How about Google Safe Browsing and maybe Yandex Safe Browsing? To disable these services in browsers and use only the service from DNS.
Also maybe I don't quite understand, but in the user rules there are only three options: block, redirect, bypass, but there is no allow function? That is, to open the site through a proxy and not to block it. Is it possible to implement this feature?
Redirect rule will do exactly what you want.
@windscribe thanks for the reply. Although multiple device support is great it is an issue for a router than only supports ‘legacy dns’. For NextDNS I can link the IP of my house to the service and use whatever filters for that to manage the whole house filtering. And then manage individual devices that can handle DoH or DoT as necessary. I suppose a work around would be your free DNS with malware filtering and then manage each device that supports encrypted DNS, but it would be nice to be able to filter the router based on the IP. I will also keep bugging the router manufacturer to add DoH/DoT support.
ControlD links your IPs automatically when you interact with the website OR when you use DoH/DoT. It will work in parallel from your home IP using legacy DNS, your phone using DoT on cellular, and your roaming laptop using DoH on a random hotspot. In cases of your IP changing on your home network, and you're forced to use Legacy DNS because there is no support for DoH/DoT, what you can do is configure DoH directly in the browser that you use on this network, or something that generates DNS traffic. If your IP suddenly changes, the DoH/DoT query from your home network will authorize your IP to use Legacy DNS. This eliminates the need for Dynamic DNS setups using 3rd party services.
There are things I like about ControlD better, and there are things I like about NextDNS better. As has been mentioned here, multiple device support and better granularity of the filter lists, as well as analytics and logging, are better with NextDNS. But the custom rules, bypassing of services and whitelisting and global proxy are better with ControlD. I am curious though, why is a VPN not recommended in conjunction with ControlD? If it is to prevent dueling-dns-services, why not just set ControlD up as a custom dns server in your VPN app? Anyway, both these services seems really cool, and warrant further tinkering.
Multi-device support will be added by end of June, we didn't want to hold back the release for this. We're against analytics as that requires query logging for all your activity. This is why the query log you can enable only lasts for 2hrs, and it's not stored in any permanent place. It's streamed directly from the process memory into your browser with no permanent storage. This is a Windscribe product after all....
Ad for granular blocklists, less is more in this case. We do not expose individual community blocklists, because they are riddled with false positives and have no meaning for most people. Nobody knows what they are or what the difference is unless they're super into Pi-Hole, DNS, etc. 99% of people are not.
Our blocklists are based on top of 27 different lists (~1M domains), with our own blocklists added on top, and most importantly false positives removed based on 2 years of community feedback from millions of Windscribe users. Our combined lists are much more effective than random Github lists you're probably using. Those lists are compiled by people as a hobby, we do this for a living and we have a large community that reports issues to us. Our custom whitelist has thousands of domains that are falsely blocked by most community lists.
I recommend just using our list, and see for yourself.