Updates - Spring 2024

· 5 min read
Updates - Spring 2024

Spring is well underway, and here at Control D, we've been hard at work introducing new features to our service.

It's been a while since we've updated you on what we've been up to, so we're excited to share the progress and advancements we've made over the last few months.

Here's a quick breakdown of our top 5 newly built features, as well as what's to come in the near future.

1. Control D for Organizations

At the heart of our latest developments lies Control D for Organizations, which we released earlier this year.

Control D for Organizations is a comprehensive solution tailored for businesses, schools, MSPs, and NGOs of all sizes – from large enterprises to small start-ups.

Almost all cyberattacks start with a DNS query, and recognizing the crucial role of DNS security in thwarting malicious attacks, we've equipped Control D with an arsenal of tools aimed at fortifying your defenses with minimal setup and seamless integration. They include:

  • Multi-user access
  • Mass provisioning using an MDM?RMM
  • AI-powered Malware Filter
  • Granular DNS filtering capabilities
  • Shared Profiles
  • Nested Sub-Organizations for segmenting Profiles

Of course, this is far from an exhaustive list.

Request a Demo with one of our professionals to get a detailed walkthrough of how Control D for Organizations can benefit you and your business.

2. Custom Block Pages

This was one of our highly requested features, so we're happy to introduce Custom Block Pages.

Gone are the days of uninspiring browser error pages. Now, you can tailor your security notifications to reflect your organization's image and identity, whether that's adding your own company logo, crafting a bespoke block message, linking to a third-party resource, or any combination of the three.

Additionally, Custom Block Pages can be customized on a Profile level, allowing you to personalize your block message depending on which Profile the user in your organization or client list is assigned to.

To utilize this feature:

  1. Navigate to Profile Options and scroll down to Block Response
  2. Toggle this feature ON and select Branded from the drop-down menu
  3. Enter your custom logo URL, an external link URL, and block message
  4. Click Save

3. Improved Apps

Apps aren't necessary to use Control D, but they can certainly make things easier to manage, especially when deploying Control D to a large number of devices or networks. That's why we've made significant updates to both our iOS and Android apps:

  • iOS and Android apps now support DNS-over-HTTPS/3
  • iOS and Android apps now support Prevent Deactivation functionality (more on this later)
  • iOS app now supports "OS Native" setup – a "fake VPN" is no longer needed
  • ctrld cli daemon is now updated to v1.3.6 to support Windows Server, newer Ubiquiti products, and support for self-upgrading and cache flushing (as well as many bug fixes)

4. Geo Custom Rules

Geo Custom Rules work much like your standard domain-based Custom Rules but have additional geographical-based blocking and redirection features. They contextualize DNS queries based on the geographic IPs of users making the query and the destination IPs that the query is resolving to, enabling organizations to implement access controls and redirection policies for specific regions.

For example, you can make custom geographical rules such as:

  • Block any queries resolving to IPs (not) in a particular country
  • Block any queries made from IPs (not) in a particular country
  • Redirect any queries that (don't) resolve to IPs in a particular country
  • Bypass any queries made from IPs (not) in a particular country

Rule formats start with the following combined with the 2-letter ISO country code:

  • @ – Destination country
  • !@ – Not destination country
  • # – Source country
  • !# – Not source country
  • @AS00000 – Destination Autonomous System (AS)
  • !@AS00000 – Not destination Autonomous System (AS)

Let's see some examples of this in action:

  • @US – This will match queries that resolve to a US IP address
  • !@US – This will match queries that aren't resolved to a US IP address

As you can see, this gives you complete control over which geographical IP addresses do and do not resolve on your devices, allowing you to customize your DNS rules exactly to your needs.

5. Prevent Deactivation

Another highly requested feature has been to Prevent Deactivation, with the goal of adding an extra layer of security. This means that all GUI and CLI apps have a Device Setting feature enabling you to set a PIN to prevent unauthorized deactivation of Control D.

By requiring PIN authentication, schools and organizations can maintain stricter control over deactivation permissions and prevent individual users from circumventing security protocols on their devices.

6. More Analytics

We've added  "Traffic Insights". This section shows the the sources and destinations of your browsing activity, including destination countries and networks. This is handy to see how your data flows across the Internet, and is derived from geo-location data associated with IPs that make DNS queries, and IPs that DNS queries resolve to.

  • Sources - Countries from which your DNS queries originated from. Typically, this will be your home country.
  • Destinations - Countries where your traffic ended up.
  • Network Destinations - Same as Destinations, except instead of countries it shows Companies and ISPs.

7. Other features

Besides those top updates, we've also added:

  • 500 new Services
  • Multi-mode Adult Content Filter
  • DNS64 support to allow IPv6-only networks to access IPv4 networks.
  • The ability to set Custom Rules comments
  • Search function for platform-specific devices (e.g., search for "Windows" to filter all Windows OS devices)
  • Support for Internationalized Domain Names (IDNs) in Custom Rules
  • The ability to generate a QR code to download Apple DNS Profiles

Head over to our Changelog for a full breakdown of all our changes and updates over the last few months.

What's coming soon?

As we continue to innovate and evolve, here's a quick sneak peek into our future roadmap:

  • A UI overhaul to add Light Mode and make everything smaller
  • Mobile apps: Ability to exclude WiFi networks where Control D will be disabled
  • A refresh of the Analytics panel and the introduction of additional metrics
  • ECH support when proxying traffic
  • Query classification infrastructure to reduce reliance on third-party lists
  • Ability to create alerts and subsequent actions when suspicious behavior is detected
  • The addition of more anycast server locations

We're constantly improving Control D to make it the best customizable DNS resolver on the market, and your feedback remains integral to that process.

If there's a feature you'd like to see or a suggestion you'd like to share, please do so using our Suggest a Feature service.