Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Setup your own DNS and HAProxy based Netflix/Hulu Tunnel
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Setup your own DNS and HAProxy based Netflix/Hulu Tunnel

BlazeMuisBlazeMuis Member
edited January 2015 in Tutorials

In this tutorial i will be explaining how to setup your own DNS and HAProxy based Netflix and Hulu Tunnel. You no longer need a VPN or Proxy configured at your device anymore to watch USA based Netflix and Hulu content. This works great in combination with a Chromecast or Apple TV.

What you will need to have: 2 VPS servers, one for the DNS and one for the HAProxy (you can also use 1 VPS, but I have been using 2). You will also need Bind9 and HAProxy installed. I assume that you know how to install that.. If not, use Google.

If you're looking for an affordable and stable host for your VPS, check out http://BudgetVZ.com and http://NanoVZ.com - Use coupon code evoFlix15 for a 15% Recurring discount!

The configuration for Bind9 (The DNS Server).

cd into /etc/bind and modify the following files:

nano named.conf.local:

//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

include "/etc/bind/rndc.key";
include "/etc/bind/zones.override";

acl "trusted" {
    XX.XX.XX.XX;        // IP of your VPS
    XX.XX.XX.XX;        // IP of your own ISP/Home connection
    127.0.0.1;
};

logging {
channel bind_log {
file "/var/log/named/named.log" versions 5 size 30m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category default { bind_log; };
category queries { bind_log; };
};

nano zones.override:

zone "hulu.com." {
    type master;
    file "/etc/bind/db.override";
};
zone "huluim.com." {
    type master;
    file "/etc/bind/db.override";
};
zone "netflix.com." {
    type master;
    file "/etc/bind/db.override";
};

Read the rest of the tutorial at https://joodle.nl/setup-your-own-dns-and-haproxy-based-netflix-hulu-tunnel/

Got questions? Send me a PM! :)

«13

Comments

  • Danke!

    Thanked by 1webcraft
  • i love you joodle

  • so @joodle, after finishing the setup, we just need to change our dns to our vps IP? And do you only use Budgetvz for it? Some US vps provider already blocked by Hulu

  • @ErawanArifNugroho said:
    so joodle, after finishing the setup, we just need to change our dns to our vps IP? And do you only use Budgetvz for it? Some US vps provider already blocked by Hulu

    Correct, and yes, I used BudgetVZ for Hulu and it's working just fine :) This could however change in the future as Hulu keeps blocking more and more non-residential IP's!

  • Thanks joodle. DigitalOcean, RamNode, HVH, Hosthatch, and some were blocked, so I can't use them for watching Hulu again.

  • how is this easier than foxyproxy o.o

  • @4n0nx said:
    how is this easier than foxyproxy o.o

    Does Foxyproxy work on a Chromecast or Apple TV? Nope it doesn't.

  • socialssocials Member
    edited January 2015

    @joodle, do you know what this line means?

    allow-recursion { any; };

    (along with specifying forwarders)

  • joodle said: Does Foxyproxy work on a Chromecast or Apple TV? Nope it doesn't.

    lol I guess I don't understand the point of chromecast or apple tv either

  • @socials said:
    joodle, do you know what this line means?

    allow-recursion { any; };

    (along with specifying forwarders)

    Without allow-recursion any i couldn't get the dns to work. And yes, i know what it means.

  • You could buy 2 http://budgetvz.com servers for 8euro a year ffs xD best DNS tunnel

  • mikhomikho Member, Host Rep

    @joodle said:
    Without allow-recursion any i couldn't get the dns to work. And yes, i know what it means.

    I smell an open dns waiting to be abused.

    @joodle said:
    Does Foxyproxy work on a Chromecast or Apple TV? Nope it doesn't.

    I heard that with chrome installed on a pc you can stream anything from the browser to the chromecast. Then FoxyProxy would be useful.

    Thanked by 1Infinity
  • MikHo said: I heard that with chrome installed on a pc you can stream anything from the browser to the chromecast. Then FoxyProxy would be useful.

    Doesn't work with Netflix..

  • MikHo said: I smell an open dns waiting to be abused.

    Updated my Post/Blog post to add trusted IPs to the config.

  • Why is the configuration posted here different to the one you use on your tutorial website?
    On your website you are using ACL for the DNS server. At least some kind of security. But your setup wouldn't work when you got dynamic IPs at home I think..

  • @german_psycho said:
    Why is the configuration posted here different to the one you use on your tutorial website?
    On your website you are using ACL for the DNS server. At least some kind of security. But your setup wouldn't work when you got dynamic IPs at home I think..

    I posted the same config here... I updated the LET post before i updated it on my blog..
    If you have a dynamic IP, just keep changing it at the ACL trusted list.. Can't do anything about that.

  • mikhomikho Member, Host Rep

    another thing I noticed:
    For you who want this to work and don't have IPv6 on your home connection, don't go for a LES VPS (including NanoVZ) because the DNS port is not forwarded.

    You need a dedicated IPv4 or dns forward.
    for the HAProxy setup, a LES (including NanoVZ) is a good option. It need to have a US IP to browse the American content of Netflix and to be allowed by Hulu.

    Thanked by 1BlazeMuis
  • FritzFritz Veteran
    edited January 2015

    Nice.. Danke Joodle.

    Am I able to get this working for other sites by default (without tweaking the configuration)?

  • Judging from the HAproxy setup and naming, you simple copied most things from https://github.com/skorokithakis/netproxy and just added bind. How lame not to credit the authors.

  • @hausarzt said:
    Judging from the HAproxy setup and naming, you simple copied most things from https://github.com/skorokithakis/netproxy and just added bind. How lame not to credit the authors.

    Nope, i did see that one, but i made my own config, which works better than the one provided right there.

  • hausarzthausarzt Member
    edited January 2015

    Yeah, right. That's why the proxy naming scheme is 1:1 identical.

  • @hausarzt said:
    Yeah, right. That's why the proxy naming scheme is 1:1 identical.

    Oh really? Where did you find that? https://github.com/skorokithakis/netproxy/blob/master/supervisord/haproxy.conf

    Can't see that there bro. Now stop trashing my thread, lot's of people appreciate this tutorial.

  • You and I we both know its stolen and you got caught red handed. The netproxy generator generates the HAproxy configuration on the fly and once generated, looks exactly like "yours". Just add credit where credit is due, that's all I'm asking for.

    Thanked by 1Infinity
  • @joodle said:
    If you have a dynamic IP, just keep changing it at the ACL trusted list.. Can't do anything about that.

    I have a similiar setup on one of my VPSs, also acting as a DNS. My approach on securing the box is a little other, I use IPtables. The IP of my home network is dynamic. I setup a Dynamic DNS service (NoIP) with my router. That way, the DynDNS adress gets updated everytime my router gets a new IP adress from my ISP. On the VPS I have a chron running every 5 minutes with the following script:

    #!/bin/bash
    nslookup myadress.myftp.biz > /tmp/ip.txt
    ip=$(sed -n '6p' /tmp/ip.txt)
    ip=$(echo ${ip#*:})
    iptables --flush
    iptables -A INPUT -p tcp --dport 22220 -j ACCEPT
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -s $ip/32 -p udp -m udp --dport 53 -j ACCEPT
    iptables -A INPUT -s $ip/32 -p tcp -m tcp --dport 80 -j ACCEPT
    iptables -A INPUT -s $ip/32 -p tcp -m tcp --dport 443 -j ACCEPT
    iptables -P INPUT DROP
    service iptables save
    service iptables restart

    Basically, it just gets the current IP adress of my home network from the Dynamic DNS service via nslookup, writes it to a file and formats the data that I can use it as a variable for the iptables.
    This way I don't have to bother with changing any config files manually. Maybe you like the idea..

    Thanked by 1ccarita
  • zhuanyizhuanyi Member
    edited January 2015

    One question, how to prevent this one from being a victim in DNS amplification attack?

    And also if we already have an Anycast IP like what BuyVM is offering, does that mean we don't have to set up HAProxy and it is automatically going to route to the available DNS?

  • zhuanyi said: One question, how to prevent this one from being a victim in DNS amplification attack?

    The ACL Trusted table.

    zhuanyi said: And also if we already have an Anycast IP like what BuyVM is offering, does that mean we don't have to set up HAProxy and it is automatically going to route to the available DNS?

    I don't think you understand what HAProxy is doing now xD. HAProxy works as a Proxy (just like squid etc) and proxies all the incoming connections.

    Thanked by 1zhuanyi
  • @hausarzt said:
    You and I we both know its stolen and you got caught red handed. The netproxy generator generates the HAproxy configuration on the fly and once generated, looks exactly like "yours". Just add credit where credit is due, that's all I'm asking for.

    U having a laugh? Was talking to joodle as he wrote it. I know he wrote it otherwise he wouldn't have asked me questions

  • @hausarzt said:
    You and I we both know its stolen and you got caught red handed. The netproxy generator generates the HAproxy configuration on the fly and once generated, looks exactly like "yours". Just add credit where credit is due, that's all I'm asking for.

    Nah, only used the base (which is also available on the web anyway), and i still made my own version of the config.

  • joodle said: I don't think you understand what HAProxy is doing now xD. HAProxy works as a Proxy (just like squid etc) and proxies all the incoming connections.

    Agreed, HAProxy is always confusing to me, I think I understand what you mean now. So with Anycast IP, can I just set up a Squid proxy on each of the VMs and have the outgoing IP automatically to be the anycast IP?

  • BlazeMuisBlazeMuis Member
    edited January 2015

    @zhuanyi said:
    Agreed, HAProxy is always confusing to me, I think I understand what you mean now. So with Anycast IP, can I just set up a Squid proxy on each of the VMs and have the outgoing IP automatically to be the anycast IP?

    I have no idea.. I don't know much about Anycast

    Thanked by 1zhuanyi
Sign In or Register to comment.