Netflix and the blocking of tunneled ipv6-routes

Today I discovered that Netflix started blocking tunneled ipv6-routes. This means, in SiXXS case (which I primarily use to reach ipv6 routes), that I’m for now blocked from using Netflix this way. This also means that I have a few options, to make Netflix work again, even if I run with ipv6 simultaneously:

  • Edit the hosts-file. Make a look up on netflix.com, to pick up all addresses based on ipv4. Problem: Any changes that Netflix makes, will never reach me. Besides, the streaming servers are probably named differently than only ”www.netflix.com”.
  • Disable ipv6 while watching netflix. Problem: All connectivity with ipv6 is lost while watching Transformers.

So, the real problem here is that Netflix resolves both on ipv4 and ipv6, so I need to find a DNS server that only gives me ipv4-responses, so I don’t have to guard DNS updates myself. What I did to solve this problem was, since I host my own DNS-services, therefore to set up a secondary DNS server that explicitly returns ipv4-addresses when making lookups on a ipv4-network – without the list of ipv6-addresses, like this:

v4

In the primary master server, I’ll put up a forward zone like this:

zone "netflix.com" IN {
        type forward;
        forwarders {
                10.1.1.129;
        };
};

And suddenly Netflix becomes available again, on a ipv4-only network…

Om Tornevall

Fotograf, musiker, filmare. Estetikens alla nyanser i ett, kombinerat med humor och ett förflutet inom vård- nöjes- och programmeringsbranscher.
Det här inlägget postades i IT/Data, IT/Development och har märkts med etiketterna , , , , , , , , . Bokmärk permalänken.

8 kommentarer till Netflix and the blocking of tunneled ipv6-routes

  1. Corey Minyard skriver:

    I’m getting the following on my primary DNS server:

    Mar 17 15:11:38 serve named[9193]: DNS format error from 192.168.27.253#53 resolving netflix.com/AAAA for client 192.168.27.3#43772: Name . (NS) not subdomain of zone netflix.com — invalid response
    Mar 17 15:11:38 serve named[9193]: error (FORMERR) resolving ‘netflix.com/AAAA/IN’: 192.168.27.253#53

    I have no idea what it means, and searching the internet didn’t help.

    • Tornevall skriver:

      Hmm, I don’t thing that should not happen in a forwarder 🙂

      I mean, the only thing the primary DNS *should* do, is actually to forward all requests to a second DNS that is filtering all AAAA-responses. The zones itself is not even there so there’s nothing to edit. It makes me a bit curious on how the config set looks.

Kommentera

E-postadressen publiceras inte. Obligatoriska fält är märkta *