Device Clients

Using Control D on a router or other types of devices, and want granular visibility and control? This should get you started.


You are using Control D on a router, which likely has many devices using it as the DNS server. By default, all of these physical devices will be grouped together, and you will see the sum of all their activity, without knowing which gadget is responsible for what. Additionally, all of these gadgets will be subject to the same set of rules, defined in the enforced Profile.

The solution to both of these issues is simple, and there are two ways to go about it.

Router Utility

The simplest (and best) option is to install the Command Line Daemon on your router. Once you do this, ctrld will relay LAN client information along with the DNS queries themselves, and you will see all your LAN clients in the web control panel.

If you click the "Clients" button at the top you will see a list of all detected LAN clients.

From here, you can click on any of the clients hostnames you see, to view Analytics just for this LAN client. All relevant client information will be displayed here, which includes:

  • Hostname which is the device name
  • Time of last activity
  • MAC address of the device as seen by your router
  • LAN IP address of the device assigned by your router


DNS-over-HTTPS Only

You must be using the DNS-over-HTTPS protocol in order to see the client data. If you're using DNS-over-TLS or DNS-over-QUIC, no client data will be relayed with the DNS queries.

Create Standalone Device

At this point you can see all your LAN clients, and view their individual Analytics, however they are all still subject to the same set of rules, as defined by your enforced Profile. To make one (or more) of the devices enforce a different set of rules (Profile) you can click the Add button next to the relevant client. This will kick off a standard Add Device flow, which will create a new standalone Device. This allows you to enforce a different Profile, and change all settings for this specific LAN client.


Analytics Reset

When you turn a LAN client into its own standalone Device, this will create a new Analytics time series. Existing data will still be available in the same place as before, however all new activity will be logged under the newly created Device, if you enabled Analytics at device creation time. You don't have to enable Analytics, if you want one of your LAN clients to stay hidden :)

Using Apps

Control D has GUI Based Apps for Windows, Mac, iOS and Android. Simply download the relevant one for your platform. Input the Resolver ID into the box for the relevant Control D Device you want to setup, and optionally enter the client name. Then you will be able to view Analytics for all the individual clients separately.


If you're not using the ctrld utility, you can still make use of the above system, albeit with some limitations, and you won't see all of the data mentioned above (hostname, MAC address, LAN IP).

To manually "create" a client for a Device simply template the DNS-over-HTTPS URL or DNS-over-TLS hostname with the client name, and configure the resolvers on desired physical gadgets. After you do, you will be able to view Analytics separately for all the clients. For example:


  • Original Device Resolver:
  • Client Specific Resolver:

name-goes-here must not contain spaces or any special characters. Only letters, numbers and dashes are allowed.


  • Original Device Resolver:
  • Client Specific Resolver:

name-goes-here must not contain spaces or any special characters. Only letters, numbers and dashes are allowed.

Apple / DNS Profile

If you're using an Apple device, you can leverage DNS Profiles to achieve this. Simply create a single MacOS or iOS Device for all your Apple gadgets. Then start the setup tutorial by pressing Help Configure. Choose Manual Setup. In the Advanced Settings section, input the client name into the top box.

Download the DNS Profile and continue with the setup flow.

Android Private DNS

When setting up your Android device manually using Private DNS, simply follow the DNS-over-TLS flow mentioned above.

Use Case

You can use this method if you want to prevent "device sprawl" where you're making a separate device for every physical gadget that belongs to a single person, ie. your kid's devices (Johnny's phone, iPad, PC). You can just make a single Device - "johnny" and deploy a modified resolver on each of the devices. Then you can see Analytics for all their devices as a sum, or look at individual stats. You can also re-map an existing client to its own standalone Device, which enforces a unique Profile.