Custom Rules

Fine grained control over individual domain names.



Custom Rules are basically a hosts file, with wildcard support. Block, redirect or spoof any domain to any IP.

What are Custom Rules

Custom Rules are the basic building blocks of Control D, and allow you to create fine grained rules for specific domain names. Think of these as a hosts file in the cloud, with wildcard support.

You can have up to 10,000 Custom Rules.

To create a custom rule, choose a Profile and click Edit. Then navigate to the Custom Rules section.

Rule Actions

Much like with Services (which are just collections of Custom Rules), one of 3 rule types can be attached to any domain name.


A BLOCK action will prevent the domain from loading, and will effectively make it inaccessible from a Device that enforces a Profile.


A BYPASS rule will resolve the domain to its true IP address from Authoritative DNS. This is useful to override Filters, Services, or the Default Rule.


A REDIRECT rule will spoof the domain via a proxy location or specific IP address chosen by you.

Custom Rules can be grouped into Folders, which can have their own actions.

Create Private Domains

If you wish to create a private domain, when you make a Custom Rule, choose Redirect and then select IP or Hostname instead of Proxies.

This is very useful for those who are using Active Directory and need to make their domain controllers still function while Control D is used as the primary DNS resolver.

This will allow you to input your own IPv4 and IPv6 (or CNAME) records. Any Device that enforces this Profile will be able to resolve these custom domains, which do not exist in public DNS.

If you're in an AD environment, simply replicate the domain controller hostnames and the IPs they point to. Any device that enforces this profile will now be able to resolve your domain controllers.

Overlapping Rules

Control D will match the most specific rule first. With that in mind, you can create overlapping rules, for example:

The above will block and all subdomains on However if a user accesses specifically, this will be allowed to resolve.

Rule Format

Custom rules can be exact or use wildcards. All of the following are valid:

Domain and RuleAction -> BLOCKBlocks and all subdomains
* -> BLOCKBlocks all subdomains of but NOT
server-* -> BLOCKBlocks and