AdGuard DNS CLI v0.1.1

It seems we got a little too excited about all that new project name business, and as a result, we made a major mistake. The previous version of AdGuard DNS CLI can’t be installed on Linux systems with systemd service manager. This version contains a hotfix for this issue.

Full changelog

See also the v0.1.1 GitHub milestone.

Fixed

• Service installation issues due to a service unit file name (#13).

AdGuard DNS CLI v0.1.0

This is not your regular update — no fixes, schema version increments, or configuration changes. Instead, we changed the name of the project itself! It is now called AdGuard DNS CLI. But even under these unusual circumstances, we would never skimp on security!

‼️ Please, pay close attention to the changelog! Your existing MSI and service installations will not work, so follow the reinstallation guide below.

Full changelog

See also the v0.1.0 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.25.7.

Changed

• The project name has been changed from "AdGuard DNS Client" to "AdGuard DNS CLI".

  [!WARNING]
  This is a breaking change for existing MSI installations as well as for service installations, so those should be manually uninstalled before installing the new version.

  1. Make a backup of the existing configuration file (if any).

  2. Uninstall the AdGuard DNS Client:

     • To uninstall the existing MSI installation, use the original .msi installer with "Uninstall" option or the "Add or Remove Programs" control panel.

     • To uninstall the existing service, use the AdGuardDNSClient executable with the following command:

       ./AdGuardDNSClient -s uninstall

  3. Install the AdGuard DNS CLI.

  4. Restore the configuration file (if any).

AdGuardDNS Client v0.0.4

Don't you hate it when your cache gets poisoned? No more — in this update, we have fixed the vulnerability that was making AdGuard DNS Client susceptible to cache poisoning attacks.

A special thanks to Xiang Li for reporting the vulnerability, our community moderators team, as well as to everyone who filed and inspected issues and helped us test this release!

See also the v0.0.4 GitHub milestone.

Security

• Any simultaneous requests that are considered duplicates will now only result in a single request to upstreams, reducing the chance of a cache poisoning attack succeeding. This is controlled by the new configuration object dns.server.pending_requests, which has a single enabled property, set to true by default.

  NOTE: We thank Xiang Li for reporting this security issue. It's strongly recommended to leave it enabled, otherwise AdGuardDNS Client will be vulnerable to untrusted clients.

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in Go 1.24.2.

Changed

Configuration changes

In this release, the schema version has changed from 2 to 3.

• The new object pending_requests has been added to the dns.server object.

  # BEFORE:
  dns:
      server:
          # …
      # …
  # …
  schema_version: 2
  
  # AFTER:
  dns:
      server:
          pending_requests:
              enabled: true
          # …
      # …
  # …
  schema_version: 3

To rollback this change, remove the dns.server.pending_requests object and set the schema_version to 2.

AdGuardDNS Client v0.0.3

DNS privacy is no laughing matter; that’s why we took this update of AdGuard DNS Client extremely seriously. Without fooling around, we’ve updated Go version to shore up potential vulnerabilities, fixed a few bugs, and — no joke — improved the stability of the app.

See also the v0.0.3 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in Go 1.24.1.

Changed

Configuration changes

In this release, the schema version has changed from 1 to 2.

• The new object bind_retry has been added to the dns.server object.

  # BEFORE:
  dns:
      server:
          # …
      # …
  # …
  schema_version: 1
  
  # AFTER:
  dns:
      server:
          bind_retry:
              enabled: true
              interval: 1s
              count: 4
          # …
      # …
  # …
  schema_version: 2

To rollback this change, remove the dns.server.bind_retry object and set the schema_version to 1.

Fixed

• Failed binding to listen addresses when installed as Windows service (#11).

AdGuardDNS Client v0.0.2

We hear some people say that our changelogs aren't very exciting; we'd like to dispel that myth. In this update of AdGuardDNS Client, you'll find one regular bugfix, several security bugfixes, and even one bugfix/workaround specifically for macOS! And if that's somehow not enough, we even added a full-scale ARM64 Windows support.

See also the v0.0.2 GitHub milestone.

Security

• Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in Go 1.23.3.

Added

• MSI installer for the ARM64 architecture in addition to the existing x86 and x64 installers.

Changed

• Path to the executable is now validated when the application installs itself as a launchd service on macOS (#2).

Fixed

• The syslog log output on macOS (#3).

  NOTE: The implementation is actually a workaround for a known Go issue, and uses the /usr/bin/logger utility. This approach is suboptimal and will be improved once the Go issue is resolved.

• DNS proxy logs being written to stderr instead of log.output (#1).

AdGuardDNS Client v0.0.1

Need encrypted DNS on devices without native support? Meet AdGuard DNS Client, our new tool that allows you to manage DNS settings for any number of devices from one computer. Give it a try and tell us what you think. Your feedback is always welcome!