Ask a Question

Branded Custom block page

Hello, Thanks a lot for adding the Branded Custom Block Page. Our customers are french based and i noticed that this caracter doesn't work : ' And... would it be possible to change the : "This website is blocked" text and the "Learn More" on the button ? Like this we could adapt it for french <br> Thanks

Feature Request: Org + Sub-Org Dashboard

It would be great to have a rollup dashboard to show statistics and queries across all organizations, top-level and sub-orgs. This would be useful for wall screens as well as searching for specific queries across all sites at once.

Multiple AD Domain Forwarders

Yesterday I posted that I had figured out how to do this, and I did. But now I have a few more interesting use cases. The site that I am working on right now has 2 different local active directory domains with no trusts or links between them. They both need AD DNS for local domain resolution only. Both domains run off the same firewall but seperate physical ports and switches. Right now I have DNS conditional forwarding across both networks to allow roaming clients. But only for 53/UDP to the DNS server applicable to the domain the client is on. What I'm trying to do is set a listener on all interfaces to listen and send all non-local domain traffic to controld and forward local dns traffic to the applicable domain controller or dns server. It's working, but only for "upstream.1". I cannot get requests to go to "upstream.2" right now. In nslookup, I am getting request timeouts. Here's my config: <br> ``` [listener] [listener.0] ip = '' port = 5354 [listener.0.policy] name = 'My Policy' rules = [ { '*.ad.domain1.org' = ['upstream.1']}, { '*.ad.domain2.com' = ['upstream.2']} ] [network] [network.0] name = 'Network 0' cidrs = [''] [upstream] [upstream.0] type = 'doh' endpoint = 'https://dns.controld.com/xxxxx' timeout = 5000 [upstream.1] name = 'AD DNS Domain 1' type = 'legacy' endpoint = '' timeout = 5000 [upstream.2] name = 'AD DNS Domain 2' type = 'legacy' endpoint = '' timeout = 5000 ``` Like I said, ad.domain1 and the corresponding upstream.1 work fine. But things start breaking down for ad.domain2 and upstream.2 I've checked firewall policies and have explicit allows in place at least for 53/udp across the networks so I don't think it's a block. My best guess is that it's either the firewall not wanting to route properly or it's an issue with my config. I'm leaning towards a controld config issue in the above.


I’m a newbie using SSH and need some assistance with running the controlled D script I get a message that I need to rerun the script with root / system permission How do I do this?

Add option to completely disable IPv6 responses.

Like the `filter-AAAA` option in dnsmasq. Use case: Just because

Active Directory DNS

Hi Folks, I'm really only just starting to use Control D. Everything is easy to setup and love it so far. I'm just a bit confused and lost on how to edit configs on routers. My use case is for business and there are several bits of documentation that already address this which I am trying to follow but hitting some roadblocks. We'd like to deploy ControlD to our firewall routers (already done). We'd like to have all network DNS pointed at the router (already done). We'd like to steer all local active directory DNS over to our AD DNS server but only for local domain DNS. Everything else should go to ctrld. I found the article which says to create a re-direct for the domain controller and that works great. But it doesn't allow us to resolve anything else obviously (so we can redirect DNS lookups for the server itself but not workstations with that redirect rule). I know what I need to do is edit the toml/config file as per the documents and this is where I feel silly. I'm struggling to do this over ssh in the router itself and I can't find any documentation on how to use the toml config menu in the ctrld GUI. My question is: on Ubiquiti routers, what is the cleanest way to edit the config file and add our custom DNS steering options?

Feature: Auto delete logged Authorized IPs

The logged Authorized IPs for each device (legacy resolvers) needs to be deleted manually in current version. Auto clean-up of the logged IPs (except the latest IP that is registered and in active use) would improve data privacy/security in case of Control D account hacks or other unknown cases like user data leaks.

Invite a family member to control a profile

I want a family member to be able to access one of the profiles i setup for their house. that way they can disable or add rules as they need. Nextdns is able to invite users to a profile. Can this be done with ControlD without a org profile?

Best way to report websites not being blocked?

hi, what’s the best way to report websites which aren’t being blocked by ControldD’s filters? I tried to post them here, but it was flagged as spam and emailing support I think hasn’t directed the report to the correct or most efficient place. Is there a more efficient way of reporting websites which should be being blocked, such as an entry form on the ControlD website or something?

YouTube in strict mode, not moderate mode

Hello, i want to restrict YouTube in Scrict mode (and not the moderate mode) and i don't know how to do it. This is the guide i was following: <https://knowledge.workspace.google.com/kb/control-youtube-content-available-to-users-for-educational-accounts-000008802>. How do i do this in Controld? From the link: Option 1: Using DNS <br> Option 1: Using DNS ``` Open your network's DNS settings. Add a CNAME for the following hostnames: www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com To set strict restricted access, set the CNAME value to restrict.youtube.com. To set moderate restricted access, set the CNAME value to restrictmoderate.youtube.com. ```