Merge remote-tracking branch 'origin/master' into 2499-rewrites-3

2024-11-22 04:55:33 +03:00 · 2022-12-12 12:27:15 +07:00 · 2022-12-12 12:27:15 +07:00 · 2d29455d7f
commit 2d29455d7f
parent 55a0dec144 8d453e75a4
44 changed files with 389 additions and 107 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -1,7 +1,7 @@
 'name': 'build'

 'env':
-  'GO_VERSION': '1.18.8'
+  'GO_VERSION': '1.18.9'
  'NODE_VERSION': '14'

 'on':
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -1,7 +1,7 @@
 'name': 'lint'

 'env':
-  'GO_VERSION': '1.18.8'
+  'GO_VERSION': '1.18.9'

 'on':
  'push':
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -18,12 +18,35 @@ and this project adheres to


 <!--
-## [v0.107.20] - 2022-12-07 (APPROX.)
+## [v0.107.21] - 2122-12-28 (APPROX.)
+
+See also the [v0.107.21 GitHub milestone][ms-v0.107.21].
+
+[ms-v0.107.21]: https://github.com/AdguardTeam/AdGuardHome/milestone/57?closed=1
+-->
+
+### Changed
+
+- The URLs of the default filters for new installations are synchrhonized to
+  those introduced in v0.107.20 ([#5238]).
+
+  **NOTE:** Some users may need to re-add the lists from the vetted filter lists
+  to update the URLs to the new ones.  Custom filters added by users themselves
+  do not require re-adding.
+
+[#5238]: https://github.com/AdguardTeam/AdGuardHome/issues/5238
+
+
+
+## [v0.107.20] - 2022-12-07

 See also the [v0.107.20 GitHub milestone][ms-v0.107.20].

-[ms-v0.107.20]: https://github.com/AdguardTeam/AdGuardHome/milestone/56?closed=1
-->
+### Security
+
+- Go version has been updated to prevent the possibility of exploiting the
+  CVE-2022-41717 and CVE-2022-41720 Go vulnerabilities fixed in [Go
+  1.18.9][go-1.18.9].

 ### Added

@ -36,14 +59,21 @@ See also the [v0.107.20 GitHub milestone][ms-v0.107.20].

 ### Fixed

+- Wrong validation error messages on the DHCP configuration page ([#5208]).
+- Slow upstream checks making the API unresponsive ([#5193]).
 - The TLS initialization errors preventing AdGuard Home from starting ([#5189]).
  Instead, AdGuard Home disables encryption and shows an error message on the
  encryption settings page in the UI, which was the intended previous behavior.
- URLs of some vetter blocklists.
+- URLs of some vetted blocklists.

 [#4944]: https://github.com/AdguardTeam/AdGuardHome/issues/4944
 [#5189]: https://github.com/AdguardTeam/AdGuardHome/issues/5189
 [#5190]: https://github.com/AdguardTeam/AdGuardHome/issues/5190
+[#5193]: https://github.com/AdguardTeam/AdGuardHome/issues/5193
+[#5208]: https://github.com/AdguardTeam/AdGuardHome/issues/5208
+
+[go-1.18.9]:    https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU
+[ms-v0.107.20]: https://github.com/AdguardTeam/AdGuardHome/milestone/56?closed=1



@ -1463,11 +1493,12 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].


 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.20...HEAD
-[v0.107.20]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.19...v0.107.20
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.21...HEAD
+[v0.107.21]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.20...v0.107.21
 -->

-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.19...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.20...HEAD
+[v0.107.20]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.19...v0.107.20
 [v0.107.19]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.18...v0.107.19
 [v0.107.18]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.17...v0.107.18
 [v0.107.17]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.16...v0.107.17
--- a/bamboo-specs/release.yaml
+++ b/bamboo-specs/release.yaml
@ -7,7 +7,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
  'channel': 'edge'
-  'dockerGo': 'adguard/golang-ubuntu:5.3'
+  'dockerGo': 'adguard/golang-ubuntu:5.4'

 'stages':
 - 'Build frontend':
@ -322,7 +322,7 @@
    # need to build a few of these.
    'variables':
      'channel': 'beta'
-      'dockerGo': 'adguard/golang-ubuntu:5.3'
+      'dockerGo': 'adguard/golang-ubuntu:5.4'
 # release-vX.Y.Z branches are the branches from which the actual final release
 # is built.
 - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
@ -337,4 +337,4 @@
    # are the ones that actually get released.
    'variables':
      'channel': 'release'
-      'dockerGo': 'adguard/golang-ubuntu:5.3'
+      'dockerGo': 'adguard/golang-ubuntu:5.4'
--- a/bamboo-specs/test.yaml
+++ b/bamboo-specs/test.yaml
@ -5,7 +5,7 @@
  'key': 'AHBRTSPECS'
  'name': 'AdGuard Home - Build and run tests'
 'variables':
-  'dockerGo': 'adguard/golang-ubuntu:5.3'
+  'dockerGo': 'adguard/golang-ubuntu:5.4'

 'stages':
 - 'Tests':
--- a/client/src/__locales/be.json
+++ b/client/src/__locales/be.json
@ -393,7 +393,7 @@
    "encryption_issuer": "Выдавец",
    "encryption_hostnames": "Імёны хастоў",
    "encryption_reset": "Вы ўпэўнены, што хочаце скінуць налады шыфравання?",
-    "encryption_warning": "Увага",
+    "encryption_warning": "Папярэджанне",
    "topline_expiring_certificate": "Ваш SSL-сертыфікат хутка мінае. Абновіце <0>Налады шыфравання</0>.",
    "topline_expired_certificate": "Ваш SSL-сертыфікат мінуў. Абновіце <0>Налады шыфравання</0>.",
    "form_error_port_range": "Увядзіце нумар порта з інтэрвалу 80-65535",
@ -638,5 +638,8 @@
    "safe_browsing": "Бяспечны інтэрнэт",
    "served_from_cache": "{{value}} <i>(атрымана з кэша)</i>",
    "form_error_password_length": "Пароль павінен быць не менш за {{value}} сімвалаў",
-    "anonymizer_notification": "<0>Заўвага:</0> Ананімізацыя IP уключана. Вы можаце адключыць яго ў <1>Агульных наладах</1> ."
+    "anonymizer_notification": "<0>Заўвага:</0> Ананімізацыя IP уключана. Вы можаце адключыць яго ў <1>Агульных наладах</1> .",
+    "confirm_dns_cache_clear": "Вы ўпэўнены, што хочаце ачысціць кэш DNS?",
+    "cache_cleared": "Кэш DNS паспяхова ачышчаны",
+    "clear_cache": "Ачысціць кэш"
 }
--- a/client/src/__locales/cs.json
+++ b/client/src/__locales/cs.json
@ -638,5 +638,8 @@
    "safe_browsing": "Bezpečné prohlížení",
    "served_from_cache": "{{value}} <i>(převzato z mezipaměti)</i>",
    "form_error_password_length": "Heslo musí být alespoň {{value}} znaků dlouhé",
-    "anonymizer_notification": "<0>Poznámka:</0> Anonymizace IP je zapnuta. Můžete ji vypnout v <1>Obecných nastaveních</1>."
+    "anonymizer_notification": "<0>Poznámka:</0> Anonymizace IP je zapnuta. Můžete ji vypnout v <1>Obecných nastaveních</1>.",
+    "confirm_dns_cache_clear": "Opravdu chcete vymazat mezipaměť DNS?",
+    "cache_cleared": "Mezipaměť DNS úspěšně vymazána",
+    "clear_cache": "Vymazat mezipaměť"
 }
--- a/client/src/__locales/da.json
+++ b/client/src/__locales/da.json
@ -638,5 +638,8 @@
    "safe_browsing": "Sikker Browsing",
    "served_from_cache": "{{value}} <i>(leveret fra cache)</i>",
    "form_error_password_length": "Adgangskoden skal udgøre mindst {{value}} tegn.",
-    "anonymizer_notification": "<0>Bemærk:</0> IP-anonymisering er aktiveret. Det kan deaktiveres via <1>Generelle indstillinger</1>."
+    "anonymizer_notification": "<0>Bemærk:</0> IP-anonymisering er aktiveret. Det kan deaktiveres via <1>Generelle indstillinger</1>.",
+    "confirm_dns_cache_clear": "Sikker på, at DNS-cache skal ryddes?",
+    "cache_cleared": "DNS-cache hermed ryddet",
+    "clear_cache": "Ryd cache"
 }
--- a/client/src/__locales/de.json
+++ b/client/src/__locales/de.json
@ -638,5 +638,8 @@
    "safe_browsing": "Internetsicherheit",
    "served_from_cache": "{{value}} <i>(aus dem Cache abgerufen)</i>",
    "form_error_password_length": "Das Passwort muss mindestens {{value}} Zeichen enthalten",
-    "anonymizer_notification": "<0>Hinweis:</0> Die IP-Anonymisierung ist aktiviert. Sie können sie in den <1>Allgemeinen Einstellungen</1> deaktivieren."
+    "anonymizer_notification": "<0>Hinweis:</0> Die IP-Anonymisierung ist aktiviert. Sie können sie in den <1>Allgemeinen Einstellungen</1> deaktivieren.",
+    "confirm_dns_cache_clear": "Möchten Sie den DNS-Cache wirklich leeren?",
+    "cache_cleared": "DNS-Cache erfolgreich geleert",
+    "clear_cache": "Cache leeren"
 }
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@ -37,8 +37,6 @@
    "dhcp_ipv6_settings": "DHCP IPv6 Settings",
    "form_error_required": "Required field",
    "form_error_ip4_format": "Invalid IPv4 address",
-    "form_error_ip4_range_start_format": "Invalid IPv4 address of the range start",
-    "form_error_ip4_range_end_format": "Invalid IPv4 address of the range end",
    "form_error_ip4_gateway_format": "Invalid IPv4 address of the gateway",
    "form_error_ip6_format": "Invalid IPv6 address",
    "form_error_ip_format": "Invalid IP address",
@ -51,9 +49,8 @@
    "out_of_range_error": "Must be out of range \"{{start}}\"-\"{{end}}\"",
    "lower_range_start_error": "Must be lower than range start",
    "greater_range_start_error": "Must be greater than range start",
-    "greater_range_end_error": "Must be greater than range end",
    "subnet_error": "Addresses must be in one subnet",
-    "gateway_or_subnet_invalid": "Subnet mask invalid",
+    "gateway_or_subnet_invalid": "Invalid subnet mask",
    "dhcp_form_gateway_input": "Gateway IP",
    "dhcp_form_subnet_input": "Subnet mask",
    "dhcp_form_range_title": "Range of IP addresses",
--- a/client/src/__locales/es.json
+++ b/client/src/__locales/es.json
@ -638,5 +638,8 @@
    "safe_browsing": "Navegación segura",
    "served_from_cache": "{{value}} <i>(servido desde la caché)</i>",
    "form_error_password_length": "La contraseña debe tener al menos {{value}} caracteres",
-    "anonymizer_notification": "<0>Nota:</0> La anonimización de IP está habilitada. Puedes deshabilitarla en <1>Configuración general</1>."
+    "anonymizer_notification": "<0>Nota:</0> La anonimización de IP está habilitada. Puedes deshabilitarla en <1>Configuración general</1>.",
+    "confirm_dns_cache_clear": "¿Estás seguro de que deseas borrar la caché de DNS?",
+    "cache_cleared": "Caché DNS borrado con éxito",
+    "clear_cache": "Borrar caché"
 }
--- a/client/src/__locales/fi.json
+++ b/client/src/__locales/fi.json
@ -638,5 +638,8 @@
    "safe_browsing": "Turvallinen selaus",
    "served_from_cache": "{{value}} <i>(jaettu välimuistista)</i>",
    "form_error_password_length": "Salasanan on oltava ainakin {{value}} merkkiä",
-    "anonymizer_notification": "<0>Huomioi:</0> IP-osoitteen anonymisointi on käytössä. Voit poistaa sen käytöstä <1>Yleisistä asetuksista</1>."
+    "anonymizer_notification": "<0>Huomioi:</0> IP-osoitteen anonymisointi on käytössä. Voit poistaa sen käytöstä <1>Yleisistä asetuksista</1>.",
+    "confirm_dns_cache_clear": "Haluatko varmasti tyhjentää DNS-välimuistin?",
+    "cache_cleared": "DNS-välimuistin tyhjennys onnistui",
+    "clear_cache": "Tyhjennä välimuisti"
 }
--- a/client/src/__locales/fr.json
+++ b/client/src/__locales/fr.json
@ -638,5 +638,8 @@
    "safe_browsing": "Navigation sécurisée",
    "served_from_cache": "{{value}} <i>(depuis le cache)</i>",
    "form_error_password_length": "Le mot de passe doit comporter au moins {{value}} caractères",
-    "anonymizer_notification": "<0>Note :</0> L'anonymisation IP est activée. Vous pouvez la désactiver dans les <1>paramètres généraux</1>."
+    "anonymizer_notification": "<0>Note :</0> L'anonymisation IP est activée. Vous pouvez la désactiver dans les <1>paramètres généraux</1>.",
+    "confirm_dns_cache_clear": "Voulez-vous vraiment vider le cache DNS ?",
+    "cache_cleared": "Le cache DNS a été vidé",
+    "clear_cache": "Vider le cache"
 }
--- a/client/src/__locales/hr.json
+++ b/client/src/__locales/hr.json
@ -638,5 +638,8 @@
    "safe_browsing": "Sigurno surfanje",
    "served_from_cache": "{{value}} <i>(dohvaćeno iz predmemorije)</i>",
    "form_error_password_length": "Lozinka mora imati najmanje {{value}} znakova",
-    "anonymizer_notification": "<0>Napomena:</0>IP anonimizacija je omogućena. Možete ju onemogućiti u <1>općim postavkama</1>."
+    "anonymizer_notification": "<0>Napomena:</0>IP anonimizacija je omogućena. Možete ju onemogućiti u <1>općim postavkama</1>.",
+    "confirm_dns_cache_clear": "Jeste li sigurni da želite očistiti DNS predmemoriju?",
+    "cache_cleared": "DNS predmemorija je uspješno izbrisana",
+    "clear_cache": "Očisti predmemoriju"
 }
--- a/client/src/__locales/hu.json
+++ b/client/src/__locales/hu.json
@ -638,5 +638,8 @@
    "safe_browsing": "Biztonságos böngészés",
    "served_from_cache": "{{value}} <i>(gyorsítótárból kiszolgálva)</i>",
    "form_error_password_length": "A jelszó legalább {{value}} karakter hosszú kell, hogy legyen",
-    "anonymizer_notification": "<0>Megjegyzés:</0> Az IP anonimizálás engedélyezve van. Az <1>Általános beállításoknál letilthatja</1> ."
+    "anonymizer_notification": "<0>Megjegyzés:</0> Az IP anonimizálás engedélyezve van. Az <1>Általános beállításoknál letilthatja</1> .",
+    "confirm_dns_cache_clear": "Biztos benne, hogy törölni szeretné a DNS-gyorsítótárat?",
+    "cache_cleared": "A DNS gyorsítótár sikeresen törlődött",
+    "clear_cache": "Gyorsítótár törlése"
 }
--- a/client/src/__locales/id.json
+++ b/client/src/__locales/id.json
@ -638,5 +638,8 @@
    "safe_browsing": "Penjelajahan Aman",
    "served_from_cache": "{{value}} <i>(disajikan dari cache)</i>",
    "form_error_password_length": "Kata sandi harus minimal {{value}} karakter",
-    "anonymizer_notification": "<0>Catatan:</0> Anonimisasi IP diaktifkan. Anda dapat menonaktifkannya di <1>Pengaturan umum</1> ."
+    "anonymizer_notification": "<0>Catatan:</0> Anonimisasi IP diaktifkan. Anda dapat menonaktifkannya di <1>Pengaturan umum</1> .",
+    "confirm_dns_cache_clear": "Apakah Anda yakin ingin menghapus cache DNS?",
+    "cache_cleared": "Cache DNS berhasil dibersihkan",
+    "clear_cache": "Hapus cache"
 }
--- a/client/src/__locales/it.json
+++ b/client/src/__locales/it.json
@ -638,5 +638,8 @@
    "safe_browsing": "Navigazione Sicura",
    "served_from_cache": "{{value}} <i>(fornito dalla cache)</i>",
    "form_error_password_length": "La password deve contenere almeno {{value}} caratteri",
-    "anonymizer_notification": "<0>Attenzione:</0> L'anonimizzazione dell'IP è abilitata. Puoi disabilitarla in <1>Impostazioni generali</1>."
+    "anonymizer_notification": "<0>Attenzione:</0> L'anonimizzazione dell'IP è abilitata. Puoi disabilitarla in <1>Impostazioni generali</1>.",
+    "confirm_dns_cache_clear": "Sei sicuro di voler cancellare la cache DNS?",
+    "cache_cleared": "Cache DNS è stata cancellata correttamente",
+    "clear_cache": "Cancella cache"
 }
--- a/client/src/__locales/ja.json
+++ b/client/src/__locales/ja.json
@ -638,5 +638,8 @@
    "safe_browsing": "セーフブラウジング",
    "served_from_cache": "{{value}} <i>(キャッシュから応答)</i>",
    "form_error_password_length": "パスワードは{{value}}文字以上にしてください",
-    "anonymizer_notification": "【<0>注意</0>】IPの匿名化が有効になっています。 <1>一般設定</1>で無効にできます。"
+    "anonymizer_notification": "【<0>注意</0>】IPの匿名化が有効になっています。 <1>一般設定</1>で無効にできます。",
+    "confirm_dns_cache_clear": "DNS キャッシュをクリアしてもよろしいですか？",
+    "cache_cleared": "DNSキャッシュのクリア完了です。",
+    "clear_cache": "キャッシュをクリアする"
 }
--- a/client/src/__locales/ko.json
+++ b/client/src/__locales/ko.json
@ -638,5 +638,8 @@
    "safe_browsing": "세이프 브라우징",
    "served_from_cache": "{{value}} <i>(캐시에서 제공)</i>",
    "form_error_password_length": "비밀번호는 {{value}}자 이상이어야 합니다",
-    "anonymizer_notification": "<0>참고:</0> IP 익명화가 활성화되었습니다. <1>일반 설정</1>에서 비활성화할 수 있습니다."
+    "anonymizer_notification": "<0>참고:</0> IP 익명화가 활성화되었습니다. <1>일반 설정</1>에서 비활성화할 수 있습니다.",
+    "confirm_dns_cache_clear": "정말로 DNS 캐시를 지우시겠습니까?",
+    "cache_cleared": "DNS 캐시를 성공적으로 지웠습니다",
+    "clear_cache": "캐시 지우기"
 }
--- a/client/src/__locales/nl.json
+++ b/client/src/__locales/nl.json
@ -638,5 +638,8 @@
    "safe_browsing": "Veilig browsen",
    "served_from_cache": "{{value}} <i>(geleverd vanuit cache)</i>",
    "form_error_password_length": "Wachtwoord moet minimaal {{value}} tekens lang zijn",
-    "anonymizer_notification": "<0>Opmerking:</0> IP-anonimisering is ingeschakeld. Je kunt het uitschakelen in <1>Algemene instellingen</1>."
+    "anonymizer_notification": "<0>Opmerking:</0> IP-anonimisering is ingeschakeld. Je kunt het uitschakelen in <1>Algemene instellingen</1>.",
+    "confirm_dns_cache_clear": "Weet je zeker dat je de DNS-cache wilt wissen?",
+    "cache_cleared": "DNS-cache succesvol gewist",
+    "clear_cache": "Cache wissen"
 }
--- a/client/src/__locales/pl.json
+++ b/client/src/__locales/pl.json
@ -638,5 +638,8 @@
    "safe_browsing": "Bezpieczne przeglądanie",
    "served_from_cache": "{{value}} <i>(podawane z pamięci podręcznej)</i>",
    "form_error_password_length": "Hasło musi mieć co najmniej {{value}} znaków",
-    "anonymizer_notification": "<0>Uwaga:</0> Anonimizacja IP jest włączona. Możesz ją wyłączyć w <1>Ustawieniach ogólnych</1>."
+    "anonymizer_notification": "<0>Uwaga:</0> Anonimizacja IP jest włączona. Możesz ją wyłączyć w <1>Ustawieniach ogólnych</1>.",
+    "confirm_dns_cache_clear": "Czy na pewno chcesz wyczyścić pamięć podręczną DNS?",
+    "cache_cleared": "Pamięć podręczna DNS została pomyślnie wyczyszczona",
+    "clear_cache": "Wyczyść pamięć podręczną"
 }
--- a/client/src/__locales/pt-br.json
+++ b/client/src/__locales/pt-br.json
@ -638,5 +638,8 @@
    "safe_browsing": "Navegação segura",
    "served_from_cache": "{{value}} <i>(servido do cache)</i>",
    "form_error_password_length": "A senha deve ter pelo menos {{value}} caracteres",
-    "anonymizer_notification": "<0>Observação:</0> A anonimização de IP está ativada. Você pode desativá-lo em <1>Configurações gerais</1>."
+    "anonymizer_notification": "<0>Observação:</0> A anonimização de IP está ativada. Você pode desativá-lo em <1>Configurações gerais</1>.",
+    "confirm_dns_cache_clear": "Tem certeza de que deseja limpar o cache DNS?",
+    "cache_cleared": "Cache DNS limpo com sucesso",
+    "clear_cache": "Limpar cache"
 }
--- a/client/src/__locales/pt-pt.json
+++ b/client/src/__locales/pt-pt.json
@ -638,5 +638,8 @@
    "safe_browsing": "Navegação segura",
    "served_from_cache": "{{value}} <i>(servido do cache)</i>",
    "form_error_password_length": "A palavra-passe deve ter pelo menos {{value}} caracteres",
-    "anonymizer_notification": "<0>Observação:</0> A anonimização de IP está ativada. Você pode desativá-la em <1>Definições gerais</1>."
+    "anonymizer_notification": "<0>Observação:</0> A anonimização de IP está ativada. Você pode desativá-la em <1>Definições gerais</1>.",
+    "confirm_dns_cache_clear": "Tem certeza de que quer limpar a cache DNS?",
+    "cache_cleared": "O cache DNS foi apagado com sucesso",
+    "clear_cache": "Limpar cache"
 }
--- a/client/src/__locales/ro.json
+++ b/client/src/__locales/ro.json
@ -638,5 +638,8 @@
    "safe_browsing": "Navigare în siguranță",
    "served_from_cache": "{{value}} <i>(furnizat din cache)</i>",
    "form_error_password_length": "Parola trebuie să aibă cel puțin {{value}} caractere",
-    "anonymizer_notification": "<0>Nota:</0> Anonimizarea IP este activată. Puteți să o dezactivați în <1>Setări generale</1>."
+    "anonymizer_notification": "<0>Nota:</0> Anonimizarea IP este activată. Puteți să o dezactivați în <1>Setări generale</1>.",
+    "confirm_dns_cache_clear": "Sunteți sigur că doriți să ștergeți memoria cache DNS?",
+    "cache_cleared": "Cache-ul DNS a fost golit cu succes",
+    "clear_cache": "Goliți memoria cache"
 }
--- a/client/src/__locales/ru.json
+++ b/client/src/__locales/ru.json
@ -638,5 +638,8 @@
    "safe_browsing": "Безопасный интернет",
    "served_from_cache": "{{value}} <i>(получено из кеша)</i>",
    "form_error_password_length": "Пароль должен быть длиной не меньше {{value}} символов",
-    "anonymizer_notification": "<0>Внимание:</0> включена анонимизация IP-адресов. Вы можете отключить её в разделе <1>Основные настройки</1>."
+    "anonymizer_notification": "<0>Внимание:</0> включена анонимизация IP-адресов. Вы можете отключить её в разделе <1>Основные настройки</1>.",
+    "confirm_dns_cache_clear": "Вы уверены, что хотите очистить кеш DNS?",
+    "cache_cleared": "Кеш DNS успешно очищен",
+    "clear_cache": "Очистить кеш"
 }
--- a/client/src/__locales/sk.json
+++ b/client/src/__locales/sk.json
@ -638,5 +638,8 @@
    "safe_browsing": "Bezpečné prehliadanie",
    "served_from_cache": "{{value}} <i>(prevzatá z cache pamäte)</i>",
    "form_error_password_length": "Heslo musí mať dĺžku aspoň {{value}} znakov",
-    "anonymizer_notification": "<0>Poznámka:</0> Anonymizácia IP je zapnutá. Môžete ju vypnúť vo <1>Všeobecných nastaveniach</1>."
+    "anonymizer_notification": "<0>Poznámka:</0> Anonymizácia IP je zapnutá. Môžete ju vypnúť vo <1>Všeobecných nastaveniach</1>.",
+    "confirm_dns_cache_clear": "Naozaj chcete vymazať vyrovnávaciu pamäť DNS?",
+    "cache_cleared": "Vyrovnávacia pamäť DNS bola úspešne vymazaná",
+    "clear_cache": "Vymazať vyrovnávaciu pamäť"
 }
--- a/client/src/__locales/sl.json
+++ b/client/src/__locales/sl.json
@ -638,5 +638,8 @@
    "safe_browsing": "Varno brskanje",
    "served_from_cache": "{{value}} <i>(postreženo iz predpomnilnika)</i>",
    "form_error_password_length": "Geslo mora vsebovati najmanj {{value}} znakov",
-    "anonymizer_notification": "<0>Opomba:</0> Anonimizacija IP je omogočena. Onemogočite ga lahko v <1>Splošnih nastavitvah</1>."
+    "anonymizer_notification": "<0>Opomba:</0> Anonimizacija IP je omogočena. Onemogočite ga lahko v <1>Splošnih nastavitvah</1>.",
+    "confirm_dns_cache_clear": "Ali ste prepričani, da želite počistiti predpomnilnik DNS?",
+    "cache_cleared": "Predpomnilnik DNS je bil uspešno počiščen",
+    "clear_cache": "Počisti predpomnilnik"
 }
--- a/client/src/__locales/sr-cs.json
+++ b/client/src/__locales/sr-cs.json
@ -638,5 +638,8 @@
    "safe_browsing": "Sigurno pregledanje",
    "served_from_cache": "{{value}} <i>(posluženo iz predmemorije)</i>",
    "form_error_password_length": "Lozinka mora imati najmanje {{value}} znakova",
-    "anonymizer_notification": "<0>Nota:</0> IP prepoznavanje je omogućeno. Možete ga onemogućiti u opštim <1>postavkama</1>."
+    "anonymizer_notification": "<0>Nota:</0> IP prepoznavanje je omogućeno. Možete ga onemogućiti u opštim <1>postavkama</1>.",
+    "confirm_dns_cache_clear": "Želite li zaista da obrišite DNS keš?",
+    "cache_cleared": "DNS keš je uspešno očišćen",
+    "clear_cache": "Obriši keš memoriju"
 }
--- a/client/src/__locales/sv.json
+++ b/client/src/__locales/sv.json
@ -638,5 +638,8 @@
    "safe_browsing": "Säker surfning",
    "served_from_cache": "{{value}} <i>(levereras från cache)</i>",
    "form_error_password_length": "Lösenordet måste vara minst {{value}} tecken långt",
-    "anonymizer_notification": "<0>Observera:</0> IP-anonymisering är aktiverad. Du kan inaktivera den i <1>Allmänna inställningar</1>."
+    "anonymizer_notification": "<0>Observera:</0> IP-anonymisering är aktiverad. Du kan inaktivera den i <1>Allmänna inställningar</1>.",
+    "confirm_dns_cache_clear": "Är du säker på att du vill rensa DNS-cache?",
+    "cache_cleared": "DNS-cacheminnet har rensats",
+    "clear_cache": "Rensa cache"
 }
--- a/client/src/__locales/tr.json
+++ b/client/src/__locales/tr.json
@ -638,5 +638,8 @@
    "safe_browsing": "Güvenli Gezinti",
    "served_from_cache": "{{value}} <i>(önbellekten kullanıldı)</i>",
    "form_error_password_length": "Parola en az {{value}} karakter uzunluğunda olmalıdır",
-    "anonymizer_notification": "<0>Not:</0> IP anonimleştirme etkinleştirildi. Bunu <1>Genel ayarlardan</1> devre dışı bırakabilirsiniz."
+    "anonymizer_notification": "<0>Not:</0> IP anonimleştirme etkinleştirildi. Bunu <1>Genel ayarlardan</1> devre dışı bırakabilirsiniz.",
+    "confirm_dns_cache_clear": "DNS önbelleğini temizlemek istediğinizden emin misiniz?",
+    "cache_cleared": "DNS önbelleği başarıyla temizlendi",
+    "clear_cache": "Önbelleği temizle"
 }
--- a/client/src/__locales/uk.json
+++ b/client/src/__locales/uk.json
@ -393,7 +393,7 @@
    "encryption_issuer": "Видавець",
    "encryption_hostnames": "Назви вузлів",
    "encryption_reset": "Ви впевнені, що хочете скинути налаштування шифрування?",
-    "encryption_warning": "Увага",
+    "encryption_warning": "Попередження",
    "topline_expiring_certificate": "Ваш сертифікат SSL скоро закінчиться. Оновіть <0>Налаштування шифрування</0>.",
    "topline_expired_certificate": "Термін дії вашого сертифіката SSL закінчився. Оновіть <0>Налаштування шифрування</0>.",
    "form_error_port_range": "Введіть значення порту в діапазоні 80−65535",
@ -638,5 +638,8 @@
    "safe_browsing": "Безпечний перегляд",
    "served_from_cache": "{{value}} <i>(отримано з кешу)</i>",
    "form_error_password_length": "Пароль мусить мати принаймні {{value}} символів",
-    "anonymizer_notification": "<0>Примітка:</0> IP-анонімізацію ввімкнено. Ви можете вимкнути його в <1>Загальні налаштування</1> ."
+    "anonymizer_notification": "<0>Примітка:</0> IP-анонімізацію ввімкнено. Ви можете вимкнути його в <1>Загальні налаштування</1> .",
+    "confirm_dns_cache_clear": "Ви впевнені, що бажаєте очистити кеш DNS?",
+    "cache_cleared": "Кеш DNS успішно очищено",
+    "clear_cache": "Очистити кеш"
 }
--- a/client/src/__locales/vi.json
+++ b/client/src/__locales/vi.json
@ -638,5 +638,8 @@
    "safe_browsing": "Duyệt web an toàn",
    "served_from_cache": "{{value}} <i>(được phục vụ từ bộ nhớ cache)</i>",
    "form_error_password_length": "Mật khẩu phải có ít nhất {{value}} ký tự",
-    "anonymizer_notification": "<0> Lưu ý:</0> Tính năng ẩn danh IP được bật. Bạn có thể tắt nó trong <1> Cài đặt chung</1>."
+    "anonymizer_notification": "<0> Lưu ý:</0> Tính năng ẩn danh IP được bật. Bạn có thể tắt nó trong <1> Cài đặt chung</1>.",
+    "confirm_dns_cache_clear": "Bạn có chắc chắn muốn xóa bộ đệm ẩn DNS không?",
+    "cache_cleared": "Đã xóa thành công bộ đệm DNS",
+    "clear_cache": "Xóa bộ nhớ cache"
 }
--- a/client/src/__locales/zh-cn.json
+++ b/client/src/__locales/zh-cn.json
@ -638,5 +638,8 @@
    "safe_browsing": "安全浏览",
    "served_from_cache": "{{value}}<i>(由缓存提供)</i>",
    "form_error_password_length": "密码必须至少有 {{value}} 个字符",
-    "anonymizer_notification": "<0>注意：</0> IP 匿名化已启用。您可以在<1>常规设置</1>中禁用它。"
+    "anonymizer_notification": "<0>注意：</0> IP 匿名化已启用。您可以在<1>常规设置</1>中禁用它。",
+    "confirm_dns_cache_clear": "您确定要清除 DNS 缓存吗？",
+    "cache_cleared": "已成功清除 DNS 缓存",
+    "clear_cache": "清除缓存"
 }
--- a/client/src/__locales/zh-tw.json
+++ b/client/src/__locales/zh-tw.json
@ -638,5 +638,8 @@
    "safe_browsing": "安全瀏覽",
    "served_from_cache": "{{value}} <i>(由快取提供)</i>",
    "form_error_password_length": "密碼必須為至少長 {{value}} 個字元",
-    "anonymizer_notification": "<0>注意：</0>IP 匿名化被啟用。您可在<1>一般設定</1>中禁用它。"
+    "anonymizer_notification": "<0>注意：</0>IP 匿名化被啟用。您可在<1>一般設定</1>中禁用它。",
+    "confirm_dns_cache_clear": "您確定您想要清除 DNS 快取嗎？",
+    "cache_cleared": "DNS 快取被成功地清除",
+    "clear_cache": "清除快取"
 }
--- a/client/src/components/Settings/Dhcp/FormDHCPv4.js
+++ b/client/src/components/Settings/Dhcp/FormDHCPv4.js
@ -74,7 +74,6 @@ const FormDHCPv4 = ({
                        className="form-control"
                        placeholder={t(ipv4placeholders.subnet_mask)}
                        validate={[
-                            validateIpv4,
                            validateRequired,
                            validateGatewaySubnetMask,
                        ]}
@ -97,7 +96,6 @@ const FormDHCPv4 = ({
                                placeholder={t(ipv4placeholders.range_start)}
                                validate={[
                                    validateIpv4,
-                                    validateGatewaySubnetMask,
                                    validateIpForGatewaySubnetMask,
                                ]}
                                disabled={!isInterfaceIncludesIpv4}
@ -113,7 +111,6 @@ const FormDHCPv4 = ({
                                validate={[
                                    validateIpv4,
                                    validateIpv4RangeEnd,
-                                    validateGatewaySubnetMask,
                                    validateIpForGatewaySubnetMask,
                                ]}
                                disabled={!isInterfaceIncludesIpv4}
--- a/client/src/helpers/validators.js
+++ b/client/src/helpers/validators.js
@ -77,11 +77,11 @@ export const validateNotInRange = (value, allValues) => {
    const { range_start, range_end } = allValues.v4;

    if (range_start && validateIpv4(range_start)) {
-        return 'form_error_ip4_range_start_format';
+        return undefined;
    }

    if (range_end && validateIpv4(range_end)) {
-        return 'form_error_ip4_range_end_format';
+        return undefined;
    }

    const isAboveMin = range_start && ip4ToInt(value) >= ip4ToInt(range_start);
@ -94,14 +94,6 @@ export const validateNotInRange = (value, allValues) => {
        });
    }

-    if (!range_end && isAboveMin) {
-        return 'lower_range_start_error';
-    }
-
-    if (!range_start && isBelowMax) {
-        return 'greater_range_end_error';
-    }
-
    return undefined;
 };

@ -118,7 +110,7 @@ export const validateGatewaySubnetMask = (_, allValues) => {
    const { subnet_mask, gateway_ip } = allValues.v4;

    if (validateIpv4(gateway_ip)) {
-        return 'form_error_ip4_gateway_format';
+        return 'gateway_or_subnet_invalid';
    }

    return parseSubnetMask(subnet_mask) ? undefined : 'gateway_or_subnet_invalid';
@ -138,6 +130,10 @@ export const validateIpForGatewaySubnetMask = (value, allValues) => {
        gateway_ip, subnet_mask,
    } = allValues.v4;

+    if ((gateway_ip && validateIpv4(gateway_ip)) || (subnet_mask && validateIpv4(subnet_mask))) {
+        return undefined;
+    }
+
    const subnetPrefix = parseSubnetMask(subnet_mask);

    if (!isIpInCidr(value, `${gateway_ip}/${subnetPrefix}`)) {
--- a/internal/aghnet/hostscontainer_windows.go
+++ b/internal/aghnet/hostscontainer_windows.go
@ -15,7 +15,7 @@ import (
 func defaultHostsPaths() (paths []string) {
 	sysDir, err := windows.GetSystemDirectory()
 	if err != nil {
-		log.Error("getting system directory: %s", err)
+		log.Error("aghnet: getting system directory: %s", err)

 		return []string{}
 	}
--- a/internal/aghos/os.go
+++ b/internal/aghos/os.go
@ -168,11 +168,11 @@ func IsOpenWrt() (ok bool) {
 	return isOpenWrt()
 }

-// RootDirFS returns the fs.FS rooted at the operating system's root.
+// RootDirFS returns the [fs.FS] rooted at the operating system's root.  On
+// Windows it returns the fs.FS rooted at the volume of the system directory
+// (usually, C:).
 func RootDirFS() (fsys fs.FS) {
-	// Use empty string since os.DirFS implicitly prepends a slash to it.  This
-	// behavior is undocumented but it currently works.
-	return os.DirFS("")
+	return rootDirFS()
 }

 // NotifyReconfigureSignal notifies c on receiving reconfigure signals.
--- a/internal/aghos/os_unix.go
+++ b/internal/aghos/os_unix.go
@ -3,12 +3,17 @@
 package aghos

 import (
+	"io/fs"
 	"os"
 	"os/signal"

 	"golang.org/x/sys/unix"
 )

+func rootDirFS() (fsys fs.FS) {
+	return os.DirFS("/")
+}
+
 func notifyReconfigureSignal(c chan<- os.Signal) {
 	signal.Notify(c, unix.SIGHUP)
 }
--- a/internal/aghos/os_windows.go
+++ b/internal/aghos/os_windows.go
@ -3,13 +3,29 @@
 package aghos

 import (
+	"io/fs"
 	"os"
 	"os/signal"
+	"path/filepath"
 	"syscall"

+	"github.com/AdguardTeam/golibs/log"
 	"golang.org/x/sys/windows"
 )

+func rootDirFS() (fsys fs.FS) {
+	// TODO(a.garipov): Use a better way if golang/go#44279 is ever resolved.
+	sysDir, err := windows.GetSystemDirectory()
+	if err != nil {
+		log.Error("aghos: getting root filesystem: %s; using C:", err)
+
+		// Assume that C: is the safe default.
+		return os.DirFS("C:")
+	}
+
+	return os.DirFS(filepath.VolumeName(sysDir))
+}
+
 func setRlimit(val uint64) (err error) {
 	return Unsupported("setrlimit")
 }
--- a/internal/dnsforward/http.go
+++ b/internal/dnsforward/http.go
@ -566,6 +566,11 @@ type domainSpecificTestError struct {
 	error
 }

+// Error implements the [error] interface for domainSpecificTestError.
+func (err domainSpecificTestError) Error() (msg string) {
+	return fmt.Sprintf("WARNING: %s", err.error)
+}
+
 // checkDNS checks the upstream server defined by upstreamConfigStr using
 // healthCheck for actually exchange messages.  It uses bootstrap to resolve the
 // upstream's address.
@ -632,41 +637,45 @@ func (s *Server) handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {

 	result := map[string]string{}
 	bootstraps := req.BootstrapDNS
-
 	timeout := s.conf.UpstreamTimeout
-	for _, host := range req.Upstreams {
-		err = checkDNS(host, bootstraps, timeout, checkDNSUpstreamExc)
-		if err != nil {
-			log.Info("%v", err)
-			result[host] = err.Error()
-			if _, ok := err.(domainSpecificTestError); ok {
-				result[host] = fmt.Sprintf("WARNING: %s", result[host])
-			}

-			continue
-		}
-
-		result[host] = "OK"
+	type upsCheckResult = struct {
+		res  string
+		host string
 	}

-	for _, host := range req.PrivateUpstreams {
-		err = checkDNS(host, bootstraps, timeout, checkPrivateUpstreamExc)
-		if err != nil {
-			log.Info("%v", err)
-			// TODO(e.burkov): If passed upstream have already written an error
-			// above, we rewriting the error for it.  These cases should be
-			// handled properly instead.
-			result[host] = err.Error()
-			if _, ok := err.(domainSpecificTestError); ok {
-				result[host] = fmt.Sprintf("WARNING: %s", result[host])
-			}
+	upsNum := len(req.Upstreams) + len(req.PrivateUpstreams)
+	resCh := make(chan upsCheckResult, upsNum)

-			continue
+	checkUps := func(ups string, healthCheck healthCheckFunc) {
+		res := upsCheckResult{
+			host: ups,
 		}
+		defer func() { resCh <- res }()

-		result[host] = "OK"
+		checkErr := checkDNS(ups, bootstraps, timeout, healthCheck)
+		if checkErr != nil {
+			res.res = checkErr.Error()
+		} else {
+			res.res = "OK"
+		}
 	}

+	for _, ups := range req.Upstreams {
+		go checkUps(ups, checkDNSUpstreamExc)
+	}
+	for _, ups := range req.PrivateUpstreams {
+		go checkUps(ups, checkPrivateUpstreamExc)
+	}
+
+	for i := 0; i < upsNum; i++ {
+		pair := <-resCh
+		// TODO(e.burkov):  The upstreams used for both common and private
+		// resolving should be reported separately.
+		result[pair.host] = pair.res
+	}
+	close(resCh)
+
 	_ = aghhttp.WriteJSONResponse(w, r, result)
 }

--- a/internal/dnsforward/http_test.go
+++ b/internal/dnsforward/http_test.go
@ -7,16 +7,20 @@ import (
 	"net"
 	"net/http"
 	"net/http/httptest"
+	"net/netip"
+	"net/url"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
+	"time"

 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/testutil"
+	"github.com/miekg/dns"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@ -392,3 +396,141 @@ func TestValidateUpstreamsPrivate(t *testing.T) {
 		})
 	}
 }
+
+func newLocalUpstreamListener(t *testing.T, port int, handler dns.Handler) (real net.Addr) {
+	startCh := make(chan struct{})
+	upsSrv := &dns.Server{
+		Addr:              netip.AddrPortFrom(netutil.IPv4Localhost(), uint16(port)).String(),
+		Net:               "tcp",
+		Handler:           handler,
+		NotifyStartedFunc: func() { close(startCh) },
+	}
+	go func() {
+		t := testutil.PanicT{}
+
+		err := upsSrv.ListenAndServe()
+		require.NoError(t, err)
+	}()
+	<-startCh
+	testutil.CleanupAndRequireSuccess(t, upsSrv.Shutdown)
+
+	return upsSrv.Listener.Addr()
+}
+
+func TestServer_handleTestUpstreaDNS(t *testing.T) {
+	goodHandler := dns.HandlerFunc(func(w dns.ResponseWriter, m *dns.Msg) {
+		err := w.WriteMsg(new(dns.Msg).SetReply(m))
+		require.NoError(testutil.PanicT{}, err)
+	})
+	badHandler := dns.HandlerFunc(func(w dns.ResponseWriter, _ *dns.Msg) {
+		err := w.WriteMsg(new(dns.Msg))
+		require.NoError(testutil.PanicT{}, err)
+	})
+
+	goodUps := (&url.URL{
+		Scheme: "tcp",
+		Host:   newLocalUpstreamListener(t, 0, goodHandler).String(),
+	}).String()
+	badUps := (&url.URL{
+		Scheme: "tcp",
+		Host:   newLocalUpstreamListener(t, 0, badHandler).String(),
+	}).String()
+
+	const upsTimeout = 100 * time.Millisecond
+
+	srv := createTestServer(t, &filtering.Config{}, ServerConfig{
+		UDPListenAddrs:  []*net.UDPAddr{{}},
+		TCPListenAddrs:  []*net.TCPAddr{{}},
+		UpstreamTimeout: upsTimeout,
+	}, nil)
+	startDeferStop(t, srv)
+
+	testCases := []struct {
+		body     map[string]any
+		wantResp map[string]any
+		name     string
+	}{{
+		body: map[string]any{
+			"upstream_dns": []string{goodUps},
+		},
+		wantResp: map[string]any{
+			goodUps: "OK",
+		},
+		name: "success",
+	}, {
+		body: map[string]any{
+			"upstream_dns": []string{badUps},
+		},
+		wantResp: map[string]any{
+			badUps: `upstream "` + badUps + `" fails to exchange: ` +
+				`couldn't communicate with upstream: dns: id mismatch`,
+		},
+		name: "broken",
+	}, {
+		body: map[string]any{
+			"upstream_dns": []string{goodUps, badUps},
+		},
+		wantResp: map[string]any{
+			goodUps: "OK",
+			badUps: `upstream "` + badUps + `" fails to exchange: ` +
+				`couldn't communicate with upstream: dns: id mismatch`,
+		},
+		name: "both",
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			reqBody, err := json.Marshal(tc.body)
+			require.NoError(t, err)
+
+			w := httptest.NewRecorder()
+			r, err := http.NewRequest(http.MethodPost, "", bytes.NewReader(reqBody))
+			require.NoError(t, err)
+
+			srv.handleTestUpstreamDNS(w, r)
+			require.Equal(t, http.StatusOK, w.Code)
+
+			resp := map[string]any{}
+			err = json.NewDecoder(w.Body).Decode(&resp)
+			require.NoError(t, err)
+
+			assert.Equal(t, tc.wantResp, resp)
+		})
+	}
+
+	t.Run("timeout", func(t *testing.T) {
+		slowHandler := dns.HandlerFunc(func(w dns.ResponseWriter, m *dns.Msg) {
+			time.Sleep(upsTimeout * 2)
+			writeErr := w.WriteMsg(new(dns.Msg).SetReply(m))
+			require.NoError(testutil.PanicT{}, writeErr)
+		})
+		sleepyUps := (&url.URL{
+			Scheme: "tcp",
+			Host:   newLocalUpstreamListener(t, 0, slowHandler).String(),
+		}).String()
+
+		req := map[string]any{
+			"upstream_dns": []string{sleepyUps},
+		}
+		reqBody, err := json.Marshal(req)
+		require.NoError(t, err)
+
+		w := httptest.NewRecorder()
+		r, err := http.NewRequest(http.MethodPost, "", bytes.NewReader(reqBody))
+		require.NoError(t, err)
+
+		srv.handleTestUpstreamDNS(w, r)
+		require.Equal(t, http.StatusOK, w.Code)
+
+		resp := map[string]any{}
+		err = json.NewDecoder(w.Body).Decode(&resp)
+		require.NoError(t, err)
+
+		require.Contains(t, resp, sleepyUps)
+		require.IsType(t, "", resp[sleepyUps])
+		sleepyRes, _ := resp[sleepyUps].(string)
+
+		// TODO(e.burkov):  Improve the format of an error in dnsproxy.
+		assert.True(t, strings.HasSuffix(sleepyRes, "i/o timeout"))
+	})
+}
--- a/internal/filtering/servicelist.go
+++ b/internal/filtering/servicelist.go
@ -251,14 +251,12 @@ var blockedServices = []blockedService{{
 	Name:    "Mastodon",
 	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 512 512\"><path d=\"M433 179.11c0-97.2-63.71-125.7-63.71-125.7-62.52-28.7-228.56-28.4-290.48 0 0 0-63.72 28.5-63.72 125.7 0 115.7-6.6 259.4 105.63 289.1 40.51 10.7 75.32 13 103.33 11.4 50.81-2.8 79.32-18.1 79.32-18.1l-1.7-36.9s-36.31 11.4-77.12 10.1c-40.41-1.4-83-4.4-89.63-54a102.54 102.54 0 0 1-.9-13.9c85.63 20.9 158.65 9.1 178.75 6.7 56.12-6.7 105-41.3 111.23-72.9 9.8-49.8 9-121.5 9-121.5zm-75.12 125.2h-46.63v-114.2c0-49.7-64-51.6-64 6.9v62.5h-46.33V197c0-58.5-64-56.6-64-6.9v114.2H90.19c0-122.1-5.2-147.9 18.41-175 25.9-28.9 79.82-30.8 103.83 6.1l11.6 19.5 11.6-19.5c24.11-37.1 78.12-34.8 103.83-6.1 23.71 27.3 18.4 53 18.4 175z\"/></svg>"),
 	Rules: []string{
+		"||aus.social^",
 		"||awscommunity.social^",
-		"||colorid.es^",
-		"||dizl.de^",
 		"||dju.social^",
 		"||dresden.network^",
 		"||fedibird.com^",
 		"||fosstodon.org^",
-		"||freiburg.social^",
 		"||glasgow.social^",
 		"||h4.io^",
 		"||hachyderm.io^",
@ -269,32 +267,30 @@ var blockedServices = []blockedService{{
 		"||ieji.de^",
 		"||indieweb.social^",
 		"||ioc.exchange^",
-		"||kfem.cat^",
 		"||kolektiva.social^",
-		"||kurry.social^",
-		"||libretooth.gr^",
 		"||livellosegreto.it^",
 		"||lor.sh^",
 		"||m.cmx.im^",
-		"||mast.dragon-fly.club^",
+		"||mas.to^",
 		"||masto.ai^",
 		"||masto.es^",
 		"||masto.nobigtech.es^",
 		"||masto.pt^",
-		"||mastodon-belgium.be^",
 		"||mastodon.au^",
 		"||mastodon.bida.im^",
+		"||mastodon.com.tr^",
 		"||mastodon.eus^",
 		"||mastodon.ie^",
 		"||mastodon.iriseden.eu^",
+		"||mastodon.lol^",
 		"||mastodon.nl^",
 		"||mastodon.nu^",
 		"||mastodon.nz^",
 		"||mastodon.online^",
 		"||mastodon.scot^",
 		"||mastodon.sdf.org^",
-		"||mastodon.se^",
 		"||mastodon.social^",
+		"||mastodon.top^",
 		"||mastodon.uno^",
 		"||mastodon.world^",
 		"||mastodon.zaclys.com^",
@ -304,6 +300,8 @@ var blockedServices = []blockedService{{
 		"||mastodontti.fi^",
 		"||mastouille.fr^",
 		"||mathstodon.xyz^",
+		"||meow.social^",
+		"||metalhead.club^",
 		"||mindly.social^",
 		"||mstdn.ca^",
 		"||mstdn.jp^",
@ -311,14 +309,13 @@ var blockedServices = []blockedService{{
 		"||mstdn.social^",
 		"||muenchen.social^",
 		"||muenster.im^",
+		"||nerdculture.de^",
 		"||newsie.social^",
 		"||noc.social^",
 		"||norden.social^",
 		"||nrw.social^",
 		"||o3o.ca^",
 		"||ohai.social^",
-		"||oslo.town^",
-		"||pettingzoo.co^",
 		"||pewtix.com^",
 		"||phpc.social^",
 		"||piaille.fr^",
@ -329,18 +326,20 @@ var blockedServices = []blockedService{{
 		"||ruby.social^",
 		"||ruhr.social^",
 		"||sfba.social^",
-		"||snabelen.no^",
+		"||socel.net^",
 		"||social.anoxinon.de^",
 		"||social.cologne^",
 		"||social.dev-wiki.de^",
+		"||social.linux.pizza^",
 		"||social.politicaconciencia.org^",
 		"||social.vivaldi.net^",
-		"||sociale.network^",
+		"||sself.co^",
 		"||sueden.social^",
 		"||techhub.social^",
 		"||theblower.au^",
 		"||tkz.one^",
 		"||toot.aquilenet.fr^",
+		"||toot.community^",
 		"||toot.funami.tech^",
 		"||toot.wales^",
 		"||troet.cafe^",
@ -350,6 +349,7 @@ var blockedServices = []blockedService{{
 		"||urbanists.social^",
 		"||vocalodon.net^",
 		"||wxw.moe^",
+		"||xarxa.cloud^",
 	},
 }, {
 	ID:      "minecraft",
--- a/internal/home/config.go
+++ b/internal/home/config.go
@ -278,15 +278,20 @@ var config = &configuration{
 		PortDNSOverTLS:  defaultPortTLS, // needs to be passed through to dnsproxy
 		PortDNSOverQUIC: defaultPortQUIC,
 	},
+	// NOTE: Keep these parameters in sync with the one put into
+	// client/src/helpers/filters/filters.js by scripts/vetted-filters.
+	//
+	// TODO(a.garipov): Think of a way to make scripts/vetted-filters update
+	// these as well if necessary.
 	Filters: []filtering.FilterYAML{{
 		Filter:  filtering.Filter{ID: 1},
 		Enabled: true,
-		URL:     "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt",
+		URL:     "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt",
 		Name:    "AdGuard DNS filter",
 	}, {
 		Filter:  filtering.Filter{ID: 2},
 		Enabled: false,
-		URL:     "https://adaway.org/hosts.txt",
+		URL:     "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt",
 		Name:    "AdAway Default Blocklist",
 	}},
 	DHCP: &dhcpd.ServerConfig{