dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
24
share rss forum feed


sm5w2
Premium
join:2004-10-13
St Thomas, ON
reply to SpongeGuard

Re: Anyone using Unblock-us?

I don't get it. How does using the DNS servers operated by Unblock-US differ from using other US-based DNS servers (like 4.2.2.2) as far as making US content servers think that you're located inside the USA?

I thought that the US-based content or media servers performed geo-location based on your IP address - which has nothing to do with what DNS server you use.


mlerner
Premium
join:2000-11-25
Nepean, ON
kudos:5
It either does some reverse DNS trick or it hardcodes the IPs. I suspect the ones like Netflix don't do any hard checks so if it gets to the right server it probably won't check. For Hulu I have no idea because I know their site does a couple of different checks that normally can't be spoofed.


sm5w2
Premium
join:2004-10-13
St Thomas, ON
> It either does some reverse DNS trick or it hardcodes the IPs.

When you say "It" - what are you referring to? What is the "it"?

> I suspect the ones like Netflix don't do any hard checks so if it gets
> to the right server it probably won't check.

Are you saying that someone in the US would get a different DNS result if they did a query for netflix.com compared with someone in Canada performing the same DNS query for netflix.com? Even if the person in Canada was using 4.2.2.2 as their DNS server?

Explain.


mlerner
Premium
join:2000-11-25
Nepean, ON
kudos:5
It referring to the DNS servers and yes, the Canadian and US Netflix use different server farms.


sm5w2
Premium
join:2004-10-13
St Thomas, ON
> It referring to the DNS servers and yes, the Canadian and
> US Netflix use different server farms.

That doesn't answer the question I posed to you, which I will re-state:

Are you saying that someone in the US would get a different DNS result if they did a query for netflix.com compared with someone in Canada performing the same DNS query for netflix.com? Even if the person in Canada was using 4.2.2.2 as their DNS server?

Why would (or how could) a Canadian DNS server return a different result for a DNS query for netflix.COM vs a USA-based DNS server?

And here's another question: Does the UnBlock-US dns server return a different result for a netflix.com query compared to using an ordinary (and free/open) US-based DNS server (like 4.2.2.2) ?


mlerner
Premium
join:2000-11-25
Nepean, ON
kudos:5
The dns lookup doesn't happen like that. It first determines location (I'm not sure how Netflix does this part) then it redirects to the distribution network via DNS based on location. So if it thinks you're in the US you get redirected to xxx.netflix.com, if it thinks you're in Canada it gets redirected to xxx.ca.netflix.com.

Whoever created unblock US knew how to fool the site and also since they control the DNS they can set the records to whatever they want.

I would speculate though that there are all sorts of DNS vulnerabilities, I seem to remember in one case you could fool a site into thinking your reverse DNS for your assigned IP is different and if Netflix uses that it could fool it into thinking you have another ISP.


sm5w2
Premium
join:2004-10-13
St Thomas, ON
> It first determines location

What is "it"? When I point my browser to netflix.com, what is the "it"? Is it my browser, or the DNS server my computer happens to be using, or is it netflix.com?

> DNS based on location

What is a "DNS-based" location? How does the DNS name query mechanism include or perform any location-based functionality? When was this added to the DNS specification?

Or are you saying that the DNS servers that are authoritative for netflix.com are performing IP-based geo-locating, and are giving different computers different results based on the IP address of the computers performing the query? That would make sense, except for the DNS caching that goes on internet-wide. How do they get around that?

Wouldn't custom entries in my hosts file allow me to simulate what Unblock-US is doing?

Finally, how long before Netflix servers themselves perform IP-based geolocating and geo-blocking?


corster
Premium
join:2002-02-23
Gatineau, QC
said by sm5w2:

Wouldn't custom entries in my hosts file allow me to simulate what Unblock-US is doing?

Finally, how long before Netflix servers themselves perform IP-based geolocating and geo-blocking?

No, and they already do.

Netflix checks IP when you load the homepage and when you load a video. Same with services like Hulu.
--
Rob Ford, Check. Stephen Harper, Check. Tim Hudak, October.
Ontario can lead again - Tim Hudak and the Ontario PC Party in 2011

xcimo
Ebox 60Mbps

join:2007-11-21
Gatineau, QC
said by corster:

said by sm5w2:

Wouldn't custom entries in my hosts file allow me to simulate what Unblock-US is doing?

Finally, how long before Netflix servers themselves perform IP-based geolocating and geo-blocking?

No, and they already do.

Netflix checks IP when you load the homepage and when you load a video. Same with services like Hulu.

Sure but if unblock.us does it with a purly dns based solution, there must be a way around it.


sm5w2
Premium
join:2004-10-13
St Thomas, ON

1 edit
> Sure but if unblock.us does it with a purly dns based solution

Can someone explain exactly how a "dns-based location solution" is performed?

Edit: Ok, so it's basically a DNS server that is hooked into a database of IP subnet records organized according to the operational desire of the DNS owner/operator. Those desires may simply be network efficiency (give a DNS result that is the shortest path between the target machine and the machine doing the query) or it may be content redirection or blocking, etc (give a requestor in country "A" a response that is also located in country "A").

I can see all sorts of holes in this, such as how do you deal with DNS caching that might be happening in various places on the network, but beyond that it just seems that if you set your DNS server setting in your OS to point to a server in the target country (ie - the USA, like 4.2.2.2) then you've fooled this DNS-based location method into thinking that you're in the US.

Beyond that, if you know the FQDN's of the US machines that you want to pull content from, simply hard-code their real US IP address into your hosts file.


corster
Premium
join:2002-02-23
Gatineau, QC
As far as I can tell, the way the service works is that the DNS redirects traffic to selected domains through their own proxy, as opposed to directly to the domain. Anything that isn't one of the selected sites doesn't go through the proxy.

Pretty sure using this service, if you looked up Netflix by IP as opposed to Netflix.com, it would send you to the Canadian one.
--
Rob Ford, Check. Stephen Harper, Check. Tim Hudak, October.
Ontario can lead again - Tim Hudak and the Ontario PC Party in 2011

LastDon

join:2002-08-13
I used this service for a bit of time.

I changed my dns settings in windows .

left my router alone.

and i was watching hulu and netflix usa just fine.

not sure how it works but it does


bbbc

join:2001-10-02
NorthAmerica
kudos:2
Reviews:
·FreedomPop

3 edits
reply to sm5w2
Anyone ever have a problem getting Netflix USA to stream on multiple device(s) / computer(s) in same household (out of area message), but still have Pandora and Hulu Plus working with UnblockUs? Mind you, the American Netflix account in question works at other Canadian locations.

For some reason, Netflix USA is the only American service not functioning under UnblockUs at a friend's place.


corster
Premium
join:2002-02-23
Gatineau, QC
said by bbbc:

Anyone ever have a problem getting Netflix USA to stream on multiple device(s) / computer(s) in same household (out of area message), but still have Pandora and Hulu Plus working with UnblockUs?

Never tried Pandora, but haven't had an issue using Hulu Plus while using Netflix on my Wii and Computer.
--
Rob Ford, Check. Stephen Harper, Check. Tim Hudak, October.
Ontario can lead again - Tim Hudak and the Ontario PC Party in 2011