AdguardTeam/AdGuardHome v0.107.37 on GitHub

The summer has come and gone, leaving behind a decent harvest of long-awaited features and improvements, with a side order of bug fixes 🍇!

Service blocking pause schedule

Users can now easily set pauses for the service blocking filter. For example, you can block social networks throughout the day, but allow yourself 30 minutes after work.

While this feature has been in internal development for several months, in this release we are glad to finally present it in the web UI.

Fallback servers

Another long-awaited feature is the fallback servers, which are used when the main upstream DNS servers cannot be reached.

The syntax there is the same as for the main upstream input, so you can set different fallback servers for different domains.

Upstream statistics

Another feature related to DNS upstreams is the new upstream statistics shown on the dashboard.

These allow users to see which upstreams are faster than others, as well as which upstreams are being used the most.

Acknowledgements

A special thanks to our open-source contributor, @ssrahul96, as well as to everyone who filed and inspected issues, added translations, and helped us test this release!

Full changelog

See also the v0.107.37 GitHub milestone.

Security

Go version has been updated to prevent the possibility of exploiting the CVE-2023-39318, CVE-2023-39319, and CVE-2023-39320 Go vulnerabilities fixed in Go 1.20.8.

Added

AdBlock-style syntax support for ignored domains in logs and statistics (#5720).
Strict-Transport-Security header in the HTTP API and DNS-over-HTTPS responses when HTTPS is forced (#2998). See RFC 6797.
UI for the schedule of the service-blocking pause (#951).
IPv6 hints are now filtered in case IPv6 addresses resolving is disabled (#6122).
The ability to set fallback DNS servers in the configuration file and the UI (#3701).
While adding or updating blocklists, the title can now be parsed from ! Title: definition of the blocklist's source (#6020).
The ability to filter DNS HTTPS records including IPv4 and IPv6 hints (#6053).
Two new metrics showing total number of responses from each upstream DNS server and their average processing time in the Web UI (#1453).
The ability to set the port for the pprof debug API, see configuration changes below.

Changed

$dnsrewrite rules containing IPv4-mapped IPv6 addresses are now working consistently with legacy DNS rewrites and match the AAAA requests.
For non-A and non-AAAA requests, which has been filtered, the NODATA response is returned if the blocking mode isn't set to Null IP. In previous versions it returned NXDOMAIN response in such cases.

Configuration Changes

In this release, the schema version has changed from 24 to 27.

Ignore rules blocking . in querylog.ignored and statistics.ignored have been migrated to AdBlock syntax (|.^). To rollback this change, restore the rules and change the schema_version back to 26.

Filtering-related settings have been moved from dns section of the YAML configuration file to the new section filtering:

# BEFORE:
'dns':
    'filtering_enabled': true
    'filters_update_interval': 24
    'parental_enabled': false
    'safebrowsing_enabled': false
    'safebrowsing_cache_size': 1048576
    'safesearch_cache_size': 1048576
    'parental_cache_size': 1048576
    'safe_search':
        'enabled': false
        'bing': true
        'duckduckgo': true
        'google': true
        'pixabay': true
        'yandex': true
        'youtube': true
    'rewrites': []
    'blocked_services':
        'schedule':
            'time_zone': 'Local'
        'ids': []
    'protection_enabled':        true,
    'blocking_mode':             'custom_ip',
    'blocking_ipv4':             '1.2.3.4',
    'blocking_ipv6':             '1:2:3::4',
    'blocked_response_ttl':      10,
    'protection_disabled_until': 'null',
    'parental_block_host':       'p.dns.adguard.com',
    'safebrowsing_block_host':   's.dns.adguard.com'

# AFTER:
'filtering':
    'filtering_enabled': true
    'filters_update_interval': 24
    'parental_enabled': false
    'safebrowsing_enabled': false
    'safebrowsing_cache_size': 1048576
    'safesearch_cache_size': 1048576
    'parental_cache_size': 1048576
    'safe_search':
        'enabled': false
        'bing': true
        'duckduckgo': true
        'google': true
        'pixabay': true
        'yandex': true
        'youtube': true
    'rewrites': []
    'blocked_services':
        'schedule':
            'time_zone': 'Local'
        'ids': []
    'protection_enabled':        true,
    'blocking_mode':             'custom_ip',
    'blocking_ipv4':             '1.2.3.4',
    'blocking_ipv6':             '1:2:3::4',
    'blocked_response_ttl':      10,
    'protection_disabled_until': 'null',
    'parental_block_host':       'p.dns.adguard.com',
    'safebrowsing_block_host':   's.dns.adguard.com',

To rollback this change, remove the new object filtering, set back filtering properties in dns section, and change the schema_version back to 25.

Property debug_pprof which used to setup profiling HTTP handler, is now moved to the new pprof object under http section. The new object contains properties enabled and port:
```
# BEFORE:
'debug_pprof': true

# AFTER:
'http':
    'pprof':
        'enabled': true
        'port': 6060
```
Note that the new default 6060 is used as default. To rollback this change, remove the new object pprof, set back debug_pprof, and change the schema_version back to 24.

Fixed

Incorrect display date on statistics graph (#5793).
Missing query log entries and statistics on service restart (#6100).
Occasional DNS-over-QUIC and DNS-over-HTTP/3 errors (#6133).
Legacy DNS rewrites containing IPv4-mapped IPv6 addresses are now matching the AAAA requests, not A (#6050).
File log configuration, such as max_size, being ignored (#6093).
Panic on using a single-slash filtering rule.
Panic on shutting down while DNS requests are in process of filtering (#5948).

AdguardTeam/AdGuardHome v0.107.37 AdGuard Home v0.107.37 on GitHub