Since this is a Control D blog, there may be inherent bias, but I've tried to be as objective as possible. In order to do so, I spent a bunch of time using AdGuard DNS before writing this article. Any omissions are not out of malice; if you spot some, email me at the address posted at the end of the article.

Now, let's dive into the first and most pressing topic.

What Does AdGuard DNS Have That Control D Does Not?

  1. More 3rd-Party Blocklists - AdGuard has 41 blocklists at the time of writing. That being said, more is not always better. The vast majority of blocklists used by AdGuard are available with Control D, or are sources for existing native blocklists (we call them Filters). Additionally, most of the blocklists are scoped to Ads, Tracking and Malware, and Parental Controls; Control D offers many other individually controllable categories, like gambling, file hosting, torrents, newly registered domains, URL shorteners, government websites, and much more.
  2. Traffic Destination Map - AdGuard shows you a very nice map of destinations of all your DNS queries and subsequent TCP connections to IP addresses in various countries and on various networks.  Control D Analytics actually collects this data as well, but there is currently no way to query it. This feature is coming soon to Control D.
  3. Company Stats - AdGuard shows you which companies are handling most of your browsing traffic, with detailed stats of how many requests are being blocked for each organization. With this, you can identify the most "data-hungry" companies. This feature is coming soon to Control D.
  4. Longer Raw Query Data Retention - AdGuard keeps your raw DNS query logs and statistics for up to 90 days, while Control D only keeps raw logs for 3 days. That being said, Control D keeps summaries of data with hourly granularity for 31 days, and daily granularity for 365 days. You can choose to delete this data at any time.
  5. Custom Domain Block Response - AdGuard allows you to choose the response record type when something is being blocked from the default to NXDOMAIN or REFUSED. This feature is coming soon to Control D.  
  6. Stats Reports - AdGuard will periodically send you an email with an overview of activity on your devices. This feature is coming soon to Control D.

What Does Control D Have That AdGuard DNS Does Not?

Now that we got that out of the way, and hopefully none of the above is a dealbreaker for you (if it is, wait a while, we'll have it soon), let's discuss what Control D can offer that goes above and beyond of what AdGuard does.

  1. More Filter (blocklist) Categories - Control D offers 18 handcrafted Filters which are based on five years of feedback from millions of Windscribe (our sister company) users. These can block categories of websites like Ads & Trackers, Adult Content, Crypto, Dynamic DNS, Gambling, Malware, Newly Registered Domains, Socials, and a lot more. If you still wish to use "well-known" 3rd party blocklists, Control D supports 14 of the most popular ones out there. If you really need one that we don't support, make a suggestion.
  2. IP Blocklists - Control D's Malware Filter blocks domains from many threat intelligence feeds that are both domain-based and IP based. This means it will block DNS queries that resolve to malicious IP networks, regardless of the FQDN itself not being present in any blocklist.
  3. Machine Learning-Based Malware Filter - Using machine learning algorithms, we built a model for detecting and blocking domains that have a high probability of serving malware. This allows us to block emerging threats before they appear in any malware domain or IP blocklist.
  4. Traffic Redirection - Control D can block any domain you want, or redirect it via servers in over 100 exit locations. This allows you to change your IP without using a VPN. This is a unique feature of Control D.
  5. Vast Library of Services - Control D supports over 400 different services (AdGuard has just 88), which you can block OR redirect via a proxy location, all with a single toggle.
  6. Powerful Custom Rules - While AdGuard has basic "User Rules" to block or allow domains (rewrites didn't work at the time of writing), Control D allows you to manage them all in one place, with much more functionality. Think of this as your Authoritative DNS server for the entire Internet. You can create Custom Rules that block, redirect (to IP or proxy), or bypass any domain name (or wildcard). You can create PTR records, group your rules into folders, assign default actions to folders (i.e. make your own Allow/Deny folders, and add domains), export folders to share rules, copy rules between Profiles, and a whole lot more. And yes, you can also search through your rules.
  7. Multiple Analytics Levels and Regions - The Analytics feature is not just limited to being ON or OFF. There is a middle ground that stores your data in a privacy-conscious fashion, meaning you still get to see what Control D is doing when blocking and redirecting, but it will not store the domains you're resolving, only the counts of various actions. This is privacy conscious, as we have no record of your browsing history. Additionally, you can choose where your data is stored.
  8. Expose IP Via DNS - This is a Device setting that allows any Device to become a DDNS endpoint. With the setting enabled, every time you query against your Secure DNS resolver, the source IP is presented in a public DNS record. This eliminates the need to use a 3rd party DDNS service.  
  9. More Devices, More Resolvers - Our consumer plans have no limits (within reason) on how many unique DNS resolvers (Devices) you can have, or how many unique configurations (Profiles) you can have under one account. Want to put your entire extended family on a single account? No problem. AdGuard (Personal) is limited to 5 "Servers" and 20 Devices. All of these share a single "Plain DNS server" address, which means you cannot enforce unique configurations from a single IP address. This is not a limitation with Control D.
  10. No Limits - AdGuard limits how many queries you can execute per month. Control D has no limits on monthly queries.
  11. Single-Step Router Setup - If you wish to run Control D on a supported router, it could not be any easier. Create a router device, copy the 1-liner install command, and paste it into your router's command line. You're done. Now you can see all your LAN clients, and create unique DNS policies for some/all of them.
A gif showing the very simple steps involved in setting up Control D using pfSense
Quick demo using pfSense

I can keep going but you're probably bored of reading how great Control D is. Let's switch gears and discuss the differences in the concepts you may be unfamiliar with while using Control D, as an AdGuard user.

General Conventions

While using Control D, please keep the following UI conventions in mind.

Profiles = Servers

  • Anything that BLOCKS domains from resolving will be found in the Filters section.
  • Some Filters have Strict and Relaxed modes which further enhance their capabilities within the relevant scope.
  • The Services section gives you granular control over 400+ web services, apps, and games.
  • Custom Rules give you highly detailed control over individual domain names.
  • Settings not related to specific domains, services, or categories are found in Profile Options. These govern general behaviors.
Screenshot of the Control D panel, showing a Global Profile's filter options
Control D's filters are intuitive and simple to enable

All of the above is part of a Profile, you can think of it as a "Server" in AdGuard lingo. This is a collection of rules that you've chosen that govern browsing behaviors. On their own, Profiles don't do anything.

Screenshot of Control D's Profiles panel showing multiple profiles with different setups
Different Profiles can be set up with different filters

Devices = Devices

In order to enforce a Profile, you need to create a Device and choose which Profile you want it to enforce. Every Device will come with a set of unique DNS resolvers that you can use to configure DNS on literally any Internet-connected device. There are handy tutorials for all platforms.

Screenshot of Control D's Add Device popup, showing several preset options
Control D has many preset options for devices

Once a Device is created, and the DNS Resolvers are configured on a physical gadget, your DNS is now managed by Control D, which will enforce a Profile of your choice.

Screenshot of Devices showing the different active Profiles
It's easy to see which profile is active on which device

From this screen, you can easily see which Profile is enforced on which Device, quickly swap profiles manually, or via a schedule, or even enforce multiple chained Profiles on a single Device, which avoids the need to duplicate your rules.

Analytics = Statistics + Query Log

Everything related to viewing your DNS queries is grouped under the Analytics section, which has 2 sub-sections:

  • Statistics - this provides birds-eye view summaries of the activity on your Devices.
  • Activity Log - This provides a real-time feed of raw DNS queries, as well as the ability to search historical data.
Screenshot of the Analytics page showing different stat breakdowns
Analytics gives you granular stats for your Control D usage

If you happen to use the ctrld utility (which runs on all operating systems and most routers) you can view granular stats for all the LAN devices on your network. This avoids the need to set up Control D manually on all your gadgets while allowing you to create unique DNS policies for chosen clients (such as your kids' devices).


I hope this was useful. What you're seeing here is still a work in progress, as we're in very active development and have a huge roadmap ahead of us. Remember, we are trying to build the best DNS service out there, so if you have questions or suggestions that can help us achieve this goal, email me at yegor (at) And if you are ready to sign-up now, you can get Control D for as little as $2 USD per month: Get Control D now.