I am confused: which one is a preferred/recommended way? I am trying to set up ControlD on the router.
Whichever you prefer. They implement different protocols: DoT, DoH, DNSCrypt respectively. First two are the most widely supported, the last one probably better from design perspective (dnscrypt-proxy is no longer developed AFAIR). But all of them will be slower than regular DNS over UDP. Choose who do you trust more. Do you want to share your history not only with your ISP but with Google (or Cloudflare) too? Secure DNS has little sense without encrypted SNI.
Personally I prefer stubby for its simplicity, it has no clutter I don't plan to use unlike dnscrypt-proxy2. I use it not to hide my request but to drop EDNS Client Subnet information (Quad9) which is used by some idiots to sanction users from some countires (www.themoviedb.org is one of those idiots).
1 Like
My main use case is malware and ad blocking across all devices on LAN and outside of it. I am currently using NextDNS for this purpose, but looking into ControlD as an alternative.
Performance is never an issue, because each device is caching locally now.
https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/ - actually it is.
Adblock + BanIP do the job for me.
@fantom-x Controld recommended method is to install the binary by ssh into the router. I’ve been doing this successfully for ages on my Gl.INet Brume2. But after changing from Gl.INET firmware to 24.10 official OpenWRT release I can no longer get ControldD working. The binary installs fine but cannot setup dns when authenticating with their web portal. Seems like there is an issue with this release. Others using dns forwarding proxys seem to be having set up issues since 24.10.
Yeah, the binary does not work on x64 at all as per r/ControlD so I am trying to find a different way. I used stubby with NextDNS before and then switched to their client.
As awesome it is, it only works on LAN. I need this to work across all devices no matter where they are.
Android works great with DoT without any additional software for quite some time...
http-dns-proxy, replace the default google/cloudflare with ControlD from the list in the app and you are good to go.
I believe you have chosen ControlD prior asking the question... so just do it 
Yup, just tried your suggestion. Works so far, I think.
Sure. Use https://www.dnscheck.tools/ see what you get
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.