Releases: Control-D-Inc/ctrld
Release v1.3.11
Minor Release
This contains new features, and some bug fixes.
Added
- The deactivation pin code will be acquired during configuration reloading, stopping, and uninstallation processes.
Fixed
- Fix the problem of incorrect log path detection that occurs during uninstallation cleanup.
- Fix the Active Directory auto-split rule to enable case-insensitive matching.
Release v1.3.10
Upgrade Notice
If your machine has virtual interfaces, it is advisable to conduct uninstallation prior to upgrading from v1.3.9 to v1.3.10.
ctrld uninstall
- Ensure all virtual interfaces are in correct/clean state.
ctrld upgrade prod
Now you can run/install ctrld
as usual.
Minor Release
This contains new features, some performance improvements and bug fixes.
Added
ctrld
will now leak queries to OS resolver if all upstreams are failed to connect when running in--cd
mode. A new configuration is also added to toggle this behavior. This should allow for captive portals to be loaded normally.h3://
prefix can be used in upstream configuration to force HTTP3sdns://
prefix can be used in upstream configuration to use DNS stamps.ctrld
will now re-fetch config from Control D API when visiting the status pagectrld
will now auto-detect and add split DNS rule for Active Directory domain if not present.- A custom hostname can now be set when installing
ctrld
using provision code (Orgs only)
Improved
- Getting physical interfaces are now more accurate on Windows and MacOS.
ctrld start
command will now terminate earlier when ctrld service failed to start instead of waiting until timeout happens.- A warning message will be printed to users if installation failed due to MacOS 15.0 bug.
Fixed
- Fixed racy behavior between reset DNS and DNS watchers.
- Fixed high CPU usage when checking self-queries on Windows.
- Fixed DNS query loop with Site Magic VPN on Unifi devices that resulted in CPU exhaustion when
ctrld
is running on multiple machines part of the same network
Release v1.3.9
Minor Release
This release contains a fix for the issue where the DNS watchdog might flood SOA queries, causing CPU exhaustion on Windows.
Release v1.3.8
Minor Release
This contains new features, some performance improvements and bug fixes.
Added
-
On Darwin or Windows, DNS settings will be reverted if changed. Additionally, new configurations are available to control whether to enable or disable this new feature.
-
ctrld
will perform a self-uninstallation if Endpoint is removed from the Control D web panel to avoid breaking DNS in this scenario -
Custom config will be refetched every 3600 seconds. Additionally, a new configuration option is available to change the default refetching interval.
-
The
ctrld start
command without arguments will start the ctrld process with previous arguments instead of performing a fresh installation. -
A new flag,
--cleanup
, has been added to thectrld uninstall
command to remove all files on disk
Improved
- mDNS probing loop memory allocation.
- The default config directory on EdgeOS has been changed to the same directory as the ctrld binary, ensuring the config file persists through firmware upgrades.
- The
ctrld restart
command will output a validating remote config error message. - Physical interface detection now relies on available hardware ports rather than hardcoding on Darwin.
- The OS resolver will only use available DNS nameservers from system configuration.
Fixed
- Correct incorrect status reports when not running as root on Darwin.
- Fix the issue with watching the /etc/resolv.conf file when it's a symlink.
- Fix the issue where the
ctrld reload
command does not reload rules. Additionally, the new config will now be written to disk. - Fix the issue where the self-check process does not correctly re-read the config file.
- Fix the issue where the OS resolver fails to resolve queries on some Linux routers.
- Fix the issue where
ctrld service start
may reset DNS, even though it shouldn't.
Release v1.3.7
Minor Release
This release contains new features, some performance improvements and bug fixes.
Added
- Add
--skip_self_checks
flag to skip all self checks.
Improved
- Self-check process now runs faster.
upgrade
sub-command can now run even whenctrld
is not running.
Fixed
- Fix
systemd-networkd-wait-online
blocks ctrld start on Linux. - Fix false positive during self-check process on WIndows system.
- Fix wrong upgrading url on arm platforms.
- Fix flaky behavior when upgrading using the installer on OpenWRT routers.
- Fix wrong nameservers for OS resolver between ctrld runs.
- Fix a panic + DNS loop when checking if upstream is down.
Release v1.3.6
Minor Release
This contains new features, some performance improvements and bug fixes.
Added
upgrade
command with 2 optional args:dev
andprod
.- Support MAC address wildcard matching in listener policy.
- Config param to specify domains which ctrld will trigger a flush cache before sending request to upstream.
- Support for Netgear Orbi with Voxel firmware.
Improved
- General improvements to the UX:
- Self-check process won't hang forever when ctrld failed to connect to socket control server.
- Un-usable interfaces will be ignored during set/reset DNS on Darwin.
- DoH/DoH3 endpoint can now be set without specifying scheme (assuming
https
). - Queries from host which run
ctrld
will now always use the same hostname. ctrld
now uses the same directory with ctrd binary as home directory on Firewalla.ctrld start
command now validates remote config, allowing better UX with invalid config.- On BSD, unbound and dnsmasq status will be recorded using system config.
- Checking PIN protected deactivation will now happen before any calls to Control D APIs.
Fixed
- Fix PIN protected deactivation for mobile platforms.
- Fix NDP discover issue with Android clients.
- Fix quic-go's ECN issue on some platforms.
Release v1.3.5
Minor Release
This contains new features, some performance improvements and bug fixes.
Added
- PIN protected deactivation.
- Windows Server (2019, 2022) support
Improved
- Clients with empty hostname will be filled in based on other clients with same MAC address.
- File information is now included in Windows builds.
- DNS settings updated on all physical interfaces on Windows/Darwin.
- Static DNS settings of the current network interface are preserved before installing
ctrld
and restored whenuninstall
command is executed on Windows/Darwin. - File
/etc/resolv.conf
is now watched for changes on all unix platforms.
Fixed
- Fix detecting UniFi UXG products.
- Fix
ctrld uninstall
command sometimes failing on Windows.
Release v1.3.4
Minor Release
This contains new features, some performance improvements and bug fixes.
Added
- Add NDP discovery.
- Support for custom device names on Ubios routers.
- host_entries.conf (Host overrides) parser in pfsense/OPNsense.
kea-dhcp4
parser in pfsense.- Internal stats and Prometheus exporter
Improved
- Client information (mdns data) is automatically discovered from the Avahi daemon if it is running on the device.
ctrld
on some routers usesdnsmasq: max-cache-ttl=0
to prevent wrong caching of queries with multiple listeners, by ensuring DNS records are always refreshed.- The discovery refresh interval can now be configured.
- On FreeBSD, if
ctrld
stops unexpectedly, it will restart automatically. ctrld
's bootstrap DNS is now different.- On UniFi OS, ctrld will report an error if DNS shield was enabled.
Fixed
- Latest Ubiqiti firmware bugs
- Fix the TOML struct tag for ARP discovery.
- Fix MAC policy not working when non-Control D upstreams are used.
Release v1.3.3
Minor Release
This contains some improvements and bug fixes.
Improved
- Logging:
- The logging of request flow is now more clearer and more useful between INFO and DEBUG level.
- DoH header logging has been adjusted to match the format and level of detail used for the rest of the request flow.
ctrld
now uses /var/run as the running directory for its control server on nix systems.- Using invalid flags no longer throws errors; they will be disregarded instead.
WSAEHOSTUNREACH
on Windows is now classified as a network error.
Fixed
Fix the bug that causes the check upstream process to run only once.
Release v1.3.2
Major Release
This contains new features, some performance improvements and bug fixes.
Major Changes
- Will now respond to LAN-local machine hostnames and PTR record queries using the internal discovered clients list
- MAC address based DNS steering policies were added
- Will no longer respond to DNS queries made from WAN IP addresses by default
- Any RFC1918/CGNAT/local DNS upstream will now be automatically used for PTR discovery
Added
- Support MAC address-based policies.
- Add a flag to set the upstream type in CD mode.
- Add reload command.
- Add a config option to [enable an upstream to be used for LAN/PTR queries.
- Add a config option to specify how the client ID is generated.
- Add a config option to enable/disable answering queries from WAN clients.
- Add NextDNS mode.
Improved
- Relax the service's dependency on systemd-netword-wait-online.
- Upstream monitor checking more aggressively.
- mDNS discovery will not complain about the use of closed network connections.
- An RFC 1918 address will be used in client info instead of localhost for requests to local listeners.
- Bump golang.org/x/net to v0.17.0
- Probing for IPv6 will not flood requests to the Control D server.
- PTR discovery will result in less noise in the log.
- "ctrld service start" will not do router setup anymore, allowing power users full control of configuring
ctrld
manually. ctrld
will now notify users when reading or writing to the configuration file.- Pre-run conditions on Merlin routers are more thoroughly checked.
- DNS loop test queries will not be sent for non-local upstreams.
- WAN originating DNS queries will be refused by default using REFUSED RCODE
Fixed
- Fix mobile platforms that crash if fetching the resolver configuration fails in CD mode.
- Fix the wrong checking condition that causes
--cd-org
not to be removed from the command line arguments. - Network policies now function correctly when
ctrld
is upstream for dnsmasq. - Fix EDNS0 with RFC 1918 and loopback addresses results in suboptimal Control D server responses.
- Eliminate duplicate client IDs generated for the same IPv6 client.
- Re-bootstrap transport in cases of network outages more aggressively