Netflix and the blocking of tunneled ipv6-routes

The solution below is implemented at one of my recursion-dns servers 88.80.16.49 so it can be used out of the box.

Today I discovered that Netflix started blocking tunneled ipv6-routes. This means, in SiXXS case (which I primarily use to reach ipv6 routes), that I’m for now blocked from using Netflix this way. This also means that I have a few options, to make Netflix work again, even if I run with ipv6 simultaneously:

• Edit the hosts-file. Make a look up on netflix.com, to pick up all addresses based on ipv4. Problem: Any changes that Netflix makes, will never reach me. Besides, the streaming servers are probably named differently than only ”www.netflix.com”.
• Disable ipv6 while watching netflix. Problem: All connectivity with ipv6 is lost while watching Transformers.

So, the real problem here is that Netflix resolves both on ipv4 and ipv6, so I need to find a DNS server that only gives me ipv4-responses, so I don’t have to guard DNS updates myself. What I did to solve this problem was, since I host my own DNS-services, therefore to set up a secondary DNS server that explicitly returns ipv4-addresses when making lookups on a ipv4-network – without the list of ipv6-addresses, like this:

In the primary master server, I’ll put up a forward zone like this:

zone "netflix.com" IN {
        type forward;
        forwarders {
                10.1.1.129;
        };
};

And suddenly Netflix becomes available again, on a ipv4-only network…

Update 2019-12-29

As if bind 9.14, the above solution is obsolete [in the native daemon] and should removed. If you’ve installed bind with correct plugins (I’ve installed bind via ISC PPA), there’s a replacement for the above solution. In named.conf, place this outside the configuration block, and everything should run as before again.

plugin query "filter-aaaa.so" {
        filter-aaaa-on-v4 yes;
};