Learn more about DNS
The following email is only for our biggest brained users. Users with obese cerebellums that know the difference between DNS and VPNs; users that operate Pi-Holes; can explain 3 things they like about TLS v1.3, or have an RFC spec tattoo. If any of that sounds like mumbo jumbo, you probably won't understand the rest of this email and you can stop reading now. For the rest of you, let's continue, shall we?
Now that the regular-brained people are out of the way, we have something to tell you colossus brains. For the last two years, Windscribe has been working on a new type of DNS service the likes of which you have never seen. That may sound like a BS marketing statement, but if you know anything about our communications, you'll know we don't engage in BS marketing.
Introducing Control D
You may already be familiar with various types of DNS services, such as:
- Public DNS resolvers like Google or Cloudflare
- Self-hosted DNS blocking solutions like Pi-Hole or Adguard Home
- Cloud hosted customizable DNS services like NextDNS
- Various "SmartDNS" services
All of these services have their use cases, however, Control D does pretty much everything they can do, and a lot more. So what is Control D?
Recursive DNS joke
Control D, as you've probably guessed, is a multi-protocol, user-configurable DNS resolver with transparent proxy capabilities deployed on top of an anycast network, with over 100 exit locations. Pretty sweet.
You're probably thinking "sure, cool buzz words, and that all sounds impressive - but what does it actually do?" Allow us to explain, fellow galaxy brain.
When you get started with Control D, you will receive a set of DNS resolvers that are unique to your account and can enforce your unique configuration. Think of it as your personal authoritative DNS server… for the entire Internet.
You can customize your configuration(s) via a simple web interface, as there are no required apps to install to use the service. Control D also supports multiple DNS protocols:
- Legacy IPv4/IPv6 - least secure, but most widely supported
- DNS-Over-HTTPS (DoH1/2/3) - most secure, supported by modern OSes
- DNS-Over-TLS (DoT) - most secure, supported by modern OSes
- DNS-over-QUIC (DoQ) - most secure, bleeding edge protocol
We're not gonna bore you with the details of which one you should/can use, as we can see your massive brain all the way from orbit. We're just gonna tell you what you can do with Control D instead, and your meat based neural network can fill in the blanks. Deal? Deal!
Yes, you can block stuff.
Once you configure one of the DNS resolvers on your device (router, computer, browser, phone), your DNS queries will be steered to the Control D anycast network. By default, if no settings are changed, Control D will behave like a standard DNS resolver, no different than Cloudflare, Google, or your local ISP. Once you start fiddling with the knobs, you can do all kinds of neat things by selectively disregarding authoritative DNS records and substituting your own. Now you can easily:
- Block a category of sites (ads, or porn for example, there are 20 to choose from)
- Block malicious domains and non-malicious domains that resolve to malicious IPs
- Block a specific service (Facebook, Minecraft or TikTok)
- Block a specific TLD, FQDN, subdomain, or a wildcard entry (i.e. server-*.domain.com)
You may be thinking, "Cool, my Pi-Hole does that already," and you may be partially right (it only does 2 of those things), but we're just scratching the surface here. Here are tons of other things you can do with Control D:
This is what
- Spoof a Service, TLD, FQDN, subdomain, or all DNS queries to a specific IP address of your choice (think a wildcard-supporting hosts file)
- Redirect a specific Service through a proxy location (Ticketmaster through US, for example)
- Redirect a specific TLD, FQDN, subdomain, or wildcard entry through a proxy location (All .ca domains get proxied through Toronto)
- Redirect all resolved DNS queries through a specific proxy location (there are over 100 cities to choose from)
- Schedule any of the above behaviours to kick in at a certain time of day
- Do all of the above, at the same time, using multiple exit locations
Your brain be like
Too long didn't read
Control D allows you to selectively disregard the authoritative DNS records associated with any domain you attempt to resolve (regardless of it actually existing in public DNS), and replace the answers with anything you want. This can prevent the domain from loading by spoofing it to an IP of your choice (like 127.0.0.1), or to one of over 100 exit locations supported by Control D. Then, Control D will transparently proxy SNI (and some non-SNI) enabled traffic through servers in that location, without any software - It's basically magic.
7 windows, 7 proxies, 0 apps
You can also block, spoof, and redirect ALL of your DNS queries by using the catchall "Default Rule". This effectively functions like a VPN (but not really) and will spoof your IP for all DNS enabled traffic.
Does any of this tickle your fancy? If so, create a free trial account and play around with Control D. There is a 30 day no-payment required trial available, in addition to totally free community DNS resolvers.
We look forward to receiving your DNS packets.
PS. Since you've gotten all the way here, that suggests you're capable of reading. Great job, but also: If you're blown away with Control D, and have a standard Windscribe subscription, you can use your WS username at signup, and get 50% off standard prices. Real discount, for real winners.
Team Windscribe and Control D
Random Fact
"New York drifts about one inch farther away from London each year."
No comments:
Post a Comment