Monday, 26 April 2021

DNS Level Blocking with Control D

As you probably know I'm quite interested and active in testing different security approaches like sandboxing, firewalls and VPNs. Compartmentalizing with virtual machines is also a good strategy. Part of a good multi-layered defence is also a well curated hosts file like this one kept by Dan Pollock and secure, encrypted DNS services. Better even if you can combine features of the last two and keep the nasties out with DNS level blocking. This will give us a much cleaner internet and might even negate the need for a browser level blocker like uBlock Origin.

Windscribe VPN includes a DNS blocker where we can opt to block certain areas like malware, trackers, gambling, fake news, becoming victim to crypto miners and others. These are quite broad and can be customized with your own rule set. Pro subscribers get a thousand rules to define for themselves which includes black listing, white listing and spoofing capabilities but adding all these entries is a lot of work. Unfortunately all similar services I've come across don't allow us to import our own hosts file. No, you have to add them one at a time.

Now there's a new service out. ControlD is a more fine grained type of DNS blocker that makes it easy to filter whole areas as before like malware, telemetry, ads and trackers, social, click bait and so on but also most known web services with sliding a button. It's just come out of beta. We can schedule filters to only be active at certain times, we can still add our own custom rules too and select a global proxy which, although this is not a full VPN service as it doesn't encrypt the connection, would be enough if one just wants to get around geo-blocking and have secure DNS requests so our ISP doesn't know everything about our surfing habits. Or preventing them from injecting ads into our session that are usually not filtered out by browser extension ad-blockers.

 

 

"And finally, drum roll please, we're very excited to announce that our DNS service is finally ready, and we call it ControlD (p.s. It’s Control-space-D, not contro-ID). After 1.5 years of development, bruised fingers from excessive coding, enough Redbulls to power a space shuttle, and 5 months of closed beta testing, we're ready to show it to the world. You can get a free 30-day trial, which is just enough time to fall in love with it, and then miss it and wonder what could have been - except you don’t have to wonder you can always just use it! There is no other service like it out there, and we know with 344% certainty you will enjoy using it, a lot. Just trust us on this one."

This is not a free service and actually I have no idea how much it will be as I'm currently still on the free beta trial but I guess it will be something around the cost of a VPN. A more basic service is available from four free DNS servers at the bottom of the page.

We can change our current DNS in the legacy format which means good old fashioned IPv4 address, DNS-over-HTTPS and DNS-over-TLS to be preferred if you want your requests to be encrypted. If you choose automatic global proxy it will connect to which ever one is nearest so this is the most flexible on your phone if travelling a lot.

The set up tutorial is straight to the point and easy to follow. Give it a go, you might like it. It's not a full VPN but allows for more fine grained filtering and can be combined with running a VPN.

UPDATE 30/07/23: Well, as it turns out after trying this a few times I'ld much rather use a full-blown VPN with integrated DNS blocker which does all this and more. Even for SmartDNS there are better, as in easier to manage, services.

No comments:

Post a Comment

Please leave your comment here. Spam will be deleted.

Note: only a member of this blog may post a comment.

12.04 LTS (1) 1280x1024 (2) 14.1 (1) absolute (6) accessibility (6) ad-blocking (2) administration (2) afterstep (1) android (3) announcements (15) anonymity (5) anonymous (1) anonymous browsing (1) anti-malware (1) anti-virus (1) antiX (4) applications (1) arch (11) archbang (11) archone (1) artix (2) authentication (1) backports (1) base (1) bash (2) bittorrent (2) block-this (1) bluestar (1) bodhi (1) books (1) brave (1) brave-browser (1) browsers (8) browsing (1) bsd (4) bug (2) bugs (3) calculate (1) centos (1) certification (1) chakra (2) changelog (22) chat (1) chatzilla (1) chromebook (1) chromium (2) click (1) commodore 64 (1) ControlD (1) critique (1) crunchbang (5) crux (1) ctkarch (1) cyber war (1) debian (29) desktop (62) devuan (6) digital certificates (1) digital memories (1) distributions (75) DNS (1) documentaries (1) documentation (2) dr. web (1) drivers (1) duo (1) e17 (1) email (1) encryption (3) enlightenment (1) events (1) exit nodes (1) ext4 (1) fake (1) fallout (1) fallout 4 (1) fedora (6) file server (2) file systems (1) firefox (3) flash (1) flush (1) fluxbox (7) fluxflux (1) FPS (2) free software (3) frugalware (1) FSF (1) ftp (2) furybsd (1) fusion (1) fvwm (1) fvwm-crystal (1) games (11) gaming (10) gentoo (3) gnome (9) gnome shell (4) gnu/linux (4) google (2) google-chrome (3) graphics (1) grml (1) gtk+ (1) hangouts (1) hardcore punk (1) hardware (3) how-to (23) humor (2) i3 (1) icewm (6) init (3) init freedom (5) interview (1) introduction (1) jibbed (1) jwm (2) kanotix (4) kde (21) KDE neon (1) kde3 (2) kernel (6) knoppix (1) kodi (2) kongoni (2) kubuntu (3) LAS (1) libtorrent-rasterbar (1) linux (20) linux light (16) Linux Mint (6) live (50) live medium (28) live system (13) liveslak (3) LMDE 4 (3) localisation (1) LTS (1) lxde (12) lxqt (1) mageia (1) mandriva (2) manjaro (1) marine life (1) mate (1) media center (6) mepis (2) mint (5) mobile (2) mobile security (1) movies (6) mozilla (3) music (1) MX Linux (1) netbook (2) netrunner (1) networking (5) news (3) nvidia (1) open source (1) openbox (15) openSUSE (4) opinion (13) other (5) overclockix (1) packages (1) pclinuxos (4) perl (1) plasma (5) poll (2) porteus (3) privacy (5) privoxy (1) programming (1) proxy (2) puppy (3) qbittorrent (1) qt (1) quick look (10) ratpoison (1) red hat (7) redcore linux (1) relax (1) release (2) rescue (3) reviews (57) rhythmbox (1) rolling (1) RPG (2) rpm (1) sabayon (5) salix (15) scientific (7) screenshots (2) scripts (3) seamonkey (1) security (4) semplice (1) server (5) shell (1) shooter (4) siduction (1) slackel (1) slackware (68) slackware 14.2 (2) slackware 15.0 (8) slackware-current (34) slax (7) slitaz (1) smart phones (2) sms (1) south africa (2) specialist (1) spoof (1) ssh (1) surfing (1) systemd (2) table mountain (1) TDE (1) tegra k1 (1) The Walking Dead (1) themes (1) tinyme (2) tips (1) tor (3) torrenting (1) torrents (1) traffic analysis (2) trinity (2) trisquel (1) TV shows (2) TWD (1) ubuntu (6) unity (2) unity linux (4) unix (1) upgrade (6) vector (2) video (4) vinux (2) virtualbsd (1) visual impairment (5) voip (1) vpn (5) VSIDO (1) wallpapers (3) window maker (4) window managers (1) windscribe (1) wireless (10) xfce (16) youtube (1) zenwalk (3) zombies (1) zoo (1)