Release v1.3.10

Upgrade Notice

If your machine has virtual interfaces, it is advisable to conduct uninstallation prior to upgrading from v1.3.9 to v1.3.10.

• ctrld uninstall
• Ensure all virtual interfaces are in correct/clean state.
• ctrld upgrade prod

Now you can run/install ctrld as usual.

---

Minor Release

This contains new features, some performance improvements and bug fixes.

Added

• ctrld will now leak queries to OS resolver if all upstreams are failed to connect when running in --cd mode. A new configuration is also added to toggle this behavior. This should allow for captive portals to be loaded normally.
• h3:// prefix can be used in upstream configuration to force HTTP3
• sdns:// prefix can be used in upstream configuration to use DNS stamps.
• ctrld will now re-fetch config from Control D API when visiting the status page
• ctrld will now auto-detect and add split DNS rule for Active Directory domain if not present.
• A custom hostname can now be set when installing ctrld using provision code (Orgs only)

Improved

• Getting physical interfaces are now more accurate on Windows and MacOS.
• ctrld start command will now terminate earlier when ctrld service failed to start instead of waiting until timeout happens.
• A warning message will be printed to users if installation failed due to MacOS 15.0 bug.

Fixed

• Fixed racy behavior between reset DNS and DNS watchers.
• Fixed high CPU usage when checking self-queries on Windows.
• Fixed DNS query loop with Site Magic VPN on Unifi devices that resulted in CPU exhaustion when ctrld is running on multiple machines part of the same network

Release v1.3.9

Minor Release

This release contains a fix for the issue where the DNS watchdog might flood SOA queries, causing CPU exhaustion on Windows.

Release v1.3.8

Minor Release

This contains new features, some performance improvements and bug fixes.

Added

• On Darwin or Windows, DNS settings will be reverted if changed. Additionally, new configurations are available to control whether to enable or disable this new feature.

• ctrld will perform a self-uninstallation if Endpoint is removed from the Control D web panel to avoid breaking DNS in this scenario

• Custom config will be refetched every 3600 seconds. Additionally, a new configuration option is available to change the default refetching interval.

• The ctrld start command without arguments will start the ctrld process with previous arguments instead of performing a fresh installation.

• A new flag, --cleanup, has been added to the ctrld uninstall command to remove all files on disk

Improved

• mDNS probing loop memory allocation.
• The default config directory on EdgeOS has been changed to the same directory as the ctrld binary, ensuring the config file persists through firmware upgrades.
• The ctrld restart command will output a validating remote config error message.
• Physical interface detection now relies on available hardware ports rather than hardcoding on Darwin.
• The OS resolver will only use available DNS nameservers from system configuration.

Fixed

• Correct incorrect status reports when not running as root on Darwin.
• Fix the issue with watching the /etc/resolv.conf file when it's a symlink.
• Fix the issue where the ctrld reload command does not reload rules. Additionally, the new config will now be written to disk.
• Fix the issue where the self-check process does not correctly re-read the config file.
• Fix the issue where the OS resolver fails to resolve queries on some Linux routers.
• Fix the issue where ctrld service start may reset DNS, even though it shouldn't.

Release v1.3.7

Minor Release

This release contains new features, some performance improvements and bug fixes.

Added

• Add --skip_self_checks flag to skip all self checks.

Improved

• Self-check process now runs faster.
• upgrade sub-command can now run even when ctrld is not running.

Fixed

• Fix systemd-networkd-wait-online blocks ctrld start on Linux.
• Fix false positive during self-check process on WIndows system.
• Fix wrong upgrading url on arm platforms.
• Fix flaky behavior when upgrading using the installer on OpenWRT routers.
• Fix wrong nameservers for OS resolver between ctrld runs.
• Fix a panic + DNS loop when checking if upstream is down.

Release v1.3.6

Minor Release

This contains new features, some performance improvements and bug fixes.

Added

• upgrade command with 2 optional args: dev and prod.
• Support MAC address wildcard matching in listener policy.
• Config param to specify domains which ctrld will trigger a flush cache before sending request to upstream.
• Support for Netgear Orbi with Voxel firmware.

Improved

• General improvements to the UX:
  • Self-check process won't hang forever when ctrld failed to connect to socket control server.
  • Un-usable interfaces will be ignored during set/reset DNS on Darwin.
• DoH/DoH3 endpoint can now be set without specifying scheme (assuming https).
• Queries from host which run ctrld will now always use the same hostname.
• ctrld now uses the same directory with ctrd binary as home directory on Firewalla.
• ctrld start command now validates remote config, allowing better UX with invalid config.
• On BSD, unbound and dnsmasq status will be recorded using system config.
• Checking PIN protected deactivation will now happen before any calls to Control D APIs.

Fixed

• Fix PIN protected deactivation for mobile platforms.
• Fix NDP discover issue with Android clients.
• Fix quic-go's ECN issue on some platforms.

Release v1.3.5

Minor Release

This contains new features, some performance improvements and bug fixes.

Added

• PIN protected deactivation.
• Windows Server (2019, 2022) support

Improved

• Clients with empty hostname will be filled in based on other clients with same MAC address.
• File information is now included in Windows builds.
• DNS settings updated on all physical interfaces on Windows/Darwin.
• Static DNS settings of the current network interface are preserved before installing ctrld and restored when uninstall command is executed on Windows/Darwin.
• File /etc/resolv.conf is now watched for changes on all unix platforms.

Fixed

• Fix detecting UniFi UXG products.
• Fix ctrld uninstall command sometimes failing on Windows.

Release v1.3.4

Minor Release

This contains new features, some performance improvements and bug fixes.

Added

• Add NDP discovery.
• Support for custom device names on Ubios routers.
• host_entries.conf (Host overrides) parser in pfsense/OPNsense.
• kea-dhcp4 parser in pfsense.
• Internal stats and Prometheus exporter

Improved

• Client information (mdns data) is automatically discovered from the Avahi daemon if it is running on the device.
• ctrld on some routers uses dnsmasq: max-cache-ttl=0 to prevent wrong caching of queries with multiple listeners, by ensuring DNS records are always refreshed.
• The discovery refresh interval can now be configured.
• On FreeBSD, if ctrld stops unexpectedly, it will restart automatically.
• ctrld's bootstrap DNS is now different.
• On UniFi OS, ctrld will report an error if DNS shield was enabled.

Fixed

• Latest Ubiqiti firmware bugs
• Fix the TOML struct tag for ARP discovery.
• Fix MAC policy not working when non-Control D upstreams are used.

Release v1.3.3

Minor Release

This contains some improvements and bug fixes.

Improved

• Logging:
  • The logging of request flow is now more clearer and more useful between INFO and DEBUG level.
  • DoH header logging has been adjusted to match the format and level of detail used for the rest of the request flow.
• ctrld now uses /var/run as the running directory for its control server on nix systems.
• Using invalid flags no longer throws errors; they will be disregarded instead.
• WSAEHOSTUNREACH on Windows is now classified as a network error.

Fixed

Fix the bug that causes the check upstream process to run only once.

Release v1.3.2

Major Release

This contains new features, some performance improvements and bug fixes.

Major Changes

• Will now respond to LAN-local machine hostnames and PTR record queries using the internal discovered clients list
• MAC address based DNS steering policies were added
• Will no longer respond to DNS queries made from WAN IP addresses by default
• Any RFC1918/CGNAT/local DNS upstream will now be automatically used for PTR discovery

Added

• Support MAC address-based policies.
• Add a flag to set the upstream type in CD mode.
• Add reload command.
• Add a config option to [enable an upstream to be used for LAN/PTR queries.
• Add a config option to specify how the client ID is generated.
• Add a config option to enable/disable answering queries from WAN clients.
• Add NextDNS mode.

Improved

• Relax the service's dependency on systemd-netword-wait-online.
• Upstream monitor checking more aggressively.
• mDNS discovery will not complain about the use of closed network connections.
• An RFC 1918 address will be used in client info instead of localhost for requests to local listeners.
• Bump golang.org/x/net to v0.17.0
• Probing for IPv6 will not flood requests to the Control D server.
• PTR discovery will result in less noise in the log.
• "ctrld service start" will not do router setup anymore, allowing power users full control of configuring ctrld manually.
• ctrld will now notify users when reading or writing to the configuration file.
• Pre-run conditions on Merlin routers are more thoroughly checked.
• DNS loop test queries will not be sent for non-local upstreams.
• WAN originating DNS queries will be refused by default using REFUSED RCODE

Fixed

• Fix mobile platforms that crash if fetching the resolver configuration fails in CD mode.
• Fix the wrong checking condition that causes --cd-org not to be removed from the command line arguments.
• Network policies now function correctly when ctrld is upstream for dnsmasq.
• Fix EDNS0 with RFC 1918 and loopback addresses results in suboptimal Control D server responses.
• Eliminate duplicate client IDs generated for the same IPv6 client.
• Re-bootstrap transport in cases of network outages more aggressively

Release v1.3.1

Minor Release

This is a minor release with new features, some performance improvements, and various bug fixes.

Added

• Support the hosts file as a source for resolving hostnames.
• Including the OS version in the DoH header.
• Including the client's IP address when ctrld is an upstream of dnsmasq.

Improved

• Making PTR lookup failures less noisy for users.
• Upgrading quic-go to v0.38.0
• ctrld now generates a working default configuration in both cd and local mode.
• Using /etc/version to detect a UniFi Gateway.
• The general performance and stability of ctrld:
  • All upstreams are monitored to prevent high resource consumptions in case of outage.
  • Guarding against DNS loops.
• Reporting error when --cd/--cd-org is set to empty string.

Fixed

• Service restart loop in EdgeOS.
• Using Control D bootstrap DNS for the OS resolver, fixed #59.
• Fix the default route IP address with the public interface.
• Fix the setting of DNS so that it takes effect in some cloud providers with systemd-resolved.
• Fix ctrld home directory created randomly with windows RMM.