Release v1.4.7

Minor Release

This contains new features and improvements.

Added

• Make RFC1918 listener spawning opt-in via --rfc1918 flag instead of automatic behavior.
• Add the Darwin 15.5 upgrade issue to the known issues documentation.
• The mobile library can now be initiated with a provision ID and custom hostname.

Improvements

• Upgrade the quic-go library to v0.54.0 to improve API usability and resolve several bugs.

Fixes

• A bug was fixed where ctrld would incorrectly listen on RFC1918 addresses associated with virtual interfaces. This behavior caused unnecessary delays in resolving DNS queries, especially when those virtual interfaces were not active.

Release v1.4.6

Minor Release

This contains improvements and bug fixes.

Added

• Support for OPNsense 25.1.7 was added via a new lease file (@jquick).

Improvements

• Moved network monitoring creation to a dedicated goroutine for better performance and to ensure only a single instance is started.

Fixed

• Corrected an issue where Windows domain join status was not being detected properly.
• Addressed a bug where the upstream process check failed when attempting to process large DNS responses.

Release v1.4.5

Minor Release

This contains new features, and improvements..

Added.

• Major version upgrades are prohibited to avoid introducing breaking changes

Fixed

• Support Merlin 3006 base firmware.
• Support Ubios 4.3+.
• Addressed a regression preventing ctrld start from successfully initializing with an empty positional argument.

Release v1.4.4

Minor Release

This contains new features, improvements, and bug fixes..

Added.

• ctrld will now preserve search domains settings.

Improved

• To enhance security on Windows and macOS desktop environments, ctrld no longer listens on the broad 0.0.0.0 address by default, thus preventing potential DNS amplification and abuse.
• The OS resolver now incorporates a Singleflight pattern, effectively de-duplicating repeated queries to the upstream and significantly reducing network operations. Furthermore, a hot cache is implemented to provide short-term storage of query responses.
• Make IPv6 detection more reliable by not relying exclusively on DNS port availability.
• Make TLS certificate verification error messages more helpful when the certificate's issuing authority is unknown.

Fixed

• Corrected an issue with incorrect Edns0 client cookie setting for cached DNS answers.
• Corrected an issue causing ctrld reload command emits an invalid error message.

Release v1.4.3

Minor Release

This contains new features and bug fixes.

Added.

• ctrld will now consider the /etc/resolv.conf file as a source for DNS configuration on all Unix-like systems.

Fixed

• Corrected an issue causing ctrld to fail to bootstrap upstreams when DNS is unavailable.

Release v1.4.2

Minor Release

This contains new features, some performance improvements and bug fixes.

Added

• The ctrld binary will now perform self-upgrades to the latest stable version, as defined by a target version specified via the API.
• Implemented a new dnsmasq configuration manipulation routine for Merlin routers, optimizing compatibility across diverse Merlin hardware platforms.
• Ability to run on a machine with no working DNS (ctrld will establish direct IP HTTPS connections)

Improved

• The IPv6 availability check mechanism was enhanced to trigger based on network change events, thereby eliminating the need for periodic polling.
• The client discovery feature has been deactivated for desktop environments, encompassing Windows Desktop and macOS, thereby preventing the execution of redundant background discovery routines.
• The golang.org/x/net dependency has been upgraded to v0.38.0 to remediate the vulnerability identified as GO-2025-3503 and CVE-2025-22872.
• LAN query performance has been significantly improved.
• To ensure consistent shutdown behavior, ctrld now handles OS service manager stop signals identically to the ctrld stop command.
• Legacy queries are no longer sent to ControlD bootstrap DNS.
• ctrld now implements direct IP address resolution for ControlD assets as a failover strategy when domain resolution fails.

Fixed

• Addressed an issue that prevented the ctrld start command from restoring DNS following a failed self-check.

Release v1.4.1

Minor Release

This contains new features, some performance improvements and bug fixes.

Added

• This release adds support for OpenWrt 24.10 and newer versions, accommodating the updated dnsmasq configuration.

Improved

• The IPv6 checking mechanism has been redesigned to mitigate a potential Denial-of-Service (DoS) vulnerability affecting the Control D server.
• ctrld functionality is now extended to systems where a default route is not present, such as those employing VPNs or recent FreshTomato releases.
• Only SRV queries for LAN hostnames are resolved locally by the operating system. Non-LAN queries are forwarded to a remote upstream server if no matching rules are defined.

Fixed

• Fixed the problem where DNS configuration changes were not always being applied by systemd-resolved.
• Fixed the bug causing the leak_on_upstream_failure=false configuration to have no impact.
• Fixed the bug preventing ubios discovery from working after a system restart on UDM devices.
• Fixed the bug that caused runtime logs to be incorrectly formatted or missing.
• Fixed the bug where static DNS configuration on interfaces was ignored.
• Fixed a bug that prevented static DNS configurations from being restored after service stop/uninstall
• Fixed the bug causing HTTP transport failures after a network stack change.
• Fixed the bug that resulted in the OS resolver not using public DNS servers for LAN queries.
• Fixed the problem where Windows DNS forwarders were not always set correctly after system reboot.
• Fixed an issue where invalid remote custom configurations were not properly validated.

Release v1.4.0

Major Release

This contains new features, some performance improvements and bug fixes.

Added

• Added network change detection events and handlers
• ctrld will now leak queries to OS resolver if all upstreams are failed to connect when running in non --cd mode.
• ctrld will remove self from interface if all (local network and remote) upstreams are down
• When reloading the API, changes to the exclude list will now be checked at all times
• When auto-detecting split DNS rules for Active Directory, a rule for the top-level domain will now be added automatically.
• Added ctrld log view and ctrld log send commands - users can now view the ctrld log or send it to Control D, without restarting into debug mode

Improved

• Completely overhauled captive portal detection and handling
• Completely overhauled split DNS logic, handling and network DNS resolver detection
• ctrld will now use the Windows API for most actions instead of Powershell.
• SRV queries will now be handled by the OS resolver by default
• When resolving LAN queries, they will now be handled solely by the OS resolver, with no forwarding to remote upstream servers.
• Upstream monitor will now respect the upstream configuration timeout during runtime.

Fixed

• New initialization logic for the OS resolver has been added to prevent ctrld from "forgetting" the default nameservers at runtime.
• Fixed a bug that sometimes caused ctrld to crash during captive portal auto-detection on macOS.
• Some libraries have been upgraded to address known security issues

Release v1.3.11

Minor Release

This contains new features, and some bug fixes.

Added

• The deactivation pin code will be acquired during configuration reloading, stopping, and uninstallation processes.

Fixed

• Fix the problem of incorrect log path detection that occurs during uninstallation cleanup.
• Fix the Active Directory auto-split rule to enable case-insensitive matching.

Release v1.3.10

Upgrade Notice

If your machine has virtual interfaces, it is advisable to conduct uninstallation prior to upgrading from v1.3.9 to v1.3.10.

• ctrld uninstall
• Ensure all virtual interfaces are in correct/clean state.
• ctrld upgrade prod

Now you can run/install ctrld as usual.

---

Minor Release

This contains new features, some performance improvements and bug fixes.

Added

• ctrld will now leak queries to OS resolver if all upstreams are failed to connect when running in --cd mode. A new configuration is also added to toggle this behavior. This should allow for captive portals to be loaded normally.
• h3:// prefix can be used in upstream configuration to force HTTP3
• sdns:// prefix can be used in upstream configuration to use DNS stamps.
• ctrld will now re-fetch config from Control D API when visiting the status page
• ctrld will now auto-detect and add split DNS rule for Active Directory domain if not present.
• A custom hostname can now be set when installing ctrld using provision code (Orgs only)

Improved

• Getting physical interfaces are now more accurate on Windows and MacOS.
• ctrld start command will now terminate earlier when ctrld service failed to start instead of waiting until timeout happens.
• A warning message will be printed to users if installation failed due to MacOS 15.0 bug.

Fixed

• Fixed racy behavior between reset DNS and DNS watchers.
• Fixed high CPU usage when checking self-queries on Windows.
• Fixed DNS query loop with Site Magic VPN on Unifi devices that resulted in CPU exhaustion when ctrld is running on multiple machines part of the same network