Wednesday, March 1, 2023

Control Your D...NS in 2023

Or it will control you

The following email is only for our biggest brained users. Users with obese cerebrums that:

  • Know what DNS and VPN stand for, and the difference between them
  • Know that Raspberry Pi is not a delicious dessert
  • Get super excided about 0-RTT feature of TLS v1.3
  • Know than RFC1918 has nothing to do with Estonian Independence Day

If any of that sounds like mumbo jumbo, you probably won't understand the importance of the rest of this email and you should stop reading now (we're not being passive aggressive, it's true). For the rest of you big brains, let's continue, shall we?

Too long didn't read

Control D is a customizable DNS filtering and traffic redirection platform. It can do all the things your standard DNS resolver can (resolve domains to IP addresses), but it can also do a lot more. Think of it as your personal Authoritative DNS resolver for the entire Internet that gives you granular control over what domains get resolved, blocked or redirected. In this last mode, Control D will transparently proxy SNI (and some non-SNI) enabled traffic through servers in a chosen location/country, masking the client IP. All without any software - It's basically magic.


7 windows, 7 proxies, 0 apps

Does any of this tickle your fancy? If so, create a free trial account and play around with Control D. There is a 30 day no-payment required trial available, in addition to totally free community DNS resolvers.

Try Control D

PS. If you already have a Windscribe subscription, you can use your Windscribe username at signup, and get 50% off standard prices. Real discounts, for real winners.

Introducing Control D

You may already be familiar with various types of DNS services, such as:

  • Public DNS resolvers like Google or Cloudflare
  • Self-hosted DNS blocking solutions like Pi-Hole or Adguard Home
  • Cloud hosted customizable DNS services like NextDNS
  • Various "SmartDNS" services

All of these services have their use cases, however, Control D does pretty much everything they can do, and a lot more. So what is Control D?

Control D, as you've probably guessed, is a multi-protocol, user-configurable DNS resolver with transparent proxy capabilities deployed on top of an anycast network, with over 100 exit locations.

You're probably thinking "sure, cool buzz words, and that all sounds impressive - but what does it actually do?" Allow us to explain, fellow galaxy brain.

When you get started with Control D, you will receive a set of DNS resolvers that are unique to your account and can enforce your unique configuration. Think of it as your personal authoritative DNS server… for the entire Internet.

You can customize your configuration(s) via a simple web interface, as there are no required apps to install to use the service. Control D also supports multiple DNS protocols:

  • Legacy IPv4/IPv6 - least secure, but most widely supported
  • DNS-Over-HTTPS (DoH1/2/3) - most secure, supported by modern OSes
  • DNS-Over-TLS (DoT) - most secure, supported by modern OSes
  • DNS-over-QUIC (DoQ) - most secure, bleeding edge protocol

We're not gonna bore you with the details of which one you should/can use, as we can see your massive brain all the way from orbit. We're just gonna tell you what you can do with Control D instead, and your meat based neural network can fill in the blanks. Deal? Deal!

Once you configure one of the DNS resolvers on your device (router, computer, browser, phone), your DNS queries will be steered to the Control D anycast network. By default, if no settings are changed, Control D will behave like a standard DNS resolver, no different than Cloudflare, Google, or your local ISP. Once you start fiddling with the knobs, you can do all kinds of neat things by selectively disregarding authoritative DNS records and substituting your own. Now you can easily:

  • Block a category of sites (ads, or porn for example, there are 20 to choose from)
  • Block malicious domains and non-malicious domains that resolve to malicious IPs
  • Block a specific service (Facebook, Minecraft or TikTok)
  • Block a specific TLD, FQDN, subdomain, or a wildcard entry (i.e. server-*.domain.com)

You may be thinking, "Cool, my Pi-Hole does that already," and you may be partially right (it only does 2 of those things), but we're just scratching the surface here. Here are tons of other things you can do with Control D:


This is what

  • Spoof a Service, TLD, FQDN, subdomain, or all DNS queries to a specific IP address of your choice (think a wildcard-supporting hosts file)
  • Redirect a specific Service through a proxy location (Ticketmaster through US, for example)
  • Redirect a specific TLD, FQDN, subdomain, or wildcard entry through a proxy location (All .ca domains get proxied through Toronto)
  • Redirect all resolved DNS queries through a specific proxy location (there are over 100 cities to choose from)
  • Schedule any of the above behaviours to kick in at a certain time of day
  • Do all of the above, at the same time, using multiple exit locations

We can talk about other features too, but you probably don't have all day. Best thing you can do is just try it. If you hate it (doubtful), we'll give you nothing back since it's free to try and no payment info is required.

Try Control D

We look forward to receiving your DNS packets.

Team Windscribe and Control D

Random Fact

"At any given time, there are 1,800 thunderstorms in progress over the earth's atmosphere."

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)