Releases: AdguardTeam/AdGuardHome
AdGuard Home v0.106.0-b.2
Changes compared to the previous beta, v0.106.0-b.1. See CHANGELOG.md for all changes.
Added
- New flag
--no-etc-hosts
to disable client domain name lookups in the operating system's /etc/hosts files (#1947). - The ability to set up custom upstreams to resolve PTR queries for local addresses and to disable the automatic resolving of clients' addresses (#2704).
- Logging of the client's IP address after failed login attempts (#2824).
- Search by clients' names in the query log (#1273).
- Verbose version output with
-v --version
(#2416).
Changed
- Normalization of hostnames with spaces sent by DHCP clients (#2945).
- The access to the private hosts is now forbidden for users from external networks (#2889).
- The reverse lookup for local addresses is now performed via local resolvers (#2704).
- Stricter validation of the IP addresses of static leases in the DHCP server with regards to the netmask (#2838).
- Stricter validation of
$dnsrewrite
filter modifier parameters (#2498).
Fixed
AdGuard Home v0.106.0-b.1
Changes compared to v0.105.2. See CHANGELOG.md for all changes.
Added
- The ability to set a custom TLD for known local-network hosts (#2393).
- The ability to serve DNS queries on multiple hosts and interfaces (#1401).
ips
andtext
DHCP server options (#2385).SRV
records support in$dnsrewrite
filters (#2533).
Changed
- Stricter validation of the IP addresses of static leases in the DHCP server with regards to the netmask (#2838).
- Stricter validation of
$dnsrewrite
filter modifier parameters (#2498). - New, more correct versioning scheme (#2412).
Deprecated
- Go 1.15 support. v0.107.0 will require at least Go 1.16 to build.
Fixed
- Support for more than one
/24
subnet in DHCP (#2541). - Invalid filenames in the
mobileconfig
API responses (#2835).
Removed
- Go 1.14 support.
AdGuard Home v0.105.2
There are big flashy updates, and there are seemingly unassuming ones, which constitute, however, the backbone of any successful project. This is the latter, as you may have guessed. You'll find here a heap of bugfixes and a security update for CVE-2021-27935.
Security
- Session token doesn't contain user's information anymore (#2470).
Fixed
- Incomplete hostnames with trailing zero-bytes handling (#2582).
- Wrong DNS-over-TLS ALPN configuration (#2681).
- Inconsistent responses for messages with EDNS0 and AD when DNS caching is enabled (#2600).
- Incomplete OpenWRT detection (#2757).
- DHCP lease's
expired
field incorrect time format (#2692). - Incomplete DNS upstreams validation (#2674).
- Wrong parsing of DHCP options of the
ip
type (#2688).
AdGuard Home v0.105.1
Have you ever thought about why traditions are so important?🧙♂️ Traditions help us remember that we are part of a history that defines our past, shapes who we are today, and who we are likely to become. This is why we at AdGuard respect our traditions, and the most important one is pushing the inevitable hotfix right after every major update.🔥🔧
Jokes aside, here's the list of things fixed and improved in this hotfix.
Changed
- Increased HTTP API timeouts (#2671, #2682).
- "Permission denied" errors when checking if the machine has a static IP no longer prevent the DHCP server from starting (#2667).
- The server name sent by clients of TLS APIs is not only checked when
strict_sni_check
is enabled (#2664). - HTTP API request body size limit for the
POST /control/access/set
andPOST /control/filtering/set_rules
HTTP APIs is increased (#2666, #2675).
Fixed
- Error when enabling the DHCP server when AdGuard Home couldn't determine if the machine has a static IP.
- Optical issue on custom rules (#2641).
- Occasional crashes during startup.
- The field
"range_start"
in theGET /control/dhcp/status
HTTP API response is now correctly named again (#2678). - DHCPv6 server's
ra_slaac_only
andra_allow_slaac
settings aren't reset tofalse
on update any more (#2653). - The
Vary
header is now added along withAccess-Control-Allow-Origin
to prevent cache-related and other issues in browsers (#2658). - The request body size limit is now set for HTTPS requests as well.
- Incorrect version tag in the Docker release (#2663).
- DNSCrypt queries weren't marked as such in logs (#2662).
AdGuard Home v0.105.0
We took our sweet time with this update, but you'll most certainly find it to be worth the wait. The changelog contains three absolute 💥bangers and a laundry list of lesser changes.
🕵️♂️ Client ID support for DNS-over-HTTPS, DNS-over-QUIC, and DNS-over-TLS (#1387)
This feature would be really useful to those of you who run an encrypted DNS resolver on a public server. In short, you can now identify your devices not just by their IP address (which is, frankly, not too useful in a public server scenario 🤷♀️), but by using a special "Client ID".
Here's how it works:
- First, you add a client and specify an arbitrary string as its "Identifier", for instance,
my-iphone
. - On the client device you can now configure:
DNS-over-HTTPS
:https://example.org/dns-query/my-iphone
DNS-over-TLS
:tls://my-iphone.example.org
(requires a Wildcard certificate)DNS-over-QUIC
:quic://my-iphone.example.org
(requires a Wildcard certificate)
- Queries and stats are now properly attributed to your device.
🔐 AdGuard as a DNSCrypt-resolver (#1361)
DNSCrypt was the very first DNS encryption protocol that got some traction. It may not be as popular as DoH/DoT/DoQ now, but it is still viable. Moreover, performance-wise DNSCrypt is better than any of them. And now that v0.105.0 is out, AdGuard Home can be configured to work as a DNSCrypt resolver!
However, here goes the tricky part. We haven't yet exposed these settings to the Web admin panel so if you want to have DNSCrypt, you'll need to follow this instruction and do it via editing the configuration file (AdGuardHome.yaml
). Not that it would scare you off, would it? 🤓
Regarding DNSCrypt clients - AdGuard for Android, Windows and iOS support it, Mac will get its support pretty soon. Besides that, here is a long list of client software that supports it as well.
🆎 $dnsrewrite
and $dnstype
modifiers (#2102 #2337)
AdGuard Home now supports two more powerful rule modifiers that will help blocklists' maintainers.
-
$dnstype
lets you narrow down the rule scope and apply it only to queries of a specific type(s). For instance, Apple devices now supportHTTPS
DNS query type. While being generally a good thing, this new type may sometimes be harmful😲. By using$dnstype
you can block it completely using a simple rule like this:$dnstype=HTTPS
-
$dnsrewrite
is another powerful modifier that allows you to modify DNS responses. Note that this modifier is much more powerful compared to something like a hosts file.Here are some examples:
||example.org^$dnsrewrite=SERVFAIL;;
- returnSERVFAIL
forexample.org
and all it's subdomains|test.example.org^$dnsrewrite=NOERROR;TXT;hello_world
- add aTXT
record fortest.example.org
|example.org^$dnsrewrite=example.com
- redirectexample.org
toexample.com
|example.org^$dnsrewrite=1.1.1.1
- redirectexample.org
toexample.com
- You can find more examples in the documentation.
Added
- Added more services to the "Blocked services" list (#2224, #2401).
ipset
subdomain matching, just likednsmasq
does (#2179).- The host checking API and the query logs API can now return multiple matched rules (#2102).
- Detecting of network interface configured to have static IP address via
/etc/network/interfaces
(#2302). - A 5 second wait period until a DHCP server's network interface gets an IP address (#2304).
- HTTP API request body size limit (#2305).
Changed
Access-Control-Allow-Origin
is now only set to the same origin as the domain, but with an HTTP scheme as opposed to*
(#2484).workDir
now supports symlinks.- Stopped mounting together the directories
/opt/adguardhome/conf
and/opt/adguardhome/work
in our Docker images (#2589). - When
dns.bogus_nxdomain
option is used, the server will now transform responses if there is at least one bogus address instead of all of them (#2394). The new behavior is the same as indnsmasq
. - Post-updating relaunch possibility is now determined OS-dependently (#2231, #2391).
- Made the mobileconfig HTTP API more robust and predictable, add parameters and improve error response (#2358).
- Improved HTTP requests handling and timeouts (#2343).
- Our snap package now uses the
core20
image as its base (#2306). - New build system and various internal improvements (#2271, #2276, #2297, #2509, #2552, #2639, #2646).
Deprecated
- Go 1.14 support. v0.106.0 will require at least Go 1.15 to build.
- The
darwin/386
port. It will be removed in v0.106.0. - The
"rule"
and"filter_id"
fields inGET /filtering/check_host
and
GET /querylog
responses. They will be removed in v0.106.0 (#2102).
Fixed
- Autoupdate bug in the Darwin (macOS) version (#2630).
- Unnecessary conversions from
string
tonet.IP
, and vice versa (#2508). - Inability to set DNS cache TTL limits (#2459).
- Possible freezes on slower machines (#2225).
- A mitigation against records being shown in the wrong order on the query log page (#2293).
- A JSON parsing error in query log (#2345).
- Incorrect detection of the IPv6 address of an interface as well as another infinite loop in the
/dhcp/find_active_dhcp
HTTP API (#2355).
Removed
- The undocumented ability to use hostnames as any of
bind_host
values in the configuration. Documentation requires them to be valid IP addresses, and now the implementation makes sure that that is the case (#2508). Dockerfile
(#2276). Replaced with the scriptscripts/make/build-docker.sh
which usesscripts/make/Dockerfile
.- Support for pre-v0.99.3 format of query logs (#2102).
AdGuard Home v0.105.0-beta.4
Added
- Added more services to the "Blocked services" list (#2224, #2401).
ipset
subdomain matching, just likednsmasq
does (#2179).- Client ID support for DNS-over-HTTPS, DNS-over-QUIC, and DNS-over-TLS (#1383).
$dnsrewrite
modifier for filters (#2102).- The host checking API and the query logs API can now return multiple matched rules (#2102).
- Detecting of network interface configured to have static IP address via
/etc/network/interfaces
(#2302). - DNSCrypt protocol support (#1361).
- A 5 second wait period until a DHCP server's network interface gets an IP address (#2304).
$dnstype
modifier for filters (#2337).- HTTP API request body size limit (#2305).
Changed
Access-Control-Allow-Origin
is now only set to the same origin as the domain, but with an HTTP scheme as opposed to*
(#2484).workDir
now supports symlinks.- Stopped mounting together the directories
/opt/adguardhome/conf
and/opt/adguardhome/work
in our Docker images (#2589). - When
dns.bogus_nxdomain
option is used, the server will now transform responses if there is at least one bogus address instead of all of them (#2394). The new behavior is the same as indnsmasq
. - Post-updating relaunch possibility is now determined OS-dependently (#2231, #2391).
- Made the mobileconfig HTTP API more robust and predictable, add parameters and improve error response (#2358).
- Improved HTTP requests handling and timeouts (#2343).
- Our snap package now uses the
core20
image as its base (#2306). - New build system and various internal improvements (#2271, #2276, #2297, #2509, #2552).
Deprecated
- Go 1.14 support. v0.106.0 will require at least Go 1.15 to build.
- The
darwin/386
port. It will be removed in v0.106.0. - The
"rule"
and"filter_id"
fields inGET /filtering/check_host
and
GET /querylog
responses. They will be removed in v0.106.0 (#2102).
Fixed
- Autoupdate bug in the Darwin (macOS) version (#2630).
- Unnecessary conversions from
string
tonet.IP
, and vice versa (#2508). - Inability to set DNS cache TTL limits (#2459).
- Possible freezes on slower machines (#2225).
- A mitigation against records being shown in the wrong order on the query log page (#2293).
- A JSON parsing error in query log (#2345).
- Incorrect detection of the IPv6 address of an interface as well as another infinite loop in the
/dhcp/find_active_dhcp
HTTP API (#2355).
Removed
- The undocumented ability to use hostnames as any of
bind_host
values in configuration. Documentation requires them to be valid IP addresses, and now the implementation makes sure that that is the case (#2508). Dockerfile
(#2276). Replaced with the scriptscripts/make/build-docker.sh
which usesscripts/make/Dockerfile
.- Support for pre-v0.99.3 format of query logs (#2102).
AdGuard Home v0.105.0-beta.3
Added
ipset
subdomain matching, just likednsmasq
does (#2179).- Client ID support for DNS-over-HTTPS, DNS-over-QUIC, and DNS-over-TLS (#1383).
$dnsrewrite
modifier for filters (#2102).- The host checking API and the query logs API can now return multiple matched rules (#2102).
- Detecting of network interface configured to have static IP address via
/etc/network/interfaces
(#2302). - DNSCrypt protocol support (#1361).
- A 5 second wait period until a DHCP server's network interface gets an IP address (#2304).
$dnstype
modifier for filters (#2337).- HTTP API request body size limit (#2305).
Changed
workDir
now supports symlinks.- Stopped mounting together the directories
/opt/adguardhome/conf
and/opt/adguardhome/work
in our Docker images (#2589). - When
dns.bogus_nxdomain
option is used, the server will now transform responses if there is at least one bogus address instead of all of them (#2394). The new behavior is the same as indnsmasq
. - Post-updating relaunch possibility is now determined OS-dependently (#2231, #2391).
- Made the mobileconfig HTTP API more robust and predictable, add parameters and improve error response (#2358).
- Improved HTTP requests handling and timeouts (#2343).
- Our snap package now uses the
core20
image as its base (#2306). - New build system and various internal improvements (#2271, #2276, #2297, #2509, #2552).
Deprecated
- Go 1.14 support. v0.106.0 will require at least Go 1.15 to build.
- The
darwin/386
port. It will be removed in v0.106.0. - The
"rule"
and"filter_id"
fields inGET /filtering/check_host
andGET /querylog
responses. They will be removed in v0.106.0 (#2102).
Fixed
- Unnecessary conversions from
string
tonet.IP
, and vice versa (#2508). - Inability to set DNS cache TTL limits (#2459).
- Possible freezes on slower machines (#2225).
- A mitigation against records being shown in the wrong order on the query log page (#2293).
- A JSON parsing error in query log (#2345).
- Incorrect detection of the IPv6 address of an interface as well as another infinite loop in the
/dhcp/find_active_dhcp
HTTP API (#2355).
Removed
- The undocumented ability to use hostnames as any of
bind_host
values in configuration. Documentation requires them to be valid IP addresses, and now the implementation makes sure that that is the case (#2508). Dockerfile
(#2276). Replaced with the scriptscripts/make/build-docker.sh
which usesscripts/make/Dockerfile
.- Support for pre-v0.99.3 format of query logs (#2102).
AdGuard Home v0.105.0-beta.2
Added
$dnsrewrite
modifier for filters (#2102).- The host checking API and the query logs API can now return multiple matched rules (#2102).
- Detecting of network interface configured to have static IP address via
/etc/network/interfaces
(#2302). - DNSCrypt protocol support (#1361).
- A 5 second wait period until a DHCP server's network interface gets an IP address (#2304).
$dnstype
modifier for filters (#2337).- HTTP API request body size limit (#2305).
Changed
- When
dns.bogus_nxdomain
option is used, the server will now transform responses if there is at least one bogus address instead of all of them (#2394). The new behavior is the same as indnsmasq
. - Post-updating relaunch possibility is now determined OS-dependently (#2231, #2391).
- Made the mobileconfig HTTP API more robust and predictable, add parameters and improve error response (#2358).
- Improved HTTP requests handling and timeouts (#2343).
- Our snap package now uses the
core20
image as its base (#2306). - Various internal improvements (#2267, #2271, #2297).
Fixed
- Inability to set DNS cache TTL limits (#2459).
- Possible freezes on slower machines (#2225).
- A mitigation against records being shown in the wrong order on the query log page (#2293).
- A JSON parsing error in query log (#2345).
- Incorrect detection of the IPv6 address of an interface as well as another infinite loop in the
/dhcp/find_active_dhcp
HTTP API (#2355).
AdGuard Home v0.105.0-beta.1
Added
- Detecting of network interface configurated to have static IP address via
/etc/network/interfaces
(#2302). - DNSCrypt protocol support (#1361).
- A 5 second wait period until a DHCP server's network interface gets an IP address (#2304).
$dnstype
modifier for filters (#2337).- HTTP API request body size limit (#2305).
Changed
- Post-updating relaunch possibility is now determined OS-dependently (#2231, #2391).
- Made the mobileconfig HTTP API more robust and predictable, add parameters and improve error response (#2358).
- Improved HTTP requests handling and timeouts (#2343).
- Our snap package now uses the
core20
image as its base (#2306). - Various internal improvements (#2267, #2271, #2297).
Fixed
AdGuard Home v0.104.3
Bugfixes... 😌 There's something about them that we just can't resist. We always want more! 🧟
When there's nothing more to fix, we just roll out a new major update, introduce some fresh bugs and start all over. It's a circle of life ☯️
Luckily, there are still some to prey upon in v0.104. Have a look at what we've fixed this time:
Fixed
- Don't expose the profiler HTTP API (#2336).
- Load query logs from files after loading the ones buffered in memory (#2325).
- Don't show Unnecessary errors in logs when switching between query log files (#2324).
- Don't show
404 Not Found
errors on the DHCP settings page on Windows. Show that DHCP is not currently available on that OS instead (#2295). - Fix an infinite loop in the
/dhcp/find_active_dhcp
HTTP API method (#2301). - Various internal improvements.