Use proxydns and your dd-wrt router to watch Netflix on Chromecast outside of supported countries

ESP32 Development Board WiFi+Bluetooth Ultra-Low Power Consumption Dual Cores ESP-32 ESP-32S Board
Integrated antenna and RF balun, power amplifier, low-noise amplifiers, filters, and power management module. The entire solution takes up the least amount of printed circuit board area. This board is used with 2.4 GHz dual-mode Wi-Fi and Bluetooth chips by TSMC 40nm low power technology, power and RF properties best, which is safe, reliable, and scalable to a variety of applications.
Sadly tunlr ceased to exist – so compared to the setup I described here http://blog.squix.ch/2013/12/use-tunlr-together-with-dnsmasq-on-your.html I had to find a working solution again. But this time I couldn’t find a free dns service anymore, but I wanted to find a cheap one at least. It appears that http://proxydns.co/ does a good job and only costs about 3$/month (depending on the price plan you choose), which is slightly lower than the ~ $4.20 that unlocator.com offers for the long term price plan.

Prerequisistes

The following guide assumes that you own a router with a up-to-date DD-WRT installation. It is certainly possible to do this with other router firmware as well. Then you’ll have to setup an account at http://proxydns.co and make sure that your IP is enabled for this service.

Firewall rules

To get Chromecast running with netflix add this to your firewall script in the Administration > Commands section:

iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination 74.207.242.213
iptables -t nat -A PREROUTING -d 8.8.4.4 -j DNAT --to-destination 50.116.28.138

This will forward all DNS traffic that was intended for the Google Nameservers to the proxydns servers. This is necessary, since the chromecast device ignores what your DHCP server tells it and always uses 8.8.8.8 or 8.8.4.4 for DNS requests.

DNSMasq

Under Services > Services add

strict-order
server=/tunlr.net/74.207.242.213
server=/hulu.com/74.207.242.213
server=/netflix.com/74.207.242.213
server=/proxydns.co/74.207.242.213
server=/manager.proxydns.co/74.207.242.213

to the “Additional DNSMasq Options”. What was new for me was the “strict-order” config attribute. The DNSMasq man page says this:

By default, dnsmasq will send queries to any of the upstream servers it knows about and tries to favour servers that are known to be up. Setting this flag forces dnsmasq to try each query with each server strictly in the order they appear in /etc/resolv.conf

Before I had this option watching Netflix would only work from time to time. The other lines only forward DNS requests to proxydns if the are requests for Netflix and similar services.

You might have to restart all devices after changing these settings. And don’t forget to check your status at http://manager.proxydns.co/ to see if the dnsmasq options were applied properly.

Explaining the solution

The here described solution only routes DNS requests to a few specific services to proxydns. Configuration manuals of services like proxydns or unlocator usually tell you to set their DNS server in the general configuration of your router, which would send all DNS requests to them. But that might be very risky, since they would learn about your usage/browsing profile and could potentially even redirect you to malicious servers (instead of routing you your e-banking server, for example). So the less we send there, the better. But this only solves one part of the problem. The other half is Chromecast sending all DNS requests to the Google DNS servers, ignoring what you have setup for your local network and thus bypassing your settings for proxydns. The firewall rules with the iptables commands rewrite all requests for 8.8.8.8 and 8.8.4.4 to the proxydns servers. You could (and maybe should) narrow that down for requests coming from the Chromecast. But I will leave that for a later post;-)

Posted by squix78

2 comments

  1. I tried to watch netflix but since i am outside the usa it would not let me. I ended up finding out I could use a vpn to access the content. The arcvpn service seems ok so far.

Leave a Reply