12 @@ func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
 // TLS
 // ---
 func handleTLSStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	marshalTLS(w, config.TLS)
 }
 
 func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data, err := unmarshalTLS(r)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
@@ -1005,7 +1005,7 @@ func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data, err := unmarshalTLS(r)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
@@ -1263,7 +1263,7 @@ func marshalTLS(w http.ResponseWriter, data tlsConfig) {
 // DNS-over-HTTPS
 // --------------
 func handleDOH(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	if r.TLS == nil {
 		httpError(w, http.StatusNotFound, "Not Found")
 		return

From 7b64f9ff4282b6e582976cf66d632a30bc585503 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Wed, 27 Feb 2019 18:28:09 +0300
Subject: [PATCH 22/95] * use dnsproxy v0.11.2

---
 control.go | 2 +-
 go.mod     | 2 +-
 go.sum     | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/control.go b/control.go
index 52b85615..919602be 100644
--- a/control.go
+++ b/control.go
@@ -24,8 +24,8 @@ import (
 	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/dnsforward"
-	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/dnsproxy/upstream"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/joomcode/errorx"
 	"github.com/miekg/dns"
 	govalidator "gopkg.in/asaskevich/govalidator.v4"
diff --git a/go.mod b/go.mod
index 17d3e7f6..d824b5b7 100644
--- a/go.mod
+++ b/go.mod
@@ -1,7 +1,7 @@
 module github.com/AdguardTeam/AdGuardHome
 
 require (
-	github.com/AdguardTeam/dnsproxy v0.11.1
+	github.com/AdguardTeam/dnsproxy v0.11.2
 	github.com/AdguardTeam/golibs v0.1.0
 	github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f // indirect
 	github.com/bluele/gcache v0.0.0-20171010155617-472614239ac7
diff --git a/go.sum b/go.sum
index 08cbdd65..6e4a79f1 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,5 @@
-github.com/AdguardTeam/dnsproxy v0.11.1 h1:qO5VH0GYF9vdksQRG8frEfJ+CJjsPBwuct8FH6Mij7o=
-github.com/AdguardTeam/dnsproxy v0.11.1/go.mod h1:lEi2srAWwfSQWoy8GeZR6lwS+FSMoiZid8bQPreOLb0=
+github.com/AdguardTeam/dnsproxy v0.11.2 h1:S/Ag2q9qoZsmW1fvMohPZP7/5amEtz8NmFCp8kxUalQ=
+github.com/AdguardTeam/dnsproxy v0.11.2/go.mod h1:EPp92b5cYR7HZpO+OQu6xC7AyhUoBaXW3sfa3exq/0I=
 github.com/AdguardTeam/golibs v0.1.0 h1:Mo1QNKC8eSbqczhxfdBXYCrUMwvgCyCwZFyWv+2Gdng=
 github.com/AdguardTeam/golibs v0.1.0/go.mod h1:zhi6xGwK4cMpjDocybhhLgvcGkstiSIjlpKbvyxC5Yc=
 github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f h1:5ZfJxyXo8KyX8DgGXC5B7ILL8y51fci/qYz2B4j8iLY=

From f21daae02368841bdb7b8bff05bf208e3b9ab136 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Wed, 27 Feb 2019 18:28:52 +0300
Subject: [PATCH 23/95] * control: print HTTP request with log.Tracef()

---
 control.go | 74 +++++++++++++++++++++++++++---------------------------
 1 file changed, 37 insertions(+), 37 deletions(-)

diff --git a/control.go b/control.go
index 919602be..2b175e3e 100644
--- a/control.go
+++ b/control.go
@@ -85,7 +85,7 @@ func httpUpdateConfigReloadDNSReturnOK(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := map[string]interface{}{
 		"dns_address":        config.DNS.BindHost,
 		"http_port":          config.BindPort,
@@ -117,13 +117,13 @@ func handleStatus(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleProtectionEnable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.ProtectionEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleProtectionDisable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.ProtectionEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
@@ -132,19 +132,19 @@ func handleProtectionDisable(w http.ResponseWriter, r *http.Request) {
 // stats
 // -----
 func handleQueryLogEnable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.QueryLogEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleQueryLogDisable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.QueryLogEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleQueryLog(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := dnsServer.GetQueryLog()
 
 	jsonVal, err := json.Marshal(data)
@@ -165,7 +165,7 @@ func handleQueryLog(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleStatsTop(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	s := dnsServer.GetStatsTop()
 
 	// use manual json marshalling because we want maps to be sorted by value
@@ -214,7 +214,7 @@ func handleStatsTop(w http.ResponseWriter, r *http.Request) {
 
 // handleStatsReset resets the stats caches
 func handleStatsReset(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	dnsServer.PurgeStats()
 	_, err := fmt.Fprintf(w, "OK\n")
 	if err != nil {
@@ -226,7 +226,7 @@ func handleStatsReset(w http.ResponseWriter, r *http.Request) {
 
 // handleStats returns aggregated stats data for the 24 hours
 func handleStats(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	summed := dnsServer.GetAggregatedStats()
 
 	statsJSON, err := json.Marshal(summed)
@@ -248,7 +248,7 @@ func handleStats(w http.ResponseWriter, r *http.Request) {
 
 // HandleStatsHistory returns historical stats data for the 24 hours
 func handleStatsHistory(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	// handle time unit and prepare our time window size
 	timeUnitString := r.URL.Query().Get("time_unit")
 	var timeUnit time.Duration
@@ -333,7 +333,7 @@ func sortByValue(m map[string]int) []string {
 // -----------------------
 
 func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("Failed to read request body: %s", err)
@@ -373,7 +373,7 @@ func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("Failed to read request body: %s", err)
@@ -450,7 +450,7 @@ func checkDNS(input string) error {
 }
 
 func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	now := time.Now()
 	if now.Sub(versionCheckLastTime) <= versionCheckPeriod && len(versionCheckJSON) != 0 {
 		// return cached copy
@@ -496,19 +496,19 @@ func handleGetVersionJSON(w http.ResponseWriter, r *http.Request) {
 // ---------
 
 func handleFilteringEnable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.FilteringEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleFilteringDisable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.FilteringEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleFilteringStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := map[string]interface{}{
 		"enabled": config.DNS.FilteringEnabled,
 	}
@@ -537,7 +537,7 @@ func handleFilteringStatus(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	f := filter{}
 	err := json.NewDecoder(r.Body).Decode(&f)
 	if err != nil {
@@ -626,7 +626,7 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringRemoveURL(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("failed to parse parameters from body: %s", err)
@@ -667,7 +667,7 @@ func handleFilteringRemoveURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringEnableURL(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("failed to parse parameters from body: %s", err)
@@ -707,7 +707,7 @@ func handleFilteringEnableURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringDisableURL(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("failed to parse parameters from body: %s", err)
@@ -745,7 +745,7 @@ func handleFilteringDisableURL(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringSetRules(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("Failed to read request body: %s", err)
@@ -759,7 +759,7 @@ func handleFilteringSetRules(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleFilteringRefresh(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	force := r.URL.Query().Get("force")
 	updated := refreshFiltersIfNecessary(force != "")
 	fmt.Fprintf(w, "OK %d filters updated\n", updated)
@@ -770,19 +770,19 @@ func handleFilteringRefresh(w http.ResponseWriter, r *http.Request) {
 // ------------
 
 func handleSafeBrowsingEnable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.SafeBrowsingEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeBrowsingDisable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.SafeBrowsingEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeBrowsingStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := map[string]interface{}{
 		"enabled": config.DNS.SafeBrowsingEnabled,
 	}
@@ -807,7 +807,7 @@ func handleSafeBrowsingStatus(w http.ResponseWriter, r *http.Request) {
 // parental
 // --------
 func handleParentalEnable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	parameters, err := parseParametersFromBody(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("failed to parse parameters from body: %s", err)
@@ -854,13 +854,13 @@ func handleParentalEnable(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleParentalDisable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.ParentalEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleParentalStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := map[string]interface{}{
 		"enabled": config.DNS.ParentalEnabled,
 	}
@@ -890,19 +890,19 @@ func handleParentalStatus(w http.ResponseWriter, r *http.Request) {
 // ------------
 
 func handleSafeSearchEnable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.SafeSearchEnabled = true
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeSearchDisable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	config.DNS.SafeSearchEnabled = false
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 func handleSafeSearchStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := map[string]interface{}{
 		"enabled": config.DNS.SafeSearchEnabled,
 	}
@@ -939,7 +939,7 @@ type firstRunData struct {
 }
 
 func handleInstallGetAddresses(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data := firstRunData{}
 
 	// find out if port 80 is available -- if not, fall back to 3000
@@ -975,7 +975,7 @@ func handleInstallGetAddresses(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	newSettings := firstRunData{}
 	err := json.NewDecoder(r.Body).Decode(&newSettings)
 	if err != nil {
@@ -1034,12 +1034,12 @@ func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
 // TLS
 // ---
 func handleTLSStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	marshalTLS(w, config.TLS)
 }
 
 func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data, err := unmarshalTLS(r)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
@@ -1065,7 +1065,7 @@ func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	data, err := unmarshalTLS(r)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
@@ -1323,7 +1323,7 @@ func marshalTLS(w http.ResponseWriter, data tlsConfig) {
 // DNS-over-HTTPS
 // --------------
 func handleDOH(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("")
+	log.Tracef("%s %v", r.Method, r.URL)
 	if r.TLS == nil {
 		httpError(w, http.StatusNotFound, "Not Found")
 		return

From 24edf7eeb66668893b9add03003309d755295088 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Wed, 27 Feb 2019 18:46:04 +0300
Subject: [PATCH 24/95] * helper functions return 'error', not 'int'

---
 control.go | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/control.go b/control.go
index 540dee3f..0a074592 100644
--- a/control.go
+++ b/control.go
@@ -1114,8 +1114,7 @@ func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-// Return 0 on success
-func verifyCertChain(data *tlsConfigStatus, certChain string, serverName string) int {
+func verifyCertChain(data *tlsConfigStatus, certChain string, serverName string) error {
 	log.Tracef("got certificate: %s", certChain)
 
 	// now do a more extended validation
@@ -1142,14 +1141,14 @@ func verifyCertChain(data *tlsConfigStatus, certChain string, serverName string)
 		parsed, err := x509.ParseCertificate(cert.Bytes)
 		if err != nil {
 			data.WarningValidation = fmt.Sprintf("Failed to parse certificate: %s", err)
-			return 1
+			return errors.New("")
 		}
 		parsedCerts = append(parsedCerts, parsed)
 	}
 
 	if len(parsedCerts) == 0 {
 		data.WarningValidation = fmt.Sprintf("You have specified an empty certificate")
-		return 1
+		return errors.New("")
 	}
 
 	data.ValidCert = true
@@ -1192,11 +1191,10 @@ func verifyCertChain(data *tlsConfigStatus, certChain string, serverName string)
 		data.DNSNames = mainCert.DNSNames
 	}
 
-	return 0
+	return nil
 }
 
-// Return 0 on success
-func validatePkey(data *tlsConfigStatus, pkey string) int {
+func validatePkey(data *tlsConfigStatus, pkey string) error {
 	// now do a more extended validation
 	var key *pem.Block        // PEM-encoded certificates
 	var skippedBytes []string // skipped bytes
@@ -1219,19 +1217,19 @@ func validatePkey(data *tlsConfigStatus, pkey string) int {
 
 	if key == nil {
 		data.WarningValidation = "No valid keys were found"
-		return 1
+		return errors.New("")
 	}
 
 	// parse the decoded key
 	_, keytype, err := parsePrivateKey(key.Bytes)
 	if err != nil {
 		data.WarningValidation = fmt.Sprintf("Failed to parse private key: %s", err)
-		return 1
+		return errors.New("")
 	}
 
 	data.ValidKey = true
 	data.KeyType = keytype
-	return 0
+	return nil
 }
 
 /* Process certificate data and its private key.
@@ -1244,14 +1242,14 @@ func validateCertificates(certChain, pkey, serverName string) tlsConfigStatus {
 
 	// check only public certificate separately from the key
 	if certChain != "" {
-		if verifyCertChain(&data, certChain, serverName) != 0 {
+		if verifyCertChain(&data, certChain, serverName) != nil {
 			return data
 		}
 	}
 
 	// validate private key (right now the only validation possible is just parsing it)
 	if pkey != "" {
-		if validatePkey(&data, pkey) != 0 {
+		if validatePkey(&data, pkey) != nil {
 			return data
 		}
 	}

From bc325de13f2714961fdf32ef79fc3451d8db1f83 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 27 Feb 2019 18:49:53 +0300
Subject: [PATCH 25/95] Add missed logging

---
 control.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/control.go b/control.go
index 52f7932f..2a32b0b4 100644
--- a/control.go
+++ b/control.go
@@ -338,6 +338,7 @@ func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleSetBootstrapDNS(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("%s %v", r.Method, r.URL)
 	setDNSServers(w, r, false)
 }
 

From 241e7ca20c6ee3a53cd59922c44dfe9fe35698d7 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Wed, 27 Feb 2019 18:53:16 +0300
Subject: [PATCH 26/95] * control: move TLS handlers to a separate file

---
 control.go     | 320 +---------------------------------------------
 control_tls.go | 338 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 339 insertions(+), 319 deletions(-)
 create mode 100644 control_tls.go

diff --git a/control.go b/control.go
index 0a074592..9342aefd 100644
--- a/control.go
+++ b/control.go
@@ -3,21 +3,12 @@ package main
 import (
 	"bytes"
 	"context"
-	"crypto"
-	"crypto/ecdsa"
-	"crypto/rsa"
-	"crypto/tls"
-	"crypto/x509"
-	"encoding/base64"
 	"encoding/json"
-	"encoding/pem"
-	"errors"
 	"fmt"
 	"io/ioutil"
 	"net"
 	"net/http"
 	"os"
-	"reflect"
 	"sort"
 	"strconv"
 	"strings"
@@ -26,7 +17,6 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/dnsforward"
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/log"
-	"github.com/joomcode/errorx"
 	"github.com/miekg/dns"
 	govalidator "gopkg.in/asaskevich/govalidator.v4"
 )
@@ -1030,312 +1020,6 @@ func handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-// ---
-// TLS
-// ---
-func handleTLSStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("%s %v", r.Method, r.URL)
-	marshalTLS(w, config.TLS)
-}
-
-func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("%s %v", r.Method, r.URL)
-	data, err := unmarshalTLS(r)
-	if err != nil {
-		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
-		return
-	}
-
-	// check if port is available
-	// BUT: if we are already using this port, no need
-	alreadyRunning := false
-	if httpsServer.server != nil {
-		alreadyRunning = true
-	}
-	if !alreadyRunning {
-		err = checkPortAvailable(config.BindHost, data.PortHTTPS)
-		if err != nil {
-			httpError(w, http.StatusBadRequest, "port %d is not available, cannot enable HTTPS on it", data.PortHTTPS)
-			return
-		}
-	}
-
-	data.tlsConfigStatus = validateCertificates(data.CertificateChain, data.PrivateKey, data.ServerName)
-	marshalTLS(w, data)
-}
-
-func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("%s %v", r.Method, r.URL)
-	data, err := unmarshalTLS(r)
-	if err != nil {
-		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
-		return
-	}
-
-	// check if port is available
-	// BUT: if we are already using this port, no need
-	alreadyRunning := false
-	if httpsServer.server != nil {
-		alreadyRunning = true
-	}
-	if !alreadyRunning {
-		err = checkPortAvailable(config.BindHost, data.PortHTTPS)
-		if err != nil {
-			httpError(w, http.StatusBadRequest, "port %d is not available, cannot enable HTTPS on it", data.PortHTTPS)
-			return
-		}
-	}
-
-	restartHTTPS := false
-	data.tlsConfigStatus = validateCertificates(data.CertificateChain, data.PrivateKey, data.ServerName)
-	if !reflect.DeepEqual(config.TLS.tlsConfigSettings, data.tlsConfigSettings) {
-		log.Printf("tls config settings have changed, will restart HTTPS server")
-		restartHTTPS = true
-	}
-	config.TLS = data
-	err = writeAllConfigsAndReloadDNS()
-	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
-		return
-	}
-	marshalTLS(w, data)
-	// this needs to be done in a goroutine because Shutdown() is a blocking call, and it will block
-	// until all requests are finished, and _we_ are inside a request right now, so it will block indefinitely
-	if restartHTTPS {
-		go func() {
-			time.Sleep(time.Second) // TODO: could not find a way to reliably know that data was fully sent to client by https server, so we wait a bit to let response through before closing the server
-			httpsServer.cond.L.Lock()
-			httpsServer.cond.Broadcast()
-			if httpsServer.server != nil {
-				httpsServer.server.Shutdown(context.TODO())
-			}
-			httpsServer.cond.L.Unlock()
-		}()
-	}
-}
-
-func verifyCertChain(data *tlsConfigStatus, certChain string, serverName string) error {
-	log.Tracef("got certificate: %s", certChain)
-
-	// now do a more extended validation
-	var certs []*pem.Block    // PEM-encoded certificates
-	var skippedBytes []string // skipped bytes
-
-	pemblock := []byte(certChain)
-	for {
-		var decoded *pem.Block
-		decoded, pemblock = pem.Decode(pemblock)
-		if decoded == nil {
-			break
-		}
-		if decoded.Type == "CERTIFICATE" {
-			certs = append(certs, decoded)
-		} else {
-			skippedBytes = append(skippedBytes, decoded.Type)
-		}
-	}
-
-	var parsedCerts []*x509.Certificate
-
-	for _, cert := range certs {
-		parsed, err := x509.ParseCertificate(cert.Bytes)
-		if err != nil {
-			data.WarningValidation = fmt.Sprintf("Failed to parse certificate: %s", err)
-			return errors.New("")
-		}
-		parsedCerts = append(parsedCerts, parsed)
-	}
-
-	if len(parsedCerts) == 0 {
-		data.WarningValidation = fmt.Sprintf("You have specified an empty certificate")
-		return errors.New("")
-	}
-
-	data.ValidCert = true
-
-	// spew.Dump(parsedCerts)
-
-	opts := x509.VerifyOptions{
-		DNSName: serverName,
-	}
-
-	log.Printf("number of certs - %d", len(parsedCerts))
-	if len(parsedCerts) > 1 {
-		// set up an intermediate
-		pool := x509.NewCertPool()
-		for _, cert := range parsedCerts[1:] {
-			log.Printf("got an intermediate cert")
-			pool.AddCert(cert)
-		}
-		opts.Intermediates = pool
-	}
-
-	// TODO: save it as a warning rather than error it out -- shouldn't be a big problem
-	mainCert := parsedCerts[0]
-	_, err := mainCert.Verify(opts)
-	if err != nil {
-		// let self-signed certs through
-		data.WarningValidation = fmt.Sprintf("Your certificate does not verify: %s", err)
-	} else {
-		data.ValidChain = true
-	}
-	// spew.Dump(chains)
-
-	// update status
-	if mainCert != nil {
-		notAfter := mainCert.NotAfter
-		data.Subject = mainCert.Subject.String()
-		data.Issuer = mainCert.Issuer.String()
-		data.NotAfter = notAfter
-		data.NotBefore = mainCert.NotBefore
-		data.DNSNames = mainCert.DNSNames
-	}
-
-	return nil
-}
-
-func validatePkey(data *tlsConfigStatus, pkey string) error {
-	// now do a more extended validation
-	var key *pem.Block        // PEM-encoded certificates
-	var skippedBytes []string // skipped bytes
-
-	// go through all pem blocks, but take first valid pem block and drop the rest
-	pemblock := []byte(pkey)
-	for {
-		var decoded *pem.Block
-		decoded, pemblock = pem.Decode(pemblock)
-		if decoded == nil {
-			break
-		}
-		if decoded.Type == "PRIVATE KEY" || strings.HasSuffix(decoded.Type, " PRIVATE KEY") {
-			key = decoded
-			break
-		} else {
-			skippedBytes = append(skippedBytes, decoded.Type)
-		}
-	}
-
-	if key == nil {
-		data.WarningValidation = "No valid keys were found"
-		return errors.New("")
-	}
-
-	// parse the decoded key
-	_, keytype, err := parsePrivateKey(key.Bytes)
-	if err != nil {
-		data.WarningValidation = fmt.Sprintf("Failed to parse private key: %s", err)
-		return errors.New("")
-	}
-
-	data.ValidKey = true
-	data.KeyType = keytype
-	return nil
-}
-
-/* Process certificate data and its private key.
-All parameters are optional.
-On error, return partially set object
- with 'WarningValidation' field containing error description.
-*/
-func validateCertificates(certChain, pkey, serverName string) tlsConfigStatus {
-	var data tlsConfigStatus
-
-	// check only public certificate separately from the key
-	if certChain != "" {
-		if verifyCertChain(&data, certChain, serverName) != nil {
-			return data
-		}
-	}
-
-	// validate private key (right now the only validation possible is just parsing it)
-	if pkey != "" {
-		if validatePkey(&data, pkey) != nil {
-			return data
-		}
-	}
-
-	// if both are set, validate both in unison
-	if pkey != "" && certChain != "" {
-		_, err := tls.X509KeyPair([]byte(certChain), []byte(pkey))
-		if err != nil {
-			data.WarningValidation = fmt.Sprintf("Invalid certificate or key: %s", err)
-			return data
-		}
-		data.ValidPair = true
-	}
-
-	return data
-}
-
-// Attempt to parse the given private key DER block. OpenSSL 0.9.8 generates
-// PKCS#1 private keys by default, while OpenSSL 1.0.0 generates PKCS#8 keys.
-// OpenSSL ecparam generates SEC1 EC private keys for ECDSA. We try all three.
-func parsePrivateKey(der []byte) (crypto.PrivateKey, string, error) {
-	if key, err := x509.ParsePKCS1PrivateKey(der); err == nil {
-		return key, "RSA", nil
-	}
-	if key, err := x509.ParsePKCS8PrivateKey(der); err == nil {
-		switch key := key.(type) {
-		case *rsa.PrivateKey:
-			return key, "RSA", nil
-		case *ecdsa.PrivateKey:
-			return key, "ECDSA", nil
-		default:
-			return nil, "", errors.New("tls: found unknown private key type in PKCS#8 wrapping")
-		}
-	}
-	if key, err := x509.ParseECPrivateKey(der); err == nil {
-		return key, "ECDSA", nil
-	}
-
-	return nil, "", errors.New("tls: failed to parse private key")
-}
-
-// unmarshalTLS handles base64-encoded certificates transparently
-func unmarshalTLS(r *http.Request) (tlsConfig, error) {
-	data := tlsConfig{}
-	err := json.NewDecoder(r.Body).Decode(&data)
-	if err != nil {
-		return data, errorx.Decorate(err, "Failed to parse new TLS config json")
-	}
-
-	if data.CertificateChain != "" {
-		certPEM, err := base64.StdEncoding.DecodeString(data.CertificateChain)
-		if err != nil {
-			return data, errorx.Decorate(err, "Failed to base64-decode certificate chain")
-		}
-		data.CertificateChain = string(certPEM)
-	}
-
-	if data.PrivateKey != "" {
-		keyPEM, err := base64.StdEncoding.DecodeString(data.PrivateKey)
-		if err != nil {
-			return data, errorx.Decorate(err, "Failed to base64-decode private key")
-		}
-
-		data.PrivateKey = string(keyPEM)
-	}
-
-	return data, nil
-}
-
-func marshalTLS(w http.ResponseWriter, data tlsConfig) {
-	w.Header().Set("Content-Type", "application/json")
-	if data.CertificateChain != "" {
-		encoded := base64.StdEncoding.EncodeToString([]byte(data.CertificateChain))
-		data.CertificateChain = encoded
-	}
-	if data.PrivateKey != "" {
-		encoded := base64.StdEncoding.EncodeToString([]byte(data.PrivateKey))
-		data.PrivateKey = encoded
-	}
-	err := json.NewEncoder(w).Encode(data)
-	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Failed to marshal json with TLS status: %s", err)
-		return
-	}
-}
-
 // --------------
 // DNS-over-HTTPS
 // --------------
@@ -1401,9 +1085,7 @@ func registerControlHandlers() {
 	http.HandleFunc("/control/dhcp/set_config", postInstall(optionalAuth(ensurePOST(handleDHCPSetConfig))))
 	http.HandleFunc("/control/dhcp/find_active_dhcp", postInstall(optionalAuth(ensurePOST(handleDHCPFindActiveServer))))
 
-	http.HandleFunc("/control/tls/status", postInstall(optionalAuth(ensureGET(handleTLSStatus))))
-	http.HandleFunc("/control/tls/configure", postInstall(optionalAuth(ensurePOST(handleTLSConfigure))))
-	http.HandleFunc("/control/tls/validate", postInstall(optionalAuth(ensurePOST(handleTLSValidate))))
+	RegisterTLSHandlers()
 
 	http.HandleFunc("/dns-query", postInstall(handleDOH))
 }
diff --git a/control_tls.go b/control_tls.go
new file mode 100644
index 00000000..d444fe07
--- /dev/null
+++ b/control_tls.go
@@ -0,0 +1,338 @@
+// Control: TLS configuring handlers
+
+package main
+
+import (
+	"context"
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/json"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"net/http"
+	"reflect"
+	"strings"
+	"time"
+
+	"github.com/AdguardTeam/golibs/log"
+	"github.com/joomcode/errorx"
+)
+
+// RegisterTLSHandlers registers HTTP handlers for TLS configuration
+func RegisterTLSHandlers() {
+	http.HandleFunc("/control/tls/status", postInstall(optionalAuth(ensureGET(handleTLSStatus))))
+	http.HandleFunc("/control/tls/configure", postInstall(optionalAuth(ensurePOST(handleTLSConfigure))))
+	http.HandleFunc("/control/tls/validate", postInstall(optionalAuth(ensurePOST(handleTLSValidate))))
+}
+
+func handleTLSStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("%s %v", r.Method, r.URL)
+	marshalTLS(w, config.TLS)
+}
+
+func handleTLSValidate(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("%s %v", r.Method, r.URL)
+	data, err := unmarshalTLS(r)
+	if err != nil {
+		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
+		return
+	}
+
+	// check if port is available
+	// BUT: if we are already using this port, no need
+	alreadyRunning := false
+	if httpsServer.server != nil {
+		alreadyRunning = true
+	}
+	if !alreadyRunning {
+		err = checkPortAvailable(config.BindHost, data.PortHTTPS)
+		if err != nil {
+			httpError(w, http.StatusBadRequest, "port %d is not available, cannot enable HTTPS on it", data.PortHTTPS)
+			return
+		}
+	}
+
+	data.tlsConfigStatus = validateCertificates(data.CertificateChain, data.PrivateKey, data.ServerName)
+	marshalTLS(w, data)
+}
+
+func handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("%s %v", r.Method, r.URL)
+	data, err := unmarshalTLS(r)
+	if err != nil {
+		httpError(w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
+		return
+	}
+
+	// check if port is available
+	// BUT: if we are already using this port, no need
+	alreadyRunning := false
+	if httpsServer.server != nil {
+		alreadyRunning = true
+	}
+	if !alreadyRunning {
+		err = checkPortAvailable(config.BindHost, data.PortHTTPS)
+		if err != nil {
+			httpError(w, http.StatusBadRequest, "port %d is not available, cannot enable HTTPS on it", data.PortHTTPS)
+			return
+		}
+	}
+
+	restartHTTPS := false
+	data.tlsConfigStatus = validateCertificates(data.CertificateChain, data.PrivateKey, data.ServerName)
+	if !reflect.DeepEqual(config.TLS.tlsConfigSettings, data.tlsConfigSettings) {
+		log.Printf("tls config settings have changed, will restart HTTPS server")
+		restartHTTPS = true
+	}
+	config.TLS = data
+	err = writeAllConfigsAndReloadDNS()
+	if err != nil {
+		httpError(w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
+		return
+	}
+	marshalTLS(w, data)
+	// this needs to be done in a goroutine because Shutdown() is a blocking call, and it will block
+	// until all requests are finished, and _we_ are inside a request right now, so it will block indefinitely
+	if restartHTTPS {
+		go func() {
+			time.Sleep(time.Second) // TODO: could not find a way to reliably know that data was fully sent to client by https server, so we wait a bit to let response through before closing the server
+			httpsServer.cond.L.Lock()
+			httpsServer.cond.Broadcast()
+			if httpsServer.server != nil {
+				httpsServer.server.Shutdown(context.TODO())
+			}
+			httpsServer.cond.L.Unlock()
+		}()
+	}
+}
+
+func verifyCertChain(data *tlsConfigStatus, certChain string, serverName string) error {
+	log.Tracef("got certificate: %s", certChain)
+
+	// now do a more extended validation
+	var certs []*pem.Block    // PEM-encoded certificates
+	var skippedBytes []string // skipped bytes
+
+	pemblock := []byte(certChain)
+	for {
+		var decoded *pem.Block
+		decoded, pemblock = pem.Decode(pemblock)
+		if decoded == nil {
+			break
+		}
+		if decoded.Type == "CERTIFICATE" {
+			certs = append(certs, decoded)
+		} else {
+			skippedBytes = append(skippedBytes, decoded.Type)
+		}
+	}
+
+	var parsedCerts []*x509.Certificate
+
+	for _, cert := range certs {
+		parsed, err := x509.ParseCertificate(cert.Bytes)
+		if err != nil {
+			data.WarningValidation = fmt.Sprintf("Failed to parse certificate: %s", err)
+			return errors.New("")
+		}
+		parsedCerts = append(parsedCerts, parsed)
+	}
+
+	if len(parsedCerts) == 0 {
+		data.WarningValidation = fmt.Sprintf("You have specified an empty certificate")
+		return errors.New("")
+	}
+
+	data.ValidCert = true
+
+	// spew.Dump(parsedCerts)
+
+	opts := x509.VerifyOptions{
+		DNSName: serverName,
+	}
+
+	log.Printf("number of certs - %d", len(parsedCerts))
+	if len(parsedCerts) > 1 {
+		// set up an intermediate
+		pool := x509.NewCertPool()
+		for _, cert := range parsedCerts[1:] {
+			log.Printf("got an intermediate cert")
+			pool.AddCert(cert)
+		}
+		opts.Intermediates = pool
+	}
+
+	// TODO: save it as a warning rather than error it out -- shouldn't be a big problem
+	mainCert := parsedCerts[0]
+	_, err := mainCert.Verify(opts)
+	if err != nil {
+		// let self-signed certs through
+		data.WarningValidation = fmt.Sprintf("Your certificate does not verify: %s", err)
+	} else {
+		data.ValidChain = true
+	}
+	// spew.Dump(chains)
+
+	// update status
+	if mainCert != nil {
+		notAfter := mainCert.NotAfter
+		data.Subject = mainCert.Subject.String()
+		data.Issuer = mainCert.Issuer.String()
+		data.NotAfter = notAfter
+		data.NotBefore = mainCert.NotBefore
+		data.DNSNames = mainCert.DNSNames
+	}
+
+	return nil
+}
+
+func validatePkey(data *tlsConfigStatus, pkey string) error {
+	// now do a more extended validation
+	var key *pem.Block        // PEM-encoded certificates
+	var skippedBytes []string // skipped bytes
+
+	// go through all pem blocks, but take first valid pem block and drop the rest
+	pemblock := []byte(pkey)
+	for {
+		var decoded *pem.Block
+		decoded, pemblock = pem.Decode(pemblock)
+		if decoded == nil {
+			break
+		}
+		if decoded.Type == "PRIVATE KEY" || strings.HasSuffix(decoded.Type, " PRIVATE KEY") {
+			key = decoded
+			break
+		} else {
+			skippedBytes = append(skippedBytes, decoded.Type)
+		}
+	}
+
+	if key == nil {
+		data.WarningValidation = "No valid keys were found"
+		return errors.New("")
+	}
+
+	// parse the decoded key
+	_, keytype, err := parsePrivateKey(key.Bytes)
+	if err != nil {
+		data.WarningValidation = fmt.Sprintf("Failed to parse private key: %s", err)
+		return errors.New("")
+	}
+
+	data.ValidKey = true
+	data.KeyType = keytype
+	return nil
+}
+
+/* Process certificate data and its private key.
+All parameters are optional.
+On error, return partially set object
+ with 'WarningValidation' field containing error description. */
+func validateCertificates(certChain, pkey, serverName string) tlsConfigStatus {
+	var data tlsConfigStatus
+
+	// check only public certificate separately from the key
+	if certChain != "" {
+		if verifyCertChain(&data, certChain, serverName) != nil {
+			return data
+		}
+	}
+
+	// validate private key (right now the only validation possible is just parsing it)
+	if pkey != "" {
+		if validatePkey(&data, pkey) != nil {
+			return data
+		}
+	}
+
+	// if both are set, validate both in unison
+	if pkey != "" && certChain != "" {
+		_, err := tls.X509KeyPair([]byte(certChain), []byte(pkey))
+		if err != nil {
+			data.WarningValidation = fmt.Sprintf("Invalid certificate or key: %s", err)
+			return data
+		}
+		data.ValidPair = true
+	}
+
+	return data
+}
+
+// Attempt to parse the given private key DER block. OpenSSL 0.9.8 generates
+// PKCS#1 private keys by default, while OpenSSL 1.0.0 generates PKCS#8 keys.
+// OpenSSL ecparam generates SEC1 EC private keys for ECDSA. We try all three.
+func parsePrivateKey(der []byte) (crypto.PrivateKey, string, error) {
+	if key, err := x509.ParsePKCS1PrivateKey(der); err == nil {
+		return key, "RSA", nil
+	}
+
+	if key, err := x509.ParsePKCS8PrivateKey(der); err == nil {
+		switch key := key.(type) {
+		case *rsa.PrivateKey:
+			return key, "RSA", nil
+		case *ecdsa.PrivateKey:
+			return key, "ECDSA", nil
+		default:
+			return nil, "", errors.New("tls: found unknown private key type in PKCS#8 wrapping")
+		}
+	}
+
+	if key, err := x509.ParseECPrivateKey(der); err == nil {
+		return key, "ECDSA", nil
+	}
+
+	return nil, "", errors.New("tls: failed to parse private key")
+}
+
+// unmarshalTLS handles base64-encoded certificates transparently
+func unmarshalTLS(r *http.Request) (tlsConfig, error) {
+	data := tlsConfig{}
+	err := json.NewDecoder(r.Body).Decode(&data)
+	if err != nil {
+		return data, errorx.Decorate(err, "Failed to parse new TLS config json")
+	}
+
+	if data.CertificateChain != "" {
+		certPEM, err := base64.StdEncoding.DecodeString(data.CertificateChain)
+		if err != nil {
+			return data, errorx.Decorate(err, "Failed to base64-decode certificate chain")
+		}
+		data.CertificateChain = string(certPEM)
+	}
+
+	if data.PrivateKey != "" {
+		keyPEM, err := base64.StdEncoding.DecodeString(data.PrivateKey)
+		if err != nil {
+			return data, errorx.Decorate(err, "Failed to base64-decode private key")
+		}
+
+		data.PrivateKey = string(keyPEM)
+	}
+
+	return data, nil
+}
+
+func marshalTLS(w http.ResponseWriter, data tlsConfig) {
+	w.Header().Set("Content-Type", "application/json")
+
+	if data.CertificateChain != "" {
+		encoded := base64.StdEncoding.EncodeToString([]byte(data.CertificateChain))
+		data.CertificateChain = encoded
+	}
+
+	if data.PrivateKey != "" {
+		encoded := base64.StdEncoding.EncodeToString([]byte(data.PrivateKey))
+		data.PrivateKey = encoded
+	}
+
+	err := json.NewEncoder(w).Encode(data)
+	if err != nil {
+		httpError(w, http.StatusInternalServerError, "Failed to marshal json with TLS status: %s", err)
+		return
+	}
+}

From 6b2baba3c76b756337872bb38fb802e30fbc1d89 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Thu, 28 Feb 2019 11:10:43 +0300
Subject: [PATCH 27/95] Add set_upstreams_config function

---
 control.go           |  5 +++++
 openapi/openapi.yaml | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/control.go b/control.go
index d27a7cfc..d57114ce 100644
--- a/control.go
+++ b/control.go
@@ -306,6 +306,10 @@ func sortByValue(m map[string]int) []string {
 // upstreams configuration
 // -----------------------
 
+func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("%s %v", r.Method, r.URL)
+}
+
 func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	log.Tracef("%s %v", r.Method, r.URL)
 	body, err := ioutil.ReadAll(r.Body)
@@ -1293,6 +1297,7 @@ func registerControlHandlers() {
 	http.HandleFunc("/control/querylog_enable", postInstall(optionalAuth(ensurePOST(handleQueryLogEnable))))
 	http.HandleFunc("/control/querylog_disable", postInstall(optionalAuth(ensurePOST(handleQueryLogDisable))))
 	http.HandleFunc("/control/set_upstream_dns", postInstall(optionalAuth(ensurePOST(handleSetUpstreamDNS))))
+	http.HandleFunc("/control/set_upstreams_config", postInstall(optionalAuth(ensurePOST(handleSetUpstreamConfig))))
 	http.HandleFunc("/control/test_upstream_dns", postInstall(optionalAuth(ensurePOST(handleTestUpstreamDNS))))
 	http.HandleFunc("/control/all_servers/enable", postInstall(optionalAuth(ensurePOST(handleAllServersEnable))))
 	http.HandleFunc("/control/all_servers/disable", postInstall(optionalAuth(ensurePOST(handleAllServersDisable))))
diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml
index e83d6360..f0fb68ee 100644
--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@@ -87,6 +87,25 @@ paths:
                 200:
                     description: OK
 
+    /set_upstreams_config:
+        post:
+            tags:
+                - global
+            operationId: setUpstreamsConfig
+            summary: "Updates the current upstreams configuration"
+            consumes:
+                - application/json
+            parameters:
+                - in: "body"
+                  name: "body"
+                  description: "Upstreams configuration JSON"
+                  required: true
+                  schema:
+                      $ref: "#/definitions/UpstreamsConfig"
+            responses:
+                200:
+                    description: OK
+
     /set_upstream_dns:
         post:
             tags:
@@ -831,6 +850,25 @@ definitions:
             language:
                 type: "string"
                 example: "en"
+    UpstreamsConfig:
+        type: "object"
+        description: "Upstreams configuration"
+        required:
+            - "bootstrap_dns"
+            - "upstream_dns"
+        properties:
+            bootstrap_dns:
+                type: "string"
+                example: "8.8.8.8:53"
+            upstream_dns:
+                type: "array"
+                items:
+                    type: "string"
+                example:
+                    - "tls://1.1.1.1"
+                    - "tls://1.0.0.1"
+            all_servers:
+                type: "boolean"
     Filter:
         type: "object"
         description: "Filter subscription info"

From 224c2a891dbb83332a1d582bab32a94dc3201215 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Thu, 28 Feb 2019 11:55:16 +0300
Subject: [PATCH 28/95] * control: TLS: don't return empty error messages

---
 control_tls.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/control_tls.go b/control_tls.go
index d444fe07..25be44d6 100644
--- a/control_tls.go
+++ b/control_tls.go
@@ -138,14 +138,14 @@ func verifyCertChain(data *tlsConfigStatus, certChain string, serverName string)
 		parsed, err := x509.ParseCertificate(cert.Bytes)
 		if err != nil {
 			data.WarningValidation = fmt.Sprintf("Failed to parse certificate: %s", err)
-			return errors.New("")
+			return errors.New(data.WarningValidation)
 		}
 		parsedCerts = append(parsedCerts, parsed)
 	}
 
 	if len(parsedCerts) == 0 {
 		data.WarningValidation = fmt.Sprintf("You have specified an empty certificate")
-		return errors.New("")
+		return errors.New(data.WarningValidation)
 	}
 
 	data.ValidCert = true
@@ -214,14 +214,14 @@ func validatePkey(data *tlsConfigStatus, pkey string) error {
 
 	if key == nil {
 		data.WarningValidation = "No valid keys were found"
-		return errors.New("")
+		return errors.New(data.WarningValidation)
 	}
 
 	// parse the decoded key
 	_, keytype, err := parsePrivateKey(key.Bytes)
 	if err != nil {
 		data.WarningValidation = fmt.Sprintf("Failed to parse private key: %s", err)
-		return errors.New("")
+		return errors.New(data.WarningValidation)
 	}
 
 	data.ValidKey = true

From 3929f0da449ce0a8368416ebd46a1f83617fdcbd Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Thu, 28 Feb 2019 13:01:41 +0300
Subject: [PATCH 29/95] [change] control: Handle upstream config with JSON

---
 control.go                 | 89 ++++++++----------------------------
 dnsfilter/dnsfilter.go     |  2 +-
 dnsforward/querylog_top.go |  2 +-
 openapi/openapi.yaml       | 93 ++++----------------------------------
 4 files changed, 31 insertions(+), 155 deletions(-)

diff --git a/control.go b/control.go
index 81befc50..5b1dcf3c 100644
--- a/control.go
+++ b/control.go
@@ -306,35 +306,35 @@ func sortByValue(m map[string]int) []string {
 // upstreams configuration
 // -----------------------
 
+// TODO this struct will become unnecessary after config file rework
+type upstreamConfig struct {
+	upstreams    []string // Upstreams
+	bootstrapDNS []string // Bootstrap DNS
+	allServers   bool     // --all-servers param for dnsproxy
+}
+
 func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
 	log.Tracef("%s %v", r.Method, r.URL)
-}
+	newconfig := upstreamConfig{}
+	err := json.NewDecoder(r.Body).Decode(&newconfig)
+	if err != nil {
+		httpError(w, http.StatusBadRequest, "Failed to parse new upstreams config json: %s", err)
+		return
+	}
 
-func handleSetUpstreamDNS(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("%s %v", r.Method, r.URL)
-	setDNSServers(w, r, true)
-}
-
-func handleSetBootstrapDNS(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("%s %v", r.Method, r.URL)
-	setDNSServers(w, r, false)
+	setDNSServers(newconfig.upstreams, true)
+	setDNSServers(newconfig.bootstrapDNS, false)
+	config.DNS.AllServers = newconfig.allServers
+	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 // setDNSServers sets upstream and bootstrap DNS servers
-func setDNSServers(w http.ResponseWriter, r *http.Request, upstreams bool) {
-	body, err := ioutil.ReadAll(r.Body)
-	if err != nil {
-		httpError(w, http.StatusBadRequest, "Failed to read request body: %s", err)
-		return
-	}
-	// if empty body -- user is asking for default servers
-	hosts := strings.Fields(string(body))
-
+func setDNSServers(hosts []string, upstreams bool) {
 	// bootstrap servers are plain DNS only. We should remove tls:// https:// and sdns:// hosts from slice
 	bootstraps := []string{}
 	if !upstreams && len(hosts) > 0 {
 		for _, host := range hosts {
-			err = checkBootstrapDNS(host)
+			err := checkBootstrapDNS(host)
 			if err != nil {
 				log.Tracef("%s can not be used as bootstrap DNS cause: %s", host, err)
 				continue
@@ -360,52 +360,6 @@ func setDNSServers(w http.ResponseWriter, r *http.Request, upstreams bool) {
 			config.DNS.BootstrapDNS = bootstraps
 		}
 	}
-
-	err = writeAllConfigs()
-	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
-		return
-	}
-	err = reconfigureDNSServer()
-	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Couldn't reconfigure the DNS server: %s", err)
-		return
-	}
-	_, err = fmt.Fprintf(w, "OK %d servers\n", count)
-	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Couldn't write body: %s", err)
-	}
-}
-
-func handleAllServersEnable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("%s %v", r.Method, r.URL)
-	config.DNS.AllServers = true
-	httpUpdateConfigReloadDNSReturnOK(w, r)
-}
-
-func handleAllServersDisable(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("%s %v", r.Method, r.URL)
-	config.DNS.AllServers = false
-	httpUpdateConfigReloadDNSReturnOK(w, r)
-}
-
-func handleAllServersStatus(w http.ResponseWriter, r *http.Request) {
-	log.Tracef("%s %v", r.Method, r.URL)
-	data := map[string]interface{}{
-		"enabled": config.DNS.AllServers,
-	}
-	jsonVal, err := json.Marshal(data)
-	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Unable to marshal status json: %s", err)
-		return
-	}
-
-	w.Header().Set("Content-Type", "application/json")
-	_, err = w.Write(jsonVal)
-	if err != nil {
-		httpError(w, http.StatusInternalServerError, "Unable to write response json: %s", err)
-		return
-	}
 }
 
 // checkBootstrapDNS checks if host is plain DNS
@@ -1343,13 +1297,8 @@ func registerControlHandlers() {
 	http.HandleFunc("/control/querylog", postInstall(optionalAuth(ensureGET(handleQueryLog))))
 	http.HandleFunc("/control/querylog_enable", postInstall(optionalAuth(ensurePOST(handleQueryLogEnable))))
 	http.HandleFunc("/control/querylog_disable", postInstall(optionalAuth(ensurePOST(handleQueryLogDisable))))
-	http.HandleFunc("/control/set_upstream_dns", postInstall(optionalAuth(ensurePOST(handleSetUpstreamDNS))))
 	http.HandleFunc("/control/set_upstreams_config", postInstall(optionalAuth(ensurePOST(handleSetUpstreamConfig))))
 	http.HandleFunc("/control/test_upstream_dns", postInstall(optionalAuth(ensurePOST(handleTestUpstreamDNS))))
-	http.HandleFunc("/control/set_bootstrap_dns", postInstall(optionalAuth(ensurePOST(handleSetBootstrapDNS))))
-	http.HandleFunc("/control/all_servers/enable", postInstall(optionalAuth(ensurePOST(handleAllServersEnable))))
-	http.HandleFunc("/control/all_servers/disable", postInstall(optionalAuth(ensurePOST(handleAllServersDisable))))
-	http.HandleFunc("/control/all_servers/status", postInstall(optionalAuth(ensureGET(handleAllServersStatus))))
 	http.HandleFunc("/control/i18n/change_language", postInstall(optionalAuth(ensurePOST(handleI18nChangeLanguage))))
 	http.HandleFunc("/control/i18n/current_language", postInstall(optionalAuth(ensureGET(handleI18nCurrentLanguage))))
 	http.HandleFunc("/control/stats_top", postInstall(optionalAuth(ensureGET(handleStatsTop))))
diff --git a/dnsfilter/dnsfilter.go b/dnsfilter/dnsfilter.go
index 561ccb04..b33465f9 100644
--- a/dnsfilter/dnsfilter.go
+++ b/dnsfilter/dnsfilter.go
@@ -16,8 +16,8 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/bluele/gcache"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/bluele/gcache"
 	"golang.org/x/net/publicsuffix"
 )
 
diff --git a/dnsforward/querylog_top.go b/dnsforward/querylog_top.go
index a2ffffdc..b381984c 100644
--- a/dnsforward/querylog_top.go
+++ b/dnsforward/querylog_top.go
@@ -9,8 +9,8 @@ import (
 	"sync"
 	"time"
 
-	"github.com/bluele/gcache"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/bluele/gcache"
 	"github.com/miekg/dns"
 )
 
diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml
index ed788794..6d0aafb4 100644
--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@@ -106,63 +106,6 @@ paths:
                 200:
                     description: OK
 
-    /set_upstream_dns:
-        post:
-            tags:
-                - global
-            operationId: setUpstreamDNS
-            summary: 'Set upstream DNS for coredns, empty value will reset it to default values'
-            consumes:
-                - text/plain
-            parameters:
-                -   in: body
-                    name: upstream
-                    description: 'Upstream servers, separated by newline or space, port is optional after colon'
-                    schema:
-                        # TODO: use JSON
-                        type: string
-                        example: |
-                            1.1.1.1
-                            1.0.0.1
-                            8.8.8.8 8.8.4.4
-                            192.168.1.104:53535
-            responses:
-                200:
-                    description: OK
-
-    /all_servers/enable:
-        post:
-            tags:
-                - global
-            operationId: allServersEnable
-            summary: 'Enable parallel queries'
-            responses:
-                200:
-                    description: OK
-
-    /all_servers/disable:
-        post:
-            tags:
-                - global
-            operationId: allServersDisable
-            summary: 'Disable parallel queries'
-            responses:
-                200:
-                    description: OK
-
-    /all_servers/status:
-        get:
-            tags:
-                - global
-            operationId: allServersStatus
-            summary: 'Get parallel queries status'
-            responses:
-                200:
-                    description: OK
-                    examples:
-                        application/json:
-                            enabled: false
-
     /test_upstream_dns:
         post:
             tags:
@@ -194,30 +137,6 @@ paths:
                             8.8.4.4: OK
                             "192.168.1.104:53535": "Couldn't communicate with DNS server"
 
-    /set_bootstrap_dns:
-        post:
-            tags:
-                - global
-            operationId: setBootstrapDNS
-            summary: 'Set bootstrap DNS for DNS-over-HTTPS and DNS-over-TLS upstreams, empty value will reset it to default values'
-            consumes:
-                - text/plain
-            parameters:
-                -   in: body
-                    name: upstream
-                    description: 'Bootstrap servers, separated by newline or space, port is optional after colon'
-                    schema:
-                        # TODO: use JSON
-                        type: string
-                        example: |
-                            1.1.1.1
-                            1.0.0.1
-                            8.8.8.8 8.8.4.4
-                            192.168.1.104:53535
-            responses:
-                200:
-                    description: OK
-
     /version.json:
         get:
             tags:
@@ -880,12 +799,19 @@ definitions:
         required:
             - "bootstrap_dns"
             - "upstream_dns"
+            - "all_servers"
         properties:
             bootstrap_dns:
-                type: "string"
-                example: "8.8.8.8:53"
+                type: "array"
+                description: 'Bootstrap servers, port is optional after colon. Empty value will reset it to default values'
+                items:
+                    type: "string"
+                example:
+                    - "8.8.8.8:53"
+                    - "1.1.1.1:53"
             upstream_dns:
                 type: "array"
+                description: 'Upstream servers, port is optional after colon. Empty value will reset it to default values'
                 items:
                     type: "string"
                 example:
@@ -893,6 +819,7 @@ definitions:
                     - "tls://1.0.0.1"
             all_servers:
                 type: "boolean"
+                description: "If true, parallel queries to all configured upstream servers are enabled"
     Filter:
         type: "object"
         description: "Filter subscription info"

From acb4a984664b95d280522792be56bec2146da430 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Thu, 28 Feb 2019 13:40:40 +0300
Subject: [PATCH 30/95] [change] dnsforward: Add comments for public fields

---
 dnsforward/dnsforward.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/dnsforward/dnsforward.go b/dnsforward/dnsforward.go
index 4f910bc8..7b8430ed 100644
--- a/dnsforward/dnsforward.go
+++ b/dnsforward/dnsforward.go
@@ -62,12 +62,12 @@ type FilteringConfig struct {
 	ProtectionEnabled  bool     `yaml:"protection_enabled"`   // whether or not use any of dnsfilter features
 	FilteringEnabled   bool     `yaml:"filtering_enabled"`    // whether or not use filter lists
 	BlockedResponseTTL uint32   `yaml:"blocked_response_ttl"` // if 0, then default is used (3600)
-	QueryLogEnabled    bool     `yaml:"querylog_enabled"`
-	Ratelimit          int      `yaml:"ratelimit"`
-	RatelimitWhitelist []string `yaml:"ratelimit_whitelist"`
-	RefuseAny          bool     `yaml:"refuse_any"`
-	BootstrapDNS       []string `yaml:"bootstrap_dns"`
-	AllServers         bool     `yaml:"all_servers"`
+	QueryLogEnabled    bool     `yaml:"querylog_enabled"`     // if true, query log is enabled
+	Ratelimit          int      `yaml:"ratelimit"`            // max number of requests per second from a given IP (0 to disable)
+	RatelimitWhitelist []string `yaml:"ratelimit_whitelist"`  // a list of whitelisted client IP addresses
+	RefuseAny          bool     `yaml:"refuse_any"`           // if true, refuse ANY requests
+	BootstrapDNS       []string `yaml:"bootstrap_dns"`        // a list of bootstrap DNS for DoH and DoT (plain DNS only)
+	AllServers         bool     `yaml:"all_servers"`          // if true, parallel queries to all configured upstream servers are enabled
 
 	dnsfilter.Config `yaml:",inline"`
 }

From b8595b87c4c8705eddc8eed711b4760da9e894fa Mon Sep 17 00:00:00 2001
From: Ildar Kamalov <i.kamalov@adguard.com>
Date: Thu, 28 Feb 2019 14:59:25 +0300
Subject: [PATCH 31/95] * disable config saving if invalid pair

---
 .../components/Settings/Encryption/Form.js    | 21 +++++++++++--------
 client/src/reducers/encryption.js             |  1 +
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/client/src/components/Settings/Encryption/Form.js b/client/src/components/Settings/Encryption/Form.js
index f4b01560..fd43f933 100644
--- a/client/src/components/Settings/Encryption/Form.js
+++ b/client/src/components/Settings/Encryption/Form.js
@@ -57,6 +57,7 @@ let Form = (props) => {
         valid_chain,
         valid_key,
         valid_cert,
+        valid_pair,
         dns_names,
         key_type,
         issuer,
@@ -65,6 +66,15 @@ let Form = (props) => {
         setTlsConfig,
     } = props;
 
+    const isSavingDisabled = invalid
+        || submitting
+        || processingConfig
+        || processingValidate
+        || (isEnabled && (!privateKey || !certificateChain))
+        || (privateKey && !valid_key)
+        || (certificateChain && !valid_cert)
+        || (privateKey && certificateChain && !valid_pair);
+
     return (
         <form onSubmit={handleSubmit}>
             <div className="row">
@@ -291,15 +301,7 @@ let Form = (props) => {
                 <button
                     type="submit"
                     className="btn btn-success btn-standart"
-                    disabled={
-                        invalid
-                        || submitting
-                        || processingConfig
-                        || processingValidate
-                        || (isEnabled && (!privateKey || !certificateChain))
-                        || (privateKey && !valid_key)
-                        || (certificateChain && !valid_cert)
-                    }
+                    disabled={isSavingDisabled}
                 >
                     <Trans>save_config</Trans>
                 </button>
@@ -334,6 +336,7 @@ Form.propTypes = {
     valid_chain: PropTypes.bool,
     valid_key: PropTypes.bool,
     valid_cert: PropTypes.bool,
+    valid_pair: PropTypes.bool,
     dns_names: PropTypes.string,
     key_type: PropTypes.string,
     issuer: PropTypes.string,
diff --git a/client/src/reducers/encryption.js b/client/src/reducers/encryption.js
index 3f51b217..f861701b 100644
--- a/client/src/reducers/encryption.js
+++ b/client/src/reducers/encryption.js
@@ -70,6 +70,7 @@ const encryption = handleActions({
     valid_chain: false,
     valid_key: false,
     valid_cert: false,
+    valid_pair: false,
     status_cert: '',
     status_key: '',
     certificate_chain: '',

From a8812908c1062e4dcfe6e30e9cf9612e41967aa1 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Thu, 28 Feb 2019 15:06:30 +0300
Subject: [PATCH 32/95] [change] control: Fix issues from review

---
 control.go | 37 ++++++++++++-------------------------
 1 file changed, 12 insertions(+), 25 deletions(-)

diff --git a/control.go b/control.go
index 5b1dcf3c..85775c1d 100644
--- a/control.go
+++ b/control.go
@@ -322,44 +322,31 @@ func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	setDNSServers(newconfig.upstreams, true)
-	setDNSServers(newconfig.bootstrapDNS, false)
-	config.DNS.AllServers = newconfig.allServers
-	httpUpdateConfigReloadDNSReturnOK(w, r)
-}
+	config.DNS.UpstreamDNS = defaultDNS
+	if len(newconfig.upstreams) > 0 {
+		config.DNS.UpstreamDNS = newconfig.upstreams
+	}
 
-// setDNSServers sets upstream and bootstrap DNS servers
-func setDNSServers(hosts []string, upstreams bool) {
 	// bootstrap servers are plain DNS only. We should remove tls:// https:// and sdns:// hosts from slice
 	bootstraps := []string{}
-	if !upstreams && len(hosts) > 0 {
-		for _, host := range hosts {
+	if len(newconfig.bootstrapDNS) > 0 {
+		for _, host := range newconfig.bootstrapDNS {
 			err := checkBootstrapDNS(host)
 			if err != nil {
 				log.Tracef("%s can not be used as bootstrap DNS cause: %s", host, err)
 				continue
 			}
-			hosts = append(bootstraps, host)
+			bootstraps = append(bootstraps, host)
 		}
 	}
 
-	// count of upstream or bootstrap servers
-	count := len(hosts)
-	if !upstreams {
-		count = len(bootstraps)
+	config.DNS.BootstrapDNS = defaultBootstrap
+	if len(bootstraps) > 0 {
+		config.DNS.BootstrapDNS = bootstraps
 	}
 
-	if upstreams {
-		config.DNS.UpstreamDNS = defaultDNS
-		if count != 0 {
-			config.DNS.UpstreamDNS = hosts
-		}
-	} else {
-		config.DNS.BootstrapDNS = defaultBootstrap
-		if count != 0 {
-			config.DNS.BootstrapDNS = bootstraps
-		}
-	}
+	config.DNS.AllServers = newconfig.allServers
+	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
 // checkBootstrapDNS checks if host is plain DNS

From 91f8ab0549f07815a0d72301d9b60bc903338ba3 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Thu, 28 Feb 2019 15:18:51 +0300
Subject: [PATCH 33/95] [change] control: Remove unuseful check

---
 control.go | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/control.go b/control.go
index 85775c1d..7b17321b 100644
--- a/control.go
+++ b/control.go
@@ -329,15 +329,13 @@ func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
 
 	// bootstrap servers are plain DNS only. We should remove tls:// https:// and sdns:// hosts from slice
 	bootstraps := []string{}
-	if len(newconfig.bootstrapDNS) > 0 {
-		for _, host := range newconfig.bootstrapDNS {
-			err := checkBootstrapDNS(host)
-			if err != nil {
-				log.Tracef("%s can not be used as bootstrap DNS cause: %s", host, err)
-				continue
-			}
-			bootstraps = append(bootstraps, host)
+	for _, host := range newconfig.bootstrapDNS {
+		err := checkBootstrapDNS(host)
+		if err != nil {
+			log.Tracef("%s can not be used as bootstrap DNS cause: %s", host, err)
+			continue
 		}
+		bootstraps = append(bootstraps, host)
 	}
 
 	config.DNS.BootstrapDNS = defaultBootstrap

From 6b7a8078b0155ba81678e71fe53f447f444dce8b Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Thu, 28 Feb 2019 15:28:38 +0300
Subject: [PATCH 34/95] * control: use single line comment

---
 control_tls.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/control_tls.go b/control_tls.go
index 25be44d6..0546c5f1 100644
--- a/control_tls.go
+++ b/control_tls.go
@@ -229,10 +229,10 @@ func validatePkey(data *tlsConfigStatus, pkey string) error {
 	return nil
 }
 
-/* Process certificate data and its private key.
-All parameters are optional.
-On error, return partially set object
- with 'WarningValidation' field containing error description. */
+// Process certificate data and its private key.
+// All parameters are optional.
+// On error, return partially set object
+//  with 'WarningValidation' field containing error description.
 func validateCertificates(certChain, pkey, serverName string) tlsConfigStatus {
 	var data tlsConfigStatus
 

From 53d680a5dfb027831bdbfc91bde5272d4d849a1a Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Thu, 28 Feb 2019 16:19:23 +0300
Subject: [PATCH 35/95] Fix #597 - [bugfix] querylog_top: Empty domain gets to
 the Top Queried domains

---
 dnsforward/querylog_top.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/dnsforward/querylog_top.go b/dnsforward/querylog_top.go
index a2ffffdc..43d16699 100644
--- a/dnsforward/querylog_top.go
+++ b/dnsforward/querylog_top.go
@@ -9,8 +9,8 @@ import (
 	"sync"
 	"time"
 
-	"github.com/bluele/gcache"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/bluele/gcache"
 	"github.com/miekg/dns"
 )
 
@@ -158,6 +158,11 @@ func (d *dayTop) addEntry(entry *logEntry, q *dns.Msg, now time.Time) error {
 
 	hostname := strings.ToLower(strings.TrimSuffix(q.Question[0].Name, "."))
 
+	// if question hostname is empty, do nothing
+	if hostname == "" {
+		return nil
+	}
+
 	// get value, if not set, crate one
 	d.hoursReadLock()
 	defer d.hoursReadUnlock()

From d3185459138e4fd0cb8ae21869d6c2fe9d73c5f3 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Thu, 28 Feb 2019 20:41:18 +0300
Subject: [PATCH 36/95] [change] upgrade_test: add test for upgrade

---
 upgrade_test.go | 183 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 183 insertions(+)
 create mode 100644 upgrade_test.go

diff --git a/upgrade_test.go b/upgrade_test.go
new file mode 100644
index 00000000..e474cc1f
--- /dev/null
+++ b/upgrade_test.go
@@ -0,0 +1,183 @@
+package main
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestUpgrade1to2(t *testing.T) {
+	// Let's create test config
+	diskConfig := createTestDiskConfig(1)
+	oldDNSConfig := createTestDNSConfig(1)
+
+	err := upgradeSchema1to2(&diskConfig)
+	if err != nil {
+		t.Fatalf("Can't upgrade schema version from 1 to 2")
+	}
+
+	_, ok := diskConfig["coredns"]
+	if ok {
+		t.Fatalf("Core DNS config was not removed after upgrade schema version from 1 to 2")
+	}
+
+	dnsMap, ok := diskConfig["dns"]
+	if !ok {
+		t.Fatalf("No DNS config after upgrade schema version from 1 to 2")
+	}
+
+	// Cast dns configuration to map
+	newDNSConfig := make(map[string]interface{})
+	switch v := dnsMap.(type) {
+	case map[interface{}]interface{}:
+		if len(oldDNSConfig) != len(v) {
+			t.Fatalf("We loose some data")
+		}
+		for key, value := range v {
+			newDNSConfig[fmt.Sprint(key)] = value
+		}
+	default:
+		t.Fatalf("DNS configuration is not a map")
+	}
+
+	_, v, err := compareConfigs(oldDNSConfig, newDNSConfig)
+	if err != nil {
+		t.Fatalf("Wrong data %s, %s", v, err)
+	}
+}
+
+func TestUpgrade2to3(t *testing.T) {
+	// Let's create test config
+	diskConfig := createTestDiskConfig(2)
+	oldDNSConfig := createTestDNSConfig(2)
+
+	// Upgrade schema from 2 to 3
+	err := upgradeSchema2to3(&diskConfig)
+	if err != nil {
+		t.Fatalf("Can't update schema version from 2 to 3: %s", err)
+	}
+
+	// Check new schema version
+	newSchemaVersion := diskConfig["schema_version"]
+	switch v := newSchemaVersion.(type) {
+	case int:
+		if v != 3 {
+			t.Fatalf("Wrong schema version in new config file")
+		}
+	default:
+		t.Fatalf("Schema version is not an integer after update")
+	}
+
+	// Let's get new dns configuration
+	dnsMap, ok := diskConfig["dns"]
+	if !ok {
+		t.Fatalf("No dns config in new configuration")
+	}
+
+	// Cast dns configuration to map
+	newDNSConfig := make(map[string]interface{})
+	switch v := dnsMap.(type) {
+	case map[string]interface{}:
+		for key, value := range v {
+			newDNSConfig[fmt.Sprint(key)] = value
+		}
+	default:
+		t.Fatalf("DNS configuration is not a map")
+	}
+
+	// Check if bootstrap DNS becomes an array
+	bootstrapDNS := newDNSConfig["bootstrap_dns"]
+	switch v := bootstrapDNS.(type) {
+	case []string:
+		if len(v) != 1 {
+			t.Fatalf("Wrong count of bootsrap DNS servers")
+		}
+
+		if v[0] != "8.8.8.8:53" {
+			t.Fatalf("Wrong bootsrap DNS servers")
+		}
+	default:
+		t.Fatalf("Wrong type for bootsrap DNS")
+	}
+
+	// Set old value for bootstrap_dns and compare old and new configurations
+	newDNSConfig["bootstrap_dns"] = "8.8.8.8:53"
+	_, v, err := compareConfigs(oldDNSConfig, newDNSConfig)
+	if err != nil {
+		t.Fatalf("%s value is wrong: %s", v, err)
+	}
+}
+
+// TODO add comparation for all possible types
+func compareConfigs(oldConfig map[interface{}]interface{}, newConfig map[string]interface{}) (string, interface{}, error) {
+	oldConfigCasted := make(map[string]interface{})
+	for k, v := range oldConfig {
+		oldConfigCasted[fmt.Sprint(k)] = v
+	}
+
+	// Check old data and new data
+	for k, v := range newConfig {
+		switch value := v.(type) {
+		case string:
+		case int:
+			if value != oldConfigCasted[k] {
+
+			}
+		case []string:
+			for i, s := range value {
+				if oldConfigCasted[k].([]string)[i] != s {
+					return k, v, fmt.Errorf("wrong data for %s", k)
+				}
+			}
+		case bool:
+			if v != oldConfigCasted[k].(bool) {
+				return k, v, fmt.Errorf("wrong data for %s", k)
+			}
+		default:
+			return k, v, fmt.Errorf("unknown type in DNS configuration for %s", k)
+		}
+	}
+
+	return "", nil, nil
+}
+
+func createTestDiskConfig(schemaVersion int) (diskConfig map[string]interface{}) {
+	diskConfig = make(map[string]interface{})
+	diskConfig["language"] = "en"
+	diskConfig["filters"] = []filter{}
+	diskConfig["user_rules"] = []string{}
+	diskConfig["schema_version"] = schemaVersion
+	diskConfig["bind_host"] = "0.0.0.0"
+	diskConfig["bind_port"] = 80
+	diskConfig["auth_name"] = "name"
+	diskConfig["auth_pass"] = "pass"
+	dnsConfig := createTestDNSConfig(schemaVersion)
+	if schemaVersion > 1 {
+		diskConfig["dns"] = dnsConfig
+	} else {
+		diskConfig["coredns"] = dnsConfig
+	}
+	return diskConfig
+}
+
+func createTestDNSConfig(schemaVersion int) map[interface{}]interface{} {
+	dnsConfig := make(map[interface{}]interface{})
+	dnsConfig["port"] = 53
+	dnsConfig["blocked_response_ttl"] = 10
+	dnsConfig["querylog_enabled"] = true
+	dnsConfig["ratelimit"] = 20
+	dnsConfig["bootstrap_dns"] = "8.8.8.8:53"
+	if schemaVersion > 2 {
+		dnsConfig["bootstrap_dns"] = []string{"8.8.8.8:53"}
+	}
+	dnsConfig["parental_sensitivity"] = 13
+	dnsConfig["ratelimit_whitelist"] = []string{}
+	dnsConfig["upstream_dns"] = []string{"tls://1.1.1.1", "tls://1.0.0.1", "8.8.8.8"}
+	dnsConfig["filtering_enabled"] = true
+	dnsConfig["refuse_any"] = true
+	dnsConfig["parental_enabled"] = true
+	dnsConfig["bind_host"] = "0.0.0.0"
+	dnsConfig["protection_enabled"] = true
+	dnsConfig["safesearch_enabled"] = true
+	dnsConfig["safebrowsing_enabled"] = true
+	return dnsConfig
+}

From d9d641941cf00035d8bdef9f27cd8288a86b64d9 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Fri, 1 Mar 2019 11:27:15 +0300
Subject: [PATCH 37/95] [change] upgrade_test: rework tests

---
 upgrade_test.go | 187 ++++++++++++++++++++++++++++++------------------
 1 file changed, 117 insertions(+), 70 deletions(-)

diff --git a/upgrade_test.go b/upgrade_test.go
index e474cc1f..8980eda9 100644
--- a/upgrade_test.go
+++ b/upgrade_test.go
@@ -6,144 +6,191 @@ import (
 )
 
 func TestUpgrade1to2(t *testing.T) {
-	// Let's create test config
+	// let's create test config for 1 schema version
 	diskConfig := createTestDiskConfig(1)
-	oldDNSConfig := createTestDNSConfig(1)
 
+	// update config
 	err := upgradeSchema1to2(&diskConfig)
 	if err != nil {
 		t.Fatalf("Can't upgrade schema version from 1 to 2")
 	}
 
+	// ensure that schema version was bumped
+	compareSchemaVersion(t, diskConfig["schema_version"], 2)
+
+	// old coredns entry should be removed
 	_, ok := diskConfig["coredns"]
 	if ok {
 		t.Fatalf("Core DNS config was not removed after upgrade schema version from 1 to 2")
 	}
 
+	// pull out new dns config
 	dnsMap, ok := diskConfig["dns"]
 	if !ok {
 		t.Fatalf("No DNS config after upgrade schema version from 1 to 2")
 	}
 
-	// Cast dns configuration to map
-	newDNSConfig := make(map[string]interface{})
-	switch v := dnsMap.(type) {
-	case map[interface{}]interface{}:
-		if len(oldDNSConfig) != len(v) {
-			t.Fatalf("We loose some data")
-		}
-		for key, value := range v {
-			newDNSConfig[fmt.Sprint(key)] = value
-		}
-	default:
-		t.Fatalf("DNS configuration is not a map")
-	}
+	// cast dns configurations to maps and compare them
+	oldDNSConfig := castInterfaceToMap(t, createTestDNSConfig(1))
+	newDNSConfig := castInterfaceToMap(t, dnsMap)
+	compareConfigs(t, &oldDNSConfig, &newDNSConfig)
 
-	_, v, err := compareConfigs(oldDNSConfig, newDNSConfig)
-	if err != nil {
-		t.Fatalf("Wrong data %s, %s", v, err)
-	}
+	// exclude dns config and schema version from disk config comparison
+	oldExcludedEntries := []string{"coredns", "schema_version"}
+	newExcludedEntries := []string{"dns", "schema_version"}
+	oldDiskConfig := createTestDiskConfig(1)
+	compareConfigsWithoutEntries(t, &oldDiskConfig, &diskConfig, oldExcludedEntries, newExcludedEntries)
 }
 
 func TestUpgrade2to3(t *testing.T) {
-	// Let's create test config
+	// let's create test config
 	diskConfig := createTestDiskConfig(2)
-	oldDNSConfig := createTestDNSConfig(2)
 
-	// Upgrade schema from 2 to 3
+	// upgrade schema from 2 to 3
 	err := upgradeSchema2to3(&diskConfig)
 	if err != nil {
 		t.Fatalf("Can't update schema version from 2 to 3: %s", err)
 	}
 
-	// Check new schema version
-	newSchemaVersion := diskConfig["schema_version"]
-	switch v := newSchemaVersion.(type) {
-	case int:
-		if v != 3 {
-			t.Fatalf("Wrong schema version in new config file")
-		}
-	default:
-		t.Fatalf("Schema version is not an integer after update")
-	}
+	// check new schema version
+	compareSchemaVersion(t, diskConfig["schema_version"], 3)
 
-	// Let's get new dns configuration
+	// pull out new dns configuration
 	dnsMap, ok := diskConfig["dns"]
 	if !ok {
 		t.Fatalf("No dns config in new configuration")
 	}
 
-	// Cast dns configuration to map
-	newDNSConfig := make(map[string]interface{})
-	switch v := dnsMap.(type) {
-	case map[string]interface{}:
-		for key, value := range v {
-			newDNSConfig[fmt.Sprint(key)] = value
-		}
-	default:
-		t.Fatalf("DNS configuration is not a map")
-	}
+	// cast dns configuration to map
+	newDNSConfig := castInterfaceToMap(t, dnsMap)
 
-	// Check if bootstrap DNS becomes an array
+	// check if bootstrap DNS becomes an array
 	bootstrapDNS := newDNSConfig["bootstrap_dns"]
 	switch v := bootstrapDNS.(type) {
 	case []string:
 		if len(v) != 1 {
-			t.Fatalf("Wrong count of bootsrap DNS servers")
+			t.Fatalf("Wrong count of bootsrap DNS servers: %d", len(v))
 		}
 
 		if v[0] != "8.8.8.8:53" {
-			t.Fatalf("Wrong bootsrap DNS servers")
+			t.Fatalf("Bootsrap DNS server is not 8.8.8.8:53 : %s", v[0])
 		}
 	default:
-		t.Fatalf("Wrong type for bootsrap DNS")
+		t.Fatalf("Wrong type for bootsrap DNS: %T", v)
 	}
 
-	// Set old value for bootstrap_dns and compare old and new configurations
-	newDNSConfig["bootstrap_dns"] = "8.8.8.8:53"
-	_, v, err := compareConfigs(oldDNSConfig, newDNSConfig)
-	if err != nil {
-		t.Fatalf("%s value is wrong: %s", v, err)
-	}
+	// exclude bootstrap DNS from DNS configs comparison
+	excludedEntries := []string{"bootstrap_dns"}
+	oldDNSConfig := castInterfaceToMap(t, createTestDNSConfig(2))
+	compareConfigsWithoutEntries(t, &oldDNSConfig, &newDNSConfig, excludedEntries, excludedEntries)
+
+	// excluded dns config and schema version from disk config comparison
+	excludedEntries = []string{"dns", "schema_version"}
+	oldDiskConfig := createTestDiskConfig(2)
+	compareConfigsWithoutEntries(t, &oldDiskConfig, &diskConfig, excludedEntries, excludedEntries)
 }
 
-// TODO add comparation for all possible types
-func compareConfigs(oldConfig map[interface{}]interface{}, newConfig map[string]interface{}) (string, interface{}, error) {
-	oldConfigCasted := make(map[string]interface{})
-	for k, v := range oldConfig {
-		oldConfigCasted[fmt.Sprint(k)] = v
+func castInterfaceToMap(t *testing.T, oldConfig interface{}) (newConfig map[string]interface{}) {
+	newConfig = make(map[string]interface{})
+	switch v := oldConfig.(type) {
+	case map[interface{}]interface{}:
+		for key, value := range v {
+			newConfig[fmt.Sprint(key)] = value
+		}
+	case map[string]interface{}:
+		for key, value := range v {
+			newConfig[key] = value
+		}
+	default:
+		t.Fatalf("DNS configuration is not a map")
+	}
+	return
+}
+
+// compareConfigsWithoutEntry removes entries from configs and returns result of compareConfigs
+func compareConfigsWithoutEntries(t *testing.T, oldConfig, newConfig *map[string]interface{}, oldKey, newKey []string) {
+	for _, k := range oldKey {
+		delete(*oldConfig, k)
+	}
+	for _, k := range newKey {
+		delete(*newConfig, k)
+	}
+	compareConfigs(t, oldConfig, newConfig)
+}
+
+// compares configs before and after schema upgrade
+func compareConfigs(t *testing.T, oldConfig, newConfig *map[string]interface{}) {
+	if len(*oldConfig) != len(*newConfig) {
+		t.Fatalf("wrong config entries count! Before upgrade: %d; After upgrade: %d", len(*oldConfig), len(*oldConfig))
 	}
 
-	// Check old data and new data
-	for k, v := range newConfig {
+	// Check old and new entries
+	for k, v := range *newConfig {
 		switch value := v.(type) {
 		case string:
+			if value != (*oldConfig)[k] {
+				t.Fatalf("wrong value for string %s. Before update: %s; After update: %s", k, (*oldConfig)[k], value)
+			}
 		case int:
-			if value != oldConfigCasted[k] {
-
+			if value != (*oldConfig)[k] {
+				t.Fatalf("wrong value for int %s. Before update: %d; After update: %d", k, (*oldConfig)[k], value)
 			}
 		case []string:
-			for i, s := range value {
-				if oldConfigCasted[k].([]string)[i] != s {
-					return k, v, fmt.Errorf("wrong data for %s", k)
+			for i, line := range value {
+				if len((*oldConfig)[k].([]string)) != len(value) {
+					t.Fatalf("wrong array length for %s. Before update: %d; After update: %d", k, len((*oldConfig)[k].([]string)), len(value))
+				}
+				if (*oldConfig)[k].([]string)[i] != line {
+					t.Fatalf("wrong data for string array %s. Before update: %s; After update: %s", k, (*oldConfig)[k].([]string)[i], line)
 				}
 			}
 		case bool:
-			if v != oldConfigCasted[k].(bool) {
-				return k, v, fmt.Errorf("wrong data for %s", k)
+			if v != (*oldConfig)[k].(bool) {
+				t.Fatalf("wrong boolean value for %s", k)
+			}
+		case []filter:
+			if len((*oldConfig)[k].([]filter)) != len(value) {
+				t.Fatalf("wrong filters count. Before update: %d; After update: %d", len((*oldConfig)[k].([]filter)), len(value))
+			}
+			for i, newFilter := range value {
+				oldFilter := (*oldConfig)[k].([]filter)[i]
+				if oldFilter.Enabled != newFilter.Enabled || oldFilter.Name != newFilter.Name || oldFilter.RulesCount != newFilter.RulesCount {
+					t.Fatalf("old filter %s not equals new filter %s", oldFilter.Name, newFilter.Name)
+				}
 			}
 		default:
-			return k, v, fmt.Errorf("unknown type in DNS configuration for %s", k)
+			t.Fatalf("uknown data type for %s: %T", k, value)
 		}
 	}
+}
 
-	return "", nil, nil
+// compareSchemaVersion check if newSchemaVersion equals schemaVersion
+func compareSchemaVersion(t *testing.T, newSchemaVersion interface{}, schemaVersion int) {
+	switch v := newSchemaVersion.(type) {
+	case int:
+		if v != schemaVersion {
+			t.Fatalf("Wrong schema version in new config file")
+		}
+	default:
+		t.Fatalf("Schema version is not an integer after update")
+	}
 }
 
 func createTestDiskConfig(schemaVersion int) (diskConfig map[string]interface{}) {
 	diskConfig = make(map[string]interface{})
 	diskConfig["language"] = "en"
-	diskConfig["filters"] = []filter{}
+	diskConfig["filters"] = []filter{
+		{
+			URL:        "https://filters.adtidy.org/android/filters/111_optimized.txt",
+			Name:       "Latvian filter",
+			RulesCount: 100,
+		},
+		{
+			URL:        "https://easylist.to/easylistgermany/easylistgermany.txt",
+			Name:       "Germany filter",
+			RulesCount: 200,
+		},
+	}
 	diskConfig["user_rules"] = []string{}
 	diskConfig["schema_version"] = schemaVersion
 	diskConfig["bind_host"] = "0.0.0.0"

From e973c4b174d9249cb05f01faa9d7662f2f04d55e Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Tue, 5 Mar 2019 12:29:52 +0300
Subject: [PATCH 38/95] [change] control, openapi: Handle upstreams test with
 JSON

---
 control.go           |  4 ++--
 openapi/openapi.yaml | 32 ++++++++++++++++++++------------
 2 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/control.go b/control.go
index 7b17321b..0bc6fc66 100644
--- a/control.go
+++ b/control.go
@@ -361,12 +361,12 @@ func checkBootstrapDNS(host string) error {
 
 func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	log.Tracef("%s %v", r.Method, r.URL)
-	body, err := ioutil.ReadAll(r.Body)
+	hosts := []string{}
+	err := json.NewDecoder(r.Body).Decode(&hosts)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to read request body: %s", err)
 		return
 	}
-	hosts := strings.Fields(string(body))
 
 	if len(hosts) == 0 {
 		httpError(w, http.StatusBadRequest, "No servers specified")
diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml
index 6d0aafb4..d84e90ec 100644
--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@@ -111,21 +111,15 @@ paths:
             tags:
                 - global
             operationId: testUpstreamDNS
-            summary: 'Test upstream DNS'
+            summary: "Test upstream DNS"
             consumes:
-                - text/plain
+                - application/json
             parameters:
-                -   in: body
-                    name: upstream
-                    description: 'Upstream servers, separated by newline or space, port is optional after colon'
+                -   in: "body"
+                    name: "body"
+                    description: "Upstream servers to be tested"
                     schema:
-                        # TODO: use JSON
-                        type: string
-                        example: |
-                            1.1.1.1
-                            1.0.0.1
-                            8.8.8.8 8.8.4.4
-                            192.168.1.104:53535
+                        $ref: "#/definitions/TestUpstreams"
             responses:
                 200:
                     description: 'Status of testing each requested server, with "OK" meaning that server works, any other text means an error.'
@@ -820,6 +814,20 @@ definitions:
             all_servers:
                 type: "boolean"
                 description: "If true, parallel queries to all configured upstream servers are enabled"
+    TestUpstreams:
+        type: "object"
+        description: "Upstream servers to be tested"
+        required:
+            - "upstream_dns"
+        properties:
+            upstream_dns:
+                type: "array"
+                description: 'Upstream servers, port is optional after colon'
+                items:
+                    type: "string"
+                example:
+                    - "tls://1.1.1.1"
+                    - "tls://1.0.0.1"
     Filter:
         type: "object"
         description: "Filter subscription info"

From 5d6c980ac7a33e5a4b8d3c376d8984e36cba1f83 Mon Sep 17 00:00:00 2001
From: Ildar Kamalov <i.kamalov@adguard.com>
Date: Wed, 6 Mar 2019 14:45:21 +0300
Subject: [PATCH 39/95] * client: upstream form

---
 client/src/__locales/en.json                  |   5 +-
 client/src/actions/index.js                   |  13 +-
 client/src/api/Api.js                         |   6 +-
 client/src/components/Settings/Upstream.js    |  97 --------------
 .../components/Settings/Upstream/Examples.js  |  32 +++++
 .../src/components/Settings/Upstream/Form.js  | 120 ++++++++++++++++++
 .../src/components/Settings/Upstream/index.js |  67 ++++++++++
 client/src/components/Settings/index.js       |  29 +----
 client/src/components/ui/Checkbox.css         |   4 +
 client/src/helpers/form.js                    |   2 +-
 client/src/helpers/helpers.js                 |   2 +
 client/src/reducers/index.js                  |   8 +-
 12 files changed, 256 insertions(+), 129 deletions(-)
 delete mode 100644 client/src/components/Settings/Upstream.js
 create mode 100644 client/src/components/Settings/Upstream/Examples.js
 create mode 100644 client/src/components/Settings/Upstream/Form.js
 create mode 100644 client/src/components/Settings/Upstream/index.js

diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json
index 45c33828..b70cdd37 100644
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -246,5 +246,8 @@
     "form_error_equal": "Shouldn't be equal",
     "form_error_password": "Password mismatched",
     "reset_settings": "Reset settings",
-    "update_announcement": "AdGuard Home {{version}} is now available! <0>Click here</0> for more info."
+    "update_announcement": "AdGuard Home {{version}} is now available! <0>Click here</0> for more info.",
+    "upstream_parallel": "Use parallel queries to speed up resolving by simultaneously querying all upstream servers",
+    "bootstrap_dns": "Bootstrap DNS",
+    "bootstrap_dns_desc": "Bootstrap DNS for DNS-over-HTTPS and DNS-over-TLS servers"
 }
diff --git a/client/src/actions/index.js b/client/src/actions/index.js
index 1bb99064..0bb99940 100644
--- a/client/src/actions/index.js
+++ b/client/src/actions/index.js
@@ -3,7 +3,7 @@ import round from 'lodash/round';
 import { t } from 'i18next';
 import { showLoading, hideLoading } from 'react-redux-loading-bar';
 
-import { normalizeHistory, normalizeFilteringStatus, normalizeLogs } from '../helpers/helpers';
+import { normalizeHistory, normalizeFilteringStatus, normalizeLogs, normalizeTextarea } from '../helpers/helpers';
 import { SETTINGS_NAMES } from '../helpers/constants';
 import Api from '../api/Api';
 
@@ -452,10 +452,14 @@ export const setUpstreamRequest = createAction('SET_UPSTREAM_REQUEST');
 export const setUpstreamFailure = createAction('SET_UPSTREAM_FAILURE');
 export const setUpstreamSuccess = createAction('SET_UPSTREAM_SUCCESS');
 
-export const setUpstream = url => async (dispatch) => {
+export const setUpstream = config => async (dispatch) => {
     dispatch(setUpstreamRequest());
     try {
-        await apiClient.setUpstream(url);
+        const values = { ...config };
+        values.bootstrap_dns = (values.bootstrap_dns && normalizeTextarea(values.bootstrap_dns)) || '';
+        values.upstream_dns = (values.upstream_dns && normalizeTextarea(values.upstream_dns)) || '';
+
+        await apiClient.setUpstream(values);
         dispatch(addSuccessToast('updated_upstream_dns_toast'));
         dispatch(setUpstreamSuccess());
     } catch (error) {
@@ -468,9 +472,10 @@ export const testUpstreamRequest = createAction('TEST_UPSTREAM_REQUEST');
 export const testUpstreamFailure = createAction('TEST_UPSTREAM_FAILURE');
 export const testUpstreamSuccess = createAction('TEST_UPSTREAM_SUCCESS');
 
-export const testUpstream = servers => async (dispatch) => {
+export const testUpstream = values => async (dispatch) => {
     dispatch(testUpstreamRequest());
     try {
+        const servers = normalizeTextarea(values);
         const upstreamResponse = await apiClient.testUpstream(servers);
 
         const testMessages = Object.keys(upstreamResponse).map((key) => {
diff --git a/client/src/api/Api.js b/client/src/api/Api.js
index d20a334a..17df1221 100644
--- a/client/src/api/Api.js
+++ b/client/src/api/Api.js
@@ -34,7 +34,7 @@ export default class Api {
     GLOBAL_QUERY_LOG = { path: 'querylog', method: 'GET' };
     GLOBAL_QUERY_LOG_ENABLE = { path: 'querylog_enable', method: 'POST' };
     GLOBAL_QUERY_LOG_DISABLE = { path: 'querylog_disable', method: 'POST' };
-    GLOBAL_SET_UPSTREAM_DNS = { path: 'set_upstream_dns', method: 'POST' };
+    GLOBAL_SET_UPSTREAM_DNS = { path: 'set_upstreams_config', method: 'POST' };
     GLOBAL_TEST_UPSTREAM_DNS = { path: 'test_upstream_dns', method: 'POST' };
     GLOBAL_VERSION = { path: 'version.json', method: 'GET' };
     GLOBAL_ENABLE_PROTECTION = { path: 'enable_protection', method: 'POST' };
@@ -110,7 +110,7 @@ export default class Api {
         const { path, method } = this.GLOBAL_SET_UPSTREAM_DNS;
         const config = {
             data: url,
-            header: { 'Content-Type': 'text/plain' },
+            headers: { 'Content-Type': 'application/json' },
         };
         return this.makeRequest(path, method, config);
     }
@@ -119,7 +119,7 @@ export default class Api {
         const { path, method } = this.GLOBAL_TEST_UPSTREAM_DNS;
         const config = {
             data: servers,
-            header: { 'Content-Type': 'text/plain' },
+            headers: { 'Content-Type': 'application/json' },
         };
         return this.makeRequest(path, method, config);
     }
diff --git a/client/src/components/Settings/Upstream.js b/client/src/components/Settings/Upstream.js
deleted file mode 100644
index fe24c4d7..00000000
--- a/client/src/components/Settings/Upstream.js
+++ /dev/null
@@ -1,97 +0,0 @@
-import React, { Component } from 'react';
-import PropTypes from 'prop-types';
-import classnames from 'classnames';
-import { Trans, withNamespaces } from 'react-i18next';
-import Card from '../ui/Card';
-
-class Upstream extends Component {
-    handleChange = (e) => {
-        const { value } = e.currentTarget;
-        this.props.handleUpstreamChange(value);
-    };
-
-    handleSubmit = (e) => {
-        e.preventDefault();
-        this.props.handleUpstreamSubmit();
-    };
-
-    handleTest = () => {
-        this.props.handleUpstreamTest();
-    }
-
-    render() {
-        const testButtonClass = classnames({
-            'btn btn-primary btn-standard mr-2': true,
-            'btn btn-primary btn-standard mr-2 btn-loading': this.props.processingTestUpstream,
-        });
-        const { t } = this.props;
-
-        return (
-            <Card
-                title={ t('upstream_dns') }
-                subtitle={ t('upstream_dns_hint') }
-                bodyType="card-body box-body--settings"
-            >
-                <div className="row">
-                    <div className="col">
-                        <form>
-                            <textarea
-                                className="form-control form-control--textarea"
-                                value={this.props.upstreamDns}
-                                onChange={this.handleChange}
-                            />
-                            <div className="card-actions">
-                                <button
-                                    className={testButtonClass}
-                                    type="button"
-                                    onClick={this.handleTest}
-                                >
-                                    <Trans>test_upstream_btn</Trans>
-                                </button>
-                                <button
-                                    className="btn btn-success btn-standard"
-                                    type="submit"
-                                    onClick={this.handleSubmit}
-                                >
-                                    <Trans>apply_btn</Trans>
-                                </button>
-                            </div>
-                        </form>
-                        <hr/>
-                        <div className="list leading-loose">
-                            <Trans>examples_title</Trans>:
-                            <ol className="leading-loose">
-                                <li>
-                                    <code>1.1.1.1</code> - { t('example_upstream_regular') }
-                                </li>
-                                <li>
-                                    <code>tls://1dot1dot1dot1.cloudflare-dns.com</code> - <span dangerouslySetInnerHTML={{ __html: t('example_upstream_dot') }} />
-                                </li>
-                                <li>
-                                    <code>https://cloudflare-dns.com/dns-query</code> - <span dangerouslySetInnerHTML={{ __html: t('example_upstream_doh') }} />
-                                </li>
-                                <li>
-                                    <code>tcp://1.1.1.1</code> - { t('example_upstream_tcp') }
-                                </li>
-                                <li>
-                                    <code>sdns://...</code> - <span dangerouslySetInnerHTML={{ __html: t('example_upstream_sdns') }} />
-                                </li>
-                            </ol>
-                        </div>
-                    </div>
-                </div>
-            </Card>
-        );
-    }
-}
-
-Upstream.propTypes = {
-    upstreamDns: PropTypes.string,
-    processingTestUpstream: PropTypes.bool,
-    handleUpstreamChange: PropTypes.func,
-    handleUpstreamSubmit: PropTypes.func,
-    handleUpstreamTest: PropTypes.func,
-    t: PropTypes.func,
-};
-
-export default withNamespaces()(Upstream);
diff --git a/client/src/components/Settings/Upstream/Examples.js b/client/src/components/Settings/Upstream/Examples.js
new file mode 100644
index 00000000..4ba54852
--- /dev/null
+++ b/client/src/components/Settings/Upstream/Examples.js
@@ -0,0 +1,32 @@
+import React from 'react';
+import PropTypes from 'prop-types';
+import { Trans, withNamespaces } from 'react-i18next';
+
+const Examples = props => (
+    <div className="list leading-loose">
+        <Trans>examples_title</Trans>:
+        <ol className="leading-loose">
+            <li>
+                <code>1.1.1.1</code> - { props.t('example_upstream_regular') }
+            </li>
+            <li>
+                <code>tls://1dot1dot1dot1.cloudflare-dns.com</code> - <span dangerouslySetInnerHTML={{ __html: props.t('example_upstream_dot') }} />
+            </li>
+            <li>
+                <code>https://cloudflare-dns.com/dns-query</code> - <span dangerouslySetInnerHTML={{ __html: props.t('example_upstream_doh') }} />
+            </li>
+            <li>
+                <code>tcp://1.1.1.1</code> - { props.t('example_upstream_tcp') }
+            </li>
+            <li>
+                <code>sdns://...</code> - <span dangerouslySetInnerHTML={{ __html: props.t('example_upstream_sdns') }} />
+            </li>
+        </ol>
+    </div>
+);
+
+Examples.propTypes = {
+    t: PropTypes.func.isRequired,
+};
+
+export default withNamespaces()(Examples);
diff --git a/client/src/components/Settings/Upstream/Form.js b/client/src/components/Settings/Upstream/Form.js
new file mode 100644
index 00000000..7a38b31a
--- /dev/null
+++ b/client/src/components/Settings/Upstream/Form.js
@@ -0,0 +1,120 @@
+import React from 'react';
+import { connect } from 'react-redux';
+import PropTypes from 'prop-types';
+import { Field, reduxForm, formValueSelector } from 'redux-form';
+import { Trans, withNamespaces } from 'react-i18next';
+import flow from 'lodash/flow';
+import classnames from 'classnames';
+
+import { renderSelectField } from '../../../helpers/form';
+
+let Form = (props) => {
+    const {
+        t,
+        handleSubmit,
+        testUpstream,
+        upstreamDns,
+        submitting,
+        invalid,
+        processingSetUpstream,
+        processingTestUpstream,
+    } = props;
+
+    const testButtonClass = classnames({
+        'btn btn-primary btn-standard mr-2': true,
+        'btn btn-primary btn-standard mr-2 btn-loading': processingTestUpstream,
+    });
+
+    return (
+        <form onSubmit={handleSubmit}>
+            <div className="row">
+                <div className="col-12">
+                    <div className="form__group form__group--settings">
+                        <label>{t('upstream_dns')}</label>
+                        <Field
+                            id="upstream_dns"
+                            name="upstream_dns"
+                            component="textarea"
+                            type="text"
+                            className="form-control form-control--textarea"
+                            placeholder={t('upstream_dns')}
+                        />
+                    </div>
+                </div>
+                <div className="col-12">
+                    <div className="form__group form__group--settings">
+                        <Field
+                            name="all_servers"
+                            type="checkbox"
+                            component={renderSelectField}
+                            placeholder={t('upstream_parallel')}
+                        />
+                    </div>
+                </div>
+                <div className="col-12">
+                    <div className="form__group">
+                        <label>{t('bootstrap_dns')}</label>
+                        <Field
+                            id="bootstrap_dns"
+                            name="bootstrap_dns"
+                            component="textarea"
+                            type="text"
+                            className="form-control"
+                            placeholder={t('bootstrap_dns_desc')}
+                        />
+                    </div>
+                </div>
+            </div>
+            <div className="card-actions">
+                <div className="btn-list">
+                    <button
+                        type="button"
+                        className={testButtonClass}
+                        onClick={() => testUpstream(upstreamDns)}
+                        disabled={!upstreamDns || processingTestUpstream}
+                    >
+                        <Trans>test_upstream_btn</Trans>
+                    </button>
+                    <button
+                        type="submit"
+                        className="btn btn-success btn-standard"
+                        disabled={
+                            submitting
+                            || invalid
+                            || processingSetUpstream
+                            || processingTestUpstream
+                        }
+                    >
+                        <Trans>apply_btn</Trans>
+                    </button>
+                </div>
+            </div>
+        </form>
+    );
+};
+
+Form.propTypes = {
+    handleSubmit: PropTypes.func,
+    testUpstream: PropTypes.func,
+    submitting: PropTypes.bool,
+    invalid: PropTypes.bool,
+    initialValues: PropTypes.object,
+    upstreamDns: PropTypes.string,
+    processingTestUpstream: PropTypes.bool,
+    processingSetUpstream: PropTypes.bool,
+    t: PropTypes.func,
+};
+
+const selector = formValueSelector('upstreamForm');
+
+Form = connect((state) => {
+    const upstreamDns = selector(state, 'upstream_dns');
+    return {
+        upstreamDns,
+    };
+})(Form);
+
+export default flow([
+    withNamespaces(),
+    reduxForm({ form: 'upstreamForm' }),
+])(Form);
diff --git a/client/src/components/Settings/Upstream/index.js b/client/src/components/Settings/Upstream/index.js
new file mode 100644
index 00000000..f622268c
--- /dev/null
+++ b/client/src/components/Settings/Upstream/index.js
@@ -0,0 +1,67 @@
+import React, { Component } from 'react';
+import PropTypes from 'prop-types';
+import { withNamespaces } from 'react-i18next';
+
+import Form from './Form';
+import Examples from './Examples';
+import Card from '../../ui/Card';
+
+class Upstream extends Component {
+    handleSubmit = (values) => {
+        this.props.setUpstream(values);
+    };
+
+    handleTest = (values) => {
+        this.props.testUpstream(values);
+    }
+
+    render() {
+        const {
+            t,
+            upstreamDns: upstream_dns,
+            bootstrapDns: bootstrap_dns,
+            allServers: all_servers,
+            processingSetUpstream,
+            processingTestUpstream,
+        } = this.props;
+
+        return (
+            <Card
+                title={ t('upstream_dns') }
+                subtitle={ t('upstream_dns_hint') }
+                bodyType="card-body box-body--settings"
+            >
+                <div className="row">
+                    <div className="col">
+                        <Form
+                            initialValues={{
+                                upstream_dns,
+                                bootstrap_dns,
+                                all_servers,
+                            }}
+                            testUpstream={this.handleTest}
+                            onSubmit={this.handleSubmit}
+                            processingTestUpstream={processingTestUpstream}
+                            processingSetUpstream={processingSetUpstream}
+                        />
+                        <hr/>
+                        <Examples />
+                    </div>
+                </div>
+            </Card>
+        );
+    }
+}
+
+Upstream.propTypes = {
+    upstreamDns: PropTypes.string,
+    bootstrapDns: PropTypes.string,
+    allServers: PropTypes.bool,
+    setUpstream: PropTypes.func.isRequired,
+    testUpstream: PropTypes.func.isRequired,
+    processingSetUpstream: PropTypes.bool.isRequired,
+    processingTestUpstream: PropTypes.bool.isRequired,
+    t: PropTypes.func.isRequired,
+};
+
+export default withNamespaces()(Upstream);
diff --git a/client/src/components/Settings/index.js b/client/src/components/Settings/index.js
index efa49bdd..6f0be6b1 100644
--- a/client/src/components/Settings/index.js
+++ b/client/src/components/Settings/index.js
@@ -41,22 +41,6 @@ class Settings extends Component {
         this.props.getTlsStatus();
     }
 
-    handleUpstreamChange = (value) => {
-        this.props.handleUpstreamChange({ upstreamDns: value });
-    };
-
-    handleUpstreamSubmit = () => {
-        this.props.setUpstream(this.props.dashboard.upstreamDns);
-    };
-
-    handleUpstreamTest = () => {
-        if (this.props.dashboard.upstreamDns.length > 0) {
-            this.props.testUpstream(this.props.dashboard.upstreamDns);
-        } else {
-            this.props.addErrorToast({ error: this.props.t('no_servers_specified') });
-        }
-    };
-
     renderSettings = (settings) => {
         if (Object.keys(settings).length > 0) {
             return Object.keys(settings).map((key) => {
@@ -75,8 +59,7 @@ class Settings extends Component {
     }
 
     render() {
-        const { settings, t } = this.props;
-        const { upstreamDns } = this.props.dashboard;
+        const { settings, dashboard, t } = this.props;
         return (
             <Fragment>
                 <PageTitle title={ t('settings') } />
@@ -91,11 +74,13 @@ class Settings extends Component {
                                     </div>
                                 </Card>
                                 <Upstream
-                                    upstreamDns={upstreamDns}
+                                    upstreamDns={dashboard.upstreamDns}
+                                    boostrapDns={dashboard.boostrapDns}
+                                    allServers={dashboard.allServers}
+                                    setUpstream={this.props.setUpstream}
+                                    testUpstream={this.props.testUpstream}
                                     processingTestUpstream={settings.processingTestUpstream}
-                                    handleUpstreamChange={this.handleUpstreamChange}
-                                    handleUpstreamSubmit={this.handleUpstreamSubmit}
-                                    handleUpstreamTest={this.handleUpstreamTest}
+                                    processingSetUpstream={settings.processingSetUpstream}
                                 />
                                 <Encryption
                                     encryption={this.props.encryption}
diff --git a/client/src/components/ui/Checkbox.css b/client/src/components/ui/Checkbox.css
index 9d483a5d..0d596a77 100644
--- a/client/src/components/ui/Checkbox.css
+++ b/client/src/components/ui/Checkbox.css
@@ -91,6 +91,10 @@
     line-height: 1.5;
 }
 
+.checkbox__label-text--long {
+    max-width: initial;
+}
+
 .checkbox__label-title {
     display: block;
     line-height: 1.5;
diff --git a/client/src/helpers/form.js b/client/src/helpers/form.js
index 1f0a339a..c9703033 100644
--- a/client/src/helpers/form.js
+++ b/client/src/helpers/form.js
@@ -32,7 +32,7 @@ export const renderSelectField = ({
                 disabled={disabled}
             />
             <span className="checkbox__label">
-                <span className="checkbox__label-text">
+                <span className="checkbox__label-text checkbox__label-text--long">
                     <span className="checkbox__label-title">{placeholder}</span>
                 </span>
             </span>
diff --git a/client/src/helpers/helpers.js b/client/src/helpers/helpers.js
index eb7c7db2..def63dce 100644
--- a/client/src/helpers/helpers.js
+++ b/client/src/helpers/helpers.js
@@ -201,3 +201,5 @@ export const redirectToCurrentProtocol = (values, httpPort = 80) => {
         window.location.replace(`http://${hostname}:${httpPort}/${hash}`);
     }
 };
+
+export const normalizeTextarea = text => text && text.replace(/[;, ]/g, '\n').split('\n');
diff --git a/client/src/reducers/index.js b/client/src/reducers/index.js
index e83f48a1..90ace4d6 100644
--- a/client/src/reducers/index.js
+++ b/client/src/reducers/index.js
@@ -51,6 +51,8 @@ const dashboard = handleActions({
             dns_address: dnsAddress,
             querylog_enabled: queryLogEnabled,
             upstream_dns: upstreamDns,
+            bootstrap_dns: bootstrapDns,
+            all_servers: allServers,
             protection_enabled: protectionEnabled,
             language,
             http_port: httpPort,
@@ -64,6 +66,8 @@ const dashboard = handleActions({
             dnsAddress,
             queryLogEnabled,
             upstreamDns: upstreamDns.join('\n'),
+            bootstrapDns: bootstrapDns.join('\n'),
+            allServers,
             protectionEnabled,
             language,
             httpPort,
@@ -171,7 +175,9 @@ const dashboard = handleActions({
     logStatusProcessing: false,
     processingVersion: true,
     processingFiltering: true,
-    upstreamDns: [],
+    upstreamDns: '',
+    bootstrapDns: '',
+    allServers: false,
     protectionEnabled: false,
     processingProtection: false,
     httpPort: 80,

From ceaa1e4ebf2e29c972b8ed0f4d7cf54e13f85151 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 6 Mar 2019 15:35:22 +0300
Subject: [PATCH 40/95] [fix] control: fix json decode for upstream config

---
 control.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/control.go b/control.go
index 0bc6fc66..6f36c3ca 100644
--- a/control.go
+++ b/control.go
@@ -308,9 +308,9 @@ func sortByValue(m map[string]int) []string {
 
 // TODO this struct will become unnecessary after config file rework
 type upstreamConfig struct {
-	upstreams    []string // Upstreams
-	bootstrapDNS []string // Bootstrap DNS
-	allServers   bool     // --all-servers param for dnsproxy
+	Upstreams    []string `json:"upstream_dns"`  // Upstreams
+	BootstrapDNS []string `json:"bootstrap_dns"` // Bootstrap DNS
+	AllServers   bool     `json:"all_servers"`   // --all-servers param for dnsproxy
 }
 
 func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
@@ -323,13 +323,13 @@ func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
 	}
 
 	config.DNS.UpstreamDNS = defaultDNS
-	if len(newconfig.upstreams) > 0 {
-		config.DNS.UpstreamDNS = newconfig.upstreams
+	if len(newconfig.Upstreams) > 0 {
+		config.DNS.UpstreamDNS = newconfig.Upstreams
 	}
 
 	// bootstrap servers are plain DNS only. We should remove tls:// https:// and sdns:// hosts from slice
 	bootstraps := []string{}
-	for _, host := range newconfig.bootstrapDNS {
+	for _, host := range newconfig.BootstrapDNS {
 		err := checkBootstrapDNS(host)
 		if err != nil {
 			log.Tracef("%s can not be used as bootstrap DNS cause: %s", host, err)
@@ -343,7 +343,7 @@ func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
 		config.DNS.BootstrapDNS = bootstraps
 	}
 
-	config.DNS.AllServers = newconfig.allServers
+	config.DNS.AllServers = newconfig.AllServers
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 

From f2e547a54e50162caa25b562e49e2846dd92b575 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 6 Mar 2019 16:17:15 +0300
Subject: [PATCH 41/95] [change] config, control, openapi: fix issues from
 reviw

---
 config.go            |  2 +-
 control.go           | 30 ++++++++++++++++--------------
 openapi/openapi.yaml | 20 +++-----------------
 3 files changed, 20 insertions(+), 32 deletions(-)

diff --git a/config.go b/config.go
index 83bd1764..d6178c38 100644
--- a/config.go
+++ b/config.go
@@ -60,7 +60,7 @@ type dnsConfig struct {
 	UpstreamDNS []string `yaml:"upstream_dns"`
 }
 
-var defaultDNS = []string{"tls://1.1.1.1", "tls://1.0.0.1"}
+var defaultDNS = []string{"https://dns.adguard.com/dns-query", "https://dns.cloudflare.com/dns-query"}
 var defaultBootstrap = []string{"1.1.1.1"}
 
 type tlsConfigSettings struct {
diff --git a/control.go b/control.go
index 6f36c3ca..d4daa621 100644
--- a/control.go
+++ b/control.go
@@ -327,20 +327,18 @@ func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
 		config.DNS.UpstreamDNS = newconfig.Upstreams
 	}
 
-	// bootstrap servers are plain DNS only. We should remove tls:// https:// and sdns:// hosts from slice
-	bootstraps := []string{}
+	// bootstrap servers are plain DNS only. We should return http error if there are tls:// https:// or sdns:// hosts in slice
 	for _, host := range newconfig.BootstrapDNS {
 		err := checkBootstrapDNS(host)
 		if err != nil {
-			log.Tracef("%s can not be used as bootstrap DNS cause: %s", host, err)
-			continue
+			httpError(w, http.StatusBadRequest, "%s can not be used as bootstrap dns cause: %s", host, err)
+			return
 		}
-		bootstraps = append(bootstraps, host)
 	}
 
 	config.DNS.BootstrapDNS = defaultBootstrap
-	if len(bootstraps) > 0 {
-		config.DNS.BootstrapDNS = bootstraps
+	if len(newconfig.BootstrapDNS) > 0 {
+		config.DNS.BootstrapDNS = newconfig.BootstrapDNS
 	}
 
 	config.DNS.AllServers = newconfig.AllServers
@@ -361,22 +359,22 @@ func checkBootstrapDNS(host string) error {
 
 func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	log.Tracef("%s %v", r.Method, r.URL)
-	hosts := []string{}
-	err := json.NewDecoder(r.Body).Decode(&hosts)
+	upstreamConfig := upstreamConfig{}
+	err := json.NewDecoder(r.Body).Decode(&upstreamConfig)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Failed to read request body: %s", err)
 		return
 	}
 
-	if len(hosts) == 0 {
+	if len(upstreamConfig.Upstreams) == 0 {
 		httpError(w, http.StatusBadRequest, "No servers specified")
 		return
 	}
 
 	result := map[string]string{}
 
-	for _, host := range hosts {
-		err = checkDNS(host)
+	for _, host := range upstreamConfig.Upstreams {
+		err = checkDNS(host, upstreamConfig.BootstrapDNS)
 		if err != nil {
 			log.Info("%v", err)
 			result[host] = err.Error()
@@ -398,9 +396,13 @@ func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-func checkDNS(input string) error {
+func checkDNS(input string, bootstrap []string) error {
+	if len(bootstrap) == 0 {
+		bootstrap = defaultBootstrap
+	}
+
 	log.Debug("Checking if DNS %s works...", input)
-	u, err := upstream.AddressToUpstream(input, upstream.Options{Timeout: dnsforward.DefaultTimeout})
+	u, err := upstream.AddressToUpstream(input, upstream.Options{Bootstrap: bootstrap, Timeout: dnsforward.DefaultTimeout})
 	if err != nil {
 		return fmt.Errorf("failed to choose upstream for %s: %s", input, err)
 	}
diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml
index d84e90ec..c40648bc 100644
--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@@ -111,15 +111,15 @@ paths:
             tags:
                 - global
             operationId: testUpstreamDNS
-            summary: "Test upstream DNS"
+            summary: "Test upstream configuration"
             consumes:
                 - application/json
             parameters:
                 -   in: "body"
                     name: "body"
-                    description: "Upstream servers to be tested"
+                    description: "Upstream configuration to be tested"
                     schema:
-                        $ref: "#/definitions/TestUpstreams"
+                        $ref: "#/definitions/UpstreamsConfig"
             responses:
                 200:
                     description: 'Status of testing each requested server, with "OK" meaning that server works, any other text means an error.'
@@ -814,20 +814,6 @@ definitions:
             all_servers:
                 type: "boolean"
                 description: "If true, parallel queries to all configured upstream servers are enabled"
-    TestUpstreams:
-        type: "object"
-        description: "Upstream servers to be tested"
-        required:
-            - "upstream_dns"
-        properties:
-            upstream_dns:
-                type: "array"
-                description: 'Upstream servers, port is optional after colon'
-                items:
-                    type: "string"
-                example:
-                    - "tls://1.1.1.1"
-                    - "tls://1.0.0.1"
     Filter:
         type: "object"
         description: "Filter subscription info"

From bf2781d465041c2e7db68cb3529115642a61e455 Mon Sep 17 00:00:00 2001
From: Ildar Kamalov <i.kamalov@adguard.com>
Date: Wed, 6 Mar 2019 16:35:21 +0300
Subject: [PATCH 42/95] * client: locales and pass object to testUpstream

---
 client/src/__locales/en.json                  |  6 ++---
 client/src/actions/index.js                   | 21 +++++++++++----
 .../src/components/Settings/Upstream/Form.js  | 27 ++++++++++++++++---
 client/src/components/Settings/index.js       |  3 +--
 4 files changed, 43 insertions(+), 14 deletions(-)

diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json
index b70cdd37..550ad44d 100644
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -79,7 +79,7 @@
     "no_settings": "No settings",
     "general_settings": "General settings",
     "upstream_dns": "Upstream DNS servers",
-    "upstream_dns_hint": "If you keep this field empty, AdGuard Home will use <a href='https:\/\/1.1.1.1\/' target='_blank'>Cloudflare DNS<\/a> as an upstream. Use tls:\/\/ prefix for DNS over TLS servers.",
+    "upstream_dns_hint": "If you keep this field empty, AdGuard Home will use <a href='https:\/\/1.1.1.1\/' target='_blank'>Cloudflare DNS<\/a> as an upstream.",
     "test_upstream_btn": "Test upstreams",
     "apply_btn": "Apply",
     "disabled_filtering_toast": "Disabled filtering",
@@ -248,6 +248,6 @@
     "reset_settings": "Reset settings",
     "update_announcement": "AdGuard Home {{version}} is now available! <0>Click here</0> for more info.",
     "upstream_parallel": "Use parallel queries to speed up resolving by simultaneously querying all upstream servers",
-    "bootstrap_dns": "Bootstrap DNS",
-    "bootstrap_dns_desc": "Bootstrap DNS for DNS-over-HTTPS and DNS-over-TLS servers"
+    "bootstrap_dns": "Bootstrap DNS servers",
+    "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve the IP address of the DOH/DOT resolvers you specify as upstreams."
 }
diff --git a/client/src/actions/index.js b/client/src/actions/index.js
index 0bb99940..9711a0dc 100644
--- a/client/src/actions/index.js
+++ b/client/src/actions/index.js
@@ -456,8 +456,12 @@ export const setUpstream = config => async (dispatch) => {
     dispatch(setUpstreamRequest());
     try {
         const values = { ...config };
-        values.bootstrap_dns = (values.bootstrap_dns && normalizeTextarea(values.bootstrap_dns)) || '';
-        values.upstream_dns = (values.upstream_dns && normalizeTextarea(values.upstream_dns)) || '';
+        values.bootstrap_dns = (
+            values.bootstrap_dns && normalizeTextarea(values.bootstrap_dns)
+        ) || [];
+        values.upstream_dns = (
+            values.upstream_dns && normalizeTextarea(values.upstream_dns)
+        ) || [];
 
         await apiClient.setUpstream(values);
         dispatch(addSuccessToast('updated_upstream_dns_toast'));
@@ -472,12 +476,19 @@ export const testUpstreamRequest = createAction('TEST_UPSTREAM_REQUEST');
 export const testUpstreamFailure = createAction('TEST_UPSTREAM_FAILURE');
 export const testUpstreamSuccess = createAction('TEST_UPSTREAM_SUCCESS');
 
-export const testUpstream = values => async (dispatch) => {
+export const testUpstream = config => async (dispatch) => {
     dispatch(testUpstreamRequest());
     try {
-        const servers = normalizeTextarea(values);
-        const upstreamResponse = await apiClient.testUpstream(servers);
+        const values = { ...config };
+        values.bootstrap_dns = (
+            values.bootstrap_dns && normalizeTextarea(values.bootstrap_dns)
+        ) || [];
+        values.upstream_dns = (
+            values.upstream_dns && normalizeTextarea(values.upstream_dns)
+        ) || [];
+        console.log(values);
 
+        const upstreamResponse = await apiClient.testUpstream(values);
         const testMessages = Object.keys(upstreamResponse).map((key) => {
             const message = upstreamResponse[key];
             if (message !== 'OK') {
diff --git a/client/src/components/Settings/Upstream/Form.js b/client/src/components/Settings/Upstream/Form.js
index 7a38b31a..245e7d27 100644
--- a/client/src/components/Settings/Upstream/Form.js
+++ b/client/src/components/Settings/Upstream/Form.js
@@ -14,6 +14,8 @@ let Form = (props) => {
         handleSubmit,
         testUpstream,
         upstreamDns,
+        bootstrapDns,
+        allServers,
         submitting,
         invalid,
         processingSetUpstream,
@@ -30,7 +32,9 @@ let Form = (props) => {
             <div className="row">
                 <div className="col-12">
                     <div className="form__group form__group--settings">
-                        <label>{t('upstream_dns')}</label>
+                        <label className="form__label" htmlFor="upstream_dns">
+                            <Trans>upstream_dns</Trans>
+                        </label>
                         <Field
                             id="upstream_dns"
                             name="upstream_dns"
@@ -53,14 +57,19 @@ let Form = (props) => {
                 </div>
                 <div className="col-12">
                     <div className="form__group">
-                        <label>{t('bootstrap_dns')}</label>
+                        <label className="form__label" htmlFor="bootstrap_dns">
+                            <Trans>bootstrap_dns</Trans>
+                        </label>
+                        <div className="form__desc form__desc--top">
+                            <Trans>bootstrap_dns_desc</Trans>
+                        </div>
                         <Field
                             id="bootstrap_dns"
                             name="bootstrap_dns"
                             component="textarea"
                             type="text"
                             className="form-control"
-                            placeholder={t('bootstrap_dns_desc')}
+                            placeholder={t('bootstrap_dns')}
                         />
                     </div>
                 </div>
@@ -70,7 +79,11 @@ let Form = (props) => {
                     <button
                         type="button"
                         className={testButtonClass}
-                        onClick={() => testUpstream(upstreamDns)}
+                        onClick={() => testUpstream({
+                            upstream_dns: upstreamDns,
+                            bootstrap_dns: bootstrapDns,
+                            all_servers: allServers,
+                        })}
                         disabled={!upstreamDns || processingTestUpstream}
                     >
                         <Trans>test_upstream_btn</Trans>
@@ -100,6 +113,8 @@ Form.propTypes = {
     invalid: PropTypes.bool,
     initialValues: PropTypes.object,
     upstreamDns: PropTypes.string,
+    bootstrapDns: PropTypes.string,
+    allServers: PropTypes.bool,
     processingTestUpstream: PropTypes.bool,
     processingSetUpstream: PropTypes.bool,
     t: PropTypes.func,
@@ -109,8 +124,12 @@ const selector = formValueSelector('upstreamForm');
 
 Form = connect((state) => {
     const upstreamDns = selector(state, 'upstream_dns');
+    const bootstrapDns = selector(state, 'bootstrap_dns');
+    const allServers = selector(state, 'all_servers');
     return {
         upstreamDns,
+        bootstrapDns,
+        allServers,
     };
 })(Form);
 
diff --git a/client/src/components/Settings/index.js b/client/src/components/Settings/index.js
index 6f0be6b1..e6c39cf7 100644
--- a/client/src/components/Settings/index.js
+++ b/client/src/components/Settings/index.js
@@ -75,7 +75,7 @@ class Settings extends Component {
                                 </Card>
                                 <Upstream
                                     upstreamDns={dashboard.upstreamDns}
-                                    boostrapDns={dashboard.boostrapDns}
+                                    bootstrapDns={dashboard.bootstrapDns}
                                     allServers={dashboard.allServers}
                                     setUpstream={this.props.setUpstream}
                                     testUpstream={this.props.testUpstream}
@@ -110,7 +110,6 @@ Settings.propTypes = {
     toggleSetting: PropTypes.func,
     handleUpstreamChange: PropTypes.func,
     setUpstream: PropTypes.func,
-    upstream: PropTypes.string,
     t: PropTypes.func,
 };
 

From cdc568d8d926179426c0947d58ff093e5ec40931 Mon Sep 17 00:00:00 2001
From: Ildar Kamalov <i.kamalov@adguard.com>
Date: Wed, 6 Mar 2019 17:53:04 +0300
Subject: [PATCH 43/95] * client: remove empty elements from upstream and
 bootstrap

---
 client/src/helpers/helpers.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/src/helpers/helpers.js b/client/src/helpers/helpers.js
index def63dce..fbfa3b23 100644
--- a/client/src/helpers/helpers.js
+++ b/client/src/helpers/helpers.js
@@ -202,4 +202,4 @@ export const redirectToCurrentProtocol = (values, httpPort = 80) => {
     }
 };
 
-export const normalizeTextarea = text => text && text.replace(/[;, ]/g, '\n').split('\n');
+export const normalizeTextarea = text => text && text.replace(/[;, ]/g, '\n').split('\n').filter(n => n);

From 89b6323f03a476f0c1d3ffecbb8bb372a4951e18 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 6 Mar 2019 18:06:26 +0300
Subject: [PATCH 44/95] [change] control: update bootstrap DNS check

---
 control.go | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/control.go b/control.go
index d4daa621..fb1cf0af 100644
--- a/control.go
+++ b/control.go
@@ -329,7 +329,7 @@ func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
 
 	// bootstrap servers are plain DNS only. We should return http error if there are tls:// https:// or sdns:// hosts in slice
 	for _, host := range newconfig.BootstrapDNS {
-		err := checkBootstrapDNS(host)
+		err := checkPlainDNS(host)
 		if err != nil {
 			httpError(w, http.StatusBadRequest, "%s can not be used as bootstrap dns cause: %s", host, err)
 			return
@@ -345,16 +345,29 @@ func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
-// checkBootstrapDNS checks if host is plain DNS
-func checkBootstrapDNS(host string) error {
+// checkPlainDNS checks if host is plain DNS
+func checkPlainDNS(host string) error {
 	// Check if host is ip without port
 	if net.ParseIP(host) != nil {
 		return nil
 	}
 
 	// Check if host is ip with port
-	_, _, err := net.SplitHostPort(host)
-	return err
+	ip, port, err := net.SplitHostPort(host)
+	if err != nil {
+		return err
+	}
+
+	if net.ParseIP(ip) == nil {
+		return fmt.Errorf("%s is not valid IP", ip)
+	}
+
+	_, err = strconv.ParseInt(port, 0, 64)
+	if err != nil {
+		return fmt.Errorf("%s is not valid port: %s", port, err)
+	}
+
+	return nil
 }
 
 func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {

From 1b15bee2b09df5b2c31edf6d6d594aa53ac9124c Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 6 Mar 2019 18:24:14 +0300
Subject: [PATCH 45/95] [change] control: add upstreams validation

---
 control.go | 34 ++++++++++++++++++++++++++--------
 1 file changed, 26 insertions(+), 8 deletions(-)

diff --git a/control.go b/control.go
index fb1cf0af..fe340ecd 100644
--- a/control.go
+++ b/control.go
@@ -322,15 +322,21 @@ func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	for _, u := range newconfig.Upstreams {
+		if err = validateUpstream(u); err != nil {
+			httpError(w, http.StatusBadRequest, "%s can not be used as upstream cause: %s", u, err)
+			return
+		}
+	}
+
 	config.DNS.UpstreamDNS = defaultDNS
 	if len(newconfig.Upstreams) > 0 {
 		config.DNS.UpstreamDNS = newconfig.Upstreams
 	}
 
-	// bootstrap servers are plain DNS only. We should return http error if there are tls:// https:// or sdns:// hosts in slice
+	// bootstrap servers are plain DNS only.
 	for _, host := range newconfig.BootstrapDNS {
-		err := checkPlainDNS(host)
-		if err != nil {
+		if err := checkPlainDNS(host); err != nil {
 			httpError(w, http.StatusBadRequest, "%s can not be used as bootstrap dns cause: %s", host, err)
 			return
 		}
@@ -345,26 +351,38 @@ func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
+func validateUpstream(upstream string) error {
+	if strings.HasPrefix(upstream, "tls://") || strings.HasPrefix(upstream, "https://") || strings.HasPrefix(upstream, "sdns://") || strings.HasPrefix(upstream, "tcp://") {
+		return nil
+	}
+
+	if strings.Contains(upstream, "://") {
+		return fmt.Errorf("wrong protocol")
+	}
+
+	return checkPlainDNS(upstream)
+}
+
 // checkPlainDNS checks if host is plain DNS
-func checkPlainDNS(host string) error {
+func checkPlainDNS(upstream string) error {
 	// Check if host is ip without port
-	if net.ParseIP(host) != nil {
+	if net.ParseIP(upstream) != nil {
 		return nil
 	}
 
 	// Check if host is ip with port
-	ip, port, err := net.SplitHostPort(host)
+	ip, port, err := net.SplitHostPort(upstream)
 	if err != nil {
 		return err
 	}
 
 	if net.ParseIP(ip) == nil {
-		return fmt.Errorf("%s is not valid IP", ip)
+		return fmt.Errorf("%s is not a valid IP", ip)
 	}
 
 	_, err = strconv.ParseInt(port, 0, 64)
 	if err != nil {
-		return fmt.Errorf("%s is not valid port: %s", port, err)
+		return fmt.Errorf("%s is not a valid port: %s", port, err)
 	}
 
 	return nil

From ac131923a2eb3b249477761b3d85e103cff51b4d Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 6 Mar 2019 18:36:31 +0300
Subject: [PATCH 46/95] [change] control: add upstreams validation before dns
 config test

---
 control.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/control.go b/control.go
index d6e5cbe0..4ca0f023 100644
--- a/control.go
+++ b/control.go
@@ -418,6 +418,10 @@ func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 }
 
 func checkDNS(input string, bootstrap []string) error {
+	if err := validateUpstream(input); err != nil {
+		return fmt.Errorf("wrong upstream format: %s", err)
+	}
+
 	if len(bootstrap) == 0 {
 		bootstrap = defaultBootstrap
 	}

From 83877fb871be1f29d1ba1afc5f619d4c9d7bd0b1 Mon Sep 17 00:00:00 2001
From: Ildar Kamalov <i.kamalov@adguard.com>
Date: Wed, 6 Mar 2019 18:39:14 +0300
Subject: [PATCH 47/95] * client: fix grammar

---
 client/src/__locales/en.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json
index 550ad44d..61e5c08e 100644
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -249,5 +249,5 @@
     "update_announcement": "AdGuard Home {{version}} is now available! <0>Click here</0> for more info.",
     "upstream_parallel": "Use parallel queries to speed up resolving by simultaneously querying all upstream servers",
     "bootstrap_dns": "Bootstrap DNS servers",
-    "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve the IP address of the DOH/DOT resolvers you specify as upstreams."
+    "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve IP address of the DOH/DOT resolvers you specify as upstreams."
 }

From 982f8dc1e143a64fbdd8e16cb08cc481b77e5a43 Mon Sep 17 00:00:00 2001
From: Ildar Kamalov <i.kamalov@adguard.com>
Date: Wed, 6 Mar 2019 18:50:17 +0300
Subject: [PATCH 48/95] * client: remove log

---
 client/src/actions/index.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/client/src/actions/index.js b/client/src/actions/index.js
index 9711a0dc..ad63ed16 100644
--- a/client/src/actions/index.js
+++ b/client/src/actions/index.js
@@ -486,7 +486,6 @@ export const testUpstream = config => async (dispatch) => {
         values.upstream_dns = (
             values.upstream_dns && normalizeTextarea(values.upstream_dns)
         ) || [];
-        console.log(values);
 
         const upstreamResponse = await apiClient.testUpstream(values);
         const testMessages = Object.keys(upstreamResponse).map((key) => {

From bf82ccede90d675e880cf92904b8d4c0eae25ab7 Mon Sep 17 00:00:00 2001
From: Ildar Kamalov <i.kamalov@adguard.com>
Date: Thu, 7 Mar 2019 12:02:49 +0300
Subject: [PATCH 49/95] * client: typo

---
 client/src/__locales/en.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json
index 61e5c08e..5a252521 100644
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -249,5 +249,5 @@
     "update_announcement": "AdGuard Home {{version}} is now available! <0>Click here</0> for more info.",
     "upstream_parallel": "Use parallel queries to speed up resolving by simultaneously querying all upstream servers",
     "bootstrap_dns": "Bootstrap DNS servers",
-    "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve IP address of the DOH/DOT resolvers you specify as upstreams."
+    "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve IP addresses of the DOH/DOT resolvers you specify as upstreams."
 }

From c8c663f3f0d3251b96fabcdec983ca5e77d3b88d Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Thu, 7 Mar 2019 12:04:22 +0300
Subject: [PATCH 50/95] [change] config: fix default upstreams list

---
 client/src/__locales/en.json | 2 +-
 config.go                    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json
index 61e5c08e..5a252521 100644
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -249,5 +249,5 @@
     "update_announcement": "AdGuard Home {{version}} is now available! <0>Click here</0> for more info.",
     "upstream_parallel": "Use parallel queries to speed up resolving by simultaneously querying all upstream servers",
     "bootstrap_dns": "Bootstrap DNS servers",
-    "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve IP address of the DOH/DOT resolvers you specify as upstreams."
+    "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve IP addresses of the DOH/DOT resolvers you specify as upstreams."
 }
diff --git a/config.go b/config.go
index 706dff25..6c5e57b3 100644
--- a/config.go
+++ b/config.go
@@ -60,7 +60,7 @@ type dnsConfig struct {
 	UpstreamDNS []string `yaml:"upstream_dns"`
 }
 
-var defaultDNS = []string{"https://dns.adguard.com/dns-query", "https://dns.cloudflare.com/dns-query"}
+var defaultDNS = []string{"https://dns.cloudflare.com/dns-query"}
 var defaultBootstrap = []string{"1.1.1.1"}
 
 type tlsConfigSettings struct {

From 10fcfefcfd7220d68880cd735a3844ec4e617555 Mon Sep 17 00:00:00 2001
From: Ildar Kamalov <i.kamalov@adguard.com>
Date: Thu, 7 Mar 2019 12:38:17 +0300
Subject: [PATCH 51/95] * client: bulgarian language translation

---
 client/src/__locales/bg.json     | 250 +++++++++++++++++++++++++++++++
 client/src/__locales/en.json     |  18 +--
 client/src/__locales/pt-br.json  |  96 +++++++++++-
 client/src/__locales/sv.json     |  92 +++++++++++-
 client/src/__locales/zh-tw.json  |  40 ++++-
 client/src/helpers/constants.js  |   4 +
 client/src/i18n.js               |   4 +
 i18n.go                          |   1 +
 scripts/translations/download.js |   1 +
 9 files changed, 491 insertions(+), 15 deletions(-)
 create mode 100644 client/src/__locales/bg.json

diff --git a/client/src/__locales/bg.json b/client/src/__locales/bg.json
new file mode 100644
index 00000000..9a7d5b2e
--- /dev/null
+++ b/client/src/__locales/bg.json
@@ -0,0 +1,250 @@
+{
+    "url_added_successfully": "Успешно добавен URL",
+    "check_dhcp_servers": "Проверка за активен DHCP сървър",
+    "save_config": "Запиши настройките",
+    "enabled_dhcp": "DHCP е разрешен",
+    "disabled_dhcp": "DHCP е забранен",
+    "dhcp_title": "DHCP сървър (тестови!)",
+    "dhcp_description": "Ако рутера ви не раздава DHCP адреси, може да използвате вградения в AdGuard DHCP сървър.",
+    "dhcp_enable": "Рзреши DHCP сървъра",
+    "dhcp_disable": "Забрани DHCP сървъра",
+    "dhcp_not_found": "Вашата мрежа няма активен DHCP сървър. Безопасно е ползването на вградения DHCP сървър.",
+    "dhcp_found": "Вашата мрежа вече има активен DHCP сървър. Не е безопасно ползването на втори!",
+    "dhcp_leases": "DHCP раздадени адреси",
+    "dhcp_leases_not_found": "Няма намерени активни DHCP адреси",
+    "dhcp_config_saved": "Запиши конфигурацията на DHCP сървъра",
+    "form_error_required": "Задължително поле",
+    "form_error_ip_format": "Невалиден IPv4 адрес",
+    "form_error_positive": "Проверете дали е положително число",
+    "dhcp_form_gateway_input": "IP шлюз",
+    "dhcp_form_subnet_input": "Мрежова маска",
+    "dhcp_form_range_title": "Група от IP адреси",
+    "dhcp_form_range_start": "Първи адрес",
+    "dhcp_form_range_end": "Последен адрес",
+    "dhcp_form_lease_title": "Отдадени адреси (секунди)",
+    "dhcp_form_lease_input": "Отчет за раздадени адреси",
+    "dhcp_interface_select": "Изберете мрежов адаптер за DHCP",
+    "dhcp_hardware_address": "Хардуерни адреси (MAC)",
+    "dhcp_ip_addresses": "IP адреси",
+    "dhcp_table_hostname": "Име на устройство",
+    "dhcp_table_expires": "История",
+    "dhcp_warning": "Ако искате да използвате вградения DHCP сървър, трябва да няма друг активен DHCP в мрежата Ви!",
+    "back": "Назад",
+    "dashboard": "Табло",
+    "settings": "Настройки",
+    "filters": "Филтри",
+    "query_log": "История на заявките",
+    "faq": "ЧЗВ",
+    "version": "версия",
+    "address": "адрес",
+    "on": "ВКЛЮЧЕНО",
+    "off": "ИЗКЛЮЧЕНО",
+    "copyright": "Авторско право",
+    "homepage": "Домашна страница",
+    "report_an_issue": "Съобщи за проблем",
+    "enable_protection": "Разреши защита",
+    "enabled_protection": "Защитата е разрешена",
+    "disable_protection": "Забрани защита",
+    "disabled_protection": "Защитата е забранена",
+    "refresh_statics": "Обнови статистиката",
+    "dns_query": "DNS запитвания",
+    "blocked_by": "Блокирани от",
+    "stats_malware_phishing": "вируси/атаки",
+    "stats_adult": "сайтове за възрастни",
+    "stats_query_domain": "Най-отваряни страници",
+    "for_last_24_hours": "за последните 24 часа",
+    "no_domains_found": "Няма намерени резултати",
+    "requests_count": "Сума на заявките",
+    "top_blocked_domains": "Най-блокирани страници",
+    "top_clients": "Най-активни IP адреси",
+    "no_clients_found": "Нямa намерени адреси",
+    "general_statistics": "Обща статисика",
+    "number_of_dns_query_24_hours": "Сума на DNS заявки за последните 24 часа",
+    "number_of_dns_query_blocked_24_hours": "Сума на блокирани DNS заявки от филтрите за реклама и местни",
+    "number_of_dns_query_blocked_24_hours_by_sec": "Сума на блокирани DNS заявки от AdGuard свързани със сигурността",
+    "number_of_dns_query_blocked_24_hours_adult": "Сума на блокирани сайтове за възрастни",
+    "enforced_save_search": "Активирано Безопасно Търсене",
+    "number_of_dns_query_to_safe_search": "Сума на DNS заявки при който е приложено Безопасно Търсене",
+    "average_processing_time": "Средно време за обработка",
+    "average_processing_time_hint": "Средно време за обработка на DNS заявки в милисекунди",
+    "block_domain_use_filters_and_hosts": "Блокирани домейни - общи и местни филтри",
+    "filters_block_toggle_hint": "Може да зададете собствени настройки в <a href='#filters'>Филтри</a>.",
+    "use_adguard_browsing_sec": "Използвайте AdGuard модул за сигурността",
+    "use_adguard_browsing_sec_hint": "Модул Сигурност в AdGuard Home проверява всяка страница която отваряте дали е в черните списъци застрашаващи вашата сигурност. Използва се програмен интерфейс който защитава вашата анонимност и изпраща само SHA256 сума базирана на част от домейна който посещавате.",
+    "use_adguard_parental": "Включи AdGuard Родителски Надзор",
+    "use_adguard_parental_hint": "Модул XXX в AdGuard Home ще провери дали страницата има материали за възвъстни. Използва се същия API за анонимност като при модула за Сигурност.",
+    "enforce_safe_search": "Включи Безопасно Търсене",
+    "enforce_save_search_hint": "AdGuard Home прилага Безопасно Търсене в следните търсачки и сайтове: Google, Youtube, Bing, и Yandex.",
+    "no_servers_specified": "Няма избрани услуги",
+    "no_settings": "Няма настройки",
+    "general_settings": "Общи настройки",
+    "upstream_dns": "Главен DNS сървър",
+    "upstream_dns_hint": "Ако оставите празно, AdGuard Home ще използва <a href='https://1.1.1.1/' target='_blank'>Cloudflare DNS</a> за главен. Използвай tls:// представка за DNS използващи TLS връзка.",
+    "test_upstream_btn": "Тествай главния DNS",
+    "apply_btn": "Приложи",
+    "disabled_filtering_toast": "Забрани филтрирането",
+    "enabled_filtering_toast": "Разреши фитрирането",
+    "disabled_safe_browsing_toast": "Забрани безопасно-сърфиране",
+    "enabled_safe_browsing_toast": "Рзреши безопасно-сърфиране",
+    "disabled_parental_toast": "Забрани Родителски Надзор",
+    "enabled_parental_toast": "Разреши Родителски Надзор",
+    "disabled_safe_search_toast": "Забрани Безопасно Търсене",
+    "enabled_save_search_toast": "Разреши Безопасно Търсене",
+    "enabled_table_header": "Разреши",
+    "name_table_header": "Име",
+    "filter_url_table_header": "URL филтър",
+    "rules_count_table_header": "Правила общо",
+    "last_time_updated_table_header": "Последно обновен",
+    "actions_table_header": "Действия",
+    "delete_table_action": "Изтрий",
+    "filters_and_hosts": "Черни списъци с общи и местни филтри",
+    "filters_and_hosts_hint": "AdGuard Home разбира adblock и host синтаксис.",
+    "no_filters_added": "Няма добавени филтри",
+    "add_filter_btn": "Добави филтър",
+    "cancel_btn": "Откажи",
+    "enter_name_hint": "Въведи име",
+    "enter_url_hint": "Въведи URL",
+    "check_updates_btn": "Провери за актуализация",
+    "new_filter_btn": "Въведи нов филтър",
+    "enter_valid_filter_url": "Моля въведете валиден URL за филтъра или проверете host правописа.",
+    "custom_filter_rules": "Местни правила за филтриране",
+    "custom_filter_rules_hint": "Въвеждайте всяко правило на нов ред. Може да използвате adblock или hosts файлов синтаксис.",
+    "examples_title": "Примери",
+    "example_meaning_filter_block": "Блокирай достъп до домейн example.org и всички под домейни.",
+    "example_meaning_filter_whitelist": "Разреши достъп до домейн example.org и всичките му под домейни.",
+    "example_meaning_host_block": "AdGuard Home ще отговори с 127.0.0.1 = празен адрес за домейн example.org (но не и за под домейни).",
+    "example_comment": "! Това е коментар",
+    "example_comment_meaning": "пример за коментар",
+    "example_comment_hash": "# Това е също коментар",
+    "example_regex_meaning": "Блокирай достъп до домейни който съвпадат със следното",
+    "example_upstream_regular": "класически DNS (UDP протокол)",
+    "example_upstream_dot": "криптиран <a href='https://en.wikipedia.org/wiki/DNS_over_TLS' target='_blank'>DNS-върху-TLS</a>",
+    "example_upstream_doh": "криптиран <a href='https://en.wikipedia.org/wiki/DNS_over_HTTPS' target='_blank'>DNS-върху-HTTPS</a>",
+    "example_upstream_sdns": "може да ползвате <a href='https://dnscrypt.info/stamps/' target='_blank'>DNS Подписване</a> за <a href='https://dnscrypt.info/' target='_blank'>DNSCrypt</a> или <a href='https://en.wikipedia.org/wiki/DNS_over_HTTPS' target='_blank'>DNS-върху-HTTPS</a> сървъри",
+    "example_upstream_tcp": "класически DNS (TCP протокол)",
+    "all_filters_up_to_date_toast": "Всички филти са актуализирани",
+    "updated_upstream_dns_toast": "Глобалните DNS сървъри са обновени",
+    "dns_test_ok_toast": "Въведените DNS сървъри работят коректно",
+    "dns_test_not_ok_toast": "Сървър \"{{key}}\": не работи, моля проверете дали е въведен коректно",
+    "unblock_btn": "Отблокирай",
+    "block_btn": "Блокирай",
+    "time_table_header": "Време",
+    "domain_name_table_header": "Име на домейн",
+    "type_table_header": "Тип",
+    "response_table_header": "Отговор",
+    "client_table_header": "Клиент",
+    "empty_response_status": "Празен",
+    "show_all_filter_type": "Покажи всички",
+    "show_filtered_type": "Покажи филтрирани",
+    "no_logs_found": "Няма история",
+    "disabled_log_btn": "Забрани историята",
+    "download_log_file_btn": "Смъкни историята",
+    "refresh_btn": "Обнови",
+    "enabled_log_btn": "Разреши историята",
+    "last_dns_queries": "Последните 5000 DNS заявки",
+    "previous_btn": "Предходен",
+    "next_btn": "Следващ",
+    "loading_table_status": "Зареждане...",
+    "page_table_footer_text": "Страница",
+    "of_table_footer_text": "от",
+    "rows_table_footer_text": "редове",
+    "updated_custom_filtering_toast": "Обновени местни правила за филтриране",
+    "rule_removed_from_custom_filtering_toast": "Премахнато от местни правила за филтриране",
+    "rule_added_to_custom_filtering_toast": "Добавено до местни правила за филтриране",
+    "query_log_disabled_toast": "Историята е забранена",
+    "query_log_enabled_toast": "Историята е разрешена",
+    "source_label": "Източник",
+    "found_in_known_domain_db": "Намерен в списъците с домейни.",
+    "category_label": "Категория",
+    "rule_label": "Правило",
+    "filter_label": "Филтър",
+    "unknown_filter": "Непознат филтър {{filterId}}",
+    "install_welcome_title": "Добре дошли в AdGuard Home!",
+    "install_welcome_desc": "AdGuard Home e мрежово решение за блокиране на реклами и тракери на DNS ниво. Създадено е за да ви даде пълен контрол над мрежата и всичките ви устройства, без да е необходимо допълнително инсталиране на друг софтуер.",
+    "install_settings_title": "Администрация",
+    "install_settings_listen": "Активни интерфейси",
+    "install_settings_port": "Порт",
+    "install_settings_interface_link": "Вашата AdGuard Home страница за администрация ще е достъпна на този адрес:",
+    "form_error_port": "Моля въведете валиден порт",
+    "install_settings_dns": "DNS сървър",
+    "install_settings_dns_desc": "За да работи, ще трябва да настроите вашият рутер или устройства да ползват DNS сървър с адрес:",
+    "install_settings_all_interfaces": "Всички интерфейси",
+    "install_auth_title": "Удостоверяване",
+    "install_auth_desc": "Много е важно да зададете име и парола за достъп до вашия панел за администрация на AdGuard Home. Препоръчваме ви да зададете име и парола независимо че го ползвате само в къщи.",
+    "install_auth_username": "Потребител",
+    "install_auth_password": "Парола",
+    "install_auth_confirm": "Потвърдете паролата",
+    "install_auth_username_enter": "Въведете потребител",
+    "install_auth_password_enter": "Въведете парола",
+    "install_step": "Стъпка",
+    "install_devices_title": "Настройте вашето устройство",
+    "install_devices_desc": "Да започнете да използвате AdGuard Home, е необходимо да настроите вашите устройства.",
+    "install_submit_title": "Поздравления!",
+    "install_submit_desc": "Настройката е завършена, може да започнете да ползвате AdGuard Home.",
+    "install_devices_router": "Рутер",
+    "install_devices_router_desc": "Ако настроите вашият рутер няма нужда ръчно да настройвате всяко едно от устрйствата в мрежата.",
+    "install_devices_address": "AdGuard Home DNS сървърът е на следния адрес",
+    "install_devices_router_list_1": "Отворете страницата за настройки на вашия рутер. Обикновено тя се намира на URL (тук http://192.168.0.1/ или тук http://192.168.1.1/). За достъп може да ви трябва парола. Ако сте забравили паролата може да я ресетнете като натиснета скрития ресет бутон - внимание това ще ресетне всички настройки на рутера до фабрични! Някой рутери могат да бъдате администрирани от софтуер или приложение, който би трябвало да е вече инсталиран на компютъра/телефона ви.",
+    "install_devices_router_list_2": "Намерета DHCP/DNS настройки. В под раздел DHCP рзгледайте и намерете къде е полето за DNS настройка в което може да въведете персонализирани настройки за DNS сървъри.",
+    "install_devices_router_list_3": "Въведете адресът на AdGuard Home сървъра.",
+    "install_devices_windows_list_1": "Отворете Контролния Панел през Старт меню или чрез функция търсене на Windows.",
+    "install_devices_windows_list_2": "Вървете до Настрйки на Мрежи и Интернет и от там изберете Мрежи и Център за Споделяне.",
+    "install_devices_windows_list_3": "От ляво на екрана намерете Смени настроки на мрежовия адаптер и кликнете на него.",
+    "install_devices_windows_list_4": "Изберете този който е активен, дясно-кликване и изберета Свойства.",
+    "install_devices_windows_list_5": "Намерете Интернет Протокол Версия 4 (TCP/IP) в списъка, изберете и кликнете отново на Свойства.",
+    "install_devices_windows_list_6": "Изберете Използвай следните адреси за DNS сърсъри и въведете адреса на AdGuard Home сървъра ви.",
+    "install_devices_macos_list_1": "Цъкнете на Apple иконката и изберете System Preferences...",
+    "install_devices_macos_list_2": "Цъкнете на Network.",
+    "install_devices_macos_list_3": "Изберете зелената-активна връзка в списъка и кликнете на Advanced.",
+    "install_devices_macos_list_4": "Изберете DNS таб и кликнете на + за да въведете адреса на AdGuard Home сървъра.",
+    "install_devices_android_list_1": "Изберете Android Меню от домашния екран, и цъкнете на Настройки.",
+    "install_devices_android_list_2": "Цъкнете на Wi-Fi меню. На екрана ще се появат всички безжични прежи (там няма възможност за въвеждане на DNS настройки).",
+    "install_devices_android_list_3": "Цъкнете и задръжде върху Вие сте свързани с.., и кликнете на Модифицирай мрежа.",
+    "install_devices_android_list_4": "На някой устройства може да е неоходимо да маркирате покажи Разширени, за да видите всички настройки. За да промените Android DNS настройките, може да се наложи да промените IP настройките от DHCP на Статични.",
+    "install_devices_android_list_5": "Променете стойностите на DNS 1 и DNS 2 да използват AdGuard Home сървъра.",
+    "install_devices_ios_list_1": "От начален екран, цъкнете на Settings.",
+    "install_devices_ios_list_2": "Изберете Wi-Fi от лявото меню (там няма възможност за въвеждане на DNS настройки).",
+    "install_devices_ios_list_3": "Клинете на името на активната мрежа към която сте свързани.",
+    "install_devices_ios_list_4": "В полето за DNS изберете ръчно и въведете адреса на AdGuard Home сървъра.",
+    "get_started": "Да започваме",
+    "next": "Следващ",
+    "open_dashboard": "Отвори табло",
+    "install_saved": "Успешно записано",
+    "encryption_title": "Криптиране",
+    "encryption_desc": "Подържа се сигурна връзка (HTTPS/TLS) включително за DNS и страницата за администрация",
+    "encryption_config_saved": "Конфигурацията е успешно записана",
+    "encryption_server": "Име на сървъра",
+    "encryption_server_enter": "Въведете име на домейна",
+    "encryption_server_desc": "За да използвате HTTPS, трябва името на сървъра да съвпада с това на SSL сертификата.",
+    "encryption_redirect": "Автоматично пренасочване към HTTPS",
+    "encryption_redirect_desc": "Служи за автоматично пренасочване от HTTP към HTTPS на страницата за Администрация в AdGuard Home.",
+    "encryption_https": "HTTPS порт",
+    "encryption_https_desc": "Ако зададете HTTPS порт, страницата за Администрация на AdGuard Home ще бъде достъпна на HTTPS, и също ще отговаря на DNS-върху-HTTPS '/dns-запитвания'.",
+    "encryption_dot": "DNS-върху-TLS порт",
+    "encryption_dot_desc": "Ако порта е конфигуриран, AdGuard Home ще стартира и сървър за DNS-върху-TLS.",
+    "encryption_certificates": "Сертификати",
+    "encryption_certificates_desc": "За да използвате сигурна връзка, ще трябва да осигурите SSL сертификати за вашия домейн. Може да заявите безплатен от <0>{{link}}</0> или да закупите от Certificate Authorities.",
+    "encryption_certificates_input": "Копирай/постави вашия PEM-кодиран сертификат тук.",
+    "encryption_status": "Състояние",
+    "encryption_expire": "Годен до",
+    "encryption_key": "Частен ключ",
+    "encryption_key_input": "Копирай/постави вашия PEM-кодиран чpастен ключ за вашия сертификат тук.",
+    "encryption_enable": "Разpеши криптиране (HTTPS, DNS-върху-HTTPS, и DNS-върху-TLS)",
+    "encryption_enable_desc": "Ако сте разрешили криптиране, страницата за Администрация на AdGuard Home ще бъде достъпна през HTTPS, и DNS сървъра ще отговаря също на запитвания DNS-върху-HTTPS и DNS-върху-TLS.",
+    "encryption_chain_valid": "Йерархията от сертификати е валидна",
+    "encryption_chain_invalid": "Йерархията от сертификати е невалидна",
+    "encryption_key_valid": "Това е валиден {{type}} частен ключ",
+    "encryption_key_invalid": "Това е невалиден {{type}} частен ключ",
+    "encryption_subject": "Тема",
+    "encryption_issuer": "Изпълнител",
+    "encryption_hostnames": "Имена на хоста",
+    "encryption_reset": "Сигурни ли сте че искате да изтриете настройките за криптиране?",
+    "topline_expiring_certificate": "Вашият SSL сертификат изтича. Обнови <0>Настройки за криптиране</0>.",
+    "topline_expired_certificate": "Вашият SSL сертификат е изтекъл. Обнови <0>Настройки за криптиране</0>.",
+    "form_error_port_range": "Въведете порт в диапазона 80-65535",
+    "form_error_port_unsafe": "Не е безопасно да използвате този порт",
+    "form_error_equal": "Не трябва да съвпада",
+    "form_error_password": "Паролата не съвпада",
+    "reset_settings": "Изтрий всички настройки",
+    "update_announcement": "Има нова AdGuard Home {{version}}! <0>Цъкни тук</0> за повече информация."
+}
diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json
index 45c33828..64c6b4b5 100644
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -1,5 +1,5 @@
 {
-    "url_added_successfully": "Url added successfully",
+    "url_added_successfully": "URL added successfully",
     "check_dhcp_servers": "Check for DHCP servers",
     "save_config": "Save config",
     "enabled_dhcp": "DHCP server enabled",
@@ -211,7 +211,7 @@
     "open_dashboard": "Open Dashboard",
     "install_saved": "Saved successfully",
     "encryption_title": "Encryption",
-    "encryption_desc": "Encryption (HTTPS/TLS) support for both DNS and admin web interface",
+    "encryption_desc": "Encryption (HTTPS\/TLS) support for both DNS and admin web interface",
     "encryption_config_saved": "Encryption config saved",
     "encryption_server": "Server name",
     "encryption_server_enter": "Enter your domain name",
@@ -223,12 +223,12 @@
     "encryption_dot": "DNS-over-TLS port",
     "encryption_dot_desc": "If this port is configured, AdGuard Home will run a DNS-over-TLS server on this port.",
     "encryption_certificates": "Certificates",
-    "encryption_certificates_desc": "In order to use encryption, you need to provide a valid SSL certificates chain for your domain. You can get a free certificate on <0>{{link}}</0> or you can buy it from one of the trusted Certificate Authorities.",
-    "encryption_certificates_input": "Copy/paste your PEM-encoded cerificates here.",
+    "encryption_certificates_desc": "In order to use encryption, you need to provide a valid SSL certificates chain for your domain. You can get a free certificate on <0>{{link}}<\/0> or you can buy it from one of the trusted Certificate Authorities.",
+    "encryption_certificates_input": "Copy\/paste your PEM-encoded certificates here.",
     "encryption_status": "Status",
     "encryption_expire": "Expires",
     "encryption_key": "Private key",
-    "encryption_key_input": "Copy/paste your PEM-encoded private key for your cerficate here.",
+    "encryption_key_input": "Copy\/paste your PEM-encoded private key for your certificate here.",
     "encryption_enable": "Enable Encryption (HTTPS, DNS-over-HTTPS, and DNS-over-TLS)",
     "encryption_enable_desc": "If encryption is enabled, AdGuard Home admin interface will work over HTTPS, and the DNS server will listen for requests over DNS-over-HTTPS and DNS-over-TLS.",
     "encryption_chain_valid": "Certificate chain is valid",
@@ -239,12 +239,12 @@
     "encryption_issuer": "Issuer",
     "encryption_hostnames": "Hostnames",
     "encryption_reset": "Are you sure you want to reset encryption settings?",
-    "topline_expiring_certificate": "Your SSL certificate is about to expire. Update <0>Encryption settings</0>.",
-    "topline_expired_certificate": "Your SSL certificate is expired. Update <0>Encryption settings</0>.",
+    "topline_expiring_certificate": "Your SSL certificate is about to expire. Update <0>Encryption settings<\/0>.",
+    "topline_expired_certificate": "Your SSL certificate is expired. Update <0>Encryption settings<\/0>.",
     "form_error_port_range": "Enter port value in the range of 80-65535",
     "form_error_port_unsafe": "This is an unsafe port",
     "form_error_equal": "Shouldn't be equal",
     "form_error_password": "Password mismatched",
     "reset_settings": "Reset settings",
-    "update_announcement": "AdGuard Home {{version}} is now available! <0>Click here</0> for more info."
-}
+    "update_announcement": "AdGuard Home {{version}} is now available! <0>Click here<\/0> for more info."
+}
\ No newline at end of file
diff --git a/client/src/__locales/pt-br.json b/client/src/__locales/pt-br.json
index 895a5d90..90591992 100644
--- a/client/src/__locales/pt-br.json
+++ b/client/src/__locales/pt-br.json
@@ -1,6 +1,6 @@
 {
-    "url_added_successfully": "Url adicionada com sucesso",
-    "check_dhcp_servers": "Verifique se h\u00e1 servidores DHCP",
+    "url_added_successfully": "URL adicionada com sucesso",
+    "check_dhcp_servers": "Verificar por servidores DHCP",
     "save_config": "Salvar configura\u00e7\u00e3o",
     "enabled_dhcp": "Servidor DHCP ativado",
     "disabled_dhcp": "Servidor DHCP desativado",
@@ -28,6 +28,7 @@
     "dhcp_ip_addresses": "Endere\u00e7o de IP",
     "dhcp_table_hostname": "Hostname",
     "dhcp_table_expires": "Expira",
+    "dhcp_warning": "Se voc\u00ea quiser ativar o servidor DHCP interno, certifique-se que n\u00e3o h\u00e1 outro servidor DHCP ativo. Caso contr\u00e1rio, isso pode impedir que outros dispositivos conectem \u00e1 internet!",
     "back": "Voltar",
     "dashboard": "Painel",
     "settings": "Configura\u00e7\u00f5es",
@@ -115,6 +116,7 @@
     "example_comment": "! Aqui vai um coment\u00e1rio",
     "example_comment_meaning": "apenas um coment\u00e1rio",
     "example_comment_hash": "# Tamb\u00e9m um coment\u00e1rio",
+    "example_regex_meaning": "bloqueia o acesso aos dom\u00ednios correspondentes \u00e0 express\u00e3o regular especificada",
     "example_upstream_regular": "DNS regular (atrav\u00e9s do UDP)",
     "example_upstream_dot": "DNS criptografado <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>atrav\u00e9s do TLS<\/a>",
     "example_upstream_doh": "DNS criptografado <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>atrav\u00e9s do HTTPS<\/a>",
@@ -156,5 +158,93 @@
     "category_label": "Categoria",
     "rule_label": "Regra",
     "filter_label": "Filtro",
-    "unknown_filter": "Filtro desconhecido {{filterId}}"
+    "unknown_filter": "Filtro desconhecido {{filterId}}",
+    "install_welcome_title": "Bem-vindo(a) ao AdGuard Home!",
+    "install_welcome_desc": "O AdGuard Home \u00e9 um servidor de DNS para bloqueio de an\u00fancios e rastreamento em toda a rede. Sua finalidade \u00e9 permitir que voc\u00ea controle toda a sua rede e seus dispositivos sem precisar ter um programa instalado.",
+    "install_settings_title": "Interface web de administrador",
+    "install_settings_listen": "Interface de escuta",
+    "install_settings_port": "Porta",
+    "install_settings_interface_link": "A interface web de administrador do AdGuard estar\u00e1 dispon\u00edvel nos seguintes endere\u00e7os:",
+    "form_error_port": "Digite uma porta v\u00e1lida",
+    "install_settings_dns": "Servidor DNS",
+    "install_settings_dns_desc": "Voc\u00ea precisa configurar seu dispositivo ou roteador para usar o servidor DNS nos seguintes endere\u00e7os:",
+    "install_settings_all_interfaces": "Todas interfaces",
+    "install_auth_title": "Autentica\u00e7\u00e3o",
+    "install_auth_desc": "\u00c9 altamente recomend\u00e1vel configurar uma senha de autentica\u00e7\u00e3o na interface web de administrador do AdGuard Home. Mesmo que seja acess\u00edvel apenas em sua rede local, ainda \u00e9 importante proteg\u00ea-lo contra o acesso irrestrito.",
+    "install_auth_username": "Nome de usu\u00e1rio",
+    "install_auth_password": "Senha",
+    "install_auth_confirm": "Confirmar senha",
+    "install_auth_username_enter": "Digite o nome de usu\u00e1rio",
+    "install_auth_password_enter": "Digite a senha",
+    "install_step": "Passo",
+    "install_devices_title": "Configure seus dispositivos",
+    "install_devices_desc": "Para que o AdGuard Home comece a funcionar, voc\u00ea precisa configurar seus dispositivos para us\u00e1-lo.",
+    "install_submit_title": "Parab\u00e9ns!",
+    "install_submit_desc": "O procedimento de configura\u00e7\u00e3o est\u00e1 conclu\u00eddo e voc\u00ea est\u00e1 pronto para come\u00e7ar a usar o AdGuard Home.",
+    "install_devices_router": "Roteador",
+    "install_devices_router_desc": "Esta configura\u00e7\u00e3o cobrir\u00e1 automaticamente todos os dispositivos conectados ao seu roteador dom\u00e9stico e voc\u00ea n\u00e3o ir\u00e1 precisar configurar cada um deles manualmente.",
+    "install_devices_address": "O servidor de DNS do AdGuard Home est\u00e1 capturando os seguintes endere\u00e7os",
+    "install_devices_router_list_1": "Abra as configura\u00e7\u00f5es do seu roteador\nNo navegador digite o IP do roteador, o padr\u00e3o \u00e9 (http:\/\/192.168.0.1\/ ou http:\/\/192.168.1.1\/), e o login e senha \u00e9 admin\/admin; Se voc\u00ea n\u00e3o se lembra da senha, voc\u00ea pode redefinir a senha rapidamente pressionando um bot\u00e3o no pr\u00f3prio roteador. Alguns roteadores t\u00eam um aplicativo espec\u00edfico que j\u00e1 deve estar instalado em seu computador\/telefone.",
+    "install_devices_router_list_2": "Encontre as Configura\u00e7\u00f5es de DNS. Procure as letras DNS ao lado de um campo que permite dois ou tr\u00eas conjuntos de n\u00fameros, cada um dividido em quatro grupos de um a tr\u00eas n\u00fameros.",
+    "install_devices_router_list_3": "Digite aqui seu servidor do AdGuard Home.",
+    "install_devices_windows_list_1": "Abra o Painel de Controle pelo Menu Iniciar ou pela Pesquisa do Windows.",
+    "install_devices_windows_list_2": "Entre na categoria Rede e Internet e depois clique em Central de Rede e Compartilhamento.",
+    "install_devices_windows_list_3": "No lado esquerdo da janela clique em Alterar as configura\u00e7\u00f5es do adaptador.",
+    "install_devices_windows_list_4": "Selecione sua atual conex\u00e3o, clique nela com o bot\u00e3o direito do mouse e depois clique em Propriedades.",
+    "install_devices_windows_list_5": "Procure na lista por Internet Protocol Version 4 (TCP\/IP), selecione e clique em Propriedades novamente.",
+    "install_devices_windows_list_6": "Marque usar os seguintes endere\u00e7os de servidor DNS e digite os endere\u00e7os do servidores do AdGuard Home.",
+    "install_devices_macos_list_1": "Clique na \u00edcone da Apple e depois em Prefer\u00eancias do Sistema.",
+    "install_devices_macos_list_2": "Clique em Rede.",
+    "install_devices_macos_list_3": "Selecione a primeira conex\u00e3o da lista e clique em Avan\u00e7ado.",
+    "install_devices_macos_list_4": "Selecione a guia DNS e digite os endere\u00e7os dos servidores do AdGuard Home.",
+    "install_devices_android_list_1": "Na tela inicial do menu Android, toque em Configura\u00e7\u00f5es.",
+    "install_devices_android_list_2": "Toque em Wi-Fi. A tela listando todas as redes ser\u00e1 exibida (n\u00e3o \u00e9 poss\u00edvel configurar DNS personalizado para uma conex\u00e3o de dados m\u00f3veis)",
+    "install_devices_android_list_3": "Pressione prolongadamente a rede para a qual voc\u00ea est\u00e1 conectado e toque em Modificar rede",
+    "install_devices_android_list_4": "Em alguns dispositivos, talvez seja necess\u00e1rio marcar a caixa Avan\u00e7ado para ver as outras configura\u00e7\u00f5es. Para ajustar suas configura\u00e7\u00f5es de DNS do Android, voc\u00ea precisar\u00e1 alternar as configura\u00e7\u00f5es de IP de DHCP para Est\u00e1tico.",
+    "install_devices_android_list_5": "Altere o conjunto dos valores DNS 1 e DNS 2 para os endere\u00e7os de servidores do AdGuard Home.",
+    "install_devices_ios_list_1": "Na tela incial, toque em Ajustes.",
+    "install_devices_ios_list_2": "Selecione Wi-Fi no menu esquerdo (n\u00e3o \u00e9 poss\u00edvel configurar o DNS em conex\u00f5es de dados m\u00f3veis).",
+    "install_devices_ios_list_3": "Toque no nome da rede atualmente ativa.",
+    "install_devices_ios_list_4": "No campo DNS, digite os endere\u00e7os dos servidores do AdGuard Home.",
+    "get_started": "Come\u00e7ar",
+    "next": "Pr\u00f3ximo",
+    "open_dashboard": "Abrir painel",
+    "install_saved": "Salvo com sucesso",
+    "encryption_title": "Criptografia",
+    "encryption_desc": "Encryption (HTTPS\/TLS) support for both DNS and admin web interface",
+    "encryption_config_saved": "Configura\u00e7\u00e3o de criptografia salva",
+    "encryption_server": "Nome do servidor",
+    "encryption_server_enter": "Digite seu nome de dom\u00ednio",
+    "encryption_server_desc": "In order to use HTTPS, you need to enter the server name that matches your SSL certificate.",
+    "encryption_redirect": "Redirecionar automaticamente para HTTPS",
+    "encryption_redirect_desc": "If checked, AdGuard Home will automatically redirect you from HTTP to HTTPS addresses.",
+    "encryption_https": "Porta HTTPS",
+    "encryption_https_desc": "If HTTPS port is configured, AdGuard Home admin interface will be accessible via HTTPS, and it will also provide DNS-over-HTTPS on '\/dns-query' location.",
+    "encryption_dot": "Porta DNS-sobre-TLS",
+    "encryption_dot_desc": "Se essa porta estiver configurada, o AdGuard Home ir\u00e1 executar o servidor DNS-sobre- TSL nesta porta.",
+    "encryption_certificates": "Certificados",
+    "encryption_certificates_desc": "In order to use encryption, you need to provide a valid SSL certificates chain for your domain. You can get a free certificate on <0>{{link}}<\/0> or you can buy it from one of the trusted Certificate Authorities.",
+    "encryption_certificates_input": "Copie\/cole aqui seu certificado codificado em PEM.",
+    "encryption_status": "Status",
+    "encryption_expire": "Expira",
+    "encryption_key": "Chave privada",
+    "encryption_key_input": "Copie\/cole aqui a chave privada codificada em PEM para seu certificado.",
+    "encryption_enable": "Ativar criptografia (HTTPS, DNS-sobre-HTTPS e DNS-sobre-TLS)",
+    "encryption_enable_desc": "If encryption is enabled, AdGuard Home admin interface will work over HTTPS, and the DNS server will listen for requests over DNS-over-HTTPS and DNS-over-TLS.",
+    "encryption_chain_valid": "Cadeia de chave v\u00e1lida.",
+    "encryption_chain_invalid": "A cadeia de certificado \u00e9 inv\u00e1lida",
+    "encryption_key_valid": "Esta \u00e9 uma chave privada {{type}} v\u00e1lida",
+    "encryption_key_invalid": "Esta \u00e9 uma chave privada {{type}} inv\u00e1lida",
+    "encryption_subject": "Assunto",
+    "encryption_issuer": "Emissor",
+    "encryption_hostnames": "Hostnames",
+    "encryption_reset": "Voc\u00ea tem certeza de que deseja redefinir a configura\u00e7\u00e3o de criptografia?",
+    "topline_expiring_certificate": "Seu certificado SSL est\u00e1 prestes a expirar. Atualize suas <0>configura\u00e7\u00f5es de criptografia<\/]0>",
+    "topline_expired_certificate": "Seu certificado SSL est\u00e1 expirado. Atualize suas <0>configura\u00e7\u00f5es de criptografia<\/0>",
+    "form_error_port_range": "Digite um porta entre 80 e 65535",
+    "form_error_port_unsafe": "Esta porta n\u00e3o \u00e9 segura",
+    "form_error_equal": "N\u00e3o deve ser igual",
+    "form_error_password": "Senhas n\u00e3o coincidem",
+    "reset_settings": "Redefinir configura\u00e7\u00f5es",
+    "update_announcement": "AdGuard Home {{version}} est\u00e1 dispon\u00edvel!<0>Clique aqui<\/0> para mais informa\u00e7\u00f5es."
 }
\ No newline at end of file
diff --git a/client/src/__locales/sv.json b/client/src/__locales/sv.json
index 5fbf45df..71b37466 100644
--- a/client/src/__locales/sv.json
+++ b/client/src/__locales/sv.json
@@ -28,6 +28,7 @@
     "dhcp_ip_addresses": "IP-adresser",
     "dhcp_table_hostname": "V\u00e4rdnamn",
     "dhcp_table_expires": "Utg\u00e5r",
+    "dhcp_warning": "Om du vill koppla  in den inbyggda DHCP-servern m\u00e5ste du f\u00f6rs\u00e4kra dig om att det finns n\u00e5gra andra DHCP-servar som i s\u00e5 fall riskerar att orsaka avbrott p\u00e5 internet!",
     "back": "Tiilbaka",
     "dashboard": "Kontrollpanel",
     "settings": "Inst\u00e4llningar",
@@ -115,6 +116,7 @@
     "example_comment": "! H\u00e4r kommer en kommentar",
     "example_comment_meaning": "Endast en kommentar",
     "example_comment_hash": "# Ocks\u00e5 en kommentar",
+    "example_regex_meaning": "blockera \u00e5tkomst till en dom\u00e4n som matchar det angivna uttrycket",
     "example_upstream_regular": "vanlig DNS (\u00f6ver UDP)",
     "example_upstream_dot": "krypterat <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>DNS-over-TLS<\/a>",
     "example_upstream_doh": "krypterat <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a>",
@@ -156,5 +158,93 @@
     "category_label": "Kategori",
     "rule_label": "Regel",
     "filter_label": "Filter",
-    "unknown_filter": "Ok\u00e4nt filter {{filterId}}"
+    "unknown_filter": "Ok\u00e4nt filter {{filterId}}",
+    "install_welcome_title": "V\u00e4lkommen till AdGuard Home!",
+    "install_welcome_desc": "AdGuard Home \u00e4r en DNS-server f\u00f6r n\u00e4tverkst\u00e4ckande annons- och sp\u00e5rningsblockering. Dess syfte \u00e4r att de dig kontroll \u00f6ver hela n\u00e4tverket och alla dina enheter, utan behov av att anv\u00e4nda klientbaserade program.",
+    "install_settings_title": "Administrat\u00f6rens webbgr\u00e4nssnitt",
+    "install_settings_listen": "\u00d6vervakningsgr\u00e4nssnitt",
+    "install_settings_port": "Port",
+    "install_settings_interface_link": "Din administrat\u00f6rssida f\u00f6r AdGuard Home finns p\u00e5 f\u00f6ljande adresser:",
+    "form_error_port": "Skriv in ett giltigt portnummer",
+    "install_settings_dns": "DNS-server",
+    "install_settings_dns_desc": "Du beh\u00f6ver st\u00e4lla in dina enheter eller din router f\u00f6r att anv\u00e4nda DNS-server p\u00e5 f\u00f6ljande adresser.",
+    "install_settings_all_interfaces": "Alla gr\u00e4nssnitt",
+    "install_auth_title": "Autentisering",
+    "install_auth_desc": "Det rekommenderas starkt att st\u00e4lla in l\u00f6senordsskydd till webbgr\u00e4nssnittets administrativa del i ditt AdGuard Home. \u00c4ven om den endast \u00e4r \u00e5tkomlig p\u00e5 ditt lokala n\u00e4tverk rekommenderas det \u00e4nd\u00e5 att skydda det mot o\u00f6nskad \u00e5tkomst.",
+    "install_auth_username": "Anv\u00e4ndarnamn",
+    "install_auth_password": "L\u00f6senord",
+    "install_auth_confirm": "Bekr\u00e4fta l\u00f6senord",
+    "install_auth_username_enter": "Skriv in anv\u00e4ndarnamn",
+    "install_auth_password_enter": "Skriv in l\u00f6senord",
+    "install_step": "Steg",
+    "install_devices_title": "St\u00e4ll in dina enheter",
+    "install_devices_desc": "F\u00f6r att kunna anv\u00e4nda AdGuard Home m\u00e5ste du s\u00e4lla in dina enheter f\u00f6r att utnyttja den.",
+    "install_submit_title": "Grattis!",
+    "install_submit_desc": "Inst\u00e4llningsproceduren \u00e4r klar och du kan b\u00f6rja anv\u00e4nda AdGuard Home.",
+    "install_devices_router": "Router",
+    "install_devices_router_desc": "Den h\u00e4r anpassningen kommer att automatiskt t\u00e4cka in alla de enheter som \u00e4r anslutna till din hemmarouter och du beh\u00f6ver d\u00e4rf\u00f6r inte konfigurera var och en individuellt.",
+    "install_devices_address": "AdGuard Home DNS-server t\u00e4cker f\u00f6ljande adresser",
+    "install_devices_router_list_1": "\u00d6ppna routern Inst\u00e4llningar. Vanligtvis f\u00e5r man \u00e5tkomst via en URL (http:\/\/192.168.0.1 eller 192.168.1.1)- Du kommer att bli ombes att ange ett l\u00f6senord. L\u00f6senordet kan st\u00e5 angivet p\u00e5 routerns bak- eller undersida. Om l\u00f6senordet \u00e4ndrats och du inte k\u00e4nner till det kan du \u00e5terst\u00e4lla med Reset-knappen. En del routrar kr\u00e4ver en s\u00e4rskild applikation som skall finnas p\u00e5 antingen din dator eller i din mobil.",
+    "install_devices_router_list_2": "Leta upp DHCP\/DNS-inst\u00e4llningarna. Titta efter DNS-tecken intill ett f\u00e4lt med tv\u00e5 eller tre upps\u00e4ttningar siffror, var och en uppdelade i grupper om fyra med en eller tre siffror.",
+    "install_devices_router_list_3": "Ange serveradressen till ditt AdGuard Home.",
+    "install_devices_windows_list_1": "\u00d6ppna Kontrollpanelen via Start eller Windows S\u00f6k.",
+    "install_devices_windows_list_2": "V\u00e4lj N\u00e4tverks och delningscenter, N\u00e4tverk och Internet.",
+    "install_devices_windows_list_3": "Leta upp \u00c4ndra n\u00e4tverkskortsalternativ",
+    "install_devices_windows_list_4": "Markera din aktiva anslutning. H\u00f6gerklicka p\u00e5 den och v\u00e4lj Egenskaper.",
+    "install_devices_windows_list_5": "Markera Internet Protocol Version 4 (TCP\/IP) och klicka p\u00e5 knappen Egenskaper.",
+    "install_devices_windows_list_6": "Markera Anv\u00e4nd f\u00f6ljande DNS-serveradresser och skriv in adresserna till ditt AdGuard Home.",
+    "install_devices_macos_list_1": "Klicka p\u00e5 Apple-ikonen och v\u00e4lj Systemalternativ.",
+    "install_devices_macos_list_2": "Klicka p\u00e5 N\u00e4tverk.",
+    "install_devices_macos_list_3": "V\u00e4lj den f\u00f6rsta anslutningen i listan och klicka p\u00e5 Avancerat.",
+    "install_devices_macos_list_4": "Klicka p\u00e5 DNS-fliken och skriv in AdGuard Homes serveradresser",
+    "install_devices_android_list_1": "V\u00e4lj Inst\u00e4llningar fr\u00e5n Androids hemknapp",
+    "install_devices_android_list_2": "Tryck p\u00e5 N\u00e4tverk och Internet, Wi-Fi. Alla tillg\u00e4ngliga n\u00e4tverk visas i en lista (det g\u00e5r inte all v\u00e4lja egen DNS p\u00e5 mobiln\u00e4tverk.",
+    "install_devices_android_list_3": "H\u00e5ll ner p\u00e5 n\u00e4tverksnamnet som du \u00e4r ansluten till och v\u00e4lj \u00c4ndra n\u00e4tverk.",
+    "install_devices_android_list_4": "P\u00e5 en del enheter kan du beh\u00f6va v\u00e4lja Avancerat f\u00f6r att komma \u00e5t ytterligare inst\u00e4llningar. F\u00f6r att \u00e4ndra p\u00e5 DNS-inst\u00e4llningar m\u00e5ste du byta IP-inst\u00e4llning fr\u00e5n DHCP till Statisk. P\u00e5 Android Pie v\u00e4ljs Privat DNS p\u00e5 N\u00e4tverk och internet.",
+    "install_devices_android_list_5": "\u00c4ndra DNS 1 och DNS 2 till serveradresserna f\u00f6r AdGuard Home.",
+    "install_devices_ios_list_1": "Tryck Inst\u00e4llningar fr\u00e5n hemsk\u00e4rmen.",
+    "install_devices_ios_list_2": "V\u00e4lj Wi_Fi p\u00e5 den v\u00e4nstra menyn (det g\u00e5r inte att st\u00e4lla in egen DNS f\u00f6r mobila n\u00e4tverk).",
+    "install_devices_ios_list_3": "Tryck p\u00e5 namnet p\u00e5 den aktiva anslutningen.",
+    "install_devices_ios_list_4": "Skriv in AdGuard Homes serveradresser i DNS-f\u00e4lten.",
+    "get_started": "Kom ig\u00e5ng",
+    "next": "N\u00e4sta",
+    "open_dashboard": "\u00d6ppna Kontrollbordet",
+    "install_saved": "Sparat utan fel",
+    "encryption_title": "Encryption",
+    "encryption_desc": "Encryption (HTTPS\/TLS) support for both DNS and admin web interface",
+    "encryption_config_saved": "Encryption config saved",
+    "encryption_server": "Server name",
+    "encryption_server_enter": "Enter your domain name",
+    "encryption_server_desc": "In order to use HTTPS, you need to enter the server name that matches your SSL certificate.",
+    "encryption_redirect": "Redirect to HTTPS automatically",
+    "encryption_redirect_desc": "If checked, AdGuard Home will automatically redirect you from HTTP to HTTPS addresses.",
+    "encryption_https": "HTTPS port",
+    "encryption_https_desc": "If HTTPS port is configured, AdGuard Home admin interface will be accessible via HTTPS, and it will also provide DNS-over-HTTPS on '\/dns-query' location.",
+    "encryption_dot": "DNS-over-TLS port",
+    "encryption_dot_desc": "If this port is configured, AdGuard Home will run a DNS-over-TLS server on this port.",
+    "encryption_certificates": "Certificates",
+    "encryption_certificates_desc": "In order to use encryption, you need to provide a valid SSL certificates chain for your domain. You can get a free certificate on <0>{{link}}<\/0> or you can buy it from one of the trusted Certificate Authorities.",
+    "encryption_certificates_input": "Copy\/paste your PEM-encoded certificates here.",
+    "encryption_status": "Status",
+    "encryption_expire": "Expires",
+    "encryption_key": "Private key",
+    "encryption_key_input": "Copy\/paste your PEM-encoded private key for your certificate here.",
+    "encryption_enable": "Enable Encryption (HTTPS, DNS-over-HTTPS, and DNS-over-TLS)",
+    "encryption_enable_desc": "If encryption is enabled, AdGuard Home admin interface will work over HTTPS, and the DNS server will listen for requests over DNS-over-HTTPS and DNS-over-TLS.",
+    "encryption_chain_valid": "Certificate chain is valid",
+    "encryption_chain_invalid": "Certificate chain is invalid",
+    "encryption_key_valid": "This is a valid {{type}} private key",
+    "encryption_key_invalid": "This is an invalid {{type}} private key",
+    "encryption_subject": "Subject",
+    "encryption_issuer": "Issuer",
+    "encryption_hostnames": "Hostnames",
+    "encryption_reset": "Are you sure you want to reset encryption settings?",
+    "topline_expiring_certificate": "Your SSL certificate is about to expire. Update <0>Encryption settings<\/0>.",
+    "topline_expired_certificate": "Your SSL certificate is expired. Update <0>Encryption settings<\/0>.",
+    "form_error_port_range": "Enter port value in the range of 80-65535",
+    "form_error_port_unsafe": "This is an unsafe port",
+    "form_error_equal": "Shouldn't be equal",
+    "form_error_password": "L\u00f6senorden \u00f6verensst\u00e4mmer inte",
+    "reset_settings": "Reset settings",
+    "update_announcement": "AdGuard Home {{version}} is now available! <0>Click here<\/0> for more info."
 }
\ No newline at end of file
diff --git a/client/src/__locales/zh-tw.json b/client/src/__locales/zh-tw.json
index 695afa9d..4d3b7b85 100644
--- a/client/src/__locales/zh-tw.json
+++ b/client/src/__locales/zh-tw.json
@@ -116,7 +116,7 @@
     "example_comment": "! \u770b\uff0c\u4e00\u500b\u8a3b\u89e3",
     "example_comment_meaning": "\u53ea\u662f\u4e00\u500b\u8a3b\u89e3",
     "example_comment_hash": "# \u4e5f\u662f\u4e00\u500b\u8a3b\u89e3",
-    "example_regex_meaning": "\u5c01\u9396\u81f3\u8207\u5df2\u660e\u78ba\u6307\u5b9a\u7684\u898f\u5247\u904b\u7b97\u5f0f\uff08Regular Expression\uff09\u76f8\u914d\u7684\u7db2\u57df\u4e4b\u5b58\u53d6",
+    "example_regex_meaning": "\u5c01\u9396\u81f3\u8207\u5df2\u660e\u78ba\u6307\u5b9a\u7684\u898f\u5247\u904b\u7b97\u5f0f\uff08Regular Expression\uff09\u76f8\u7b26\u7684\u7db2\u57df\u4e4b\u5b58\u53d6",
     "example_upstream_regular": "\u4e00\u822c\u7684 DNS\uff08\u900f\u904eUDP\uff09",
     "example_upstream_dot": "\u52a0\u5bc6\u7684 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>DNS-over-TLS<\/a>",
     "example_upstream_doh": "\u52a0\u5bc6\u7684 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS <\/a>",
@@ -210,5 +210,41 @@
     "next": "\u4e0b\u4e00\u6b65",
     "open_dashboard": "\u958b\u555f\u5100\u8868\u677f",
     "install_saved": "\u5df2\u6210\u529f\u5730\u5132\u5b58",
-    "form_error_password": "\u4e0d\u76f8\u7b26\u7684\u5bc6\u78bc"
+    "encryption_title": "\u52a0\u5bc6",
+    "encryption_desc": "\u52a0\u5bc6\uff08HTTPS\/TLS\uff09\u652f\u63f4\u4f9bDNS\u548c\u7ba1\u7406\u54e1\u7db2\u9801\u4ecb\u9762\u5169\u8005",
+    "encryption_config_saved": "\u52a0\u5bc6\u914d\u7f6e\u5df2\u88ab\u5132\u5b58",
+    "encryption_server": "\u4f3a\u670d\u5668\u540d\u7a31",
+    "encryption_server_enter": "\u8f38\u5165\u60a8\u7684\u57df\u540d",
+    "encryption_server_desc": "\u70ba\u4e86\u4f7f\u7528HTTPS\uff0c\u60a8\u9700\u8981\u8f38\u5165\u8207\u60a8\u7684\u5b89\u5168\u901a\u8a0a\u7aef\u5c64\uff08SSL\uff09\u6191\u8b49\u76f8\u7b26\u7684\u4f3a\u670d\u5668\u540d\u7a31\u3002",
+    "encryption_redirect": "\u81ea\u52d5\u5730\u91cd\u5b9a\u5411\u5230HTTPS",
+    "encryption_redirect_desc": "\u5982\u679c\u88ab\u52fe\u9078\uff0cAdGuard Home\u5c07\u81ea\u52d5\u5730\u91cd\u5b9a\u5411\u60a8\u5f9eHTTP\u5230HTTPS\u4f4d\u5740\u3002",
+    "encryption_https": "HTTPS \u9023\u63a5\u57e0",
+    "encryption_https_desc": "\u5982\u679cHTTPS\u9023\u63a5\u57e0\u88ab\u914d\u7f6e\uff0cAdGuard Home\u7ba1\u7406\u54e1\u4ecb\u9762\u900f\u904eHTTPS\u5c07\u70ba\u53ef\u5b58\u53d6\u7684\uff0c\u4e14\u5b83\u4e5f\u5c07\u65bc '\/dns-query' \u4f4d\u7f6e\u4e0a\u63d0\u4f9bDNS-over-HTTPS\u3002",
+    "encryption_dot": "DNS-over-TLS \u9023\u63a5\u57e0",
+    "encryption_dot_desc": "\u5982\u679c\u8a72\u9023\u63a5\u57e0\u88ab\u914d\u7f6e\uff0cAdGuard Home\u5c07\u65bc\u6b64\u9023\u63a5\u57e0\u4e0a\u904b\u884cDNS-over-TLS\u4f3a\u670d\u5668\u3002",
+    "encryption_certificates": "\u6191\u8b49",
+    "encryption_certificates_desc": "\u70ba\u4e86\u4f7f\u7528\u52a0\u5bc6\uff0c\u60a8\u9700\u8981\u63d0\u4f9b\u6709\u6548\u7684\u5b89\u5168\u901a\u8a0a\u7aef\u5c64\uff08SSL\uff09\u6191\u8b49\u93c8\u7d50\u4f9b\u60a8\u7684\u7db2\u57df\u3002\u65bc <0>{{link}}<\/0> \u4e0a\u60a8\u53ef\u53d6\u5f97\u514d\u8cbb\u7684\u6191\u8b49\u6216\u60a8\u53ef\u5f9e\u53d7\u4fe1\u4efb\u7684\u6191\u8b49\u6388\u6b0a\u55ae\u4f4d\u4e4b\u4e00\u8cfc\u8cb7\u5b83\u3002",
+    "encryption_certificates_input": "\u65bc\u6b64\u8907\u88fd\/\u8cbc\u4e0a\u60a8\u7684\u96b1\u79c1\u589e\u5f37\u90f5\u4ef6\u7de8\u78bc\u4e4b\uff08PEM-encoded\uff09\u6191\u8b49\u3002",
+    "encryption_status": "\u72c0\u614b",
+    "encryption_expire": "\u5230\u671f",
+    "encryption_key": "\u79c1\u5bc6\u91d1\u9470",
+    "encryption_key_input": "\u65bc\u6b64\u8907\u88fd\/\u8cbc\u4e0a\u60a8\u7684\u96b1\u79c1\u589e\u5f37\u90f5\u4ef6\u7de8\u78bc\u4e4b\uff08PEM-encoded\uff09\u79c1\u5bc6\u91d1\u9470\u4f9b\u60a8\u7684\u6191\u8b49\u3002",
+    "encryption_enable": "\u555f\u7528\u52a0\u5bc6\uff08HTTPS\u3001DNS-over-HTTPS\u548cDNS-over-TLS\uff09",
+    "encryption_enable_desc": "\u5982\u679c\u52a0\u5bc6\u88ab\u555f\u7528\uff0cAdGuard Home\u7ba1\u7406\u54e1\u4ecb\u9762\u900f\u904eHTTPS\u5c07\u904b\u4f5c\uff0c\u4e14\u8a72DNS\u4f3a\u670d\u5668\u5c07\u7559\u5fc3\u76e3\u807d\u900f\u904eDNS-over-HTTPS\u548cDNS-over-TLS\u4e4b\u8acb\u6c42\u3002",
+    "encryption_chain_valid": "\u6191\u8b49\u93c8\u7d50\u70ba\u6709\u6548\u7684",
+    "encryption_chain_invalid": "\u6191\u8b49\u93c8\u7d50\u70ba\u7121\u6548\u7684",
+    "encryption_key_valid": "\u6b64\u70ba\u6709\u6548\u7684 {{type}} \u79c1\u5bc6\u91d1\u9470",
+    "encryption_key_invalid": "\u6b64\u70ba\u7121\u6548\u7684 {{type}} \u79c1\u5bc6\u91d1\u9470",
+    "encryption_subject": "\u7269\u4ef6",
+    "encryption_issuer": "\u7c3d\u767c\u8005",
+    "encryption_hostnames": "\u4e3b\u6a5f\u540d\u7a31",
+    "encryption_reset": "\u60a8\u78ba\u5b9a\u60a8\u60f3\u8981\u91cd\u7f6e\u52a0\u5bc6\u8a2d\u5b9a\u55ce\uff1f",
+    "topline_expiring_certificate": "\u60a8\u7684\u5b89\u5168\u901a\u8a0a\u7aef\u5c64\uff08SSL\uff09\u6191\u8b49\u5373\u5c07\u5230\u671f\u3002\u66f4\u65b0<0>\u52a0\u5bc6\u8a2d\u5b9a<\/0>\u3002",
+    "topline_expired_certificate": "\u60a8\u7684\u5b89\u5168\u901a\u8a0a\u7aef\u5c64\uff08SSL\uff09\u6191\u8b49\u70ba\u5df2\u5230\u671f\u7684\u3002\u66f4\u65b0<0>\u52a0\u5bc6\u8a2d\u5b9a<\/0>\u3002",
+    "form_error_port_range": "\u572880-65535\u4e4b\u7bc4\u570d\u5167\u8f38\u5165\u9023\u63a5\u57e0\u503c",
+    "form_error_port_unsafe": "\u6b64\u70ba\u4e0d\u5b89\u5168\u7684\u9023\u63a5\u57e0",
+    "form_error_equal": "\u4e0d\u61c9\u70ba\u76f8\u7b49\u7684",
+    "form_error_password": "\u4e0d\u76f8\u7b26\u7684\u5bc6\u78bc",
+    "reset_settings": "\u91cd\u7f6e\u8a2d\u5b9a",
+    "update_announcement": "AdGuard Home {{version}} \u73fe\u70ba\u53ef\u7528\u7684\uff01\u95dc\u65bc\u66f4\u591a\u7684\u8cc7\u8a0a\uff0c<0>\u9ede\u64ca\u9019\u88e1<\/0>\u3002"
 }
\ No newline at end of file
diff --git a/client/src/helpers/constants.js b/client/src/helpers/constants.js
index 295bae58..8b196c96 100644
--- a/client/src/helpers/constants.js
+++ b/client/src/helpers/constants.js
@@ -47,6 +47,10 @@ export const LANGUAGES = [
         key: 'vi',
         name: 'Tiếng Việt',
     },
+    {
+        key: 'bg',
+        name: 'Български',
+    },
     {
         key: 'ru',
         name: 'Русский',
diff --git a/client/src/i18n.js b/client/src/i18n.js
index 27585b29..785bb0a7 100644
--- a/client/src/i18n.js
+++ b/client/src/i18n.js
@@ -12,6 +12,7 @@ import ja from './__locales/ja.json';
 import sv from './__locales/sv.json';
 import ptBR from './__locales/pt-br.json';
 import zhTW from './__locales/zh-tw.json';
+import bg from './__locales/bg.json';
 
 const resources = {
     en: {
@@ -41,6 +42,9 @@ const resources = {
     'zh-TW': {
         translation: zhTW,
     },
+    bg: {
+        translation: bg,
+    },
 };
 
 i18n
diff --git a/i18n.go b/i18n.go
index 962443d6..e8714e6f 100644
--- a/i18n.go
+++ b/i18n.go
@@ -22,6 +22,7 @@ var allowedLanguages = map[string]bool{
 	"sv":    true,
 	"pt-br": true,
 	"zh-tw": true,
+	"bg":    true,
 }
 
 func isLanguageAllowed(language string) bool {
diff --git a/scripts/translations/download.js b/scripts/translations/download.js
index 9c786c6d..bb9cb2c6 100644
--- a/scripts/translations/download.js
+++ b/scripts/translations/download.js
@@ -14,6 +14,7 @@ const LOCALES_LIST = [
     'sv',
     'pt-br',
     'zh-tw',
+    'bg',
 ];
 
 /**

From 392c16cd27719c2d7f4f1ea8cc29517988882c5a Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Thu, 7 Mar 2019 16:32:52 +0300
Subject: [PATCH 52/95] [change] control: fix issues from review

---
 control.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/control.go b/control.go
index 4ca0f023..0cd9d504 100644
--- a/control.go
+++ b/control.go
@@ -27,6 +27,8 @@ const updatePeriod = time.Minute * 30
 var versionCheckJSON []byte
 var versionCheckLastTime time.Time
 
+var protocols = []string{"tls://", "https://", "tcp://", "sdns://"}
+
 const versionCheckURL = "https://adguardteam.github.io/AdGuardHome/version.json"
 const versionCheckPeriod = time.Hour * 8
 
@@ -342,8 +344,10 @@ func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
 }
 
 func validateUpstream(upstream string) error {
-	if strings.HasPrefix(upstream, "tls://") || strings.HasPrefix(upstream, "https://") || strings.HasPrefix(upstream, "sdns://") || strings.HasPrefix(upstream, "tcp://") {
-		return nil
+	for _, proto := range protocols {
+		if strings.HasPrefix(upstream, proto) {
+			return nil
+		}
 	}
 
 	if strings.Contains(upstream, "://") {

From 0b96bd17c47a87bce8eba2913fdd4b6e0e68d290 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Thu, 7 Mar 2019 19:12:41 +0300
Subject: [PATCH 53/95] Fix #621 - [change] config: change the default
 MalwareDomainList URL protocol

---
 config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config.go b/config.go
index 3c913ac8..2f7ce49b 100644
--- a/config.go
+++ b/config.go
@@ -128,7 +128,7 @@ var config = configuration{
 		{Filter: dnsfilter.Filter{ID: 1}, Enabled: true, URL: "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt", Name: "AdGuard Simplified Domain Names filter"},
 		{Filter: dnsfilter.Filter{ID: 2}, Enabled: false, URL: "https://adaway.org/hosts.txt", Name: "AdAway"},
 		{Filter: dnsfilter.Filter{ID: 3}, Enabled: false, URL: "https://hosts-file.net/ad_servers.txt", Name: "hpHosts - Ad and Tracking servers only"},
-		{Filter: dnsfilter.Filter{ID: 4}, Enabled: false, URL: "http://www.malwaredomainlist.com/hostslist/hosts.txt", Name: "MalwareDomainList.com Hosts List"},
+		{Filter: dnsfilter.Filter{ID: 4}, Enabled: false, URL: "https://www.malwaredomainlist.com/hostslist/hosts.txt", Name: "MalwareDomainList.com Hosts List"},
 	},
 	SchemaVersion: currentSchemaVersion,
 }

From d06cc0f8ee89a0142c493b33d295272ba100aaf5 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Mon, 11 Mar 2019 19:18:18 +0300
Subject: [PATCH 54/95] Fix #598 - [change] service: windows: register sercive
 to work under local system user

---
 dnsfilter/dnsfilter.go | 2 +-
 service.go             | 5 -----
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/dnsfilter/dnsfilter.go b/dnsfilter/dnsfilter.go
index 561ccb04..b33465f9 100644
--- a/dnsfilter/dnsfilter.go
+++ b/dnsfilter/dnsfilter.go
@@ -16,8 +16,8 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/bluele/gcache"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/bluele/gcache"
 	"golang.org/x/net/publicsuffix"
 )
 
diff --git a/service.go b/service.go
index d0bb7f67..792e1dd9 100644
--- a/service.go
+++ b/service.go
@@ -127,11 +127,6 @@ func configureService(c *service.Config) {
 	// POSIX
 	// Redirect StdErr & StdOut to files.
 	c.Option["LogOutput"] = true
-
-	// Windows
-	if runtime.GOOS == "windows" {
-		c.UserName = "NT AUTHORITY\\NetworkService"
-	}
 }
 
 // cleanupService called on the service uninstall, cleans up additional files if needed

From 21db166be048bb9d99455838f2ce0a24e85162cd Mon Sep 17 00:00:00 2001
From: Ildar Kamalov <i.kamalov@adguard.com>
Date: Tue, 12 Mar 2019 11:02:19 +0300
Subject: [PATCH 55/95] + client: added Simplified Chinese

Closes #611
---
 client/src/__locales/bg.json     | 498 +++++++++++++++----------------
 client/src/__locales/zh-cn.json  | 250 ++++++++++++++++
 client/src/helpers/constants.js  |   4 +
 client/src/i18n.js               |   4 +
 i18n.go                          |   1 +
 scripts/translations/download.js |   1 +
 6 files changed, 509 insertions(+), 249 deletions(-)
 create mode 100644 client/src/__locales/zh-cn.json

diff --git a/client/src/__locales/bg.json b/client/src/__locales/bg.json
index 9a7d5b2e..bb889139 100644
--- a/client/src/__locales/bg.json
+++ b/client/src/__locales/bg.json
@@ -1,250 +1,250 @@
 {
-    "url_added_successfully": "Успешно добавен URL",
-    "check_dhcp_servers": "Проверка за активен DHCP сървър",
-    "save_config": "Запиши настройките",
-    "enabled_dhcp": "DHCP е разрешен",
-    "disabled_dhcp": "DHCP е забранен",
-    "dhcp_title": "DHCP сървър (тестови!)",
-    "dhcp_description": "Ако рутера ви не раздава DHCP адреси, може да използвате вградения в AdGuard DHCP сървър.",
-    "dhcp_enable": "Рзреши DHCP сървъра",
-    "dhcp_disable": "Забрани DHCP сървъра",
-    "dhcp_not_found": "Вашата мрежа няма активен DHCP сървър. Безопасно е ползването на вградения DHCP сървър.",
-    "dhcp_found": "Вашата мрежа вече има активен DHCP сървър. Не е безопасно ползването на втори!",
-    "dhcp_leases": "DHCP раздадени адреси",
-    "dhcp_leases_not_found": "Няма намерени активни DHCP адреси",
-    "dhcp_config_saved": "Запиши конфигурацията на DHCP сървъра",
-    "form_error_required": "Задължително поле",
-    "form_error_ip_format": "Невалиден IPv4 адрес",
-    "form_error_positive": "Проверете дали е положително число",
-    "dhcp_form_gateway_input": "IP шлюз",
-    "dhcp_form_subnet_input": "Мрежова маска",
-    "dhcp_form_range_title": "Група от IP адреси",
-    "dhcp_form_range_start": "Първи адрес",
-    "dhcp_form_range_end": "Последен адрес",
-    "dhcp_form_lease_title": "Отдадени адреси (секунди)",
-    "dhcp_form_lease_input": "Отчет за раздадени адреси",
-    "dhcp_interface_select": "Изберете мрежов адаптер за DHCP",
-    "dhcp_hardware_address": "Хардуерни адреси (MAC)",
-    "dhcp_ip_addresses": "IP адреси",
-    "dhcp_table_hostname": "Име на устройство",
-    "dhcp_table_expires": "История",
-    "dhcp_warning": "Ако искате да използвате вградения DHCP сървър, трябва да няма друг активен DHCP в мрежата Ви!",
-    "back": "Назад",
-    "dashboard": "Табло",
-    "settings": "Настройки",
-    "filters": "Филтри",
-    "query_log": "История на заявките",
-    "faq": "ЧЗВ",
-    "version": "версия",
-    "address": "адрес",
-    "on": "ВКЛЮЧЕНО",
-    "off": "ИЗКЛЮЧЕНО",
-    "copyright": "Авторско право",
-    "homepage": "Домашна страница",
-    "report_an_issue": "Съобщи за проблем",
-    "enable_protection": "Разреши защита",
-    "enabled_protection": "Защитата е разрешена",
-    "disable_protection": "Забрани защита",
-    "disabled_protection": "Защитата е забранена",
-    "refresh_statics": "Обнови статистиката",
-    "dns_query": "DNS запитвания",
-    "blocked_by": "Блокирани от",
-    "stats_malware_phishing": "вируси/атаки",
-    "stats_adult": "сайтове за възрастни",
-    "stats_query_domain": "Най-отваряни страници",
-    "for_last_24_hours": "за последните 24 часа",
-    "no_domains_found": "Няма намерени резултати",
-    "requests_count": "Сума на заявките",
-    "top_blocked_domains": "Най-блокирани страници",
-    "top_clients": "Най-активни IP адреси",
-    "no_clients_found": "Нямa намерени адреси",
-    "general_statistics": "Обща статисика",
-    "number_of_dns_query_24_hours": "Сума на DNS заявки за последните 24 часа",
-    "number_of_dns_query_blocked_24_hours": "Сума на блокирани DNS заявки от филтрите за реклама и местни",
-    "number_of_dns_query_blocked_24_hours_by_sec": "Сума на блокирани DNS заявки от AdGuard свързани със сигурността",
-    "number_of_dns_query_blocked_24_hours_adult": "Сума на блокирани сайтове за възрастни",
-    "enforced_save_search": "Активирано Безопасно Търсене",
-    "number_of_dns_query_to_safe_search": "Сума на DNS заявки при който е приложено Безопасно Търсене",
-    "average_processing_time": "Средно време за обработка",
-    "average_processing_time_hint": "Средно време за обработка на DNS заявки в милисекунди",
-    "block_domain_use_filters_and_hosts": "Блокирани домейни - общи и местни филтри",
-    "filters_block_toggle_hint": "Може да зададете собствени настройки в <a href='#filters'>Филтри</a>.",
-    "use_adguard_browsing_sec": "Използвайте AdGuard модул за сигурността",
-    "use_adguard_browsing_sec_hint": "Модул Сигурност в AdGuard Home проверява всяка страница която отваряте дали е в черните списъци застрашаващи вашата сигурност. Използва се програмен интерфейс който защитава вашата анонимност и изпраща само SHA256 сума базирана на част от домейна който посещавате.",
-    "use_adguard_parental": "Включи AdGuard Родителски Надзор",
-    "use_adguard_parental_hint": "Модул XXX в AdGuard Home ще провери дали страницата има материали за възвъстни. Използва се същия API за анонимност като при модула за Сигурност.",
-    "enforce_safe_search": "Включи Безопасно Търсене",
-    "enforce_save_search_hint": "AdGuard Home прилага Безопасно Търсене в следните търсачки и сайтове: Google, Youtube, Bing, и Yandex.",
-    "no_servers_specified": "Няма избрани услуги",
-    "no_settings": "Няма настройки",
-    "general_settings": "Общи настройки",
-    "upstream_dns": "Главен DNS сървър",
-    "upstream_dns_hint": "Ако оставите празно, AdGuard Home ще използва <a href='https://1.1.1.1/' target='_blank'>Cloudflare DNS</a> за главен. Използвай tls:// представка за DNS използващи TLS връзка.",
-    "test_upstream_btn": "Тествай главния DNS",
-    "apply_btn": "Приложи",
-    "disabled_filtering_toast": "Забрани филтрирането",
-    "enabled_filtering_toast": "Разреши фитрирането",
-    "disabled_safe_browsing_toast": "Забрани безопасно-сърфиране",
-    "enabled_safe_browsing_toast": "Рзреши безопасно-сърфиране",
-    "disabled_parental_toast": "Забрани Родителски Надзор",
-    "enabled_parental_toast": "Разреши Родителски Надзор",
-    "disabled_safe_search_toast": "Забрани Безопасно Търсене",
-    "enabled_save_search_toast": "Разреши Безопасно Търсене",
-    "enabled_table_header": "Разреши",
-    "name_table_header": "Име",
-    "filter_url_table_header": "URL филтър",
-    "rules_count_table_header": "Правила общо",
-    "last_time_updated_table_header": "Последно обновен",
-    "actions_table_header": "Действия",
-    "delete_table_action": "Изтрий",
-    "filters_and_hosts": "Черни списъци с общи и местни филтри",
-    "filters_and_hosts_hint": "AdGuard Home разбира adblock и host синтаксис.",
-    "no_filters_added": "Няма добавени филтри",
-    "add_filter_btn": "Добави филтър",
-    "cancel_btn": "Откажи",
-    "enter_name_hint": "Въведи име",
-    "enter_url_hint": "Въведи URL",
-    "check_updates_btn": "Провери за актуализация",
-    "new_filter_btn": "Въведи нов филтър",
-    "enter_valid_filter_url": "Моля въведете валиден URL за филтъра или проверете host правописа.",
-    "custom_filter_rules": "Местни правила за филтриране",
-    "custom_filter_rules_hint": "Въвеждайте всяко правило на нов ред. Може да използвате adblock или hosts файлов синтаксис.",
-    "examples_title": "Примери",
-    "example_meaning_filter_block": "Блокирай достъп до домейн example.org и всички под домейни.",
-    "example_meaning_filter_whitelist": "Разреши достъп до домейн example.org и всичките му под домейни.",
-    "example_meaning_host_block": "AdGuard Home ще отговори с 127.0.0.1 = празен адрес за домейн example.org (но не и за под домейни).",
-    "example_comment": "! Това е коментар",
-    "example_comment_meaning": "пример за коментар",
-    "example_comment_hash": "# Това е също коментар",
-    "example_regex_meaning": "Блокирай достъп до домейни който съвпадат със следното",
-    "example_upstream_regular": "класически DNS (UDP протокол)",
-    "example_upstream_dot": "криптиран <a href='https://en.wikipedia.org/wiki/DNS_over_TLS' target='_blank'>DNS-върху-TLS</a>",
-    "example_upstream_doh": "криптиран <a href='https://en.wikipedia.org/wiki/DNS_over_HTTPS' target='_blank'>DNS-върху-HTTPS</a>",
-    "example_upstream_sdns": "може да ползвате <a href='https://dnscrypt.info/stamps/' target='_blank'>DNS Подписване</a> за <a href='https://dnscrypt.info/' target='_blank'>DNSCrypt</a> или <a href='https://en.wikipedia.org/wiki/DNS_over_HTTPS' target='_blank'>DNS-върху-HTTPS</a> сървъри",
-    "example_upstream_tcp": "класически DNS (TCP протокол)",
-    "all_filters_up_to_date_toast": "Всички филти са актуализирани",
-    "updated_upstream_dns_toast": "Глобалните DNS сървъри са обновени",
-    "dns_test_ok_toast": "Въведените DNS сървъри работят коректно",
-    "dns_test_not_ok_toast": "Сървър \"{{key}}\": не работи, моля проверете дали е въведен коректно",
-    "unblock_btn": "Отблокирай",
-    "block_btn": "Блокирай",
-    "time_table_header": "Време",
-    "domain_name_table_header": "Име на домейн",
-    "type_table_header": "Тип",
-    "response_table_header": "Отговор",
-    "client_table_header": "Клиент",
-    "empty_response_status": "Празен",
-    "show_all_filter_type": "Покажи всички",
-    "show_filtered_type": "Покажи филтрирани",
-    "no_logs_found": "Няма история",
-    "disabled_log_btn": "Забрани историята",
-    "download_log_file_btn": "Смъкни историята",
-    "refresh_btn": "Обнови",
-    "enabled_log_btn": "Разреши историята",
-    "last_dns_queries": "Последните 5000 DNS заявки",
-    "previous_btn": "Предходен",
-    "next_btn": "Следващ",
-    "loading_table_status": "Зареждане...",
-    "page_table_footer_text": "Страница",
-    "of_table_footer_text": "от",
-    "rows_table_footer_text": "редове",
-    "updated_custom_filtering_toast": "Обновени местни правила за филтриране",
-    "rule_removed_from_custom_filtering_toast": "Премахнато от местни правила за филтриране",
-    "rule_added_to_custom_filtering_toast": "Добавено до местни правила за филтриране",
-    "query_log_disabled_toast": "Историята е забранена",
-    "query_log_enabled_toast": "Историята е разрешена",
-    "source_label": "Източник",
-    "found_in_known_domain_db": "Намерен в списъците с домейни.",
-    "category_label": "Категория",
-    "rule_label": "Правило",
-    "filter_label": "Филтър",
-    "unknown_filter": "Непознат филтър {{filterId}}",
-    "install_welcome_title": "Добре дошли в AdGuard Home!",
-    "install_welcome_desc": "AdGuard Home e мрежово решение за блокиране на реклами и тракери на DNS ниво. Създадено е за да ви даде пълен контрол над мрежата и всичките ви устройства, без да е необходимо допълнително инсталиране на друг софтуер.",
-    "install_settings_title": "Администрация",
-    "install_settings_listen": "Активни интерфейси",
-    "install_settings_port": "Порт",
-    "install_settings_interface_link": "Вашата AdGuard Home страница за администрация ще е достъпна на този адрес:",
-    "form_error_port": "Моля въведете валиден порт",
-    "install_settings_dns": "DNS сървър",
-    "install_settings_dns_desc": "За да работи, ще трябва да настроите вашият рутер или устройства да ползват DNS сървър с адрес:",
-    "install_settings_all_interfaces": "Всички интерфейси",
-    "install_auth_title": "Удостоверяване",
-    "install_auth_desc": "Много е важно да зададете име и парола за достъп до вашия панел за администрация на AdGuard Home. Препоръчваме ви да зададете име и парола независимо че го ползвате само в къщи.",
-    "install_auth_username": "Потребител",
-    "install_auth_password": "Парола",
-    "install_auth_confirm": "Потвърдете паролата",
-    "install_auth_username_enter": "Въведете потребител",
-    "install_auth_password_enter": "Въведете парола",
-    "install_step": "Стъпка",
-    "install_devices_title": "Настройте вашето устройство",
-    "install_devices_desc": "Да започнете да използвате AdGuard Home, е необходимо да настроите вашите устройства.",
-    "install_submit_title": "Поздравления!",
-    "install_submit_desc": "Настройката е завършена, може да започнете да ползвате AdGuard Home.",
-    "install_devices_router": "Рутер",
-    "install_devices_router_desc": "Ако настроите вашият рутер няма нужда ръчно да настройвате всяко едно от устрйствата в мрежата.",
-    "install_devices_address": "AdGuard Home DNS сървърът е на следния адрес",
-    "install_devices_router_list_1": "Отворете страницата за настройки на вашия рутер. Обикновено тя се намира на URL (тук http://192.168.0.1/ или тук http://192.168.1.1/). За достъп може да ви трябва парола. Ако сте забравили паролата може да я ресетнете като натиснета скрития ресет бутон - внимание това ще ресетне всички настройки на рутера до фабрични! Някой рутери могат да бъдате администрирани от софтуер или приложение, който би трябвало да е вече инсталиран на компютъра/телефона ви.",
-    "install_devices_router_list_2": "Намерета DHCP/DNS настройки. В под раздел DHCP рзгледайте и намерете къде е полето за DNS настройка в което може да въведете персонализирани настройки за DNS сървъри.",
-    "install_devices_router_list_3": "Въведете адресът на AdGuard Home сървъра.",
-    "install_devices_windows_list_1": "Отворете Контролния Панел през Старт меню или чрез функция търсене на Windows.",
-    "install_devices_windows_list_2": "Вървете до Настрйки на Мрежи и Интернет и от там изберете Мрежи и Център за Споделяне.",
-    "install_devices_windows_list_3": "От ляво на екрана намерете Смени настроки на мрежовия адаптер и кликнете на него.",
-    "install_devices_windows_list_4": "Изберете този който е активен, дясно-кликване и изберета Свойства.",
-    "install_devices_windows_list_5": "Намерете Интернет Протокол Версия 4 (TCP/IP) в списъка, изберете и кликнете отново на Свойства.",
-    "install_devices_windows_list_6": "Изберете Използвай следните адреси за DNS сърсъри и въведете адреса на AdGuard Home сървъра ви.",
-    "install_devices_macos_list_1": "Цъкнете на Apple иконката и изберете System Preferences...",
-    "install_devices_macos_list_2": "Цъкнете на Network.",
-    "install_devices_macos_list_3": "Изберете зелената-активна връзка в списъка и кликнете на Advanced.",
-    "install_devices_macos_list_4": "Изберете DNS таб и кликнете на + за да въведете адреса на AdGuard Home сървъра.",
-    "install_devices_android_list_1": "Изберете Android Меню от домашния екран, и цъкнете на Настройки.",
-    "install_devices_android_list_2": "Цъкнете на Wi-Fi меню. На екрана ще се появат всички безжични прежи (там няма възможност за въвеждане на DNS настройки).",
-    "install_devices_android_list_3": "Цъкнете и задръжде върху Вие сте свързани с.., и кликнете на Модифицирай мрежа.",
-    "install_devices_android_list_4": "На някой устройства може да е неоходимо да маркирате покажи Разширени, за да видите всички настройки. За да промените Android DNS настройките, може да се наложи да промените IP настройките от DHCP на Статични.",
-    "install_devices_android_list_5": "Променете стойностите на DNS 1 и DNS 2 да използват AdGuard Home сървъра.",
-    "install_devices_ios_list_1": "От начален екран, цъкнете на Settings.",
-    "install_devices_ios_list_2": "Изберете Wi-Fi от лявото меню (там няма възможност за въвеждане на DNS настройки).",
-    "install_devices_ios_list_3": "Клинете на името на активната мрежа към която сте свързани.",
-    "install_devices_ios_list_4": "В полето за DNS изберете ръчно и въведете адреса на AdGuard Home сървъра.",
-    "get_started": "Да започваме",
-    "next": "Следващ",
-    "open_dashboard": "Отвори табло",
-    "install_saved": "Успешно записано",
-    "encryption_title": "Криптиране",
-    "encryption_desc": "Подържа се сигурна връзка (HTTPS/TLS) включително за DNS и страницата за администрация",
-    "encryption_config_saved": "Конфигурацията е успешно записана",
-    "encryption_server": "Име на сървъра",
-    "encryption_server_enter": "Въведете име на домейна",
-    "encryption_server_desc": "За да използвате HTTPS, трябва името на сървъра да съвпада с това на SSL сертификата.",
-    "encryption_redirect": "Автоматично пренасочване към HTTPS",
-    "encryption_redirect_desc": "Служи за автоматично пренасочване от HTTP към HTTPS на страницата за Администрация в AdGuard Home.",
-    "encryption_https": "HTTPS порт",
-    "encryption_https_desc": "Ако зададете HTTPS порт, страницата за Администрация на AdGuard Home ще бъде достъпна на HTTPS, и също ще отговаря на DNS-върху-HTTPS '/dns-запитвания'.",
-    "encryption_dot": "DNS-върху-TLS порт",
-    "encryption_dot_desc": "Ако порта е конфигуриран, AdGuard Home ще стартира и сървър за DNS-върху-TLS.",
-    "encryption_certificates": "Сертификати",
-    "encryption_certificates_desc": "За да използвате сигурна връзка, ще трябва да осигурите SSL сертификати за вашия домейн. Може да заявите безплатен от <0>{{link}}</0> или да закупите от Certificate Authorities.",
-    "encryption_certificates_input": "Копирай/постави вашия PEM-кодиран сертификат тук.",
-    "encryption_status": "Състояние",
-    "encryption_expire": "Годен до",
-    "encryption_key": "Частен ключ",
-    "encryption_key_input": "Копирай/постави вашия PEM-кодиран чpастен ключ за вашия сертификат тук.",
-    "encryption_enable": "Разpеши криптиране (HTTPS, DNS-върху-HTTPS, и DNS-върху-TLS)",
-    "encryption_enable_desc": "Ако сте разрешили криптиране, страницата за Администрация на AdGuard Home ще бъде достъпна през HTTPS, и DNS сървъра ще отговаря също на запитвания DNS-върху-HTTPS и DNS-върху-TLS.",
-    "encryption_chain_valid": "Йерархията от сертификати е валидна",
-    "encryption_chain_invalid": "Йерархията от сертификати е невалидна",
-    "encryption_key_valid": "Това е валиден {{type}} частен ключ",
-    "encryption_key_invalid": "Това е невалиден {{type}} частен ключ",
-    "encryption_subject": "Тема",
-    "encryption_issuer": "Изпълнител",
-    "encryption_hostnames": "Имена на хоста",
-    "encryption_reset": "Сигурни ли сте че искате да изтриете настройките за криптиране?",
-    "topline_expiring_certificate": "Вашият SSL сертификат изтича. Обнови <0>Настройки за криптиране</0>.",
-    "topline_expired_certificate": "Вашият SSL сертификат е изтекъл. Обнови <0>Настройки за криптиране</0>.",
-    "form_error_port_range": "Въведете порт в диапазона 80-65535",
-    "form_error_port_unsafe": "Не е безопасно да използвате този порт",
-    "form_error_equal": "Не трябва да съвпада",
-    "form_error_password": "Паролата не съвпада",
-    "reset_settings": "Изтрий всички настройки",
-    "update_announcement": "Има нова AdGuard Home {{version}}! <0>Цъкни тук</0> за повече информация."
-}
+    "url_added_successfully": "\u0423\u0441\u043f\u0435\u0448\u043d\u043e \u0434\u043e\u0431\u0430\u0432\u0435\u043d URL",
+    "check_dhcp_servers": "\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0437\u0430 \u0430\u043a\u0442\u0438\u0432\u0435\u043d DHCP \u0441\u044a\u0440\u0432\u044a\u0440",
+    "save_config": "\u0417\u0430\u043f\u0438\u0448\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438\u0442\u0435",
+    "enabled_dhcp": "DHCP \u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d",
+    "disabled_dhcp": "DHCP \u0435 \u0437\u0430\u0431\u0440\u0430\u043d\u0435\u043d",
+    "dhcp_title": "DHCP \u0441\u044a\u0440\u0432\u044a\u0440 (\u0442\u0435\u0441\u0442\u043e\u0432\u0438!)",
+    "dhcp_description": "\u0410\u043a\u043e \u0440\u0443\u0442\u0435\u0440\u0430 \u0432\u0438 \u043d\u0435 \u0440\u0430\u0437\u0434\u0430\u0432\u0430 DHCP \u0430\u0434\u0440\u0435\u0441\u0438, \u043c\u043e\u0436\u0435 \u0434\u0430 \u0438\u0437\u043f\u043e\u043b\u0437\u0432\u0430\u0442\u0435 \u0432\u0433\u0440\u0430\u0434\u0435\u043d\u0438\u044f \u0432 AdGuard DHCP \u0441\u044a\u0440\u0432\u044a\u0440.",
+    "dhcp_enable": "\u0420\u0437\u0440\u0435\u0448\u0438 DHCP \u0441\u044a\u0440\u0432\u044a\u0440\u0430",
+    "dhcp_disable": "\u0417\u0430\u0431\u0440\u0430\u043d\u0438 DHCP \u0441\u044a\u0440\u0432\u044a\u0440\u0430",
+    "dhcp_not_found": "\u0412\u0430\u0448\u0430\u0442\u0430 \u043c\u0440\u0435\u0436\u0430 \u043d\u044f\u043c\u0430 \u0430\u043a\u0442\u0438\u0432\u0435\u043d DHCP \u0441\u044a\u0440\u0432\u044a\u0440. \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u0435 \u043f\u043e\u043b\u0437\u0432\u0430\u043d\u0435\u0442\u043e \u043d\u0430 \u0432\u0433\u0440\u0430\u0434\u0435\u043d\u0438\u044f DHCP \u0441\u044a\u0440\u0432\u044a\u0440.",
+    "dhcp_found": "\u0412\u0430\u0448\u0430\u0442\u0430 \u043c\u0440\u0435\u0436\u0430 \u0432\u0435\u0447\u0435 \u0438\u043c\u0430 \u0430\u043a\u0442\u0438\u0432\u0435\u043d DHCP \u0441\u044a\u0440\u0432\u044a\u0440. \u041d\u0435 \u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u043f\u043e\u043b\u0437\u0432\u0430\u043d\u0435\u0442\u043e \u043d\u0430 \u0432\u0442\u043e\u0440\u0438!",
+    "dhcp_leases": "DHCP \u0440\u0430\u0437\u0434\u0430\u0434\u0435\u043d\u0438 \u0430\u0434\u0440\u0435\u0441\u0438",
+    "dhcp_leases_not_found": "\u041d\u044f\u043c\u0430 \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u0438 DHCP \u0430\u0434\u0440\u0435\u0441\u0438",
+    "dhcp_config_saved": "\u0417\u0430\u043f\u0438\u0448\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u0442\u0430 \u043d\u0430 DHCP \u0441\u044a\u0440\u0432\u044a\u0440\u0430",
+    "form_error_required": "\u0417\u0430\u0434\u044a\u043b\u0436\u0438\u0442\u0435\u043b\u043d\u043e \u043f\u043e\u043b\u0435",
+    "form_error_ip_format": "\u041d\u0435\u0432\u0430\u043b\u0438\u0434\u0435\u043d IPv4 \u0430\u0434\u0440\u0435\u0441",
+    "form_error_positive": "\u041f\u0440\u043e\u0432\u0435\u0440\u0435\u0442\u0435 \u0434\u0430\u043b\u0438 \u0435 \u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u043d\u043e \u0447\u0438\u0441\u043b\u043e",
+    "dhcp_form_gateway_input": "IP \u0448\u043b\u044e\u0437",
+    "dhcp_form_subnet_input": "\u041c\u0440\u0435\u0436\u043e\u0432\u0430 \u043c\u0430\u0441\u043a\u0430",
+    "dhcp_form_range_title": "\u0413\u0440\u0443\u043f\u0430 \u043e\u0442 IP \u0430\u0434\u0440\u0435\u0441\u0438",
+    "dhcp_form_range_start": "\u041f\u044a\u0440\u0432\u0438 \u0430\u0434\u0440\u0435\u0441",
+    "dhcp_form_range_end": "\u041f\u043e\u0441\u043b\u0435\u0434\u0435\u043d \u0430\u0434\u0440\u0435\u0441",
+    "dhcp_form_lease_title": "\u041e\u0442\u0434\u0430\u0434\u0435\u043d\u0438 \u0430\u0434\u0440\u0435\u0441\u0438 (\u0441\u0435\u043a\u0443\u043d\u0434\u0438)",
+    "dhcp_form_lease_input": "\u041e\u0442\u0447\u0435\u0442 \u0437\u0430 \u0440\u0430\u0437\u0434\u0430\u0434\u0435\u043d\u0438 \u0430\u0434\u0440\u0435\u0441\u0438",
+    "dhcp_interface_select": "\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 \u043c\u0440\u0435\u0436\u043e\u0432 \u0430\u0434\u0430\u043f\u0442\u0435\u0440 \u0437\u0430 DHCP",
+    "dhcp_hardware_address": "\u0425\u0430\u0440\u0434\u0443\u0435\u0440\u043d\u0438 \u0430\u0434\u0440\u0435\u0441\u0438 (MAC)",
+    "dhcp_ip_addresses": "IP \u0430\u0434\u0440\u0435\u0441\u0438",
+    "dhcp_table_hostname": "\u0418\u043c\u0435 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e",
+    "dhcp_table_expires": "\u0418\u0441\u0442\u043e\u0440\u0438\u044f",
+    "dhcp_warning": "\u0410\u043a\u043e \u0438\u0441\u043a\u0430\u0442\u0435 \u0434\u0430 \u0438\u0437\u043f\u043e\u043b\u0437\u0432\u0430\u0442\u0435 \u0432\u0433\u0440\u0430\u0434\u0435\u043d\u0438\u044f DHCP \u0441\u044a\u0440\u0432\u044a\u0440, \u0442\u0440\u044f\u0431\u0432\u0430 \u0434\u0430 \u043d\u044f\u043c\u0430 \u0434\u0440\u0443\u0433 \u0430\u043a\u0442\u0438\u0432\u0435\u043d DHCP \u0432 \u043c\u0440\u0435\u0436\u0430\u0442\u0430 \u0412\u0438!",
+    "back": "\u041d\u0430\u0437\u0430\u0434",
+    "dashboard": "\u0422\u0430\u0431\u043b\u043e",
+    "settings": "\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438",
+    "filters": "\u0424\u0438\u043b\u0442\u0440\u0438",
+    "query_log": "\u0418\u0441\u0442\u043e\u0440\u0438\u044f \u043d\u0430 \u0437\u0430\u044f\u0432\u043a\u0438\u0442\u0435",
+    "faq": "\u0427\u0417\u0412",
+    "version": "\u0432\u0435\u0440\u0441\u0438\u044f",
+    "address": "\u0430\u0434\u0440\u0435\u0441",
+    "on": "\u0412\u041a\u041b\u042e\u0427\u0415\u041d\u041e",
+    "off": "\u0418\u0417\u041a\u041b\u042e\u0427\u0415\u041d\u041e",
+    "copyright": "\u0410\u0432\u0442\u043e\u0440\u0441\u043a\u043e \u043f\u0440\u0430\u0432\u043e",
+    "homepage": "\u0414\u043e\u043c\u0430\u0448\u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430",
+    "report_an_issue": "\u0421\u044a\u043e\u0431\u0449\u0438 \u0437\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c",
+    "enable_protection": "\u0420\u0430\u0437\u0440\u0435\u0448\u0438 \u0437\u0430\u0449\u0438\u0442\u0430",
+    "enabled_protection": "\u0417\u0430\u0449\u0438\u0442\u0430\u0442\u0430 \u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0430",
+    "disable_protection": "\u0417\u0430\u0431\u0440\u0430\u043d\u0438 \u0437\u0430\u0449\u0438\u0442\u0430",
+    "disabled_protection": "\u0417\u0430\u0449\u0438\u0442\u0430\u0442\u0430 \u0435 \u0437\u0430\u0431\u0440\u0430\u043d\u0435\u043d\u0430",
+    "refresh_statics": "\u041e\u0431\u043d\u043e\u0432\u0438 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430\u0442\u0430",
+    "dns_query": "DNS \u0437\u0430\u043f\u0438\u0442\u0432\u0430\u043d\u0438\u044f",
+    "blocked_by": "\u0411\u043b\u043e\u043a\u0438\u0440\u0430\u043d\u0438 \u043e\u0442",
+    "stats_malware_phishing": "\u0432\u0438\u0440\u0443\u0441\u0438\/\u0430\u0442\u0430\u043a\u0438",
+    "stats_adult": "\u0441\u0430\u0439\u0442\u043e\u0432\u0435 \u0437\u0430 \u0432\u044a\u0437\u0440\u0430\u0441\u0442\u043d\u0438",
+    "stats_query_domain": "\u041d\u0430\u0439-\u043e\u0442\u0432\u0430\u0440\u044f\u043d\u0438 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0438",
+    "for_last_24_hours": "\u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0442\u0435 24 \u0447\u0430\u0441\u0430",
+    "no_domains_found": "\u041d\u044f\u043c\u0430 \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u0438 \u0440\u0435\u0437\u0443\u043b\u0442\u0430\u0442\u0438",
+    "requests_count": "\u0421\u0443\u043c\u0430 \u043d\u0430 \u0437\u0430\u044f\u0432\u043a\u0438\u0442\u0435",
+    "top_blocked_domains": "\u041d\u0430\u0439-\u0431\u043b\u043e\u043a\u0438\u0440\u0430\u043d\u0438 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0438",
+    "top_clients": "\u041d\u0430\u0439-\u0430\u043a\u0442\u0438\u0432\u043d\u0438 IP \u0430\u0434\u0440\u0435\u0441\u0438",
+    "no_clients_found": "\u041d\u044f\u043ca \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u0438 \u0430\u0434\u0440\u0435\u0441\u0438",
+    "general_statistics": "\u041e\u0431\u0449\u0430 \u0441\u0442\u0430\u0442\u0438\u0441\u0438\u043a\u0430",
+    "number_of_dns_query_24_hours": "\u0421\u0443\u043c\u0430 \u043d\u0430 DNS \u0437\u0430\u044f\u0432\u043a\u0438 \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0442\u0435 24 \u0447\u0430\u0441\u0430",
+    "number_of_dns_query_blocked_24_hours": "\u0421\u0443\u043c\u0430 \u043d\u0430 \u0431\u043b\u043e\u043a\u0438\u0440\u0430\u043d\u0438 DNS \u0437\u0430\u044f\u0432\u043a\u0438 \u043e\u0442 \u0444\u0438\u043b\u0442\u0440\u0438\u0442\u0435 \u0437\u0430 \u0440\u0435\u043a\u043b\u0430\u043c\u0430 \u0438 \u043c\u0435\u0441\u0442\u043d\u0438",
+    "number_of_dns_query_blocked_24_hours_by_sec": "\u0421\u0443\u043c\u0430 \u043d\u0430 \u0431\u043b\u043e\u043a\u0438\u0440\u0430\u043d\u0438 DNS \u0437\u0430\u044f\u0432\u043a\u0438 \u043e\u0442 AdGuard \u0441\u0432\u044a\u0440\u0437\u0430\u043d\u0438 \u0441\u044a\u0441 \u0441\u0438\u0433\u0443\u0440\u043d\u043e\u0441\u0442\u0442\u0430",
+    "number_of_dns_query_blocked_24_hours_adult": "\u0421\u0443\u043c\u0430 \u043d\u0430 \u0431\u043b\u043e\u043a\u0438\u0440\u0430\u043d\u0438 \u0441\u0430\u0439\u0442\u043e\u0432\u0435 \u0437\u0430 \u0432\u044a\u0437\u0440\u0430\u0441\u0442\u043d\u0438",
+    "enforced_save_search": "\u0410\u043a\u0442\u0438\u0432\u0438\u0440\u0430\u043d\u043e \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u0422\u044a\u0440\u0441\u0435\u043d\u0435",
+    "number_of_dns_query_to_safe_search": "\u0421\u0443\u043c\u0430 \u043d\u0430 DNS \u0437\u0430\u044f\u0432\u043a\u0438 \u043f\u0440\u0438 \u043a\u043e\u0439\u0442\u043e \u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u043e \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u0422\u044a\u0440\u0441\u0435\u043d\u0435",
+    "average_processing_time": "\u0421\u0440\u0435\u0434\u043d\u043e \u0432\u0440\u0435\u043c\u0435 \u0437\u0430 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430",
+    "average_processing_time_hint": "\u0421\u0440\u0435\u0434\u043d\u043e \u0432\u0440\u0435\u043c\u0435 \u0437\u0430 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u043d\u0430 DNS \u0437\u0430\u044f\u0432\u043a\u0438 \u0432 \u043c\u0438\u043b\u0438\u0441\u0435\u043a\u0443\u043d\u0434\u0438",
+    "block_domain_use_filters_and_hosts": "\u0411\u043b\u043e\u043a\u0438\u0440\u0430\u043d\u0438 \u0434\u043e\u043c\u0435\u0439\u043d\u0438 - \u043e\u0431\u0449\u0438 \u0438 \u043c\u0435\u0441\u0442\u043d\u0438 \u0444\u0438\u043b\u0442\u0440\u0438",
+    "filters_block_toggle_hint": "\u041c\u043e\u0436\u0435 \u0434\u0430 \u0437\u0430\u0434\u0430\u0434\u0435\u0442\u0435 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0432 <a href='#filters'>\u0424\u0438\u043b\u0442\u0440\u0438<\/a>.",
+    "use_adguard_browsing_sec": "\u0418\u0437\u043f\u043e\u043b\u0437\u0432\u0430\u0439\u0442\u0435 AdGuard \u043c\u043e\u0434\u0443\u043b \u0437\u0430 \u0441\u0438\u0433\u0443\u0440\u043d\u043e\u0441\u0442\u0442\u0430",
+    "use_adguard_browsing_sec_hint": "\u041c\u043e\u0434\u0443\u043b \u0421\u0438\u0433\u0443\u0440\u043d\u043e\u0441\u0442 \u0432 AdGuard Home \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0432\u0430 \u0432\u0441\u044f\u043a\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430 \u043a\u043e\u044f\u0442\u043e \u043e\u0442\u0432\u0430\u0440\u044f\u0442\u0435 \u0434\u0430\u043b\u0438 \u0435 \u0432 \u0447\u0435\u0440\u043d\u0438\u0442\u0435 \u0441\u043f\u0438\u0441\u044a\u0446\u0438 \u0437\u0430\u0441\u0442\u0440\u0430\u0448\u0430\u0432\u0430\u0449\u0438 \u0432\u0430\u0448\u0430\u0442\u0430 \u0441\u0438\u0433\u0443\u0440\u043d\u043e\u0441\u0442. \u0418\u0437\u043f\u043e\u043b\u0437\u0432\u0430 \u0441\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u0435\u043d \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u043a\u043e\u0439\u0442\u043e \u0437\u0430\u0449\u0438\u0442\u0430\u0432\u0430 \u0432\u0430\u0448\u0430\u0442\u0430 \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u043e\u0441\u0442 \u0438 \u0438\u0437\u043f\u0440\u0430\u0449\u0430 \u0441\u0430\u043c\u043e SHA256 \u0441\u0443\u043c\u0430 \u0431\u0430\u0437\u0438\u0440\u0430\u043d\u0430 \u043d\u0430 \u0447\u0430\u0441\u0442 \u043e\u0442 \u0434\u043e\u043c\u0435\u0439\u043d\u0430 \u043a\u043e\u0439\u0442\u043e \u043f\u043e\u0441\u0435\u0449\u0430\u0432\u0430\u0442\u0435.",
+    "use_adguard_parental": "\u0412\u043a\u043b\u044e\u0447\u0438 AdGuard \u0420\u043e\u0434\u0438\u0442\u0435\u043b\u0441\u043a\u0438 \u041d\u0430\u0434\u0437\u043e\u0440",
+    "use_adguard_parental_hint": "\u041c\u043e\u0434\u0443\u043b XXX \u0432 AdGuard Home \u0449\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u0438 \u0434\u0430\u043b\u0438 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0442\u0430 \u0438\u043c\u0430 \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0438 \u0437\u0430 \u0432\u044a\u0437\u0432\u044a\u0441\u0442\u043d\u0438. \u0418\u0437\u043f\u043e\u043b\u0437\u0432\u0430 \u0441\u0435 \u0441\u044a\u0449\u0438\u044f API \u0437\u0430 \u0430\u043d\u043e\u043d\u0438\u043c\u043d\u043e\u0441\u0442 \u043a\u0430\u0442\u043e \u043f\u0440\u0438 \u043c\u043e\u0434\u0443\u043b\u0430 \u0437\u0430 \u0421\u0438\u0433\u0443\u0440\u043d\u043e\u0441\u0442.",
+    "enforce_safe_search": "\u0412\u043a\u043b\u044e\u0447\u0438 \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u0422\u044a\u0440\u0441\u0435\u043d\u0435",
+    "enforce_save_search_hint": "AdGuard Home \u043f\u0440\u0438\u043b\u0430\u0433\u0430 \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u0422\u044a\u0440\u0441\u0435\u043d\u0435 \u0432 \u0441\u043b\u0435\u0434\u043d\u0438\u0442\u0435 \u0442\u044a\u0440\u0441\u0430\u0447\u043a\u0438 \u0438 \u0441\u0430\u0439\u0442\u043e\u0432\u0435: Google, Youtube, Bing, \u0438 Yandex.",
+    "no_servers_specified": "\u041d\u044f\u043c\u0430 \u0438\u0437\u0431\u0440\u0430\u043d\u0438 \u0443\u0441\u043b\u0443\u0433\u0438",
+    "no_settings": "\u041d\u044f\u043c\u0430 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438",
+    "general_settings": "\u041e\u0431\u0449\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438",
+    "upstream_dns": "\u0413\u043b\u0430\u0432\u0435\u043d DNS \u0441\u044a\u0440\u0432\u044a\u0440",
+    "upstream_dns_hint": "\u0410\u043a\u043e \u043e\u0441\u0442\u0430\u0432\u0438\u0442\u0435 \u043f\u0440\u0430\u0437\u043d\u043e, AdGuard Home \u0449\u0435 \u0438\u0437\u043f\u043e\u043b\u0437\u0432\u0430 <a href='https:\/\/1.1.1.1\/' target='_blank'>Cloudflare DNS<\/a> \u0437\u0430 \u0433\u043b\u0430\u0432\u0435\u043d. \u0418\u0437\u043f\u043e\u043b\u0437\u0432\u0430\u0439 tls:\/\/ \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043a\u0430 \u0437\u0430 DNS \u0438\u0437\u043f\u043e\u043b\u0437\u0432\u0430\u0449\u0438 TLS \u0432\u0440\u044a\u0437\u043a\u0430.",
+    "test_upstream_btn": "\u0422\u0435\u0441\u0442\u0432\u0430\u0439 \u0433\u043b\u0430\u0432\u043d\u0438\u044f DNS",
+    "apply_btn": "\u041f\u0440\u0438\u043b\u043e\u0436\u0438",
+    "disabled_filtering_toast": "\u0417\u0430\u0431\u0440\u0430\u043d\u0438 \u0444\u0438\u043b\u0442\u0440\u0438\u0440\u0430\u043d\u0435\u0442\u043e",
+    "enabled_filtering_toast": "\u0420\u0430\u0437\u0440\u0435\u0448\u0438 \u0444\u0438\u0442\u0440\u0438\u0440\u0430\u043d\u0435\u0442\u043e",
+    "disabled_safe_browsing_toast": "\u0417\u0430\u0431\u0440\u0430\u043d\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e-\u0441\u044a\u0440\u0444\u0438\u0440\u0430\u043d\u0435",
+    "enabled_safe_browsing_toast": "\u0420\u0437\u0440\u0435\u0448\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e-\u0441\u044a\u0440\u0444\u0438\u0440\u0430\u043d\u0435",
+    "disabled_parental_toast": "\u0417\u0430\u0431\u0440\u0430\u043d\u0438 \u0420\u043e\u0434\u0438\u0442\u0435\u043b\u0441\u043a\u0438 \u041d\u0430\u0434\u0437\u043e\u0440",
+    "enabled_parental_toast": "\u0420\u0430\u0437\u0440\u0435\u0448\u0438 \u0420\u043e\u0434\u0438\u0442\u0435\u043b\u0441\u043a\u0438 \u041d\u0430\u0434\u0437\u043e\u0440",
+    "disabled_safe_search_toast": "\u0417\u0430\u0431\u0440\u0430\u043d\u0438 \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u0422\u044a\u0440\u0441\u0435\u043d\u0435",
+    "enabled_save_search_toast": "\u0420\u0430\u0437\u0440\u0435\u0448\u0438 \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u0422\u044a\u0440\u0441\u0435\u043d\u0435",
+    "enabled_table_header": "\u0420\u0430\u0437\u0440\u0435\u0448\u0438",
+    "name_table_header": "\u0418\u043c\u0435",
+    "filter_url_table_header": "URL \u0444\u0438\u043b\u0442\u044a\u0440",
+    "rules_count_table_header": "\u041f\u0440\u0430\u0432\u0438\u043b\u0430 \u043e\u0431\u0449\u043e",
+    "last_time_updated_table_header": "\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0435\u043d",
+    "actions_table_header": "\u0414\u0435\u0439\u0441\u0442\u0432\u0438\u044f",
+    "delete_table_action": "\u0418\u0437\u0442\u0440\u0438\u0439",
+    "filters_and_hosts": "\u0427\u0435\u0440\u043d\u0438 \u0441\u043f\u0438\u0441\u044a\u0446\u0438 \u0441 \u043e\u0431\u0449\u0438 \u0438 \u043c\u0435\u0441\u0442\u043d\u0438 \u0444\u0438\u043b\u0442\u0440\u0438",
+    "filters_and_hosts_hint": "AdGuard Home \u0440\u0430\u0437\u0431\u0438\u0440\u0430 adblock \u0438 host \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0441.",
+    "no_filters_added": "\u041d\u044f\u043c\u0430 \u0434\u043e\u0431\u0430\u0432\u0435\u043d\u0438 \u0444\u0438\u043b\u0442\u0440\u0438",
+    "add_filter_btn": "\u0414\u043e\u0431\u0430\u0432\u0438 \u0444\u0438\u043b\u0442\u044a\u0440",
+    "cancel_btn": "\u041e\u0442\u043a\u0430\u0436\u0438",
+    "enter_name_hint": "\u0412\u044a\u0432\u0435\u0434\u0438 \u0438\u043c\u0435",
+    "enter_url_hint": "\u0412\u044a\u0432\u0435\u0434\u0438 URL",
+    "check_updates_btn": "\u041f\u0440\u043e\u0432\u0435\u0440\u0438 \u0437\u0430 \u0430\u043a\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f",
+    "new_filter_btn": "\u0412\u044a\u0432\u0435\u0434\u0438 \u043d\u043e\u0432 \u0444\u0438\u043b\u0442\u044a\u0440",
+    "enter_valid_filter_url": "\u041c\u043e\u043b\u044f \u0432\u044a\u0432\u0435\u0434\u0435\u0442\u0435 \u0432\u0430\u043b\u0438\u0434\u0435\u043d URL \u0437\u0430 \u0444\u0438\u043b\u0442\u044a\u0440\u0430 \u0438\u043b\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u0442\u0435 host \u043f\u0440\u0430\u0432\u043e\u043f\u0438\u0441\u0430.",
+    "custom_filter_rules": "\u041c\u0435\u0441\u0442\u043d\u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0437\u0430 \u0444\u0438\u043b\u0442\u0440\u0438\u0440\u0430\u043d\u0435",
+    "custom_filter_rules_hint": "\u0412\u044a\u0432\u0435\u0436\u0434\u0430\u0439\u0442\u0435 \u0432\u0441\u044f\u043a\u043e \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u043d\u0430 \u043d\u043e\u0432 \u0440\u0435\u0434. \u041c\u043e\u0436\u0435 \u0434\u0430 \u0438\u0437\u043f\u043e\u043b\u0437\u0432\u0430\u0442\u0435 adblock \u0438\u043b\u0438 hosts \u0444\u0430\u0439\u043b\u043e\u0432 \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0441.",
+    "examples_title": "\u041f\u0440\u0438\u043c\u0435\u0440\u0438",
+    "example_meaning_filter_block": "\u0411\u043b\u043e\u043a\u0438\u0440\u0430\u0439 \u0434\u043e\u0441\u0442\u044a\u043f \u0434\u043e \u0434\u043e\u043c\u0435\u0439\u043d example.org \u0438 \u0432\u0441\u0438\u0447\u043a\u0438 \u043f\u043e\u0434 \u0434\u043e\u043c\u0435\u0439\u043d\u0438.",
+    "example_meaning_filter_whitelist": "\u0420\u0430\u0437\u0440\u0435\u0448\u0438 \u0434\u043e\u0441\u0442\u044a\u043f \u0434\u043e \u0434\u043e\u043c\u0435\u0439\u043d example.org \u0438 \u0432\u0441\u0438\u0447\u043a\u0438\u0442\u0435 \u043c\u0443 \u043f\u043e\u0434 \u0434\u043e\u043c\u0435\u0439\u043d\u0438.",
+    "example_meaning_host_block": "AdGuard Home \u0449\u0435 \u043e\u0442\u0433\u043e\u0432\u043e\u0440\u0438 \u0441 127.0.0.1 = \u043f\u0440\u0430\u0437\u0435\u043d \u0430\u0434\u0440\u0435\u0441 \u0437\u0430 \u0434\u043e\u043c\u0435\u0439\u043d example.org (\u043d\u043e \u043d\u0435 \u0438 \u0437\u0430 \u043f\u043e\u0434 \u0434\u043e\u043c\u0435\u0439\u043d\u0438).",
+    "example_comment": "! \u0422\u043e\u0432\u0430 \u0435 \u043a\u043e\u043c\u0435\u043d\u0442\u0430\u0440",
+    "example_comment_meaning": "\u043f\u0440\u0438\u043c\u0435\u0440 \u0437\u0430 \u043a\u043e\u043c\u0435\u043d\u0442\u0430\u0440",
+    "example_comment_hash": "# \u0422\u043e\u0432\u0430 \u0435 \u0441\u044a\u0449\u043e \u043a\u043e\u043c\u0435\u043d\u0442\u0430\u0440",
+    "example_regex_meaning": "\u0411\u043b\u043e\u043a\u0438\u0440\u0430\u0439 \u0434\u043e\u0441\u0442\u044a\u043f \u0434\u043e \u0434\u043e\u043c\u0435\u0439\u043d\u0438 \u043a\u043e\u0439\u0442\u043e \u0441\u044a\u0432\u043f\u0430\u0434\u0430\u0442 \u0441\u044a\u0441 \u0441\u043b\u0435\u0434\u043d\u043e\u0442\u043e",
+    "example_upstream_regular": "\u043a\u043b\u0430\u0441\u0438\u0447\u0435\u0441\u043a\u0438 DNS (UDP \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b)",
+    "example_upstream_dot": "\u043a\u0440\u0438\u043f\u0442\u0438\u0440\u0430\u043d <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>DNS-\u0432\u044a\u0440\u0445\u0443-TLS<\/a>",
+    "example_upstream_doh": "\u043a\u0440\u0438\u043f\u0442\u0438\u0440\u0430\u043d <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-\u0432\u044a\u0440\u0445\u0443-HTTPS<\/a>",
+    "example_upstream_sdns": "\u043c\u043e\u0436\u0435 \u0434\u0430 \u043f\u043e\u043b\u0437\u0432\u0430\u0442\u0435 <a href='https:\/\/dnscrypt.info\/stamps\/' target='_blank'>DNS \u041f\u043e\u0434\u043f\u0438\u0441\u0432\u0430\u043d\u0435<\/a> \u0437\u0430 <a href='https:\/\/dnscrypt.info\/' target='_blank'>DNSCrypt<\/a> \u0438\u043b\u0438 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-\u0432\u044a\u0440\u0445\u0443-HTTPS<\/a> \u0441\u044a\u0440\u0432\u044a\u0440\u0438",
+    "example_upstream_tcp": "\u043a\u043b\u0430\u0441\u0438\u0447\u0435\u0441\u043a\u0438 DNS (TCP \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b)",
+    "all_filters_up_to_date_toast": "\u0412\u0441\u0438\u0447\u043a\u0438 \u0444\u0438\u043b\u0442\u0438 \u0441\u0430 \u0430\u043a\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0430\u043d\u0438",
+    "updated_upstream_dns_toast": "\u0413\u043b\u043e\u0431\u0430\u043b\u043d\u0438\u0442\u0435 DNS \u0441\u044a\u0440\u0432\u044a\u0440\u0438 \u0441\u0430 \u043e\u0431\u043d\u043e\u0432\u0435\u043d\u0438",
+    "dns_test_ok_toast": "\u0412\u044a\u0432\u0435\u0434\u0435\u043d\u0438\u0442\u0435 DNS \u0441\u044a\u0440\u0432\u044a\u0440\u0438 \u0440\u0430\u0431\u043e\u0442\u044f\u0442 \u043a\u043e\u0440\u0435\u043a\u0442\u043d\u043e",
+    "dns_test_not_ok_toast": "\u0421\u044a\u0440\u0432\u044a\u0440 \"{{key}}\": \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0438, \u043c\u043e\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u0435\u0442\u0435 \u0434\u0430\u043b\u0438 \u0435 \u0432\u044a\u0432\u0435\u0434\u0435\u043d \u043a\u043e\u0440\u0435\u043a\u0442\u043d\u043e",
+    "unblock_btn": "\u041e\u0442\u0431\u043b\u043e\u043a\u0438\u0440\u0430\u0439",
+    "block_btn": "\u0411\u043b\u043e\u043a\u0438\u0440\u0430\u0439",
+    "time_table_header": "\u0412\u0440\u0435\u043c\u0435",
+    "domain_name_table_header": "\u0418\u043c\u0435 \u043d\u0430 \u0434\u043e\u043c\u0435\u0439\u043d",
+    "type_table_header": "\u0422\u0438\u043f",
+    "response_table_header": "\u041e\u0442\u0433\u043e\u0432\u043e\u0440",
+    "client_table_header": "\u041a\u043b\u0438\u0435\u043d\u0442",
+    "empty_response_status": "\u041f\u0440\u0430\u0437\u0435\u043d",
+    "show_all_filter_type": "\u041f\u043e\u043a\u0430\u0436\u0438 \u0432\u0441\u0438\u0447\u043a\u0438",
+    "show_filtered_type": "\u041f\u043e\u043a\u0430\u0436\u0438 \u0444\u0438\u043b\u0442\u0440\u0438\u0440\u0430\u043d\u0438",
+    "no_logs_found": "\u041d\u044f\u043c\u0430 \u0438\u0441\u0442\u043e\u0440\u0438\u044f",
+    "disabled_log_btn": "\u0417\u0430\u0431\u0440\u0430\u043d\u0438 \u0438\u0441\u0442\u043e\u0440\u0438\u044f\u0442\u0430",
+    "download_log_file_btn": "\u0421\u043c\u044a\u043a\u043d\u0438 \u0438\u0441\u0442\u043e\u0440\u0438\u044f\u0442\u0430",
+    "refresh_btn": "\u041e\u0431\u043d\u043e\u0432\u0438",
+    "enabled_log_btn": "\u0420\u0430\u0437\u0440\u0435\u0448\u0438 \u0438\u0441\u0442\u043e\u0440\u0438\u044f\u0442\u0430",
+    "last_dns_queries": "\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0442\u0435 5000 DNS \u0437\u0430\u044f\u0432\u043a\u0438",
+    "previous_btn": "\u041f\u0440\u0435\u0434\u0445\u043e\u0434\u0435\u043d",
+    "next_btn": "\u0421\u043b\u0435\u0434\u0432\u0430\u0449",
+    "loading_table_status": "\u0417\u0430\u0440\u0435\u0436\u0434\u0430\u043d\u0435...",
+    "page_table_footer_text": "\u0421\u0442\u0440\u0430\u043d\u0438\u0446\u0430",
+    "of_table_footer_text": "\u043e\u0442",
+    "rows_table_footer_text": "\u0440\u0435\u0434\u043e\u0432\u0435",
+    "updated_custom_filtering_toast": "\u041e\u0431\u043d\u043e\u0432\u0435\u043d\u0438 \u043c\u0435\u0441\u0442\u043d\u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0437\u0430 \u0444\u0438\u043b\u0442\u0440\u0438\u0440\u0430\u043d\u0435",
+    "rule_removed_from_custom_filtering_toast": "\u041f\u0440\u0435\u043c\u0430\u0445\u043d\u0430\u0442\u043e \u043e\u0442 \u043c\u0435\u0441\u0442\u043d\u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0437\u0430 \u0444\u0438\u043b\u0442\u0440\u0438\u0440\u0430\u043d\u0435",
+    "rule_added_to_custom_filtering_toast": "\u0414\u043e\u0431\u0430\u0432\u0435\u043d\u043e \u0434\u043e \u043c\u0435\u0441\u0442\u043d\u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0437\u0430 \u0444\u0438\u043b\u0442\u0440\u0438\u0440\u0430\u043d\u0435",
+    "query_log_disabled_toast": "\u0418\u0441\u0442\u043e\u0440\u0438\u044f\u0442\u0430 \u0435 \u0437\u0430\u0431\u0440\u0430\u043d\u0435\u043d\u0430",
+    "query_log_enabled_toast": "\u0418\u0441\u0442\u043e\u0440\u0438\u044f\u0442\u0430 \u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0430",
+    "source_label": "\u0418\u0437\u0442\u043e\u0447\u043d\u0438\u043a",
+    "found_in_known_domain_db": "\u041d\u0430\u043c\u0435\u0440\u0435\u043d \u0432 \u0441\u043f\u0438\u0441\u044a\u0446\u0438\u0442\u0435 \u0441 \u0434\u043e\u043c\u0435\u0439\u043d\u0438.",
+    "category_label": "\u041a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u044f",
+    "rule_label": "\u041f\u0440\u0430\u0432\u0438\u043b\u043e",
+    "filter_label": "\u0424\u0438\u043b\u0442\u044a\u0440",
+    "unknown_filter": "\u041d\u0435\u043f\u043e\u0437\u043d\u0430\u0442 \u0444\u0438\u043b\u0442\u044a\u0440 {{filterId}}",
+    "install_welcome_title": "\u0414\u043e\u0431\u0440\u0435 \u0434\u043e\u0448\u043b\u0438 \u0432 AdGuard Home!",
+    "install_welcome_desc": "AdGuard Home e \u043c\u0440\u0435\u0436\u043e\u0432\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0437\u0430 \u0431\u043b\u043e\u043a\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u0440\u0435\u043a\u043b\u0430\u043c\u0438 \u0438 \u0442\u0440\u0430\u043a\u0435\u0440\u0438 \u043d\u0430 DNS \u043d\u0438\u0432\u043e. \u0421\u044a\u0437\u0434\u0430\u0434\u0435\u043d\u043e \u0435 \u0437\u0430 \u0434\u0430 \u0432\u0438 \u0434\u0430\u0434\u0435 \u043f\u044a\u043b\u0435\u043d \u043a\u043e\u043d\u0442\u0440\u043e\u043b \u043d\u0430\u0434 \u043c\u0440\u0435\u0436\u0430\u0442\u0430 \u0438 \u0432\u0441\u0438\u0447\u043a\u0438\u0442\u0435 \u0432\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0431\u0435\u0437 \u0434\u0430 \u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0434\u043e\u043f\u044a\u043b\u043d\u0438\u0442\u0435\u043b\u043d\u043e \u0438\u043d\u0441\u0442\u0430\u043b\u0438\u0440\u0430\u043d\u0435 \u043d\u0430 \u0434\u0440\u0443\u0433 \u0441\u043e\u0444\u0442\u0443\u0435\u0440.",
+    "install_settings_title": "\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044f",
+    "install_settings_listen": "\u0410\u043a\u0442\u0438\u0432\u043d\u0438 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0438",
+    "install_settings_port": "\u041f\u043e\u0440\u0442",
+    "install_settings_interface_link": "\u0412\u0430\u0448\u0430\u0442\u0430 AdGuard Home \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430 \u0437\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044f \u0449\u0435 \u0435 \u0434\u043e\u0441\u0442\u044a\u043f\u043d\u0430 \u043d\u0430 \u0442\u043e\u0437\u0438 \u0430\u0434\u0440\u0435\u0441:",
+    "form_error_port": "\u041c\u043e\u043b\u044f \u0432\u044a\u0432\u0435\u0434\u0435\u0442\u0435 \u0432\u0430\u043b\u0438\u0434\u0435\u043d \u043f\u043e\u0440\u0442",
+    "install_settings_dns": "DNS \u0441\u044a\u0440\u0432\u044a\u0440",
+    "install_settings_dns_desc": "\u0417\u0430 \u0434\u0430 \u0440\u0430\u0431\u043e\u0442\u0438, \u0449\u0435 \u0442\u0440\u044f\u0431\u0432\u0430 \u0434\u0430 \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u0435 \u0432\u0430\u0448\u0438\u044f\u0442 \u0440\u0443\u0442\u0435\u0440 \u0438\u043b\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0434\u0430 \u043f\u043e\u043b\u0437\u0432\u0430\u0442 DNS \u0441\u044a\u0440\u0432\u044a\u0440 \u0441 \u0430\u0434\u0440\u0435\u0441:",
+    "install_settings_all_interfaces": "\u0412\u0441\u0438\u0447\u043a\u0438 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0438",
+    "install_auth_title": "\u0423\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u044f\u0432\u0430\u043d\u0435",
+    "install_auth_desc": "\u041c\u043d\u043e\u0433\u043e \u0435 \u0432\u0430\u0436\u043d\u043e \u0434\u0430 \u0437\u0430\u0434\u0430\u0434\u0435\u0442\u0435 \u0438\u043c\u0435 \u0438 \u043f\u0430\u0440\u043e\u043b\u0430 \u0437\u0430 \u0434\u043e\u0441\u0442\u044a\u043f \u0434\u043e \u0432\u0430\u0448\u0438\u044f \u043f\u0430\u043d\u0435\u043b \u0437\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044f \u043d\u0430 AdGuard Home. \u041f\u0440\u0435\u043f\u043e\u0440\u044a\u0447\u0432\u0430\u043c\u0435 \u0432\u0438 \u0434\u0430 \u0437\u0430\u0434\u0430\u0434\u0435\u0442\u0435 \u0438\u043c\u0435 \u0438 \u043f\u0430\u0440\u043e\u043b\u0430 \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e \u0447\u0435 \u0433\u043e \u043f\u043e\u043b\u0437\u0432\u0430\u0442\u0435 \u0441\u0430\u043c\u043e \u0432 \u043a\u044a\u0449\u0438.",
+    "install_auth_username": "\u041f\u043e\u0442\u0440\u0435\u0431\u0438\u0442\u0435\u043b",
+    "install_auth_password": "\u041f\u0430\u0440\u043e\u043b\u0430",
+    "install_auth_confirm": "\u041f\u043e\u0442\u0432\u044a\u0440\u0434\u0435\u0442\u0435 \u043f\u0430\u0440\u043e\u043b\u0430\u0442\u0430",
+    "install_auth_username_enter": "\u0412\u044a\u0432\u0435\u0434\u0435\u0442\u0435 \u043f\u043e\u0442\u0440\u0435\u0431\u0438\u0442\u0435\u043b",
+    "install_auth_password_enter": "\u0412\u044a\u0432\u0435\u0434\u0435\u0442\u0435 \u043f\u0430\u0440\u043e\u043b\u0430",
+    "install_step": "\u0421\u0442\u044a\u043f\u043a\u0430",
+    "install_devices_title": "\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u0442\u0435 \u0432\u0430\u0448\u0435\u0442\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e",
+    "install_devices_desc": "\u0414\u0430 \u0437\u0430\u043f\u043e\u0447\u043d\u0435\u0442\u0435 \u0434\u0430 \u0438\u0437\u043f\u043e\u043b\u0437\u0432\u0430\u0442\u0435 AdGuard Home, \u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0434\u0430 \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u0435 \u0432\u0430\u0448\u0438\u0442\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.",
+    "install_submit_title": "\u041f\u043e\u0437\u0434\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f!",
+    "install_submit_desc": "\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u0442\u0430 \u0435 \u0437\u0430\u0432\u044a\u0440\u0448\u0435\u043d\u0430, \u043c\u043e\u0436\u0435 \u0434\u0430 \u0437\u0430\u043f\u043e\u0447\u043d\u0435\u0442\u0435 \u0434\u0430 \u043f\u043e\u043b\u0437\u0432\u0430\u0442\u0435 AdGuard Home.",
+    "install_devices_router": "\u0420\u0443\u0442\u0435\u0440",
+    "install_devices_router_desc": "\u0410\u043a\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u0435 \u0432\u0430\u0448\u0438\u044f\u0442 \u0440\u0443\u0442\u0435\u0440 \u043d\u044f\u043c\u0430 \u043d\u0443\u0436\u0434\u0430 \u0440\u044a\u0447\u043d\u043e \u0434\u0430 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u0432\u0430\u0442\u0435 \u0432\u0441\u044f\u043a\u043e \u0435\u0434\u043d\u043e \u043e\u0442 \u0443\u0441\u0442\u0440\u0439\u0441\u0442\u0432\u0430\u0442\u0430 \u0432 \u043c\u0440\u0435\u0436\u0430\u0442\u0430.",
+    "install_devices_address": "AdGuard Home DNS \u0441\u044a\u0440\u0432\u044a\u0440\u044a\u0442 \u0435 \u043d\u0430 \u0441\u043b\u0435\u0434\u043d\u0438\u044f \u0430\u0434\u0440\u0435\u0441",
+    "install_devices_router_list_1": "\u041e\u0442\u0432\u043e\u0440\u0435\u0442\u0435 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0442\u0430 \u0437\u0430 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043d\u0430 \u0432\u0430\u0448\u0438\u044f \u0440\u0443\u0442\u0435\u0440. \u041e\u0431\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u043e \u0442\u044f \u0441\u0435 \u043d\u0430\u043c\u0438\u0440\u0430 \u043d\u0430 URL (\u0442\u0443\u043a http:\/\/192.168.0.1\/ \u0438\u043b\u0438 \u0442\u0443\u043a http:\/\/192.168.1.1\/). \u0417\u0430 \u0434\u043e\u0441\u0442\u044a\u043f \u043c\u043e\u0436\u0435 \u0434\u0430 \u0432\u0438 \u0442\u0440\u044f\u0431\u0432\u0430 \u043f\u0430\u0440\u043e\u043b\u0430. \u0410\u043a\u043e \u0441\u0442\u0435 \u0437\u0430\u0431\u0440\u0430\u0432\u0438\u043b\u0438 \u043f\u0430\u0440\u043e\u043b\u0430\u0442\u0430 \u043c\u043e\u0436\u0435 \u0434\u0430 \u044f \u0440\u0435\u0441\u0435\u0442\u043d\u0435\u0442\u0435 \u043a\u0430\u0442\u043e \u043d\u0430\u0442\u0438\u0441\u043d\u0435\u0442\u0430 \u0441\u043a\u0440\u0438\u0442\u0438\u044f \u0440\u0435\u0441\u0435\u0442 \u0431\u0443\u0442\u043e\u043d - \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0442\u043e\u0432\u0430 \u0449\u0435 \u0440\u0435\u0441\u0435\u0442\u043d\u0435 \u0432\u0441\u0438\u0447\u043a\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043d\u0430 \u0440\u0443\u0442\u0435\u0440\u0430 \u0434\u043e \u0444\u0430\u0431\u0440\u0438\u0447\u043d\u0438! \u041d\u044f\u043a\u043e\u0439 \u0440\u0443\u0442\u0435\u0440\u0438 \u043c\u043e\u0433\u0430\u0442 \u0434\u0430 \u0431\u044a\u0434\u0430\u0442\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u0430\u043d\u0438 \u043e\u0442 \u0441\u043e\u0444\u0442\u0443\u0435\u0440 \u0438\u043b\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435, \u043a\u043e\u0439\u0442\u043e \u0431\u0438 \u0442\u0440\u044f\u0431\u0432\u0430\u043b\u043e \u0434\u0430 \u0435 \u0432\u0435\u0447\u0435 \u0438\u043d\u0441\u0442\u0430\u043b\u0438\u0440\u0430\u043d \u043d\u0430 \u043a\u043e\u043c\u043f\u044e\u0442\u044a\u0440\u0430\/\u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0430 \u0432\u0438.",
+    "install_devices_router_list_2": "\u041d\u0430\u043c\u0435\u0440\u0435\u0442\u0430 DHCP\/DNS \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438. \u0412 \u043f\u043e\u0434 \u0440\u0430\u0437\u0434\u0435\u043b DHCP \u0440\u0437\u0433\u043b\u0435\u0434\u0430\u0439\u0442\u0435 \u0438 \u043d\u0430\u043c\u0435\u0440\u0435\u0442\u0435 \u043a\u044a\u0434\u0435 \u0435 \u043f\u043e\u043b\u0435\u0442\u043e \u0437\u0430 DNS \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0432 \u043a\u043e\u0435\u0442\u043e \u043c\u043e\u0436\u0435 \u0434\u0430 \u0432\u044a\u0432\u0435\u0434\u0435\u0442\u0435 \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u0430\u043d\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0437\u0430 DNS \u0441\u044a\u0440\u0432\u044a\u0440\u0438.",
+    "install_devices_router_list_3": "\u0412\u044a\u0432\u0435\u0434\u0435\u0442\u0435 \u0430\u0434\u0440\u0435\u0441\u044a\u0442 \u043d\u0430 AdGuard Home \u0441\u044a\u0440\u0432\u044a\u0440\u0430.",
+    "install_devices_windows_list_1": "\u041e\u0442\u0432\u043e\u0440\u0435\u0442\u0435 \u041a\u043e\u043d\u0442\u0440\u043e\u043b\u043d\u0438\u044f \u041f\u0430\u043d\u0435\u043b \u043f\u0440\u0435\u0437 \u0421\u0442\u0430\u0440\u0442 \u043c\u0435\u043d\u044e \u0438\u043b\u0438 \u0447\u0440\u0435\u0437 \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u0442\u044a\u0440\u0441\u0435\u043d\u0435 \u043d\u0430 Windows.",
+    "install_devices_windows_list_2": "\u0412\u044a\u0440\u0432\u0435\u0442\u0435 \u0434\u043e \u041d\u0430\u0441\u0442\u0440\u0439\u043a\u0438 \u043d\u0430 \u041c\u0440\u0435\u0436\u0438 \u0438 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u0438 \u043e\u0442 \u0442\u0430\u043c \u0438\u0437\u0431\u0435\u0440\u0435\u0442\u0435 \u041c\u0440\u0435\u0436\u0438 \u0438 \u0426\u0435\u043d\u0442\u044a\u0440 \u0437\u0430 \u0421\u043f\u043e\u0434\u0435\u043b\u044f\u043d\u0435.",
+    "install_devices_windows_list_3": "\u041e\u0442 \u043b\u044f\u0432\u043e \u043d\u0430 \u0435\u043a\u0440\u0430\u043d\u0430 \u043d\u0430\u043c\u0435\u0440\u0435\u0442\u0435 \u0421\u043c\u0435\u043d\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u043a\u0438 \u043d\u0430 \u043c\u0440\u0435\u0436\u043e\u0432\u0438\u044f \u0430\u0434\u0430\u043f\u0442\u0435\u0440 \u0438 \u043a\u043b\u0438\u043a\u043d\u0435\u0442\u0435 \u043d\u0430 \u043d\u0435\u0433\u043e.",
+    "install_devices_windows_list_4": "\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 \u0442\u043e\u0437\u0438 \u043a\u043e\u0439\u0442\u043e \u0435 \u0430\u043a\u0442\u0438\u0432\u0435\u043d, \u0434\u044f\u0441\u043d\u043e-\u043a\u043b\u0438\u043a\u0432\u0430\u043d\u0435 \u0438 \u0438\u0437\u0431\u0435\u0440\u0435\u0442\u0430 \u0421\u0432\u043e\u0439\u0441\u0442\u0432\u0430.",
+    "install_devices_windows_list_5": "\u041d\u0430\u043c\u0435\u0440\u0435\u0442\u0435 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u041f\u0440\u043e\u0442\u043e\u043a\u043e\u043b \u0412\u0435\u0440\u0441\u0438\u044f 4 (TCP\/IP) \u0432 \u0441\u043f\u0438\u0441\u044a\u043a\u0430, \u0438\u0437\u0431\u0435\u0440\u0435\u0442\u0435 \u0438 \u043a\u043b\u0438\u043a\u043d\u0435\u0442\u0435 \u043e\u0442\u043d\u043e\u0432\u043e \u043d\u0430 \u0421\u0432\u043e\u0439\u0441\u0442\u0432\u0430.",
+    "install_devices_windows_list_6": "\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 \u0418\u0437\u043f\u043e\u043b\u0437\u0432\u0430\u0439 \u0441\u043b\u0435\u0434\u043d\u0438\u0442\u0435 \u0430\u0434\u0440\u0435\u0441\u0438 \u0437\u0430 DNS \u0441\u044a\u0440\u0441\u044a\u0440\u0438 \u0438 \u0432\u044a\u0432\u0435\u0434\u0435\u0442\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u043d\u0430 AdGuard Home \u0441\u044a\u0440\u0432\u044a\u0440\u0430 \u0432\u0438.",
+    "install_devices_macos_list_1": "\u0426\u044a\u043a\u043d\u0435\u0442\u0435 \u043d\u0430 Apple \u0438\u043a\u043e\u043d\u043a\u0430\u0442\u0430 \u0438 \u0438\u0437\u0431\u0435\u0440\u0435\u0442\u0435 System Preferences...",
+    "install_devices_macos_list_2": "\u0426\u044a\u043a\u043d\u0435\u0442\u0435 \u043d\u0430 Network.",
+    "install_devices_macos_list_3": "\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 \u0437\u0435\u043b\u0435\u043d\u0430\u0442\u0430-\u0430\u043a\u0442\u0438\u0432\u043d\u0430 \u0432\u0440\u044a\u0437\u043a\u0430 \u0432 \u0441\u043f\u0438\u0441\u044a\u043a\u0430 \u0438 \u043a\u043b\u0438\u043a\u043d\u0435\u0442\u0435 \u043d\u0430 Advanced.",
+    "install_devices_macos_list_4": "\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 DNS \u0442\u0430\u0431 \u0438 \u043a\u043b\u0438\u043a\u043d\u0435\u0442\u0435 \u043d\u0430 + \u0437\u0430 \u0434\u0430 \u0432\u044a\u0432\u0435\u0434\u0435\u0442\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u043d\u0430 AdGuard Home \u0441\u044a\u0440\u0432\u044a\u0440\u0430.",
+    "install_devices_android_list_1": "\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 Android \u041c\u0435\u043d\u044e \u043e\u0442 \u0434\u043e\u043c\u0430\u0448\u043d\u0438\u044f \u0435\u043a\u0440\u0430\u043d, \u0438 \u0446\u044a\u043a\u043d\u0435\u0442\u0435 \u043d\u0430 \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438.",
+    "install_devices_android_list_2": "\u0426\u044a\u043a\u043d\u0435\u0442\u0435 \u043d\u0430 Wi-Fi \u043c\u0435\u043d\u044e. \u041d\u0430 \u0435\u043a\u0440\u0430\u043d\u0430 \u0449\u0435 \u0441\u0435 \u043f\u043e\u044f\u0432\u0430\u0442 \u0432\u0441\u0438\u0447\u043a\u0438 \u0431\u0435\u0437\u0436\u0438\u0447\u043d\u0438 \u043f\u0440\u0435\u0436\u0438 (\u0442\u0430\u043c \u043d\u044f\u043c\u0430 \u0432\u044a\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442 \u0437\u0430 \u0432\u044a\u0432\u0435\u0436\u0434\u0430\u043d\u0435 \u043d\u0430 DNS \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438).",
+    "install_devices_android_list_3": "\u0426\u044a\u043a\u043d\u0435\u0442\u0435 \u0438 \u0437\u0430\u0434\u0440\u044a\u0436\u0434\u0435 \u0432\u044a\u0440\u0445\u0443 \u0412\u0438\u0435 \u0441\u0442\u0435 \u0441\u0432\u044a\u0440\u0437\u0430\u043d\u0438 \u0441.., \u0438 \u043a\u043b\u0438\u043a\u043d\u0435\u0442\u0435 \u043d\u0430 \u041c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u0430\u0439 \u043c\u0440\u0435\u0436\u0430.",
+    "install_devices_android_list_4": "\u041d\u0430 \u043d\u044f\u043a\u043e\u0439 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u043c\u043e\u0436\u0435 \u0434\u0430 \u0435 \u043d\u0435\u043e\u0445\u043e\u0434\u0438\u043c\u043e \u0434\u0430 \u043c\u0430\u0440\u043a\u0438\u0440\u0430\u0442\u0435 \u043f\u043e\u043a\u0430\u0436\u0438 \u0420\u0430\u0437\u0448\u0438\u0440\u0435\u043d\u0438, \u0437\u0430 \u0434\u0430 \u0432\u0438\u0434\u0438\u0442\u0435 \u0432\u0441\u0438\u0447\u043a\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438. \u0417\u0430 \u0434\u0430 \u043f\u0440\u043e\u043c\u0435\u043d\u0438\u0442\u0435 Android DNS \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438\u0442\u0435, \u043c\u043e\u0436\u0435 \u0434\u0430 \u0441\u0435 \u043d\u0430\u043b\u043e\u0436\u0438 \u0434\u0430 \u043f\u0440\u043e\u043c\u0435\u043d\u0438\u0442\u0435 IP \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438\u0442\u0435 \u043e\u0442 DHCP \u043d\u0430 \u0421\u0442\u0430\u0442\u0438\u0447\u043d\u0438.",
+    "install_devices_android_list_5": "\u041f\u0440\u043e\u043c\u0435\u043d\u0435\u0442\u0435 \u0441\u0442\u043e\u0439\u043d\u043e\u0441\u0442\u0438\u0442\u0435 \u043d\u0430 DNS 1 \u0438 DNS 2 \u0434\u0430 \u0438\u0437\u043f\u043e\u043b\u0437\u0432\u0430\u0442 AdGuard Home \u0441\u044a\u0440\u0432\u044a\u0440\u0430.",
+    "install_devices_ios_list_1": "\u041e\u0442 \u043d\u0430\u0447\u0430\u043b\u0435\u043d \u0435\u043a\u0440\u0430\u043d, \u0446\u044a\u043a\u043d\u0435\u0442\u0435 \u043d\u0430 Settings.",
+    "install_devices_ios_list_2": "\u0418\u0437\u0431\u0435\u0440\u0435\u0442\u0435 Wi-Fi \u043e\u0442 \u043b\u044f\u0432\u043e\u0442\u043e \u043c\u0435\u043d\u044e (\u0442\u0430\u043c \u043d\u044f\u043c\u0430 \u0432\u044a\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442 \u0437\u0430 \u0432\u044a\u0432\u0435\u0436\u0434\u0430\u043d\u0435 \u043d\u0430 DNS \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438).",
+    "install_devices_ios_list_3": "\u041a\u043b\u0438\u043d\u0435\u0442\u0435 \u043d\u0430 \u0438\u043c\u0435\u0442\u043e \u043d\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u0430\u0442\u0430 \u043c\u0440\u0435\u0436\u0430 \u043a\u044a\u043c \u043a\u043e\u044f\u0442\u043e \u0441\u0442\u0435 \u0441\u0432\u044a\u0440\u0437\u0430\u043d\u0438.",
+    "install_devices_ios_list_4": "\u0412 \u043f\u043e\u043b\u0435\u0442\u043e \u0437\u0430 DNS \u0438\u0437\u0431\u0435\u0440\u0435\u0442\u0435 \u0440\u044a\u0447\u043d\u043e \u0438 \u0432\u044a\u0432\u0435\u0434\u0435\u0442\u0435 \u0430\u0434\u0440\u0435\u0441\u0430 \u043d\u0430 AdGuard Home \u0441\u044a\u0440\u0432\u044a\u0440\u0430.",
+    "get_started": "\u0414\u0430 \u0437\u0430\u043f\u043e\u0447\u0432\u0430\u043c\u0435",
+    "next": "\u0421\u043b\u0435\u0434\u0432\u0430\u0449",
+    "open_dashboard": "\u041e\u0442\u0432\u043e\u0440\u0438 \u0442\u0430\u0431\u043b\u043e",
+    "install_saved": "\u0423\u0441\u043f\u0435\u0448\u043d\u043e \u0437\u0430\u043f\u0438\u0441\u0430\u043d\u043e",
+    "encryption_title": "\u041a\u0440\u0438\u043f\u0442\u0438\u0440\u0430\u043d\u0435",
+    "encryption_desc": "\u041f\u043e\u0434\u044a\u0440\u0436\u0430 \u0441\u0435 \u0441\u0438\u0433\u0443\u0440\u043d\u0430 \u0432\u0440\u044a\u0437\u043a\u0430 (HTTPS\/TLS) \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u043d\u043e \u0437\u0430 DNS \u0438 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0442\u0430 \u0437\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044f",
+    "encryption_config_saved": "\u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u0442\u0430 \u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0437\u0430\u043f\u0438\u0441\u0430\u043d\u0430",
+    "encryption_server": "\u0418\u043c\u0435 \u043d\u0430 \u0441\u044a\u0440\u0432\u044a\u0440\u0430",
+    "encryption_server_enter": "\u0412\u044a\u0432\u0435\u0434\u0435\u0442\u0435 \u0438\u043c\u0435 \u043d\u0430 \u0434\u043e\u043c\u0435\u0439\u043d\u0430",
+    "encryption_server_desc": "\u0417\u0430 \u0434\u0430 \u0438\u0437\u043f\u043e\u043b\u0437\u0432\u0430\u0442\u0435 HTTPS, \u0442\u0440\u044f\u0431\u0432\u0430 \u0438\u043c\u0435\u0442\u043e \u043d\u0430 \u0441\u044a\u0440\u0432\u044a\u0440\u0430 \u0434\u0430 \u0441\u044a\u0432\u043f\u0430\u0434\u0430 \u0441 \u0442\u043e\u0432\u0430 \u043d\u0430 SSL \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430.",
+    "encryption_redirect": "\u0410\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u043d\u043e \u043f\u0440\u0435\u043d\u0430\u0441\u043e\u0447\u0432\u0430\u043d\u0435 \u043a\u044a\u043c HTTPS",
+    "encryption_redirect_desc": "\u0421\u043b\u0443\u0436\u0438 \u0437\u0430 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u043d\u043e \u043f\u0440\u0435\u043d\u0430\u0441\u043e\u0447\u0432\u0430\u043d\u0435 \u043e\u0442 HTTP \u043a\u044a\u043c HTTPS \u043d\u0430 \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0442\u0430 \u0437\u0430 \u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044f \u0432 AdGuard Home.",
+    "encryption_https": "HTTPS \u043f\u043e\u0440\u0442",
+    "encryption_https_desc": "\u0410\u043a\u043e \u0437\u0430\u0434\u0430\u0434\u0435\u0442\u0435 HTTPS \u043f\u043e\u0440\u0442, \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0442\u0430 \u0437\u0430 \u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044f \u043d\u0430 AdGuard Home \u0449\u0435 \u0431\u044a\u0434\u0435 \u0434\u043e\u0441\u0442\u044a\u043f\u043d\u0430 \u043d\u0430 HTTPS, \u0438 \u0441\u044a\u0449\u043e \u0449\u0435 \u043e\u0442\u0433\u043e\u0432\u0430\u0440\u044f \u043d\u0430 DNS-\u0432\u044a\u0440\u0445\u0443-HTTPS '\/dns-\u0437\u0430\u043f\u0438\u0442\u0432\u0430\u043d\u0438\u044f'.",
+    "encryption_dot": "DNS-\u0432\u044a\u0440\u0445\u0443-TLS \u043f\u043e\u0440\u0442",
+    "encryption_dot_desc": "\u0410\u043a\u043e \u043f\u043e\u0440\u0442\u0430 \u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0438\u0440\u0430\u043d, AdGuard Home \u0449\u0435 \u0441\u0442\u0430\u0440\u0442\u0438\u0440\u0430 \u0438 \u0441\u044a\u0440\u0432\u044a\u0440 \u0437\u0430 DNS-\u0432\u044a\u0440\u0445\u0443-TLS.",
+    "encryption_certificates": "\u0421\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0438",
+    "encryption_certificates_desc": "\u0417\u0430 \u0434\u0430 \u0438\u0437\u043f\u043e\u043b\u0437\u0432\u0430\u0442\u0435 \u0441\u0438\u0433\u0443\u0440\u043d\u0430 \u0432\u0440\u044a\u0437\u043a\u0430, \u0449\u0435 \u0442\u0440\u044f\u0431\u0432\u0430 \u0434\u0430 \u043e\u0441\u0438\u0433\u0443\u0440\u0438\u0442\u0435 SSL \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0438 \u0437\u0430 \u0432\u0430\u0448\u0438\u044f \u0434\u043e\u043c\u0435\u0439\u043d. \u041c\u043e\u0436\u0435 \u0434\u0430 \u0437\u0430\u044f\u0432\u0438\u0442\u0435 \u0431\u0435\u0437\u043f\u043b\u0430\u0442\u0435\u043d \u043e\u0442 <0>{{link}}<\/0> \u0438\u043b\u0438 \u0434\u0430 \u0437\u0430\u043a\u0443\u043f\u0438\u0442\u0435 \u043e\u0442 Certificate Authorities.",
+    "encryption_certificates_input": "\u041a\u043e\u043f\u0438\u0440\u0430\u0439\/\u043f\u043e\u0441\u0442\u0430\u0432\u0438 \u0432\u0430\u0448\u0438\u044f PEM-\u043a\u043e\u0434\u0438\u0440\u0430\u043d \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0442\u0443\u043a.",
+    "encryption_status": "\u0421\u044a\u0441\u0442\u043e\u044f\u043d\u0438\u0435",
+    "encryption_expire": "\u0413\u043e\u0434\u0435\u043d \u0434\u043e",
+    "encryption_key": "\u0427\u0430\u0441\u0442\u0435\u043d \u043a\u043b\u044e\u0447",
+    "encryption_key_input": "\u041a\u043e\u043f\u0438\u0440\u0430\u0439\/\u043f\u043e\u0441\u0442\u0430\u0432\u0438 \u0432\u0430\u0448\u0438\u044f PEM-\u043a\u043e\u0434\u0438\u0440\u0430\u043d \u0447p\u0430\u0441\u0442\u0435\u043d \u043a\u043b\u044e\u0447 \u0437\u0430 \u0432\u0430\u0448\u0438\u044f \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0442\u0443\u043a.",
+    "encryption_enable": "\u0420\u0430\u0437p\u0435\u0448\u0438 \u043a\u0440\u0438\u043f\u0442\u0438\u0440\u0430\u043d\u0435 (HTTPS, DNS-\u0432\u044a\u0440\u0445\u0443-HTTPS, \u0438 DNS-\u0432\u044a\u0440\u0445\u0443-TLS)",
+    "encryption_enable_desc": "\u0410\u043a\u043e \u0441\u0442\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0438\u043b\u0438 \u043a\u0440\u0438\u043f\u0442\u0438\u0440\u0430\u043d\u0435, \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\u0442\u0430 \u0437\u0430 \u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044f \u043d\u0430 AdGuard Home \u0449\u0435 \u0431\u044a\u0434\u0435 \u0434\u043e\u0441\u0442\u044a\u043f\u043d\u0430 \u043f\u0440\u0435\u0437 HTTPS, \u0438 DNS \u0441\u044a\u0440\u0432\u044a\u0440\u0430 \u0449\u0435 \u043e\u0442\u0433\u043e\u0432\u0430\u0440\u044f \u0441\u044a\u0449\u043e \u043d\u0430 \u0437\u0430\u043f\u0438\u0442\u0432\u0430\u043d\u0438\u044f DNS-\u0432\u044a\u0440\u0445\u0443-HTTPS \u0438 DNS-\u0432\u044a\u0440\u0445\u0443-TLS.",
+    "encryption_chain_valid": "\u0419\u0435\u0440\u0430\u0440\u0445\u0438\u044f\u0442\u0430 \u043e\u0442 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0438 \u0435 \u0432\u0430\u043b\u0438\u0434\u043d\u0430",
+    "encryption_chain_invalid": "\u0419\u0435\u0440\u0430\u0440\u0445\u0438\u044f\u0442\u0430 \u043e\u0442 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0438 \u0435 \u043d\u0435\u0432\u0430\u043b\u0438\u0434\u043d\u0430",
+    "encryption_key_valid": "\u0422\u043e\u0432\u0430 \u0435 \u0432\u0430\u043b\u0438\u0434\u0435\u043d {{type}} \u0447\u0430\u0441\u0442\u0435\u043d \u043a\u043b\u044e\u0447",
+    "encryption_key_invalid": "\u0422\u043e\u0432\u0430 \u0435 \u043d\u0435\u0432\u0430\u043b\u0438\u0434\u0435\u043d {{type}} \u0447\u0430\u0441\u0442\u0435\u043d \u043a\u043b\u044e\u0447",
+    "encryption_subject": "\u0422\u0435\u043c\u0430",
+    "encryption_issuer": "\u0418\u0437\u043f\u044a\u043b\u043d\u0438\u0442\u0435\u043b",
+    "encryption_hostnames": "\u0418\u043c\u0435\u043d\u0430 \u043d\u0430 \u0445\u043e\u0441\u0442\u0430",
+    "encryption_reset": "\u0421\u0438\u0433\u0443\u0440\u043d\u0438 \u043b\u0438 \u0441\u0442\u0435 \u0447\u0435 \u0438\u0441\u043a\u0430\u0442\u0435 \u0434\u0430 \u0438\u0437\u0442\u0440\u0438\u0435\u0442\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438\u0442\u0435 \u0437\u0430 \u043a\u0440\u0438\u043f\u0442\u0438\u0440\u0430\u043d\u0435?",
+    "topline_expiring_certificate": "\u0412\u0430\u0448\u0438\u044f\u0442 SSL \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0438\u0437\u0442\u0438\u0447\u0430. \u041e\u0431\u043d\u043e\u0432\u0438 <0>\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0437\u0430 \u043a\u0440\u0438\u043f\u0442\u0438\u0440\u0430\u043d\u0435<\/0>.",
+    "topline_expired_certificate": "\u0412\u0430\u0448\u0438\u044f\u0442 SSL \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0435 \u0438\u0437\u0442\u0435\u043a\u044a\u043b. \u041e\u0431\u043d\u043e\u0432\u0438 <0>\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0437\u0430 \u043a\u0440\u0438\u043f\u0442\u0438\u0440\u0430\u043d\u0435<\/0>.",
+    "form_error_port_range": "\u0412\u044a\u0432\u0435\u0434\u0435\u0442\u0435 \u043f\u043e\u0440\u0442 \u0432 \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430 80-65535",
+    "form_error_port_unsafe": "\u041d\u0435 \u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e \u0434\u0430 \u0438\u0437\u043f\u043e\u043b\u0437\u0432\u0430\u0442\u0435 \u0442\u043e\u0437\u0438 \u043f\u043e\u0440\u0442",
+    "form_error_equal": "\u041d\u0435 \u0442\u0440\u044f\u0431\u0432\u0430 \u0434\u0430 \u0441\u044a\u0432\u043f\u0430\u0434\u0430",
+    "form_error_password": "\u041f\u0430\u0440\u043e\u043b\u0430\u0442\u0430 \u043d\u0435 \u0441\u044a\u0432\u043f\u0430\u0434\u0430",
+    "reset_settings": "\u0418\u0437\u0442\u0440\u0438\u0439 \u0432\u0441\u0438\u0447\u043a\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438",
+    "update_announcement": "\u0418\u043c\u0430 \u043d\u043e\u0432\u0430 AdGuard Home {{version}}! <0>\u0426\u044a\u043a\u043d\u0438 \u0442\u0443\u043a<\/0> \u0437\u0430 \u043f\u043e\u0432\u0435\u0447\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f."
+}
\ No newline at end of file
diff --git a/client/src/__locales/zh-cn.json b/client/src/__locales/zh-cn.json
new file mode 100644
index 00000000..7ac6abf3
--- /dev/null
+++ b/client/src/__locales/zh-cn.json
@@ -0,0 +1,250 @@
+{
+    "url_added_successfully": "\u7f51\u5740\u6dfb\u52a0\u6210\u529f",
+    "check_dhcp_servers": "\u68c0\u67e5 DHCP \u670d\u52a1\u5668",
+    "save_config": "\u4fdd\u5b58\u914d\u7f6e",
+    "enabled_dhcp": "DHCP \u670d\u52a1\u5668\u5df2\u542f\u7528",
+    "disabled_dhcp": "DHCP \u670d\u52a1\u5668\u5df2\u7981\u7528",
+    "dhcp_title": "DHCP \u670d\u52a1\u5668\uff08\u5b9e\u9a8c\u6027\uff09",
+    "dhcp_description": "\u5982\u679c\u4f60\u7684\u8def\u7531\u5668\u6ca1\u6709\u63d0\u4f9b\u52a8\u6001\u4e3b\u673a\u8bbe\u7f6e\u534f\u8bae\uff08DHCP\uff09\u8bbe\u7f6e\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528 AdGuard \u5185\u7f6e\u7684 DHCP \u670d\u52a1\u5668\u3002",
+    "dhcp_enable": "\u542f\u7528 DHCP \u670d\u52a1\u5668",
+    "dhcp_disable": "\u7981\u7528 DHCP \u670d\u52a1\u5668",
+    "dhcp_not_found": "\u5728\u5f53\u524d\u7f51\u7edc\u4e2d\u672a\u68c0\u6d4b\u5230 DHCP \u670d\u52a1\u5668\u3002\u60a8\u53ef\u4ee5\u5b89\u5168\u5730\u542f\u7528\u5185\u7f6e DHCP \u670d\u52a1\u5668\u3002",
+    "dhcp_found": "\u5728\u5f53\u524d\u7f51\u7edc\u4e2d\u68c0\u6d4b\u5230 DHCP \u670d\u52a1\u5668\u3002\u5982\u679c\u542f\u7528\u5185\u7f6e\u7684 DHCP \u670d\u52a1\u5668\u53ef\u80fd\u4e0d\u5b89\u5168\u3002",
+    "dhcp_leases": "DHCP \u79df\u7ea6",
+    "dhcp_leases_not_found": "\u672a\u68c0\u6d4b\u5230 DHCP \u79df\u7ea6",
+    "dhcp_config_saved": "\u4fdd\u5b58 DHCP \u670d\u52a1\u5668\u914d\u7f6e",
+    "form_error_required": "\u5fc5\u586b\u5b57\u6bb5",
+    "form_error_ip_format": "\u65e0\u6548\u7684 IPv4 \u683c\u5f0f",
+    "form_error_positive": "\u5fc5\u987b\u5927\u4e8e 0",
+    "dhcp_form_gateway_input": "\u7f51\u5173 IP",
+    "dhcp_form_subnet_input": "\u5b50\u7f51\u63a9\u7801",
+    "dhcp_form_range_title": "IP \u5730\u5740\u8303\u56f4",
+    "dhcp_form_range_start": "\u8d77\u59cb IP \u5730\u5740",
+    "dhcp_form_range_end": "\u672b\u5c3e IP \u5730\u5740",
+    "dhcp_form_lease_title": "DHCP \u79df\u7ea6\u65f6\u95f4\uff08\u79d2\uff09",
+    "dhcp_form_lease_input": "\u79df\u671f",
+    "dhcp_interface_select": "\u9009\u62e9 DHCP \u63a5\u53e3",
+    "dhcp_hardware_address": "\u786c\u4ef6\u5730\u5740",
+    "dhcp_ip_addresses": "IP \u5730\u5740",
+    "dhcp_table_hostname": "\u4e3b\u673a\u540d",
+    "dhcp_table_expires": "\u5230\u671f",
+    "dhcp_warning": "\u5982\u679c\u4f60\u60f3\u8981\u542f\u7528\u5185\u7f6e\u7684 DHCP \u670d\u52a1\u5668\uff0c\u8bf7\u786e\u4fdd\u5728\u5f53\u524d\u7f51\u7edc\u4e2d\u6ca1\u6709\u5176\u5b83\u6d3b\u52a8\u7684 DHCP \u670d\u52a1\u5668\u3002\u5426\u5219\uff0c\u6b64\u64cd\u4f5c\u53ef\u80fd\u4f1a\u7834\u574f\u5df2\u8fde\u63a5\u8bbe\u5907\u7684\u7f51\u7edc\u8fde\u63a5\uff01",
+    "back": "\u8fd4\u56de",
+    "dashboard": "\u4eea\u8868\u76d8",
+    "settings": "\u8bbe\u7f6e",
+    "filters": "\u8fc7\u6ee4\u5668",
+    "query_log": "\u67e5\u8be2\u65e5\u5fd7",
+    "faq": "\u5e38\u89c1\u95ee\u9898",
+    "version": "\u7248\u672c",
+    "address": "\u5730\u5740",
+    "on": "\u542f\u7528\u4e2d",
+    "off": "\u7981\u7528\u4e2d",
+    "copyright": "\u7248\u6743",
+    "homepage": "\u4e3b\u9875",
+    "report_an_issue": "\u95ee\u9898\u53cd\u9988",
+    "enable_protection": "\u542f\u7528\u4fdd\u62a4",
+    "enabled_protection": "\u4fdd\u62a4\u5df2\u542f\u7528",
+    "disable_protection": "\u7981\u7528\u4fdd\u62a4",
+    "disabled_protection": "\u4fdd\u62a4\u5df2\u7981\u7528",
+    "refresh_statics": "\u5237\u65b0\u72b6\u6001",
+    "dns_query": "DNS\u67e5\u8be2",
+    "blocked_by": "\u5df2\u88ab\u8fc7\u6ee4\u5668\u62e6\u622a",
+    "stats_malware_phishing": "\u88ab\u62e6\u622a\u7684\u6076\u610f\/\u9493\u9c7c\u7f51\u7ad9",
+    "stats_adult": "\u88ab\u62e6\u622a\u7684\u6210\u4eba\u7f51\u7ad9",
+    "stats_query_domain": "\u8bf7\u6c42\u57df\u540d\u6392\u884c",
+    "for_last_24_hours": "\u5728\u8fc7\u53bb 24 \u5c0f\u65f6",
+    "no_domains_found": "\u672a\u627e\u5230\u57df\u540d",
+    "requests_count": "\u8bf7\u6c42\u6570",
+    "top_blocked_domains": "\u88ab\u62e6\u622a\u57df\u540d\u6392\u884c",
+    "top_clients": "\u5ba2\u6237\u7aef\u6392\u884c",
+    "no_clients_found": "\u672a\u627e\u5230\u5ba2\u6237\u7aef",
+    "general_statistics": "\u6982\u51b5\u7edf\u8ba1",
+    "number_of_dns_query_24_hours": "\u8fc7\u53bb 24 \u5c0f\u65f6\u5185\u5904\u7406\u7684 DNS \u8bf7\u6c42\u603b\u6570",
+    "number_of_dns_query_blocked_24_hours": "\u88ab\u5e7f\u544a\u8fc7\u6ee4\u5668\u548c Hosts \u62e6\u622a\u6e05\u5355\u62e6\u622a\u7684 DNS \u8bf7\u6c42\u603b\u6570",
+    "number_of_dns_query_blocked_24_hours_by_sec": "\u88ab AdGuard \u5b89\u5168\u6d4f\u89c8\u6a21\u5757\u62e6\u622a\u7684 DNS \u8bf7\u6c42\u603b\u6570",
+    "number_of_dns_query_blocked_24_hours_adult": "\u88ab\u62e6\u622a\u7684\u6210\u4eba\u7f51\u7ad9\u603b\u6570",
+    "enforced_save_search": "\u5f3a\u5236\u5b89\u5168\u641c\u7d22",
+    "number_of_dns_query_to_safe_search": "\u542f\u7528\u5f3a\u5236\u5b89\u5168\u641c\u7d22\u540e\u5bf9\u641c\u7d22\u5f15\u64ce\u7684 DNS \u8bf7\u6c42\u603b\u6570",
+    "average_processing_time": "\u5e73\u5747\u5904\u7406\u65f6\u95f4",
+    "average_processing_time_hint": "\u5904\u7406 DNS \u8bf7\u6c42\u7684\u5e73\u5747\u65f6\u95f4\uff08\u6beb\u79d2\uff09",
+    "block_domain_use_filters_and_hosts": "\u4f7f\u7528\u8fc7\u6ee4\u5668\u548c Hosts \u6587\u4ef6\u4ee5\u62e6\u622a\u6307\u5b9a\u57df\u540d",
+    "filters_block_toggle_hint": "\u4f60\u53ef\u4ee5\u5728 <a href='#filters'>\u8fc7\u6ee4\u5668<\/a> \u8bbe\u7f6e\u4e2d\u6dfb\u52a0\u8fc7\u6ee4\u89c4\u5219\u3002",
+    "use_adguard_browsing_sec": "\u4f7f\u7528 AdGuard\u3010\u6d4f\u89c8\u5b89\u5168\u3011\u7f51\u9875\u670d\u52a1",
+    "use_adguard_browsing_sec_hint": "AdGuard Home \u5c06\u68c0\u67e5\u57df\u540d\u662f\u5426\u88ab\u6d4f\u89c8\u5b89\u5168\u670d\u52a1\u5217\u5165\u9ed1\u540d\u5355\u3002\u5b83\u5c06\u4f7f\u7528\u9690\u79c1\u6027\u5f3a\u7684\u68c0\u7d22 API \u6765\u6267\u884c\u68c0\u67e5\uff0c\u53ea\u6709\u57df\u540d\u7684 SHA256 \u7684\u77ed\u524d\u7f00\u4f1a\u88ab\u53d1\u9001\u5230\u670d\u52a1\u5668\u3002",
+    "use_adguard_parental": "\u4f7f\u7528 AdGuard \u3010\u5bb6\u957f\u63a7\u5236\u3011\u670d\u52a1",
+    "use_adguard_parental_hint": "AdGuard Home \u5c06\u4f7f\u7528\u4e0e\u6d4f\u89c8\u5b89\u5168\u670d\u52a1\u76f8\u540c\u7684\u9690\u79c1\u6027\u5f3a\u7684 API \u6765\u68c0\u67e5\u57df\u540d\u6307\u5411\u7684\u7f51\u7ad9\u662f\u5426\u5305\u542b\u6210\u4eba\u5185\u5bb9\u3002",
+    "enforce_safe_search": "\u5f3a\u5236\u5b89\u5168\u641c\u7d22",
+    "enforce_save_search_hint": "AdGuard Home \u5c06\u5bf9\u4ee5\u4e0b\u641c\u7d22\u5f15\u64ce\u5f3a\u5236\u542f\u7528\u5b89\u5168\u641c\u7d22\uff1aGoogle\u3001YouTube\u3001Bing \u548c Yandex\u3002",
+    "no_servers_specified": "\u672a\u627e\u5230\u6307\u5b9a\u7684\u670d\u52a1\u5668",
+    "no_settings": "\u672a\u627e\u5230\u8bbe\u7f6e",
+    "general_settings": "\u5e38\u89c4\u8bbe\u7f6e",
+    "upstream_dns": "\u4e0a\u6e38 DNS \u670d\u52a1\u5668",
+    "upstream_dns_hint": "\u5982\u679c\u6b64\u5904\u7559\u7a7a\uff0cAdGuard Home \u5c06\u4f1a\u4f7f\u7528 <a href='https:\/\/1.1.1.1\/' target='_blank'>Cloudflare DNS<\/a> \u4f5c\u4e3a\u4e0a\u6e38 DNS\u3002\u5982\u679c\u60f3\u8981\u4f7f\u7528\u4f7f\u7528 DNS over TLS\uff0c\u8bf7\u4ee5 tls:\/\/ \u4e3a\u5f00\u5934\u3002",
+    "test_upstream_btn": "\u6d4b\u8bd5\u4e0a\u6e38 DNS",
+    "apply_btn": "\u5e94\u7528",
+    "disabled_filtering_toast": "\u8fc7\u6ee4\u5668\u5df2\u7981\u7528",
+    "enabled_filtering_toast": "\u8fc7\u6ee4\u5668\u5df2\u542f\u7528",
+    "disabled_safe_browsing_toast": "\u5b89\u5168\u6d4f\u89c8\u5df2\u7981\u7528",
+    "enabled_safe_browsing_toast": "\u5b89\u5168\u6d4f\u89c8\u5df2\u542f\u7528",
+    "disabled_parental_toast": "\u5bb6\u957f\u63a7\u5236\u5df2\u7981\u7528",
+    "enabled_parental_toast": "\u5bb6\u957f\u63a7\u5236\u5df2\u542f\u7528",
+    "disabled_safe_search_toast": "\u5b89\u5168\u641c\u7d22\u5df2\u7981\u7528",
+    "enabled_save_search_toast": "\u5b89\u5168\u641c\u7d22\u5df2\u542f\u7528",
+    "enabled_table_header": "\u5df2\u542f\u7528",
+    "name_table_header": "\u540d\u79f0",
+    "filter_url_table_header": "\u8fc7\u6ee4\u5668\u5730\u5740",
+    "rules_count_table_header": "\u89c4\u5219\u6570",
+    "last_time_updated_table_header": "\u4e0a\u6b21\u66f4\u65b0\u65f6\u95f4",
+    "actions_table_header": "\u6d3b\u8dc3\u72b6\u6001",
+    "delete_table_action": "\u5220\u9664",
+    "filters_and_hosts": "\u8fc7\u6ee4\u5668\u548c Hosts \u62e6\u622a\u6e05\u5355",
+    "filters_and_hosts_hint": "AdGuard Home \u53ef\u4ee5\u89e3\u6790\u57fa\u7840\u7684 adblock \u89c4\u5219\u548c Hosts \u8bed\u6cd5\u3002",
+    "no_filters_added": "\u672a\u6dfb\u52a0\u4efb\u4f55\u8fc7\u6ee4\u5668",
+    "add_filter_btn": "\u6dfb\u52a0\u8fc7\u6ee4\u5668",
+    "cancel_btn": "\u53d6\u6d88",
+    "enter_name_hint": "\u8f93\u5165\u540d\u79f0",
+    "enter_url_hint": "\u8f93\u5165 URL",
+    "check_updates_btn": "\u68c0\u67e5\u66f4\u65b0",
+    "new_filter_btn": "\u8ba2\u9605\u65b0\u7684\u8fc7\u6ee4\u5668",
+    "enter_valid_filter_url": "\u8f93\u5165\u4e00\u4e2a\u8fc7\u6ee4\u5668\u8ba2\u9605\u6216 Hosts \u6587\u4ef6\u7684\u6709\u6548 URL",
+    "custom_filter_rules": "\u81ea\u5b9a\u4e49\u8fc7\u6ee4\u5668\u89c4\u5219",
+    "custom_filter_rules_hint": "\u8bf7\u786e\u4fdd\u6bcf\u884c\u53ea\u8f93\u5165\u4e00\u6761\u89c4\u5219\u3002\u4f60\u53ef\u4ee5\u8f93\u5165\u7b26\u5408 adblock \u8bed\u6cd5\u6216 Hosts \u8bed\u6cd5\u7684\u89c4\u5219\u3002",
+    "examples_title": "\u8303\u4f8b",
+    "example_meaning_filter_block": "\u62e6\u622a example.org \u57df\u540d\u53ca\u5176\u6240\u6709\u5b50\u57df\u540d",
+    "example_meaning_filter_whitelist": "\u653e\u884c example.org \u53ca\u5176\u6240\u6709\u5b50\u57df\u540d",
+    "example_meaning_host_block": "AdGuard Home \u73b0\u5728\u5c06\u4f1a\u628a example.org\uff08\u4f46\u4e0d\u5305\u62ec\u5b83\u7684\u5b50\u57df\u540d\uff09\u89e3\u6790\u5230 127.0.0.1\u3002",
+    "example_comment": "! \u8fd9\u662f\u4e00\u884c\u6ce8\u91ca",
+    "example_comment_meaning": "\u53ea\u662f\u4e00\u6761\u6ce8\u91ca",
+    "example_comment_hash": "# \u8fd9\u4e5f\u662f\u4e00\u884c\u6ce8\u91ca",
+    "example_regex_meaning": "\u963b\u6b62\u8bbf\u95ee\u4e0e\u6307\u5b9a\u7684\u6b63\u5219\u8868\u8fbe\u5f0f\u5339\u914d\u7684\u57df\u540d",
+    "example_upstream_regular": "\u5e38\u89c4 DNS\uff08\u57fa\u4e8e UDP\uff09",
+    "example_upstream_dot": "\u52a0\u5bc6 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>DNS-over-TLS<\/a>",
+    "example_upstream_doh": "\u52a0\u5bc6 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a>",
+    "example_upstream_sdns": "\u4f60\u53ef\u4ee5\u4f7f\u7528 <a href='https:\/\/dnscrypt.info\/' target='_blank'>DNSCrypt<\/a> \u7684 <a href='https:\/\/dnscrypt.info\/stamps\/' target='_blank'>DNS Stamps<\/a> \u6216\u8005 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a> \u89e3\u6790\u5668",
+    "example_upstream_tcp": "\u5e38\u89c4 DNS\uff08\u57fa\u4e8e TCP \uff09",
+    "all_filters_up_to_date_toast": "\u6240\u6709\u8fc7\u6ee4\u5668\u5df2\u66f4\u65b0\u81f3\u6700\u65b0",
+    "updated_upstream_dns_toast": "\u4e0a\u6e38 DNS \u5df2\u66f4\u65b0",
+    "dns_test_ok_toast": "\u6307\u5b9a\u7684 DNS \u670d\u52a1\u5668\u73b0\u5df2\u6b63\u5e38\u8fd0\u884c",
+    "dns_test_not_ok_toast": "\u670d\u52a1\u5668 \"{{key}}\"\uff1a\u65e0\u6cd5\u4f7f\u7528\uff0c\u8bf7\u68c0\u67e5\u4f60\u8f93\u5165\u7684\u662f\u5426\u6b63\u786e",
+    "unblock_btn": "\u653e\u884c",
+    "block_btn": "\u62e6\u622a",
+    "time_table_header": "\u65f6\u95f4",
+    "domain_name_table_header": "\u57df\u540d",
+    "type_table_header": "\u7c7b\u578b",
+    "response_table_header": "\u54cd\u5e94",
+    "client_table_header": "\u5ba2\u6237\u7aef",
+    "empty_response_status": "\u7a7a",
+    "show_all_filter_type": "\u663e\u793a\u6240\u6709",
+    "show_filtered_type": "\u663e\u793a\u88ab\u62e6\u622a\u7684",
+    "no_logs_found": "\u672a\u627e\u5230\u65e5\u5fd7",
+    "disabled_log_btn": "\u7981\u7528\u65e5\u5fd7",
+    "download_log_file_btn": "\u4e0b\u8f7d\u65e5\u5fd7\u6587\u4ef6",
+    "refresh_btn": "\u5237\u65b0",
+    "enabled_log_btn": "\u542f\u7528\u65e5\u5fd7",
+    "last_dns_queries": "\u6700\u8fd1\u7684 5000 \u4e2a DNS \u8bf7\u6c42",
+    "previous_btn": "\u4e0a\u4e00\u9875",
+    "next_btn": "\u4e0b\u4e00\u9875",
+    "loading_table_status": "\u52a0\u8f7d\u4e2d\u2026\u2026",
+    "page_table_footer_text": "\u9875",
+    "of_table_footer_text": "\u5728",
+    "rows_table_footer_text": "\u884c",
+    "updated_custom_filtering_toast": "\u81ea\u5b9a\u4e49\u8fc7\u6ee4\u89c4\u5219\u5df2\u66f4\u65b0",
+    "rule_removed_from_custom_filtering_toast": "\u89c4\u5219\u5df2\u4ece\u81ea\u5b9a\u4e49\u8fc7\u6ee4\u89c4\u5219\u5217\u8868\u4e2d\u79fb\u9664",
+    "rule_added_to_custom_filtering_toast": "\u89c4\u5219\u5df2\u6dfb\u52a0\u5230\u81ea\u5b9a\u4e49\u8fc7\u6ee4\u89c4\u5219\u5217\u8868\u4e2d",
+    "query_log_disabled_toast": "\u67e5\u8be2\u65e5\u5fd7\u5df2\u7981\u7528",
+    "query_log_enabled_toast": "\u67e5\u8be2\u65e5\u5fd7\u5df2\u542f\u7528",
+    "source_label": "\u6e90",
+    "found_in_known_domain_db": "\u6210\u529f\u5728\u5df2\u77e5\u57df\u540d\u6570\u636e\u5e93\u4e2d\u67e5\u8be2\u5230",
+    "category_label": "\u7c7b\u522b",
+    "rule_label": "\u89c4\u5219",
+    "filter_label": "\u8fc7\u6ee4\u5668",
+    "unknown_filter": "\u672a\u77e5\u8fc7\u6ee4\u5668 {{filterId}}",
+    "install_welcome_title": "\u6b22\u8fce\u4f7f\u7528 AdGuard Home\uff01",
+    "install_welcome_desc": "AdGuard Home \u662f\u4e00\u4e2a\u53ef\u5728\u7279\u5b9a\u7f51\u7edc\u8303\u56f4\u5185\u62e6\u622a\u6240\u6709\u5e7f\u544a\u548c\u8ddf\u8e2a\u5668\u7684 DNS \u670d\u52a1\u5668\u3002\u5b83\u7684\u76ee\u7684\u662f\u8ba9\u60a8\u63a7\u5236\u6574\u4e2a\u7f51\u7edc\u548c\u60a8\u7684\u6240\u6709\u8bbe\u5907\uff0c\u4e14\u4e0d\u9700\u8981\u4f7f\u7528\u4efb\u4f55\u5ba2\u6237\u7aef\u7a0b\u5e8f\u3002",
+    "install_settings_title": "\u7f51\u9875\u7ba1\u7406\u754c\u9762",
+    "install_settings_listen": "\u76d1\u542c\u63a5\u53e3",
+    "install_settings_port": "\u7aef\u53e3",
+    "install_settings_interface_link": "\u60a8\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u5730\u5740\u8bbf\u95ee\u60a8\u7684 AdGuard Home \u7f51\u9875\u7ba1\u7406\u754c\u9762\uff1a",
+    "form_error_port": "\u8f93\u5165\u6709\u6548\u7684\u7aef\u53e3\u503c",
+    "install_settings_dns": "DNS \u670d\u52a1\u5668",
+    "install_settings_dns_desc": "\u60a8\u5c06\u9700\u8981\u4f7f\u7528\u4ee5\u4e0b\u5730\u5740\u6765\u8bbe\u7f6e\u60a8\u7684\u8bbe\u5907\u6216\u8def\u7531\u5668\u7684 DNS \u670d\u52a1\u5668\uff1a",
+    "install_settings_all_interfaces": "\u6240\u6709\u63a5\u53e3",
+    "install_auth_title": "\u8eab\u4efd\u8ba4\u8bc1",
+    "install_auth_desc": "\u6211\u4eec\u5f3a\u70c8\u5efa\u8bae\u60a8\u4e3a AdGuard Home \u7684\u7f51\u9875\u7ba1\u7406\u754c\u9762\u914d\u7f6e\u5bc6\u7801\u3002\u5c3d\u7ba1\u8be5\u9875\u9762\u53ea\u80fd\u901a\u8fc7\u60a8\u7684\u672c\u5730\u7f51\u7edc\u8bbf\u95ee\uff0c\u4f46\u907f\u514d\u5b83\u88ab\u4e0d\u52a0\u9650\u5236\u5730\u8bbf\u95ee\u4ecd\u5341\u5206\u91cd\u8981\u3002",
+    "install_auth_username": "\u7528\u6237\u540d",
+    "install_auth_password": "\u5bc6\u7801",
+    "install_auth_confirm": "\u786e\u8ba4\u5bc6\u7801",
+    "install_auth_username_enter": "\u8f93\u5165\u7528\u6237\u540d",
+    "install_auth_password_enter": "\u8f93\u5165\u5bc6\u7801",
+    "install_step": "\u6b65\u9aa4",
+    "install_devices_title": "\u914d\u7f6e\u60a8\u7684\u8bbe\u5907",
+    "install_devices_desc": "\u4e3a\u4fdd\u8bc1 AdGuard Home \u53ef\u4ee5\u5f00\u59cb\u6b63\u5e38\u5de5\u4f5c\uff0c\u60a8\u9700\u8981\u5728\u8bbe\u5907\u4e0a\u5bf9\u5176\u8fdb\u884c\u914d\u7f6e\u3002",
+    "install_submit_title": "\u606d\u559c\u60a8\uff01",
+    "install_submit_desc": "\u5b89\u88c5\u8fc7\u7a0b\u5df2\u7ecf\u5b8c\u6210\uff0c\u60a8\u53ef\u4ee5\u5f00\u59cb\u4f7f\u7528 AdGuard Home \u4e86\u3002",
+    "install_devices_router": "\u8def\u7531\u5668",
+    "install_devices_router_desc": "\u6b64\u8bbe\u7f6e\u5c06\u81ea\u52a8\u8986\u76d6\u8fde\u63a5\u5230\u60a8\u7684\u5bb6\u5ead\u8def\u7531\u5668\u7684\u6240\u6709\u8bbe\u5907\uff0c\u60a8\u4e0d\u9700\u8981\u624b\u52a8\u914d\u7f6e\u5b83\u4eec\u3002",
+    "install_devices_address": "AdGuard Home DNS \u670d\u52a1\u5668\u6b63\u5728\u76d1\u542c\u4ee5\u4e0b\u5730\u5740",
+    "install_devices_router_list_1": "\u6253\u5f00\u60a8\u7684\u8def\u7531\u5668\u914d\u7f6e\u754c\u9762\u3002\u901a\u5e38\u60c5\u51b5\u4e0b\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7\u6d4f\u89c8\u5668\u8bbf\u95ee\u5730\u5740\uff08\u5982 http:\/\/192.168.0.1\/ \u6216 http:\/\/192.168.1.1 \uff09\u3002\u6253\u5f00\u540e\u60a8\u53ef\u80fd\u9700\u8981\u8f93\u5165\u5bc6\u7801\u4ee5\u8fdb\u5165\u914d\u7f6e\u754c\u9762\u3002\u5982\u679c\u60a8\u4e0d\u8bb0\u5f97\u5bc6\u7801\uff0c\u901a\u5e38\u53ef\u4ee5\u901a\u8fc7\u6309\u4e0b\u8def\u7531\u5668\u4e0a\u7684\u91cd\u7f6e\u6309\u94ae\u6765\u91cd\u8bbe\u5bc6\u7801\u3002\u4e00\u4e9b\u8def\u7531\u5668\u53ef\u80fd\u9700\u8981\u901a\u8fc7\u7279\u5b9a\u7684\u5e94\u7528\u6765\u8fdb\u884c\u8fd9\u4e00\u64cd\u4f5c\uff0c\u8bf7\u786e\u4fdd\u60a8\u5df2\u7ecf\u5728\u8ba1\u7b97\u673a\u6216\u624b\u673a\u4e0a\u5b89\u88c5\u4e86\u76f8\u5173\u5e94\u7528\u3002",
+    "install_devices_router_list_2": "\u627e\u5230\u8def\u7531\u5668\u7684 DHCP\/DNS \u8bbe\u7f6e\u9875\u9762\u3002\u60a8\u4f1a\u5728 DNS \u8fd9\u4e00\u5355\u8bcd\u65c1\u8fb9\u627e\u5230\u4e24\u5230\u4e09\u884c\u5141\u8bb8\u8f93\u5165\u7684\u8f93\u5165\u6846\uff0c\u6bcf\u4e00\u884c\u8f93\u5165\u6846\u5206\u4e3a\u56db\u7ec4\uff0c\u6bcf\u7ec4\u5141\u8bb8\u8f93\u5165\u4e00\u5230\u4e09\u4e2a\u6570\u5b57\u3002",
+    "install_devices_router_list_3": "\u8bf7\u5728\u6b64\u5904\u8f93\u5165\u60a8\u7684 AdGuard Home \u670d\u52a1\u5668\u5730\u5740\u3002",
+    "install_devices_windows_list_1": "\u901a\u8fc7\u5f00\u59cb\u83dc\u5355\u6216 Windows \u641c\u7d22\u529f\u80fd\u6253\u5f00\u63a7\u5236\u9762\u677f\u3002",
+    "install_devices_windows_list_2": "\u70b9\u51fb\u8fdb\u5165 \u201d\u7f51\u7edc\u548c Internet\u201c \u540e\uff0c\u518d\u6b21\u70b9\u51fb\u8fdb\u5165 \u201c\u7f51\u7edc\u548c\u5171\u4eab\u4e2d\u5fc3\u201d",
+    "install_devices_windows_list_3": "\u5728\u7a97\u53e3\u7684\u5de6\u4fa7\u627e\u5230 \u201d\u66f4\u6539\u9002\u914d\u5668\u8bbe\u7f6e\u201c \u5e76\u70b9\u51fb\u8fdb\u5165\u3002",
+    "install_devices_windows_list_4": "\u9009\u62e9\u60a8\u6b63\u5728\u8fde\u63a5\u7684\u7f51\u7edc\u8bbe\u5907\uff0c\u53f3\u51fb\u5b83\u5e76\u9009\u62e9 \u201d\u5c5e\u6027\u201c \u3002",
+    "install_devices_windows_list_5": "\u5728\u5217\u8868\u4e2d\u627e\u5230 \u201dInternet \u534f\u8bae\u7248\u672c 4 (TCP\/IPv4)\u201c \uff0c\u9009\u62e9\u5e76\u518d\u6b21\u70b9\u51fb \u201d\u5c5e\u6027\u201c \u3002",
+    "install_devices_windows_list_6": "\u9009\u62e9 \u201d\u4f7f\u7528\u4e0b\u9762\u7684 DNS \u670d\u52a1\u5668\u5730\u5740\u201c \uff0c\u5e76\u8f93\u5165\u60a8\u7684 AdGuard Home \u670d\u52a1\u5668\u5730\u5740\u3002",
+    "install_devices_macos_list_1": "\u70b9\u51fb\u82f9\u679c\u56fe\u6807\uff0c\u8fdb\u5165 \u201d\u7cfb\u7edf\u9996\u9009\u9879\u201c\u3002",
+    "install_devices_macos_list_2": "\u70b9\u51fb \u201d\u7f51\u7edc\u201c \u3002",
+    "install_devices_macos_list_3": "\u9009\u62e9\u5728\u5217\u8868\u4e2d\u7684\u7b2c\u4e00\u4e2a\u8fde\u63a5\uff0c\u5e76\u70b9\u51fb \u201d\u9ad8\u7ea7\u201c \u3002",
+    "install_devices_macos_list_4": "\u9009\u62e9 \u201dDNS\u201c \u9009\u9879\u5361\uff0c\u5e76\u8f93\u5165\u60a8\u7684 AdGuard Home \u670d\u52a1\u5668\u5730\u5740\u3002",
+    "install_devices_android_list_1": "\u5728\u5b89\u5353\u4e3b\u5c4f\u5e55\u83dc\u5355\u4e2d\u70b9\u51fb\u8bbe\u7f6e\u3002",
+    "install_devices_android_list_2": "\u70b9\u51fb\u83dc\u5355\u4e0a\u7684 \u201d\u65e0\u7ebf\u5c40\u57df\u7f51\u201c \u9009\u9879\u3002\u5728\u5c4f\u5e55\u4e0a\u5c06\u5217\u51fa\u6240\u6709\u53ef\u7528\u7684\u7f51\u7edc\uff08\u8702\u7a9d\u79fb\u52a8\u7f51\u7edc\u4e0d\u652f\u6301\u4fee\u6539 DNS \uff09\u3002",
+    "install_devices_android_list_3": "\u957f\u6309\u5f53\u524d\u5df2\u8fde\u63a5\u7684\u7f51\u7edc\uff0c\u7136\u540e\u70b9\u51fb \u201d\u4fee\u6539\u7f51\u7edc\u8bbe\u7f6e\u201c \u3002",
+    "install_devices_android_list_4": "\u5728\u67d0\u4e9b\u8bbe\u5907\u4e0a\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u9009\u4e2d \u201d\u9ad8\u7ea7\u201c \u590d\u9009\u6846\u4ee5\u67e5\u770b\u8fdb\u4e00\u6b65\u7684\u8bbe\u7f6e\u3002\u60a8\u53ef\u80fd\u9700\u8981\u8c03\u6574\u60a8\u5b89\u5353\u8bbe\u5907\u7684 DNS \u8bbe\u7f6e\uff0c\u6216\u662f\u9700\u8981\u5c06 IP \u8bbe\u7f6e\u4ece DHCP \u5207\u6362\u5230\u9759\u6001\u3002",
+    "install_devices_android_list_5": "\u5c06 \"DNS 1 \/ \u4e3b DNS\" \u548c \u201dDNS 2 \/ \u526f DNS\u201c \u7684\u503c\u6539\u4e3a\u60a8\u7684 AdGuard Home \u670d\u52a1\u5668\u5730\u5740\u3002",
+    "install_devices_ios_list_1": "\u4ece\u4e3b\u5c4f\u5e55\u4e2d\u70b9\u51fb \u201d\u8bbe\u7f6e\u201c \u3002",
+    "install_devices_ios_list_2": "\u4ece\u5de6\u4fa7\u76ee\u5f55\u4e2d\u9009\u62e9 \u201d\u65e0\u7ebf\u5c40\u57df\u7f51\u201c\uff08\u79fb\u52a8\u6570\u636e\u7f51\u7edc\u73af\u5883\u4e0b\u4e0d\u652f\u6301\u4fee\u6539 DNS \uff09\u3002",
+    "install_devices_ios_list_3": "\u70b9\u51fb\u5f53\u524d\u5df2\u8fde\u63a5\u7f51\u7edc\u7684\u540d\u79f0\u3002",
+    "install_devices_ios_list_4": "\u5728 DNS \u5b57\u6bb5\u4e2d\u8f93\u5165\u60a8\u7684 AdGuard Home \u670d\u52a1\u5668\u5730\u5740\u3002",
+    "get_started": "\u5f00\u59cb\u914d\u7f6e",
+    "next": "\u4e0b\u4e00\u6b65",
+    "open_dashboard": "\u6253\u5f00\u4eea\u8868\u76d8",
+    "install_saved": "\u4fdd\u5b58\u6210\u529f",
+    "encryption_title": "\u52a0\u5bc6",
+    "encryption_desc": "\u4e3a DNS \u4e0e\u7f51\u9875\u7ba1\u7406\u754c\u9762\u542f\u7528\u52a0\u5bc6\uff08HTTPS\/TLS\uff09",
+    "encryption_config_saved": "\u52a0\u5bc6\u914d\u7f6e\u5df2\u4fdd\u5b58",
+    "encryption_server": "\u670d\u52a1\u5668\u540d\u79f0",
+    "encryption_server_enter": "\u8f93\u5165\u60a8\u7684\u57df\u540d",
+    "encryption_server_desc": "\u82e5\u8981\u4f7f\u7528 HTTPS \uff0c\u60a8\u9700\u8981\u8f93\u5165\u4e0e SSL \u8bc1\u4e66\u76f8\u5339\u914d\u7684\u670d\u52a1\u5668\u540d\u79f0\u3002",
+    "encryption_redirect": "HTTPS \u81ea\u52a8\u91cd\u5b9a\u5411",
+    "encryption_redirect_desc": "\u5982\u679c\u52fe\u9009\u6b64\u9009\u9879\uff0cAdGuard Home \u5c06\u81ea\u52a8\u5c06\u60a8\u4ece HTTP \u91cd\u5b9a\u5411\u5230 HTTPS \u5730\u5740\u3002",
+    "encryption_https": "HTTPS \u7aef\u53e3",
+    "encryption_https_desc": "\u5982\u679c\u914d\u7f6e\u4e86 HTTPS \u7aef\u53e3\uff0cAdGuard Home \u7ba1\u7406\u754c\u9762\u5c06\u53ef\u4ee5\u901a\u8fc7 HTTPS \u8bbf\u95ee\uff0c\u5b83\u8fd8\u5c06\u5728\u5728 '\/dns-query' \u4f4d\u7f6e\u63d0\u4f9b DNS-over-HTTPS \u3002",
+    "encryption_dot": "DNS-over-TLS \u7aef\u53e3",
+    "encryption_dot_desc": "\u5982\u679c\u914d\u7f6e\u4e86\u6b64\u7aef\u53e3\uff0cAdGuard Home \u5c06\u5728\u6b64\u7aef\u53e3\u4e0a\u8fd0\u884c\u4e00\u4e2a DNS-over-TLS \u670d\u52a1\u5668\u3002",
+    "encryption_certificates": "\u8bc1\u4e66",
+    "encryption_certificates_desc": "\u4e3a\u4e86\u4f7f\u7528\u52a0\u5bc6\uff0c\u60a8\u9700\u8981\u4e3a\u57df\u63d0\u4f9b\u6709\u6548\u7684 SSL \u8bc1\u4e66\u94fe\u3002\u60a8\u53ef\u4ee5\u5728 <0>{{link}}<\/0> \u4e0a\u83b7\u5f97\u514d\u8d39\u8bc1\u4e66\uff0c\u4e5f\u53ef\u4ee5\u4ece\u53d7\u4fe1\u4efb\u7684\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u8d2d\u4e70\u8bc1\u4e66\u3002",
+    "encryption_certificates_input": "\u5c06\u60a8\u4ee5 PEM \u683c\u5f0f\u7f16\u7801\u7684\u8bc1\u4e66\u590d\u5236\u7c98\u8d34\u5230\u6b64\u5904\u3002",
+    "encryption_status": "\u72b6\u6001",
+    "encryption_expire": "\u6709\u6548\u671f",
+    "encryption_key": "\u79c1\u94a5",
+    "encryption_key_input": "\u5c06\u60a8\u4ee5 PEM \u683c\u5f0f\u7f16\u7801\u7684\u8bc1\u4e66\u79c1\u94a5\u590d\u5236\u7c98\u8d34\u5230\u6b64\u5904\u3002",
+    "encryption_enable": "\u542f\u7528\u52a0\u5bc6\uff08HTTPS\u3001DNS-over-HTTPS\u3001DNS-over-TLS\uff09",
+    "encryption_enable_desc": "\u5982\u679c\u542f\u7528\u52a0\u5bc6\u9009\u9879\uff0cAdGuard Home \u7684\u7f51\u9875\u7ba1\u7406\u754c\u9762\u5c06\u901a\u8fc7 HTTPS \u8fde\u63a5\u8bbf\u95ee\uff0c\u540c\u65f6 DNS \u670d\u52a1\u5668\u5c06\u76d1\u542c\u901a\u8fc7 DNS-over-HTTPS \u4e0e DNS-over-TLS \u53d1\u9001\u7684\u8bf7\u6c42\u3002",
+    "encryption_chain_valid": "\u8bc1\u4e66\u94fe\u9a8c\u8bc1\u6709\u6548",
+    "encryption_chain_invalid": "\u8bc1\u4e66\u94fe\u9a8c\u8bc1\u65e0\u6548",
+    "encryption_key_valid": "\u8be5 {{type}} \u79c1\u94a5\u9a8c\u8bc1\u6709\u6548",
+    "encryption_key_invalid": "\u8be5 {{type}} \u79c1\u94a5\u9a8c\u8bc1\u65e0\u6548",
+    "encryption_subject": "\u4f7f\u7528\u8005",
+    "encryption_issuer": "\u9881\u53d1\u8005",
+    "encryption_hostnames": "\u4e3b\u673a\u540d",
+    "encryption_reset": "\u60a8\u786e\u5b9a\u60f3\u8981\u91cd\u7f6e\u52a0\u5bc6\u8bbe\u7f6e\uff1f",
+    "topline_expiring_certificate": "\u60a8\u7684 SSL \u8bc1\u4e66\u5373\u5c06\u8fc7\u671f\u3002\u8bf7\u66f4\u65b0 <0>\u52a0\u5bc6\u8bbe\u7f6e<\/0> \u3002",
+    "topline_expired_certificate": "\u60a8\u7684 SSL \u8bc1\u4e66\u5df2\u8fc7\u671f\u3002\u8bf7\u66f4\u65b0 <0>\u52a0\u5bc6\u8bbe\u7f6e<\/0> \u3002",
+    "form_error_port_range": "\u8f93\u5165 80 - 65535 \u8303\u56f4\u5185\u7684\u7aef\u53e3\u503c",
+    "form_error_port_unsafe": "\u8fd9\u662f\u4e00\u4e2a\u4e0d\u5b89\u5168\u7684\u7aef\u53e3",
+    "form_error_equal": "\u4e0d\u5e94\u8be5\u76f8\u540c",
+    "form_error_password": "\u5bc6\u7801\u4e0d\u5339\u914d",
+    "reset_settings": "\u91cd\u7f6e\u8bbe\u7f6e",
+    "update_announcement": "AdGuard Home {{version}} \u73b0\u5df2\u53d1\u5e03\uff01 <0>\u70b9\u51fb\u6b64\u5904<\/0> \u4ee5\u83b7\u53d6\u8be6\u7ec6\u4fe1\u606f\u3002"
+}
\ No newline at end of file
diff --git a/client/src/helpers/constants.js b/client/src/helpers/constants.js
index 8b196c96..7d1553f6 100644
--- a/client/src/helpers/constants.js
+++ b/client/src/helpers/constants.js
@@ -63,6 +63,10 @@ export const LANGUAGES = [
         key: 'zh-tw',
         name: '正體中文',
     },
+    {
+        key: 'zh-cn',
+        name: '简体中文',
+    },
 ];
 
 export const INSTALL_FIRST_STEP = 1;
diff --git a/client/src/i18n.js b/client/src/i18n.js
index 785bb0a7..9223e32d 100644
--- a/client/src/i18n.js
+++ b/client/src/i18n.js
@@ -13,6 +13,7 @@ import sv from './__locales/sv.json';
 import ptBR from './__locales/pt-br.json';
 import zhTW from './__locales/zh-tw.json';
 import bg from './__locales/bg.json';
+import zhCN from './__locales/zh-cn.json';
 
 const resources = {
     en: {
@@ -45,6 +46,9 @@ const resources = {
     bg: {
         translation: bg,
     },
+    'zh-CN': {
+        translation: zhCN,
+    },
 };
 
 i18n
diff --git a/i18n.go b/i18n.go
index e8714e6f..80ebfce3 100644
--- a/i18n.go
+++ b/i18n.go
@@ -23,6 +23,7 @@ var allowedLanguages = map[string]bool{
 	"pt-br": true,
 	"zh-tw": true,
 	"bg":    true,
+	"zh-cn": true,
 }
 
 func isLanguageAllowed(language string) bool {
diff --git a/scripts/translations/download.js b/scripts/translations/download.js
index bb9cb2c6..82d11692 100644
--- a/scripts/translations/download.js
+++ b/scripts/translations/download.js
@@ -15,6 +15,7 @@ const LOCALES_LIST = [
     'pt-br',
     'zh-tw',
     'bg',
+    'zh-cn',
 ];
 
 /**

From b1f707d18cf6ce63fe1ed56efbd18d4f614d0543 Mon Sep 17 00:00:00 2001
From: Ildar Kamalov <i.kamalov@adguard.com>
Date: Tue, 12 Mar 2019 18:59:58 +0300
Subject: [PATCH 56/95] - client: load favicon from local server

Closes #625
---
 client/package-lock.json   |  32 ++++++++++++++++++++++++++++++++
 client/package.json        |   1 +
 client/public/favicon.ico  | Bin 0 -> 15086 bytes
 client/public/index.html   |   2 +-
 client/public/install.html |   2 +-
 client/webpack.common.js   |   5 +++++
 6 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100644 client/public/favicon.ico

diff --git a/client/package-lock.json b/client/package-lock.json
index 7a93cbc1..ee179159 100644
--- a/client/package-lock.json
+++ b/client/package-lock.json
@@ -3260,6 +3260,38 @@
       "integrity": "sha1-Z29us8OZl8LuGsOpJP1hJHSPV40=",
       "dev": true
     },
+    "copy-webpack-plugin": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/copy-webpack-plugin/-/copy-webpack-plugin-4.6.0.tgz",
+      "integrity": "sha512-Y+SQCF+0NoWQryez2zXn5J5knmr9z/9qSQt7fbL78u83rxmigOy8X5+BFn8CFSuX+nKT8gpYwJX68ekqtQt6ZA==",
+      "dev": true,
+      "requires": {
+        "cacache": "^10.0.4",
+        "find-cache-dir": "^1.0.0",
+        "globby": "^7.1.1",
+        "is-glob": "^4.0.0",
+        "loader-utils": "^1.1.0",
+        "minimatch": "^3.0.4",
+        "p-limit": "^1.0.0",
+        "serialize-javascript": "^1.4.0"
+      },
+      "dependencies": {
+        "globby": {
+          "version": "7.1.1",
+          "resolved": "https://registry.npmjs.org/globby/-/globby-7.1.1.tgz",
+          "integrity": "sha1-+yzP+UAfhgCUXfral0QMypcrhoA=",
+          "dev": true,
+          "requires": {
+            "array-union": "^1.0.1",
+            "dir-glob": "^2.0.0",
+            "glob": "^7.1.2",
+            "ignore": "^3.3.5",
+            "pify": "^3.0.0",
+            "slash": "^1.0.0"
+          }
+        }
+      }
+    },
     "core-js": {
       "version": "1.2.7",
       "resolved": "https://registry.npmjs.org/core-js/-/core-js-1.2.7.tgz",
diff --git a/client/package.json b/client/package.json
index 9b000c61..ce60dba2 100644
--- a/client/package.json
+++ b/client/package.json
@@ -47,6 +47,7 @@
     "babel-runtime": "6.26.0",
     "clean-webpack-plugin": "^0.1.19",
     "compression-webpack-plugin": "^1.1.11",
+    "copy-webpack-plugin": "^4.6.0",
     "css-loader": "^0.28.11",
     "eslint": "^4.19.1",
     "eslint-config-airbnb-base": "^12.1.0",
diff --git a/client/public/favicon.ico b/client/public/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..07cb5eead34cdd95d17e3d3cf1dd387a98bdb978
GIT binary patch
literal 15086
zcmeHO2~ZYC7Je+7N~MfRT-U^$Y8lI<cB@P(mF#X=yWS!yDk_R7a^I)Q5k(M_7^9eY
z>*9%mA_5{oMLaMbc!Wga9TF3FbrBJfC=w(Dd%ri(IE?@N|NK9iY^rvuhVJQqdfxY5
zzxVp}>xRgV?CF_j2v=7M{5{b-T<hBOyany+(Dud~&CflE26rNQ4UgQVD{edGFHv8-
zr@e#_cBXEpL~0+lm6rPNq<ps&>Tc>Cy*8gU)N4vEl}7C#5wxE~z&@(+$fogn@2lH`
z)2ZLoPw5u-mHh(?N$~Bxo#NE*YU_UMsrR%zs+E1U{rMZ7ITWq!$Ip|O(DR^Mq3&y{
ze?TEMx^E>1?Ki@+C`a3O;o(1vn8O_v?2-pA{rA!p=lOO|%WnX8A8p?``=1wg>i;di
zzM1<#e?=B~G+Xu$&!${;|Czg=5!Y+Zi5s=win@lIV#oJU!XM+%3d0_%bew7T#E4nc
z5i+Zn{bP2L_`YhVsI9*&=Inn#Bz^IY@{L6$|7g`e@Bj(O!8ss}Tx4G^mlpLB7b?=l
z;v;Xhj9=21e-l-8XGP4BXIp*4XD6);-a>QL{kc9huW9VLuILZ2e|)mHIA4|3s=x0p
z`Z6Nxv21OB^)vTpz5`G$Ea@v!&JPk8L#54kH&w;vJ$X$1zP2v=%WtUV2)%BI-~Dun
zwvYN*-Cr$#Sr6ItL?7r*u6hg%^l$XdrxTO2$V=+LsCeoam`3BnGHD_1gZO4SzS#i!
z{B9LwUF^MsR(o!z0Oy7G?U_i3w%qJzy5jDOTl$$q#aE$0bxEAomM$OB%f4$U+BcJO
z$FHMdgF+vF%-V0*`aXQ%n_*dWAS#dQLZCnX`>5PKouY@uQwLkWX{6tfD0(_z1I?bA
zOI1;@N7jdseb8a(ZO~^VygsGkaqH~f8Z?z2x-3Q~&~rg)v>Y_+)OslCD|!pthwYph
zzlL0l@MH8Hj}_ECB%O+*n|aoy-)z6Y(l~xSML5r=_C{&wz2~*ct|x4!K+0Q9o9nIk
zzfYh2NVVq{ir4$Dk#^UQse8mWI;Th50(}t(op4K~=?)3h&ImpAJ0lY4MaVqUl+4vK
zFvGv%OW_x*+%}Sr`rDT3gTv|Zpv{zFj&F&<5`ET7*k_%~Kk4t5=*r(cm(v8$ZkhWe
zEmNft`aCDX$L=5TF?EqN^h&oy)H^bVzB5Hj-3A{n68HW=gn>UfZ!xdBH!yf)(b|52
zf3(-5&F%0nso=d)P0Lh$X2Db9WZ4q2?%W9B*F2Z%(r(6uxwh6hiQd+u4}BkCY0Q~#
zjz!L1OTuS_sJ>e&7M1iehM{R3b~??WPFf63)2V%E2BlllcgDBtLV#$z_p?Hu|6IPk
zPlUqO)G>gbED+;WxuublmcG|2azt!gX-d}I#(Yn~onJal)c<@(q216}uax}f=+zY>
z?6Y?I<1cjsGVt6+1^qR8;Fm&6&5b+LPCn5WF<-Sp^QWI{#lCM7#N{6fmFK#KDv|#6
z0O5oANRM~f&i3dSPu<W_Sz`=|`d#~oY<=FD_L}0i#1D1fDYWk0yC-&+1}gL4j6<Ep
z=^JUynCis*FaBgv7lICwaNR(014Bu%g^{zVU-Yi~v88$pIOd!Uo^I3@DKz*`>GcI7
z2JiEj1nngeTl9kXPt6hK_tKlY5YN6~Q3gJ{D1T@ib?g&F_K<y&9{soi5~s^oLf;w{
zojYB=Ud-CtS>c^=vj1Vdn_l#iICmpc!Em~AzTy)&wv{s1mVO0v$z>J2jaZ=rVwrq3
z&+0ncL(;*XBKO=Fk#lx5e9p72;&AEz7{iRCFN^X!#R|^U3$AAE0Xk6Yo<T07-lx|i
za_Eejrm1=)WX-qsH%XuQV+?UeUlA8>ZWp()PFZ>CuV!_@eGAQVT}-_($ChcoYxG%7
zUt)+q)>T~p@wB*h=a7hmu9@@;utU(#4orE{C2~8}7^SCuPfK57NI3SY_@;V~I9ah-
zOg+@$!8wBcKn|S>PwNyBnQLsW)6(W=Q}iW<S;t=$2d)ei@0~DB-z$&G;<mj!7whW>
z#?=%pQ*C<m83XITH|*1-{8?Z2P|e(e9?RA1N>en<wV9*O7|h*RC)OwJdu{EnMIYE2
zmlX9#orZBV$D_I5+QL7tS*E4E+Ak!7GO?zqROTNOG5$lP550$8G+>=l;<kzA!eQDu
z#!v_EWODRRp~dip<?M^~{IM2`A^t&==NzW%v5gK)N~bAKNz`+|6ndQLtM7qf)NXVl
z_2D^z*Bw)Gs1$KQ6?CLQp{<cmEBc_L=sm_2aYn7*9x4N$Cp<r;j4><7Z+JZQRMRq7
z9~eURj?vW7bpiGASxXMc-9>w^qGaFobRaO5z6B=sS&hx~>k!|TPufBy?wcudVj9hx
zkVX@*F7G{bHgy>gslWc9U-{xZ1*b?oaku0tkSo<*=492@-;kqm_gqgo4l}4vTfg;7
z_J^+abYDifG5MIAd7dkzhSAGtF>)~-e@Ps+&>E3QA&5Jw-`xXShyM%1Ji+VbkRs$!
zkfTN}$I+JWKI%S*Szq*6M%gil3t8^$6D0nCX8R95)WplEMU>Rn@0AC9%%jGr_kHBA
z`h{+#ODuD>AJyV#9~J~&cr4sD(?P_jR_!zB(Qixp=vfp1A6y^1yES%G@>kFKp{!4c
za~$JnP+RD?rLW5eG>_*qUbCp>F6*Y`ujYaE3GsUUz&P?~3l3}hI)uJv@41rJ#zNQ4
zt;;RpXI_HgpV+>U6P#u(4qM(I9NEp@dkv*Bb}47Q(g=RVCV)Q-`sBLQ{C<}$c-4Id
zh4!%bN~R53J8dg|g$Is>piiTcC{|7LVb&*nLQ9QeXP%78U)lu6tsKuGuWD6Z(+H0v
z5@;Ix7<2lr9S3XiE91cNXd%@POMGz8(g;pd?+l5iVem7JMq_8mhb{P-2lh+eyQtFP
zA<PfRId=)or1BUO{$1kKD{aNkJcJw}F)^Kr`ucZn(>(2yOa<2HyqcG`;8%EnPa63N
z%`>GFM%sqQQJ5`qXC8R%8iD*lFk%YMvojuRZ;mx!3ylu3#`g#$UxUJ_TlhArma&*x
zu9oTwcI32nmyQv$k3yFX<WBW?3pq?;QU;YEzi*Wuxh<qk(-Hex!fNXGpzS2`&i98X
zkQ1%WRdQ{5xfVU#>UOq;(F<sbl&z(5=)2UL^YPaBO36nEux~txO>Wgy@UQV=GV75I
zI>dcA#=ttbqJIcIX9+w1?!B4{jKl{Lvn)e%Ni2iSaSmR4tvE$(;(=ps=TB&kCH&Yg
zX_7tcPvSCChQn4rgsg7gy{3h(JlE7$Adifgnb%`Bj6?GnRALMs*yB<2G-)YiSnDs@
z&&)(Tcdh0tlh|eB#p(hj=V+@fG}}S68n3!OcnWn#&bZc^d6xH3*xy{N%9k)(%3F8K
zTI#a0|FW;mdc^axdp2Fb9+OF5G<puj#cI}o=5&YmSy*qrEL$w$wUiY&&%|R=cqzQ4
zO;%Q)vE3Fp#v7XOU~DuX_$7P)4Rp%XI#7>?VAyNn#Xt$GrMy#rU3>&Oq3}iih&w(j
zYt2LLPd7#UG23i`?Re};S`T8a@{7pny$N|X@|>@SSKZD&KKpEIKgkR<-fIxa#}U8a
z_ZWOD1mo$6`Rj1mbpE;Jx^(N1V#h}Jh^5W59V2g9jvQ0Vc{qI3&iMnHZq#lW+uC9h
zykDrjvQ8t0$M4LmjDP&#Z@j?6k*hOXy?&@H+9q4zH3ITT4vbsg*yr7E#OFsq=a<6|
z-ow71_A0y>Dp;rFI7$4R|6w_E9C56CcB^hF=V6mp&TZ_6oEH;sv@7_rSJ?^q@hZJM
zg2clm@6|0v|8H(=$2?W1V7c2+BlchPQ+`wLd8qO8_%jc_;Ne6$PeV=Dj}5m)BJ|DE
zig|%!qKR9m2wza}501ilN=^P;jage~f6si(g<N?o<^Wq5+Snhd-__!8;Q@RUUz;yk
z5La#=6~WD8B=y`}$vz0@^Qs4iH^mc92^40H-;@}c2lk()_D}g8Q}`thJQiP6G@Z3z
zMvh)h5FXGYLuXES{szB8n)BK&3n=+r1Njh%+i0nWU(G{F<^8!M?SgSz;JIw%M-;?5
z<hIP1?Ha``-!q3_^1!jgSCy+3U8;vYeek(4TTo(&MYJ?AIk27IMmlH9Iz{5tD=pz?
z9@w5)XU^P6Rd~31=PTvRjHP*j<v(Eq<;_?!uA5&fRT%L-dN}pkjo_C&1SvdhQg}F3
znWFeAbGE?v-EemCy%fj41Z|}nYhpG%yxMl7_!S<YN4(zMTuNf=H(0ZvZWcf0FvN0~
z7GyX$gl?k-Th>}yyxM1L@G}p*ug^Zn!@yj?J{0G{D>v?$=n{_k{(k{K^I-VK`0zP}
ztmCeJJRfOg_b{HVmA_%^&3y7Xhs@)yVUfR4{FuWUvOoU~<4105&-cS)r|Infv{i>5
zrT!@UfQaK(?C^Wra}Dif|H<+H!}Oz%0za=`c<&GUW({MLDV^g7zH!!M(B!3*$?JFK
z!_wZCk+FGL_}N!-%p8o{3wf-Oi)cB{sPvN9)#czw>M;guF`Nx4Ml9dRaVhg+%lvFJ
ze)vX~GsifL8D|=6ai(YQ@b}55U$C(p9P@-VW-siK#^QX-US8iw9aH$h9=j!7GlU;l
zS-u<(FkZfSy@oYznagU*88L?f9Ff;i%h;AW&Idd<G?pC3en{~+$DSRyiOw)j%9<Z*
zACCVxcfsQ%=Rz%hwmFt7V`a=7!?O?f%%ckAn2TMoH#mF_MGT6f-u;6g?f<;=4}R(i
z<k(+_-8ebL(=_buEgw6d@_pBVuWbBZUh_G9KEDBZHehbL<()@Y#%-WttX(t5EvKZx
iGbspXp9Wz4+NFPB=f`Z3Ytwlk{+}qm{$Kvma`-Rso3+#c

literal 0
HcmV?d00001

diff --git a/client/public/index.html b/client/public/index.html
index 6b003a23..0ac4e315 100644
--- a/client/public/index.html
+++ b/client/public/index.html
@@ -4,7 +4,7 @@
         <meta charset="utf-8">
         <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
         <meta name="theme-color" content="#000000">
-        <link rel="shortcut icon" href="https://adguard.com/img/favicons/favicon.ico">
+        <link rel="shortcut icon" href="favicon.ico">
         <title>AdGuard Home</title>
     </head>
     <body>
diff --git a/client/public/install.html b/client/public/install.html
index 45065fe3..7f251c62 100644
--- a/client/public/install.html
+++ b/client/public/install.html
@@ -4,7 +4,7 @@
         <meta charset="utf-8">
         <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
         <meta name="theme-color" content="#000000">
-        <link rel="shortcut icon" href="https://adguard.com/img/favicons/favicon.ico">
+        <link rel="shortcut icon" href="favicon.ico">
         <title>Setup AdGuard Home</title>
     </head>
     <body>
diff --git a/client/webpack.common.js b/client/webpack.common.js
index aa1b2383..bee1b975 100644
--- a/client/webpack.common.js
+++ b/client/webpack.common.js
@@ -5,12 +5,14 @@ const ExtractTextPlugin = require('extract-text-webpack-plugin');
 const webpack = require('webpack');
 const flexBugsFixes = require('postcss-flexbugs-fixes');
 const CleanWebpackPlugin = require('clean-webpack-plugin');
+const CopyPlugin = require('copy-webpack-plugin');
 
 const RESOURCES_PATH = path.resolve(__dirname);
 const ENTRY_REACT = path.resolve(RESOURCES_PATH, 'src/index.js');
 const ENTRY_INSTALL = path.resolve(RESOURCES_PATH, 'src/install/index.js');
 const HTML_PATH = path.resolve(RESOURCES_PATH, 'public/index.html');
 const HTML_INSTALL_PATH = path.resolve(RESOURCES_PATH, 'public/install.html');
+const FAVICON_PATH = path.resolve(RESOURCES_PATH, 'public/favicon.ico');
 
 const PUBLIC_PATH = path.resolve(__dirname, '../build/static');
 
@@ -117,6 +119,9 @@ const config = {
         new ExtractTextPlugin({
             filename: '[name].[contenthash].css',
         }),
+        new CopyPlugin([
+            { from: FAVICON_PATH, to: PUBLIC_PATH },
+        ]),
     ],
 };
 

From e9d20651e98adbae88161a6458bdaa12c9624fcb Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Thu, 14 Mar 2019 18:06:53 +0300
Subject: [PATCH 57/95] Fix #606, Fix #610 [change] app, config: add symlink
 support, allow to specify absolute path in log_file

---
 app.go    |  6 +++++-
 config.go | 10 ++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/app.go b/app.go
index 18d45b2e..91f4fbdd 100644
--- a/app.go
+++ b/app.go
@@ -288,7 +288,11 @@ func configureLogger(args options) {
 		}
 	} else {
 		logFilePath := filepath.Join(config.ourWorkingDir, ls.LogFile)
-		file, err := os.OpenFile(logFilePath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0755)
+		if filepath.IsAbs(ls.LogFile) {
+			logFilePath = ls.LogFile
+		}
+
+		file, err := os.OpenFile(logFilePath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
 		if err != nil {
 			log.Fatalf("cannot create a log file: %s", err)
 		}
diff --git a/config.go b/config.go
index 05888888..b0da6532 100644
--- a/config.go
+++ b/config.go
@@ -137,9 +137,15 @@ var config = configuration{
 
 // getConfigFilename returns path to the current config file
 func (c *configuration) getConfigFilename() string {
-	configFile := config.ourConfigFilename
+	configFile, err := filepath.EvalSymlinks(config.ourConfigFilename)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			log.Error("unexpected error while config file path evaluation: %s", err)
+		}
+		configFile = config.ourConfigFilename
+	}
 	if !filepath.IsAbs(configFile) {
-		configFile = filepath.Join(config.ourWorkingDir, config.ourConfigFilename)
+		configFile = filepath.Join(config.ourWorkingDir, configFile)
 	}
 	return configFile
 }

From 70c56f7a180e1113c289574e69dd148bc76db511 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Thu, 14 Mar 2019 18:06:53 +0300
Subject: [PATCH 58/95] + app, config: add symlink support, allow to specify
 absolute path in log_file

---
 app.go    |  6 +++++-
 config.go | 10 ++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/app.go b/app.go
index 18d45b2e..91f4fbdd 100644
--- a/app.go
+++ b/app.go
@@ -288,7 +288,11 @@ func configureLogger(args options) {
 		}
 	} else {
 		logFilePath := filepath.Join(config.ourWorkingDir, ls.LogFile)
-		file, err := os.OpenFile(logFilePath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0755)
+		if filepath.IsAbs(ls.LogFile) {
+			logFilePath = ls.LogFile
+		}
+
+		file, err := os.OpenFile(logFilePath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644)
 		if err != nil {
 			log.Fatalf("cannot create a log file: %s", err)
 		}
diff --git a/config.go b/config.go
index 05888888..b0da6532 100644
--- a/config.go
+++ b/config.go
@@ -137,9 +137,15 @@ var config = configuration{
 
 // getConfigFilename returns path to the current config file
 func (c *configuration) getConfigFilename() string {
-	configFile := config.ourConfigFilename
+	configFile, err := filepath.EvalSymlinks(config.ourConfigFilename)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			log.Error("unexpected error while config file path evaluation: %s", err)
+		}
+		configFile = config.ourConfigFilename
+	}
 	if !filepath.IsAbs(configFile) {
-		configFile = filepath.Join(config.ourWorkingDir, config.ourConfigFilename)
+		configFile = filepath.Join(config.ourWorkingDir, configFile)
 	}
 	return configFile
 }

From 60fa3b2e95e5fc111884f13c8bfa465f030a0b40 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Thu, 28 Feb 2019 18:24:01 +0300
Subject: [PATCH 59/95] * dhcp: refactor;  log client's HW addr

---
 dhcpd/dhcpd.go | 65 ++++++++++++++++++++++++++++----------------------
 1 file changed, 37 insertions(+), 28 deletions(-)

diff --git a/dhcpd/dhcpd.go b/dhcpd/dhcpd.go
index 05d753b8..7cd3affc 100644
--- a/dhcpd/dhcpd.go
+++ b/dhcpd/dhcpd.go
@@ -126,6 +126,7 @@ func (s *Server) Start(config *ServerConfig) error {
 	if err != nil {
 		return wrapErrPrint(err, "Couldn't start listening socket on 0.0.0.0:67")
 	}
+	log.Info("DHCP: listening on 0.0.0.0:67")
 
 	s.conn = c
 
@@ -213,7 +214,7 @@ func (s *Server) findFreeIP(hwaddr net.HardwareAddr) (net.IP, error) {
 	var foundIP net.IP
 	for i := 0; i < dhcp4.IPRange(s.leaseStart, s.leaseStop); i++ {
 		newIP := dhcp4.IPAdd(s.leaseStart, i)
-		foundHWaddr := s.getIPpool(newIP)
+		foundHWaddr := s.findReservedHWaddr(newIP)
 		log.Tracef("tried IP %v, got hwaddr %v", newIP, foundHWaddr)
 		if foundHWaddr != nil && len(foundHWaddr) != 0 {
 			// if !bytes.Equal(foundHWaddr, hwaddr) {
@@ -236,7 +237,7 @@ func (s *Server) findFreeIP(hwaddr net.HardwareAddr) (net.IP, error) {
 	return foundIP, nil
 }
 
-func (s *Server) getIPpool(ip net.IP) net.HardwareAddr {
+func (s *Server) findReservedHWaddr(ip net.IP) net.HardwareAddr {
 	rawIP := []byte(ip)
 	IP4 := [4]byte{rawIP[0], rawIP[1], rawIP[2], rawIP[3]}
 	return s.IPpool[IP4]
@@ -256,33 +257,22 @@ func (s *Server) unreserveIP(ip net.IP) {
 
 // ServeDHCP handles an incoming DHCP request
 func (s *Server) ServeDHCP(p dhcp4.Packet, msgType dhcp4.MessageType, options dhcp4.Options) dhcp4.Packet {
-	log.Tracef("Got %v message", msgType)
+	log.Tracef("Message from client %s: %d", p.CHAddr(), msgType)
+
 	log.Tracef("Leases:")
 	for i, lease := range s.leases {
 		log.Tracef("Lease #%d: hwaddr %s, ip %s, expiry %s", i, lease.HWAddr, lease.IP, lease.Expiry)
 	}
-	log.Tracef("IP pool:")
-	for ip, hwaddr := range s.IPpool {
-		log.Tracef("IP pool entry %s -> %s", net.IPv4(ip[0], ip[1], ip[2], ip[3]), hwaddr)
-	}
 
 	switch msgType {
 	case dhcp4.Discover: // Broadcast Packet From Client - Can I have an IP?
-		// find a lease, but don't update lease time
-		log.Tracef("Got from client: Discover")
-		lease, err := s.reserveLease(p)
-		if err != nil {
-			log.Tracef("Couldn't find free lease: %s", err)
-			// couldn't find lease, don't respond
-			return nil
-		}
-		reply := dhcp4.ReplyPacket(p, dhcp4.Offer, s.ipnet.IP, lease.IP, s.leaseTime, s.leaseOptions.SelectOrderOrAll(options[dhcp4.OptionParameterRequestList]))
-		log.Tracef("Replying with offer: offered IP %v for %v with options %+v", lease.IP, s.leaseTime, reply.ParseOptions())
-		return reply
+		return s.handleDiscover(p, options)
+
 	case dhcp4.Request: // Broadcast From Client - I'll take that IP (Also start for renewals)
 		// start/renew a lease -- update lease time
 		// some clients (OSX) just go right ahead and do Request first from previously known IP, if they get NAK, they restart full cycle with Discover then Request
 		return s.handleDHCP4Request(p, options)
+
 	case dhcp4.Decline: // Broadcast From Client - Sorry I can't use that IP
 		log.Tracef("Got from client: Decline")
 
@@ -291,25 +281,43 @@ func (s *Server) ServeDHCP(p dhcp4.Packet, msgType dhcp4.MessageType, options dh
 
 	case dhcp4.Inform: // From Client, I have this IP and there's nothing you can do about it
 		log.Tracef("Got from client: Inform")
-		// do nothing
 
 	// from server -- ignore those but enumerate just in case
 	case dhcp4.Offer: // Broadcast From Server - Here's an IP
-		log.Printf("SHOULD NOT HAPPEN -- FROM ANOTHER DHCP SERVER: Offer")
+		log.Printf("DHCP: received message from another server: Offer")
+
 	case dhcp4.ACK: // From Server, Yes you can have that IP
-		log.Printf("SHOULD NOT HAPPEN -- FROM ANOTHER DHCP SERVER: ACK")
+		log.Printf("DHCP: received message from another server: ACK")
+
 	case dhcp4.NAK: // From Server, No you cannot have that IP
-		log.Printf("SHOULD NOT HAPPEN -- FROM ANOTHER DHCP SERVER: NAK")
+		log.Printf("DHCP: received message from another server: NAK")
+
 	default:
-		log.Printf("Unknown DHCP packet detected, ignoring: %v", msgType)
+		log.Printf("DHCP: unknown packet %v from client %s", msgType, p.CHAddr())
 		return nil
 	}
 	return nil
 }
 
+func (s *Server) handleDiscover(p dhcp4.Packet, options dhcp4.Options) dhcp4.Packet {
+	// find a lease, but don't update lease time
+
+	lease, err := s.reserveLease(p)
+	if err != nil {
+		log.Tracef("Couldn't find free lease: %s", err)
+		// couldn't find lease, don't respond
+		return nil
+	}
+
+	opt := s.leaseOptions.SelectOrderOrAll(options[dhcp4.OptionParameterRequestList])
+	reply := dhcp4.ReplyPacket(p, dhcp4.Offer, s.ipnet.IP, lease.IP, s.leaseTime, opt)
+	log.Tracef("Replying with offer: offered IP %v for %v with options %+v", lease.IP, s.leaseTime, reply.ParseOptions())
+	return reply
+}
+
 func (s *Server) handleDHCP4Request(p dhcp4.Packet, options dhcp4.Options) dhcp4.Packet {
-	log.Tracef("Got from client: Request")
-	if server, ok := options[dhcp4.OptionServerIdentifier]; ok && !net.IP(server).Equal(s.ipnet.IP) {
+	server := options[dhcp4.OptionServerIdentifier]
+	if server != nil && !net.IP(server).Equal(s.ipnet.IP) {
 		log.Tracef("Request message not for this DHCP server (%v vs %v)", server, s.ipnet.IP)
 		return nil // Message not for this dhcp server
 	}
@@ -341,7 +349,8 @@ func (s *Server) handleDHCP4Request(p dhcp4.Packet, options dhcp4.Options) dhcp4
 		// IP matches lease IP, nothing else to do
 		lease.Expiry = time.Now().Add(s.leaseTime)
 		log.Tracef("Replying with ACK: request IP matches lease IP, nothing else to do. IP %v for %v", lease.IP, p.CHAddr())
-		return dhcp4.ReplyPacket(p, dhcp4.ACK, s.ipnet.IP, lease.IP, s.leaseTime, s.leaseOptions.SelectOrderOrAll(options[dhcp4.OptionParameterRequestList]))
+		opt := s.leaseOptions.SelectOrderOrAll(options[dhcp4.OptionParameterRequestList])
+		return dhcp4.ReplyPacket(p, dhcp4.ACK, s.ipnet.IP, lease.IP, s.leaseTime, opt)
 	}
 
 	//
@@ -350,7 +359,7 @@ func (s *Server) handleDHCP4Request(p dhcp4.Packet, options dhcp4.Options) dhcp4
 
 	log.Tracef("lease IP is different from requested IP: %s vs %s", lease.IP, reqIP)
 
-	hwaddr := s.getIPpool(reqIP)
+	hwaddr := s.findReservedHWaddr(reqIP)
 	if hwaddr == nil {
 		// not in pool, check if it's in DHCP range
 		if dhcp4.IPInRange(s.leaseStart, s.leaseStop, reqIP) {
@@ -379,7 +388,7 @@ func (s *Server) handleDHCP4Request(p dhcp4.Packet, options dhcp4.Options) dhcp4
 	return dhcp4.ReplyPacket(p, dhcp4.NAK, s.ipnet.IP, nil, 0, nil)
 }
 
-// Leases returns the list of current DHCP leases
+// Leases returns the list of current DHCP leases (thread-safe)
 func (s *Server) Leases() []*Lease {
 	s.RLock()
 	result := s.leases

From 08bf9b0acb7bc7ce73f53a8f40e8c3f23e2e3ba2 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Fri, 1 Mar 2019 14:48:33 +0300
Subject: [PATCH 60/95] * dhcp: remove code which forces an update of current
 lease's IP in  Request message handler

---
 dhcpd/dhcpd.go | 27 ---------------------------
 1 file changed, 27 deletions(-)

diff --git a/dhcpd/dhcpd.go b/dhcpd/dhcpd.go
index 7cd3affc..d6f1c528 100644
--- a/dhcpd/dhcpd.go
+++ b/dhcpd/dhcpd.go
@@ -358,33 +358,6 @@ func (s *Server) handleDHCP4Request(p dhcp4.Packet, options dhcp4.Options) dhcp4
 	//
 
 	log.Tracef("lease IP is different from requested IP: %s vs %s", lease.IP, reqIP)
-
-	hwaddr := s.findReservedHWaddr(reqIP)
-	if hwaddr == nil {
-		// not in pool, check if it's in DHCP range
-		if dhcp4.IPInRange(s.leaseStart, s.leaseStop, reqIP) {
-			// okay, we can give it to our client -- it's in our DHCP range and not taken, so let them use their IP
-			log.Tracef("Replying with ACK: request IP %v is not taken, so assigning lease IP %v to it, for %v", reqIP, lease.IP, p.CHAddr())
-			s.unreserveIP(lease.IP)
-			lease.IP = reqIP
-			s.reserveIP(reqIP, p.CHAddr())
-			lease.Expiry = time.Now().Add(s.leaseTime)
-			return dhcp4.ReplyPacket(p, dhcp4.ACK, s.ipnet.IP, lease.IP, s.leaseTime, s.leaseOptions.SelectOrderOrAll(options[dhcp4.OptionParameterRequestList]))
-		}
-	}
-
-	if hwaddr != nil && !bytes.Equal(hwaddr, lease.HWAddr) {
-		log.Printf("SHOULD NOT HAPPEN: IP pool hwaddr does not match lease hwaddr: %s vs %s", hwaddr, lease.HWAddr)
-	}
-
-	// requsted IP is not sufficient, reply with NAK
-	if hwaddr != nil {
-		log.Tracef("Replying with NAK: request IP %s is taken, asked by %v", reqIP, p.CHAddr())
-		return dhcp4.ReplyPacket(p, dhcp4.NAK, s.ipnet.IP, nil, 0, nil)
-	}
-
-	// requested IP is outside of DHCP range
-	log.Tracef("Replying with NAK: request IP %s is outside of DHCP range [%s, %s], asked by %v", reqIP, s.leaseStart, s.leaseStop, p.CHAddr())
 	return dhcp4.ReplyPacket(p, dhcp4.NAK, s.ipnet.IP, nil, 0, nil)
 }
 

From e164cff02b0f20a03c0c3050eb8f6e4a812f461b Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Fri, 1 Mar 2019 20:03:22 +0300
Subject: [PATCH 61/95] + dhcp: test

---
 dhcpd/dhcpd.go      |   8 +++
 dhcpd/dhcpd_test.go | 115 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 123 insertions(+)
 create mode 100644 dhcpd/dhcpd_test.go

diff --git a/dhcpd/dhcpd.go b/dhcpd/dhcpd.go
index d6f1c528..b9affb5a 100644
--- a/dhcpd/dhcpd.go
+++ b/dhcpd/dhcpd.go
@@ -368,3 +368,11 @@ func (s *Server) Leases() []*Lease {
 	s.RUnlock()
 	return result
 }
+
+// Reset internal state
+func (s *Server) reset() {
+	s.Lock()
+	s.leases = nil
+	s.Unlock()
+	s.IPpool = make(map[[4]byte]net.HardwareAddr)
+}
diff --git a/dhcpd/dhcpd_test.go b/dhcpd/dhcpd_test.go
new file mode 100644
index 00000000..10ca1b59
--- /dev/null
+++ b/dhcpd/dhcpd_test.go
@@ -0,0 +1,115 @@
+package dhcpd
+
+import (
+	"bytes"
+	"net"
+	"testing"
+	"time"
+
+	"github.com/krolaw/dhcp4"
+)
+
+func check(t *testing.T, result bool, msg string) {
+	if !result {
+		t.Fatal(msg)
+	}
+}
+
+// Tests performed:
+// . Handle Discover message (lease reserve)
+// . Handle Request message (lease commit)
+func TestDHCP(t *testing.T) {
+	var s = Server{}
+	var p, p2 dhcp4.Packet
+	var hw net.HardwareAddr
+	var lease *Lease
+	var opt dhcp4.Options
+
+	s.leaseStart = []byte{1, 1, 1, 1}
+	s.leaseStop = []byte{1, 1, 1, 2}
+	s.leaseTime = 5 * time.Second
+	s.leaseOptions = dhcp4.Options{}
+	s.ipnet = &net.IPNet{
+		IP:   []byte{1, 2, 3, 4},
+		Mask: []byte{0xff, 0xff, 0xff, 0xff},
+	}
+
+	p = make(dhcp4.Packet, 241)
+
+	// Reserve an IP
+	hw = []byte{1, 2, 3, 4, 5, 6}
+	p.SetCHAddr(hw)
+	lease, _ = s.reserveLease(p)
+	check(t, bytes.Equal(lease.HWAddr, hw), "lease.HWAddr")
+	check(t, bytes.Equal(lease.IP, []byte{1, 1, 1, 1}), "lease.IP")
+
+	// Try to reserve another IP for the same machine - no new IP must be reserved
+	hw = []byte{1, 2, 3, 4, 5, 6}
+	p.SetCHAddr(hw)
+	lease, _ = s.reserveLease(p)
+	check(t, bytes.Equal(lease.HWAddr, hw), "lease.HWAddr")
+	check(t, bytes.Equal(lease.IP, []byte{1, 1, 1, 1}), "lease.IP")
+
+	// Reserve an IP - the next IP from the range
+	hw = []byte{2, 2, 3, 4, 5, 6}
+	p.SetCHAddr(hw)
+	lease, _ = s.reserveLease(p)
+	check(t, bytes.Equal(lease.HWAddr, hw), "lease.HWAddr")
+	check(t, bytes.Equal(lease.IP, []byte{1, 1, 1, 2}), "lease.IP")
+
+	// Reserve an IP - we have no more available IPs
+	p.SetCHAddr([]byte{3, 2, 3, 4, 5, 6})
+	lease, _ = s.reserveLease(p)
+	check(t, lease == nil, "lease == nil")
+
+	// Decline request for a lease which doesn't match our internal state
+	hw = []byte{1, 2, 3, 4, 5, 6}
+	p.SetCHAddr(hw)
+	p.SetCIAddr([]byte{0, 0, 0, 0})
+	opt = make(dhcp4.Options, 10)
+	// ask a different IP
+	opt[dhcp4.OptionRequestedIPAddress] = []byte{1, 1, 1, 2}
+	p2 = s.handleDHCP4Request(p, opt)
+	opt = p2.ParseOptions()
+	check(t, bytes.Equal(opt[dhcp4.OptionDHCPMessageType], []byte{byte(dhcp4.NAK)}), "dhcp4.NAK")
+
+	// Commit the previously reserved lease
+	hw = []byte{1, 2, 3, 4, 5, 6}
+	p.SetCHAddr(hw)
+	p.SetCIAddr([]byte{0, 0, 0, 0})
+	opt = make(dhcp4.Options, 10)
+	opt[dhcp4.OptionRequestedIPAddress] = []byte{1, 1, 1, 1}
+	p2 = s.handleDHCP4Request(p, opt)
+	opt = p2.ParseOptions()
+	check(t, bytes.Equal(opt[dhcp4.OptionDHCPMessageType], []byte{byte(dhcp4.ACK)}), "dhcp4.ACK")
+	check(t, bytes.Equal(p2.YIAddr(), []byte{1, 1, 1, 1}), "p2.YIAddr")
+	check(t, bytes.Equal(p2.CHAddr(), hw), "p2.CHAddr")
+	check(t, bytes.Equal(opt[dhcp4.OptionIPAddressLeaseTime], dhcp4.OptionsLeaseTime(5*time.Second)), "OptionIPAddressLeaseTime")
+	check(t, bytes.Equal(opt[dhcp4.OptionServerIdentifier], s.ipnet.IP), "OptionServerIdentifier")
+
+	s.reset()
+	misc(t, &s)
+}
+
+// Small tests that don't require a static server's state
+func misc(t *testing.T, s *Server) {
+	var p, p2 dhcp4.Packet
+	var hw net.HardwareAddr
+	var opt dhcp4.Options
+
+	p = make(dhcp4.Packet, 241)
+
+	// Commit a lease for an IP without prior Discover-Offer packets
+	hw = []byte{2, 2, 3, 4, 5, 6}
+	p.SetCHAddr(hw)
+	p.SetCIAddr([]byte{0, 0, 0, 0})
+	opt = make(dhcp4.Options, 10)
+	opt[dhcp4.OptionRequestedIPAddress] = []byte{1, 1, 1, 1}
+	p2 = s.handleDHCP4Request(p, opt)
+	opt = p2.ParseOptions()
+	check(t, bytes.Equal(opt[dhcp4.OptionDHCPMessageType], []byte{byte(dhcp4.ACK)}), "dhcp4.ACK")
+	check(t, bytes.Equal(p2.YIAddr(), []byte{1, 1, 1, 1}), "p2.YIAddr")
+	check(t, bytes.Equal(p2.CHAddr(), hw), "p2.CHAddr")
+	check(t, bytes.Equal(opt[dhcp4.OptionIPAddressLeaseTime], dhcp4.OptionsLeaseTime(5*time.Second)), "OptionIPAddressLeaseTime")
+	check(t, bytes.Equal(opt[dhcp4.OptionServerIdentifier], s.ipnet.IP), "OptionServerIdentifier")
+}

From a2e9d6945200bce5f270fbe95dedd65a0d08b5e4 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Wed, 6 Mar 2019 12:20:34 +0300
Subject: [PATCH 62/95] * use golibs v0.1.1: file.SafeWrite()

---
 config.go  |  3 ++-
 filter.go  |  3 ++-
 go.mod     |  2 +-
 go.sum     |  3 ++-
 helpers.go | 21 ---------------------
 upgrade.go |  3 ++-
 6 files changed, 9 insertions(+), 26 deletions(-)

diff --git a/config.go b/config.go
index b0da6532..1c12f1c6 100644
--- a/config.go
+++ b/config.go
@@ -10,6 +10,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/dhcpd"
 	"github.com/AdguardTeam/AdGuardHome/dnsfilter"
 	"github.com/AdguardTeam/AdGuardHome/dnsforward"
+	"github.com/AdguardTeam/golibs/file"
 	"github.com/AdguardTeam/golibs/log"
 	yaml "gopkg.in/yaml.v2"
 )
@@ -217,7 +218,7 @@ func (c *configuration) write() error {
 		log.Error("Couldn't generate YAML file: %s", err)
 		return err
 	}
-	err = safeWriteFile(configFile, yamlText)
+	err = file.SafeWrite(configFile, yamlText)
 	if err != nil {
 		log.Error("Couldn't save YAML config: %s", err)
 		return err
diff --git a/filter.go b/filter.go
index 280c403f..6b61d504 100644
--- a/filter.go
+++ b/filter.go
@@ -12,6 +12,7 @@ import (
 	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/dnsfilter"
+	"github.com/AdguardTeam/golibs/file"
 	"github.com/AdguardTeam/golibs/log"
 )
 
@@ -220,7 +221,7 @@ func (filter *filter) save() error {
 	log.Printf("Saving filter %d contents to: %s", filter.ID, filterFilePath)
 	body := []byte(strings.Join(filter.Rules, "\n"))
 
-	err := safeWriteFile(filterFilePath, body)
+	err := file.SafeWrite(filterFilePath, body)
 
 	// update LastUpdated field after saving the file
 	filter.LastUpdated = filter.LastTimeUpdated()
diff --git a/go.mod b/go.mod
index 589d0982..2f0dd5bd 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.12
 
 require (
 	github.com/AdguardTeam/dnsproxy v0.11.2
-	github.com/AdguardTeam/golibs v0.1.0
+	github.com/AdguardTeam/golibs v0.1.1
 	github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f // indirect
 	github.com/bluele/gcache v0.0.0-20171010155617-472614239ac7
 	github.com/go-ole/go-ole v1.2.1 // indirect
diff --git a/go.sum b/go.sum
index 6e4a79f1..51c15f76 100644
--- a/go.sum
+++ b/go.sum
@@ -1,7 +1,8 @@
 github.com/AdguardTeam/dnsproxy v0.11.2 h1:S/Ag2q9qoZsmW1fvMohPZP7/5amEtz8NmFCp8kxUalQ=
 github.com/AdguardTeam/dnsproxy v0.11.2/go.mod h1:EPp92b5cYR7HZpO+OQu6xC7AyhUoBaXW3sfa3exq/0I=
-github.com/AdguardTeam/golibs v0.1.0 h1:Mo1QNKC8eSbqczhxfdBXYCrUMwvgCyCwZFyWv+2Gdng=
 github.com/AdguardTeam/golibs v0.1.0/go.mod h1:zhi6xGwK4cMpjDocybhhLgvcGkstiSIjlpKbvyxC5Yc=
+github.com/AdguardTeam/golibs v0.1.1 h1:aepIN7yulf8I4Ub2c0cAaIizfSHPVXB2wrh8j4BJxl4=
+github.com/AdguardTeam/golibs v0.1.1/go.mod h1:b0XkhgIcn2TxwX6C5AQMtpIFAgjPehNgxJErWkwA3ko=
 github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f h1:5ZfJxyXo8KyX8DgGXC5B7ILL8y51fci/qYz2B4j8iLY=
 github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
diff --git a/helpers.go b/helpers.go
index 8e884d36..25e35205 100644
--- a/helpers.go
+++ b/helpers.go
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"net/url"
@@ -19,26 +18,6 @@ import (
 	"github.com/joomcode/errorx"
 )
 
-// ----------------------------------
-// helper functions for working with files
-// ----------------------------------
-
-// Writes data first to a temporary file and then renames it to what's specified in path
-func safeWriteFile(path string, data []byte) error {
-	dir := filepath.Dir(path)
-	err := os.MkdirAll(dir, 0755)
-	if err != nil {
-		return err
-	}
-
-	tmpPath := path + ".tmp"
-	err = ioutil.WriteFile(tmpPath, data, 0644)
-	if err != nil {
-		return err
-	}
-	return os.Rename(tmpPath, path)
-}
-
 // ----------------------------------
 // helper functions for HTTP handlers
 // ----------------------------------
diff --git a/upgrade.go b/upgrade.go
index 0c9aeca7..e730d34b 100644
--- a/upgrade.go
+++ b/upgrade.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/AdguardTeam/golibs/file"
 	"github.com/AdguardTeam/golibs/log"
 	yaml "gopkg.in/yaml.v2"
 )
@@ -86,7 +87,7 @@ func upgradeConfigSchema(oldVersion int, diskConfig *map[string]interface{}) err
 		return err
 	}
 
-	err = safeWriteFile(configFile, body)
+	err = file.SafeWrite(configFile, body)
 	if err != nil {
 		log.Printf("Couldn't save YAML config: %s", err)
 		return err

From 67014c40f70e7afa1f4aaa064324194836f06086 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Tue, 5 Mar 2019 17:15:38 +0300
Subject: [PATCH 63/95] + DHCP: On-disk database for lease table

---
 dhcpd/db.go         | 98 +++++++++++++++++++++++++++++++++++++++++++++
 dhcpd/dhcpd.go      |  3 ++
 dhcpd/dhcpd_test.go | 45 +++++++++++++++++++++
 3 files changed, 146 insertions(+)
 create mode 100644 dhcpd/db.go

diff --git a/dhcpd/db.go b/dhcpd/db.go
new file mode 100644
index 00000000..1caa7d81
--- /dev/null
+++ b/dhcpd/db.go
@@ -0,0 +1,98 @@
+// On-disk database for lease table
+
+package dhcpd
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"net"
+	"os"
+	"time"
+
+	"github.com/AdguardTeam/golibs/file"
+	"github.com/AdguardTeam/golibs/log"
+	"github.com/krolaw/dhcp4"
+)
+
+const dbFilename = "leases.db"
+
+type leaseJSON struct {
+	HWAddr   []byte `json:"mac"`
+	IP       []byte `json:"ip"`
+	Hostname string `json:"host"`
+	Expiry   int64  `json:"exp"`
+}
+
+// Load lease table from DB
+func (s *Server) dbLoad() {
+	data, err := ioutil.ReadFile(dbFilename)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			log.Error("DHCP: can't read file %s: %v", dbFilename, err)
+		}
+		return
+	}
+
+	obj := []leaseJSON{}
+	err = json.Unmarshal(data, &obj)
+	if err != nil {
+		log.Error("DHCP: invalid DB: %v", err)
+		return
+	}
+
+	s.leases = nil
+	s.IPpool = make(map[[4]byte]net.HardwareAddr)
+
+	numLeases := len(obj)
+	for i := range obj {
+
+		if !dhcp4.IPInRange(s.leaseStart, s.leaseStop, obj[i].IP) {
+			log.Tracef("Skipping a lease with IP %s: not within current IP range", obj[i].IP)
+			continue
+		}
+
+		lease := Lease{
+			HWAddr:   obj[i].HWAddr,
+			IP:       obj[i].IP,
+			Hostname: obj[i].Hostname,
+			Expiry:   time.Unix(obj[i].Expiry, 0),
+		}
+
+		s.leases = append(s.leases, &lease)
+
+		s.reserveIP(lease.IP, lease.HWAddr)
+	}
+	log.Info("DHCP: loaded %d leases from DB", numLeases)
+}
+
+// Store lease table in DB
+func (s *Server) dbStore() {
+	var leases []leaseJSON
+
+	for i := range s.leases {
+		if s.leases[i].Expiry.Unix() == 0 {
+			continue
+		}
+		lease := leaseJSON{
+			HWAddr:   s.leases[i].HWAddr,
+			IP:       s.leases[i].IP,
+			Hostname: s.leases[i].Hostname,
+			Expiry:   s.leases[i].Expiry.Unix(),
+		}
+		leases = append(leases, lease)
+	}
+
+	data, err := json.Marshal(leases)
+	if err != nil {
+		log.Error("json.Marshal: %v", err)
+		return
+	}
+
+	err = file.SafeWrite(dbFilename, data)
+	if err != nil {
+		log.Error("DHCP: can't store lease table on disk: %v  filename: %s",
+			err, dbFilename)
+		return
+	}
+	log.Info("DHCP: stored %d leases in DB", len(leases))
+}
diff --git a/dhcpd/dhcpd.go b/dhcpd/dhcpd.go
index b9affb5a..3920bcef 100644
--- a/dhcpd/dhcpd.go
+++ b/dhcpd/dhcpd.go
@@ -122,6 +122,8 @@ func (s *Server) Start(config *ServerConfig) error {
 		s.closeConn()
 	}
 
+	s.dbLoad()
+
 	c, err := newFilterConn(*iface, ":67") // it has to be bound to 0.0.0.0:67, otherwise it won't see DHCP discover/request packets
 	if err != nil {
 		return wrapErrPrint(err, "Couldn't start listening socket on 0.0.0.0:67")
@@ -153,6 +155,7 @@ func (s *Server) Stop() error {
 		return wrapErrPrint(err, "Couldn't close UDP listening socket")
 	}
 
+	s.dbStore()
 	return nil
 }
 
diff --git a/dhcpd/dhcpd_test.go b/dhcpd/dhcpd_test.go
index 10ca1b59..2d675ed9 100644
--- a/dhcpd/dhcpd_test.go
+++ b/dhcpd/dhcpd_test.go
@@ -3,6 +3,7 @@ package dhcpd
 import (
 	"bytes"
 	"net"
+	"os"
 	"testing"
 	"time"
 
@@ -113,3 +114,47 @@ func misc(t *testing.T, s *Server) {
 	check(t, bytes.Equal(opt[dhcp4.OptionIPAddressLeaseTime], dhcp4.OptionsLeaseTime(5*time.Second)), "OptionIPAddressLeaseTime")
 	check(t, bytes.Equal(opt[dhcp4.OptionServerIdentifier], s.ipnet.IP), "OptionServerIdentifier")
 }
+
+// Leases database store/load
+func TestDB(t *testing.T) {
+	var s = Server{}
+	var p dhcp4.Packet
+	var hw1, hw2 net.HardwareAddr
+	var lease *Lease
+
+	s.leaseStart = []byte{1, 1, 1, 1}
+	s.leaseStop = []byte{1, 1, 1, 2}
+	s.leaseTime = 5 * time.Second
+	s.leaseOptions = dhcp4.Options{}
+	s.ipnet = &net.IPNet{
+		IP:   []byte{1, 2, 3, 4},
+		Mask: []byte{0xff, 0xff, 0xff, 0xff},
+	}
+
+	p = make(dhcp4.Packet, 241)
+
+	hw1 = []byte{1, 2, 3, 4, 5, 6}
+	p.SetCHAddr(hw1)
+	lease, _ = s.reserveLease(p)
+	lease.Expiry = time.Unix(4000000001, 0)
+
+	hw2 = []byte{2, 2, 3, 4, 5, 6}
+	p.SetCHAddr(hw2)
+	lease, _ = s.reserveLease(p)
+	lease.Expiry = time.Unix(4000000002, 0)
+
+	os.Remove("leases.db")
+	s.dbStore()
+	s.reset()
+
+	s.dbLoad()
+	check(t, bytes.Equal(s.leases[0].HWAddr, hw1), "leases[0].HWAddr")
+	check(t, bytes.Equal(s.leases[0].IP, []byte{1, 1, 1, 1}), "leases[0].IP")
+	check(t, s.leases[0].Expiry.Unix() == 4000000001, "leases[0].Expiry")
+
+	check(t, bytes.Equal(s.leases[1].HWAddr, hw2), "leases[1].HWAddr")
+	check(t, bytes.Equal(s.leases[1].IP, []byte{1, 1, 1, 2}), "leases[1].IP")
+	check(t, s.leases[1].Expiry.Unix() == 4000000002, "leases[1].Expiry")
+
+	os.Remove("leases.db")
+}

From 6f69fb73af7901b52a4717833de8554069c0b43b Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Tue, 5 Mar 2019 18:04:49 +0300
Subject: [PATCH 64/95] * control: safely restart DHCP server

* control: use mutex in all POST,PUT,DELETE handlers
---
 control.go |  3 +++
 dhcp.go    | 12 ++++++------
 helpers.go |  6 ++++++
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/control.go b/control.go
index 0cd9d504..0bd7a5d7 100644
--- a/control.go
+++ b/control.go
@@ -12,6 +12,7 @@ import (
 	"sort"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/dnsforward"
@@ -36,6 +37,8 @@ var client = &http.Client{
 	Timeout: time.Second * 30,
 }
 
+var controlLock sync.Mutex
+
 // ----------------
 // helper functions
 // ----------------
diff --git a/dhcp.go b/dhcp.go
index fe780305..58a3f161 100644
--- a/dhcp.go
+++ b/dhcp.go
@@ -50,6 +50,11 @@ func handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	err = dhcpServer.Stop()
+	if err != nil {
+		log.Error("failed to stop the DHCP server: %s", err)
+	}
+
 	if newconfig.Enabled {
 		err := dhcpServer.Start(&newconfig)
 		if err != nil {
@@ -57,12 +62,7 @@ func handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	}
-	if !newconfig.Enabled {
-		err := dhcpServer.Stop()
-		if err != nil {
-			log.Error("failed to stop the DHCP server: %s", err)
-		}
-	}
+
 	config.DHCP = newconfig
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
diff --git a/helpers.go b/helpers.go
index 25e35205..9d02ad3c 100644
--- a/helpers.go
+++ b/helpers.go
@@ -27,6 +27,12 @@ func ensure(method string, handler func(http.ResponseWriter, *http.Request)) fun
 			http.Error(w, "This request must be "+method, http.StatusMethodNotAllowed)
 			return
 		}
+
+		if method == "POST" || method == "PUT" || method == "DELETE" {
+			controlLock.Lock()
+			defer controlLock.Unlock()
+		}
+
 		handler(w, r)
 	}
 }

From b5f0d48e7f7b403b86b87d125ae48c518485dc82 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Tue, 5 Mar 2019 19:14:35 +0300
Subject: [PATCH 65/95] * DHCP: Stop(): wait until the worker is stopped

---
 dhcpd/dhcpd.go | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/dhcpd/dhcpd.go b/dhcpd/dhcpd.go
index 3920bcef..d0c61934 100644
--- a/dhcpd/dhcpd.go
+++ b/dhcpd/dhcpd.go
@@ -40,6 +40,11 @@ type Server struct {
 
 	ipnet *net.IPNet // if interface name changes, this needs to be reset
 
+	cond     *sync.Cond // Synchronize worker thread with main thread
+	mutex    sync.Mutex // Mutex for 'cond'
+	running  bool       // Set if the worker thread is running
+	stopping bool       // Set if the worker thread should be stopped
+
 	// leases
 	leases       []*Lease
 	leaseStart   net.IP        // parsed from config RangeStart
@@ -131,14 +136,18 @@ func (s *Server) Start(config *ServerConfig) error {
 	log.Info("DHCP: listening on 0.0.0.0:67")
 
 	s.conn = c
+	s.cond = sync.NewCond(&s.mutex)
 
+	s.running = true
 	go func() {
 		// operate on c instead of c.conn because c.conn can change over time
 		err := dhcp4.Serve(c, s)
-		if err != nil {
+		if err != nil && !s.stopping {
 			log.Printf("dhcp4.Serve() returned with error: %s", err)
 		}
 		c.Close() // in case Serve() exits for other reason than listening socket closure
+		s.running = false
+		s.cond.Signal()
 	}()
 
 	return nil
@@ -150,11 +159,22 @@ func (s *Server) Stop() error {
 		// nothing to do, return silently
 		return nil
 	}
+
+	s.stopping = true
+
 	err := s.closeConn()
 	if err != nil {
 		return wrapErrPrint(err, "Couldn't close UDP listening socket")
 	}
 
+	// We've just closed the listening socket.
+	// Worker thread should exit right after it tries to read from the socket.
+	s.mutex.Lock()
+	for s.running {
+		s.cond.Wait()
+	}
+	s.mutex.Unlock()
+
 	s.dbStore()
 	return nil
 }

From 92cf7c1aca63afa3c16a6e6c327772646ac1781e Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Wed, 6 Mar 2019 15:13:27 +0300
Subject: [PATCH 66/95] * dhcp: refactor

---
 dhcpd/dhcpd.go | 144 ++++++++++++++++++++++++++++++++-----------------
 1 file changed, 94 insertions(+), 50 deletions(-)

diff --git a/dhcpd/dhcpd.go b/dhcpd/dhcpd.go
index d0c61934..f7d99d36 100644
--- a/dhcpd/dhcpd.go
+++ b/dhcpd/dhcpd.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"net"
+	"strings"
 	"sync"
 	"time"
 
@@ -59,6 +60,16 @@ type Server struct {
 	sync.RWMutex
 }
 
+// Print information about the available network interfaces
+func printInterfaces() {
+	ifaces, _ := net.Interfaces()
+	var buf strings.Builder
+	for i := range ifaces {
+		buf.WriteString(fmt.Sprintf("\"%s\", ", ifaces[i].Name))
+	}
+	log.Info("Available network interfaces: %s", buf.String())
+}
+
 // Start will listen on port 67 and serve DHCP requests.
 // Even though config can be nil, it is not optional (at least for now), since there are no default values (yet).
 func (s *Server) Start(config *ServerConfig) error {
@@ -69,6 +80,7 @@ func (s *Server) Start(config *ServerConfig) error {
 	iface, err := net.InterfaceByName(s.InterfaceName)
 	if err != nil {
 		s.closeConn() // in case it was already started
+		printInterfaces()
 		return wrapErrPrint(err, "Couldn't find interface by name %s", s.InterfaceName)
 	}
 
@@ -189,6 +201,7 @@ func (s *Server) closeConn() error {
 	return err
 }
 
+// Reserve a lease for the client
 func (s *Server) reserveLease(p dhcp4.Packet) (*Lease, error) {
 	// WARNING: do not remove copy()
 	// the given hwaddr by p.CHAddr() in the packet survives only during ServeDHCP() call
@@ -196,11 +209,6 @@ func (s *Server) reserveLease(p dhcp4.Packet) (*Lease, error) {
 	hwaddrCOW := p.CHAddr()
 	hwaddr := make(net.HardwareAddr, len(hwaddrCOW))
 	copy(hwaddr, hwaddrCOW)
-	foundLease := s.locateLease(p)
-	if foundLease != nil {
-		// log.Tracef("found lease for %s: %+v", hwaddr, foundLease)
-		return foundLease, nil
-	}
 	// not assigned a lease, create new one, find IP from LRU
 	log.Tracef("Lease not found for %s: creating new one", hwaddr)
 	ip, err := s.findFreeIP(hwaddr)
@@ -216,7 +224,8 @@ func (s *Server) reserveLease(p dhcp4.Packet) (*Lease, error) {
 	return lease, nil
 }
 
-func (s *Server) locateLease(p dhcp4.Packet) *Lease {
+// Find a lease for the client
+func (s *Server) findLease(p dhcp4.Packet) *Lease {
 	hwaddr := p.CHAddr()
 	for i := range s.leases {
 		if bytes.Equal([]byte(hwaddr), []byte(s.leases[i].HWAddr)) {
@@ -243,7 +252,6 @@ func (s *Server) findFreeIP(hwaddr net.HardwareAddr) (net.IP, error) {
 			// if !bytes.Equal(foundHWaddr, hwaddr) {
 			// 	log.Tracef("SHOULD NOT HAPPEN: hwaddr in IP pool %s is not equal to hwaddr in lease %s", foundHWaddr, hwaddr)
 			// }
-			log.Tracef("will try again")
 			continue
 		}
 		foundIP = newIP
@@ -280,12 +288,7 @@ func (s *Server) unreserveIP(ip net.IP) {
 
 // ServeDHCP handles an incoming DHCP request
 func (s *Server) ServeDHCP(p dhcp4.Packet, msgType dhcp4.MessageType, options dhcp4.Options) dhcp4.Packet {
-	log.Tracef("Message from client %s: %d", p.CHAddr(), msgType)
-
-	log.Tracef("Leases:")
-	for i, lease := range s.leases {
-		log.Tracef("Lease #%d: hwaddr %s, ip %s, expiry %s", i, lease.HWAddr, lease.IP, lease.Expiry)
-	}
+	s.printLeases()
 
 	switch msgType {
 	case dhcp4.Discover: // Broadcast Packet From Client - Can I have an IP?
@@ -297,26 +300,26 @@ func (s *Server) ServeDHCP(p dhcp4.Packet, msgType dhcp4.MessageType, options dh
 		return s.handleDHCP4Request(p, options)
 
 	case dhcp4.Decline: // Broadcast From Client - Sorry I can't use that IP
-		log.Tracef("Got from client: Decline")
+		return s.handleDecline(p, options)
 
 	case dhcp4.Release: // From Client, I don't need that IP anymore
-		log.Tracef("Got from client: Release")
+		return s.handleRelease(p, options)
 
 	case dhcp4.Inform: // From Client, I have this IP and there's nothing you can do about it
-		log.Tracef("Got from client: Inform")
+		return s.handleInform(p, options)
 
 	// from server -- ignore those but enumerate just in case
 	case dhcp4.Offer: // Broadcast From Server - Here's an IP
-		log.Printf("DHCP: received message from another server: Offer")
+		log.Printf("DHCP: received message from %s: Offer", p.CHAddr())
 
 	case dhcp4.ACK: // From Server, Yes you can have that IP
-		log.Printf("DHCP: received message from another server: ACK")
+		log.Printf("DHCP: received message from %s: ACK", p.CHAddr())
 
 	case dhcp4.NAK: // From Server, No you cannot have that IP
-		log.Printf("DHCP: received message from another server: NAK")
+		log.Printf("DHCP: received message from %s: NAK", p.CHAddr())
 
 	default:
-		log.Printf("DHCP: unknown packet %v from client %s", msgType, p.CHAddr())
+		log.Printf("DHCP: unknown packet %v from %s", msgType, p.CHAddr())
 		return nil
 	}
 	return nil
@@ -324,12 +327,23 @@ func (s *Server) ServeDHCP(p dhcp4.Packet, msgType dhcp4.MessageType, options dh
 
 func (s *Server) handleDiscover(p dhcp4.Packet, options dhcp4.Options) dhcp4.Packet {
 	// find a lease, but don't update lease time
+	var lease *Lease
+	var err error
 
-	lease, err := s.reserveLease(p)
-	if err != nil {
-		log.Tracef("Couldn't find free lease: %s", err)
-		// couldn't find lease, don't respond
-		return nil
+	reqIP := net.IP(options[dhcp4.OptionRequestedIPAddress])
+	hostname := p.ParseOptions()[dhcp4.OptionHostName]
+	log.Tracef("Message from client: Discover.  ReqIP: %s  HW: %s  Hostname: %s",
+		reqIP, p.CHAddr(), hostname)
+
+	lease = s.findLease(p)
+	for lease == nil {
+		lease, err = s.reserveLease(p)
+		if err != nil {
+			log.Error("Couldn't find free lease: %s", err)
+			return nil
+		}
+
+		break
 	}
 
 	opt := s.leaseOptions.SelectOrderOrAll(options[dhcp4.OptionParameterRequestList])
@@ -339,49 +353,70 @@ func (s *Server) handleDiscover(p dhcp4.Packet, options dhcp4.Options) dhcp4.Pac
 }
 
 func (s *Server) handleDHCP4Request(p dhcp4.Packet, options dhcp4.Options) dhcp4.Packet {
+	var lease *Lease
+	var err error
+
+	reqIP := net.IP(options[dhcp4.OptionRequestedIPAddress])
+	log.Tracef("Message from client: Request.  IP: %s  ReqIP: %s  HW: %s",
+		p.CIAddr(), reqIP, p.CHAddr())
+
 	server := options[dhcp4.OptionServerIdentifier]
 	if server != nil && !net.IP(server).Equal(s.ipnet.IP) {
 		log.Tracef("Request message not for this DHCP server (%v vs %v)", server, s.ipnet.IP)
 		return nil // Message not for this dhcp server
 	}
 
-	reqIP := net.IP(options[dhcp4.OptionRequestedIPAddress])
 	if reqIP == nil {
 		reqIP = p.CIAddr()
-	}
 
-	if reqIP.To4() == nil {
-		log.Tracef("Replying with NAK: request IP isn't valid IPv4: %s", reqIP)
+	} else if reqIP == nil || reqIP.To4() == nil {
+		log.Tracef("Requested IP isn't a valid IPv4: %s", reqIP)
 		return dhcp4.ReplyPacket(p, dhcp4.NAK, s.ipnet.IP, nil, 0, nil)
 	}
 
-	if reqIP.Equal(net.IPv4zero) {
-		log.Tracef("Replying with NAK: request IP is 0.0.0.0")
+	lease = s.findLease(p)
+	if lease == nil {
+		lease, err = s.reserveLease(p)
+		if err != nil {
+			log.Tracef("Couldn't find free lease: %s", err)
+			// couldn't find lease, don't respond
+			return nil
+		}
+	}
+
+	if !lease.IP.Equal(reqIP) {
+		log.Tracef("Lease for %s doesn't match requested/client IP: %s vs %s",
+			lease.HWAddr, lease.IP, reqIP)
 		return dhcp4.ReplyPacket(p, dhcp4.NAK, s.ipnet.IP, nil, 0, nil)
 	}
 
-	log.Tracef("requested IP is %s", reqIP)
-	lease, err := s.reserveLease(p)
-	if err != nil {
-		log.Tracef("Couldn't find free lease: %s", err)
-		// couldn't find lease, don't respond
-		return nil
-	}
+	lease.Expiry = time.Now().Add(s.leaseTime)
+	log.Tracef("Replying with ACK.  IP: %s  HW: %s  Expire: %s",
+		lease.IP, lease.HWAddr, lease.Expiry)
+	opt := s.leaseOptions.SelectOrderOrAll(options[dhcp4.OptionParameterRequestList])
+	return dhcp4.ReplyPacket(p, dhcp4.ACK, s.ipnet.IP, lease.IP, s.leaseTime, opt)
+}
 
-	if lease.IP.Equal(reqIP) {
-		// IP matches lease IP, nothing else to do
-		lease.Expiry = time.Now().Add(s.leaseTime)
-		log.Tracef("Replying with ACK: request IP matches lease IP, nothing else to do. IP %v for %v", lease.IP, p.CHAddr())
-		opt := s.leaseOptions.SelectOrderOrAll(options[dhcp4.OptionParameterRequestList])
-		return dhcp4.ReplyPacket(p, dhcp4.ACK, s.ipnet.IP, lease.IP, s.leaseTime, opt)
-	}
+func (s *Server) handleInform(p dhcp4.Packet, options dhcp4.Options) dhcp4.Packet {
+	log.Tracef("Message from client: Inform.  IP: %s  HW: %s",
+		p.CIAddr(), p.CHAddr())
 
-	//
-	// requested IP different from lease
-	//
+	return nil
+}
 
-	log.Tracef("lease IP is different from requested IP: %s vs %s", lease.IP, reqIP)
-	return dhcp4.ReplyPacket(p, dhcp4.NAK, s.ipnet.IP, nil, 0, nil)
+func (s *Server) handleRelease(p dhcp4.Packet, options dhcp4.Options) dhcp4.Packet {
+	log.Tracef("Message from client: Release.  IP: %s  HW: %s",
+		p.CIAddr(), p.CHAddr())
+
+	return nil
+}
+
+func (s *Server) handleDecline(p dhcp4.Packet, options dhcp4.Options) dhcp4.Packet {
+	reqIP := net.IP(options[dhcp4.OptionRequestedIPAddress])
+	log.Tracef("Message from client: Decline.  IP: %s  HW: %s",
+		reqIP, p.CHAddr())
+
+	return nil
 }
 
 // Leases returns the list of current DHCP leases (thread-safe)
@@ -392,6 +427,15 @@ func (s *Server) Leases() []*Lease {
 	return result
 }
 
+// Print information about the current leases
+func (s *Server) printLeases() {
+	log.Tracef("Leases:")
+	for i, lease := range s.leases {
+		log.Tracef("Lease #%d: hwaddr %s, ip %s, expiry %s",
+			i, lease.HWAddr, lease.IP, lease.Expiry)
+	}
+}
+
 // Reset internal state
 func (s *Server) reset() {
 	s.Lock()

From d832d7ce95478b595bbf966ffef644b6efaeee7d Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Thu, 7 Mar 2019 14:06:35 +0300
Subject: [PATCH 67/95] * dhcp: don't process Discover/Request packets with
 empty client HW address

---
 dhcpd/dhcpd.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/dhcpd/dhcpd.go b/dhcpd/dhcpd.go
index f7d99d36..86aa6fa9 100644
--- a/dhcpd/dhcpd.go
+++ b/dhcpd/dhcpd.go
@@ -325,6 +325,17 @@ func (s *Server) ServeDHCP(p dhcp4.Packet, msgType dhcp4.MessageType, options dh
 	return nil
 }
 
+// Return TRUE if DHCP packet is correct
+func isValidPacket(p dhcp4.Packet) bool {
+	hw := p.CHAddr()
+	zeroes := make([]byte, len(hw))
+	if bytes.Equal(hw, zeroes) {
+		log.Tracef("Packet has empty CHAddr")
+		return false
+	}
+	return true
+}
+
 func (s *Server) handleDiscover(p dhcp4.Packet, options dhcp4.Options) dhcp4.Packet {
 	// find a lease, but don't update lease time
 	var lease *Lease
@@ -335,6 +346,10 @@ func (s *Server) handleDiscover(p dhcp4.Packet, options dhcp4.Options) dhcp4.Pac
 	log.Tracef("Message from client: Discover.  ReqIP: %s  HW: %s  Hostname: %s",
 		reqIP, p.CHAddr(), hostname)
 
+	if !isValidPacket(p) {
+		return nil
+	}
+
 	lease = s.findLease(p)
 	for lease == nil {
 		lease, err = s.reserveLease(p)
@@ -360,6 +375,10 @@ func (s *Server) handleDHCP4Request(p dhcp4.Packet, options dhcp4.Options) dhcp4
 	log.Tracef("Message from client: Request.  IP: %s  ReqIP: %s  HW: %s",
 		p.CIAddr(), reqIP, p.CHAddr())
 
+	if !isValidPacket(p) {
+		return nil
+	}
+
 	server := options[dhcp4.OptionServerIdentifier]
 	if server != nil && !net.IP(server).Equal(s.ipnet.IP) {
 		log.Tracef("Request message not for this DHCP server (%v vs %v)", server, s.ipnet.IP)

From 542a67b84edc067d864164fbb9f566447a97ccb8 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Thu, 7 Mar 2019 16:57:20 +0300
Subject: [PATCH 68/95] * dhcp: don't allocate a new lease when processing
 Request message

---
 dhcpd/dhcpd.go      |  9 ++-------
 dhcpd/dhcpd_test.go | 14 +++-----------
 2 files changed, 5 insertions(+), 18 deletions(-)

diff --git a/dhcpd/dhcpd.go b/dhcpd/dhcpd.go
index 86aa6fa9..27233965 100644
--- a/dhcpd/dhcpd.go
+++ b/dhcpd/dhcpd.go
@@ -369,7 +369,6 @@ func (s *Server) handleDiscover(p dhcp4.Packet, options dhcp4.Options) dhcp4.Pac
 
 func (s *Server) handleDHCP4Request(p dhcp4.Packet, options dhcp4.Options) dhcp4.Packet {
 	var lease *Lease
-	var err error
 
 	reqIP := net.IP(options[dhcp4.OptionRequestedIPAddress])
 	log.Tracef("Message from client: Request.  IP: %s  ReqIP: %s  HW: %s",
@@ -395,12 +394,8 @@ func (s *Server) handleDHCP4Request(p dhcp4.Packet, options dhcp4.Options) dhcp4
 
 	lease = s.findLease(p)
 	if lease == nil {
-		lease, err = s.reserveLease(p)
-		if err != nil {
-			log.Tracef("Couldn't find free lease: %s", err)
-			// couldn't find lease, don't respond
-			return nil
-		}
+		log.Tracef("Lease for %s isn't found", p.CHAddr())
+		return dhcp4.ReplyPacket(p, dhcp4.NAK, s.ipnet.IP, nil, 0, nil)
 	}
 
 	if !lease.IP.Equal(reqIP) {
diff --git a/dhcpd/dhcpd_test.go b/dhcpd/dhcpd_test.go
index 2d675ed9..366606d4 100644
--- a/dhcpd/dhcpd_test.go
+++ b/dhcpd/dhcpd_test.go
@@ -43,11 +43,7 @@ func TestDHCP(t *testing.T) {
 	lease, _ = s.reserveLease(p)
 	check(t, bytes.Equal(lease.HWAddr, hw), "lease.HWAddr")
 	check(t, bytes.Equal(lease.IP, []byte{1, 1, 1, 1}), "lease.IP")
-
-	// Try to reserve another IP for the same machine - no new IP must be reserved
-	hw = []byte{1, 2, 3, 4, 5, 6}
-	p.SetCHAddr(hw)
-	lease, _ = s.reserveLease(p)
+	lease = s.findLease(p)
 	check(t, bytes.Equal(lease.HWAddr, hw), "lease.HWAddr")
 	check(t, bytes.Equal(lease.IP, []byte{1, 1, 1, 1}), "lease.IP")
 
@@ -100,7 +96,7 @@ func misc(t *testing.T, s *Server) {
 
 	p = make(dhcp4.Packet, 241)
 
-	// Commit a lease for an IP without prior Discover-Offer packets
+	// Try to commit a lease for an IP without prior Discover-Offer packets
 	hw = []byte{2, 2, 3, 4, 5, 6}
 	p.SetCHAddr(hw)
 	p.SetCIAddr([]byte{0, 0, 0, 0})
@@ -108,11 +104,7 @@ func misc(t *testing.T, s *Server) {
 	opt[dhcp4.OptionRequestedIPAddress] = []byte{1, 1, 1, 1}
 	p2 = s.handleDHCP4Request(p, opt)
 	opt = p2.ParseOptions()
-	check(t, bytes.Equal(opt[dhcp4.OptionDHCPMessageType], []byte{byte(dhcp4.ACK)}), "dhcp4.ACK")
-	check(t, bytes.Equal(p2.YIAddr(), []byte{1, 1, 1, 1}), "p2.YIAddr")
-	check(t, bytes.Equal(p2.CHAddr(), hw), "p2.CHAddr")
-	check(t, bytes.Equal(opt[dhcp4.OptionIPAddressLeaseTime], dhcp4.OptionsLeaseTime(5*time.Second)), "OptionIPAddressLeaseTime")
-	check(t, bytes.Equal(opt[dhcp4.OptionServerIdentifier], s.ipnet.IP), "OptionServerIdentifier")
+	check(t, bytes.Equal(opt[dhcp4.OptionDHCPMessageType], []byte{byte(dhcp4.NAK)}), "dhcp4.NAK")
 }
 
 // Leases database store/load

From 8fa2f481369677d650635ac981adba1c63ca58e6 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Thu, 7 Mar 2019 16:48:55 +0300
Subject: [PATCH 69/95] + dhcp: use ICMP for IP conflict detection

+ 'icmp_timeout_msec' YAML config setting
---
 dhcpd/dhcpd.go | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++
 go.mod         |  1 +
 go.sum         |  2 ++
 3 files changed, 59 insertions(+)

diff --git a/dhcpd/dhcpd.go b/dhcpd/dhcpd.go
index 27233965..57e0c513 100644
--- a/dhcpd/dhcpd.go
+++ b/dhcpd/dhcpd.go
@@ -10,6 +10,7 @@ import (
 
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/krolaw/dhcp4"
+	"github.com/sparrc/go-ping"
 )
 
 const defaultDiscoverTime = time.Second * 3
@@ -33,6 +34,10 @@ type ServerConfig struct {
 	RangeStart    string `json:"range_start" yaml:"range_start"`
 	RangeEnd      string `json:"range_end" yaml:"range_end"`
 	LeaseDuration uint   `json:"lease_duration" yaml:"lease_duration"` // in seconds
+
+	// IP conflict detector: time (ms) to wait for ICMP reply.
+	// 0: disable
+	ICMPTimeout uint `json:"icmp_timeout_msec" yaml:"icmp_timeout_msec"`
 }
 
 // Server - the current state of the DHCP server
@@ -325,6 +330,51 @@ func (s *Server) ServeDHCP(p dhcp4.Packet, msgType dhcp4.MessageType, options dh
 	return nil
 }
 
+// Send ICMP to the specified machine
+// Return TRUE if it doesn't reply, which probably means that the IP is available
+func (s *Server) addrAvailable(target net.IP) bool {
+
+	if s.ICMPTimeout == 0 {
+		return true
+	}
+
+	pinger, err := ping.NewPinger(target.String())
+	if err != nil {
+		log.Error("ping.NewPinger(): %v", err)
+		return true
+	}
+
+	pinger.SetPrivileged(true)
+	pinger.Timeout = time.Duration(s.ICMPTimeout) * time.Millisecond
+	pinger.Count = 1
+	reply := false
+	pinger.OnRecv = func(pkt *ping.Packet) {
+		// log.Tracef("Received ICMP Reply from %v", target)
+		reply = true
+	}
+	log.Tracef("Sending ICMP Echo to %v", target)
+	pinger.Run()
+
+	if reply {
+		log.Info("DHCP: IP conflict: %v is already used by another device", target)
+		return false
+	}
+
+	log.Tracef("ICMP procedure is complete: %v", target)
+	return true
+}
+
+// Add the specified IP to the black list for a time period
+func (s *Server) blacklistLease(lease *Lease) {
+	hw := make(net.HardwareAddr, 6)
+	s.reserveIP(lease.IP, hw)
+	s.Lock()
+	lease.HWAddr = hw
+	lease.Hostname = ""
+	lease.Expiry = time.Now().Add(s.leaseTime)
+	s.Unlock()
+}
+
 // Return TRUE if DHCP packet is correct
 func isValidPacket(p dhcp4.Packet) bool {
 	hw := p.CHAddr()
@@ -358,6 +408,12 @@ func (s *Server) handleDiscover(p dhcp4.Packet, options dhcp4.Options) dhcp4.Pac
 			return nil
 		}
 
+		if !s.addrAvailable(lease.IP) {
+			s.blacklistLease(lease)
+			lease = nil
+			continue
+		}
+
 		break
 	}
 
diff --git a/go.mod b/go.mod
index 2f0dd5bd..62035c9c 100644
--- a/go.mod
+++ b/go.mod
@@ -17,6 +17,7 @@ require (
 	github.com/miekg/dns v1.1.1
 	github.com/shirou/gopsutil v2.18.10+incompatible
 	github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 // indirect
+	github.com/sparrc/go-ping v0.0.0-20181106165434-ef3ab45e41b0
 	github.com/stretchr/testify v1.2.2
 	go.uber.org/goleak v0.10.0
 	golang.org/x/net v0.0.0-20190119204137-ed066c81e75e
diff --git a/go.sum b/go.sum
index 51c15f76..c4bced69 100644
--- a/go.sum
+++ b/go.sum
@@ -56,6 +56,8 @@ github.com/shirou/gopsutil v2.18.10+incompatible h1:cy84jW6EVRPa5g9HAHrlbxMSIjBh
 github.com/shirou/gopsutil v2.18.10+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
 github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 h1:udFKJ0aHUL60LboW/A+DfgoHVedieIzIXE8uylPue0U=
 github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc=
+github.com/sparrc/go-ping v0.0.0-20181106165434-ef3ab45e41b0 h1:mu7brOsdaH5Dqf93vdch+mr/0To8Sgc+yInt/jE/RJM=
+github.com/sparrc/go-ping v0.0.0-20181106165434-ef3ab45e41b0/go.mod h1:eMyUVp6f/5jnzM+3zahzl7q6UXLbgSc3MKg/+ow9QW0=
 github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=

From d68600c5d03b73d94f380f5442c22ddc8f755d9a Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Mon, 11 Mar 2019 15:11:48 +0300
Subject: [PATCH 70/95] + dhcp: handle lease expiration

---
 dhcpd/dhcpd.go | 33 ++++++++++++++++++++++++++++++---
 1 file changed, 30 insertions(+), 3 deletions(-)

diff --git a/dhcpd/dhcpd.go b/dhcpd/dhcpd.go
index 57e0c513..b54195a8 100644
--- a/dhcpd/dhcpd.go
+++ b/dhcpd/dhcpd.go
@@ -215,14 +215,30 @@ func (s *Server) reserveLease(p dhcp4.Packet) (*Lease, error) {
 	hwaddr := make(net.HardwareAddr, len(hwaddrCOW))
 	copy(hwaddr, hwaddrCOW)
 	// not assigned a lease, create new one, find IP from LRU
+	hostname := p.ParseOptions()[dhcp4.OptionHostName]
+	lease := &Lease{HWAddr: hwaddr, Hostname: string(hostname)}
+
 	log.Tracef("Lease not found for %s: creating new one", hwaddr)
 	ip, err := s.findFreeIP(hwaddr)
 	if err != nil {
-		return nil, wrapErrPrint(err, "Couldn't find free IP for the lease %s", hwaddr.String())
+		i := s.findExpiredLease()
+		if i < 0 {
+			return nil, wrapErrPrint(err, "Couldn't find free IP for the lease %s", hwaddr.String())
+		}
+
+		log.Tracef("Assigning IP address %s to %s (lease for %s expired at %s)",
+			s.leases[i].IP, hwaddr, s.leases[i].HWAddr, s.leases[i].Expiry)
+		lease.IP = s.leases[i].IP
+		s.Lock()
+		s.leases[i] = lease
+		s.Unlock()
+
+		s.reserveIP(lease.IP, hwaddr)
+		return lease, nil
 	}
+
 	log.Tracef("Assigning to %s IP address %s", hwaddr, ip.String())
-	hostname := p.ParseOptions()[dhcp4.OptionHostName]
-	lease := &Lease{HWAddr: hwaddr, IP: ip, Hostname: string(hostname)}
+	lease.IP = ip
 	s.Lock()
 	s.leases = append(s.leases, lease)
 	s.Unlock()
@@ -241,6 +257,17 @@ func (s *Server) findLease(p dhcp4.Packet) *Lease {
 	return nil
 }
 
+// Find an expired lease and return its index or -1
+func (s *Server) findExpiredLease() int {
+	now := time.Now().Unix()
+	for i, lease := range s.leases {
+		if lease.Expiry.Unix() <= now {
+			return i
+		}
+	}
+	return -1
+}
+
 func (s *Server) findFreeIP(hwaddr net.HardwareAddr) (net.IP, error) {
 	// if IP pool is nil, lazy initialize it
 	if s.IPpool == nil {

From 9494b87ca54a97baf2ccc78a8f9e593ad444bf81 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Mon, 11 Mar 2019 16:03:34 +0300
Subject: [PATCH 71/95] * control: add logs

---
 dhcp.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/dhcp.go b/dhcp.go
index 58a3f161..ac9c36c5 100644
--- a/dhcp.go
+++ b/dhcp.go
@@ -17,6 +17,7 @@ import (
 var dhcpServer = dhcpd.Server{}
 
 func handleDHCPStatus(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("%s %v", r.Method, r.URL)
 	rawLeases := dhcpServer.Leases()
 	leases := []map[string]string{}
 	for i := range rawLeases {
@@ -43,6 +44,7 @@ func handleDHCPStatus(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("%s %v", r.Method, r.URL)
 	newconfig := dhcpd.ServerConfig{}
 	err := json.NewDecoder(r.Body).Decode(&newconfig)
 	if err != nil {
@@ -68,6 +70,7 @@ func handleDHCPSetConfig(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("%s %v", r.Method, r.URL)
 	response := map[string]interface{}{}
 
 	ifaces, err := getValidNetInterfaces()
@@ -128,6 +131,7 @@ func handleDHCPInterfaces(w http.ResponseWriter, r *http.Request) {
 }
 
 func handleDHCPFindActiveServer(w http.ResponseWriter, r *http.Request) {
+	log.Tracef("%s %v", r.Method, r.URL)
 	body, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		errorText := fmt.Sprintf("failed to read request body: %s", err)

From ef637e1313ce548eab28c9b9f36c6db20a1c62c9 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Fri, 1 Mar 2019 17:39:20 +0300
Subject: [PATCH 72/95] + DHCP: step-by-step guide for test setup with Virtual
 Box

---
 dhcpd/README.md | 53 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 dhcpd/README.md

diff --git a/dhcpd/README.md b/dhcpd/README.md
new file mode 100644
index 00000000..83e48183
--- /dev/null
+++ b/dhcpd/README.md
@@ -0,0 +1,53 @@
+# DHCP server
+
+Contents:
+* [Test setup with Virtual Box](#vbox)
+
+<a id="vbox"></a>
+## Test setup with Virtual Box
+
+To set up a test environment for DHCP server you need:
+
+* Linux host machine
+* Virtual Box
+* Virtual machine (guest OS doesn't matter)
+
+### Configure client
+
+1. Install Virtual Box and run the following command to create a Host-Only network:
+
+        $ VBoxManage hostonlyif create
+
+    You can check its status by `ip a` command.
+
+    You can also set up Host-Only network using Virtual Box menu:
+
+        File -> Host Network Manager...
+
+2. Create your virtual machine and set up its network:
+
+        VM Settings -> Network -> Host-only Adapter
+
+3. Start your VM, install an OS.  Configure your network interface to use DHCP and the OS should ask for a IP address from our DHCP server.
+
+### Configure server
+
+1. Edit server configuration file 'AdGuardHome.yaml', for example:
+
+        dhcp:
+          enabled: true
+          interface_name: vboxnet0
+          gateway_ip: 192.168.56.1
+          subnet_mask: 255.255.255.0
+          range_start: 192.168.56.2
+          range_end: 192.168.56.2
+          lease_duration: 86400
+          icmp_timeout_msec: 1000
+
+2. Start the server
+
+        ./AdGuardHome
+
+    There should be a message in log which shows that DHCP server is ready:
+
+        [info] DHCP: listening on 0.0.0.0:67

From f432eb360952e9bbf95448798ea6a89c4d93dec7 Mon Sep 17 00:00:00 2001
From: CodeLingo Bot <bot@codelingo.io>
Date: Mon, 11 Mar 2019 00:49:32 +0000
Subject: [PATCH 73/95] Fix function comments based on best practices from
 Effective Go

Signed-off-by: CodeLingo Bot <bot@codelingo.io>
---
 filter.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/filter.go b/filter.go
index 6b61d504..9625b207 100644
--- a/filter.go
+++ b/filter.go
@@ -263,7 +263,7 @@ func (filter *filter) Path() string {
 	return filepath.Join(config.ourWorkingDir, dataDir, filterDir, strconv.FormatInt(filter.ID, 10)+".txt")
 }
 
-// LastUpdated returns the time when the filter was last time updated
+// LastTimeUpdated returns the time when the filter was last time updated
 func (filter *filter) LastTimeUpdated() time.Time {
 	filterFilePath := filter.Path()
 	if _, err := os.Stat(filterFilePath); os.IsNotExist(err) {

From 6b223e2992f45aaba7ae9d685a741bd76c23d284 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Mon, 18 Mar 2019 14:50:33 +0300
Subject: [PATCH 74/95] * dnsfilter: extend logging

---
 dnsfilter/dnsfilter.go | 17 +++++++++++++++++
 go.mod                 |  2 +-
 go.sum                 |  4 ++--
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/dnsfilter/dnsfilter.go b/dnsfilter/dnsfilter.go
index b33465f9..83818f1b 100644
--- a/dnsfilter/dnsfilter.go
+++ b/dnsfilter/dnsfilter.go
@@ -600,6 +600,11 @@ func hostnameToHashParam(host string, addslash bool) (string, map[string]bool) {
 }
 
 func (d *Dnsfilter) checkSafeSearch(host string) (Result, error) {
+	if log.GetLevel() >= log.DEBUG {
+		timer := log.StartTimer()
+		defer timer.LogElapsed("SafeSearch HTTP lookup for %s", host)
+	}
+
 	if safeSearchCache == nil {
 		safeSearchCache = gcache.New(defaultCacheSize).LRU().Expiration(defaultCacheTime).Build()
 	}
@@ -608,6 +613,7 @@ func (d *Dnsfilter) checkSafeSearch(host string) (Result, error) {
 	cachedValue, isFound, err := getCachedReason(safeSearchCache, host)
 	if isFound {
 		atomic.AddUint64(&stats.Safesearch.CacheHits, 1)
+		log.Tracef("%s: found in SafeSearch cache", host)
 		return cachedValue, nil
 	}
 
@@ -656,6 +662,11 @@ func (d *Dnsfilter) checkSafeSearch(host string) (Result, error) {
 }
 
 func (d *Dnsfilter) checkSafeBrowsing(host string) (Result, error) {
+	if log.GetLevel() >= log.DEBUG {
+		timer := log.StartTimer()
+		defer timer.LogElapsed("SafeBrowsing HTTP lookup for %s", host)
+	}
+
 	// prevent recursion -- checking the host of safebrowsing server makes no sense
 	if host == d.safeBrowsingServer {
 		return Result{}, nil
@@ -697,6 +708,11 @@ func (d *Dnsfilter) checkSafeBrowsing(host string) (Result, error) {
 }
 
 func (d *Dnsfilter) checkParental(host string) (Result, error) {
+	if log.GetLevel() >= log.DEBUG {
+		timer := log.StartTimer()
+		defer timer.LogElapsed("Parental HTTP lookup for %s", host)
+	}
+
 	// prevent recursion -- checking the host of parental safety server makes no sense
 	if host == d.parentalServer {
 		return Result{}, nil
@@ -754,6 +770,7 @@ func (d *Dnsfilter) lookupCommon(host string, lookupstats *LookupStats, cache gc
 	cachedValue, isFound, err := getCachedReason(cache, host)
 	if isFound {
 		atomic.AddUint64(&lookupstats.CacheHits, 1)
+		log.Tracef("%s: found in the lookup cache", host)
 		return cachedValue, nil
 	}
 	if err != nil {
diff --git a/go.mod b/go.mod
index 62035c9c..01918844 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.12
 
 require (
 	github.com/AdguardTeam/dnsproxy v0.11.2
-	github.com/AdguardTeam/golibs v0.1.1
+	github.com/AdguardTeam/golibs v0.1.3
 	github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f // indirect
 	github.com/bluele/gcache v0.0.0-20171010155617-472614239ac7
 	github.com/go-ole/go-ole v1.2.1 // indirect
diff --git a/go.sum b/go.sum
index c4bced69..fbd89b79 100644
--- a/go.sum
+++ b/go.sum
@@ -1,8 +1,8 @@
 github.com/AdguardTeam/dnsproxy v0.11.2 h1:S/Ag2q9qoZsmW1fvMohPZP7/5amEtz8NmFCp8kxUalQ=
 github.com/AdguardTeam/dnsproxy v0.11.2/go.mod h1:EPp92b5cYR7HZpO+OQu6xC7AyhUoBaXW3sfa3exq/0I=
 github.com/AdguardTeam/golibs v0.1.0/go.mod h1:zhi6xGwK4cMpjDocybhhLgvcGkstiSIjlpKbvyxC5Yc=
-github.com/AdguardTeam/golibs v0.1.1 h1:aepIN7yulf8I4Ub2c0cAaIizfSHPVXB2wrh8j4BJxl4=
-github.com/AdguardTeam/golibs v0.1.1/go.mod h1:b0XkhgIcn2TxwX6C5AQMtpIFAgjPehNgxJErWkwA3ko=
+github.com/AdguardTeam/golibs v0.1.3 h1:hmapdTtMtIk3T8eQDwTOLdqZLGDKNKk9325uC8z12xg=
+github.com/AdguardTeam/golibs v0.1.3/go.mod h1:b0XkhgIcn2TxwX6C5AQMtpIFAgjPehNgxJErWkwA3ko=
 github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f h1:5ZfJxyXo8KyX8DgGXC5B7ILL8y51fci/qYz2B4j8iLY=
 github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=

From b5eb840d22361d18663182ea40db63431595b6b8 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Tue, 19 Mar 2019 14:14:58 +0300
Subject: [PATCH 75/95] + control: use the list of IP addresses instead of
 single string in "dns_address"

"dns_address":"0.0.0.0" -> "dns_addresses":["127.0.0.1", "::1", ...]
---
 control.go | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/control.go b/control.go
index 0bd7a5d7..e4454fb9 100644
--- a/control.go
+++ b/control.go
@@ -79,8 +79,25 @@ func httpUpdateConfigReloadDNSReturnOK(w http.ResponseWriter, r *http.Request) {
 
 func handleStatus(w http.ResponseWriter, r *http.Request) {
 	log.Tracef("%s %v", r.Method, r.URL)
+
+	dnsAddresses := []string{}
+	if config.DNS.BindHost == "0.0.0.0" {
+		ifaces, e := getValidNetInterfacesForWeb()
+		if e != nil {
+			log.Error("Couldn't get network interfaces: %v", e)
+		}
+		for _, iface := range ifaces {
+			for _, addr := range iface.Addresses {
+				dnsAddresses = append(dnsAddresses, addr)
+			}
+		}
+	}
+	if len(dnsAddresses) == 0 {
+		dnsAddresses = append(dnsAddresses, config.DNS.BindHost)
+	}
+
 	data := map[string]interface{}{
-		"dns_address":        config.DNS.BindHost,
+		"dns_addresses":      dnsAddresses,
 		"http_port":          config.BindPort,
 		"dns_port":           config.DNS.Port,
 		"protection_enabled": config.DNS.ProtectionEnabled,

From d7b1825cf59cb71a3bdb39fe488527b670e3a90c Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Tue, 19 Mar 2019 14:28:12 +0300
Subject: [PATCH 76/95] * control: filtering/refresh: force update filters

---
 control.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/control.go b/control.go
index 0bd7a5d7..3657b5c6 100644
--- a/control.go
+++ b/control.go
@@ -738,8 +738,7 @@ func handleFilteringSetRules(w http.ResponseWriter, r *http.Request) {
 
 func handleFilteringRefresh(w http.ResponseWriter, r *http.Request) {
 	log.Tracef("%s %v", r.Method, r.URL)
-	force := r.URL.Query().Get("force")
-	updated := refreshFiltersIfNecessary(force != "")
+	updated := refreshFiltersIfNecessary(true)
 	fmt.Fprintf(w, "OK %d filters updated\n", updated)
 }
 

From ef789acee4ef990d9f93fa7f718f819b5bdea03d Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Tue, 19 Mar 2019 15:54:35 +0300
Subject: [PATCH 77/95] * control: DHCP: don't return expired leases

- fix potential race when lease's data can be modified while UI thread is reading it
---
 dhcpd/dhcpd.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/dhcpd/dhcpd.go b/dhcpd/dhcpd.go
index b54195a8..f1ce0f2a 100644
--- a/dhcpd/dhcpd.go
+++ b/dhcpd/dhcpd.go
@@ -517,10 +517,17 @@ func (s *Server) handleDecline(p dhcp4.Packet, options dhcp4.Options) dhcp4.Pack
 }
 
 // Leases returns the list of current DHCP leases (thread-safe)
-func (s *Server) Leases() []*Lease {
+func (s *Server) Leases() []Lease {
+	var result []Lease
+	now := time.Now().Unix()
 	s.RLock()
-	result := s.leases
+	for _, lease := range s.leases {
+		if lease.Expiry.Unix() > now {
+			result = append(result, *lease)
+		}
+	}
 	s.RUnlock()
+
 	return result
 }
 

From 756c5ac0d3c9b685f95cc755ad098cef74e0c517 Mon Sep 17 00:00:00 2001
From: Ildar Kamalov <i.kamalov@adguard.com>
Date: Tue, 19 Mar 2019 16:19:53 +0300
Subject: [PATCH 78/95] + client: added setup guide page and DNS addresses
 popover

Closes #605
---
 client/src/__locales/en.json               |  4 +-
 client/src/components/App/index.js         |  4 +-
 client/src/components/Header/Header.css    |  7 ++
 client/src/components/Header/Menu.js       |  7 +-
 client/src/components/Header/Version.js    | 23 ++++--
 client/src/components/Header/index.js      | 12 ++--
 client/src/components/SetupGuide/Guide.css | 15 ++++
 client/src/components/SetupGuide/index.js  | 46 ++++++++++++
 client/src/components/ui/Guide.js          | 83 ++++++++++++++++++++++
 client/src/components/ui/Popover.css       | 46 ++++++++++++
 client/src/containers/SetupGuide.js        | 14 ++++
 client/src/install/Setup/Devices.js        | 75 +------------------
 client/src/reducers/index.js               |  7 +-
 13 files changed, 251 insertions(+), 92 deletions(-)
 create mode 100644 client/src/components/SetupGuide/Guide.css
 create mode 100644 client/src/components/SetupGuide/index.js
 create mode 100644 client/src/components/ui/Guide.js
 create mode 100644 client/src/containers/SetupGuide.js

diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json
index 92540ea6..36b78e79 100644
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -249,5 +249,7 @@
     "update_announcement": "AdGuard Home {{version}} is now available! <0>Click here</0> for more info.",
     "upstream_parallel": "Use parallel queries to speed up resolving by simultaneously querying all upstream servers",
     "bootstrap_dns": "Bootstrap DNS servers",
-    "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve IP addresses of the DOH/DOT resolvers you specify as upstreams."
+    "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve IP addresses of the DOH/DOT resolvers you specify as upstreams.",
+    "setup_guide": "Setup guide",
+    "dns_addresses": "DNS addresses"
 }
diff --git a/client/src/components/App/index.js b/client/src/components/App/index.js
index 91c5e512..a2676dd0 100644
--- a/client/src/components/App/index.js
+++ b/client/src/components/App/index.js
@@ -14,8 +14,9 @@ import Dashboard from '../../containers/Dashboard';
 import Settings from '../../containers/Settings';
 import Filters from '../../containers/Filters';
 import Logs from '../../containers/Logs';
-import Footer from '../ui/Footer';
+import SetupGuide from '../../containers/SetupGuide';
 import Toasts from '../Toasts';
+import Footer from '../ui/Footer';
 import Status from '../ui/Status';
 import UpdateTopline from '../ui/UpdateTopline';
 import EncryptionTopline from '../ui/EncryptionTopline';
@@ -86,6 +87,7 @@ class App extends Component {
                                 <Route path="/settings" component={Settings} />
                                 <Route path="/filters" component={Filters} />
                                 <Route path="/logs" component={Logs} />
+                                <Route path="/guide" component={SetupGuide} />
                             </Fragment>
                         }
                     </div>
diff --git a/client/src/components/Header/Header.css b/client/src/components/Header/Header.css
index dbbcf08d..a8273e78 100644
--- a/client/src/components/Header/Header.css
+++ b/client/src/components/Header/Header.css
@@ -76,6 +76,13 @@
     font-weight: 600;
 }
 
+.nav-version__link {
+    position: relative;
+    display: inline-block;
+    border-bottom: 1px dashed #495057;
+    cursor: pointer;
+}
+
 .header-brand-img {
     height: 32px;
 }
diff --git a/client/src/components/Header/Menu.js b/client/src/components/Header/Menu.js
index ef465378..2800d768 100644
--- a/client/src/components/Header/Menu.js
+++ b/client/src/components/Header/Menu.js
@@ -4,7 +4,6 @@ import PropTypes from 'prop-types';
 import enhanceWithClickOutside from 'react-click-outside';
 import classnames from 'classnames';
 import { Trans, withNamespaces } from 'react-i18next';
-import { REPOSITORY } from '../../helpers/constants';
 
 class Menu extends Component {
     handleClickOutside = () => {
@@ -56,10 +55,10 @@ class Menu extends Component {
                             </NavLink>
                         </li>
                         <li className="nav-item">
-                            <a href={`${REPOSITORY.URL}/wiki`} className="nav-link" target="_blank" rel="noopener noreferrer">
+                            <NavLink to="/guide" href="/guide" className="nav-link">
                                 <svg className="nav-icon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="#66b574" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round"><circle cx="12" cy="12" r="10"></circle><path d="M9.09 9a3 3 0 0 1 5.83 1c0 2-3 3-3 3"></path><line x1="12" y1="17" x2="12" y2="17"></line></svg>
-                                <Trans>faq</Trans>
-                            </a>
+                                <Trans>setup_guide</Trans>
+                            </NavLink>
                         </li>
                     </ul>
                 </div>
diff --git a/client/src/components/Header/Version.js b/client/src/components/Header/Version.js
index 0faedbcc..be2158e9 100644
--- a/client/src/components/Header/Version.js
+++ b/client/src/components/Header/Version.js
@@ -2,24 +2,35 @@ import React from 'react';
 import PropTypes from 'prop-types';
 import { Trans, withNamespaces } from 'react-i18next';
 
+import { getDnsAddress } from '../../helpers/helpers';
+
 function Version(props) {
-    const { dnsVersion, dnsAddress, dnsPort } = props;
+    const { dnsVersion, dnsAddresses, dnsPort } = props;
     return (
         <div className="nav-version">
             <div className="nav-version__text">
                 <Trans>version</Trans>: <span className="nav-version__value">{dnsVersion}</span>
             </div>
-            <div className="nav-version__text">
-                <Trans>address</Trans>: <span className="nav-version__value">{dnsAddress}:{dnsPort}</span>
+            <div className="nav-version__link">
+                <div className="popover__trigger popover__trigger--address">
+                    <Trans>dns_addresses</Trans>
+                </div>
+                <div className="popover__body popover__body--address">
+                    <div className="popover__list">
+                        {dnsAddresses
+                            .map(ip => <li key={ip}>{getDnsAddress(ip, dnsPort)}</li>)
+                        }
+                    </div>
+                </div>
             </div>
         </div>
     );
 }
 
 Version.propTypes = {
-    dnsVersion: PropTypes.string,
-    dnsAddress: PropTypes.string,
-    dnsPort: PropTypes.number,
+    dnsVersion: PropTypes.string.isRequired,
+    dnsAddresses: PropTypes.array.isRequired,
+    dnsPort: PropTypes.number.isRequired,
 };
 
 export default withNamespaces()(Version);
diff --git a/client/src/components/Header/index.js b/client/src/components/Header/index.js
index ecc1a2af..e2d47fe6 100644
--- a/client/src/components/Header/index.js
+++ b/client/src/components/Header/index.js
@@ -56,11 +56,13 @@ class Header extends Component {
                             toggleMenuOpen={this.toggleMenuOpen}
                             closeMenu={this.closeMenu}
                         />
-                        <div className="col col-sm-6 col-lg-3">
-                            <Version
-                                { ...this.props.dashboard }
-                            />
-                        </div>
+                        {!dashboard.processing &&
+                            <div className="col col-sm-6 col-lg-3">
+                                <Version
+                                    { ...this.props.dashboard }
+                                />
+                            </div>
+                        }
                     </div>
                 </div>
             </div>
diff --git a/client/src/components/SetupGuide/Guide.css b/client/src/components/SetupGuide/Guide.css
new file mode 100644
index 00000000..821f1798
--- /dev/null
+++ b/client/src/components/SetupGuide/Guide.css
@@ -0,0 +1,15 @@
+.guide {
+    max-width: 768px;
+    margin: 0 auto;
+}
+
+.guide__title {
+    margin-bottom: 10px;
+    font-size: 17px;
+    font-weight: 700;
+}
+
+.guide__desc {
+    margin-bottom: 20px;
+    font-size: 15px;
+}
diff --git a/client/src/components/SetupGuide/index.js b/client/src/components/SetupGuide/index.js
new file mode 100644
index 00000000..bea2bbb1
--- /dev/null
+++ b/client/src/components/SetupGuide/index.js
@@ -0,0 +1,46 @@
+import React from 'react';
+import PropTypes from 'prop-types';
+import { Trans, withNamespaces } from 'react-i18next';
+
+import { getDnsAddress } from '../../helpers/helpers';
+
+import Guide from '../ui/Guide';
+import Card from '../ui/Card';
+import PageTitle from '../ui/PageTitle';
+import './Guide.css';
+
+const SetupGuide = ({
+    t,
+    dashboard: {
+        dnsAddresses,
+        dnsPort,
+    },
+}) => (
+    <div className="guide">
+        <PageTitle title={t('setup_guide')} />
+        <Card>
+            <div className="guide__title">
+                <Trans>install_devices_title</Trans>
+            </div>
+            <div className="guide__desc">
+                <Trans>install_devices_desc</Trans>
+                <div className="mt-1">
+                    <Trans>install_devices_address</Trans>:
+                </div>
+                <div className="mt-2 font-weight-bold">
+                    {dnsAddresses
+                        .map(ip => <li key={ip}>{getDnsAddress(ip, dnsPort)}</li>)
+                    }
+                </div>
+            </div>
+            <Guide />
+        </Card>
+    </div>
+);
+
+SetupGuide.propTypes = {
+    dashboard: PropTypes.object.isRequired,
+    t: PropTypes.func.isRequired,
+};
+
+export default withNamespaces()(SetupGuide);
diff --git a/client/src/components/ui/Guide.js b/client/src/components/ui/Guide.js
new file mode 100644
index 00000000..9e89f7ec
--- /dev/null
+++ b/client/src/components/ui/Guide.js
@@ -0,0 +1,83 @@
+import React from 'react';
+import { Trans, withNamespaces } from 'react-i18next';
+
+import Tabs from '../ui/Tabs';
+import Icons from '../ui/Icons';
+
+const Guide = () => (
+    <div>
+        <Icons />
+        <Tabs>
+            <div label="Router">
+                <div className="tab__title">
+                    <Trans>install_devices_router</Trans>
+                </div>
+                <div className="tab__text">
+                    <p><Trans>install_devices_router_desc</Trans></p>
+                    <ol>
+                        <li><Trans>install_devices_router_list_1</Trans></li>
+                        <li><Trans>install_devices_router_list_2</Trans></li>
+                        <li><Trans>install_devices_router_list_3</Trans></li>
+                    </ol>
+                </div>
+            </div>
+            <div label="Windows">
+                <div className="tab__title">
+                    Windows
+                </div>
+                <div className="tab__text">
+                    <ol>
+                        <li><Trans>install_devices_windows_list_1</Trans></li>
+                        <li><Trans>install_devices_windows_list_2</Trans></li>
+                        <li><Trans>install_devices_windows_list_3</Trans></li>
+                        <li><Trans>install_devices_windows_list_4</Trans></li>
+                        <li><Trans>install_devices_windows_list_5</Trans></li>
+                        <li><Trans>install_devices_windows_list_6</Trans></li>
+                    </ol>
+                </div>
+            </div>
+            <div label="macOS">
+                <div className="tab__title">
+                    macOS
+                </div>
+                <div className="tab__text">
+                    <ol>
+                        <li><Trans>install_devices_macos_list_1</Trans></li>
+                        <li><Trans>install_devices_macos_list_2</Trans></li>
+                        <li><Trans>install_devices_macos_list_3</Trans></li>
+                        <li><Trans>install_devices_macos_list_4</Trans></li>
+                    </ol>
+                </div>
+            </div>
+            <div label="Android">
+                <div className="tab__title">
+                    Android
+                </div>
+                <div className="tab__text">
+                    <ol>
+                        <li><Trans>install_devices_android_list_1</Trans></li>
+                        <li><Trans>install_devices_android_list_2</Trans></li>
+                        <li><Trans>install_devices_android_list_3</Trans></li>
+                        <li><Trans>install_devices_android_list_4</Trans></li>
+                        <li><Trans>install_devices_android_list_5</Trans></li>
+                    </ol>
+                </div>
+            </div>
+            <div label="iOS">
+                <div className="tab__title">
+                    iOS
+                </div>
+                <div className="tab__text">
+                    <ol>
+                        <li><Trans>install_devices_ios_list_1</Trans></li>
+                        <li><Trans>install_devices_ios_list_2</Trans></li>
+                        <li><Trans>install_devices_ios_list_3</Trans></li>
+                        <li><Trans>install_devices_ios_list_4</Trans></li>
+                    </ol>
+                </div>
+            </div>
+        </Tabs>
+    </div>
+);
+
+export default withNamespaces()(Guide);
diff --git a/client/src/components/ui/Popover.css b/client/src/components/ui/Popover.css
index dc83e4cb..f7e23836 100644
--- a/client/src/components/ui/Popover.css
+++ b/client/src/components/ui/Popover.css
@@ -22,6 +22,16 @@
     height: 24px;
 }
 
+.popover__trigger--address {
+    top: 0;
+    margin: 0;
+    line-height: 1.2;
+}
+
+.popover__trigger--address:after {
+    display: none;
+}
+
 .popover__body {
     content: "";
     display: flex;
@@ -57,6 +67,38 @@
     border-top: 6px solid #585965;
 }
 
+.popover__body--address {
+    top: calc(100% + 10px);
+    right: 0;
+    left: initial;
+    bottom: initial;
+    z-index: 1;
+    min-width: 100px;
+    padding: 12px 18px;
+    font-weight: 700;
+    text-align: left;
+    white-space: nowrap;
+    transform: none;
+    cursor: default;
+}
+
+.popover__body--address:after {
+    top: -11px;
+    left: initial;
+    right: 40px;
+    border-top: 6px solid transparent;
+    border-bottom: 6px solid #585965;
+}
+
+.popover__body--address:before {
+    content: "";
+    position: absolute;
+    top: -7px;
+    left: 0;
+    width: 100%;
+    height: 10px;
+}
+
 .popover__trigger:hover + .popover__body,
 .popover__body:hover {
     visibility: visible;
@@ -73,6 +115,10 @@
     stroke: #66b574;
 }
 
+.popover__list--bold {
+    font-weight: 700;
+}
+
 .popover__list-title {
     margin-bottom: 3px;
 }
diff --git a/client/src/containers/SetupGuide.js b/client/src/containers/SetupGuide.js
new file mode 100644
index 00000000..1e7ecd12
--- /dev/null
+++ b/client/src/containers/SetupGuide.js
@@ -0,0 +1,14 @@
+import { connect } from 'react-redux';
+import * as actionCreators from '../actions';
+import SetupGuide from '../components/SetupGuide';
+
+const mapStateToProps = (state) => {
+    const { dashboard } = state;
+    const props = { dashboard };
+    return props;
+};
+
+export default connect(
+    mapStateToProps,
+    actionCreators,
+)(SetupGuide);
diff --git a/client/src/install/Setup/Devices.js b/client/src/install/Setup/Devices.js
index 4a5f7c13..f3755b3d 100644
--- a/client/src/install/Setup/Devices.js
+++ b/client/src/install/Setup/Devices.js
@@ -5,8 +5,7 @@ import { reduxForm, formValueSelector } from 'redux-form';
 import { Trans, withNamespaces } from 'react-i18next';
 import flow from 'lodash/flow';
 
-import Tabs from '../../components/ui/Tabs';
-import Icons from '../../components/ui/Icons';
+import Guide from '../../components/ui/Guide';
 import Controls from './Controls';
 import AddressList from './AddressList';
 
@@ -30,77 +29,7 @@ let Devices = props => (
                     />
                 </div>
             </div>
-            <Icons />
-            <Tabs>
-                <div label="Router">
-                    <div className="tab__title">
-                        <Trans>install_devices_router</Trans>
-                    </div>
-                    <div className="tab__text">
-                        <p><Trans>install_devices_router_desc</Trans></p>
-                        <ol>
-                            <li><Trans>install_devices_router_list_1</Trans></li>
-                            <li><Trans>install_devices_router_list_2</Trans></li>
-                            <li><Trans>install_devices_router_list_3</Trans></li>
-                        </ol>
-                    </div>
-                </div>
-                <div label="Windows">
-                    <div className="tab__title">
-                        Windows
-                    </div>
-                    <div className="tab__text">
-                        <ol>
-                            <li><Trans>install_devices_windows_list_1</Trans></li>
-                            <li><Trans>install_devices_windows_list_2</Trans></li>
-                            <li><Trans>install_devices_windows_list_3</Trans></li>
-                            <li><Trans>install_devices_windows_list_4</Trans></li>
-                            <li><Trans>install_devices_windows_list_5</Trans></li>
-                            <li><Trans>install_devices_windows_list_6</Trans></li>
-                        </ol>
-                    </div>
-                </div>
-                <div label="macOS">
-                    <div className="tab__title">
-                        macOS
-                    </div>
-                    <div className="tab__text">
-                        <ol>
-                            <li><Trans>install_devices_macos_list_1</Trans></li>
-                            <li><Trans>install_devices_macos_list_2</Trans></li>
-                            <li><Trans>install_devices_macos_list_3</Trans></li>
-                            <li><Trans>install_devices_macos_list_4</Trans></li>
-                        </ol>
-                    </div>
-                </div>
-                <div label="Android">
-                    <div className="tab__title">
-                        Android
-                    </div>
-                    <div className="tab__text">
-                        <ol>
-                            <li><Trans>install_devices_android_list_1</Trans></li>
-                            <li><Trans>install_devices_android_list_2</Trans></li>
-                            <li><Trans>install_devices_android_list_3</Trans></li>
-                            <li><Trans>install_devices_android_list_4</Trans></li>
-                            <li><Trans>install_devices_android_list_5</Trans></li>
-                        </ol>
-                    </div>
-                </div>
-                <div label="iOS">
-                    <div className="tab__title">
-                        iOS
-                    </div>
-                    <div className="tab__text">
-                        <ol>
-                            <li><Trans>install_devices_ios_list_1</Trans></li>
-                            <li><Trans>install_devices_ios_list_2</Trans></li>
-                            <li><Trans>install_devices_ios_list_3</Trans></li>
-                            <li><Trans>install_devices_ios_list_4</Trans></li>
-                        </ol>
-                    </div>
-                </div>
-            </Tabs>
+            <Guide />
         </div>
         <Controls />
     </div>
diff --git a/client/src/reducers/index.js b/client/src/reducers/index.js
index 90ace4d6..a6daef82 100644
--- a/client/src/reducers/index.js
+++ b/client/src/reducers/index.js
@@ -48,7 +48,7 @@ const dashboard = handleActions({
             version,
             running,
             dns_port: dnsPort,
-            dns_address: dnsAddress,
+            dns_addresses: dnsAddresses,
             querylog_enabled: queryLogEnabled,
             upstream_dns: upstreamDns,
             bootstrap_dns: bootstrapDns,
@@ -63,7 +63,7 @@ const dashboard = handleActions({
             processing: false,
             dnsVersion: version,
             dnsPort,
-            dnsAddress,
+            dnsAddresses,
             queryLogEnabled,
             upstreamDns: upstreamDns.join('\n'),
             bootstrapDns: bootstrapDns.join('\n'),
@@ -181,6 +181,9 @@ const dashboard = handleActions({
     protectionEnabled: false,
     processingProtection: false,
     httpPort: 80,
+    dnsPort: 53,
+    dnsAddresses: [],
+    dnsVersion: '',
 });
 
 const queryLogs = handleActions({

From c091d10a416b0ea9c72fb1addd95e7194281d9ce Mon Sep 17 00:00:00 2001
From: Ildar Kamalov <i.kamalov@adguard.com>
Date: Tue, 19 Mar 2019 16:27:23 +0300
Subject: [PATCH 79/95] * client: update translations

---
 client/src/__locales/en.json    | 10 +++++-----
 client/src/__locales/zh-cn.json |  3 +++
 client/src/__locales/zh-tw.json |  5 ++++-
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json
index 36b78e79..ba99db2d 100644
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -1,4 +1,7 @@
 {
+    "upstream_parallel": "Use parallel queries to speed up resolving by simultaneously querying all upstream servers",
+    "bootstrap_dns": "Bootstrap DNS servers",
+    "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve IP addresses of the DoH\/DoT resolvers you specify as upstreams.",
     "url_added_successfully": "URL added successfully",
     "check_dhcp_servers": "Check for DHCP servers",
     "save_config": "Save config",
@@ -246,10 +249,7 @@
     "form_error_equal": "Shouldn't be equal",
     "form_error_password": "Password mismatched",
     "reset_settings": "Reset settings",
-    "update_announcement": "AdGuard Home {{version}} is now available! <0>Click here</0> for more info.",
-    "upstream_parallel": "Use parallel queries to speed up resolving by simultaneously querying all upstream servers",
-    "bootstrap_dns": "Bootstrap DNS servers",
-    "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve IP addresses of the DOH/DOT resolvers you specify as upstreams.",
+    "update_announcement": "AdGuard Home {{version}} is now available! <0>Click here<\/0> for more info.",
     "setup_guide": "Setup guide",
     "dns_addresses": "DNS addresses"
-}
+}
\ No newline at end of file
diff --git a/client/src/__locales/zh-cn.json b/client/src/__locales/zh-cn.json
index 7ac6abf3..03d87da9 100644
--- a/client/src/__locales/zh-cn.json
+++ b/client/src/__locales/zh-cn.json
@@ -1,4 +1,7 @@
 {
+    "upstream_parallel": "\u901a\u8fc7\u540c\u65f6\u67e5\u8be2\u6240\u6709\u4e0a\u6d41\u670d\u52a1\u5668\u4ee5\u4f7f\u7528\u5e76\u884c\u67e5\u8be2\u52a0\u901f\u89e3\u6790",
+    "bootstrap_dns": "Bootstrap DNS \u670d\u52a1\u5668",
+    "bootstrap_dns_desc": "Bootstrap DNS servers are used to resolve IP addresses of the DoH\/DoT resolvers you specify as upstreams.",
     "url_added_successfully": "\u7f51\u5740\u6dfb\u52a0\u6210\u529f",
     "check_dhcp_servers": "\u68c0\u67e5 DHCP \u670d\u52a1\u5668",
     "save_config": "\u4fdd\u5b58\u914d\u7f6e",
diff --git a/client/src/__locales/zh-tw.json b/client/src/__locales/zh-tw.json
index 4d3b7b85..177fd8df 100644
--- a/client/src/__locales/zh-tw.json
+++ b/client/src/__locales/zh-tw.json
@@ -1,4 +1,7 @@
 {
+    "upstream_parallel": "\u900f\u904e\u540c\u6642\u5730\u67e5\u8a62\u6240\u6709\u4e0a\u6e38\u7684\u4f3a\u670d\u5668\uff0c\u4f7f\u7528\u4e26\u884c\u7684\u67e5\u8a62\u4ee5\u52a0\u901f\u89e3\u6790",
+    "bootstrap_dns": "\u81ea\u6211\u555f\u52d5\uff08Bootstrap\uff09DNS \u4f3a\u670d\u5668",
+    "bootstrap_dns_desc": "\u81ea\u6211\u555f\u52d5\uff08Bootstrap\uff09DNS\u4f3a\u670d\u5668\u88ab\u7528\u65bc\u89e3\u6790\u60a8\u660e\u78ba\u6307\u5b9a\u4f5c\u70ba\u4e0a\u6e38\u7684DoH\/DoT\u89e3\u6790\u5668\u4e4bIP\u4f4d\u5740\u3002",
     "url_added_successfully": "\u7db2\u5740\u88ab\u6210\u529f\u5730\u52a0\u5165",
     "check_dhcp_servers": "\u6aa2\u67e5\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668",
     "save_config": "\u5132\u5b58\u914d\u7f6e",
@@ -79,7 +82,7 @@
     "no_settings": "\u7121\u8a2d\u5b9a",
     "general_settings": "\u4e00\u822c\u7684\u8a2d\u5b9a",
     "upstream_dns": "\u4e0a\u6e38\u7684DNS\u4f3a\u670d\u5668",
-    "upstream_dns_hint": "\u5982\u679c\u60a8\u4fdd\u7559\u8a72\u6b04\u4f4d\u7a7a\u767d\u7684\uff0cAdGuard Home\u5c07\u4f7f\u7528<a href='https:\/\/1.1.1.1\/' target='_blank'>Cloudflare DNS<\/a>\u4f5c\u70ba\u4e0a\u6e38\u3002\u5c0d\u65bcDNS over TLS\u4f3a\u670d\u5668\u4f7f\u7528 tls:\/\/ \u524d\u7db4\u3002",
+    "upstream_dns_hint": "\u5982\u679c\u60a8\u5c07\u8a72\u6b04\u4f4d\u7559\u7a7a\uff0cAdGuard Home\u5c07\u4f7f\u7528<a href='https:\/\/1.1.1.1\/' target='_blank'>Cloudflare DNS<\/a>\u4f5c\u70ba\u4e0a\u6e38\u3002",
     "test_upstream_btn": "\u6e2c\u8a66\u4e0a\u884c\u8cc7\u6599\u6d41",
     "apply_btn": "\u5957\u7528",
     "disabled_filtering_toast": "\u5df2\u7981\u7528\u904e\u6ffe",

From 783ac967a1afb1da1d8c6d610585e983f5846060 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Fri, 15 Mar 2019 16:02:48 +0300
Subject: [PATCH 80/95] * filter: refactor

---
 filter.go | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/filter.go b/filter.go
index 9625b207..34f5093a 100644
--- a/filter.go
+++ b/filter.go
@@ -139,13 +139,19 @@ func parseFilterContents(contents []byte) (int, string, []string) {
 
 	// Count lines in the filter
 	for _, line := range lines {
+
 		line = strings.TrimSpace(line)
-		if len(line) > 0 && line[0] == '!' {
-			if m := filterTitleRegexp.FindAllStringSubmatch(line, -1); len(m) > 0 && len(m[0]) >= 2 && !seenTitle {
+		if len(line) == 0 {
+			continue
+		}
+
+		if line[0] == '!' {
+			m := filterTitleRegexp.FindAllStringSubmatch(line, -1)
+			if len(m) > 0 && len(m[0]) >= 2 && !seenTitle {
 				name = m[0][1]
 				seenTitle = true
 			}
-		} else if len(line) != 0 {
+		} else {
 			rulesCount++
 		}
 	}
@@ -266,12 +272,12 @@ func (filter *filter) Path() string {
 // LastTimeUpdated returns the time when the filter was last time updated
 func (filter *filter) LastTimeUpdated() time.Time {
 	filterFilePath := filter.Path()
-	if _, err := os.Stat(filterFilePath); os.IsNotExist(err) {
+	s, err := os.Stat(filterFilePath)
+	if os.IsNotExist(err) {
 		// if the filter file does not exist, return 0001-01-01
 		return time.Time{}
 	}
 
-	s, err := os.Stat(filterFilePath)
 	if err != nil {
 		// if the filter file does not exist, return 0001-01-01
 		return time.Time{}

From b4732c83c5e28b846f5b34474928e8b022fe48df Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Fri, 15 Mar 2019 16:49:10 +0300
Subject: [PATCH 81/95] * filter: use CRC32 to check whether filter data should
 be updated

---
 filter.go | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/filter.go b/filter.go
index 34f5093a..e8f68d43 100644
--- a/filter.go
+++ b/filter.go
@@ -2,10 +2,10 @@ package main
 
 import (
 	"fmt"
+	"hash/crc32"
 	"io/ioutil"
 	"os"
 	"path/filepath"
-	"reflect"
 	"regexp"
 	"strconv"
 	"strings"
@@ -28,6 +28,7 @@ type filter struct {
 	Name        string    `json:"name" yaml:"name"`
 	RulesCount  int       `json:"rulesCount" yaml:"-"`
 	LastUpdated time.Time `json:"lastUpdated,omitempty" yaml:"-"`
+	checksum    uint32    // checksum of the file data
 
 	dnsfilter.Filter `yaml:",inline"`
 }
@@ -201,22 +202,22 @@ func (filter *filter) update(force bool) (bool, error) {
 		return false, err
 	}
 
-	// Extract filter name and count number of rules
-	rulesCount, filterName, rules := parseFilterContents(body)
-
-	if filterName != "" {
-		filter.Name = filterName
-	}
-
 	// Check if the filter has been really changed
-	if reflect.DeepEqual(filter.Rules, rules) {
+	checksum := crc32.ChecksumIEEE(body)
+	if filter.checksum == checksum {
 		log.Tracef("Filter #%d at URL %s hasn't changed, not updating it", filter.ID, filter.URL)
 		return false, nil
 	}
 
+	// Extract filter name and count number of rules
+	rulesCount, filterName, rules := parseFilterContents(body)
 	log.Printf("Filter %d has been updated: %d bytes, %d rules", filter.ID, len(body), rulesCount)
+	if filterName != "" {
+		filter.Name = filterName
+	}
 	filter.RulesCount = rulesCount
 	filter.Rules = rules
+	filter.checksum = checksum
 
 	return true, nil
 }
@@ -259,6 +260,7 @@ func (filter *filter) load() error {
 
 	filter.RulesCount = rulesCount
 	filter.Rules = rules
+	filter.checksum = crc32.ChecksumIEEE(filterFileContents)
 	filter.LastUpdated = filter.LastTimeUpdated()
 
 	return nil

From 61b1a30aa163647c6fe7919ca7e4968500ab6307 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Fri, 15 Mar 2019 19:41:45 +0300
Subject: [PATCH 82/95] * refactor: move code to loadFilters()

---
 app.go    | 20 +-------------------
 filter.go | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/app.go b/app.go
index 91f4fbdd..232f1526 100644
--- a/app.go
+++ b/app.go
@@ -12,7 +12,6 @@ import (
 	"strconv"
 	"sync"
 	"syscall"
-	"time"
 
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/gobuffalo/packr"
@@ -101,24 +100,7 @@ func run(args options) {
 		config.BindPort = args.bindPort
 	}
 
-	// Load filters from the disk
-	// And if any filter has zero ID, assign a new one
-	for i := range config.Filters {
-		filter := &config.Filters[i] // otherwise we're operating on a copy
-		if filter.ID == 0 {
-			filter.ID = assignUniqueFilterID()
-		}
-		err = filter.load()
-		if err != nil {
-			// This is okay for the first start, the filter will be loaded later
-			log.Debug("Couldn't load filter %d contents due to %s", filter.ID, err)
-			// clear LastUpdated so it gets fetched right away
-		}
-
-		if len(filter.Rules) == 0 {
-			filter.LastUpdated = time.Time{}
-		}
-	}
+	loadFilters()
 
 	// Save the updated config
 	err = config.write()
diff --git a/filter.go b/filter.go
index e8f68d43..e20ad45f 100644
--- a/filter.go
+++ b/filter.go
@@ -44,6 +44,27 @@ func userFilter() filter {
 	}
 }
 
+// Load filters from the disk
+// And if any filter has zero ID, assign a new one
+func loadFilters() {
+	for i := range config.Filters {
+		filter := &config.Filters[i] // otherwise we're operating on a copy
+		if filter.ID == 0 {
+			filter.ID = assignUniqueFilterID()
+		}
+		err := filter.load()
+		if err != nil {
+			// This is okay for the first start, the filter will be loaded later
+			log.Debug("Couldn't load filter %d contents due to %s", filter.ID, err)
+			// clear LastUpdated so it gets fetched right away
+		}
+
+		if len(filter.Rules) == 0 {
+			filter.LastUpdated = time.Time{}
+		}
+	}
+}
+
 func deduplicateFilters() {
 	// Deduplicate filters
 	i := 0 // output index, used for deletion later

From a9b329daf6503e6b46787e89783ceb256601b578 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Mon, 18 Mar 2019 12:33:03 +0300
Subject: [PATCH 83/95] - control: use locks when operating on config.Filters
 array

---
 control.go | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/control.go b/control.go
index 0bd7a5d7..6ec2f009 100644
--- a/control.go
+++ b/control.go
@@ -559,12 +559,15 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Check for duplicates
+	config.RLock()
 	for i := range config.Filters {
 		if config.Filters[i].URL == f.URL {
+			config.RUnlock()
 			httpError(w, http.StatusBadRequest, "Filter URL already added -- %s", f.URL)
 			return
 		}
 	}
+	config.RUnlock()
 
 	// Set necessary properties
 	f.ID = assignUniqueFilterID()
@@ -594,7 +597,20 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 
 	// URL is deemed valid, append it to filters, update config, write new filter file and tell dns to reload it
 	// TODO: since we directly feed filters in-memory, revisit if writing configs is always necessary
+	config.Lock()
+
+	// Check for duplicates
+	for i := range config.Filters {
+		if config.Filters[i].URL == f.URL {
+			config.Unlock()
+			httpError(w, http.StatusBadRequest, "Filter URL already added -- %s", f.URL)
+			return
+		}
+	}
+
 	config.Filters = append(config.Filters, f)
+	config.Unlock()
+
 	err = writeAllConfigs()
 	if err != nil {
 		httpError(w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
@@ -632,6 +648,7 @@ func handleFilteringRemoveURL(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// go through each element and delete if url matches
+	config.Lock()
 	newFilters := config.Filters[:0]
 	for _, filter := range config.Filters {
 		if filter.URL != url {
@@ -647,6 +664,7 @@ func handleFilteringRemoveURL(w http.ResponseWriter, r *http.Request) {
 	}
 	// Update the configuration after removing filter files
 	config.Filters = newFilters
+	config.Unlock()
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
@@ -670,6 +688,7 @@ func handleFilteringEnableURL(w http.ResponseWriter, r *http.Request) {
 	}
 
 	found := false
+	config.Lock()
 	for i := range config.Filters {
 		filter := &config.Filters[i] // otherwise we will be operating on a copy
 		if filter.URL == url {
@@ -677,6 +696,7 @@ func handleFilteringEnableURL(w http.ResponseWriter, r *http.Request) {
 			found = true
 		}
 	}
+	config.Unlock()
 
 	if !found {
 		http.Error(w, "URL parameter was not previously added", http.StatusBadRequest)
@@ -708,6 +728,7 @@ func handleFilteringDisableURL(w http.ResponseWriter, r *http.Request) {
 	}
 
 	found := false
+	config.Lock()
 	for i := range config.Filters {
 		filter := &config.Filters[i] // otherwise we will be operating on a copy
 		if filter.URL == url {
@@ -715,6 +736,7 @@ func handleFilteringDisableURL(w http.ResponseWriter, r *http.Request) {
 			found = true
 		}
 	}
+	config.Unlock()
 
 	if !found {
 		http.Error(w, "URL parameter was not previously added", http.StatusBadRequest)

From 56271819eaaee84c22ce55d1421bc8cd7b719a69 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Mon, 18 Mar 2019 12:38:37 +0300
Subject: [PATCH 84/95] - control: filtering/add_url: don't call httpError()
 twice on error while reconfiguring

---
 control.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/control.go b/control.go
index 6ec2f009..0dbd9c42 100644
--- a/control.go
+++ b/control.go
@@ -620,6 +620,7 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 	err = reconfigureDNSServer()
 	if err != nil {
 		httpError(w, http.StatusInternalServerError, "Couldn't reconfigure the DNS server: %s", err)
+		return
 	}
 
 	_, err = fmt.Fprintf(w, "OK %d rules\n", f.RulesCount)

From afa54a13393f8ff8f0cffddd81aedd6fa2ba315d Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Mon, 18 Mar 2019 12:52:34 +0300
Subject: [PATCH 85/95] * filters: refactor: don't check Enabled flag inside
 filter.update() & filter.load()

---
 filter.go | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/filter.go b/filter.go
index e20ad45f..6540e384 100644
--- a/filter.go
+++ b/filter.go
@@ -52,15 +52,16 @@ func loadFilters() {
 		if filter.ID == 0 {
 			filter.ID = assignUniqueFilterID()
 		}
+
+		if !filter.Enabled {
+			// No need to load a filter that is not enabled
+			continue
+		}
+
 		err := filter.load()
 		if err != nil {
 			// This is okay for the first start, the filter will be loaded later
 			log.Debug("Couldn't load filter %d contents due to %s", filter.ID, err)
-			// clear LastUpdated so it gets fetched right away
-		}
-
-		if len(filter.Rules) == 0 {
-			filter.LastUpdated = time.Time{}
 		}
 	}
 }
@@ -114,6 +115,10 @@ func refreshFiltersIfNecessary(force bool) int {
 	for i := range config.Filters {
 		filter := &config.Filters[i] // otherwise we will be operating on a copy
 
+		if !filter.Enabled {
+			continue
+		}
+
 		if filter.ID == 0 { // protect against users modifying the yaml and removing the ID
 			filter.ID = assignUniqueFilterID()
 		}
@@ -188,9 +193,6 @@ func (filter *filter) update(force bool) (bool, error) {
 	if filter.ID == 0 { // protect against users deleting the ID
 		filter.ID = assignUniqueFilterID()
 	}
-	if !filter.Enabled {
-		return false, nil
-	}
 	if !force && time.Since(filter.LastUpdated) <= updatePeriod {
 		return false, nil
 	}
@@ -258,11 +260,6 @@ func (filter *filter) save() error {
 
 // loads filter contents from the file in dataDir
 func (filter *filter) load() error {
-	if !filter.Enabled {
-		// No need to load a filter that is not enabled
-		return nil
-	}
-
 	filterFilePath := filter.Path()
 	log.Tracef("Loading filter %d contents to: %s", filter.ID, filterFilePath)
 

From ae2c7d00a95d67f21c72eac9c915701313b3646b Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Mon, 18 Mar 2019 14:12:04 +0300
Subject: [PATCH 86/95] * control: enable/disable filter: move code to a
 separate function

* don't start updating all filters after 1 filter has been enabled
* unload filter data on disable
---
 control.go | 26 ++------------------------
 filter.go  | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 24 deletions(-)

diff --git a/control.go b/control.go
index 0dbd9c42..d1d459f5 100644
--- a/control.go
+++ b/control.go
@@ -688,24 +688,12 @@ func handleFilteringEnableURL(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	found := false
-	config.Lock()
-	for i := range config.Filters {
-		filter := &config.Filters[i] // otherwise we will be operating on a copy
-		if filter.URL == url {
-			filter.Enabled = true
-			found = true
-		}
-	}
-	config.Unlock()
-
+	found := filterEnable(url, true)
 	if !found {
 		http.Error(w, "URL parameter was not previously added", http.StatusBadRequest)
 		return
 	}
 
-	// kick off refresh of rules from new URLs
-	refreshFiltersIfNecessary(false)
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
@@ -728,17 +716,7 @@ func handleFilteringDisableURL(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	found := false
-	config.Lock()
-	for i := range config.Filters {
-		filter := &config.Filters[i] // otherwise we will be operating on a copy
-		if filter.URL == url {
-			filter.Enabled = false
-			found = true
-		}
-	}
-	config.Unlock()
-
+	found := filterEnable(url, false)
 	if !found {
 		http.Error(w, "URL parameter was not previously added", http.StatusBadRequest)
 		return
diff --git a/filter.go b/filter.go
index 6540e384..400073da 100644
--- a/filter.go
+++ b/filter.go
@@ -44,6 +44,34 @@ func userFilter() filter {
 	}
 }
 
+// Enable or disable a filter
+func filterEnable(url string, enable bool) bool {
+	r := false
+	config.Lock()
+	for i := range config.Filters {
+		filter := &config.Filters[i] // otherwise we will be operating on a copy
+		if filter.URL == url {
+			filter.Enabled = enable
+			if enable {
+				e := filter.load()
+				if e != nil {
+					// This isn't a fatal error,
+					//  because it may occur when someone removes the file from disk.
+					// In this case the periodic update task will try to download the file.
+					filter.LastUpdated = time.Time{}
+					log.Tracef("%s filter load: %v", url, e)
+				}
+			} else {
+				filter.unload()
+			}
+			r = true
+			break
+		}
+	}
+	config.Unlock()
+	return r
+}
+
 // Load filters from the disk
 // And if any filter has zero ID, assign a new one
 func loadFilters() {
@@ -284,6 +312,12 @@ func (filter *filter) load() error {
 	return nil
 }
 
+// Clear filter rules
+func (filter *filter) unload() {
+	filter.Rules = []string{}
+	filter.RulesCount = 0
+}
+
 // Path to the filter contents
 func (filter *filter) Path() string {
 	return filepath.Join(config.ourWorkingDir, dataDir, filterDir, strconv.FormatInt(filter.ID, 10)+".txt")

From eefdf8449a2ea656f71ec0149c14c2a4716536e8 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Mon, 18 Mar 2019 14:57:10 +0300
Subject: [PATCH 87/95] * filters: refactor: remove unused if-branches

filter.ID == 0:
Useless, because filter ID is assigned either on application load
 or on filter add.

len(filter.Rules) == 0:
Useless, because rules are added either on application load
 or on filter add or on filter enable.
---
 filter.go | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/filter.go b/filter.go
index 400073da..6dedadc1 100644
--- a/filter.go
+++ b/filter.go
@@ -147,16 +147,6 @@ func refreshFiltersIfNecessary(force bool) int {
 			continue
 		}
 
-		if filter.ID == 0 { // protect against users modifying the yaml and removing the ID
-			filter.ID = assignUniqueFilterID()
-		}
-
-		if len(filter.Rules) == 0 {
-			// Try reloading filter from the disk before updating
-			// This is useful for the case when we simply enable a previously downloaded filter
-			_ = filter.load()
-		}
-
 		updated, err := filter.update(force)
 		if err != nil {
 			log.Printf("Failed to update filter %s: %s\n", filter.URL, err)
@@ -218,9 +208,6 @@ func parseFilterContents(contents []byte) (int, string, []string) {
 // If "force" is true -- does not check the filter's LastUpdated field
 // Call "save" to persist the filter contents
 func (filter *filter) update(force bool) (bool, error) {
-	if filter.ID == 0 { // protect against users deleting the ID
-		filter.ID = assignUniqueFilterID()
-	}
 	if !force && time.Since(filter.LastUpdated) <= updatePeriod {
 		return false, nil
 	}

From 0884116de335c0ce9ac1e5428777ff6db923cbd8 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Mon, 18 Mar 2019 15:08:23 +0300
Subject: [PATCH 88/95] * app: refactor: don't rewrite config file after
 filters are updated

---
 app.go | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/app.go b/app.go
index 232f1526..ba8aee3c 100644
--- a/app.go
+++ b/app.go
@@ -127,11 +127,6 @@ func run(args options) {
 	// Update filters we've just loaded right away, don't wait for periodic update timer
 	go func() {
 		refreshFiltersIfNecessary(false)
-		// Save the updated config
-		err := config.write()
-		if err != nil {
-			log.Fatal(err)
-		}
 	}()
 	// Schedule automatic filters updates
 	go periodicallyRefreshFilters()

From b54f540f716d875c0fc7d49d0994e479b843be4e Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Mon, 18 Mar 2019 14:41:38 +0300
Subject: [PATCH 89/95] * control: refactor: move filter adding code to a
 separate function

---
 control.go | 26 ++++++--------------------
 filter.go  | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 20 deletions(-)

diff --git a/control.go b/control.go
index d1d459f5..ada72697 100644
--- a/control.go
+++ b/control.go
@@ -559,15 +559,10 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Check for duplicates
-	config.RLock()
-	for i := range config.Filters {
-		if config.Filters[i].URL == f.URL {
-			config.RUnlock()
-			httpError(w, http.StatusBadRequest, "Filter URL already added -- %s", f.URL)
-			return
-		}
+	if filterExists(f.URL) {
+		httpError(w, http.StatusBadRequest, "Filter URL already added -- %s", f.URL)
+		return
 	}
-	config.RUnlock()
 
 	// Set necessary properties
 	f.ID = assignUniqueFilterID()
@@ -597,20 +592,11 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 
 	// URL is deemed valid, append it to filters, update config, write new filter file and tell dns to reload it
 	// TODO: since we directly feed filters in-memory, revisit if writing configs is always necessary
-	config.Lock()
-
-	// Check for duplicates
-	for i := range config.Filters {
-		if config.Filters[i].URL == f.URL {
-			config.Unlock()
-			httpError(w, http.StatusBadRequest, "Filter URL already added -- %s", f.URL)
-			return
-		}
+	if !filterAdd(f) {
+		httpError(w, http.StatusBadRequest, "Filter URL already added -- %s", f.URL)
+		return
 	}
 
-	config.Filters = append(config.Filters, f)
-	config.Unlock()
-
 	err = writeAllConfigs()
 	if err != nil {
 		httpError(w, http.StatusInternalServerError, "Couldn't write config file: %s", err)
diff --git a/filter.go b/filter.go
index 6dedadc1..c294b3b5 100644
--- a/filter.go
+++ b/filter.go
@@ -72,6 +72,38 @@ func filterEnable(url string, enable bool) bool {
 	return r
 }
 
+// Return TRUE if a filter with this URL exists
+func filterExists(url string) bool {
+	r := false
+	config.RLock()
+	for i := range config.Filters {
+		if config.Filters[i].URL == url {
+			r = true
+			break
+		}
+	}
+	config.RUnlock()
+	return r
+}
+
+// Add a filter
+// Return FALSE if a filter with this URL exists
+func filterAdd(f filter) bool {
+	config.Lock()
+
+	// Check for duplicates
+	for i := range config.Filters {
+		if config.Filters[i].URL == f.URL {
+			config.Unlock()
+			return false
+		}
+	}
+
+	config.Filters = append(config.Filters, f)
+	config.Unlock()
+	return true
+}
+
 // Load filters from the disk
 // And if any filter has zero ID, assign a new one
 func loadFilters() {

From d664a9de1d27a375cb7ae42dad0a5db88b4d18bc Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Fri, 15 Mar 2019 16:09:43 +0300
Subject: [PATCH 90/95] - filter: update 'LastUpdated' field and
 'last-modified' file time  even when filter's content is up to date

* filters: refactor: don't check 'LastUpdated' inside update()
---
 control.go |  2 +-
 filter.go  | 21 ++++++++++++---------
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/control.go b/control.go
index ada72697..14b1506a 100644
--- a/control.go
+++ b/control.go
@@ -569,7 +569,7 @@ func handleFilteringAddURL(w http.ResponseWriter, r *http.Request) {
 	f.Enabled = true
 
 	// Download the filter contents
-	ok, err := f.update(true)
+	ok, err := f.update()
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "Couldn't fetch filter from url %s: %s", f.URL, err)
 		return
diff --git a/filter.go b/filter.go
index c294b3b5..45115414 100644
--- a/filter.go
+++ b/filter.go
@@ -179,7 +179,11 @@ func refreshFiltersIfNecessary(force bool) int {
 			continue
 		}
 
-		updated, err := filter.update(force)
+		if !force && time.Since(filter.LastUpdated) <= updatePeriod {
+			continue
+		}
+
+		updated, err := filter.update()
 		if err != nil {
 			log.Printf("Failed to update filter %s: %s\n", filter.URL, err)
 			continue
@@ -193,6 +197,11 @@ func refreshFiltersIfNecessary(force bool) int {
 			}
 
 			updateCount++
+
+		} else {
+			mtime := time.Now()
+			os.Chtimes(filter.Path(), mtime, mtime)
+			filter.LastUpdated = mtime
 		}
 	}
 	config.Unlock()
@@ -236,14 +245,8 @@ func parseFilterContents(contents []byte) (int, string, []string) {
 	return rulesCount, name, lines
 }
 
-// Checks for filters updates
-// If "force" is true -- does not check the filter's LastUpdated field
-// Call "save" to persist the filter contents
-func (filter *filter) update(force bool) (bool, error) {
-	if !force && time.Since(filter.LastUpdated) <= updatePeriod {
-		return false, nil
-	}
-
+// Perform upgrade on a filter
+func (filter *filter) update() (bool, error) {
 	log.Tracef("Downloading update for filter %d from %s", filter.ID, filter.URL)
 
 	resp, err := client.Get(filter.URL)

From 0647f3fe8666a38cbdc7a747279513338e49568a Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Mon, 18 Mar 2019 17:23:02 +0300
Subject: [PATCH 91/95] * filters: rework update mechanism so that UI doesn't
 get locked while update is in progress

---
 filter.go | 69 +++++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 54 insertions(+), 15 deletions(-)

diff --git a/filter.go b/filter.go
index 45115414..819e683e 100644
--- a/filter.go
+++ b/filter.go
@@ -167,44 +167,83 @@ func periodicallyRefreshFilters() {
 
 // Checks filters updates if necessary
 // If force is true, it ignores the filter.LastUpdated field value
+//
+// Algorithm:
+// . Get the list of filters to be updated
+// . For each filter run the download and checksum check operation
+//  . If filter data hasn't changed, set new update time
+//  . If filter data has changed, parse it, save it on disk, set new update time
+//  . Apply changes to the current configuration
+// . Restart server
 func refreshFiltersIfNecessary(force bool) int {
-	config.Lock()
+	var updateFilters []filter
 
-	// fetch URLs
-	updateCount := 0
+	config.RLock()
 	for i := range config.Filters {
-		filter := &config.Filters[i] // otherwise we will be operating on a copy
+		f := &config.Filters[i] // otherwise we will be operating on a copy
 
-		if !filter.Enabled {
+		if !f.Enabled {
 			continue
 		}
 
-		if !force && time.Since(filter.LastUpdated) <= updatePeriod {
+		if !force && time.Since(f.LastUpdated) <= updatePeriod {
 			continue
 		}
 
-		updated, err := filter.update()
+		var uf filter
+		uf.ID = f.ID
+		uf.URL = f.URL
+		uf.checksum = f.checksum
+		updateFilters = append(updateFilters, uf)
+	}
+	config.RUnlock()
+
+	updateCount := 0
+	for i := range updateFilters {
+		uf := &updateFilters[i]
+		updated, err := uf.update()
 		if err != nil {
-			log.Printf("Failed to update filter %s: %s\n", filter.URL, err)
+			log.Printf("Failed to update filter %s: %s\n", uf.URL, err)
 			continue
 		}
 		if updated {
 			// Saving it to the filters dir now
-			err = filter.save()
+			err = uf.save()
 			if err != nil {
-				log.Printf("Failed to save the updated filter %d: %s", filter.ID, err)
+				log.Printf("Failed to save the updated filter %d: %s", uf.ID, err)
 				continue
 			}
 
-			updateCount++
-
 		} else {
 			mtime := time.Now()
-			os.Chtimes(filter.Path(), mtime, mtime)
-			filter.LastUpdated = mtime
+			e := os.Chtimes(uf.Path(), mtime, mtime)
+			if e != nil {
+				log.Error("os.Chtimes(): %v", e)
+			}
+			uf.LastUpdated = mtime
 		}
+
+		config.Lock()
+		for k := range config.Filters {
+			f := &config.Filters[k]
+			if f.ID != uf.ID || f.URL != uf.URL {
+				continue
+			}
+			f.LastUpdated = uf.LastUpdated
+			if !updated {
+				continue
+			}
+
+			log.Info("Updated filter #%d.  Rules: %d -> %d",
+				f.ID, f.RulesCount, uf.RulesCount)
+			f.Name = uf.Name
+			f.Rules = uf.Rules
+			f.RulesCount = uf.RulesCount
+			f.checksum = uf.checksum
+			updateCount++
+		}
+		config.Unlock()
 	}
-	config.Unlock()
 
 	if updateCount > 0 && isRunning() {
 		err := reconfigureDNSServer()

From 9bc5a4570e76873984a4fda21a4d307499b4980a Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Wed, 20 Mar 2019 14:18:26 +0300
Subject: [PATCH 92/95] * DHCP: fix and update tests

for:
 + dhcp: handle lease expiration (d68600c5d03b73d94f380f5442c22ddc8f755d9a)
---
 dhcpd/dhcpd_test.go | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/dhcpd/dhcpd_test.go b/dhcpd/dhcpd_test.go
index 366606d4..c7171f29 100644
--- a/dhcpd/dhcpd_test.go
+++ b/dhcpd/dhcpd_test.go
@@ -38,7 +38,7 @@ func TestDHCP(t *testing.T) {
 	p = make(dhcp4.Packet, 241)
 
 	// Reserve an IP
-	hw = []byte{1, 2, 3, 4, 5, 6}
+	hw = []byte{3, 2, 3, 4, 5, 6}
 	p.SetCHAddr(hw)
 	lease, _ = s.reserveLease(p)
 	check(t, bytes.Equal(lease.HWAddr, hw), "lease.HWAddr")
@@ -54,10 +54,13 @@ func TestDHCP(t *testing.T) {
 	check(t, bytes.Equal(lease.HWAddr, hw), "lease.HWAddr")
 	check(t, bytes.Equal(lease.IP, []byte{1, 1, 1, 2}), "lease.IP")
 
-	// Reserve an IP - we have no more available IPs
-	p.SetCHAddr([]byte{3, 2, 3, 4, 5, 6})
+	// Reserve an IP - we have no more available IPs,
+	//  so the first expired (or, in our case, not yet committed) lease is returned
+	hw = []byte{1, 2, 3, 4, 5, 6}
+	p.SetCHAddr(hw)
 	lease, _ = s.reserveLease(p)
-	check(t, lease == nil, "lease == nil")
+	check(t, bytes.Equal(lease.HWAddr, hw), "lease.HWAddr")
+	check(t, bytes.Equal(lease.IP, []byte{1, 1, 1, 1}), "lease.IP")
 
 	// Decline request for a lease which doesn't match our internal state
 	hw = []byte{1, 2, 3, 4, 5, 6}
@@ -84,6 +87,21 @@ func TestDHCP(t *testing.T) {
 	check(t, bytes.Equal(opt[dhcp4.OptionIPAddressLeaseTime], dhcp4.OptionsLeaseTime(5*time.Second)), "OptionIPAddressLeaseTime")
 	check(t, bytes.Equal(opt[dhcp4.OptionServerIdentifier], s.ipnet.IP), "OptionServerIdentifier")
 
+	// Commit the previously reserved lease #2
+	hw = []byte{2, 2, 3, 4, 5, 6}
+	p.SetCHAddr(hw)
+	p.SetCIAddr([]byte{0, 0, 0, 0})
+	opt = make(dhcp4.Options, 10)
+	opt[dhcp4.OptionRequestedIPAddress] = []byte{1, 1, 1, 2}
+	p2 = s.handleDHCP4Request(p, opt)
+	check(t, bytes.Equal(p2.YIAddr(), []byte{1, 1, 1, 2}), "p2.YIAddr")
+
+	// Reserve an IP - we have no more available IPs
+	hw = []byte{3, 2, 3, 4, 5, 6}
+	p.SetCHAddr(hw)
+	lease, _ = s.reserveLease(p)
+	check(t, lease == nil, "lease == nil")
+
 	s.reset()
 	misc(t, &s)
 }

From 9ea5c1abe16b99f80ae2a92ccdd094b5a7ea2695 Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 20 Mar 2019 14:24:33 +0300
Subject: [PATCH 93/95] + control, dns, client: add ability to set DNS upstream
 per domain

---
 client/src/__locales/en.json                  |   1 +
 .../components/Settings/Upstream/Examples.js  |   3 +
 .../src/components/Settings/Upstream/Form.js  |   5 +
 .../src/components/Settings/Upstream/index.js |   3 -
 control.go                                    | 100 +++++++++++++++---
 control_test.go                               |  76 +++++++++++++
 dns.go                                        |  19 ++--
 dnsforward/dnsforward.go                      |  28 ++---
 go.mod                                        |   4 +-
 go.sum                                        |  10 +-
 10 files changed, 200 insertions(+), 49 deletions(-)

diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json
index 92540ea6..74c2fa50 100644
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -122,6 +122,7 @@
     "example_upstream_doh": "encrypted <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a>",
     "example_upstream_sdns": "you can use <a href='https:\/\/dnscrypt.info\/stamps\/' target='_blank'>DNS Stamps<\/a> for <a href='https:\/\/dnscrypt.info\/' target='_blank'>DNSCrypt<\/a> or <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a> resolvers",
     "example_upstream_tcp": "regular DNS (over TCP)",
+    "example_upstream_reserved": "you can specify DNS upstream <a href='https:\/\/github.com\/AdguardTeam\/dnsproxy#specifying-upstreams-for-domains' target='_blank'>for a specific domain(s)<\/a>",
     "all_filters_up_to_date_toast": "All filters are already up-to-date",
     "updated_upstream_dns_toast": "Updated the upstream DNS servers",
     "dns_test_ok_toast": "Specified DNS servers are working correctly",
diff --git a/client/src/components/Settings/Upstream/Examples.js b/client/src/components/Settings/Upstream/Examples.js
index 4ba54852..9d61b0de 100644
--- a/client/src/components/Settings/Upstream/Examples.js
+++ b/client/src/components/Settings/Upstream/Examples.js
@@ -21,6 +21,9 @@ const Examples = props => (
             <li>
                 <code>sdns://...</code> - <span dangerouslySetInnerHTML={{ __html: props.t('example_upstream_sdns') }} />
             </li>
+            <li>
+                <code>[/host.com/]1.1.1.1</code> - <span dangerouslySetInnerHTML={{ __html: props.t('example_upstream_reserved') }} />
+            </li>
         </ol>
     </div>
 );
diff --git a/client/src/components/Settings/Upstream/Form.js b/client/src/components/Settings/Upstream/Form.js
index 245e7d27..8ef916f5 100644
--- a/client/src/components/Settings/Upstream/Form.js
+++ b/client/src/components/Settings/Upstream/Form.js
@@ -7,6 +7,7 @@ import flow from 'lodash/flow';
 import classnames from 'classnames';
 
 import { renderSelectField } from '../../../helpers/form';
+import Examples from './Examples';
 
 let Form = (props) => {
     const {
@@ -55,6 +56,10 @@ let Form = (props) => {
                         />
                     </div>
                 </div>
+                <div className="col-12">
+                    <Examples />
+                    <hr/>
+                </div>
                 <div className="col-12">
                     <div className="form__group">
                         <label className="form__label" htmlFor="bootstrap_dns">
diff --git a/client/src/components/Settings/Upstream/index.js b/client/src/components/Settings/Upstream/index.js
index f622268c..7ae4ea4d 100644
--- a/client/src/components/Settings/Upstream/index.js
+++ b/client/src/components/Settings/Upstream/index.js
@@ -3,7 +3,6 @@ import PropTypes from 'prop-types';
 import { withNamespaces } from 'react-i18next';
 
 import Form from './Form';
-import Examples from './Examples';
 import Card from '../../ui/Card';
 
 class Upstream extends Component {
@@ -44,8 +43,6 @@ class Upstream extends Component {
                             processingTestUpstream={processingTestUpstream}
                             processingSetUpstream={processingSetUpstream}
                         />
-                        <hr/>
-                        <Examples />
                     </div>
                 </div>
             </Card>
diff --git a/control.go b/control.go
index 0bd7a5d7..952395a1 100644
--- a/control.go
+++ b/control.go
@@ -18,6 +18,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/dnsforward"
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/utils"
 	"github.com/miekg/dns"
 	govalidator "gopkg.in/asaskevich/govalidator.v4"
 )
@@ -317,11 +318,10 @@ func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	for _, u := range newconfig.Upstreams {
-		if err = validateUpstream(u); err != nil {
-			httpError(w, http.StatusBadRequest, "%s can not be used as upstream cause: %s", u, err)
-			return
-		}
+	err = validateUpstreams(newconfig.Upstreams)
+	if err != nil {
+		httpError(w, http.StatusBadRequest, "wrong upstreams specification: %s", err)
+		return
 	}
 
 	config.DNS.UpstreamDNS = defaultDNS
@@ -346,18 +346,81 @@ func handleSetUpstreamConfig(w http.ResponseWriter, r *http.Request) {
 	httpUpdateConfigReloadDNSReturnOK(w, r)
 }
 
-func validateUpstream(upstream string) error {
-	for _, proto := range protocols {
-		if strings.HasPrefix(upstream, proto) {
-			return nil
+// validateUpstreams validates each upstream and returns an error if any upstream is invalid or if there are no default upstreams specified
+func validateUpstreams(upstreams []string) error {
+	var defaultUpstreamFound bool
+	for _, u := range upstreams {
+		d, err := validateUpstream(u)
+		if err != nil {
+			return err
+		}
+
+		// Check this flag until default upstream will not be found
+		if !defaultUpstreamFound {
+			defaultUpstreamFound = d
 		}
 	}
 
-	if strings.Contains(upstream, "://") {
-		return fmt.Errorf("wrong protocol")
+	// Return error if there are no default upstreams
+	if !defaultUpstreamFound {
+		return fmt.Errorf("no default upstreams specified")
 	}
 
-	return checkPlainDNS(upstream)
+	return nil
+}
+
+func validateUpstream(u string) (defaultUpstream bool, err error) {
+	// Check if user tries to specify upstream for domain
+	defaultUpstream = true
+	u, defaultUpstream, err = separateUpstream(u)
+	if err != nil {
+		return
+	}
+
+	// The special server address '#' means "use the default servers"
+	if u == "#" && !defaultUpstream {
+		return
+	}
+
+	// Check if the upstream has a valid protocol prefix
+	for _, proto := range protocols {
+		if strings.HasPrefix(u, proto) {
+			return
+		}
+	}
+
+	// Return error if the upstream contains '://' without any valid protocol
+	if strings.Contains(u, "://") {
+		return defaultUpstream, fmt.Errorf("wrong protocol")
+	}
+
+	// Check if upstream is valid plain DNS
+	return defaultUpstream, checkPlainDNS(u)
+}
+
+// separateUpstream returns upstream without specified domains and a bool flag that indicates if no domains were specified
+// error will be returned if upstream per domain specification is invalid
+func separateUpstream(upstream string) (string, bool, error) {
+	defaultUpstream := true
+	if strings.HasPrefix(upstream, "[/") {
+		defaultUpstream = false
+		// split domains and upstream string
+		domainsAndUpstream := strings.Split(strings.TrimPrefix(upstream, "[/"), "/]")
+		if len(domainsAndUpstream) != 2 {
+			return "", defaultUpstream, fmt.Errorf("wrong DNS upstream per domain specification: %s", upstream)
+		}
+
+		// split domains list and validate each one
+		for _, host := range strings.Split(domainsAndUpstream[0], "/") {
+			if host != "" {
+				if err := utils.IsValidHostname(host); err != nil {
+					return "", defaultUpstream, err
+				}
+			}
+		}
+		upstream = domainsAndUpstream[1]
+	}
+	return upstream, defaultUpstream, nil
 }
 
 // checkPlainDNS checks if host is plain DNS
@@ -425,7 +488,18 @@ func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 }
 
 func checkDNS(input string, bootstrap []string) error {
-	if err := validateUpstream(input); err != nil {
+	// separate upstream from domains list
+	input, defaultUpstream, err := separateUpstream(input)
+	if err != nil {
+		return fmt.Errorf("wrong upstream format: %s", err)
+	}
+
+	// No need to check this entrance
+	if input == "#" && !defaultUpstream {
+		return nil
+	}
+
+	if _, err := validateUpstream(input); err != nil {
 		return fmt.Errorf("wrong upstream format: %s", err)
 	}
 
diff --git a/control_test.go b/control_test.go
index b823b252..c04e1a2f 100644
--- a/control_test.go
+++ b/control_test.go
@@ -75,3 +75,79 @@ kXS9jgARhhiWXJrk
 		t.Fatalf("valid cert & priv key: validateCertificates(): %v", data)
 	}
 }
+
+func TestValidateUpstream(t *testing.T) {
+	invalidUpstreams := []string{"1.2.3.4.5",
+		"123.3.7m",
+		"htttps://google.com/dns-query",
+		"[/host.com]tls://dns.adguard.com",
+		"[host.ru]#",
+	}
+
+	validDefaultUpstreams := []string{"1.1.1.1",
+		"tls://1.1.1.1",
+		"https://dns.adguard.com/dns-query",
+		"sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
+	}
+
+	validUpstreams := []string{"[/host.com/]1.1.1.1",
+		"[//]tls://1.1.1.1",
+		"[/www.host.com/]#",
+		"[/host.com/google.com/]8.8.8.8",
+		"[/host/]sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
+	}
+	for _, u := range invalidUpstreams {
+		_, err := validateUpstream(u)
+		if err == nil {
+			t.Fatalf("upstream %s is invalid but it pass through validation", u)
+		}
+	}
+
+	for _, u := range validDefaultUpstreams {
+		defaultUpstream, err := validateUpstream(u)
+		if err != nil {
+			t.Fatalf("upstream %s is valid but it doen't pass through validation cause: %s", u, err)
+		}
+		if !defaultUpstream {
+			t.Fatalf("upstream %s is default one!", u)
+		}
+	}
+
+	for _, u := range validUpstreams {
+		defaultUpstream, err := validateUpstream(u)
+		if err != nil {
+			t.Fatalf("upstream %s is valid but it doen't pass through validation cause: %s", u, err)
+		}
+		if defaultUpstream {
+			t.Fatalf("upstream %s is default one!", u)
+		}
+	}
+}
+
+func TestValidateUpstreamsSet(t *testing.T) {
+	// Set of valid upstreams. There is no default upstream specified
+	upstreamsSet := []string{"[/host.com/]1.1.1.1",
+		"[//]tls://1.1.1.1",
+		"[/www.host.com/]#",
+		"[/host.com/google.com/]8.8.8.8",
+		"[/host/]sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
+	}
+	err := validateUpstreams(upstreamsSet)
+	if err == nil {
+		t.Fatalf("there is no default upstream")
+	}
+
+	// Let's add default upstream
+	upstreamsSet = append(upstreamsSet, "8.8.8.8")
+	err = validateUpstreams(upstreamsSet)
+	if err != nil {
+		t.Fatalf("upstreams set is valid, but doesn't pass through validation cause: %s", err)
+	}
+
+	// Let's add invalid upstream
+	upstreamsSet = append(upstreamsSet, "dhcp://fake.dns")
+	err = validateUpstreams(upstreamsSet)
+	if err == nil {
+		t.Fatalf("there is an invalid upstream in set, but it pass through validation")
+	}
+}
diff --git a/dns.go b/dns.go
index 56fae956..9abbc80e 100644
--- a/dns.go
+++ b/dns.go
@@ -7,7 +7,7 @@ import (
 
 	"github.com/AdguardTeam/AdGuardHome/dnsfilter"
 	"github.com/AdguardTeam/AdGuardHome/dnsforward"
-	"github.com/AdguardTeam/dnsproxy/upstream"
+	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/joomcode/errorx"
 )
@@ -58,19 +58,12 @@ func generateServerConfig() dnsforward.ServerConfig {
 		}
 	}
 
-	for _, u := range config.DNS.UpstreamDNS {
-		opts := upstream.Options{
-			Timeout:   dnsforward.DefaultTimeout,
-			Bootstrap: config.DNS.BootstrapDNS,
-		}
-		dnsUpstream, err := upstream.AddressToUpstream(u, opts)
-		if err != nil {
-			log.Printf("Couldn't get upstream: %s", err)
-			// continue, just ignore the upstream
-			continue
-		}
-		newconfig.Upstreams = append(newconfig.Upstreams, dnsUpstream)
+	upstreamConfig, err := proxy.ParseUpstreamsConfig(config.DNS.UpstreamDNS, config.DNS.BootstrapDNS, dnsforward.DefaultTimeout)
+	if err != nil {
+		log.Error("Couldn't get upstreams configuration cause: %s", err)
 	}
+	newconfig.Upstreams = upstreamConfig.Upstreams
+	newconfig.DomainsReservedUpstreams = upstreamConfig.DomainReservedUpstreams
 	newconfig.AllServers = config.DNS.AllServers
 	return newconfig
 }
diff --git a/dnsforward/dnsforward.go b/dnsforward/dnsforward.go
index 7b8430ed..6404a995 100644
--- a/dnsforward/dnsforward.go
+++ b/dnsforward/dnsforward.go
@@ -82,10 +82,11 @@ type TLSConfig struct {
 // ServerConfig represents server configuration.
 // The zero ServerConfig is empty and ready for use.
 type ServerConfig struct {
-	UDPListenAddr *net.UDPAddr        // UDP listen address
-	TCPListenAddr *net.TCPAddr        // TCP listen address
-	Upstreams     []upstream.Upstream // Configured upstreams
-	Filters       []dnsfilter.Filter  // A list of filters to use
+	UDPListenAddr            *net.UDPAddr                   // UDP listen address
+	TCPListenAddr            *net.TCPAddr                   // TCP listen address
+	Upstreams                []upstream.Upstream            // Configured upstreams
+	DomainsReservedUpstreams map[string][]upstream.Upstream // Map of domains and lists of configured upstreams
+	Filters                  []dnsfilter.Filter             // A list of filters to use
 
 	FilteringConfig
 	TLSConfig
@@ -156,15 +157,16 @@ func (s *Server) startInternal(config *ServerConfig) error {
 	})
 
 	proxyConfig := proxy.Config{
-		UDPListenAddr:      s.UDPListenAddr,
-		TCPListenAddr:      s.TCPListenAddr,
-		Ratelimit:          s.Ratelimit,
-		RatelimitWhitelist: s.RatelimitWhitelist,
-		RefuseAny:          s.RefuseAny,
-		CacheEnabled:       true,
-		Upstreams:          s.Upstreams,
-		Handler:            s.handleDNSRequest,
-		AllServers:         s.AllServers,
+		UDPListenAddr:            s.UDPListenAddr,
+		TCPListenAddr:            s.TCPListenAddr,
+		Ratelimit:                s.Ratelimit,
+		RatelimitWhitelist:       s.RatelimitWhitelist,
+		RefuseAny:                s.RefuseAny,
+		CacheEnabled:             true,
+		Upstreams:                s.Upstreams,
+		DomainsReservedUpstreams: s.DomainsReservedUpstreams,
+		Handler:                  s.handleDNSRequest,
+		AllServers:               s.AllServers,
 	}
 
 	if s.TLSListenAddr != nil && s.CertificateChain != "" && s.PrivateKey != "" {
diff --git a/go.mod b/go.mod
index 01918844..dab19303 100644
--- a/go.mod
+++ b/go.mod
@@ -3,10 +3,10 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.12
 
 require (
-	github.com/AdguardTeam/dnsproxy v0.11.2
+	github.com/AdguardTeam/dnsproxy v0.12.0
 	github.com/AdguardTeam/golibs v0.1.3
 	github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f // indirect
-	github.com/bluele/gcache v0.0.0-20171010155617-472614239ac7
+	github.com/bluele/gcache v0.0.0-20190203144525-2016d595ccb0
 	github.com/go-ole/go-ole v1.2.1 // indirect
 	github.com/go-test/deep v1.0.1
 	github.com/gobuffalo/packr v1.19.0
diff --git a/go.sum b/go.sum
index fbd89b79..cec7fae6 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,6 @@
-github.com/AdguardTeam/dnsproxy v0.11.2 h1:S/Ag2q9qoZsmW1fvMohPZP7/5amEtz8NmFCp8kxUalQ=
-github.com/AdguardTeam/dnsproxy v0.11.2/go.mod h1:EPp92b5cYR7HZpO+OQu6xC7AyhUoBaXW3sfa3exq/0I=
-github.com/AdguardTeam/golibs v0.1.0/go.mod h1:zhi6xGwK4cMpjDocybhhLgvcGkstiSIjlpKbvyxC5Yc=
+github.com/AdguardTeam/dnsproxy v0.12.0 h1:BPgv2PlH2u4xakFcaW4EqU3Visk1BNidrqGSgxe5Qzg=
+github.com/AdguardTeam/dnsproxy v0.12.0/go.mod h1:lcZM2QPwcWGEL3pz8RYy06nQdbjj4pr+94H45jnVSHg=
+github.com/AdguardTeam/golibs v0.1.2/go.mod h1:b0XkhgIcn2TxwX6C5AQMtpIFAgjPehNgxJErWkwA3ko=
 github.com/AdguardTeam/golibs v0.1.3 h1:hmapdTtMtIk3T8eQDwTOLdqZLGDKNKk9325uC8z12xg=
 github.com/AdguardTeam/golibs v0.1.3/go.mod h1:b0XkhgIcn2TxwX6C5AQMtpIFAgjPehNgxJErWkwA3ko=
 github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f h1:5ZfJxyXo8KyX8DgGXC5B7ILL8y51fci/qYz2B4j8iLY=
@@ -15,8 +15,8 @@ github.com/ameshkov/dnsstamps v1.0.1 h1:LhGvgWDzhNJh+kBQd/AfUlq1vfVe109huiXw4Jhn
 github.com/ameshkov/dnsstamps v1.0.1/go.mod h1:Ii3eUu73dx4Vw5O4wjzmT5+lkCwovjzaEZZ4gKyIH5A=
 github.com/beefsack/go-rate v0.0.0-20180408011153-efa7637bb9b6 h1:KXlsf+qt/X5ttPGEjR0tPH1xaWWoKBEg9Q1THAj2h3I=
 github.com/beefsack/go-rate v0.0.0-20180408011153-efa7637bb9b6/go.mod h1:6YNgTHLutezwnBvyneBbwvB8C82y3dcoOj5EQJIdGXA=
-github.com/bluele/gcache v0.0.0-20171010155617-472614239ac7 h1:NpQ+gkFOH27AyDypSCJ/LdsIi/b4rdnEb1N5+IpFfYs=
-github.com/bluele/gcache v0.0.0-20171010155617-472614239ac7/go.mod h1:8c4/i2VlovMO2gBnHGQPN5EJw+H0lx1u/5p+cgsXtCk=
+github.com/bluele/gcache v0.0.0-20190203144525-2016d595ccb0 h1:vUdUwmQLnT/yuk8PsDhhMVkrfr4aMdcv/0GWzIqOjEY=
+github.com/bluele/gcache v0.0.0-20190203144525-2016d595ccb0/go.mod h1:8c4/i2VlovMO2gBnHGQPN5EJw+H0lx1u/5p+cgsXtCk=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-ole/go-ole v1.2.1 h1:2lOsA72HgjxAuMlKpFiCbHTvu44PIVkZ5hqm3RSdI/E=

From a01ba5dd4d04bd722cfca2cee950411f3deaabff Mon Sep 17 00:00:00 2001
From: Aleksey Dmitrevskiy <ad@adguard.com>
Date: Wed, 20 Mar 2019 15:19:34 +0300
Subject: [PATCH 94/95] * control, client: fix issues from review

---
 client/src/components/Settings/Upstream/Examples.js |  2 +-
 control.go                                          | 11 +++++------
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/client/src/components/Settings/Upstream/Examples.js b/client/src/components/Settings/Upstream/Examples.js
index 9d61b0de..53a233a0 100644
--- a/client/src/components/Settings/Upstream/Examples.js
+++ b/client/src/components/Settings/Upstream/Examples.js
@@ -22,7 +22,7 @@ const Examples = props => (
                 <code>sdns://...</code> - <span dangerouslySetInnerHTML={{ __html: props.t('example_upstream_sdns') }} />
             </li>
             <li>
-                <code>[/host.com/]1.1.1.1</code> - <span dangerouslySetInnerHTML={{ __html: props.t('example_upstream_reserved') }} />
+                <code>[/example.local/]1.1.1.1</code> - <span dangerouslySetInnerHTML={{ __html: props.t('example_upstream_reserved') }} />
             </li>
         </ol>
     </div>
diff --git a/control.go b/control.go
index 952395a1..1b05fb73 100644
--- a/control.go
+++ b/control.go
@@ -369,23 +369,22 @@ func validateUpstreams(upstreams []string) error {
 	return nil
 }
 
-func validateUpstream(u string) (defaultUpstream bool, err error) {
+func validateUpstream(u string) (bool, error) {
 	// Check if user tries to specify upstream for domain
-	defaultUpstream = true
-	u, defaultUpstream, err = separateUpstream(u)
+	u, defaultUpstream, err := separateUpstream(u)
 	if err != nil {
-		return
+		return defaultUpstream, err
 	}
 
 	// The special server address '#' means "use the default servers"
 	if u == "#" && !defaultUpstream {
-		return
+		return defaultUpstream, nil
 	}
 
 	// Check if the upstream has a valid protocol prefix
 	for _, proto := range protocols {
 		if strings.HasPrefix(u, proto) {
-			return
+			return defaultUpstream, nil
 		}
 	}
 

From f7860c893da81bc23220bcdec8161ce7b36dc558 Mon Sep 17 00:00:00 2001
From: Ildar Kamalov <i.kamalov@adguard.com>
Date: Wed, 20 Mar 2019 15:23:36 +0300
Subject: [PATCH 95/95] * client: removed links from upstream DNS translations

---
 client/src/__locales/bg.json                  |  6 +-
 client/src/__locales/en.json                  |  8 +--
 client/src/__locales/es.json                  |  6 +-
 client/src/__locales/fr.json                  |  6 +-
 client/src/__locales/ja.json                  |  6 +-
 client/src/__locales/pt-br.json               |  6 +-
 client/src/__locales/ru.json                  |  6 +-
 client/src/__locales/sv.json                  |  6 +-
 client/src/__locales/vi.json                  |  6 +-
 client/src/__locales/zh-cn.json               |  6 +-
 client/src/__locales/zh-tw.json               | 15 +++--
 .../components/Settings/Upstream/Examples.js  | 60 +++++++++++++++++--
 12 files changed, 96 insertions(+), 41 deletions(-)

diff --git a/client/src/__locales/bg.json b/client/src/__locales/bg.json
index bb889139..1e06d2e8 100644
--- a/client/src/__locales/bg.json
+++ b/client/src/__locales/bg.json
@@ -118,9 +118,9 @@
     "example_comment_hash": "# \u0422\u043e\u0432\u0430 \u0435 \u0441\u044a\u0449\u043e \u043a\u043e\u043c\u0435\u043d\u0442\u0430\u0440",
     "example_regex_meaning": "\u0411\u043b\u043e\u043a\u0438\u0440\u0430\u0439 \u0434\u043e\u0441\u0442\u044a\u043f \u0434\u043e \u0434\u043e\u043c\u0435\u0439\u043d\u0438 \u043a\u043e\u0439\u0442\u043e \u0441\u044a\u0432\u043f\u0430\u0434\u0430\u0442 \u0441\u044a\u0441 \u0441\u043b\u0435\u0434\u043d\u043e\u0442\u043e",
     "example_upstream_regular": "\u043a\u043b\u0430\u0441\u0438\u0447\u0435\u0441\u043a\u0438 DNS (UDP \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b)",
-    "example_upstream_dot": "\u043a\u0440\u0438\u043f\u0442\u0438\u0440\u0430\u043d <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>DNS-\u0432\u044a\u0440\u0445\u0443-TLS<\/a>",
-    "example_upstream_doh": "\u043a\u0440\u0438\u043f\u0442\u0438\u0440\u0430\u043d <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-\u0432\u044a\u0440\u0445\u0443-HTTPS<\/a>",
-    "example_upstream_sdns": "\u043c\u043e\u0436\u0435 \u0434\u0430 \u043f\u043e\u043b\u0437\u0432\u0430\u0442\u0435 <a href='https:\/\/dnscrypt.info\/stamps\/' target='_blank'>DNS \u041f\u043e\u0434\u043f\u0438\u0441\u0432\u0430\u043d\u0435<\/a> \u0437\u0430 <a href='https:\/\/dnscrypt.info\/' target='_blank'>DNSCrypt<\/a> \u0438\u043b\u0438 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-\u0432\u044a\u0440\u0445\u0443-HTTPS<\/a> \u0441\u044a\u0440\u0432\u044a\u0440\u0438",
+    "example_upstream_dot": "\u043a\u0440\u0438\u043f\u0442\u0438\u0440\u0430\u043d <0>DNS-\u0432\u044a\u0440\u0445\u0443-TLS<\/0>",
+    "example_upstream_doh": "\u043a\u0440\u0438\u043f\u0442\u0438\u0440\u0430\u043d <0>DNS-\u0432\u044a\u0440\u0445\u0443-HTTPS<\/0>",
+    "example_upstream_sdns": "\u043c\u043e\u0436\u0435 \u0434\u0430 \u043f\u043e\u043b\u0437\u0432\u0430\u0442\u0435 <0>DNS \u041f\u043e\u0434\u043f\u0438\u0441\u0432\u0430\u043d\u0435<\/0> \u0437\u0430 <1>DNSCrypt<\/1> \u0438\u043b\u0438 <2>DNS-\u0432\u044a\u0440\u0445\u0443-HTTPS<\/2> \u0441\u044a\u0440\u0432\u044a\u0440\u0438",
     "example_upstream_tcp": "\u043a\u043b\u0430\u0441\u0438\u0447\u0435\u0441\u043a\u0438 DNS (TCP \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b)",
     "all_filters_up_to_date_toast": "\u0412\u0441\u0438\u0447\u043a\u0438 \u0444\u0438\u043b\u0442\u0438 \u0441\u0430 \u0430\u043a\u0442\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0430\u043d\u0438",
     "updated_upstream_dns_toast": "\u0413\u043b\u043e\u0431\u0430\u043b\u043d\u0438\u0442\u0435 DNS \u0441\u044a\u0440\u0432\u044a\u0440\u0438 \u0441\u0430 \u043e\u0431\u043d\u043e\u0432\u0435\u043d\u0438",
diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json
index 74c2fa50..264f79d2 100644
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -118,11 +118,11 @@
     "example_comment_hash": "# Also a comment",
     "example_regex_meaning": "block access to the domains matching the specified regular expression",
     "example_upstream_regular": "regular DNS (over UDP)",
-    "example_upstream_dot": "encrypted <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>DNS-over-TLS<\/a>",
-    "example_upstream_doh": "encrypted <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a>",
-    "example_upstream_sdns": "you can use <a href='https:\/\/dnscrypt.info\/stamps\/' target='_blank'>DNS Stamps<\/a> for <a href='https:\/\/dnscrypt.info\/' target='_blank'>DNSCrypt<\/a> or <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a> resolvers",
+    "example_upstream_dot": "encrypted <0>DNS-over-TLS</0>",
+    "example_upstream_doh": "encrypted <0>DNS-over-HTTPS</0>",
+    "example_upstream_sdns": "you can use <0>DNS Stamps</0> for <1>DNSCrypt</1> or <2>DNS-over-HTTPS</2> resolvers",
     "example_upstream_tcp": "regular DNS (over TCP)",
-    "example_upstream_reserved": "you can specify DNS upstream <a href='https:\/\/github.com\/AdguardTeam\/dnsproxy#specifying-upstreams-for-domains' target='_blank'>for a specific domain(s)<\/a>",
+    "example_upstream_reserved": "you can specify DNS upstream <0>for a specific domain(s)</0>",
     "all_filters_up_to_date_toast": "All filters are already up-to-date",
     "updated_upstream_dns_toast": "Updated the upstream DNS servers",
     "dns_test_ok_toast": "Specified DNS servers are working correctly",
diff --git a/client/src/__locales/es.json b/client/src/__locales/es.json
index 214ff969..de4e3c26 100644
--- a/client/src/__locales/es.json
+++ b/client/src/__locales/es.json
@@ -115,9 +115,9 @@
     "example_comment_meaning": "solo un comentario",
     "example_comment_hash": "# Tambi\u00e9n un comentario",
     "example_upstream_regular": "DNS regular (a trav\u00e9s de UDP)",
-    "example_upstream_dot": "encriptado <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>DNS-a-trav\u00e9s-de-TLS<\/a>",
-    "example_upstream_doh": "encriptado  <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-a-trav\u00e9s-de-TLS<\/a>",
-    "example_upstream_sdns": "puedes usar <a href='https:\/\/dnscrypt.info\/stamps\/' target='_blank'>DNS Stamps<\/a> para <a href='https:\/\/dnscrypt.info\/' target='_blank'>DNSCrypt<\/a> o <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a> resolutores",
+    "example_upstream_dot": "encriptado <0>DNS-a-trav\u00e9s-de-TLS<\/0>",
+    "example_upstream_doh": "encriptado  <0>DNS-a-trav\u00e9s-de-TLS<\/0>",
+    "example_upstream_sdns": "puedes usar <0>DNS Stamps<\/0> para <1>DNSCrypt<\/1> o <2>DNS-over-HTTPS<\/2> resolutores",
     "example_upstream_tcp": "DNS regular (a trav\u00e9s de TCP)",
     "all_filters_up_to_date_toast": "Todos los filtros son actualizados",
     "updated_upstream_dns_toast": "Servidores DNS upstream actualizados",
diff --git a/client/src/__locales/fr.json b/client/src/__locales/fr.json
index 606fa157..629ababe 100644
--- a/client/src/__locales/fr.json
+++ b/client/src/__locales/fr.json
@@ -116,9 +116,9 @@
     "example_comment_meaning": "commentaire",
     "example_comment_hash": "# Et comme \u00e7a aussi on peut laisser des commentaires",
     "example_upstream_regular": "DNS classique (au-dessus de UDP)",
-    "example_upstream_dot": "<a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>DNS-au-dessus-de-TLS<\/a> chiffr\u00e9",
-    "example_upstream_doh": "<a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-au-dessus-de-HTTPS<\/a> chiffr\u00e9",
-    "example_upstream_sdns": "vous pouvez utiliser <a href='https:\/\/dnscrypt.info\/stamps\/' target='_blank'>DNS Stamps<\/a> pour <a href='https:\/\/dnscrypt.info\/' target='_blank'>DNSCrypt<\/a> ou les resolveurs <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-au-dessus-de-HTTPS<\/a>",
+    "example_upstream_dot": "<0>DNS-au-dessus-de-TLS<\/0> chiffr\u00e9",
+    "example_upstream_doh": "<0>DNS-au-dessus-de-HTTPS<\/0> chiffr\u00e9",
+    "example_upstream_sdns": "vous pouvez utiliser <0>DNS Stamps<\/0> pour <1>DNSCrypt<\/1> ou les resolveurs <2>DNS-au-dessus-de-HTTPS<\/2>",
     "example_upstream_tcp": "DNS classique (au-dessus de TCP)",
     "all_filters_up_to_date_toast": "Tous les filtres sont mis \u00e0 jour",
     "updated_upstream_dns_toast": "Les serveurs DNS upstream sont mis \u00e0 jour",
diff --git a/client/src/__locales/ja.json b/client/src/__locales/ja.json
index 7ecf2d1d..a6aac447 100644
--- a/client/src/__locales/ja.json
+++ b/client/src/__locales/ja.json
@@ -115,9 +115,9 @@
     "example_comment_meaning": "\u305f\u3060\u306e\u30b3\u30e1\u30f3\u30c8\u3067\u3059",
     "example_comment_hash": "# \u3053\u3053\u3082\u30b3\u30e1\u30f3\u30c8\u3067\u3059",
     "example_upstream_regular": "\u901a\u5e38\u306eDNS\uff08UDP\u3067\u306e\u554f\u3044\u5408\u308f\u305b\uff09",
-    "example_upstream_dot": "\u6697\u53f7\u5316\u3055\u308c\u3066\u3044\u308b <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>DNS-over-TLS<\/a>",
-    "example_upstream_doh": "\u6697\u53f7\u5316\u3055\u308c\u3066\u3044\u308b <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a>",
-    "example_upstream_sdns": "<a href='https:\/\/dnscrypt.info\/' target='_blank'>DNSCrypt<\/a> \u307e\u305f\u306f <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a> \u30ea\u30be\u30eb\u30d0\u306e\u305f\u3081\u306b <a href='https:\/\/dnscrypt.info\/stamps\/' target='_blank'>DNS Stamps<\/a> \u3092\u4f7f\u3048\u307e\u3059",
+    "example_upstream_dot": "\u6697\u53f7\u5316\u3055\u308c\u3066\u3044\u308b <0>DNS-over-TLS<\/0>",
+    "example_upstream_doh": "\u6697\u53f7\u5316\u3055\u308c\u3066\u3044\u308b <0>DNS-over-HTTPS<\/0>",
+    "example_upstream_sdns": "<0>DNSCrypt<\/0> \u307e\u305f\u306f <1>DNS-over-HTTPS<\/1> \u30ea\u30be\u30eb\u30d0\u306e\u305f\u3081\u306b <2>DNS Stamps<\/2> \u3092\u4f7f\u3048\u307e\u3059",
     "example_upstream_tcp": "\u901a\u5e38\u306eDNS\uff08TCP\u3067\u306e\u554f\u3044\u5408\u308f\u305b\uff09",
     "all_filters_up_to_date_toast": "\u3059\u3079\u3066\u306e\u30d5\u30a3\u30eb\u30bf\u306f\u65e2\u306b\u6700\u65b0\u3067\u3059",
     "updated_upstream_dns_toast": "\u4e0a\u6d41DNS\u30b5\u30fc\u30d0\u3092\u66f4\u65b0\u3057\u307e\u3057\u305f",
diff --git a/client/src/__locales/pt-br.json b/client/src/__locales/pt-br.json
index 90591992..c4668c83 100644
--- a/client/src/__locales/pt-br.json
+++ b/client/src/__locales/pt-br.json
@@ -118,9 +118,9 @@
     "example_comment_hash": "# Tamb\u00e9m um coment\u00e1rio",
     "example_regex_meaning": "bloqueia o acesso aos dom\u00ednios correspondentes \u00e0 express\u00e3o regular especificada",
     "example_upstream_regular": "DNS regular (atrav\u00e9s do UDP)",
-    "example_upstream_dot": "DNS criptografado <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>atrav\u00e9s do TLS<\/a>",
-    "example_upstream_doh": "DNS criptografado <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>atrav\u00e9s do HTTPS<\/a>",
-    "example_upstream_sdns": "Voc\u00ea pode usar <a href='https:\/\/dnscrypt.info\/stamps\/' target='_blank'>DNS Stamps<\/a>para o<a href='https:\/\/dnscrypt.info\/' target='_blank'>DNSCrypt<\/a>ou usar resolvedores<a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-sobre-HTTPS<\/a>",
+    "example_upstream_dot": "DNS criptografado <0>atrav\u00e9s do TLS<\/0>",
+    "example_upstream_doh": "DNS criptografado <0>atrav\u00e9s do HTTPS<\/0>",
+    "example_upstream_sdns": "Voc\u00ea pode usar <0>DNS Stamps<\/0> para o <1>DNSCrypt<\/1> ou usar resolvedores <2>DNS-sobre-HTTPS<\/2>",
     "example_upstream_tcp": "DNS regular (atrav\u00e9s do TCP)",
     "all_filters_up_to_date_toast": "Todos os filtros j\u00e1 est\u00e3o atualizados",
     "updated_upstream_dns_toast": "Atualizado os servidores DNS upstream",
diff --git a/client/src/__locales/ru.json b/client/src/__locales/ru.json
index 6784eceb..3b7ea611 100644
--- a/client/src/__locales/ru.json
+++ b/client/src/__locales/ru.json
@@ -115,9 +115,9 @@
     "example_comment_meaning": "\u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439",
     "example_comment_hash": "# \u0418 \u0432\u043e\u0442 \u0442\u0430\u043a \u0442\u043e\u0436\u0435",
     "example_upstream_regular": "\u043e\u0431\u044b\u0447\u043d\u044b\u0439 DNS (\u043f\u043e\u0432\u0435\u0440\u0445 UDP)",
-    "example_upstream_dot": "\u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>DNS-\u043f\u043e\u0432\u0435\u0440\u0445-TLS<\/a>",
-    "example_upstream_doh": "\u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-\u043f\u043e\u0432\u0435\u0440\u0445-HTTPS<\/a>",
-    "example_upstream_sdns": "\u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c <a href='https:\/\/dnscrypt.info\/stamps\/' target='_blank'>DNS Stamps<\/a> \u0434\u043b\u044f <a href='https:\/\/dnscrypt.info\/' target='_blank'>DNSCrypt<\/a> \u0438\u043b\u0438 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a> \u0440\u0435\u0437\u043e\u043b\u0432\u0435\u0440\u043e\u0432",
+    "example_upstream_dot": "\u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 <0>DNS-\u043f\u043e\u0432\u0435\u0440\u0445-TLS<\/0>",
+    "example_upstream_doh": "\u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 <0>DNS-\u043f\u043e\u0432\u0435\u0440\u0445-HTTPS<\/0>",
+    "example_upstream_sdns": "\u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c <0>DNS Stamps<\/0> \u0434\u043b\u044f <1>DNSCrypt<\/1> \u0438\u043b\u0438 <2>DNS-over-HTTPS<\/2> \u0440\u0435\u0437\u043e\u043b\u0432\u0435\u0440\u043e\u0432",
     "example_upstream_tcp": "\u043e\u0431\u044b\u0447\u043d\u044b\u0439 DNS (\u043f\u043e\u0432\u0435\u0440\u0445 TCP)",
     "all_filters_up_to_date_toast": "\u0412\u0441\u0435 \u0444\u0438\u043b\u044c\u0442\u0440\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u044b",
     "updated_upstream_dns_toast": "Upstream DNS-\u0441\u0435\u0440\u0432\u0435\u0440\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u044b",
diff --git a/client/src/__locales/sv.json b/client/src/__locales/sv.json
index 71b37466..bdd6e123 100644
--- a/client/src/__locales/sv.json
+++ b/client/src/__locales/sv.json
@@ -118,9 +118,9 @@
     "example_comment_hash": "# Ocks\u00e5 en kommentar",
     "example_regex_meaning": "blockera \u00e5tkomst till en dom\u00e4n som matchar det angivna uttrycket",
     "example_upstream_regular": "vanlig DNS (\u00f6ver UDP)",
-    "example_upstream_dot": "krypterat <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>DNS-over-TLS<\/a>",
-    "example_upstream_doh": "krypterat <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a>",
-    "example_upstream_sdns": "Du kan anv\u00e4nda <a href='https:\/\/dnscrypt.info\/stamps\/' target='_blank'>DNS-stamps<\/a> f\u00f6r <a href='https:\/\/dnscrypt.info\/' target='_blank'>DNSCrypt<\/a> eller <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-\u00f6ver-HTTPS<\/a>\n-resolvers",
+    "example_upstream_dot": "krypterat <0>DNS-over-TLS<\/0>",
+    "example_upstream_doh": "krypterat <0>DNS-over-HTTPS<\/0>",
+    "example_upstream_sdns": "Du kan anv\u00e4nda <0>DNS-stamps<\/0> f\u00f6r <1>DNSCrypt<\/1> eller <2>DNS-\u00f6ver-HTTPS<\/2>\n-resolvers",
     "example_upstream_tcp": "vanlig DNS (\u00f6ver UDP)",
     "all_filters_up_to_date_toast": "Alla filter \u00e4r redan aktuella",
     "updated_upstream_dns_toast": "Uppdaterade uppstr\u00f6ms-dns-servrar",
diff --git a/client/src/__locales/vi.json b/client/src/__locales/vi.json
index ba447ac2..9caa47ef 100644
--- a/client/src/__locales/vi.json
+++ b/client/src/__locales/vi.json
@@ -113,9 +113,9 @@
     "example_comment_meaning": "Ch\u1ec9 l\u00e0 m\u1ed9t ch\u00fa th\u00edch",
     "example_comment_hash": "# C\u0169ng l\u00e0 m\u1ed9t ch\u00fa th\u00edch",
     "example_upstream_regular": "DNS th\u00f4ng th\u01b0\u1eddng (d\u00f9ng UDP)",
-    "example_upstream_dot": "\u0111\u01b0\u1ee3c m\u00e3 ho\u00e1 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>DNS-over-TLS<\/a>",
-    "example_upstream_doh": "\u0111\u01b0\u1ee3c m\u00e3 ho\u00e1 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a>",
-    "example_upstream_sdns": "b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng <a href='https:\/\/dnscrypt.info\/stamps\/' target='_blank'>DNS Stamps<\/a> for <a href='https:\/\/dnscrypt.info\/' target='_blank'>DNSCrypt<\/a> ho\u1eb7c<a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a> ",
+    "example_upstream_dot": "\u0111\u01b0\u1ee3c m\u00e3 ho\u00e1 <0>DNS-over-TLS<\/0>",
+    "example_upstream_doh": "\u0111\u01b0\u1ee3c m\u00e3 ho\u00e1 <0>DNS-over-HTTPS<\/0>",
+    "example_upstream_sdns": "b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng <0>DNS Stamps<\/0> for <1>DNSCrypt<\/1> ho\u1eb7c <2>DNS-over-HTTPS<\/2> ",
     "example_upstream_tcp": "DNS th\u00f4ng th\u01b0\u1eddng(d\u00f9ng TCP)",
     "all_filters_up_to_date_toast": "T\u1ea5t c\u1ea3 b\u1ed9 l\u1ecdc \u0111\u00e3 \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt",
     "updated_upstream_dns_toast": "\u0110\u00e3 c\u1eadp nh\u1eadt m\u00e1y ch\u1ee7 DNS t\u00ecm ki\u1ebfm",
diff --git a/client/src/__locales/zh-cn.json b/client/src/__locales/zh-cn.json
index 7ac6abf3..6c3cf349 100644
--- a/client/src/__locales/zh-cn.json
+++ b/client/src/__locales/zh-cn.json
@@ -118,9 +118,9 @@
     "example_comment_hash": "# \u8fd9\u4e5f\u662f\u4e00\u884c\u6ce8\u91ca",
     "example_regex_meaning": "\u963b\u6b62\u8bbf\u95ee\u4e0e\u6307\u5b9a\u7684\u6b63\u5219\u8868\u8fbe\u5f0f\u5339\u914d\u7684\u57df\u540d",
     "example_upstream_regular": "\u5e38\u89c4 DNS\uff08\u57fa\u4e8e UDP\uff09",
-    "example_upstream_dot": "\u52a0\u5bc6 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>DNS-over-TLS<\/a>",
-    "example_upstream_doh": "\u52a0\u5bc6 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a>",
-    "example_upstream_sdns": "\u4f60\u53ef\u4ee5\u4f7f\u7528 <a href='https:\/\/dnscrypt.info\/' target='_blank'>DNSCrypt<\/a> \u7684 <a href='https:\/\/dnscrypt.info\/stamps\/' target='_blank'>DNS Stamps<\/a> \u6216\u8005 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a> \u89e3\u6790\u5668",
+    "example_upstream_dot": "\u52a0\u5bc6 <0>DNS-over-TLS<\/0>",
+    "example_upstream_doh": "\u52a0\u5bc6 <0>DNS-over-HTTPS<\/0>",
+    "example_upstream_sdns": "\u4f60\u53ef\u4ee5\u4f7f\u7528 <0>DNSCrypt<\/0> \u7684 <1>DNS Stamps<\/1> \u6216\u8005 <2>DNS-over-HTTPS<\/2> \u89e3\u6790\u5668",
     "example_upstream_tcp": "\u5e38\u89c4 DNS\uff08\u57fa\u4e8e TCP \uff09",
     "all_filters_up_to_date_toast": "\u6240\u6709\u8fc7\u6ee4\u5668\u5df2\u66f4\u65b0\u81f3\u6700\u65b0",
     "updated_upstream_dns_toast": "\u4e0a\u6e38 DNS \u5df2\u66f4\u65b0",
diff --git a/client/src/__locales/zh-tw.json b/client/src/__locales/zh-tw.json
index 4d3b7b85..35920049 100644
--- a/client/src/__locales/zh-tw.json
+++ b/client/src/__locales/zh-tw.json
@@ -1,4 +1,7 @@
 {
+    "upstream_parallel": "\u900f\u904e\u540c\u6642\u5730\u67e5\u8a62\u6240\u6709\u4e0a\u6e38\u7684\u4f3a\u670d\u5668\uff0c\u4f7f\u7528\u4e26\u884c\u7684\u67e5\u8a62\u4ee5\u52a0\u901f\u89e3\u6790",
+    "bootstrap_dns": "\u81ea\u6211\u555f\u52d5\uff08Bootstrap\uff09DNS \u4f3a\u670d\u5668",
+    "bootstrap_dns_desc": "\u81ea\u6211\u555f\u52d5\uff08Bootstrap\uff09DNS\u4f3a\u670d\u5668\u88ab\u7528\u65bc\u89e3\u6790\u60a8\u660e\u78ba\u6307\u5b9a\u4f5c\u70ba\u4e0a\u6e38\u7684DoH\/DoT\u89e3\u6790\u5668\u4e4bIP\u4f4d\u5740\u3002",
     "url_added_successfully": "\u7db2\u5740\u88ab\u6210\u529f\u5730\u52a0\u5165",
     "check_dhcp_servers": "\u6aa2\u67e5\u52d5\u614b\u4e3b\u6a5f\u8a2d\u5b9a\u5354\u5b9a\uff08DHCP\uff09\u4f3a\u670d\u5668",
     "save_config": "\u5132\u5b58\u914d\u7f6e",
@@ -79,7 +82,7 @@
     "no_settings": "\u7121\u8a2d\u5b9a",
     "general_settings": "\u4e00\u822c\u7684\u8a2d\u5b9a",
     "upstream_dns": "\u4e0a\u6e38\u7684DNS\u4f3a\u670d\u5668",
-    "upstream_dns_hint": "\u5982\u679c\u60a8\u4fdd\u7559\u8a72\u6b04\u4f4d\u7a7a\u767d\u7684\uff0cAdGuard Home\u5c07\u4f7f\u7528<a href='https:\/\/1.1.1.1\/' target='_blank'>Cloudflare DNS<\/a>\u4f5c\u70ba\u4e0a\u6e38\u3002\u5c0d\u65bcDNS over TLS\u4f3a\u670d\u5668\u4f7f\u7528 tls:\/\/ \u524d\u7db4\u3002",
+    "upstream_dns_hint": "\u5982\u679c\u60a8\u5c07\u8a72\u6b04\u4f4d\u7559\u7a7a\uff0cAdGuard Home\u5c07\u4f7f\u7528<a href='https:\/\/1.1.1.1\/' target='_blank'>Cloudflare DNS<\/a>\u4f5c\u70ba\u4e0a\u6e38\u3002",
     "test_upstream_btn": "\u6e2c\u8a66\u4e0a\u884c\u8cc7\u6599\u6d41",
     "apply_btn": "\u5957\u7528",
     "disabled_filtering_toast": "\u5df2\u7981\u7528\u904e\u6ffe",
@@ -118,9 +121,9 @@
     "example_comment_hash": "# \u4e5f\u662f\u4e00\u500b\u8a3b\u89e3",
     "example_regex_meaning": "\u5c01\u9396\u81f3\u8207\u5df2\u660e\u78ba\u6307\u5b9a\u7684\u898f\u5247\u904b\u7b97\u5f0f\uff08Regular Expression\uff09\u76f8\u7b26\u7684\u7db2\u57df\u4e4b\u5b58\u53d6",
     "example_upstream_regular": "\u4e00\u822c\u7684 DNS\uff08\u900f\u904eUDP\uff09",
-    "example_upstream_dot": "\u52a0\u5bc6\u7684 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_TLS' target='_blank'>DNS-over-TLS<\/a>",
-    "example_upstream_doh": "\u52a0\u5bc6\u7684 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS <\/a>",
-    "example_upstream_sdns": "\u60a8\u53ef\u4f7f\u7528\u95dc\u65bc <a href='https:\/\/dnscrypt.info\/' target='_blank'>DNSCrypt<\/a> \u6216 <a href='https:\/\/en.wikipedia.org\/wiki\/DNS_over_HTTPS' target='_blank'>DNS-over-HTTPS<\/a> \u89e3\u6790\u5668\u4e4b <a href='https:\/\/dnscrypt.info\/stamps\/' target='_blank'>DNS \u6233\u8a18<\/a>",
+    "example_upstream_dot": "\u52a0\u5bc6\u7684 <0>DNS-over-TLS<\/0>",
+    "example_upstream_doh": "\u52a0\u5bc6\u7684 <0>DNS-over-HTTPS <\/0>",
+    "example_upstream_sdns": "\u60a8\u53ef\u4f7f\u7528\u95dc\u65bc <0>DNSCrypt<\/0> \u6216 <1>DNS-over-HTTPS<\/1> \u89e3\u6790\u5668\u4e4b <2>DNS \u6233\u8a18<\/2>",
     "example_upstream_tcp": "\u4e00\u822c\u7684 DNS\uff08\u900f\u904eTCP\uff09",
     "all_filters_up_to_date_toast": "\u6240\u6709\u7684\u904e\u6ffe\u5668\u5df2\u662f\u6700\u65b0\u7684",
     "updated_upstream_dns_toast": "\u5df2\u66f4\u65b0\u4e0a\u6e38\u7684DNS\u4f3a\u670d\u5668",
@@ -246,5 +249,7 @@
     "form_error_equal": "\u4e0d\u61c9\u70ba\u76f8\u7b49\u7684",
     "form_error_password": "\u4e0d\u76f8\u7b26\u7684\u5bc6\u78bc",
     "reset_settings": "\u91cd\u7f6e\u8a2d\u5b9a",
-    "update_announcement": "AdGuard Home {{version}} \u73fe\u70ba\u53ef\u7528\u7684\uff01\u95dc\u65bc\u66f4\u591a\u7684\u8cc7\u8a0a\uff0c<0>\u9ede\u64ca\u9019\u88e1<\/0>\u3002"
+    "update_announcement": "AdGuard Home {{version}} \u73fe\u70ba\u53ef\u7528\u7684\uff01\u95dc\u65bc\u66f4\u591a\u7684\u8cc7\u8a0a\uff0c<0>\u9ede\u64ca\u9019\u88e1<\/0>\u3002",
+    "setup_guide": "\u5b89\u88dd\u6307\u5357",
+    "dns_addresses": "DNS \u4f4d\u5740"
 }
\ No newline at end of file
diff --git a/client/src/components/Settings/Upstream/Examples.js b/client/src/components/Settings/Upstream/Examples.js
index 53a233a0..b289112d 100644
--- a/client/src/components/Settings/Upstream/Examples.js
+++ b/client/src/components/Settings/Upstream/Examples.js
@@ -10,19 +10,69 @@ const Examples = props => (
                 <code>1.1.1.1</code> - { props.t('example_upstream_regular') }
             </li>
             <li>
-                <code>tls://1dot1dot1dot1.cloudflare-dns.com</code> - <span dangerouslySetInnerHTML={{ __html: props.t('example_upstream_dot') }} />
+                <code>tls://1dot1dot1dot1.cloudflare-dns.com</code> –&nbsp;
+                <span>
+                    <Trans
+                        components={[
+                            <a href="https://en.wikipedia.org/wiki/DNS_over_TLS" target="_blank" rel="noopener noreferrer" key="0">
+                                DNS-over-TLS
+                            </a>,
+                        ]}
+                    >
+                        example_upstream_dot
+                    </Trans>
+                </span>
             </li>
             <li>
-                <code>https://cloudflare-dns.com/dns-query</code> - <span dangerouslySetInnerHTML={{ __html: props.t('example_upstream_doh') }} />
+                <code>https://cloudflare-dns.com/dns-query</code> –&nbsp;
+                <span>
+                    <Trans
+                        components={[
+                            <a href="https://en.wikipedia.org/wiki/DNS_over_HTTPS" target="_blank" rel="noopener noreferrer" key="0">
+                                DNS-over-HTTPS
+                            </a>,
+                        ]}
+                    >
+                        example_upstream_doh
+                    </Trans>
+                </span>
             </li>
             <li>
-                <code>tcp://1.1.1.1</code> - { props.t('example_upstream_tcp') }
+                <code>tcp://1.1.1.1</code> – <Trans>example_upstream_tcp</Trans>
             </li>
             <li>
-                <code>sdns://...</code> - <span dangerouslySetInnerHTML={{ __html: props.t('example_upstream_sdns') }} />
+                <code>sdns://...</code> –&nbsp;
+                <span>
+                    <Trans
+                        components={[
+                            <a href="https://dnscrypt.info/stamps/" target="_blank" rel="noopener noreferrer" key="0">
+                                DNS Stamps
+                            </a>,
+                            <a href="https://dnscrypt.info/" target="_blank" rel="noopener noreferrer" key="1">
+                                DNSCrypt
+                            </a>,
+                            <a href="https://en.wikipedia.org/wiki/DNS_over_HTTPS" target="_blank" rel="noopener noreferrer" key="2">
+                                DNS-over-HTTPS
+                            </a>,
+                        ]}
+                    >
+                        example_upstream_sdns
+                    </Trans>
+                </span>
             </li>
             <li>
-                <code>[/example.local/]1.1.1.1</code> - <span dangerouslySetInnerHTML={{ __html: props.t('example_upstream_reserved') }} />
+                <code>[/example.local/]1.1.1.1</code> –&nbsp;
+                <span>
+                    <Trans
+                        components={[
+                            <a href="https://github.com/AdguardTeam/dnsproxy#specifying-upstreams-for-domains" target="_blank" rel="noopener noreferrer" key="0">
+                                Link
+                            </a>,
+                        ]}
+                    >
+                        example_upstream_reserved
+                    </Trans>
+                </span>
             </li>
         </ol>
     </div>