You shouldn’t need an addnl software for Control D; they’re apart of the stock listings @ GL GUI → Network → DNS → Encrypted DNS when you search for a server (+ Servers).
It shouldn’t; the VPN policy should be applicable here. You know this; we were in the same related thread: