Control D Review: Hands-On Testing of Its Business DNS Filtering

Control D

$

2

• Take Control D Trial
• How we test →

Control D is a modern, customizable DNS service that blocks unwanted content and threats at the domain level. It caters to various entities, including startups, small businesses, educational institutions, hospitality sectors, MSPs, and non-profits.

It aims to boost organizations’ productivity with content filtering, help make informed decisions with DNS query analytics, and enhance security & online privacy with its ad and malware blocking features.

But does it truly deliver on its promises? This is what I’ll determine in this detailed Control D review, which is based on my hands-on testing and thorough research.

I subscribed to a free trial of Control D and explored its features. So, everything you read next is based on my experience with the platform. This will help you decide if Control D is a good fit for your DNS filtering needs.

Features

• Web and service filtering.
• Custom DNS Filtering.
• Malware blocking.
• Encrypted DNS with modern protocols like DoH, DoT, and DoQ.
• Real-time DNS request and network activity monitoring.
• Admin logs to track admin actions.

Pros

• Triple-action malware threat blocking for comprehensive security and protection.
• Intuitive interface gives a decent user experience.
• A generous 30-day free trial, without requiring credit card information.
• Seamless integrations for streaming DNS query logs into SIEM.
• Simplified DNS settings management thanks to multi-tenancy capability.

Cons

• Can’t effectively block beyond DNS like BitTorrent protocol.
• It can redirect traffic but offer limited geo-unblocking.

What Is Control D?

Control D is a customizable Domain Name System (DNS) service that lets you control how internet traffic is routed by modifying DNS settings. It provides access to secure DNS servers, ensuring that all DNS queries are encrypted and protected against manipulation or interception by malicious actors.

The platform helps block intrusive ads, harmful content, and cybersecurity threats on all connected devices. Control D also provides network-wide DNS filtering capabilities. You can set up DNS filtering at the router level, enabling you to apply rules and settings across your entire network.

Control D is a part of Windscribe, a leading security and privacy company based in Toronto, Ontario. Windscribe is privately owned and operated by its 3 founders—Yegor Sak, Alex Paguis, and Mark Ulicki.

Though anyone can use Control D for personal DNS filtering, it’s better suited for organizations due to its business-focused features, including admin logs, data streaming into SIEM tools, comprehensive analytics, and more.

Control D operates as a no-log DNS provider. It doesn’t save any DNS queries data unless you choose to do so for analytics purposes.

In this review, I will test the business-targeted features of Control D.

If you’re new to custom Domain Name System (DNS), here’s a quick primer on how custom DNS works.

• You set up a custom DNS service instead of using your ISP’s default DNS.
• Your device sends a request to the custom DNS when you enter a website name.
• The custom DNS server finds and returns the correct IP address.
• Your browser uses the IP address to load the website.
• The custom DNS applies features like ad blocking, content filtering, service filtering, and custom rules.

8 Key Features of Control D

In this section, I will explore the key features of Control D. To start using Control D’s DNS service, you first need to set up your device.

Control D offers advanced DNS server management features through Profiles and Endpoints. It allows you to add client (end-user device) and server (routers and firewalls).

For this test, I will add a client—my Windows PC. An Enforced Profile is a set of rules and settings applied to an endpoint. Any changes made to a profile’s settings and rules will automatically apply to all endpoints using that profile.

I will use Testing Profile throughout this article.

Once you have added your device, you need to configure it. You have two options to configure your added device—manual and automatic using the app. I have set up my PC via the automatic method. You can also set up your device using CMD and PowerShell.

Now that my device setup is done, I will explore the Control D features below.

1. Customizable Web & Service Filtering

The main reason why we use a customizable DNS service is to control the access to the web and services. Control D allows domain-based blocking, enabling users to restrict access to specific websites and services based on predefined rules.

Let’s find out how good Control D is at web & service filtering.

To filter websites and services, go to the Profile section. Here, you will see menus to manage Filters, Services, Rules, and Profile Options.

Control D offers various pre-configured filters, such as Ads & Trackers, Adult Content, Artificial Intelligence, Clickbait, Crypto, Dating, Drugs, and more. To block crypto sites and crypto mining services, you need to turn on the Crypto filter.

Now, as I have turned on the Crypto filter, my PC should not open any crypto website. As expected, I cannot open Crypto.com on my PC.

As you can see in the screenshot above, Control D’s filtering works as advertised.

Control D lets you filter various services, including Audio, Career, Finance, Gaming, News, and more. Each Service menu has a list of websites whose access you can manage.

For example, the Social service includes 54 websites, such as Facebook, LinkedIn, Gmail, and more. For testing purposes, I’m going to block Facebook.

As expected, Facebook is blocked on my PC.

In my testing, Control D’s web and service filtering abilities worked as advertised.

2. Malware & Phishing Blocking

The Profile Options menu provides various settings that you can tweak to meet your organizational needs. For example, you can change your profile name, set a default rule, enforce a safe search, and apply an AI Malware filter that uses machine learning to identify and block malicious domains.

AI Malware Filter offers 3 settings—Relaxed Mode, Balanced Mode, and Strict Mode. As this feature is experimental, it can show some false positive blocks.

Control D’s malware and phishing blocking acts in 3 ways to provide threat protection:

1. It identifies and blocks known malicious domains compiled by reputed threat intelligence sources.
2. Block domains resolving to known IP addresses to prevent access if the domain name changes.
3. Leverages AI and machine-learning to identify and block malicious domains

In my view, this triple-action malware protection can offer reliable malware and phishing protection, especially at a time when 90% of organizations face domain-based attacks.

3. Encrypted DNS Protection

Regular DNS queries are unencrypted, which means your internet service provider (ISP), hackers, and government agencies can see which websites you visit. Malicious actors also carry out DNS spoofing attacks to compromise your business security. With Control D’s encrypted DNS, you can tackle these security threats successfully.

Also, Control D’s encrypted DNS helps prevent data breaches by securing sensitive DNS queries. Plus, it helps meet compliance with regulations that require the protection of personal data, including DNS queries.

For DNS query encryption, Control D uses modern protocols like DNS over HTTPS/3 (DoH3), DNS over TLS (DoT), and DNS over QUIC (DoQ) as shown in the screenshot below.

DNS over HTTP/3 (DoH3) is an improved version of DoH that offers improved speed and security.

4. Real-time Monitoring & Analytics

Control D provides you with deep visibility into your users’ online activities. As a result, you can get insights into how users consume the internet in your organization, making it easier for you to identify abnormal patterns and potential security risks.

Its Statistics section lets you visualize all usage data, as shown in the below screenshot, to help you understand trends and patterns in your organization’s internet network. You can sort visualized data by Filters, Services, and Locations.

I liked its Usage Summary & Visualization feature as it gives a clear view of network activity by highlighting trends and spikes, which helps you quickly understand your users’ browsing activities.

The Statistics section shows you the following key insights into your users’ internet activities:

• Filter Blocks & Active Services
• Traffic Insights, like Sources, Destinations, and Networks
• Top Domains data, including Blocked, Bypassed, and Redirected

5. Audit/Admin Logs

A good customizable DNS service should be able to offer a view of all DNS queries made in your organization, and Control D lets you do that.

As shown in the screenshot below, you can see all DNS queries historically in real-time.

Data can be filtered in multiple ways, including Date, Protocols, Actions, Filters, Services, and more. The platform also allows downloading audit log data in CSV.

Control D keeps persistent records of all administrative actions. By analyzing an audit trail of all actions performed in your company, you can ensure transparency and identify unauthorized changes.

The Audit log tab, as shown below, lets you know where the action occurred (Organization), who performed the action (Admin email), what specific action was performed (Action Performed).

Based on my testing, I’m fully satisfied with Control D’s ability to track audit/admin logs. It offers enough data to make informed decisions.

6. SIEM Integration

Control D lets you stream DNS query logs to Security Information and Event Management (SIEM) platforms in real time. This helps you collect detailed information on DNS activity. Consequently, it provides quicker incident response.

You can maintain an audit trail of all network activity by feeding DNS logs to your SIEM, which supports regulatory and compliance requirements such as HIPAA and GDPR.

I liked Control D’s ability to filter DNS logs, enabling you to pick only data relevant to your organization’s needs without feeding unnecessary data to your SIEM.

However, you’ll require the open-source Fluent Bit middleware to integrate Control D with your SIEM solution. You can integrate it with various SIEM tools, including IBM QRadar, Splunk, and more.

7. Traffic Management

Control D allows users to route DNS queries through predefined proxy locations. These proxy locations are strategically selected to improve performance and optimize internet speed based on the user’s geographic region.

During my research, I noted the following 3 standout traffic redirection features:

1. Redirects DNS traffic through transparent proxies to various global locations, masking the client’s source IP without requiring a VPN.
2. Allows custom domain-level redirection, giving users control over which domains to redirect and the proxy location to use from 100+ available options.
3. Redirects specific web apps or services through Control D’s proxies, bypassing the need to identify individual domain names.

The above features let you manage your traffic flow flexibly and strengthen privacy and security.

Traffic management is handled mainly in the following sections:

• Custom Rules: Create specific rules to block, bypass, or redirect traffic for particular domains.
• Services: Block or redirect traffic for over 850 specific services and web apps.
• Profile Options: Set global rules like Safe Search, Restricted YouTube, and Default Rule for broader traffic management.

8. Control D Integration

Control D supports various integrations, including leading routers, operating systems, web browsers, remote monitoring and management (RMM) tools, and more.

Here are some key highlights of Control D’s vendor support:

• Routers: Asus Merlin, DD-WRT, Firewalla, OpenWRT, pfSense, and more.
• Operating Systems: Windows, macOS, Linux, iOS, and Android.
• Web Browsers: Chrome, Edge, Firefox, Safari, Brave, Opera, and Vivaldi.
• RMM Tools: NinjaRMM, ManageEngine Desktop Central, ConnectWise RMM, and more.

With easy integration with RMM tools and cross-platform support, enterprises can quickly deploy Control D across their endpoints while ensuring seamless compatibility across different devices and operating environments.

What Problems Does Control D Solve?

Here are key privacy and security problems Control D solves.

• Secure user device: With Control D, you can protect users in your organization by blocking access to malicious domains and ads. This reduces exposure to cyber risks within your organization.
• Block unwanted content: Accessing unwanted content often kills productivity in your organization. By filtering this type of content, you can improve productivity levels. Control D also blocks ads and trackers, protecting your users’ privacy and improving their browsing speeds.
• Protect an organization’s network: Control D can secure your organization’s network by filtering harmful content, blocking malware, and redirecting DNS traffic through secure global proxies.
• Proactive monitoring: It provides detailed DNS analytics and real-time logs to help organizations monitor network activities and make informed decisions.

Control D helps organizations meet Children’s Internet Protection Act (CIPA) compliance by blocking harmful content and providing age-appropriate filtering options. It enhances Health Insurance Portability and Accountability Act (HIPAA) compliance with real-time monitoring, phishing protection, and malware defense, safeguarding ePHI and network security.

Moreover, Control D also helps meet Keeping Children Safe in Education (KCSIE) compliance by being an IWF member, following Counter-Terrorism Internet Referral Unit (CTIRU) standards, and offering advanced content filtering.

How Fast Is Control D DNS?

An independent speed test by DNSPerf shows that Control D provides ultra-fast DNS resolution, processing queries in just 16.16 ms globally and outperforming leading competitors such as NextDNS and SafeDNS in speed.

For the same query, NextDNS took 20.57 ms, while SafeDNS took 22.33 ms.

Control D Pricing

Control D offers 3 tiered plans: School/Non-Profit, Managed Service Provider (MSP), and Business.

Here is a feature comparison table for different Control D pricing plans.

Feature	School/Non-Profit	MSP	Business
Pricing Starts at	On-request	On-request	$2/endpoint/month
Malware and Phishing Protection	✅	✅	✅
Flexible Content Blocking	✅	✅	✅
Block-able Services	850+	850+	850+
Modern Protocols	✅	✅	✅
Query Log Retention	3 Days	3 Days	3 Days
Analytics Retention	1 Year	1 Year	1 Year
Content Redirection	❌	❌	✅
Single Sign-On	❌	✅	✅
SIEM Log Streaming	❌	✅	✅
Admin Action Logs	✅	✅	✅

You can start with a free trial (no credit card required) to explore its features. The company also offers a free demo.

Control D Support

Control D offers 3 support options: email, support ticket, and its Barry AI assistant. For general query, you can write to hello@controld.com. And business inquiries should be addressed to business@controld.com.

The platform’s support ticket is quick to offer resolutions. They replied to my query within 30 minutes (that was fast!).

During testing, I also found the Barry AI Assistant quite helpful, and it had a smooth user experience. It was able to resolve most of my product-related queries.

It also maintains a rich knowledge-base that offers easy-to-follow guides and resources on getting started and using Control D optimally.

I would suggest trying Barry chatbot first for technical help.

Control D Alternatives

Control D competes with leading custom DNS solutions like NextDNS, SafeDNS, Clean Browsing, and Cloudflare Secure Web Gateway.

In the table below 👇🏼, I’ve compared Control D with these alternatives, focusing on key features such as custom DNS filtering, ad and malware removal, pricing, and the availability of a free trial.

Who Should Use Control D?

After exploring the key features and alternatives of Control D, you might wonder who should use it. Here are the ideal target audiences for Control D:

• Businesses & IT security teams: Control D is ideal for businesses and IT security teams. It offers customizable DNS filtering to block threats like malware and phishing. The platform helps monitor DNS queries, analyze traffic, and improve security. With SIEM integration, businesses and IT companies can use it to identify security threats as they happen. Additionally, its multi-tenancy feature allows companies to manage different departments, teams, or clients centrally.
• Privacy-focused individual users: Control D is perfect for privacy-conscious individuals because it helps reduce data tracking and exposure to threats. With an easy-to-use interface and customizable options, users can tailor security settings to block unwanted content and protect their online experience.

Who Shouldn’t Use Control D?

While Control D offers excellent benefits, it may not be the best fit for someone who is looking for more comprehensive protection across their entire organizational network.

As it focuses primarily on DNS filtering and doesn’t offer complete network-level security, a Secure Web Gateway (SWG) solution, like Cloudflare Gateway, can be the best fit for organizational network security.

You can explore these leading SWG solutions for more details on how they protect enterprise networks from web-based attacks.

Control D Verdict

Control D is a powerful and customizable DNS filtering solution. Its robust security features, like malware and phishing protection, encrypted DNS, and real-time analytics, delivered on their promises in my testing. Its multi-tenancy feature and SIEM integration make it an excellent choice for businesses, IT security teams, and managed service providers.

However, its endpoint-based pricing may not be cost-effective for large enterprises. Nonetheless, if you’re running a small to medium-scale business with less endpoints, its pricing won’t be an issue for you.

Overall, Control D receives the Geekflare Value Award for its ease of use, affordable pricing (for small to mid-tier organizations), and advanced features that enhance privacy, block unwanted content/ads/malware, and provide actionable insights into network activity. Plus, you get to try it free for 30 days—no credit card required!