We have something special for y'all today. Not just an implementation of a new feature but the first ever implementation of a new feature! 😮 This is about DNS-over-QUIC, a new DNS encryption protocol — read on to learn more.
Ah, yes, there's also a bunch of other good stuff, too: DHCP-related changes, a .mobileconfig generator for iOS and macOS, and a handful of other enhancements and bugfixes.
DNS-over-QUIC support #2049
AdGuard Home now natively supports a new DNS encryption protocol called DNS-over-QUIC. DoQ standard is currently in the draft state, and AdGuard Home (and dnsproxy) is it's first open-source implementation.🥇
So what's good about it? 🤔 Unlike DoH and DoT, it uses QUIC as a transport protocol and finally brings DNS back to its roots — working over UDP. It brings all the good things that QUIC has to offer — out-of-the-box encryption, reduced connection times, better performance when data packets are lost. Also, QUIC is supposed to be a transport-level protocol and there are no risks of metadata leaks that could happen with DoH. 🔒
At this moment, the only major public DNS resolver that provides DNS-over-QUIC is AdGuard DNS. 😎 Use quic://dns-unfiltered.adguard.com in the upstreams settings to start using AdGuard DNS "Non-Filtering".
DHCP rework: DHCP6 support, custom DHCP options
We did a huge rework of our DHCP server implementation. Thanks to it, AdGuard Home now supports DHCP6 and allows setting custom DHCP options.
Please note that in order to set DHCP options, you'll need to edit the configuration file.
- Add support for DHCPv6: #779
- DHCPv6 RA+SLAAC: #2076
- DHCP: automatic hostnames: #1956
- Add DHCP Options: #1585
iOS and MacOS .mobileconfig generator: #2110
iOS 14 and macOS Big Sur natively support DNS-over-HTTPS and DNS-over-TLS. However, it's not that simple to configure them — you need to install a special "configuration profile" for that. 🤯 In order to make things easier, AdGuard Home can generate these configuration profiles for you. Just head to "Setup Guide" -> "DNS Privacy" and scroll to iOS.
Binary transparency
AdGuard Home binaries are now signed with our GPG key and you can now easily verify that they really come from us: https://github.com/AdguardTeam/AdGuardHome/wiki/Verify-Releases
Other improvements
- Allow entering comments to the Upstreams box: #2083
- Load upstreams list from a file: #1680
- Add ARMv8 to future releases, potentially append a v8 binary to the most recent non-beta release: #2125
- Redesign query logs block/unblock buttons: #2050
- Treat entries starting with "/" as "://" under specific circumstances: #1950
- Use "Null IP" instead of NXDOMAIN by default: #1914
- Bootstrap with TCP upstreams: #1843
- Add block and unblock buttons to 'check the filtering' result: #1734
- ipset feature support: #1191
- Add Belarusian and Chinese Traditional HK languages: #2106
- Add new language: en-silk: #1796
- Use DOH or DOT as bootstrap: #960
Fixed
- Reverse lookups return empty answers for hosts from /etc/hosts: #2085
- Static lease hostnames are overridden by client-identifier: #2040
- Query log doesn't display name for blocked services: #2038
- Custom filter editor works with delay: #1657
- Incorrect link address: #2209
- Smartphone compatible design for user interface: #2152
- Misleading information during service installation: #2128
- Remove the limit on cache-min-ttl, 3600: #2094
- Cannot change minimum TTL override in UI: #2091
- Optical Issue on mobile phone: #2090
- Setting a large DNS Cache Size in the Web GUI will exceed the unit32 range.: #2056
- Clients requests aren't counted properly: #2037
- Publish privacy policy on front page (README.md): #1960
- Sorting various IP Address Columns in the UI (eg in dhcp static leases) does not sort correctly. They are treated as strings instead of numeric.: #1877
- Requests count for clients with CIDR IP addresses: #1824