ControlD is a new DNS service by the makers of Windscribe VPN
Remember Windscribe VPN? We reviewed the free version of the VPN service in 2017 and liked it a lot. Many things have changed since then, and it is now possible to subscribe to a Pro plan to unlock unlimited data and locations, and use extra features such as a blocker for advertisement, tracker and malware.
ControlD is the company's new service; it is a DNS service that is also available as a free and paid option. The main difference between the free and paid versions of ControlD is that the latter offer customization options while the former only preset options.
Free users may select between four preset DNS servers that are available as legacy DNS and the encrypted versions DNS-over-HTTPs and DNS-over-TLS.
Here is an overview of what is provided:
| Legacy DNS | DNS-over-HTTPS | DNS-over-TLS | |
| Unfiltered | 76.76.2.0 | https://freedns.controld.com/p0 | p0.freedns.controld.com |
| Block Malware | 76.76.2.1 | https://freedns.controld.com/p1 | p1.freedns.controld.com |
| Block Malware, Ads | 76.76.2.2 | https://freedns.controld.com/p2 | p2.freedns.controld.com |
| Block Malware, Ads and Social | 76.76.2.3 | https://freedns.controld.com/p3 | p3.freedns.controld.com |
Unfiltered does not block any traffic, and the three presets that block will block IP addresses associated with the types listed.
Advanced users may use the addresses right away to set up the service, new users get configuration instructions on the ControlD site for all major operating systems and many other device types.
I ran a benchmark for all four legacy DNS services, and they performed fine, but were not the fastest available options. Speed is but one of the requirements. The privacy policy reveals that the service is logging the timestamp of the last activity and the source IP address. The latter is required as it is used to known if a user has a paid account or not. The company states that it does not log user activity.
Since ControlD does not keep logs of which proxy server IPs were used by which user, nor do we even have access to this data, we have no way to trace any activity to any individual account.
ControlD Paid plans
Paid plans introduce new customization options to the service. Customers may select between 14 categories to block, use proxy servers in 60 countries to tunnel some browsing activity (and access geo-restricted content), and maintain a remote hosts file for IP spoofing.
Some features, like the ability to create custom block profiles, are known from other advanced DNS services. The ability to use proxy servers for SMART DNS functionality is an interesting addition, especially since it can be used for specific sites, e.g. Netflix, HBO or BBC.
The scheduling option works like a temporary blocker, e.g. to block social media access while working or studying.
The two paid plans, Some Control and Full Control, are available for $20 and $40 per year. The only distinguishing factor is that the full control plan includes proxy server access while the some control plan does not.
Closing Words
The free version of ControlD is an alternative to established solutions such as OpenDNS. The paid versions support several interesting features, such as the scheduling option or proxy server support, that set it apart from most solutions.
Now you: which DNS service do you use, and why?
And the doubt that does not want to pass, what is the best and most advantageous: NextDNS, ControlD or AdGuard DNS?
I use Smart DNS Proxy …. Admittedly the Control D looks cheaper and offers more but essntially what is the differences between the two
So if I’m understanding their marketing right, you can use ControlD to access US Netflix without the need for a VPN? Might me something I consider for my Android TV (if they have an app, I havent checked). I’m happy with my VPN for desktop/mobile use.
For now I’ll try put ControlD’s free DNS into rotation with my VPN configs. Currently alternate between Mullvad’s DoH, NextDNS, AdHole and BlahDNS.
I use NextDNS easy to use select blocklist what you want
support Dot,DoH,DoQ and every device
I use DNS.SB as my DNS service.
I’ve used Adguard or AltDNS setup in my router forever with great results in adblocking. Had a couple of issues with AltDNS getting verrrrry slowwww. Read stories of Adguard allowing some ads to pass but haven’t (to my knowledge) experienced that. I use Nord VPN and they have an adblocking DNS but I have never been successful in getting it to work in my router.
Ads are visible, trackers less. No idea what trackers Adguard blocks or not.
Quad9, but I’m configuring each machine individually. Consumer grade routers are slow when you task them to act as resolvers.
I got sick of all dns problems – my isp’s were frequently down, Cloudflare doesn’t resolve a site i’m using (archive.is), Google’s were laggy,… or the dns propagation times where migrated sites won’t work for some days – and made my own recursive server with Unbound. If a site/service for some reason changes its hosting or dns records, i just ssh into my server, reboot and boom, it works, while other poor souls with public dns need to wait at least a day.
Another funny thing – i ran the benchmark and my server is faster than any on the list, despite having a horrible dsl connection with at least 25ms ping.
The best thing about Cloudflare is the $90,000 I made from its IPO.
No alternate DNS server and no IPv6 support. Pass.
Not that I’m endorsing ControlID or otherwise, but why do you need a fallback address? I personally have never seen the first DNS resolver to fail and have not bothered completing the second address for years.
Martin, is Windscript another name for Windscribe, or a different service altogether?
I use Cloudflare.
Was a spelling error, corrected. The right name is Windscribe.
DNS Benchmark by Gibson Research Corporation (Steve Gibson) has been a free download for many years. You can download it here:
https://www.grc.com/dns/benchmark.htm
Control ID by Windscribe VPN appears to be identical to DNS Benchmark. Coincidence?
Lol, that was funny!
I tested the speed of ControlD with DNS Benchmark, this is not a screenshot of ControlD’s interface.
AdGuard might be a good choice, if you trust Russia.
-1
DNSCrypt-Proxy (for Windows) here. Encrypted DNS with many servers available, handles several protocols of which DNSCrypt and DoH, anonymized relays (for the servers that accept it), IP and domain blacklists (think of HOSTS, elaborated, with IPs as well) provided by numerous sources and the user’s own, whitelisting, forwarding, cloaking. All is free, all operates at the OS level of course. No need for browser specific DoH, set it and forget it, except for updating blacklists.
Even better option is to set it up on your router, so all your devices will use it, not just your PC.
But this may be a bit advanced for the general user.
AdGuard DNS, standard filtering, in our router, unencrypted.
However you do DNS, keep it simple and understand whether your approach really does work the way you think all the time (or ever.)
You can do nothing and let your IPS provide DNS services. Set DNS in your router. Set DNS in each adapter on a device, in all your devices. Use one of the many types of encrypted DNS. Add security against mitm’s with handshakes and no encryption or not.
Not even going to begin describing all the variations present in our router’s Merlin firmware.
Encryption may not work on all sites, may fail gracefully and fall back to unencrypted, fall back to your IPS or block DNS completely leading to reboots of router, browser, computer, or maybe all. It’s not perfect for the masses yet regardless of protocol.
With any new method you attempt, be sure to periodically do a DNS provider check with an online utility, some of which give bogus security statuses unless you use their services. Thanks, guys. If a method isn’t almost the same as your ISP’s in reliability for at least a week, consider another one.
When FF added NextDNS as a DoH provider, it apparently flooded them. Stuff happens, move on if browsing slows dramatically.
The last device in your chain before going to your IPS that’s capable of providing DNS and set to do so overrides all upstream devices (computers, phones, IoT junk, etc.). Typically, that’s your router or gateway (router/modem).
I’ve been using ControlD since launch, for about a week now, and you’re not really explaining why someone would use this over another DNS. The short answer is overcoming Geoblocking without needing to fiddle with VPN server settings when changing locations.
I’m now able to switch between streaming services in Canada, the US, UK, and Switzerland simply by clicking their respective bookmarks – as if there were no such thing as geoblocking. All my local accounts such as banking, email, government, etc, are unaffected and work normally.
You can configure ControlD for any domain, and it already includes many preset services. You can use it on almost any device, including your router. I use it on an older chromebook wired to my tv for streaming. It has a simple interface, allows custom settings for individual domains, and requires no installation. I’ve had to fiddle with one or two sites, but it’s remarkably polished on launch and they’ve already added at least one channel, and responded immediately regarding an issue with another.
I’m a Windscribe user primarily for international streaming, but I will probably switch over to ControlD because it does what I want and is a simpler, more elegant solution. I may sound like an ad, I know, but this thing works much better than any vpn I’ve used. I don’t notice a speed drop in most cases.
This is only for paid accounts though, right?
From a free user standpoint it’s just yet another public DNS resolver. Seems to be relatively fast though, in my area only Cloudflare beats it.
Don’t see a huge reason to switch from Cloudflare but I’ll probably add it as an alternative resolver whenever dnscrypt-proxy add it to their public list.
@Michel:
Thanks for the tip. That really is a very useful (and unusual) feature. Trying it now!
I use cloudflare dns and adguard dns ,to access blocked sites.
=====
The company states that it does not log user activity.
Since ControlD does not keep logs of which proxy server IPs were used by which user, nor do we even have access to this data, we have no way to trace any activity to any individual account.
Iron Heart is sure to dispute this.
I switched from OpenDNS to Cloudfare the same day Cloudfare launched it. It was 1 april 2018. Had used OpenDNS for probably around 10 years by then. And I have been happy so far with Cloudflare. But I am very eager looking to find a replacement due to Cloudflares extreme love for activism at work. I do trust what they write in their policy and that the little data they see is deleted after X hours (don’t remember exactly). But that makes no difference to me.
And in searching it seems that AdGuards DNS service with their no logging policy and strong privacy stand could be an option. I might opt for the unfiltered one, still not sure. I am also a little interested in AdGuard software, but not sure if I will buy it since I also have my eyes on Little Snitch as I feel I need to get control and close down the outgoing connections. I know there are free firewall options available and also cheaper payed for Firewalls. But the granular control of LS are something that makes it stand out. But I hesitate using LS and Adguard at the same time since there have been some incompatibility issues in the past. And the more granular ad/tracking blocking can possibly be dealt with Ublock Origin in the browser, plus whatver the browser itself can do via whatever in-built capabilities it got, depending on if I decide to go with Brave or Vivaldi it can differ. So maybe I opt for the Adguard DNS with ad/tracker blocking after all, plus LS and one of the browsers. But it could be nice having AdGuard system wide as well. Hmm. We’ll see.
Yet that same company’s the one activists are targeting for enabling hate and terror sites. Curious. Prolly a made up lie. The way I see it, Cloudflare only cares about free speech and that’s why they help pirate sites which is politically unrelated to whatever Robin di Angelo’s ideas are but telling of their free speech commitment.
“But I am very eager looking to find a replacement due to Cloudflares extreme love for activism at work.”
Why do people like that always need to use cryptic language ? Just say it, you’re just very angry that Cloudflare’s proxy service stopped doing business with a nazi site after that site had claimed that this meant that Cloudflare supported their ideas.
So anyone you disagree with is a Nazi?
No. That is not the reason. And I am not angry, more disappointed. But for example their obsession with skin color and liking of Robin di Angelo’s ideas are.
Lol Cloudflare’s the least you should worry about with the censorship.
Obsessed with skin color just like every TV company in the world and it seems searching for Robin and Cloudflare only points to this site.
At the bottom of the homepage: ‘© 2022 ControlD, Inc.’