- Property `type` of the `ratelimit` object has been moved to the underlying `allowlist` object. So replace this:
```yaml
ratelimit:
type: 'consul'
# …
allowlist:
# …
```
with this:
```yaml
ratelimit:
# …
allowlist:
type: 'consul'
# …
```
## AGDNS-2443 / Build 877
- The object `filters` has new properties: `ede_enabled`, and `sde_enabled`. So replace this:
```yaml
filters:
# …
```
with this:
```yaml
filters:
# …
ede_enabled: true
sde_enabled: true
```
## AGDNS-2456 / Build 873
- The environment variables `BACKEND_RATELIMIT_URL` and `BACKEND_RATELIMIT_API_KEY` have been added.
- Added the `type` property within the `ratelimit` object. So add it:
```yaml
ratelimit:
type: 'consul'
# …
```
## AGDNS-2431 / Build 872
- The objects `ratelimit.ipv4` and `ratelimit.ipv6` have been modified. Its `rps` properties have been replaced with the new properties `count` and `interval`. So replace this:
```yaml
ratelimit:
# …
ipv4:
rps: 30
ipv6:
rps: 300
```
with this:
```yaml
ratelimit:
# …
ipv4:
# …
count: 300
interval: 10s
ipv6:
# …
count: 3000
interval: 10s
```
Adjust the value and add new ones, if necessary.
## AGDNS-2457 / Build 871
- The environment variables `DNSCHECK_REMOTEKV_URL` and `DNSCHECK_REMOTEKV_API_KEY` have been added.
- The property `kv.type` within the `check` object now supports the `backend` value.
- The environment variable `PROFILES_MAX_RESP_SIZE` has been added. It sets the maximum size of the response from the profiles endpoint of the backend API. The default value is `8MB`.
## AGDNS-2427 / Build 854
- The environment variables `REDIS_ADDR`, `REDIS_KEY_PREFIX`, `REDIS_MAX_ACTIVE`, `REDIS_MAX_IDLE`, `REDIS_IDLE_TIMEOUT`, and `REDIS_PORT` have been added.
- The property `ttl` within the `check` is replaced by the object `kv` containing the previous `ttl` and the new property `type`. So replace this:
```yaml
check:
# …
ttl: 30s
```
with this:
```yaml
check:
kv:
type: 'consul'
ttl: 30s
# …
```
## AGDNS-2331 / Build 818
- Profile's file cache version was incremented. The new field `RateLimit` has been added to profile's object.
## AGDNS-2008 / Build 809
- The environment variables `WEB_STATIC_DIR` and `WEB_STATIC_DIR_ENABLED` have been added. If `WEB_STATIC_DIR_ENABLED` is set to `1`, `WEB_STATIC_DIR` must point to a directory, from which static files are served. The `web.static_content` property in the configuration file is also ignored when `WEB_STATIC_DIR_ENABLED` is set to `1`.
## AGDNS-2316 / Build 808
- The environment variables `BLOCKED_SERVICE_ENABLED`, `GENERAL_SAFE_SEARCH_ENABLED`, and `YOUTUBE_SAFE_SEARCH_ENABLED` have been added. If they are set to `0`, their corresponding `*_URL` environment variables can be empty.
## AGDNS-2312 / Build 807
- The environment variables `BILLSTAT_URL` and `PROFILES_URL` no longer required if there are no server groups with profiles enabled.
## AGDNS-2312 / Build 802
- The environment variables `ADULT_BLOCKING_ENABLED`, `NEW_REG_DOMAINS_ENABLED`, and `SAFE_BROWSING_ENABLED` have been added. If they are set to `0`, their corresponding `*_URL` environment variables can be empty.
## AGDNS-2302 / Build 801
- The environment variable `METRICS_NAMESPACE` has been added.
## AGDNS-2292 / Build 794
- The environment variable `PROFILES_ENABLED` has been removed.
- The objects within the `server_groups` array have a new property `profiles_enabled`. So replace this:
```yaml
server_groups:
- name: 'default'
# …
- name: 'client'
# …
```
with this:
```yaml
server_groups:
- name: 'default'
# …
profiles_enabled: false
- name: 'client'
# …
profiles_enabled: true
```
## AGDNS-2289 / Build 793
- The environment variable `FILTER_INDEX_URL` now accepts `file://` URIs to use local files as filtering-rule list indexes.
- All other `*_URL` environment variables are now validated to be HTTP(s) or gRPC(S) more strictly.
- The objects within the `server_groups` array had a change in their `block_page_redirect` configuration, it now supports arrays of IP addresses in `ipv4` and `ipv6` fields.
- Profile's file cache version was incremented. In case of `BlockingModeCustomIP` the `profile.blocking_mode` IPv4/IPv6 fields are now arrays of IP addresses.
- The querylog now has a new field, `"rn"`, which is a 16-bit unsigned random number. Field `"u"`, the unique request ID, is deprecated and may be removed in the future.
- The new environment variable `PROFILES_ENABLED` has been added. With `0` value it disables user profiles and devices recognition, and billing. Its default value is `1`. Adjust the value, if necessary.
- The property `upstream` has been modified. Its property `timeout` has been replaced with the new property `servers.timeout` for each server in the `servers` list. Concomitantly the `fallback.timeout` has been replaced with `fallback.servers.timeout` for each fallback server. The `fallback.servers` now supports not only the addresses of the servers, but URLs in the `[scheme://]ip:port` format like it's done with the main servers. So replace this:
- The property `upstream.server` has been removed. Its former content is moved to the newly added property `servers`, which now extended to contain a list of URLs of main upstream servers. So replace this:
- Metric `forward_request_total` has a new label `network`. This label describes the network type (`tcp` or `udp`), over which an upstream has finished processing request.
- The property `upstream.fallback` has been changed. Its former content is moved to the newly added property `servers`. The new property `timeout`, which describes query timeout to fallback servers, was added. So replace this:
Adjust the new values, if necessary. Note that the query timeout to fallback servers was previously defined with `upstream.timeout` property, which now describes the query timeout to the primary servers only.
-`ratelimit` configuration properties `back_off_count`, `back_off_duration` and `back_off_period` have been renamed to `backoff_count`, `backoff_duration` and `backoff_period`. So replace this:
- New configuration `access` has been added, it has an a list of AdBlock rules to block requests, and a lists of client subnets to block access from. Example configuration:
- The environment variable `PROFILES_CACHE_PATH` no longer supports JSON files. Use protobuf with `.pb` extension instead. The default value has been changed to `./profilecache.pb`.
- The optional property `bind_interfaces` of `server_groups.*.servers` objects has been changed, property `subnet` is now an array and has been renamed to `subnets`. So replace this:
- The configuration property `filtering_groups.safe_browsing` has been changed, new properties have been added: `block_dangerous_domains` and `block_newly_registered_domains`.
- New configuration `dnsdb` has been added, it has an enabled/disabled flag and the property `max_size` which describes the maximum amount of records in the in-memory buffer. Example configuration:
- Configuration properties `safe_browsing.url` and `adult_blocking.url` are now removed. Use newly added environment variables `ADULT_BLOCKING_URL` and `SAFE_BROWSING_URL`.
- The `filters` object has a new property, `max_size`, which describes the maximum size of the downloadable content for a rule-list in a human-readable format. Example configuration:
- The object `filters` has been changed. Two properties, `rule_list_cache_size` and `use_rule_list_cache` have been extracted to the new object `rule_list_cache` and renamed to `size` and `enabled`. So replace this:
- There is now a new env variable `RESEARCH_LOGS` that controls whether logging of additional info for research purposes is enabled. These log records can be filtered out by `research:` prefix. The default value is `0`, i.e. additional logging is disabled. The first thing that is logged in this version is domains which responses have ECH config. The log will only be recorded when both `RESEARCH_LOGS` and `RESEARCH_METRICS` are set to `1`.
- The object `cache` has a new property `ttl_override`. It describes the TTL override settings, such as the minimum TTL for cache items and the `enabled` switch. It overwrites the TTL from DNS response in case it's less than this minimum value. So replace this:
- The environment variable `PROFILES_CACHE_PATH` is now sensitive to the file extension. Use `.json` for the previous behavior of encoding the cache into a JSON file or `.pb` for encoding it into protobuf. Other extensions are invalid.
- The environment variable `PROFILES_CACHE_PATH` now has a new special value, `none`, which disables profile caching entirely. The default value of `./profilecache.json` has not been changed.
- The default behavior of the environment variable `DNSDB_PATH` has been changed. Previously, if the variable was unset then the default value, `./dnsdb.bolt`, was used, but if it was an empty string, DNSDB was disabled. Now both unset and empty value disable DNSDB, which is consistent with the documentation.
- There is now a new env variable `RESEARCH_METRICS` that controls whether collecting research metrics is enabled or not. Also, the first research metric is added: `dns_research_blocked_per_country_total`, it counts the number of blocked requests per country. Its default value is `0`, i.e. research metrics collection is disabled by default.
- There are two changes in the keys of the `static_content` map. Firstly, properties `allow_origin` and `content_type` are removed. Secondly, a new property, called `headers`, is added. So replace this:
- Added support for running a DoH3 server. No configuration changes are required to run it. If there was a DoH server configured, it will start listening for HTTP/3 connections on the same port where it listens for HTTP/2. Make sure that udp/443 is allowed in the iptables configuration on the server.
- The property `server` of `upstream` object has been changed. Now it is a URL optionally starting with `tcp://` or `udp://`, and then an address in `ip:port` format.
- The new object `upstream.healthcheck` now contains all healthcheck-related fields, including the new field `domain_template`. Property `upstream.healthcheck_backoff_time` has been moved to `upstream.healthcheck.backoff_duration`. So replace this:
- The object `upstream` has new properties, `healthcheck_enabled`, `healthcheck_interval`, `healthcheck_timeout`, and `healthcheck_backoff_time`. So replace this:
- The properties `subnet_key_ip_4_mask_len` and `subnet_key_ip_6_mask_len` of object `ratelimit` have been renamed to `ipv4_subnet_key_len` and `ipv6_subnet_key_len` correspondingly. So replace this:
- The objects within `server_groups` array had a change in their DDR configuration. There was an opinion that the previous configuration was too limiting and that denormalized configuration is more self-describing. So replace this:
It is empty by default. These values will be used for constructing a response for Discovery of Designated Resolvers. Empty value leads to a NODATA response. Adjust the new value, if necessary.
- The property `tls` of objects within the `server_groups.*.servers.*` array has been moved to the `server_group` object becoming common for the whole group. Any group having at least a single server of DoH/DoT/DoQ protocols will require the `tls` property specified. Any group having no encrypted resolvers will require the `tls` property absence. So replace this:
- Prometheus metric `dns_tls_handshake_total` has been updated with `server_name` label. This label represents "Server Name Indication" identifiers, grouped by endpoint identifier and known server names. All unknown server names are grouped in `other` label:
- The property `cache_size` of object `geoip` has been renamed to `ip_cache_size`. Also, a new property named `host_cache_size` has been added. So replace this:
- The new required environment variables `GENERAL_SAFE_SEARCH_URL` and `YOUTUBE_SAFE_SEARCH_URL` has been added. Those are expected to lead to plain text filters, for example:
- The environment variables `CONSUL_DNSCHECK_KV_URL` and `CONSUL_DNSCHECK_SESSION_URL` are now unset by default. Which means that by default HTTP key-value database isn't used.
- The objects within the `server_groups.*.servers` array have a new optional property, `linked_ip_enabled`. It is `false` by default. Set to `true` to enable linked IP address detection on that server:
- The property `device_id_wildcard_domains` in the objects within the `server_groups.*.servers` array has been renamed to the shorter `device_id_wildcards`.
- The objects within the `server_groups.*.servers` array have a new property, `tls.device_id_wildcard_domains`. It is an array of domain name wildcards used to detect device IDs. If necessary, add them:
- The new required environment variables `CONSUL_DNSCHECK_KV_URL` and `CONSUL_DNSCHECK_SESSION_URL` are added. They have no default value, so it's necessary to set them.
- The property `parental.safe_search` of objects within the `filtering_groups` array is renamed to `parental.general_safe_search` to synchronize it with the backend.
- The new environment variable `LOG_OUTPUT` has been added. It is the path to the plain text log file. If `stdout`, writes to standard output. If `stderr`, writes to standard error.
- The new environment variable `LOG_TIMESTAMP` has been added. When it is set to `1`, timestamps are shown in the plain text logs. When set to `0`, they are not shown.
- The objects within the `server_groups.*.servers` array have a new optional property in their `dnscrypt` objects, `inline`. Also, the property `config` is renamed to `config_path`. So replace this:
- The new environment variable `RULESTAT_URL` has been added. Its default value is an empty string, which means that no statistics are gathered. Adjust the value, if necessary.
- The objects `safe_browsing` and `adult_blocking` have four new properties, `cache_size`, `cache_ttl`, `refresh_interval`, and `url`. So replace this:
- The objects within the `filters.lists` array have a new property, `refresh_interval`. The property is only required when the property `url` is also set. So replace this:
