Blocked Query Response (Custom Block Pages)
Customize how Control D responds to blocked queries.
What is this?
When Control D blocks a domain via a Filter, Service, or Custom Rule, by default it returns the following DNS records:
- A:
0.0.0.0
- AAAA:
::
This feature allows you to change this behavior and return a different response.
How to Use it
Edit your desired Profile and go to Profile Options.

Toggle this feature ON and choose the desired response type. There are several to choose from:
0.0.0.0 / ::
(Default)NXDOMAIN
- Return this RCODEREFUSED
- Return this RCODECustom
- Choose your own IPs to respond with or use custom block pageBranded
- Use a branded and customizable block page
Custom Block Page
Here you can input your own IPv4 and IPv6 addresses. When a website is blocked, Control D will spoof to IP addresses you have chosen here. This can be used with a self-hosted block page + your own Root Certificate.

Branded Block Page
Root Certificate Installation Required
In order for this to work with HTTPS websites, Root Certificate Installation is required. Check the linked document to learn more.
This option allows you to use a Control D hosted block page, which you can optionally customize with:
- Your own logo
- Custom block title
- Custom block message
- External link title
- External link URL
By default, with no custom settings, a branded page will look like this.
Now, you can customize it using the 5 fields.
When a website is blocked, it will look something like this.
Unblock Request Button
You can choose whether to show a Request Unblock button on a branded page using the Unblock Reporting dropdown which provides 3 options.
- None - No button will be shown

- Default - A Request Unblock button will be shown. Clicking this button will reveal a small form where the end user can request for this page to be unblocked. The account owner or admin will receive this request via email or Slack notification, and an action can be performed.
- Custom - The External Link Title and External Link URL fields will allow you to customize what the button says and does.

Unblock Request Handling
By default, the organization owner or admin receives unblock requests via email. If you prefer to send these requests to a specific set of email addresses or a Slack channel (via a webhook), you can configure this on the My Org page.
Go to My Org and enable the Unblock Reporting option. Then, add your desired email addresses and/or Slack webhook URL, and click Save. From that point on, all unblock requests will be sent to the specified email list and/or Slack channel.
Unblock request email/Slack priority handling
When an unblock request is submitted, Control D determines who should receive the notification based on two factors:
- Which Organization owns the endpoint (parent vs. Sub-Organization)
- Whether custom recipients are configured
The rules are as follows:
Endpoint ownership | Custom recipients defined | Notification goes to |
---|---|---|
Parent Organization | Yes | Parent Organization custom recipients |
Parent Organization | No | All parent Organization admins |
Sub-Org | Yes | Sub-Organization custom recipients |
Sub-Org | No, but parent has them | Parent Organization custom recipients |
Sub-Org | No (and parent has none) | All Sub-Organization members and all parent Organization members |
Hostname Variable
In the External Link URL you can use a variable {domain}
which will template your link with the website FQDN that was blocked. For example, if you use: https://reporting-url-example.com?hostname={domain}
and access pornhub.com, and it's blocked, the link will become https://reporting-url-example.com?hostname=pornhub.com
If the physical device in use is an Apple platform, the Shortcuts url scheme can be used as the link on the branded block page.
Using this neat trick, a shortcut can be built to send pertinent information to the “family IT admin” along with something like "I need something unblocked," all in the background.
Updated 1 day ago