version 0.105.2 from March 15, 2021
There are big flashy updates, and there are seemingly unassuming ones, which constitute, however, the backbone of any successful project. This is the latter, as you may have guessed. You'll find here a heap of bugfixes and a security update for CVE-2021-27935.
Session token doesn't contain user's information anymore (#2470).
Incomplete hostnames with trailing zero-bytes handling (#2582).
Wrong DNS-over-TLS ALPN configuration (#2681).
Inconsistent responses for messages with EDNS0 and AD when DNS caching is enabled (#2600).
Incomplete OpenWrt detection (#2757).
expiredfield incorrect time format (#2692).
Incomplete DNS upstreams validation (#2674).
Wrong parsing of DHCP options of the
version v0.105.1 from February 16, 2021
Have you ever thought about why traditions are so important?🧙♂️ Traditions help us remember that we are part of a history that defines our past, shapes who we are today, and who we are likely to become. This is why we at AdGuard respect our traditions, and the most important one is pushing the inevitable hotfix right after every major update.🔥🔧
Jokes aside, here's the list of things fixed and improved in this hotfix.
"Permission denied" errors when checking if the machine has a static IP no longer prevent the DHCP server from starting (#2667).
The server name sent by clients of TLS APIs is not only checked when
strict_sni_checkis enabled (#2664).
Error when enabling the DHCP server when AdGuard Home couldn't determine if the machine has a static IP.
Optical issue on custom rules (#2641).
Occasional crashes during startup.
GET /control/dhcp/statusHTTP API response is now correctly named again (#2678).
ra_allow_slaacsettings aren't reset to
falseon update any more (#2653).
Varyheader is now added along with
Access-Control-Allow-Originto prevent cache-related and other issues in browsers (#2658).
The request body size limit is now set for HTTPS requests as well.
Incorrect version tag in the Docker release (#2663).
DNSCrypt queries weren't marked as such in logs (#2662).
version 0.105.0 from February 12, 2021
We took our sweet time with this update, but you'll most certainly find it to be worth the wait. The changelog contains three absolute 💥bangers and a laundry list of lesser changes.
🕵️♂️ Client ID support for DNS-over-HTTPS, DNS-over-QUIC, and DNS-over-TLS #1387
This feature would be really useful to those of you who run an encrypted DNS resolver on a public server. In short, you can now identify your devices not just by their IP address (which is, frankly, not too useful in a public server scenario 🤷♀️), but by using a special "Client ID".
Here's how it works:
First, you add a client and specify an arbitrary string as its "Identifier", for instance,
On the client device you can now configure:
Queries and stats are now properly attributed to your device.
🔐 AdGuard as a DNSCrypt-resolver #1361
DNSCrypt was the very first DNS encryption protocol that got some traction. It may not be as popular as DoH/DoT/DoQ now, but it is still viable. Moreover, performance-wise DNSCrypt is better than any of them. And now that v0.105.0 is out, AdGuard Home can be configured to work as a DNSCrypt resolver!
However, here goes the tricky part. We haven't yet exposed these settings to the Web admin panel so if you want to have DNSCrypt, you'll need to follow this instruction and do it via editing the configuration file (
AdGuardHome.yaml). Not that it would scare you off, would it? 🤓
Regarding DNSCrypt clients - AdGuard for Android, Windows and iOS support it, Mac will get its support pretty soon. Besides that, here is a long list of client software that supports it as well.
AdGuard Home now supports two more powerful rule modifiers that will help blocklists' maintainers.
$dnstypelets you narrow down the rule scope and apply it only to queries of a specific type(s). For instance, Apple devices now support
HTTPSDNS query type. While being generally a good thing, this new type may sometimes be harmful😲. By using
$dnstypeyou can block it completely using a simple rule like this:
$dnsrewriteis another powerful modifier that allows you to modify DNS responses. Note that this modifier is much more powerful compared to something like a hosts file.
Here are some examples:
example.organd all it's subdomains
|test.example.org^$dnsrewrite=NOERROR;TXT;hello_world- add a
You can find more examples in the documentation.
ipsetsubdomain matching, just like
The host checking API and the query logs API can now return multiple matched rules #2102
Detecting of network interface configured to have static IP address via
A 5 second wait period until a DHCP server's network interface gets an IP address #2304
HTTP API request body size limit #2305
Access-Control-Allow-Originis now only set to the same origin as the domain, but with an HTTP scheme as opposed to
workDirnow supports symlinks.
Stopped mounting together the directories
/opt/adguardhome/workin our Docker images #2589
dns.bogus_nxdomainoption is used, the server will now transform responses if there is at least one bogus address instead of all of them #2394. The new behavior is the same as in
Made the mobileconfig HTTP API more robust and predictable, add parameters and improve error response #2358
Improved HTTP requests handling and timeouts #2343
Our snap package now uses the
core20image as its base #2306
Go 1.14 support. v0.106.0 will require at least Go 1.15 to build.
darwin/386port. It will be removed in v0.106.0.
GET /querylogresponses. They will be removed in v0.106.0 #2102
Autoupdate bug in the Darwin (macOS) version #2630
Unnecessary conversions from
net.IP, and vice versa #2508
Inability to set DNS cache TTL limits #2459
Possible freezes on slower machines #2225
A mitigation against records being shown in the wrong order on the query log page #2293
A JSON parsing error in query log #2345
Incorrect detection of the IPv6 address of an interface as well as another infinite loop in the
/dhcp/find_active_dhcpHTTP API #2355
The undocumented ability to use hostnames as any of
bind_hostvalues in the configuration. Documentation requires them to be valid IP addresses, and now the implementation makes sure that that is the case #2508
Dockerfile#2276. Replaced with the script
Support for pre-v0.99.3 format of query logs #2102
version 0.104.3 from February 12, 2021
Bugfixes... 😌 There's something about them that we just can't resist. We always want more! 🧟
When there's nothing more to fix, we just roll out a new major update, introduce some fresh bugs and start all over. It's a circle of life ☯️
Luckily, there are still some to prey upon in v0.104. Have a look at what we've fixed this time:
Don't expose the profiler HTTP API #2336
Load query logs from files after loading the ones buffered in memory #2325
Don't show Unnecessary errors in logs when switching between query log files #2324
404 Not Founderrors on the DHCP settings page on Windows. Show that DHCP is not currently available on that OS instead #2295
Fix an infinite loop in the
/dhcp/find_active_dhcpHTTP API method #2301
Various internal improvements
version 0.104.1 from February 12, 2021
Those who pay close attention to AdGuard Home releases know that we keep hotfixes close to our hearts 🔥♥️ This time we held for as long as we could, but ultimately gave in to the urge 😔
Here's a patch to v0.104 with some fixes and minor improvements.
permission deniederror when launching a DHCP server on Linux using Snap #2228. Users experiencing this issue should refresh their snap and call:
snap connect adguard-home:network-control
This won't be required in the future versions.
Use matching fonts in the Custom Filters textarea #2254
Show the correct query type for DNS-over-QUIC queries in query log #2241
Increase the default number of simultaneous requests to improve performance #2257
Always set a secondary DNS in DHCP #1708
Improve stability on DNS proxy restart #2242
Improve logging on DNS proxy restart #2252
Don't show a “Loading” message and don't rerequest logs once we've reached the end of logs on the query log page #2229
Various internal improvements.
version 0.104.0 from February 12, 2021
We have something special for y'all today. Not just an implementation of a new feature but the first ever implementation of a new feature! 😮 This is about DNS-over-QUIC, a new DNS encryption protocol — read on to learn more.
Ah, yes, there's also a bunch of other good stuff, too: DHCP-related changes, a .mobileconfig generator for iOS and macOS, and a handful of other enhancements and bugfixes.
DNS-over-QUIC support #2049
AdGuard Home now natively supports a new DNS encryption protocol called DNS-over-QUIC. DoQ standard is currently in the draft state, and AdGuard Home (and dnsproxy) is it's first open-source implementation.🥇
So what's good about it? 🤔 Unlike DoH and DoT, it uses QUIC as a transport protocol and finally brings DNS back to its roots — working over UDP. It brings all the good things that QUIC has to offer — out-of-the-box encryption, reduced connection times, better performance when data packets are lost. Also, QUIC is supposed to be a transport-level protocol and there are no risks of metadata leaks that could happen with DoH. 🔒
At this moment, the only major public DNS resolver that provides DNS-over-QUIC is AdGuard DNS. 😎 Use
quic://dns-unfiltered.adguard.comin the upstreams settings to start using AdGuard DNS "Non-Filtering".
DHCP rework: DHCP6 support, custom DHCP options
We did a huge rework of our DHCP server implementation. Thanks to it, AdGuard Home now supports DHCP6 and allows setting custom DHCP options.
Please note that in order to set DHCP options, you'll need to edit the configuration file.
Add support for DHCPv6: #779
DHCPv6 RA+SLAAC: #2076
DHCP: automatic hostnames: #1956
Add DHCP Options: #1585
iOS and MacOS .mobileconfig generator: #2110
iOS 14 and macOS Big Sur natively support DNS-over-HTTPS and DNS-over-TLS. However, it's not that simple to configure them — you need to install a special "configuration profile" for that. 🤯 In order to make things easier, AdGuard Home can generate these configuration profiles for you. Just head to "Setup Guide" -> "DNS Privacy" and scroll to iOS.
AdGuard Home binaries are now signed with our GPG key and you can now easily verify that they really come from us: https://github.com/AdguardTeam/AdGuardHome/wiki/Verify-Releases
Allow entering comments to the Upstreams box: #2083
Load upstreams list from a file: #1680
Add ARMv8 to future releases, potentially append a v8 binary to the most recent non-beta release: #2125
Redesign query logs block/unblock buttons: #2050
Treat entries starting with "/" as "://" under specific circumstances: #1950
Use "Null IP" instead of NXDOMAIN by default: #1914
Bootstrap with TCP upstreams: #1843
Add block and unblock buttons to 'check the filtering' result: #1734
ipset feature support: #1191
Add Belarusian and Chinese Traditional HK languages: #2106
Add new language: en-silk: #1796
Use DOH or DOT as bootstrap: #960
Reverse lookups return empty answers for hosts from /etc/hosts: #2085
Static lease hostnames are overridden by client-identifier: #2040
Query log doesn't display name for blocked services: #2038
Custom filter editor works with delay: #1657
Incorrect link address: #2209
Smartphone compatible design for user interface: #2152
Misleading information during service installation: #2128
Remove the limit on cache-min-ttl, 3600: #2094
Cannot change minimum TTL override in UI: #2091
Optical Issue on mobile phone: #2090
Setting a large DNS Cache Size in the Web GUI will exceed the unit32 range.: #2056
Clients requests aren't counted properly: #2037
Sorting various IP Address Columns in the UI (eg in dhcp static leases) does not sort correctly. They are treated as strings instead of numeric.: #1877
Requests count for clients with CIDR IP addresses: #1824