Prerequisistes
The following guide assumes that you own a router with a up-to-date DD-WRT installation. It is certainly possible to do this with other router firmware as well. Then you’ll have to setup an account at http://proxydns.co and make sure that your IP is enabled for this service.
Firewall rules
To get Chromecast running with netflix add this to your firewall script in the Administration > Commands section:
iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination 74.207.242.213 iptables -t nat -A PREROUTING -d 8.8.4.4 -j DNAT --to-destination 50.116.28.138
This will forward all DNS traffic that was intended for the Google Nameservers to the proxydns servers. This is necessary, since the chromecast device ignores what your DHCP server tells it and always uses 8.8.8.8 or 8.8.4.4 for DNS requests.
DNSMasq
Under Services > Services add
strict-order server=/tunlr.net/74.207.242.213 server=/hulu.com/74.207.242.213 server=/netflix.com/74.207.242.213 server=/proxydns.co/74.207.242.213 server=/manager.proxydns.co/74.207.242.213
to the “Additional DNSMasq Options”. What was new for me was the “strict-order” config attribute. The DNSMasq man page says this:
By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf
Before I had this option watching Netflix would only work from time to time. The other lines only forward DNS requests to proxydns if the are requests for Netflix and similar services.
You might have to restart all devices after changing these settings. And don’t forget to check your status at http://manager.proxydns.co/ to see if the dnsmasq options were applied properly.
Explaining the solution
The here described solution only routes DNS requests to a few specific services to proxydns. Configuration manuals of services like proxydns or unlocator usually tell you to set their DNS server in the general configuration of your router, which would send all DNS requests to them. But that might be very risky, since they would learn about your usage/browsing profile and could potentially even redirect you to malicious servers (instead of routing you your e-banking server, for example). So the less we send there, the better. But this only solves one part of the problem. The other half is Chromecast sending all DNS requests to the Google DNS servers, ignoring what you have setup for your local network and thus bypassing your settings for proxydns. The firewall rules with the iptables commands rewrite all requests for 8.8.8.8 and 8.8.4.4 to the proxydns servers. You could (and maybe should) narrow that down for requests coming from the Chromecast. But I will leave that for a later post;-)