mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-11-25 06:25:44 +03:00
cba41265e4
Merge in DNS/adguard-home from 3933-client-sort to master * commit '6a6f926bd04fb05232dab628f5fc877d9307f175': all: imp hooks, opt home: imp docs, opt home: imp client handling all: doc changes, imp names Prevent spurious diffs in config file by sorting Client objects before writing
27 KiB
27 KiB
AdGuard Home Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Unreleased
Added
- Upstream server information for responses from cache (#3772). Note that old log entries concerning cached responses won't include that information.
- Finnish and Ukrainian translations.
- Setting the timeout for IP address pinging in the "Fastest IP address" mode
through the new
fastest_timeout
field in the configuration file (#1992). - Static IP address detection on FreeBSD (#3289).
- Optimistic cache (#2145).
- New possible value of
6h
forquerylog_interval
setting (#2504). - Blocking access using client IDs (#2624, #3162).
source
directives support in/etc/network/interfaces
on Linux (#3257).- RFC 9000 support in DNS-over-QUIC.
- Completely disabling statistics by setting the statistics interval to zero (#2141).
- The ability to completely purge DHCP leases (#1691).
- Settable timeouts for querying the upstream servers (#2280).
- Configuration file parameters to change group and user ID on startup on Unix (#2763).
- Experimental OpenBSD support for AMD64 and 64-bit ARM CPUs (#2439, #3225, #3226).
- Support for custom port in DNS-over-HTTPS profiles for Apple's devices (#3172).
darwin/arm64
support (#2443).freebsd/arm64
support (#2441).- Output of the default addresses of the upstreams used for resolving PTRs for private addresses (#3136).
- Detection and handling of recurrent PTR requests for locally-served addresses (#3185).
- The ability to completely disable reverse DNS resolving of IPs from locally-served networks (#3184).
- New flag
--local-frontend
to serve dynamically changeable frontend files from disk as opposed to the ones that were compiled into the binary.
Changed
- Client objects in the configuration file are now sorted (#3933).
- Responses from cache are now labeled (#3772).
- Better error message for ED25519 private keys, which are not widely supported ([#3737]).
- Cache now follows RFC more closely for negative answers (#3707).
$dnsrewrite
rules and other DNS rewrites will now be applied even when the protection is disabled (#1558).- DHCP gateway address, subnet mask, IP address range, and leases validations (#3529).
- The
systemd
service script will now create the/var/log
directory when it doesn't exist (#3579). - Items in allowed clients, disallowed clients, and blocked hosts lists are now required to be unique (#3419).
- The TLS private key previously saved as a string isn't shown in API responses anymore (#1898).
- Better OpenWrt detection (#3435).
- DNS-over-HTTPS queries that come from HTTP proxies in the
trusted_proxies
list now use the real IP address of the client instead of the address of the proxy (#2799). - Clients who are blocked by access settings now receive a
REFUSED
response when a protocol other than DNS-over-UDP and DNSCrypt is used. querylog_interval
setting is now formatted in hours.- Query log search now supports internationalized domains (#3012).
- Internationalized domains are now shown decoded in the query log with the original encoded version shown in request details (#3013).
- When /etc/hosts-type rules have several IPs for one host, all IPs are now returned instead of only the first one (#1381).
- The setting
rlimit_nofile
is now in theos
block of the configuration file, together with the newgroup
anduser
settings (#2763). - Permissions on filter files are now
0o644
instead of0o600
(#3198).
Configuration Changes
In this release, the schema version has changed from 10 to 12.
-
Parameter
dns.querylog_interval
, which in schema versions 11 and earlier used to be an integer number of days, is now a string with a human-readable duration:# BEFORE: 'dns': # … 'querylog_interval': 90 # AFTER: 'dns': # … 'querylog_interval': '2160h'
To rollback this change, convert the parameter back into days and change the
schema_version
back to11
. -
Parameter
rlimit_nofile
, which in schema versions 10 and earlier used to be on the top level, is now moved to the newos
object:# BEFORE: 'rlimit_nofile': 42 # AFTER: 'os': 'group': '' 'rlimit_nofile': 42 'user': ''
To rollback this change, move the parameter on the top level and change the
schema_version
back to10
.
Deprecated
- Go 1.16 support. v0.108.0 will require at least Go 1.17 to build.
Fixed
- Invalid redirection to the HTTPS web interface after saving enabled encryption settings (#3558).
- Incomplete propagation of the client's IP anonymization setting to the statistics (#3890).
- Incorrect
$dnsrewrite
results for entries from the operating system's hosts file (#3815). - Matching against rules with
|
at the end of the domain name (#3371). - Incorrect assignment of explicitly configured DHCP options (#3744).
- Occasional panic during shutdown (#3655).
- Addition of IPs into only one as opposed to all matching ipsets on Linux (#3638).
- Removal of temporary filter files (#3567).
- Panic when an upstream server responds with an empty question section (#3551).
- 9GAG blocking (#3564).
- DHCP now follows RFCs more closely when it comes to response sending and option selection (#3443, #3538).
- Occasional panics when reading old statistics databases (#3506).
reload
service action on macOS and FreeBSD (#3457).- Inaccurate using of service actions in the installation script (#3450).
- Client ID checking (#3437).
- Discovering other DHCP servers on
darwin
andfreebsd
(#3417). - Switching listening address to unspecified one when bound to a single specified IPv4 address on Darwin (macOS) (#2807).
- Incomplete HTTP response for static IP address.
- DNSCrypt queries weren't appearing in query log (#3372).
- Wrong IP address for proxied DNS-over-HTTPS queries (#2799).
- Domain name letter case mismatches in DNS rewrites (#3351).
- Conflicts between IPv4 and IPv6 DNS rewrites (#3343).
- Letter case mismatches in
CNAME
filtering (#3335). - Occasional breakages on network errors with DNS-over-HTTP upstreams (#3217).
- Errors when setting static IP on Linux (#3257).
- Treatment of domain names and FQDNs in custom rules with
$dnsrewrite
that use thePTR
type (#3256). - Redundant hostname generating while loading static leases with empty hostname (#3166).
- Domain name case in responses (#3194).
- Custom upstreams selection for clients with client IDs in DNS-over-TLS and DNS-over-HTTP (#3186).
- Incorrect client-based filtering applying logic (#2875).
Removed
- Go 1.15 support.
v0.106.3 - 2021-05-19
Added
- Support for reinstall (
-r
) and uninstall (-u
) flags in the installation script (#2462). - Support for DHCP
DECLINE
andRELEASE
message types (#3053).
Changed
- Add microseconds to log output.
Fixed
- Intermittent "Warning: ID mismatch" errors ([#3087]).
- Error when using installation script on some ARMv7 devices (#2542).
- DHCP leases validation (#3107, #3127).
- Local PTR request recursion in Docker containers (#3064).
- Ignoring client-specific filtering settings when filtering is disabled in general settings (#2875).
- Disallowed domains are now case-insensitive (#3115).
v0.106.2 - 2021-05-06
Fixed
- Uniqueness validation for dynamic DHCP leases (#3056).
v0.106.1 - 2021-04-30
Fixed
- Local domain name handling when the DHCP server is disabled (#3028).
- Normalization of previously-saved invalid static DHCP leases (#3027).
- Validation of IPv6 addresses with zones in system resolvers (#3022).
v0.106.0 - 2021-04-28
Added
- The ability to block user for login after configurable number of unsuccessful attempts for configurable time (#2826).
$denyallow
modifier for filters (#2923).- Hostname uniqueness validation in the DHCP server (#2952).
- Hostname generating for DHCP clients which don't provide their own (#2723).
- New flag
--no-etc-hosts
to disable client domain name lookups in the operating system's /etc/hosts files (#1947). - The ability to set up custom upstreams to resolve PTR queries for local addresses and to disable the automatic resolving of clients' addresses (#2704).
- Logging of the client's IP address after failed login attempts (#2824).
- Search by clients' names in the query log (#1273).
- Verbose version output with
-v --version
(#2416). - The ability to set a custom TLD or domain name for known hosts in the local network (#2393, #2961).
- The ability to serve DNS queries on multiple hosts and interfaces (#1401).
ips
andtext
DHCP server options (#2385).SRV
records support in$dnsrewrite
filters (#2533).
Changed
- Our DoQ implementation is now updated to conform to the latest standard draft (#2843).
- Quality of logging (#2954).
- Normalization of hostnames sent by DHCP clients (#2945, #2952).
- The access to the private hosts is now forbidden for users from external networks (#2889).
- The reverse lookup for local addresses is now performed via local resolvers (#2704).
- Stricter validation of the IP addresses of static leases in the DHCP server with regards to the netmask (#2838).
- Stricter validation of
$dnsrewrite
filter modifier parameters (#2498). - New, more correct versioning scheme (#2412).
Deprecated
- Go 1.15 support. v0.107.0 will require at least Go 1.16 to build.
Fixed
- Multiple answers for
$dnsrewrite
rule matching requests with repeating patterns in it (#2981). - Root server resolving when custom upstreams for hosts are specified (#2994).
- Inconsistent resolving of DHCP clients when the DHCP server is disabled (#2934).
- Comment handling in clients' custom upstreams (#2947).
- Overwriting of DHCPv4 options when using the HTTP API (#2927).
- Assumption that MAC addresses always have the length of 6 octets (#2828).
- Support for more than one
/24
subnet in DHCP (#2541). - Invalid filenames in the
mobileconfig
API responses (#2835).
Removed
- Go 1.14 support.
v0.105.2 - 2021-03-10
Fixed
- Incomplete hostnames with trailing zero-bytes handling (#2582).
- Wrong DNS-over-TLS ALPN configuration (#2681).
- Inconsistent responses for messages with EDNS0 and AD when DNS caching is enabled (#2600).
- Incomplete OpenWrt detection (#2757).
- DHCP lease's
expired
field incorrect time format (#2692). - Incomplete DNS upstreams validation (#2674).
- Wrong parsing of DHCP options of the
ip
type (#2688).
Security
- Session token doesn't contain user's information anymore (#2470).
v0.105.1 - 2021-02-15
Changed
- Increased HTTP API timeouts (#2671, #2682).
- "Permission denied" errors when checking if the machine has a static IP no longer prevent the DHCP server from starting (#2667).
- The server name sent by clients of TLS APIs is not only checked when
strict_sni_check
is enabled (#2664). - HTTP API request body size limit for the
POST /control/access/set
andPOST /control/filtering/set_rules
HTTP APIs is increased (#2666, #2675).
Fixed
- Error when enabling the DHCP server when AdGuard Home couldn't determine if the machine has a static IP.
- Optical issue on custom rules (#2641).
- Occasional crashes during startup.
- The field
"range_start"
in theGET /control/dhcp/status
HTTP API response is now correctly named again (#2678). - DHCPv6 server's
ra_slaac_only
andra_allow_slaac
settings aren't reset tofalse
on update anymore (#2653). - The
Vary
header is now added along withAccess-Control-Allow-Origin
to prevent cache-related and other issues in browsers (#2658). - The request body size limit is now set for HTTPS requests as well.
- Incorrect version tag in the Docker release (#2663).
- DNSCrypt queries weren't marked as such in logs (#2662).
v0.105.0 - 2021-02-10
Added
- Added more services to the "Blocked services" list (#2224, #2401).
ipset
subdomain matching, just likednsmasq
does (#2179).- Client ID support for DNS-over-HTTPS, DNS-over-QUIC, and DNS-over-TLS (#1383).
$dnsrewrite
modifier for filters (#2102).- The host checking API and the query logs API can now return multiple matched rules (#2102).
- Detecting of network interface configured to have static IP address via
/etc/network/interfaces
(#2302). - DNSCrypt protocol support (#1361).
- A 5 second wait period until a DHCP server's network interface gets an IP address (#2304).
$dnstype
modifier for filters (#2337).- HTTP API request body size limit (#2305).
Changed
Access-Control-Allow-Origin
is now only set to the same origin as the domain, but with an HTTP scheme as opposed to*
(#2484).workDir
now supports symlinks.- Stopped mounting together the directories
/opt/adguardhome/conf
and/opt/adguardhome/work
in our Docker images (#2589). - When
dns.bogus_nxdomain
option is used, the server will now transform responses if there is at least one bogus address instead of all of them (#2394). The new behavior is the same as indnsmasq
. - Post-updating relaunch possibility is now determined OS-dependently (#2231, #2391).
- Made the mobileconfig HTTP API more robust and predictable, add parameters and improve error response (#2358).
- Improved HTTP requests handling and timeouts (#2343).
- Our snap package now uses the
core20
image as its base (#2306). - New build system and various internal improvements (#2271, #2276, #2297, #2509, #2552, #2639, #2646).
Deprecated
- Go 1.14 support. v0.106.0 will require at least Go 1.15 to build.
- The
darwin/386
port. It will be removed in v0.106.0. - The
"rule"
and"filter_id"
fields inGET /filtering/check_host
andGET /querylog
responses. They will be removed in v0.106.0 (#2102).
Fixed
- Autoupdate bug in the Darwin (macOS) version (#2630).
- Unnecessary conversions from
string
tonet.IP
, and vice versa (#2508). - Inability to set DNS cache TTL limits (#2459).
- Possible freezes on slower machines (#2225).
- A mitigation against records being shown in the wrong order on the query log page (#2293).
- A JSON parsing error in query log (#2345).
- Incorrect detection of the IPv6 address of an interface as well as another
infinite loop in the
/dhcp/find_active_dhcp
HTTP API (#2355).
Removed
- The undocumented ability to use hostnames as any of
bind_host
values in configuration. Documentation requires them to be valid IP addresses, and now the implementation makes sure that that is the case (#2508). Dockerfile
(#2276). Replaced with the scriptscripts/make/build-docker.sh
which usesscripts/make/Dockerfile
.- Support for pre-v0.99.3 format of query logs (#2102).
v0.104.3 - 2020-11-19
Fixed
- The accidentally exposed profiler HTTP API (#2336).
v0.104.2 - 2020-11-19
Added
- This changelog :-) (#2294).
HACKING.md
, a guide for developers.
Changed
- Improved tests output (#2273).
Fixed
- Query logs from file not loading after the ones buffered in memory (#2325).
- Unnecessary errors in query logs when switching between log files (#2324).
404 Not Found
errors on the DHCP settings page on Windows. The page now correctly shows that DHCP is not currently available on that OS (#2295).- Infinite loop in
/dhcp/find_active_dhcp
(#2301).