Tuesday

Broken Smart DNS - Netflix Fights Back

For many people, finding ways to access the world's best media sites can be a full time job.  Depending on where you live, it can be very difficult to access anything online.  Although many solutions exist for a computer it becomes even more tricky to get these streams working on other network devices like Smart TVs, media streamers and tablets.

Which is why Smart DNS was becoming so popular, because it was very simple and could be enabled on the majority of devices with ease.  How it worked was surprisingly simple but very effective, all you had to do was change your DNS server to one of the Smart DNS enabled ones.  This then would intercept any requests for media sites which checked your location and rerouted the initial connection through an appropriate proxy server.

So if you were in France and wanted to access Hulu for example, the Smart DNS server would route your initial connection through a US server, enabling the USA only stream whilst having virtually no impact on speed!   Some of the best Smart DNS service providers like Overplay even allowed you to specify your exact location.  This was great for services like Netflix as you could switch between any version of Netflix you required, for example Netflix USA has by far the biggest choice, but Netflix UK has some great British content.


You could add the DNS setting to your TV, tablet, phone quickly and easily.  In fact you could modify the DNS server which was supplied by your router and effectively enable every device in your home all at the same time.  All your other browsing would not be effected and DNS requests would resolve normally, a great, efficient work around if you used a fast service.  However even the dodgy DNS codes would work reasonably well and often worked for a couple of days rather than for just a couple of hours like free proxies.

However this all changed with the latest update to the Netflix interface, which has been rolling out over the last few weeks.  This update is not just to make the interface look prettier and easier to use (although it does) - it includes a function to break the Smart DNS workaround.

How does it break the Smart DNS Code Method?

It's surprisingly simple - the new Netflix interface hard codes the DNS servers to use.  So whatever device you access Netlifx from it tries to use, the Google DNS and Open DNS servers for name resolution.   This obviously completely bypasses the Smart DNS servers you have configured and thus the redirection which fools the Netflix servers doesn't happen.

The result, if you're in the UK and try and get US Netflix you'll get an error message.  If you try and access Netflix from a country which doesn't have any version and you'll get completely blocked again.  It's very frustrating especially as you have to be paying for a Netflix subscription in the first place.

Fortunately, there is a fix although how long it will work for I'm not sure.   It involves ensuring that the Netflix application can't access the Google and Open DNS servers, which then falls back to your Smart DNS server.  Currently it seems to work very well, but the method looks vulnerable, Netflix could go further to stop this.  There are a variety of methods to achieve this DNS server block, but one of the best write ups is here - Broken Smart DNS - the Fix a fairly straight forward method of setting up a static route for each of the DNS servers which block access.

There are other options, and indeed many people will not have the facility to set up static routes on their routers.  Basically you just need to ensure that the client cannot access those DNS servers, you could use firewalls, Internet security software, perhaps even your hosts file to redirect those requests (Windows will use the hosts file before any DNS resolutions are attempted).  It just suddenly makes using Smart DNS much more complicated and needs some technical knowledge.

Will Netflix pursue this further?   They certainly could, their method would easily extend and indeed they could enforce those DNS requirements (or Netflix wouldn't work) - although they have to be careful that they don't cause other issues.  It might be that Netflix will leave the current situation, it's made the use of Smart DNS more difficult and less appealing certainly for accessing their service.


2 comments:

Welshgadgets said...

It looks like they've backtracked. There were rumours that the owners of these public dns servers were complaining that they were being used in this way. Not sure if this was the reason but Smart DNS seems to be working fine again on sites like Netflix - good news :)

Welshgadgets said...

Update:

Just checked and if you update the Netflix application on a Roku then you'll stop Smart DNS working again. Netflix still don't seem to have given up on forcing applications on some devices through the Google DNS servers on 8.8.8.8 and 8.8.4.4
You can still use it on a Roku but you have to physically force DNS traffic through to the Smart DNS servers.

So don't update the Netflix app on any device where it's still working.