Correct, The Netflix servers are seeing my requests come from my server in the US. Thats the whole point of having the server in the U.S. And it works very well for getting access to Netflix.
Netflix and Hulu both use Akamai, although Netflix appears to use other CDNs as well. The difference is that the software Netflix uses to serve up the video stream doesnt check location, it only checks that the viewer holds a valid license to view the stream, whereas Huhu's service seems check my location at every request. Proxy vs port forwarding does make a difference. for proxying to work the proxy would need to inspect the request. But since the request is encrypted the proxy would need to decrypt, inspect, and then re-encrypt, which causes a Man-In-The-Middle. While PCs dont care about this in so far as the user can chose to ignore certificate warnings, other devices like Apple TV, the Netflix app on Android, etc wont let you ignore bad certificates. So proxying wont work. TCP redirect where theres no need to inspect the inner data stream is the only option. The point of fiddling the DNS is that I can redirect requests for various Netflix and Hulu hosts to my own server in the US and have my server in the US redirect the request to the correct Netflix or Hulu host. so for example: www.netflix.com points to 192.168.1.10 secure.netflix.com points to 192.168.1.20 movies.netflix.com points to 192.168.1.21 etc On Thu, Aug 14, 2014 at 10:05 AM, Christopher Vance <cjsva...@gmail.com> wrote: > So you have your own server in the US. I would suggest Netflix is seeing > that server's public IP address in the US as the origin of requests, which > means you get Netflix's approval to download. I don't think the proxy vs > port forwarding thing makes a difference. > > The apparent difference between Hulu's CDN (Akamai) and Netflix's CDN (I > dunno) is that Akamai also checks your location while Netflix's CDN doesn't. > > As I said, Akamai will most likely be doing geoip on your IP address, > which you can only change if you go through your US server. Again, proxy vs > port forwarding shouldn't make a difference, unless Akamai is also checking > X-Forwarded-For. > > DNS fiddles won't change the apparent location of any machine. > > > On Thu, Aug 14, 2014 at 9:44 AM, Chris Barnes <chris.p.bar...@gmail.com> > wrote: > >> Hi Christopher, >> >> You're right that this Akamai hostdoesnt like my location, and you're >> right that Bind and DNS *alone* arent going to resolve that. >> >> But the bigger part of my "fix" that I havent revealed is that I change >> the ip address of hosts to point to loop-back addresses on a server in the >> US, which then does a TCP redirect to the original host, and this lets me >> bypass georestrictions quite nicely. >> >> For example: >> >> My computer requests secure.netflix.com >> My internal DNS says that host is at 192.168.1.20 >> My computer opens a TCP connection (port 80 or 443) to 192.168.1.20 >> The daemon listening on 192.168.1.20 on my server in the U.S then >> redirects/rewrites the connection to the hoist secure.netflix.com >> >> Theres no proxying involved because the requests are often over SSL and >> so my machine in the middle breaks the SSL security. Its simply a TCP port >> redirect. >> >> So that works perfectly for Netflix because any part of that service that >> cares about Geolocation is in the Netflix domain. >> >> Hulu on the other hand, has services that are outside of the Hulu domain >> that take issue with my location - a248.e.akamai.net. >> >> >> you might be wondering why i dont just use a VPN? >> >> Well I dont want to tunnel all streaming traffic accross it and Netflix >> doesnt require all connections to be from the U.S. Only when you browse the >> Netflix catalog and when you chose a show/movie to watch does the service >> check location, after that the web browser, Apple TV, other media device is >> redirected to a CDN to stream the content. and that CDN doesnt care where I >> am from. So I get better throughput by not tunnelling the video stream. >> >> >> Now a hosts file would fix this problem very nicely.....but Apple TV >> doesnt have a hosts that is accessible and thats where I do most my >> streaming from. >> >> Interestingly, I can watch Hulu on my PC with my current setup with zero >> problems. Its when I try on the Apple TV that it talks to >> a248.e.akamai.net and throws an error that I'm outside the U.S. >> >> >> >> >> On Thu, Aug 14, 2014 at 9:27 AM, Christopher Vance <cjsva...@gmail.com> >> wrote: >> >>> From what you've written, it sounds to me as if the issue is where the >>> Akamai host thinks you are. If so, then DNS and bind are totally uninvolved. >>> >>> Geo-location is normally done using IP addresses. You can change your IP >>> address by using a proxy, in which case Akamai will understand you to be >>> where the proxy is. Depending on the level of Akamai's pickiness, you might >>> want configure the proxy not to report who or where it's asking on behalf >>> of. >>> >>> >>> On Thu, Aug 14, 2014 at 8:46 AM, Chris Barnes <chris.p.bar...@gmail.com> >>> wrote: >>> >>>> Hey people, >>>> >>>> Got a bit of a tricky question, well it seems tricky to me. >>>> >>>> I want to use bind to resolve a single host address for a very large >>>> zone I >>>> don't own. >>>> >>>> The background is that I'm trying to circumvent georestrictions on TV >>>> streaming site. >>>> >>>> I've determined that the host on the internet that has an issue with my >>>> location is a248.e.akamai.net >>>> >>>> Now, I don't want to hijack the whole akamai.net domain on my internal >>>> DNS >>>> because I would be forever adding new DNS records. >>>> >>>> I tried creating a new master zone named a248.e.akamai.net and setting >>>> an A >>>> record for the root but it seemed the DNS server was ignoring it and >>>> forwarding the request to upstream resolvers, resulting in the real IP >>>> being returned...which is not what I want, I want it to return my >>>> chosen IP >>>> address. >>>> >>>> Does anyone know of a way I can hijack this one host address while >>>> leaving >>>> the rest of the domain untouched? >>>> >>>> -- >>>> Kind Regards, >>>> >>>> Christopher Barnes >>>> >>>> e. chris.p.bar...@gmail.com >>>> -- >>>> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ >>>> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html >>>> >>> >>> >>> >>> -- >>> Christopher Vance >>> >> >> >> >> -- >> Kind Regards, >> >> Christopher Barnes >> >> e. chris.p.bar...@gmail.com >> > > > > -- > Christopher Vance > -- Kind Regards, Christopher Barnes e. chris.p.bar...@gmail.com -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
