What is Unblock-us and how does it work?
Unblock-us is a great service which allows any device to access media streaming services like Netflix, Hulu and iPlayer from anywhere in the world without needing to use a VPN. It's a paid for service (and a little expensive in my view) but works with more devices than a VPN does (Apple TV's, Xbox 360, Playstation 3) as well as all your traditional devices like Phones, Tablets and PCs.
Interested in an account? Get one here: http://www.unblock-us.com (They offer a 7 day trial with no payment information needed)
The service works by switching your DNS server on either your device (via network settings) or on your router (to cover all devices in the house) then when a request is made to Netflix (or another media service), the DNS switches the IP to a reverse proxy which is hosted by Unblock-us which hides your real IP and makes the service think your from the desired region. You may think well a VPN does this to, but the key difference between a full VPN and unblock-us is once you actually stream a video from the service, the connection is direct (not via the reverse proxy which is only used for the logging in / browsing of content) so your get a much faster service. In most cases with Netflix, your get full HD (8mbit streaming) which is hard to acheive in peak times with most commercial VPN's which are oversubscribed (I know, I've tried a few including BlackVPN and PrivateInternetAccess which at the time of writing are the two most recommended services).
Now don't get my wrong, if you are only using it on your PC or Laptop (or even iPhones or 2.2+ Androids) where you can easily install and connect to a VPN, its still the better option as it hides the entire journey. Also a VPN is guranteed to work long into the future as its not tricking the service like unblock-us as there is a risk this loop hole could be blocked by updates to Netflix / iPlayer. But for some devices like Xbox 360's its just not possible to install and connect to a VPN client (well, you can use a VPN but it involves connecting to a VPN on your computer or router if supported and then sharing it to your Xbox, but thats not viable for most people).
Dangers of using Unblock-us's DNS servers:
There is one catch with unblock-us though which makes me feel uneasy. As your changing your DNS server to theirs for the reverse-proxy to kick in on the relevent services it does mean that every website you browse will involve you connecting to their DNS to request an IP and even though they should reply with the correct IP, it does mean they effectivily know every website you ever visit. They are a private company, and they are not clear on what information they store or capture. They could easily be collecting this data and selling it, or even capturing it for later use. (Or they could be entire honest and just want to provide you with an excellent service. But the point is its not known and sometimes not trusting is better than trusting).
Using the same method they use to connect you to Netflix US, they could easily at the flick of a button use to replace every advert with their own, or even make you think your connecting to your banks website and logging in when its actually one of their servers. They may not even do this on purpose, but if they got hacked and your using their DNS server your open up to massive abuse. Which is why deep down, I would never recommend anyone changing their DNS to anything besides either their ISP's, Googles Public ones, or OpenDNS's public ones.
Workaround to use your current DNS server:
However, there is a simple way you can keep using your current DNS and make the changes locally to your PC instead to use Unblock-us's reverse proxies, without a DNS change. This involves editing your PC's HOST File and making the changes that unblock-us do on their public DNS, to your local PC.
> If you don't know how to change your HOSTS file, there is a million guides already on the internet for every OS and device that supports it so a quick google can help. If your using Windows however, Insanenutter has a great step by step guide on how to edit your hosts file (though for a different reason) available here: http://digiex.net/guides-reviews/gui...-required.html
For Netflix US for example, you need to make the following changes to your PC's HOSTS file:
Once you make those changes, you will be able to access Netflix US on your PC without any other settings needing to be changed. For this to work though, your Unblock-us account has to be enabled and active for your IP range (Same as if you were using the DNS. If its not, quickly go to the Homepage and Login and it will become active until your home IP changes next)
However, for this to work on my Jailbroken Apple TV, I had to do a few more HOSTS entries that just the two above. It appears dedicated devices use various API's and other URL's to check your IP location. I've spent a good few hours packet sniffing a PS3, iPad, Apple TV, Xbox and more and got all the various DNS entries they connected to. Here is the complete list your need to put into your devices HOST file to work with Unblock-us's reverse proxies (or router if you can):
You can do this again for any services you wish to use. To find out the IP's you just need to switch to their DNS and do a lookup on the domains you need to access, find out the reverse-proxy IP address and then hardcode it into your hosts file and revert back to your normal DNS server.
Now with this simple tweak, you can take advantage of their great service, without them tracking your entire internet and with no risk.
I've done this method myself just for Netflix US as thats all I use their service for. As my Apple TV is jailbroken, I SSH'ed in and made the same change to the HOSTS file. Only devices it doesn't work for however would be your games consoles or dedicated units which weren't rooted or jailbroken. Unless you had a really funky router where you could manually add DNS records and make the changes to that instead, but if you had one of those, you would properly know how to make the changes.
If you want to share any more IP configurations for different services on Unblock-us or have any questions, please drop a reply below and share
Interested in doing this as a network level instead of just per-device? Check out these Digiex Guides:
Configure DNSMASQ for Unblock-US / Unotelly (Avoid using there DNS servers for general traffic)
Using Unblock-Us on Mac OS X Mavericks with BIND (Use your own DNS Server)
Most of the half decent VPN services now seem to offer free trial of some sort.
I was using laptoptelly in Canada a few months back
for UK & USA VPN's for BBC/Hulu etc, didnt buffer on me.
I am 3 days into a trial and on first impressions impressed... I set up using the dns on my tv and set top box. I have however applied caution and only used the host list for my laptop. Tonight i applied the dns to my laptop and navigated to www.netflix.com and then to the dvd tab to check i was on the us site.... at this point i received the following warning
" you attempted to reach dvd.netflix.com, but instead you actually reached a server identifying itself as www.netflix.com. This may be caused by a misconfiguration on the server or something more serious...."
I am seriously thinking of removing all unblock configuration from my devices as i have concerns but am disapointed as i was enjoying netflix and iplayer
Do you have host file config for bbc iplayer?
It's likely that error was caused because dvd.netflix.com wasn't on the host file. I never clicked that link as being a UK Subscriber to Netflix I'll never have the option of renting DVD's, however I've done a quick lookup and found the HOST file entry for that is:
As for iPlayer, Its difficult for me to test this because I'm based in the UK, so trying all the domains one by one won't work because iPlayer will already work for me. I'll look further into this and see if I can packet sniff all the domains that are used and come up with a host entry records for it. Another one I hope to look into is Hulu to, as I know a lot of people use this for newer shows which aren't on netflix.
I've gone from using a free trial of unblock-us to being a paid user now as I love Netflix US too much to go back to the poor UK content
I thought I would try the DNS service but am also wondering about security. Is vnc safer since all can be tunneled with encryption? If I only apply the dns settings to my Apple TV are there any major risks? Could they get my iCloud login details for instance? I do not want to jail break my Apple TV and don''t think it is even possible with the latest version. I have an apple time capsule router.
With both Unblock-Us and any VPN they could easily spy on you logging into secures (that dont use HTTPS or another secure method), however most important stuff does. The risk is that they could change DNS entries to sites (say for example even digiex.net) and make it point to their server instead of taking you to the real site. In reality its unlikely they ever would as it wound be found at very quickly (very easy to compare the IP address their DNS gives out over say google's dns) and would effectively destroy there business model quickly as everyone would leave.
Not saying its impossible, just extremely unlikely. Now I'm more the paranoid person which is why I wrote this guide so you can use Netflix on their service without changing your DNS if really desired. But using their DNS on a games console or apple tv I have no problem with, but on my PC where I do all my work, I'd rather not take the risk.
Thanks for your reply and yes I did mean VPN. I guess I am a bit paranoid when it comes to this kind of stuff. I also thought that just hooking it up to my Apple TV would be harmless but if were possible to get my iCloud credentials which are inputted to the Apple TV some significant damage could be done. I could be tracked, my email could be used to reset passwords etc.
Excellent bit of info here...one quick question:
In your OP, you said: "To find out the IP's you just need to switch to their DNS and do a lookup on the domains you need to access, find out the reverse-proxy IP address and then hardcode it into your hosts file and revert back to your normal DNS server."
Could you please explain to a newbie how to do exactly that?
You can set their DNS in your network config as they suggest, then ping the URL's you want the IP's for and write them down
Command line > Ping www.netflix.com
Another way to do it is to use nslookup.
On my Mac, I just type:
nslookup netflix.com 18.104.22.168
Which says to do a look up for netflix.com on the DNS server 22.214.171.124 (Which is Unblock-US's DNS) to get the IP. I believe there is a similar command on Windows.
Hope that helps!
Thanks for the heads-up on how to do this. Unblock-us is great but I was always a bit wary of using them for my DNS on my main PC.
Had a look yesterday and I'm now using these settings for Rhapsody, Pandora and Hulu. Not 100% checked, but Rhapsody ran fine for most of the day...
I used wireshark, filtering for dns and then searched for 204.12 in the log.
Wow, thank you for sharing! we now have all the main DNS entries.
I edited your hashes out for you
Hi. Thank you for posting this very useful information. I am quite ignorant about network things, so please pardon me. Is it likely possible to add these redirections
to the router instead of each PC's host file? Also, do you know if the list you have in the first post includes the api that the WD TV Live would use?
As for the WD TV Live, as far as Im aware that should cover it. Though please let me know if it doesn't and I can do some more investigation.
Just came across this thread doing a Google search on this topic. It looked like too much manual effort though, so I kept looking and came across this:
Acrylic DNS Proxy
It's a DNS proxy that runs on Windows. In the configuration, you can set it up so that it redirects certain requests to certain DNS servers; you can set it so *.netflix.com and *.netflix.net go to Unblock-us' server, and everything else goes to your normal DNS server, for instance.
Pretty much every non-Windows OS has an available DNS server that you can set up to do the same, and apparently OS X's DNS client can do this itself.
Thank you Nimrod, and other posters. I know there are a great number of different manufacturers and interfaces, but what would the setting likely be called in the router? I have a dlink dir-632 with default firmware, and under the "advanced" settings, there's an item called "routing", which I suspect is what I'm looking for, but the individual settings aren't all clear to me, and the dlink help for the item is not completely helpful:
(from dlink help)
The IP address of packets that will take this route. Netmask One bits in the mask specify which bits of the IP address must match. Gateway Specifies the next hop to be taken if this route is used. A gateway of 0.0.0.0 implies there is no next hop, and the IP address matched is directly connected to the router on the interface specified: WAN. Metric The route metric is a value from 1 to 16 that indicates the cost of using this route. A value of 1 is the lowest cost, and 15 is the highest cost. A value of 16 indicates that the route is not reachable from this router. When trying to reach a particular destination, computers on your network will select the best route, ignoring unreachable routes. Interface Specifies the interface -- WAN -- that the IP packet must use to transit out of the router, when this route is used.
Is this the right area to set in the router the redirection I was hoping to perform, and if so, what would I input? Destination IP seems obvious, but others are not.
Like Nimrod said, there's a good chance your router doesn't support the feature. My own doesn't with the default firmware. DD-WRT, Tomato, OpenWRT, and other third-party firmware does.
Acrylic DNS Proxy, or some other software like it, would work though. You would just set that up on your computer (and with Acrylic, you also need to whitelist your WD TV's IP or your entire LAN subnet), set your WD TV's DNS server to your computer's LAN IP (or change the DNS server your router gives out through DHCP so all devices are affected), and off you go.
Yscmjmlw, thank you. While I appreciate your willingness to respond, repeating that there's a chance my router doesn't support a feature doesn't really answer the questions. If you are familiar with the common names of these settings, or perhaps have knowledge of dlink routers of the same era in particular, I would appreciate any comment you would have in that regard. I'm not adverse to installing custom firmware, but it would be swell to know if I can achieve what I'm looking for without changing firmware. Acrylic DNS proxy, while clearly useful for some individuals/applications, is not what I'm looking for. I want the router to do the work, not the connecting devices.
Regarding the specific settings, please see the following page from dlink, emulating the dir-655 interface, which is very similar to the dir-632 D-LINK SYSTEMS, INC. | WIRELESS ROUTER : Advanced / Routing. Is this "routing" setting what I am looking for, please? Or if not, can someone familiar with this stuff check out the rest of emulated interface to see if there is any likely candidate? Thank you.
Thank you very much. I'll look into the alternate firmware.
Thank you Dashieler and Nimrod. I am using Amazon VOD and Netflix also, can you let me know what their DNS entries are? Thank you.
i've been using this workaround (putting the long list of entries into my hosts file) only using netflix on my laptop. it worked for months, daily usage. but thismorning when i went to go use it i was confronted with a unblock-us page saying "we need your email to verify server status" or something along those lines. so i guess unblock-us has upped their security or something? i came looking for this thread and saw that no one else has posted about it, am i the only one? this method is no longer working on either of my laptops and changing the dns directly on my router didn't work either. is anyone else having this issue? is there a fix?
Does anyone know what the ad servers IP addresses are?
I am using these DNS entries provided here however I am forced to sit through this for about 4-5 minutes during adbreaks.
image of error in chrome/firefox
Note I dont have any adblockers its a DNS issue. If I am using unblock-us dns servers I can see the ads and they are only about 2 minutes long.
I have tried sniffing DNS but am not having any luck working out which servers are causing me issues.
Any ideas would be greatly appreciated.
@Nimrod - Thanks for the great article, very useful. I have a question though, is it possible to manually change the DNS settings on my PS3 so I can access Netflix whilst not subscribing to Unblock-us?
never mind... I stumbled across the original post through a web search and didn't see that the info I wanted was already posted in a reply in this thread.
Great thread -- great info. Very useful.
This has been a very useful thread/article. Thanks, Nimrod, for the instructions. I used wireshark to sniff packets between my blu-ray player and iOS device and my router and got the following ip addresses for amazon prime video. I was also able to get a couple of the ip addresses for Hulu plus and vudu on demand, but I have only tested amazon prime video since I do not have accounts with the other services. Here are the ip addresses to program into your router's dnsmasq table:
#amazon prime video
#vudu on blu-ray player
#hulu app on blu-ray player
Thanks for the very informative post Nimrod.
I have a slightly different question.
I use a similar service (Overplay's Smart DNS) to access a Middle Eastern service which streams European soccer matches. Normally this would be geoblocked but, using SmartDNS, I've been able to get around this...Until now. The service has now started aggressively seeking out and blocking SmartDNS' server/IPs. This has led to a "cat and mouse" game of IPs being blocked, Overplay setting up new ones, and those being blocked a short time later. Hence, no stability/surety of service.
I have a friend living in the middle East, who (obviously) has an internet connection. Is there any way I can use his DNS or connection to access this service without
1) slowing down his connection
2) making it very obvious to the streaming company, where I'm located (Europe)
If not, can you suggest any other work-around? Eg. a reliable, fast, middle-eastern VPN?
Thanks so much for your help.
Hi Thanks for the info - I had been successfully using:
Up until about a week ago and all was good. Suddenly wont stream my location anymore unless I follow the settings of unblock-us and change DNS. Even if I do that its ridiculously slow and buffering for 5-10 minutes at a time now every few minutes - un useable. Internet is still exactly the same for everything else. Unblock-us is useless for help - saying its on my end - yet everything is the same here and fine on any other website I visit.
If I revert to those lines in hosts file I can login ok - just can't stream anything. I tried adding all of the lines listed in your post, clearing cache/cookies etc and re-trying but still doesnt work.
Any ideas? Is this still a valid way of streaming Netflix?
https://dns4me.net its currently free in public beta supports all the major service providers one account can be used in 3 different locations and you can override your own domains + there is a built in host file generator so you never have to keep trying to work these things out.