I've been playing with and learning ControlD as I just started a subscription. Is it possible to use ControlD with the Beryl AX and Adguard Home simultaneously? Because I don't think I can as enabling Adguard Home seems to disable the DNS server settings.
What I want to do is to use Proton VPN with my Beryl AX, which I've successfully done. However, I don't want to use Proton's DNS settings. I want to use DNS over HTTPS and let ControlD filter the ads and let me navigate around geo-restrictions in place. Is this possible? If so, how do I configure this?
Here's the problem. I still want to use Adguard Home. Given what you said, what do I have to do if I want my Samsung Tizen TV to use ControlD? Given my limited knowledge, I'm guessing I'll have to remove the TV from the Beryl AX and reconnect it to the ISP router?
I still don't understand why connecting the TV to the Beryl caused its DNS not to work. Is it not possible to set a rule that lets the TV use ControlD?
Is there a detailed guide to setting up ControlD with the Beryl? Firmware 4.8 looks slightly different from the guide that you linked. Even then, I need more help if I conclude I'll need to disable AGH.
Enabling DNS in both places would cause conflicts. Go into the Adguard Home settings and add ContolD to the Upstream DNS Servers. The Query Log will tell you what's getting blocked and allows whitelisting if needed. Lastly, enable Override DNS for all clients.
I'll try your settings later tonight. If I put ControlD's DNS setting into AGH, is it still necessary to have it in my TV's setting? Or can I reset it to the default?
I have a paid subscription to ControlD. What exactly should I put into AGH's Upstream DNS Server? Currently, I have DoH settings like "https://dns.quad9.net/dns-query" and "https://dns.nextdns.io". I want to continue using DoH. I've been recommended to use these two. Do I have to delete them if I add ControlD to the list? If not, where should I add ControlD and in what order?
Why do you have DNS Rebinding Protection Off? I thought it was recommended to have that on.
In this case, shouldn't I also have allow custom DNS to override VPN DNS on?
ContolD (paid) and Quad9 DNS block ads at the cloud level. Basically, set it and forget it.The purpose of Adguard Home is to self host and control what gets blocked through the use of block lists. That's why I'm using non-filtering upstream DNS. ControlD (paid) and Quad9 are great, but you don't need to use those AND Adguard Home. They do the same thing at different links in the chain.
Currently, I have DoH settings like "https://dns.quad9.net/dns-query" and "https://dns.nextdns.io". I want to continue using DoH. I've been recommended to use these two. Do I have to delete them if I add ControlD to the list? If not, where should I add ControlD and in what order?
ControlD does more than just offer blocklists. It can also help circumvent geo-restrictions. That's why I want to use it in addition to using AGH. ControlD's subscription also doesn't offer all of Hagezi's blocklist or any way to manually add them. That's why I want to know how to use ControlD with AGH.
If this can easily be done, I guess I'll have no choice but to remove the TV from the Beryl and move it back to another wireless network so that its custom DNS isn't blocked.
Can you confirm that I entered and am using the two DNS upstream server entries correctly? It's what I was recommended.
I just moved my TV out of the Beryl AX network as I got fed up with this. It's working again. I really want to have the TV behind the VPN and connect to ControlD at the same time.
Did you not turn on DNS Rebinding Attack Protection?
The VPN is its own issue. The VPN connection will have its own DNS configured by the provider. Unless your queries are encrypted, you can't bypass that.
So how do I do that? On the TV, I can only enter the unencrypted setting, which is in a 76.76.x.x format. I figure if I just put my ControlD's HTTPS setting from my account into the Upstream DNS server, it should work, but still no.
I'm all out of ideas for your use case. I use the following Custom Filter in Adguard for my work laptop. This rule prevents Adguard from blocking requests from this laptop. I setup a static IP in the laptop so it that never changes.
If this is true, then how am I using AGH and the Upstream DNS servers?
I've mentioned this several times and do you know the answer to this?
Currently, I have DoH settings like "https://dns.quad9.net/dns-query" and "https://dns.nextdns.io". I want to continue using DoH. I've been recommended to use these two. Do I have to delete them if I add ControlD to the list? If not, where should I add ControlD and in what order?
The Upstream DNS servers are where Adguard Home gets the IP addresses for the sites you want to visit. You can use just 1 or many upstreams to retrieve that info. I use 2 (free) public DNS upstreams for redundancy.
If you add more than 1 upstream, AGH will just take turns using them. Without the upstreams, AGH doesn't "know" what FIFA.com's IP address is, for example.
Adding Quad9 or NextDNS to your upstreams kind of defeats the purpose of paying for ControlD. Two-thirds of your requests will answered by Quad9 or NextDNS. You can delete those and just use ControlD's DoH server.
I'm still very much a beginner at this and as I learn from experts like you, I hope to make better decisions and further fine-tune the Beryl AX and AGH to meet my needs.
Can you elaborate further on how listing multiple upstream DNS servers works? Is there even such a thing as a downstream DNS server? When I have three servers on the list, with ControlD on the first row and Quad9 on the second row, does that mean AGH will always use ControlD first, and if things don't work out, then use Quad9 second?
Yes, I'm paying for ControlD and I'm still learning the difference between that and Quad9. I'm only using Quad9 because it was recommended for its security. Will this make it easier to profile and fingerprint me since you said Quad9 is redundant? How can I conclude it's redundant by analysing the stats?
I've gone back and looked at the stats after re-adding the TV to the Beryl AX. There is no doubt in my mind that I added the right HTTPS server for ControlD to the Upstream list as the Samsung TV's queries skyrocketed and were being blocked.
I think I'll have to email ControlD and ask what the next step forward is. I'm happy that at least I'm blocking as many ads and trackers from Samsung as I can. The numbers are staggering. Samsung is a spying machine. I'm not convinced that ControlD is enough as they don't have all of the blocklists that AGH has by default and what I can add later.
I'm sure you know that when you type www.fifa.com into your browser, your device needs to know the IP address before you can load that site. Adguard Home is your personal DNS (address book). But it doesn't know the IP address either if you've never visited that site before.
AGH contacts the Upstream Server (that you pick) to get that IP address and returns the answer to your device.
ControlD, NextDNS, Quad9, Cloudflare and others are just companies that host DNS servers to answer those queries. They all do the same thing in slightly different ways.
You only need 1 upstream server in your AGH. The main purpose of the upstreams is to just get the IP addresses.
AGH will refuse to load a site, if it's in the blocklist selected on the Filters tab.
That's how I use AGH. My upstreams don't block anything. AGH does.
