Category: ninja

Broken Smart DNS for US Netflix – Here’s the Fix

There’s a bit of a war starting online, and it looks like it might get a bit nasty.  Only a few days ago, Netflix announced that they would be launching a Australian/New Zealand version of it’s popular media streaming site.   There was one slight issue though for the global media giant, it estimated there were already over 200,000 Netflix US members already streaming from Australia. Now this wasn’t some strange mass exodus of US citizens in search of Aussie beer and TV. It referred to  the fact that loads of Australian’s fed up with the local online offerings and their TV stations were using programs like . to stream US Netflix already.

Unblock and Watch American Netflix in Canada using VPN or Smart DNS proxies

They were also using some configured proxies, although mostly these don’t work any more and the new Smart DNS technology to bypass the blocks. Normally when you sign up for a Netflix account, you actually receive a global enabled one.  This means that what you see is actually based on your location.  So my UK Netflix account turns into a US one when I’m physically in the USA, it’s a German account when in Germany and so on.  Which is fine except for one small problem, the US version of Netflix has literally thousands more films, movies and TV shows than any other version. The UK version of Netflix is ok, but the US version is awesome.

So everyone started to use methods which hide their IP addresses and get access to the US version of Netflix (although Canadian Netflix isn’t too bad either).  One of the most important was Smart DNS, which is the easiest way to get access on devices like Smart Phones, Smart TVs and other such devices.   This is the service I use and it comes highly recommended. But that looks like it was stopping, over the last few weeks Netflix has updated it’s client software on these devices and built in something that stops Smart DNS working (here’s exactly how Smart DNS works).   Now on any of these updated devices, you can only access your legitimate country version of Netflix, which means if you’re not in a Netflix enabled country you can’t watch it at all. Basically they’ve updated their systems so that third party DNS servers can’t be used to resolve the addresses of the Netflix Site.  This means that none of the Smart DNS solutions work any more.

How to Fix Broken Smart DNS for Netflix

Fortunately there is a solution which follows, I have demonstrated on my router a Netgear WNDR 4500 but you should be able to do this on most decent routers. Basically Netflix is forcing everyone to use specific DNS servers, the Open DNS and Google ones, in order to stop the Smart DNS trickery working.  The fix ensures that these DNS servers are not accessible and the client will then go back to the Smart DNS ones – So here’s the fix, first go into your routers configuration screens – mine is accessed by putting it’s internal ip address into a browser . i.e. http://192.168.1.1 which gives me this screen. netgear-smartdnsfix1 You then need to move down to Advanced settings and select Static Routes.  From this screen we need to make sure that the four public DNS servers that Netflix is trying to force us to use are not accessible. fixrbokensmartdns2

Here’s the screen (click to enlarge), and you need to simply add a route for each DNS server to ensure it never gets to it’s destination.
Commonly the information required is –  Destination IP address – the address of the DNS servers as follows:

  • 8.8.8.4  Google DNS
  • 8.8.8.8 Google DNS2
  • 208.67.222.222 Open DNS
  • 209.244.0.3   Open DNS

Subnet Mask  – Put in 255.255.255.255 Gateway IP address – Your Router or a made up internal IP address – mines set to a PC 192.168.1.253 Metric – 2 This should ensure that none of your devices will be able to access any of these DNS servers, thwarting Netflix’s plan and making Smart DNS work yet again – hooray!!  The last check to see if it’s working is to ping any of the devices to see if they can be accessed. pingcheck-dns Here’s an example, you can see the Google DNS server is not reachable.  Now Netflix runs like a dream again and connects to the USA version without a hitch.  This obviously relies on you having a router which allows static routes to be set up, however this is not always possible – the crappy routers most ISPs hand out are usually locked down so you can’t get access to these.   There are other potential solutions which I’ll check out and hopefully post up here if I get chance.

What’s My Port – Why is it Blocked?

So what’s a port? Does my computer have one and where do I find it?  Are a selection of questions I often get asked when trying to explain why they can’t access their favorite proxy server, or use file sharing sites whilst they are at work.

Computer ports are of course very dull, but they are intrinsic to how computers work.   Firstly a quick distinction – there are actually two distinct categories of ‘ports’ when you’re referring to computers – hardware/physical/peripheral ports or network/virtual ports.  With regards to computer security, it’s the network ports which we are most interested in,  physical ports are just the places you plug things in on the back or side of your computer.  The common ones are USB, Serial, Parallel, VGA and stuff like that – here’s a picture of two common physical ports you might find –

Computer Ports

The network ports are virtual, they don’t physically exist but are merely exist to allow information to flow across a network between different devices and programs. They are an important part of TCP/IP networking and some knowledge can be of great benefit if you are having filtering or blocking issues. Your computer will be constantly opening and closing these virtual ports when you’re online and you can see which ones are open by running a program called netstat from the command prompt, or for a more user friendly display try one of the freeware tools like Currports which will allow you to see them a little easier.

Port List Computer

Click to Make Bigger

You’ll see in the graphic that there are loads of ports open in response to what programs and applications are running on my computer. Most popular services tend to use standard ports, although this isn’t essential – in the list above you’ll see that there are processes being established on port 443 – this is the SSL port and is open on my computer as I’m logged into my Facebook account in my browser. It’s worth having a look at these lists on your computer because every process there is effectively using your computers resources in some way. For instance I noticed that Dropbox which I stopped using months ago was still sitting running on my computer listening on several network ports.

You can often tell which program or service is running simply by the port number. For example web browsing will normally take place over 80 or 8080, SSL on 443, FTP on 21, DNS Services use 53 and Email 25. I’ll put a more extensive list up in a separate post because it’s useful to have a reference. These ports are therefore also used when someone is trying to block access to something. So for example if you’re the administrator for a corporate network and you want to stop people using FTP to upload or download files from the internet, you could block port 21 which would effectively break standard FTP clients.

It’s a common tactic and is a simple way to control access on a large scale, for example the Great Firewall of China will block ports that are used by anonymity programs like TOR or indeed those using a UK proxy for BBC. However it’s also possible to circumvent blocks like these if you are able to utilise non-standard ports. For example modify your FTP client to use something other than Port 21 to communicate or relay your email through something other than port 25. In the next post I’ll show you how you can use Identity Cloaker to redirect any application traffic onto whichever port your decide and bypass these filters.

Some Useful Proxy Definitions

If you’ve searched around looking for secure proxies to use, you’ve probably come across these three definitions –

  • Transparent Proxy
  • Anonymous Proxy
  • Elite Proxy

Now none of these definitions are set in stone, but they’re used in most sites to describe the different level of security and privacy afforded by a particular proxy.  The three definitions are explained here on this video

However if you don’t want to listen to the video, here’s the basic concepts.

Transparent Proxy
This is a very basic proxy server which actually provides very little security or privacy. This server simply forwards all parts of the request without any restrictions at all, this includes your real IP address. The web site you visit will be aware of your real address and the fact that you are using a proxy to access. It’s commonly used merely to speed up internet access, particularly by caching popular pages. If you want some security or privacy, then you need to use a different type of proxy server.

Anonymous Proxy
These are probably the most common form of proxies particularly if you’re looking at free ones. This server will hide your real IP address from any web site you visit. However it will normally forward some information in the form of HTTP headers. This could include information about the proxy software, the IP address of the proxy etc. It does offer a certain level of privacy in that it will normally protect the client address, however a lot depends on individual configuration settings.

Elite Proxy
This proxy offers the highest level of security and privacy similar to a VPN but not necessarily with the encryption. Not only does an Elite proxy hide your real address, but it also hides it’s own existence as a proxy server. Many sites block access to clients who are using proxies so this can be very useful. The elite proxy server should forward the absolute minimum of information required and should look like a normal client itself. Again though a lot depends on how it is configured, some Elite proxies are much more secure than others. Also just because something is labelled ‘Elite’ on a web site does’t necessarily make it true!

Region Free DNS – Smart DNS Review – Changing a Device’s IP Address

Wow what a geeky title,  well hopefully this post isn’t too dull but it’s inspired by a few emails  – so here’s a kind of introduction/Smart DNS review in response.  Now a lot of us, are living a pretty region free life online, with the use of certain programs and services we are not blocked and redirected based on our location.  So I don’t have to watch the vastly inferior version of Netflix just because I’m currently in the United Kingdom, I can watch the US Version instead or when travelling I can watch the BBC iPlayer abroad!  It’s all pretty straight forward on a computer, laptop or smartphone – load up the program, switch servers or  use a DNS service and you can choose your own virtual location with a false IP address.

Here’s the basic steps for a PC –

Can’t see the video above? You can find it on YouTube it’s all about Smart DNS But of course the world is not that simple, and many of us have different devices that are getting blocked.  Media streamers, Smart TVs and games consoles; just like our computers.

These just like our computers can get blocked based on their location too, and there’s no obvious way to manually configure network settings, especially if you don’t have the right IT infrastructure.  Installing a sophisticated security program written for a PC or MAC isn’t going to work but how about these innovative DNS services that a couple of the leading VPN/Proxy providers have developed.  These services work across all sorts of platforms – phones, games consoles, Smart TVs, tablets and computers – in fact virtually anything which has access to the internet. So as it’s a smart DNS review, here’s the Smart DNS Service I Use – click on the link for a free 14 day trial too!

Smart DNS Proxy

In case you don’t know Smart-DNS is a sort of halfway house to unblocking geo-restricted media content online.  It basically routes part of your connection through a specific server using your domain name system (DNS) settings.  So if you were interested in watching US Netflix from Europe for example, you would establish initial connections through a United States proxy server and then stream directly through your own connection  All you need to do is enable your IP address with one of these region free DNS services and then change your DNS settings on the device you need.

So I Can Change the Location of a Device like a Roku, Boxee or a Smart TV?

Yes you can but this isn’t always obvious, because many devices don’t let you alter or change network settings like DNS servers.

How Can I Change Roku Network Settings

How Can I Change Roku Network Settings

So let’s take for example this device, the amazing Roku (which really is that big!)  The Roku allows you to stream content directly to a TV through an HDMI cable.  Most people use it to access Hulu, YouTube, HBO GO and similar channels, but it’s a network-enabled device meaning it is affected by the location of your IP address.Connecting a Roku to a TV in the USA alone won’t enable users to use BBC iPlayer and similar geographically-restricted channels.

Smart DNS is ideal for this sort of situation: it’s not a full-blown virtual private network (VPN) connection like this, but should be just enough to fool the media-streaming site into the location you specify. Except the Roku (like most streaming devices) has no network configuration settings; you cannot manually modify its IP address nor its DNS server. It’s why you’ll often see people stumped and asking on forums – how to change Roku IP address because it’s certainly not obvious.  Perhaps these are blocked for a reason. I imagine major streaming companies like Netflix wouldn’t want users to be able to access these settings – but they haven’t directly prevented these connections either. It should be noted that now Netflix will only allow access from residential IP addresses, so you should check they are available before subscribing with anyone.

Luckily you can modify the settings in most cases, either on your router directly or by using DHCP. DHCP is the protocol that sits on your routers, Wi-Fi access points and modems that assigns IP addresses for all the devices on your network.

Region Free DNS

Here’s the settings on my Netgear router which allows the device to allocate IP addresses on my internal network – you allocate a range – 192.168.1.1-192.168.1.254 in this case and each device will be assigned it’s own address when connected to this network. On a full proper DHCP service, not on this particular router example, you can specify other details including which DNS server to use. You could also set up your own DHCP server on a computer for allocation there are loads of free versions you can use. For Smart DNS to work you only need to assign the specific Smart DNS server to the device you want to work. So I could assign a specific DNS server to my Roku remotely, which could either be a US, UK or any country employable by the service you use. In my situation with this router, I would just assign the Smart DNS setting to the router itself in the DNS settings. All this does is enable everything in my network to use  the Smart DNS setting which in many cases is more suitable for people.

DNS Settings on Router

These are normally in Internet or LAN settings on your router. Instead of using the assigned settings from your ISP, specify the Smart DNS ones you received from your provider – in my case, Smart DNS Proxy. If you’re lucky the DHCP service on your router will allow you to specify the DNS settings like this TPlink one. assign-dnsto-roku Once you’ve assigned your new Smart DNS settings to your router, every device connect to your Wi-Fi network would also be assigned to the Smart DNS settings – that’s your Roku, iPhone, Smart TV…whatever. If you want a particular device to have different DNS settings, simply assign them locally on the device – they will not be overwritten by DHCP. I should however urge a word of caution particularly due to my tests: the above works fine for most devices when assigning DNS settings to devices on your network.

But there is a possibility that your device may be regionally locked in some fashion which would prevent you using region free DNS. The earlier Roku’s were, and I’ve heard reports of some Smart TVs and media streamers doing the same.  Basically they force these devices to use something like Google DNS servers by default, therefore overriding any DNS servers you set.    If DNS requests are hard coded into the device, you are either going to have to block them or accept it isn’t going to work properly.  One of the main issues is using Smart DNS Netflix requests as they seem to be forcing manufacturers to enforce their geo-restrictions in their hardware.

I would recommend checking for a specific device’s compatibility by starting with a short-term region Free DNS subscription first. . has a 1-month plan starting at less than $5 USD, perfect for testing the service to make sure it supports whichever device you want to use.

Why Can’t I Use a Proxy

We’ve all been there – you’re stuck in work or school, and frankly bored out of your brain.   Sure you have internet access but all the most interesting sites are blocked –

  • Facebook Blocked
  • Youtube Blocked
  • MySpace Blocked
  • World of Warcraft (games and forum) Blocked

So why’s it happening and what can you do about it?

Your company or school controls your access to the internet at several points and is blocking your access at several levels.

The first control is probably through their own proxy server.  If you go and look in Tools/Internet Options/Connections/LAN Settings or  something like that in different browsers you’ll probably see a proxy server set.  That address will be a server controlled by your company where they force all internet traffic.  If they’ve done a decent job you won’t be able to change this.

The settings will normally be deployed by something called GPO (group Policy Objects) which are the way most organisations control what their computer looks like.  These apply settings like specific desktops, screensavers, Internet Explorer settings each time you boot up your computer.

Therefore absolutely everything you request goes through the company proxy server.  You might think you’re being clever searching for ninja proxy sites on the internet but I’m afraid you’re not.  All you are doing is creating a log of you searching for ‘ninja proxy sites online’, and letting administrators know you want to bypass their settings. The proxy server will be set to filter out all such requests by a variety of methods.  The most common one will be a huge list of URLs containing all the dodgy one page, Glype proxy installations online.

So you need to bypass this proxy server or do you?

If the organisation has their network set up properly then even by using an alternative browser or modifying the proxy settings in IE will not work anyway.  The reason is that your company firewall, the hardware device which controls all the traffic in and out of your network should only allow web traffic out from one specific address – the proxy server.   So forget about specific IPs, free web proxies or anything specific like a UK VPN or proxy until you figure this part out.  Remember in this scenario if you bypass the company proxy then your request will not get through, it needs to come from that specific IP address or it will get blocked.

Then a couple of things might happen –

  • The alert will be flagged on the firewall (Web requests from an incorrect internal client)
  • The administrator will track down the PC and find out it’s been modified.

But don’t worry in reality probably nobody ever looks at  the logs and most firewalls generate so many alerts that nobody ever looks at those either.

The point is your searching for online web proxies is simply a waste of time.  To bypass most corporate proxies you need to go through that proxy and not around it.  Through it because any other originating IP address will get blocked and may possibly  wake up your IT Department.  But you need to stop the proxy blocking access based on the content (what you are requesting) and the URL (the actual site you want to visit).

There are two things you can do to allow this – first you need encryption so that nothing can see inside your web request and secondly you need some low key server outside the network to relay your request.  These two requirements if implemented correctly will allow you to tunnel through any corporate network firewall or proxy and also keep your surfing private from the administrators and logs.   I should point out that the new generation of Smart DNS servers like this, may be more effective in a lockdown environment that standard proxies although it’s likely you’ll need admin access on your local pc in order to modify the network settings, as generally these will all be assigned automatically via DHCP.