AdGuard Home v0.106.0-b.2

Changes compared to the previous beta, v0.106.0-b.1. See CHANGELOG.md for all changes.

Added

• New flag --no-etc-hosts to disable client domain name lookups in the operating system's /etc/hosts files (#1947).
• The ability to set up custom upstreams to resolve PTR queries for local addresses and to disable the automatic resolving of clients' addresses (#2704).
• Logging of the client's IP address after failed login attempts (#2824).
• Search by clients' names in the query log (#1273).
• Verbose version output with -v --version (#2416).

Changed

• Normalization of hostnames with spaces sent by DHCP clients (#2945).
• The access to the private hosts is now forbidden for users from external networks (#2889).
• The reverse lookup for local addresses is now performed via local resolvers (#2704).
• Stricter validation of the IP addresses of static leases in the DHCP server with regards to the netmask (#2838).
• Stricter validation of $dnsrewrite filter modifier parameters (#2498).

Fixed

• Comment handling in clients' custom upstreams (#2947).
• Overwriting of DHCPv4 options when using the HTTP API (#2927).
• Assumption that MAC addresses always have the length of 6 octets (#2828).
• Various other bugs.

AdGuard Home v0.106.0-b.1

Changes compared to v0.105.2. See CHANGELOG.md for all changes.

Added

• The ability to set a custom TLD for known local-network hosts (#2393).
• The ability to serve DNS queries on multiple hosts and interfaces (#1401).
• ips and text DHCP server options (#2385).
• SRV records support in $dnsrewrite filters (#2533).

Changed

• Stricter validation of the IP addresses of static leases in the DHCP server with regards to the netmask (#2838).
• Stricter validation of $dnsrewrite filter modifier parameters (#2498).
• New, more correct versioning scheme (#2412).

Deprecated

• Go 1.15 support. v0.107.0 will require at least Go 1.16 to build.

Fixed

• Support for more than one /24 subnet in DHCP (#2541).
• Invalid filenames in the mobileconfig API responses (#2835).

Removed

• Go 1.14 support.

AdGuard Home v0.105.2

There are big flashy updates, and there are seemingly unassuming ones, which constitute, however, the backbone of any successful project. This is the latter, as you may have guessed. You'll find here a heap of bugfixes and a security update for CVE-2021-27935.

Security

• Session token doesn't contain user's information anymore (#2470).

Fixed

• Incomplete hostnames with trailing zero-bytes handling (#2582).
• Wrong DNS-over-TLS ALPN configuration (#2681).
• Inconsistent responses for messages with EDNS0 and AD when DNS caching is enabled (#2600).
• Incomplete OpenWRT detection (#2757).
• DHCP lease's expired field incorrect time format (#2692).
• Incomplete DNS upstreams validation (#2674).
• Wrong parsing of DHCP options of the ip type (#2688).

AdGuard Home v0.105.1

Have you ever thought about why traditions are so important?🧙‍♂️ Traditions help us remember that we are part of a history that defines our past, shapes who we are today, and who we are likely to become. This is why we at AdGuard respect our traditions, and the most important one is pushing the inevitable hotfix right after every major update.🔥🔧

Jokes aside, here's the list of things fixed and improved in this hotfix.

Changed

• Increased HTTP API timeouts (#2671, #2682).
• "Permission denied" errors when checking if the machine has a static IP no longer prevent the DHCP server from starting (#2667).
• The server name sent by clients of TLS APIs is not only checked when strict_sni_check is enabled (#2664).
• HTTP API request body size limit for the POST /control/access/set and POST /control/filtering/set_rules HTTP APIs is increased (#2666, #2675).

Fixed

• Error when enabling the DHCP server when AdGuard Home couldn't determine if the machine has a static IP.
• Optical issue on custom rules (#2641).
• Occasional crashes during startup.
• The field "range_start" in the GET /control/dhcp/status HTTP API response is now correctly named again (#2678).
• DHCPv6 server's ra_slaac_only and ra_allow_slaac settings aren't reset to false on update any more (#2653).
• The Vary header is now added along with Access-Control-Allow-Origin to prevent cache-related and other issues in browsers (#2658).
• The request body size limit is now set for HTTPS requests as well.
• Incorrect version tag in the Docker release (#2663).
• DNSCrypt queries weren't marked as such in logs (#2662).

AdGuard Home v0.105.0

We took our sweet time with this update, but you'll most certainly find it to be worth the wait. The changelog contains three absolute 💥bangers and a laundry list of lesser changes.

🕵️‍♂️ Client ID support for DNS-over-HTTPS, DNS-over-QUIC, and DNS-over-TLS (#1387)

This feature would be really useful to those of you who run an encrypted DNS resolver on a public server. In short, you can now identify your devices not just by their IP address (which is, frankly, not too useful in a public server scenario 🤷‍♀️), but by using a special "Client ID".

Here's how it works:

1. First, you add a client and specify an arbitrary string as its "Identifier", for instance, my-iphone.
2. On the client device you can now configure:
   • DNS-over-HTTPS: https://example.org/dns-query/my-iphone
   • DNS-over-TLS: tls://my-iphone.example.org (requires a Wildcard certificate)
   • DNS-over-QUIC: quic://my-iphone.example.org (requires a Wildcard certificate)
3. Queries and stats are now properly attributed to your device.

🔐 AdGuard as a DNSCrypt-resolver (#1361)

DNSCrypt was the very first DNS encryption protocol that got some traction. It may not be as popular as DoH/DoT/DoQ now, but it is still viable. Moreover, performance-wise DNSCrypt is better than any of them. And now that v0.105.0 is out, AdGuard Home can be configured to work as a DNSCrypt resolver!

However, here goes the tricky part. We haven't yet exposed these settings to the Web admin panel so if you want to have DNSCrypt, you'll need to follow this instruction and do it via editing the configuration file (AdGuardHome.yaml). Not that it would scare you off, would it? 🤓

Regarding DNSCrypt clients - AdGuard for Android, Windows and iOS support it, Mac will get its support pretty soon. Besides that, here is a long list of client software that supports it as well.

🆎 $dnsrewrite and $dnstype modifiers (#2102 #2337)

AdGuard Home now supports two more powerful rule modifiers that will help blocklists' maintainers.

• $dnstype lets you narrow down the rule scope and apply it only to queries of a specific type(s). For instance, Apple devices now support HTTPS DNS query type. While being generally a good thing, this new type may sometimes be harmful😲. By using $dnstype you can block it completely using a simple rule like this: $dnstype=HTTPS

• $dnsrewrite is another powerful modifier that allows you to modify DNS responses. Note that this modifier is much more powerful compared to something like a hosts file.

  Here are some examples:

  • ||example.org^$dnsrewrite=SERVFAIL;; - return SERVFAIL for example.org and all it's subdomains
  • |test.example.org^$dnsrewrite=NOERROR;TXT;hello_world - add a TXT record for test.example.org
  • |example.org^$dnsrewrite=example.com - redirect example.org to example.com
  • |example.org^$dnsrewrite=1.1.1.1 - redirect example.org to example.com
  • You can find more examples in the documentation.

Added

• Added more services to the "Blocked services" list (#2224, #2401).
• ipset subdomain matching, just like dnsmasq does (#2179).
• The host checking API and the query logs API can now return multiple matched rules (#2102).
• Detecting of network interface configured to have static IP address via /etc/network/interfaces (#2302).
• A 5 second wait period until a DHCP server's network interface gets an IP address (#2304).
• HTTP API request body size limit (#2305).

Changed

• Access-Control-Allow-Origin is now only set to the same origin as the domain, but with an HTTP scheme as opposed to * (#2484).
• workDir now supports symlinks.
• Stopped mounting together the directories /opt/adguardhome/conf and /opt/adguardhome/work in our Docker images (#2589).
• When dns.bogus_nxdomain option is used, the server will now transform responses if there is at least one bogus address instead of all of them (#2394). The new behavior is the same as in dnsmasq.
• Post-updating relaunch possibility is now determined OS-dependently (#2231, #2391).
• Made the mobileconfig HTTP API more robust and predictable, add parameters and improve error response (#2358).
• Improved HTTP requests handling and timeouts (#2343).
• Our snap package now uses the core20 image as its base (#2306).
• New build system and various internal improvements (#2271, #2276, #2297, #2509, #2552, #2639, #2646).

Deprecated

• Go 1.14 support. v0.106.0 will require at least Go 1.15 to build.
• The darwin/386 port. It will be removed in v0.106.0.
• The "rule" and "filter_id" fields in GET /filtering/check_host and
  GET /querylog responses. They will be removed in v0.106.0 (#2102).

Fixed

• Autoupdate bug in the Darwin (macOS) version (#2630).
• Unnecessary conversions from string to net.IP, and vice versa (#2508).
• Inability to set DNS cache TTL limits (#2459).
• Possible freezes on slower machines (#2225).
• A mitigation against records being shown in the wrong order on the query log page (#2293).
• A JSON parsing error in query log (#2345).
• Incorrect detection of the IPv6 address of an interface as well as another infinite loop in the /dhcp/find_active_dhcp HTTP API (#2355).

Removed

• The undocumented ability to use hostnames as any of bind_host values in the configuration. Documentation requires them to be valid IP addresses, and now the implementation makes sure that that is the case (#2508).
• Dockerfile (#2276). Replaced with the script scripts/make/build-docker.sh which uses scripts/make/Dockerfile.
• Support for pre-v0.99.3 format of query logs (#2102).

AdGuard Home v0.105.0-beta.4

Added

• Added more services to the "Blocked services" list (#2224, #2401).
• ipset subdomain matching, just like dnsmasq does (#2179).
• Client ID support for DNS-over-HTTPS, DNS-over-QUIC, and DNS-over-TLS (#1383).
• $dnsrewrite modifier for filters (#2102).
• The host checking API and the query logs API can now return multiple matched rules (#2102).
• Detecting of network interface configured to have static IP address via /etc/network/interfaces (#2302).
• DNSCrypt protocol support (#1361).
• A 5 second wait period until a DHCP server's network interface gets an IP address (#2304).
• $dnstype modifier for filters (#2337).
• HTTP API request body size limit (#2305).

Changed

• Access-Control-Allow-Origin is now only set to the same origin as the domain, but with an HTTP scheme as opposed to * (#2484).
• workDir now supports symlinks.
• Stopped mounting together the directories /opt/adguardhome/conf and /opt/adguardhome/work in our Docker images (#2589).
• When dns.bogus_nxdomain option is used, the server will now transform responses if there is at least one bogus address instead of all of them (#2394). The new behavior is the same as in dnsmasq.
• Post-updating relaunch possibility is now determined OS-dependently (#2231, #2391).
• Made the mobileconfig HTTP API more robust and predictable, add parameters and improve error response (#2358).
• Improved HTTP requests handling and timeouts (#2343).
• Our snap package now uses the core20 image as its base (#2306).
• New build system and various internal improvements (#2271, #2276, #2297, #2509, #2552).

Deprecated

• Go 1.14 support. v0.106.0 will require at least Go 1.15 to build.
• The darwin/386 port. It will be removed in v0.106.0.
• The "rule" and "filter_id" fields in GET /filtering/check_host and
  GET /querylog responses. They will be removed in v0.106.0 (#2102).

Fixed

• Autoupdate bug in the Darwin (macOS) version (#2630).
• Unnecessary conversions from string to net.IP, and vice versa (#2508).
• Inability to set DNS cache TTL limits (#2459).
• Possible freezes on slower machines (#2225).
• A mitigation against records being shown in the wrong order on the query log page (#2293).
• A JSON parsing error in query log (#2345).
• Incorrect detection of the IPv6 address of an interface as well as another infinite loop in the /dhcp/find_active_dhcp HTTP API (#2355).

Removed

• The undocumented ability to use hostnames as any of bind_host values in configuration. Documentation requires them to be valid IP addresses, and now the implementation makes sure that that is the case (#2508).
• Dockerfile (#2276). Replaced with the script scripts/make/build-docker.sh which uses scripts/make/Dockerfile.
• Support for pre-v0.99.3 format of query logs (#2102).

AdGuard Home v0.105.0-beta.3

Added

• ipset subdomain matching, just like dnsmasq does (#2179).
• Client ID support for DNS-over-HTTPS, DNS-over-QUIC, and DNS-over-TLS (#1383).
• $dnsrewrite modifier for filters (#2102).
• The host checking API and the query logs API can now return multiple matched rules (#2102).
• Detecting of network interface configured to have static IP address via /etc/network/interfaces (#2302).
• DNSCrypt protocol support (#1361).
• A 5 second wait period until a DHCP server's network interface gets an IP address (#2304).
• $dnstype modifier for filters (#2337).
• HTTP API request body size limit (#2305).

Changed

• workDir now supports symlinks.
• Stopped mounting together the directories /opt/adguardhome/conf and /opt/adguardhome/work in our Docker images (#2589).
• When dns.bogus_nxdomain option is used, the server will now transform responses if there is at least one bogus address instead of all of them (#2394). The new behavior is the same as in dnsmasq.
• Post-updating relaunch possibility is now determined OS-dependently (#2231, #2391).
• Made the mobileconfig HTTP API more robust and predictable, add parameters and improve error response (#2358).
• Improved HTTP requests handling and timeouts (#2343).
• Our snap package now uses the core20 image as its base (#2306).
• New build system and various internal improvements (#2271, #2276, #2297, #2509, #2552).

Deprecated

• Go 1.14 support. v0.106.0 will require at least Go 1.15 to build.
• The darwin/386 port. It will be removed in v0.106.0.
• The "rule" and "filter_id" fields in GET /filtering/check_host and GET /querylog responses. They will be removed in v0.106.0 (#2102).

Fixed

• Unnecessary conversions from string to net.IP, and vice versa (#2508).
• Inability to set DNS cache TTL limits (#2459).
• Possible freezes on slower machines (#2225).
• A mitigation against records being shown in the wrong order on the query log page (#2293).
• A JSON parsing error in query log (#2345).
• Incorrect detection of the IPv6 address of an interface as well as another infinite loop in the /dhcp/find_active_dhcp HTTP API (#2355).

Removed

• The undocumented ability to use hostnames as any of bind_host values in configuration. Documentation requires them to be valid IP addresses, and now the implementation makes sure that that is the case (#2508).
• Dockerfile (#2276). Replaced with the script scripts/make/build-docker.sh which uses scripts/make/Dockerfile.
• Support for pre-v0.99.3 format of query logs (#2102).

AdGuard Home v0.105.0-beta.2

Added

• $dnsrewrite modifier for filters (#2102).
• The host checking API and the query logs API can now return multiple matched rules (#2102).
• Detecting of network interface configured to have static IP address via /etc/network/interfaces (#2302).
• DNSCrypt protocol support (#1361).
• A 5 second wait period until a DHCP server's network interface gets an IP address (#2304).
• $dnstype modifier for filters (#2337).
• HTTP API request body size limit (#2305).

Changed

• When dns.bogus_nxdomain option is used, the server will now transform responses if there is at least one bogus address instead of all of them (#2394). The new behavior is the same as in dnsmasq.
• Post-updating relaunch possibility is now determined OS-dependently (#2231, #2391).
• Made the mobileconfig HTTP API more robust and predictable, add parameters and improve error response (#2358).
• Improved HTTP requests handling and timeouts (#2343).
• Our snap package now uses the core20 image as its base (#2306).
• Various internal improvements (#2267, #2271, #2297).

Fixed

• Inability to set DNS cache TTL limits (#2459).
• Possible freezes on slower machines (#2225).
• A mitigation against records being shown in the wrong order on the query log page (#2293).
• A JSON parsing error in query log (#2345).
• Incorrect detection of the IPv6 address of an interface as well as another infinite loop in the /dhcp/find_active_dhcp HTTP API (#2355).

AdGuard Home v0.105.0-beta.1

Added

• Detecting of network interface configurated to have static IP address via /etc/network/interfaces (#2302).
• DNSCrypt protocol support (#1361).
• A 5 second wait period until a DHCP server's network interface gets an IP address (#2304).
• $dnstype modifier for filters (#2337).
• HTTP API request body size limit (#2305).

Changed

• Post-updating relaunch possibility is now determined OS-dependently (#2231, #2391).
• Made the mobileconfig HTTP API more robust and predictable, add parameters and improve error response (#2358).
• Improved HTTP requests handling and timeouts (#2343).
• Our snap package now uses the core20 image as its base (#2306).
• Various internal improvements (#2267, #2271, #2297).

Fixed

• A mitigation against records being shown in the wrong order on the query log page (#2293).
• A JSON parsing error in query log (#2345).
• Incorrect detection of the IPv6 address of an interface as well as another infinite loop in the /dhcp/find_active_dhcp HTTP API (#2355).

AdGuard Home v0.104.3

Bugfixes... 😌 There's something about them that we just can't resist. We always want more! 🧟

When there's nothing more to fix, we just roll out a new major update, introduce some fresh bugs and start all over. It's a circle of life ☯️

Luckily, there are still some to prey upon in v0.104. Have a look at what we've fixed this time:

Fixed

• Don't expose the profiler HTTP API (#2336).
• Load query logs from files after loading the ones buffered in memory (#2325).
• Don't show Unnecessary errors in logs when switching between query log files (#2324).
• Don't show 404 Not Found errors on the DHCP settings page on Windows. Show that DHCP is not currently available on that OS instead (#2295).
• Fix an infinite loop in the /dhcp/find_active_dhcp HTTP API method (#2301).
• Various internal improvements.