You may have noticed that we didn't do a September progress update. This isn't because we're lazy, we've just been busy putting the finishing touches on a major ControlD update. The update is available now and has a whole lotta added features.
Multiple Profiles and Devices
Before today's update, you could use ControlD on as many devices as you wished, however, each of those devices would enforce the exact same profile (set of rules). We've now improved this, effectively allowing you to create specific profiles with unique resolvers for each and every one of your precious gadgets. This allows you to:
- Enforce a different profile for a specific device (different filters, services, custom rules and Default Location settings)
- Query log a single device at a time
- Schedule profile changes
- Quickly swap profiles on devices manually
DNS Rebind Protection
This is a new setting that's associated with a profile. Toggling this switch ON will prevent ControlD from resolving any domain that points to an RFC1918 address space. This eliminates the chance of a DNS rebind attack.
The old scheduler was fairly limited, as it only allowed the scheduling of services. It had no impact on filters, custom rules or Global Proxy (now known as Default Location). The new scheduler creates a profile that can be enforced at a specific time and on a specific device.
Unfortunately, this means that all the existing schedules are now toast and will not be enforced, so you will have to re-create them using the new scheduler. We're sorry about that, but this is all for the best, we promise.
ControlD is a service unlike any other. However, some users couldn't figure out how to use it, or what it could be used for. Well, we've solved that by providing detailed explanations for each of the sections and features inside the control panel. Now, each section you visit will prompt you to take a detailed tour that explains everything. If you're already a ControlD expert, you can choose to ignore them.
Global Proxy has been re-branded as Default Location. We figured this makes more logical sense and reduces ambiguity. We didn't just give it a shiny new name, though, we've improved it. These improvements include:
- The ability to see your original IP as well as your new IP(s) when you change locations
- Grouping locations by country, with cities being in the 2nd level of the menu
- Less ambiguous way of going back into "Auto" mode which provides the best performance
You may have noticed a new top bar containing several new buttons. One of those buttons is "My IPs". This button leads you to a page that allows you to see all the IPs that are associated with your account (these are required to make redirection work and support the legacy IPv4 DNS protocol). Now you can easily delete IPs, as well as manually add them to your account.
Custom Rule Wildcards
We have also added the ability for you to use the wildcard * character in your custom rules. For example, a rule for *-woot.domain.com would match the following:
Random Redirect Mode
This feature allows you to use a random redirect location every time the domain is resolved. This comes in handy for such cases as reducing the number of ads you see on Youtube.
There are other new additions and improvements as well, including:
- Invoices - Now you can generate an invoice for your purchase (your accountant will love this).
- Notifications - Now the top header bar has a notification button so you can keep up with our latest announcements, as well as new service updates and improvements.
Free DNS Resolvers Overhaul
Our free DNS resolvers have been completely overhauled. They now feature additional standard configurations such as:
- Family Friendly - useful for managing website access on networks that children are connected to.
- Uncensored - this profile will not block anything, but will proxy various websites that are blocked in certain countries. You can click and see the list of domains it will unblock, but be mindful of the limitations.
But we didn't stop there. We've also added a custom filter builder so you can select only the filters you want to use. Much like with the standard filters above, you don't even need a ControlD account to use it! Keep in mind that custom configurations only support secure DNS protocols like DoH and DoT.
We're still not done here. We still have quite a few things in our pipeline before we consider ControlD officially out of beta. These things include:
Work on this feature has already begun and will be included in the next major update of the control panel. The following designs still aren't finalized but should give you an idea of what we're building. This will overhaul the current query log functionality, as well as add a bunch of fancy graphs.
Some people's moms (seriously, moms are great) suggested that the current UI looks like a scary hacking tool. This is a fair point, so we're adding a light mode (you're welcome moms). Again, these designs are not final, but they're very close to how things will look.
Global ECH (Encrypted Client Hello)
This is a highly experimental feature that presently only works in Firefox, however, in the near future, ECH is going to become a standard that will eventually be supported by all browsers. ECH allows the client to encrypt the SNI, the last of the unencrypted remnants of the "old Internet". Even if you currently use HTTPS with a secure DNS resolver (DoH, DoT), the SNI header is sent in plaintext, allowing your ISP or network administrator to see the websites you're accessing. ECH patches this last hole.
That being said, most websites are unlikely to use ECH for a while, because it has to be supported by individual website owners. Fortunately, ControlD is in a unique position to make this work for the entire Internet, regardless of individual website support. Stay tuned for more details very soon.
We know. Our current homepage sucks. It doesn't explain much, and it's not as pretty as it deserves to be. So we're overhauling it to include explanations of ControlD's functionalities: how to use it; what to use it for; how it all works under the hood and, of course, examples of use cases for different types of users.
Several people have asked us - "Who are you, and why should I send you my DNS queries?" Entirely valid question, which deserves an entirely valid answer. We will be rectifying this with a proper "About Us" page to properly address said concerns.
We love getting suggestions from you. If you have an idea for a useful feature, or tweaks to improve our app, please let us know.