Log in Subscribe
Use Cases

How to Use DNS to Protect Against Malware

Learn how to use DNS to protect against malware. Use Control D's step-by-step guide and get started with a free account today.

Osman Husain
· 7 min read
How to Use DNS to Protect Against Malware

DNS filtering blocks access to malicious domains by preventing devices from resolving them. When a device requests the IP address of a malicious domain (e.g., phishing site or malware server), the DNS service can block the query and return a safe response (e.g., a warning page or a generic error).

Services like Control D can help you get set up with DNS filtering in a few easy steps. If you’re new to Control D, don’t worry. This guide walks you through everything—from understanding what Control D is, to signing up, creating your first profile, and applying it to your network or devices.

By the end, you’ll have a powerful layer of protection that helps safeguard you against many forms of malware and malicious behavior online.

What Is Control D and How Does It Work?

Control D is a customizable DNS service that lets you shape what happens when devices on your network attempt to resolve domains. Instead of returning an IP address for every request, Control D can selectively block known malicious domains. By doing so at the DNS level, it stops dangerous connections before they even begin.

This approach is proactive, lightweight, and doesn’t rely on software installation on your end devices.

How to Use Control D’s DNS Resolvers to Protect Against Malware

Step 1: Create an Account

Click the ‘Get Started’ button on the top right of the homepage. Create an organization account if signing up as a business, or a personal account for individual use. 
  • Visit the Control D website and navigate to the sign-up page.
  • Enter a valid email address and create a strong password.
  • Click “Sign Up”.
  • Confirming Your Email and Logging In:
  • Check your email inbox for a confirmation message from Control D. Click the verification link provided. Once verified, return to the Control D website and log in using the credentials you set during registration.
👉
Get started with Control D for free

2. Open the Control D Dashboard

Upon logging in, you’ll arrive at the Control D Dashboard. Here, you’ll see navigation elements that let you access various features:

Profiles/Policies

Where you create and manage DNS filtering settings.

Logs/Reports

Where you can review DNS queries, blocked requests, and statistics.

Settings/Account Management

Manage your account details, API keys, and support tickets.

After configuring your account information, click ‘Add Profile’ to get started with your first DNS resolvers.

Profiles

Think of a Profile as a set of rules for DNS filtering. You can have multiple Profiles for different devices or groups. A Profile is a bundle of policies (i.e., filters) that determine what domains get blocked, allowed, or redirected.

For malware protection, you’ll enable Control D’s malware blocklists, ensuring any domain known to host malicious code is denied at the DNS level.

Click the “Add Profile” button and assign a descriptive name to your profile, such as “Malware Protection.”

Save the Profile to begin customizing its settings.

Step 3: Add Your Filters

After you hit create, the next screen will prompt you to add Filters that you’d like to block. Filters are categories of websites, Control D maintains lists of malicious domains associated with malware, phishing, and command-and-control (C2) servers to keep you safe.

We’ve enabled strict Malware blocking, but also turned on other categories that could be likely malware attack vectors. 

Enabling the Malware Blocklist:

  • Within the profile settings, locate the “Blocklists” or “Filters” section.
  • Look for a category labeled “Malware” or “Security Threats.”
  • Enable the toggle or checkbox for the malware blocklist.
  • Save your changes. You’ve now instructed Control D to block known malicious domains.

Beyond malware, Control D offers other categories too, such as:

Phishing and Scam Sites

Block domains commonly used to trick users into sharing sensitive information.

New Domains

Zero-day attacks are generally launched from domains registered in the past month. Control D can guard against them.

Unsafe Downloads/Filesharing

Stop sites known for distributing questionable software.

Enable any categories that align with your security goals. Your Profile will save automatically after changes are made.

Step 4: Integrate Control D With Your Network

For maximum security, we recommend using Control D at the router level. For this, you’ll need to set your router’s DNS to Control D’s resolvers. 

After configuring your Filters and Services, click ‘Create Endpoint’, toggle ‘Server’ and select the router from the drop down menu.

After selecting the router type, add a name, and click ‘Create Endpoint’ at the bottom right of your screen.

You should see a confirmation screen like this:

There are two main ways to configure Control D on your router. Log into your router’s admin interface (usually accessed by entering something like 192.168.1.1 in your browser).

  • Locate DNS settings, often under “Internet” or “WAN” settings.
  • Replace the default DNS servers with the Control D DNS addresses provided on the dashboard.
  • Save and apply the changes. Once your router reboots or updates its configuration, all connected devices will inherit these filtered DNS settings.

For a more customizable experience, consider installing the ctrld DNS daemon - instructions for this will be given directly in the Dashboard after clicking the Help Me Configure button.

Configuring Individual Devices (Laptops & Phones)

To install Control D on your Android, iOS, or MacBook, start by selecting ‘Client’.

Next, select your platform from the drop down list.

The step-by-step instructions after you select ‘Create Endpoint’ will help you install the resolver on your favorite platform. We’ve included instructions for Windows and macOS below:

👉
Windows: Control Panel > Network and Internet > Network Connections > Properties of your active connection > Internet Protocol Version 4 (TCP/IPv4) Properties > Use the following DNS server addresses.
👉
macOS: System Settings > Network > Advanced > DNS > + Add DNS Server.
If set up correctly, you should see a confirmation message like this.

Step 5: Fine-Tuning Your DNS Policies

Maybe you know of specific domains you want blocked, even if they’re not on Control D’s built-in lists. For this, you’ll need to add custom blocklists:

  • Go to your Profile’s “Custom Rules” section.
  • Enter the domain(s) you wish to block.
  • Save the changes and these domains will no longer resolve on your network.

Step 6: Adjusting and Refining Your Configuration

As you become more comfortable with Control D, you may want to adjust your configuration:

Add or Remove Blocklists

If you find that too many legitimate sites are being blocked, consider removing some categories or using a less aggressive blocklist. Conversely, if you notice a particular type of threat slipping through, add a specialized list.

Use Allowlists

Sometimes, benign sites get caught in the filtering net. If you trust a site that’s being blocked, add it to an allowlist with Custom Rules. This tells Control D to always allow that domain, overriding the blocklists.

Time-Based Rules

Control D allows time-based policies. For example, enable these settings if you want stricter filtering during work hours and more lenient settings afterward.

Monitor for False Positives

If you notice certain services you need are blocked, tweak your Profile. Avoid turning off your malware protection entirely—just allow specific known-good domains.

Integrate with Other Security Tools

DNS filtering is just one layer of defense. Use it alongside antivirus software, firewalls, and possibly VPN solutions. The combination of these layers makes it harder for malware to find a way in.

Stay Informed

Keep an eye on Control D’s announcements, blog posts, and user community. If they roll out new features—such as enhanced phishing detection or improved cryptomining blocking—consider integrating these improvements into your profile.

Benefits of Using Control D for Malware Protection

Preventing Initial Infection

If a malicious website is blocked at the DNS level, your device never has the chance to download malware.

No On-Device Overhead

Unlike traditional antivirus software, DNS filtering won’t consume CPU or memory on your devices.

Centralized Management

All your DNS policies can be managed from a single dashboard, making it easy to implement changes network-wide.

Scalability

Whether you’re a single user or an organization with many employees, you can expand Control D’s protections as needed.

In Summary

Setting up Control D to block malware involves understanding how DNS filtering works, choosing the right plan, configuring your profiles, integrating at the router or device level, and continually monitoring and refining your policies. Although the process might sound technical, Control D’s user-friendly dashboard and clear categories make it approachable, even for individuals who aren’t IT professionals.

By following the steps outlined above, you can confidently deploy DNS-based malware protection in your home or business environment. The result is a more secure browsing experience, with malicious domains and harmful content blocked before they can cause any damage.

🧑‍💻
Learn more about how Control D can keep your business safe online within minutes. Book a no-obligation call with a product expert👇
Blocks threats, unwanted content, and ads on all devices within minutes
Get Control D

Secure, Filter, and Control Your Network

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices. Onboard in minutes, and forget about it.

Deploy Control D in minutes on your device fleet using any RMM

Block malware, harmful content, trackers and ads in seconds

Go beyond blocking with privacy features

Get Control D

Related Articles

Why Is Cybersecurity In Healthcare So Important?

Why Is Cybersecurity In Healthcare So Important?

· 7 min read
The 7 Best Web & Content Filtering Platforms for Schools

The 7 Best Web & Content Filtering Platforms for Schools

· 8 min read
Best Web Filtering Software for Businesses

Best Web Filtering Software for Businesses

· 8 min read
Web Filtering vs. DNS Filtering: What's the Difference?

Web Filtering vs. DNS Filtering: What's the Difference?

· 3 min read
9 Best OpenDNS Alternatives & Competitors

9 Best OpenDNS Alternatives & Competitors

· 8 min read
9 Benefits of Web Filtering For Protecting and Enhancing Internet Use

9 Benefits of Web Filtering For Protecting and Enhancing Internet Use

· 5 min read