Use proxydns and your dd-wrt router to watch Netflix on Chromecast outside of supported countries

Sadly tunlr ceased to exist – so compared to the setup I described here http://blog.squix.ch/2013/12/use-tunlr-together-with-dnsmasq-on-your.html I had to find a working solution again. But this time I couldn’t find a free dns service anymore, but I wanted to find a cheap one at least. It appears that http://proxydns.co/ does a good job and only costs about 3$/month (depending on the price plan you choose), which is slightly lower than the ~ $4.20 that unlocator.com offers for the long term price plan.

Prerequisistes

The following guide assumes that you own a router with a up-to-date DD-WRT installation. It is certainly possible to do this with other router firmware as well. Then you’ll have to setup an account at http://proxydns.co and make sure that your IP is enabled for this service.

Firewall rules

To get Chromecast running with netflix add this to your firewall script in the Administration > Commands section:

iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination 74.207.242.213
iptables -t nat -A PREROUTING -d 8.8.4.4 -j DNAT --to-destination 50.116.28.138
 

This will forward all DNS traffic that was intended for the Google Nameservers to the proxydns servers. This is necessary, since the chromecast device ignores what your DHCP server tells it and always uses 8.8.8.8 or 8.8.4.4 for DNS requests.

DNSMasq

Under Services > Services add

strict-order
server=/tunlr.net/74.207.242.213
server=/hulu.com/74.207.242.213
server=/netflix.com/74.207.242.213
server=/proxydns.co/74.207.242.213
server=/manager.proxydns.co/74.207.242.213
 

to the “Additional DNSMasq Options”. What was new for me was the “strict-order” config attribute. The DNSMasq man page says this:

By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf
 

Before I had this option watching Netflix would only work from time to time. The other lines only forward DNS requests to proxydns if the are requests for Netflix and similar services.

You might have to restart all devices after changing these settings. And don’t forget to check your status at http://manager.proxydns.co/ to see if the dnsmasq options were applied properly.

Explaining the solution

The here described solution only routes DNS requests to a few specific services to proxydns. Configuration manuals of services like proxydns or unlocator usually tell you to set their DNS server in the general configuration of your router, which would send all DNS requests to them. But that might be very risky, since they would learn about your usage/browsing profile and could potentially even redirect you to malicious servers (instead of routing you your e-banking server, for example). So the less we send there, the better. But this only solves one part of the problem. The other half is Chromecast sending all DNS requests to the Google DNS servers, ignoring what you have setup for your local network and thus bypassing your settings for proxydns. The firewall rules with the iptables commands rewrite all requests for 8.8.8.8 and 8.8.4.4 to the proxydns servers. You could (and maybe should) narrow that down for requests coming from the Chromecast. But I will leave that for a later post;-)

Posted by Daniel Eichhorn

Daniel Eichhorn is a software engineer and an enthusiastic maker. He loves working on projects related to the Internet of Things, electronics, and embedded software. He owns two 3D printers: a Creality Ender 3 V2 and an Elegoo Mars 3. In 2018, he co-founded ThingPulse along with Marcel Stör. Together, they develop IoT hardware and distribute it to various locations around the world.

Leave a Reply