Merge pull request #566 from a1346054/fixes

Simple maintenance improvements
2026-02-15 07:26:03 +00:00 · 2021-09-16 11:52:28 +02:00
parent 11bde099eb 93a501ab1b
commit 73a7b00534
28 changed files with 86 additions and 87 deletions
--- a/README.md
+++ b/README.md
@@ -19,9 +19,9 @@ To add a new link on the navigation panel you need to edit the `mkdocs.yml` file
 To add a new document or guide.

 - Navigate to the directory where it will be hosted.
-    EG. guides are in `docs/guides`
+    E.g. guides are in `docs/guides`
 - Create the file using a URL friendly filename.
-    EG. `docs/guides/url-friendly.md`
+    E.g. `docs/guides/url-friendly.md`
 - Edit your document using Markdown, there are loads of resources available for the correct syntax.

 ### Testing your changes
--- a/docs/ftldns/compile.md
+++ b/docs/ftldns/compile.md
@@ -63,7 +63,7 @@ cmake ..
 cmake --build . -- -j $(nproc)
 ```

-Note that both ways are exactly equivalent and that you do not need `root` priviledges here.
+Note that both ways are exactly equivalent and that you do not need `root` privileges here.

 ## Install the new binary system-wide

--- a/docs/ftldns/configfile.md
+++ b/docs/ftldns/configfile.md
@@ -70,7 +70,7 @@ This is following the recommendation on [https://support.mozilla.org/en-US/kb/co

 #### `MAXLOGAGE=24.0` {#maxlogage data-toc-label='Max Log Age'}

-Up to how many hours of queries should be imported from the database and logs? Values greater than the hard-coded maximum of 24h need a locally compiled  `FTL` with a changed compile-time value.
+Up to how many hours of queries should be imported from the database and logs? Values greater than the hard-coded maximum of 24h need a locally compiled `FTL` with a changed compile-time value.

 #### `PRIVACYLEVEL=0|1|2|3` {#privacylevel data-toc-label='Privacy Level'}

@@ -83,7 +83,7 @@ Should `FTL` ignore queries coming from the local machine?

 #### `AAAA_QUERY_ANALYSIS=yes|no` {#aaaa_query_analysis data-toc-label='AAAA Query Analysis'}

-Should FTL analyze `AAAA` queries? The DNS server will handle `AAAA` queries the same way, reglardless of this setting. All this does is ignoring `AAAA` queries when computing the statistics of Pi-hole. This setting is considered obsolete and will be removed in a future version.
+Should FTL analyze `AAAA` queries? The DNS server will handle `AAAA` queries the same way, regardless of this setting. All this does is ignoring `AAAA` queries when computing the statistics of Pi-hole. This setting is considered obsolete and will be removed in a future version.

 #### `ANALYZE_ONLY_A_AND_AAAA=false|true` {#analyze_only_a_and_aaaa data-toc-label='Analyze A and AAAA Only'}

@@ -160,7 +160,7 @@ With this option, you can change how (and if) hourly PTR requests are made to ch
 - `REFRESH_HOSTNAMES=ALL` - Do the hourly PTR lookups for all addresses
   This is the same as what we're doing with FTL v5.3(.1). This can create a lot of PTR queries for those with many IPv6 addresses in their networks.
 - `REFRESH_HOSTNAMES=UNKNOWN` - Only resolve unknown hostnames
-   Already existing hostnames are never refreshedi, i.e., there will be no PTR queries made for clients where hostnames are known. This also means that known hostnames will not be updated once known.
+   Already existing hostnames are never refreshed, i.e., there will be no PTR queries made for clients where hostnames are known. This also means that known hostnames will not be updated once known.
 - `REFRESH_HOSTNAMES=NONE` - Don't do any hourly PTR lookups
   This means we look host names up exactly once (when we first see a client) and never again. You may miss future changes of host names.

--- a/docs/ftldns/dns-cache.md
+++ b/docs/ftldns/dns-cache.md
@@ -20,7 +20,7 @@ This information may also be queried using `dig +short chaos txt cachesize.bind`

 The cache size is set in `/etc/dnsmasq.d/01-pihole.conf`. However, note that this setting does not survive Pi-hole updates. If you want to change the cache size permanently, add a setting

-``` plain
+```plain
 CACHE_SIZE=12345
 ```

--- a/docs/ftldns/interfaces.md
+++ b/docs/ftldns/interfaces.md
@@ -32,7 +32,7 @@ By default, FTL binds the wildcard address, even when it is listening on only so

 If this is not what you want, you can add the option

-``` plain
+```plain
 bind-interfaces
 ```

--- a/docs/ftldns/signals.md
+++ b/docs/ftldns/signals.md
@@ -37,7 +37,7 @@ Real-time signals are not guaranteed to have the same number on all operating sy

 Real-time signal can always be executed relative to the first (= minimum) real-time signal just like (for real-time signal 0):

-``` bash
+```bash
 sudo pkill -SIGRTMIN+0 pihole-FTL
 ```

--- a/docs/ftldns/valgrind.md
+++ b/docs/ftldns/valgrind.md
@@ -1,6 +1,6 @@
 # Debugging FTLDNS using `valgrind`

-Ocassionally, debugging may require us to run `pihole-FTL` in `valgrind`. We also use it to measure performance and check that our memory layout is optimal (= minimal footprint).
+Occasionally, debugging may require us to run `pihole-FTL` in `valgrind`. We also use it to measure performance and check that our memory layout is optimal (= minimal footprint).

 `Valgrind` is a flexible program for debugging and profiling Linux executables. It consists of a core, which provides a synthetic CPU in software, and a series of debugging and profiling tools.

@@ -25,13 +25,13 @@ Make sure to terminate any existing FTL process before starting FTL inside `valg

 You have to stop the regular `pihole-FTL` process before starting a `valgrind` debugging session:

-``` bash
+```bash
 sudo service pihole-FTL stop
 ```

 Furthermore, you'll have to strip the networking capabilities from the binary using:

-``` bash
+```bash
 sudo setcap -r /usr/bin/pihole-FTL
 ```

@@ -165,7 +165,7 @@ Usually the GNU C library (`libc.so`) doesn't bother to free that memory when th

 This, and similar, loss record can safely be ignored.

-For performance reasons, we keep a few prepared SQL statement always ready for execution in the main thread. However, this has the disadvatage that forks will inherit them. As [it is not safe](https://www.sqlite.org/howtocorrupt.html) to use a database connection across forks, we discard the open connection and open a new one. This will inevitably lead to a memory loss, however, the SQLite3 engine is not able to handle this any better.
+For performance reasons, we keep a few prepared SQL statement always ready for execution in the main thread. However, this has the disadvantage that forks will inherit them. As [it is not safe](https://www.sqlite.org/howtocorrupt.html) to use a database connection across forks, we discard the open connection and open a new one. This will inevitably lead to a memory loss, however, the SQLite3 engine is not able to handle this any better.

 As forking relies on [copy-on-write](https://en.wikipedia.org/wiki/Copy-on-write), this does not *actually* lead to a memory wasting as the resource will be shared between the fork and the original process. Furthermore, TCP workers are typically rare and short-lived so this leak isn't anything we are too worried about.

--- a/docs/guides/dns/cloudflared.md
+++ b/docs/guides/dns/cloudflared.md
@@ -46,7 +46,7 @@ sudo chmod +x /usr/local/bin/cloudflared
 cloudflared -v
 ```

-Note: Users [have reported](https://github.com/cloudflare/cloudflared/issues/38) that the current version of cloudflared produces a segementation fault error on Raspberry Pi Zero W, Model 1B and 2B. As a workaround you can use an older version provided at <https://bin.equinox.io/a/4SUTAEmvqzB/cloudflared-2018.7.2-linux-arm.tar.gz> instead.
+Note: Users [have reported](https://github.com/cloudflare/cloudflared/issues/38) that the current version of cloudflared produces a segmentation fault error on Raspberry Pi Zero W, Model 1B and 2B. As a workaround you can use an older version provided at <https://bin.equinox.io/a/4SUTAEmvqzB/cloudflared-2018.7.2-linux-arm.tar.gz> instead.

 #### arm64 architecture (64-bit Raspberry Pi)

@@ -218,7 +218,7 @@ cloudflared -v
 sudo systemctl status cloudflared
 ```

-#### If you configued cloudflared via `service install`
+#### If you configured cloudflared via `service install`

 If you configured `cloudflared` using their `service install` command, then you can use the built in update command.

--- a/docs/guides/dns/unbound.md
+++ b/docs/guides/dns/unbound.md
@@ -169,7 +169,7 @@ It instructs `resolvconf` to write `unbound`'s own DNS service at `nameserver 12
 That `/etc/resolv.conf` file is used by local services/processes to determine DNS servers configured.
 If you configured `/etc/dhcpcd.conf` with a `static domain_name_servers=` line, these DNS server(s) will be ignored/overruled by this service.

-To check if this service is enabled for your distribution, run below one and take note of the the `Active` line.
+To check if this service is enabled for your distribution, run below one and take note of the `Active` line.
 It will show either `active` or `inactive` or it might not even be installed resulting in a `could not be found` message:

 ```bash
--- a/docs/guides/vpn/openvpn/client.ovpn
+++ b/docs/guides/vpn/openvpn/client.ovpn
@@ -50,7 +50,7 @@ cert /home/dl6er/openvpn/client.crt
 key /home/dl6er/openvpn/client.key

 # Verify server certificate by checking that the
-# certicate has the correct key usage set.
+# certificate has the correct key usage set.
 # This is an important precaution to protect against
 # a potential attack discussed here:
 #  http://openvpn.net/howto.html#mitm
--- a/docs/guides/vpn/wireguard/client.md
+++ b/docs/guides/vpn/wireguard/client.md
@@ -6,7 +6,7 @@ For each new client, the following steps must be taken. For the sake of simplici

 <!-- markdownlint-disable code-block-style -->
 ??? info "All commands described below at once"
-    ``` bash
+    ```bash
    sudo -i
    cd /etc/wireguard
    umask 077
@@ -40,7 +40,7 @@ For each new client, the following steps must be taken. For the sake of simplici

 We generate a key-pair for the client `NAME` (replace accordingly everywhere below):

-``` bash
+```bash
 sudo -i
 cd /etc/wireguard
 umask 077
@@ -52,7 +52,7 @@ wg genkey | tee "${name}.key" | wg pubkey > "${name}.pub"

 We furthermore recommend generating a pre-shared key (PSK) in addition to the keys above. This adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography and is mainly for post-quantum resistance. A pre-shared key should be generated for each peer pair and *should not be reused*.

-``` bash
+```bash
 wg genpsk > "${name}.psk"
 ```

@@ -60,7 +60,7 @@ wg genpsk > "${name}.psk"

 Add the new client by running the command:

-``` bash
+```bash
 echo "[Peer]" >> /etc/wireguard/wg0.conf
 echo "PublicKey = $(cat "${name}.pub")" >> /etc/wireguard/wg0.conf
 echo "PresharedKey = $(cat "${name}.psk")" >> /etc/wireguard/wg0.conf
@@ -74,13 +74,13 @@ echo "AllowedIPs = 10.100.0.2/32, fd08:4711::2/128" >> /etc/wireguard/wg0.conf

 Restart your server to load the new client config:

-``` bash
+```bash
 systemctl restart wg-quick@wg0
 ```

 After a restart, the server file should look like:

-``` plain
+```plain
 [Interface]
 Address = 10.100.0.1/24, fd08::1/128
 ListenPort = 47111
@@ -97,13 +97,13 @@ AllowedIPs = 10.100.0.2/32, fd08:4711::2/128

 The command

-``` bash
+```bash
 wg
 ```

 should tell you about your new client:

-``` plain
+```plain
 interface: wg0
  public key: XYZ123456ABC=          ⬅ Your server's public key will be different
  private key: (hidden)
@@ -118,7 +118,7 @@ peer: F+80gbmHVlOrU+es13S18oMEX2g=   ⬅ Your peer's public key will be differen

 Create a dedicated config file for your new client:

-``` bash
+```bash
 echo "[Interface]" > "${name}.conf"
 echo "Address = 10.100.0.2/32, fd08:4711::2/128" >> "${name}.conf" # May need editing
 echo "DNS = 10.100.0.1" >> "${name}.conf"                          # Your Pi-hole's IP
@@ -126,13 +126,13 @@ echo "DNS = 10.100.0.1" >> "${name}.conf"                          # Your Pi-hol

 and add the private key of this client

-``` bash
+```bash
 echo "PrivateKey = $(cat "${name}.key")" >> "${name}.conf"
 ```

 Next, add your server as peer for this client:

-``` plain
+```plain
 [Peer]
 AllowedIPs = 10.100.0.0/24, fd08::/64
 Endpoint = [your public IP or domain]:47111
@@ -141,7 +141,7 @@ PersistentKeepalive = 25

 Then add the public key of the server as well as the PSK for this connection:

-``` bash
+```bash
 echo "PublicKey = $(cat server.pub)" >> "${name}.conf"
 echo "PresharedKey = $(cat "${name}.psk")" >> "${name}.conf"
 exit
@@ -157,7 +157,7 @@ That's it.

    When this option is enabled, a keepalive packet is sent to the server endpoint once every interval seconds. A sensible interval that works with a wide variety of firewalls is `25` seconds. Setting it to 0 turns the feature off, which is the default.

-    Handshakes are not the same as keep-alives. A handshake establishes a limited-time session of about 3 minutes. So, for about 3 minutes your client is able to send its keep-alive packets without requireing a new session. Then, when the session expires, sending a new keep-alive requires a new session for which you should see a new handshake. In practice, the client initiates a handshake earlier.
+    Handshakes are not the same as keep-alives. A handshake establishes a limited-time session of about 3 minutes. So, for about 3 minutes your client is able to send its keep-alive packets without requiring a new session. Then, when the session expires, sending a new keep-alive requires a new session for which you should see a new handshake. In practice, the client initiates a handshake earlier.

    **TL;DR** If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent, this option will keep the "connection" open in the eyes of NAT.
 <!-- markdownlint-disable code-block-style -->
@@ -166,7 +166,7 @@ That's it.

 You can now copy the configuration file to your client (if you created the config on the server). If the client is a mobile device such as a phone, `qrencode` can be used to generate a scanable QR code:

-``` bash
+```bash
 sudo qrencode -t ansiutf8 -r "/etc/wireguard/${name}.conf"
 ```

@@ -180,13 +180,13 @@ After creating/copying the connection information over to your client, you may u

 You can check if your client successfully connected by, once again, running

-``` bash
+```bash
 sudo wg
 ```

 on the server. It should show some traffic for your client if everything works:

-``` plain
+```plain
 interface: wg0
  public key: XYZ123456ABC=          ⬅ Your server's public key will be different
  private key: (hidden)
--- a/docs/guides/vpn/wireguard/faq.md
+++ b/docs/guides/vpn/wireguard/faq.md
@@ -9,13 +9,13 @@ Hostnames cannot be resolved during startup. This may lead to a five minutes del

 If the IP changes while the connection is running, resolving the new IP address fails often. Reconnect using

-``` bash
+```bash
 sudo ifdown wg0 && sudo ifup wg0
 ```

 To achieve a permanent solution, one can install a `cron` job which restarts the connection automatically whenever a change is detected. This avoids excessive restarts of the interface. Example script (taken from [Ubuntuusers Wiki](https://wiki.ubuntuusers.de/WireGuard)):

-``` bash
+```bash
 #!/bin/bash
 # Check state of wg0 interface
 wgstatus=$(wg)
@@ -42,11 +42,11 @@ fi

 Store this file as `/home/[user name]/wg-restart.sh` and add it to your `crontab`:

-``` bash
+```bash
 sudo crontab -e
 ```

-``` plain
+```plain
 */10 * * * * bash /home/[user name]/wg-restart.sh    # Runs the script every 10 minutes
 ```

@@ -54,7 +54,7 @@ sudo crontab -e

 Users of NetworkManager should make sure that it is not managing the WireGuard interface(s). For example, create the configuration file `/etc/NetworkManager/conf.d/unmanaged.conf` with content

-``` bash
+```bash
 [keyfile]
 unmanaged-devices=interface-name:wg*
 ```
@@ -77,7 +77,7 @@ The solution is to use networking software that supports `resolvconf`.

 Due to too low MTU (lower than 1280), `wg-quick` may fail to create the WireGuard interface. This can be solved by setting the MTU value in WireGuard configuration in the Interface section on the client:

-``` bash
+```bash
 [Interface]
 MTU = 1500
 ```
@@ -88,7 +88,7 @@ MTU = 1500

 If, e.g., after reboot, the `wg0` interface isn't up before Pi-hole is ready (more precisely, the `pihole-FTL` service is started), you may experience that Pi-hole doesn't listen on the Wireguard interface. This can be mitigated by artificially delaying the start of Pi-hole using, e.g., the config option

-``` plain
+```plain
 DELAY_STARTUP=5
 ```

--- a/docs/guides/vpn/wireguard/internal.md
+++ b/docs/guides/vpn/wireguard/internal.md
@@ -4,7 +4,7 @@

 Enable IP forwarding on your server by removing the comments in front of

-``` plain
+```plain
 net.ipv4.ip_forward = 1
 net.ipv6.conf.all.forwarding = 1
 ```
@@ -13,13 +13,13 @@ in the file `/etc/sysctl.d/99-sysctl.conf`

 Then apply the new option with the command below.

-``` bash
+```bash
 sudo sysctl -p
 ```

 If you see the options repeated like

-``` plain
+```plain
 net.ipv4.ip_forward = 1
 net.ipv6.conf.all.forwarding = 1
 ```
@@ -49,7 +49,7 @@ The rules will then be cleared once the tunnel is down.

 <!-- markdownlint-disable code-block-style -->
 ??? info "Exemplary server config file with this change"
-    ``` plain
+    ```plain
    [Interface]
    PrivateKey = [your server's private key]
    Address = [Wireguard-internal IPs of the server, e.g. 10.100.0.1/24, fd08:4711::1/64]
@@ -73,7 +73,7 @@ The rules will then be cleared once the tunnel is down.

 In our standard configuration, we have configured the clients in such a way that they can only speak to the server. Add the network range of your local network in CIDR notation (e.g., `192.168.2.1 - 192.168.2.254` -> `192.168.2.0/24`) in the `[Peers]` section of all clients you want to have this feature:

-``` plain
+```plain
 [Peer]
 AllowedIPs = 10.0.0.0/24, fd08:4711::/64, 192.168.2.0/24
 ```
@@ -82,7 +82,7 @@ It is possible to add this only for a few clients, leaving the others isolated t

 <!-- markdownlint-disable code-block-style -->
 ??? info "Exemplary client config file with this change"
-    ``` plain
+    ```plain
    [Interface]
    PrivateKey = [your client's private key]
    Address = [Wireguard-internal IPs of your client, e.g. 10.100.0.2/32, fd08:4711::2/128]
--- a/docs/guides/vpn/wireguard/route-everything.md
+++ b/docs/guides/vpn/wireguard/route-everything.md
@@ -16,13 +16,13 @@ Rerouting the Internet traffic through your Pi-hole will furthermore cause all o

 To route all traffic through the tunnel to a specific peer, add the default route (`0.0.0.0/0` for IPv4 and `::/0`for IPv6) to `AllowedIPs` in the `[Peer]` section of your clients's WireGuard config files:

-``` plain
+```plain
 AllowedIPs = 0.0.0.0/0, ::/0
 ```

 <!-- markdownlint-disable code-block-style -->
 ??? info "Exemplary client config file with this change"
-    ``` plain
+    ```plain
    [Interface]
    PrivateKey = [your client's private key]
    Address = [Wireguard-internal IPs of your client, e.g. 10.100.0.2/32, fd08:4711::2/128]
--- a/docs/guides/vpn/wireguard/server.md
+++ b/docs/guides/vpn/wireguard/server.md
@@ -111,13 +111,13 @@ wg genkey | tee server.key | wg pubkey > server.pub

 Create a config file

-``` bash
+```bash
 sudo nano /etc/wireguard/wg0.conf
 ```

 and put the following into it:

-``` plain
+```plain
 [Interface]
 Address = 10.100.0.1/24, fd08:4711::1/64
 ListenPort = 47111
@@ -125,7 +125,7 @@ ListenPort = 47111

 Then run

-``` bash
+```bash
 echo "PrivateKey = $(cat server.key)" >> /etc/wireguard/wg0.conf
 exit # Exit the sudo session
 ```
@@ -177,7 +177,7 @@ You can either use the methods the corresponding providers recommend or use exis

 Register your server `wg0` as:

-``` bash
+```bash
 sudo systemctl enable wg-quick@wg0.service
 sudo systemctl daemon-reload
 sudo systemctl start wg-quick@wg0
@@ -189,14 +189,14 @@ If successful, you should not see any output.
 ??? warning "Error: RTNETLINK answers: Operation not supported"
    In case you get an error like

-    ``` plain
+    ```plain
    RTNETLINK answers: Operation not supported
    Unable to access interface: Protocol not supported
    ```

    you should check that the WireGuard kernel module is loaded with the command below:

-    ``` bash
+    ```bash
    sudo modprobe wireguard
    ```

@@ -205,7 +205,7 @@ If successful, you should not see any output.
 ??? warning "Error: RTNETLINK answers: File exists"
    In case you get an error like

-    ``` plain
+    ```plain
    RTNETLINK answers: File exists
    ```

@@ -217,13 +217,13 @@ If successful, you should not see any output.

 With the following command, you can check if your `wireguard` server is running:

-``` bash
+```bash
 sudo wg
 ```

 The output should look like the following:

-``` plain
+```plain
 interface: wg0
  public key: XYZ123456ABC=   ⬅ Your public key will be different
  private key: (hidden)
--- a/docs/guides/webserver/caddy.md
+++ b/docs/guides/webserver/caddy.md
@@ -53,7 +53,7 @@ myawesomesite.com {
 }
 ```

-Additionally you can make pihole reacheable via a subdomain and optionally can you enable Zstandard and Gzip compression as follows:
+Additionally you can make pihole reachable via a subdomain and optionally can you enable Zstandard and Gzip compression as follows:

 ```
 pihole.myawesomesite.com {
--- a/docs/index.md
+++ b/docs/index.md
--- a/docs/main/contact.md
+++ b/docs/main/contact.md
--- a/docs/main/coverage.md
+++ b/docs/main/coverage.md
--- a/docs/main/origins.md
+++ b/docs/main/origins.md
--- a/docs/main/prerequisites.md
+++ b/docs/main/prerequisites.md
@@ -66,7 +66,7 @@ Due to the complexity of different ways of setting an IP address across differen

 !!! info
    The use of lighttpd on port _80_ is optional if you decide not to install the Web dashboard during installation.
-    The use of pihole-FTL  on ports _67_ or _547_ is optional, but required if you use the DHCP functions of Pi-hole.
+    The use of pihole-FTL on ports _67_ or _547_ is optional, but required if you use the DHCP functions of Pi-hole.

 ### Firewalls

--- a/docs/main/projects.md
+++ b/docs/main/projects.md
--- a/docs/regex/approximate.md
+++ b/docs/regex/approximate.md
@@ -91,7 +91,7 @@ This sets the cost of an insertion to two, a deletion to one, a substitution to

 Example 2: `{+2-5#6, 2i + 1d + 2s < 5 }`

-This sets the cost of an insertion to two, a deletion to one, a substitution to two, and the maximum cost to five. Furthermore, it allows only up to 2 insertions (coming at a total cost of 4), five deletions and up to 6 substitutions. As six substitutions would come at a cost of `6*2 = 12`, exeeding the total allowed costs of 5, they cannot all be realized.
+This sets the cost of an insertion to two, a deletion to one, a substitution to two, and the maximum cost to five. Furthermore, it allows only up to 2 insertions (coming at a total cost of 4), five deletions and up to 6 substitutions. As six substitutions would come at a cost of `6*2 = 12`, exceeding the total allowed costs of 5, they cannot all be realized.


 {!abbreviations.md!}
--- a/docs/regex/overview.md
+++ b/docs/regex/overview.md
@@ -26,7 +26,7 @@ The first command is to be preferred as it ensures that the DNS cache itself rem

 To ease the usage of regular expression filters in *FTL*DNS, we offer a regex debugging mode. Set

-``` plain
+```plain
 DEBUG_REGEX=true
 ```

--- a/docs/regex/pi-hole.md
+++ b/docs/regex/pi-hole.md
@@ -6,19 +6,19 @@ You can amend the regular expressions by special keywords added at the end to fi

 Example:

-``` plain
+```plain
 abc;querytype=AAAA
 ```

 will block

-``` bash
+```bash
 dig AAAA abc
 ```

 but not

-``` bash
+```bash
 dig A abc
 ```

@@ -27,15 +27,15 @@ This allows you to do query type based black-/whitelisting.
 Some user-provided examples are:

 - `.*;querytype=!A`
-  
+
    A regex blacklist entry for blocking `AAAA` (in fact, everything else than `A`, call it "anti-`A`") requests for all clients assigned to the same group. This has been mentioned to be benefitial for devices like Chromecast. You may want to fine-tune this further to specific domains.

 - `.*;querytype=PTR`
-  
+
    A regex whitelist entry used to permit `PTR` lookups with the above "anti-`A`" regex

 - `.*;querytype=ANY`
-  
+
    A regex blacklist entry to block `ANY` request network wide.

 ## Invert matching
@@ -44,13 +44,13 @@ Sometimes, it may be useful to be able to invert a regular expression altogether

 For instance,

-``` plain
+```plain
 ^abc$;querytype=AAAA;invert
 ```

 will not block `abc` with type `AAAA` (but everything else) for the clients assigned to the same groups. This inversion is independent for the query type, e.g.

-``` plain
+```plain
 ^abc$;invert
 ```

@@ -74,21 +74,21 @@ Only one option should be specified. An exception to this rule are the last two

 - IPv4 only:

-  ``` plain
+  ```plain
  myregex;reply=1.2.3.4
  ```

  will result in `A 1.2.3.4` and `AAAA ::`
 - IPv6 only:

-  ``` plain
+  ```plain
  myregex;reply=fe80::1234
  ```

  will result in `A 0.0.0.0` and `AAAA fe80:1234`
 - IPv4 and IPv6:

-  ``` plain
+  ```plain
  myregex;reply=1.2.3.4;reply=fe80::1234
  ```

@@ -96,15 +96,15 @@ Only one option should be specified. An exception to this rule are the last two

 ## Comments

-You can specify comments withing your regex using the syntax
+You can specify comments within your regex using the syntax

-``` plain
+```plain
 (?#some comment here)
 ```

 The comment can contain any characters except for a closing parenthesis `)` (for the sole reason being the terminating element). The text in the comment is completely ignored by the regex parser and it used solely for readability purposes.

-``` plain
+```plain
 $ pihole-FTL regex-test "doubleclick.net" "(^|\.)doubleclick\.(?#TODO: We need to maybe support more than just .net here)net$"

 FTL Regex test:
@@ -124,17 +124,17 @@ A back reference is a backslash followed by a single non-zero decimal digit `d`.

 Example:

-``` plain
+```plain
 "cat.foo.dog---cat%dog!foo" is matched by "(cat)\.(foo)\.(dog)---\1%\3!\2"
 ```

 Another (more complex example is):

-``` plain
+```plain
 (1234|4321)\.(foo)\.(dog)--\1
 ```

-``` plain
+```plain
   MATCH: 1234.foo.dog--1234
   MATCH: 4321.foo.dog--4321
 NO MATCH: 1234.foo.dog--4321
@@ -142,7 +142,7 @@ NO MATCH: 1234.foo.dog--4321

 Mind that the last line gives no match as `\1` matches **exactly** the same sequence the first character group matched. And `4321` is not the same as `1234` even when both are valid replies for `(1234|4321)` Back references are not defined for POSIX EREs (for BREs they are, surprisingly enough). We add them to ERE in the BRE style.

-``` plain
+```plain
 $ pihole-FTL regex-test "someverylongandmaybecomplexthing.foo.dog--someverylongandmaybecomplexthing" "(someverylongandmaybecomplexthing|somelesscomplexitem)\.(foo)\.(dog)--\1"

 FTL Regex test:
@@ -176,7 +176,7 @@ A bracket expression specifies a set of characters by enclosing a nonempty list
    - `[:upper:]` upper case letters (FTL matches case-insensitive by default)
    - `[:xdigit:]` hexadecimal digits

-Furthermore, there are two shortcurts for some character classes:
+Furthermore, there are two shortcuts for some character classes:

 - `\d` - Digit character (equivalent to `[[:digit:]]`)
 - `\D` - Non-digit character (equivalent to `[^[:digit:]]`)
--- a/docs/regex/testmode.md
+++ b/docs/regex/testmode.md
@@ -2,13 +2,13 @@

 In order to ease regex development, we added a regex test mode to `pihole-FTL` which can be invoked like

-``` bash
+```bash
 pihole-FTL regex-test doubleclick.net
 ```

 (test `doubleclick.net` against all regexs in the gravity database), or

-```  bash
+```bash
 pihole-FTL regex-test doubleclick.net "(^|\.)double"
 ```

--- a/docs/routers/fritzbox.md
+++ b/docs/routers/fritzbox.md
@@ -6,7 +6,7 @@ This guide is IPv4 only. You need to adjust for IPv6 accordingly.

 ### Enable advanced settings

-Some of the the following settings might be visible only if advanced settings are enabled. Therefore, "View" has to be changed to advanced by clicking on "Standard" in the lower left corner.
+Some of the following settings might be visible only if advanced settings are enabled. Therefore, "View" has to be changed to advanced by clicking on "Standard" in the lower left corner.

 ![Screenshot der Fritz!Box DHCP Einstellungen](../images/fritzbox-advanced.png)

@@ -21,7 +21,7 @@ Client -> Pi-hole -> Upstream DNS Server

 > Note:
 The Fritz!Box itself will use whatever is configured in Internet/Account Information/DNS server (see below).
-The Fritz!Box can be Pi-hole's upstream DNS server, as long Pi-hole itself is not the upstream server of the Fritz!Box. This would  cause a DNS loop.
+The Fritz!Box can be Pi-hole's upstream DNS server, as long Pi-hole itself is not the upstream server of the Fritz!Box. This would cause a DNS loop.

 To set it up, enter Pi-hole's IP as "Local DNS server" in

@@ -70,7 +70,7 @@ The Fritz!Box always sets its own IP as DNS server for the guest network. To fil

 ## Hostnames instead of IP addresses in Pi-hole's web interface - Conditional forwarding

-In case the Fritz!Box is used as DHCP server, client's hostames are registered only there.  By default, Pi-hole tries to resolve the IP addresses of the clients back into host names. Therefore, the requests must reach the Fritz!Box.
+In case the Fritz!Box is used as DHCP server, client's hostnames are registered only there.  By default, Pi-hole tries to resolve the IP addresses of the clients back into host names. Therefore, the requests must reach the Fritz!Box.
 There are two ways to do this:

 * The Fritz!Box is the upstream DNS server of the Pi-hole. This means that all queries end up with the Fritz!Box anyway, which can send the host names back to Pi-hole.
@@ -85,4 +85,3 @@ The following settings must be made:
    * **Local domain name (optional):** Fritz!Box uses **fritz.box**

 ![Screenshot der Conditional Forwarding Einstellungen](../images/conditional-forwarding.png)
-
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -190,7 +190,7 @@ plugins:
      redirect_maps:
        'ftldns/database.md': database/index.md
        'main/presentations.md': index.md
-        'main/prerequesites.md': main/prerequisites.md
+        'main/prerequisites.md': main/prerequisites.md
        'guides/unbound.md': guides/dns/unbound.md
        'guides/upstream-dns-providers.md': guides/dns/upstream-dns-providers.md
        'guides/dns-over-https.md': guides/dns/cloudflared.md