Using Unblock-us without switching DNS Server (Watch Netflix outside the US)

Discussion in 'Networking Guides' started by Nimrod, Dec 1, 2012.

  1. Nimrod

    Nimrod Exotic Vendor

    Joined:
    Jun 1, 2007
    Messages:
    1,991
    Likes Received:
    533
    Location:
    London, United Kingdom
    What is Unblock-us and how does it work?

    Unblock-us is a great service which allows any device to access media streaming services like Netflix, Hulu and iPlayer from anywhere in the world without needing to use a VPN. It's a paid for service (and a little expensive in my view) but works with more devices than a VPN does (Apple TV's, Xbox 360, Playstation 3) as well as all your traditional devices like Phones, Tablets and PCs.

    Interested in an account? Get one here: http://www.unblock-us.com (They offer a 7 day trial with no payment information needed)

    The service works by switching your DNS server on either your device (via network settings) or on your router (to cover all devices in the house) then when a request is made to Netflix (or another media service), the DNS switches the IP to a reverse proxy which is hosted by Unblock-us which hides your real IP and makes the service think your from the desired region. You may think well a VPN does this to, but the key difference between a full VPN and unblock-us is once you actually stream a video from the service, the connection is direct (not via the reverse proxy which is only used for the logging in / browsing of content) so your get a much faster service. In most cases with Netflix, your get full HD (8mbit streaming) which is hard to acheive in peak times with most commercial VPN's which are oversubscribed (I know, I've tried a few including BlackVPN and PrivateInternetAccess which at the time of writing are the two most recommended services).

    Now don't get my wrong, if you are only using it on your PC or Laptop (or even iPhones or 2.2+ Androids) where you can easily install and connect to a VPN, its still the better option as it hides the entire journey. Also a VPN is guranteed to work long into the future as its not tricking the service like unblock-us as there is a risk this loop hole could be blocked by updates to Netflix / iPlayer. But for some devices like Xbox 360's its just not possible to install and connect to a VPN client (well, you can use a VPN but it involves connecting to a VPN on your computer or router if supported and then sharing it to your Xbox, but thats not viable for most people).


    Dangers of using Unblock-us's DNS servers:

    There is one catch with unblock-us though which makes me feel uneasy. As your changing your DNS server to theirs for the reverse-proxy to kick in on the relevent services it does mean that every website you browse will involve you connecting to their DNS to request an IP and even though they should reply with the correct IP, it does mean they effectivily know every website you ever visit. They are a private company, and they are not clear on what information they store or capture. They could easily be collecting this data and selling it, or even capturing it for later use. (Or they could be entire honest and just want to provide you with an excellent service. But the point is its not known and sometimes not trusting is better than trusting).

    Using the same method they use to connect you to Netflix US, they could easily at the flick of a button use to replace every advert with their own, or even make you think your connecting to your banks website and logging in when its actually one of their servers. They may not even do this on purpose, but if they got hacked and your using their DNS server your open up to massive abuse. Which is why deep down, I would never recommend anyone changing their DNS to anything besides either their ISP's, Googles Public ones, or OpenDNS's public ones.


    Workaround to use your current DNS server:

    However, there is a simple way you can keep using your current DNS and make the changes locally to your PC instead to use Unblock-us's reverse proxies, without a DNS change. This involves editing your PC's HOST File and making the changes that unblock-us do on their public DNS, to your local PC.

    > If you don't know how to change your HOSTS file, there is a million guides already on the internet for every OS and device that supports it so a quick google can help. If your using Windows however, Insanenutter has a great step by step guide on how to edit your hosts file (though for a different reason) available here: https://digiex.net/guides-reviews/g...osts-file-edit-no-dns-vpn-proxy-required.html

    For Netflix US for example, you need to make the following changes to your PC's HOSTS file:

    204.12.200.61 movies.netflix.com
    204.12.200.65 cbp-us.nccp.netflix.com

    Once you make those changes, you will be able to access Netflix US on your PC without any other settings needing to be changed. For this to work though, your Unblock-us account has to be enabled and active for your IP range (Same as if you were using the DNS. If its not, quickly go to the Homepage and Login and it will become active until your home IP changes next)

    However, for this to work on my Jailbroken Apple TV, I had to do a few more HOSTS entries that just the two above. It appears dedicated devices use various API's and other URL's to check your IP location. I've spent a good few hours packet sniffing a PS3, iPad, Apple TV, Xbox and more and got all the various DNS entries they connected to. Here is the complete list your need to put into your devices HOST file to work with Unblock-us's reverse proxies (or router if you can):

    204.12.200.61 movies.netflix.com
    204.12.200.65 cbp-us.nccp.netflix.com
    204.12.200.130 movies1.netflix.com
    204.12.200.104 movies2.netflix.com
    204.12.200.14 netflix.com
    204.12.200.7 moviecontrol.netflix.com
    204.12.200.88 api-global.netflix.com
    204.12.200.83 api-us.netflix.com
    204.12.200.2 api.netflix.com
    204.12.200.100 www2.netflix.com
    204.12.200.119 redirects-us.nccp.netflix.com
    204.12.200.118 redirects-eu.nccp.netflix.com
    204.12.200.26 nccp-nrdp-31.cloud.netflix.net
    204.12.200.92 ios.nccp.netflix.com
    204.12.200.14 atv.nccp.netflix.com
    204.12.200.11 uiboot.netflix.com
    204.12.200.39 signup.netflix.com
    204.12.200.14 iphone-api.netflix.com
    204.12.200.14 nccp-fuji.netflix.com
    204.12.200.27 nccp-fuji.cloud.netflix.net
    204.12.200.22 nccp-nato.cloud.netflix.net
    204.12.200.14 nccp-nato.netflix.com
    204.12.200.14 mcdn.netflix.com
    204.12.200.12 secure.netflix.com
    204.12.200.13 htmltvui-api.netflix.com
    204.12.200.14 nccp-ps3.netflix.com
    204.12.200.18 nccp-ps3.cloud.netflix.net
    204.12.200.17 api-user.netflix.com
    204.12.200.42 mobile-api.netflix.com
    204.12.200.14 api-public.netflix.com

    You can do this again for any services you wish to use. To find out the IP's you just need to switch to their DNS and do a lookup on the domains you need to access, find out the reverse-proxy IP address and then hardcode it into your hosts file and revert back to your normal DNS server.

    Now with this simple tweak, you can take advantage of their great service, without them tracking your entire internet and with no risk.

    I've done this method myself just for Netflix US as thats all I use their service for. As my Apple TV is jailbroken, I SSH'ed in and made the same change to the HOSTS file. Only devices it doesn't work for however would be your games consoles or dedicated units which weren't rooted or jailbroken. Unless you had a really funky router where you could manually add DNS records and make the changes to that instead, but if you had one of those, you would properly know how to make the changes.

    If you want to share any more IP configurations for different services on Unblock-us or have any questions, please drop a reply below and share :)


    Interested in doing this as a network level instead of just per-device? Check out these Digiex Guides:

    Configure DNSMASQ for Unblock-US / Unotelly (Avoid using there DNS servers for general traffic)
    Using Unblock-Us on Mac OS X Mavericks with BIND (Use your own DNS Server)
     
  2. donbrown

    donbrown New Member

    Joined:
    Dec 13, 2012
    Messages:
    1
    Likes Received:
    0
    Most of the half decent VPN services now seem to offer free trial of some sort.
    I was using laptoptelly in Canada a few months back
    for UK & USA VPN's for BBC/Hulu etc, didnt buffer on me.
     
  3. belwood

    belwood New Member

    Joined:
    Dec 27, 2012
    Messages:
    1
    Likes Received:
    0
    Hi Nimrod,

    I am 3 days into a trial and on first impressions impressed... I set up using the dns on my tv and set top box. I have however applied caution and only used the host list for my laptop. Tonight i applied the dns to my laptop and navigated to www.netflix.com and then to the dvd tab to check i was on the us site.... at this point i received the following warning

    " you attempted to reach dvd.netflix.com, but instead you actually reached a server identifying itself as www.netflix.com. This may be caused by a misconfiguration on the server or something more serious...."

    I am seriously thinking of removing all unblock configuration from my devices as i have concerns but am disapointed as i was enjoying netflix and iplayer

    Do you have host file config for bbc iplayer?

    thanks
     
  4. Nimrod

    Nimrod Exotic Vendor

    Joined:
    Jun 1, 2007
    Messages:
    1,991
    Likes Received:
    533
    Location:
    London, United Kingdom
    Hello Belwood.

    It's likely that error was caused because dvd.netflix.com wasn't on the host file. I never clicked that link as being a UK Subscriber to Netflix I'll never have the option of renting DVD's, however I've done a quick lookup and found the HOST file entry for that is:

    dvd.netflix.com 204.12.200.14

    As for iPlayer, Its difficult for me to test this because I'm based in the UK, so trying all the domains one by one won't work because iPlayer will already work for me. I'll look further into this and see if I can packet sniff all the domains that are used and come up with a host entry records for it. Another one I hope to look into is Hulu to, as I know a lot of people use this for newer shows which aren't on netflix.

    I've gone from using a free trial of unblock-us to being a paid user now as I love Netflix US too much to go back to the poor UK content :)
     
  5. Joherty

    Joherty New Member

    Joined:
    Feb 22, 2013
    Messages:
    2
    Likes Received:
    0
    I thought I would try the DNS service but am also wondering about security. Is vnc safer since all can be tunneled with encryption? If I only apply the dns settings to my Apple TV are there any major risks? Could they get my iCloud login details for instance? I do not want to jail break my Apple TV and don''t think it is even possible with the latest version. I have an apple time capsule router.
     
  6. Nimrod

    Nimrod Exotic Vendor

    Joined:
    Jun 1, 2007
    Messages:
    1,991
    Likes Received:
    533
    Location:
    London, United Kingdom
    By VNC I assume you meant VPN? If so, the encryption side of a VPN connection wouldn't matter as it only encrypts the connection between you and your VPN supplier. Your VPN supplier could easily spy on traffic at their end if they desired so please don't get a VPN thinking its any safer than Unblock-Us's method.

    With both Unblock-Us and any VPN they could easily spy on you logging into secures (that dont use HTTPS or another secure method), however most important stuff does. The risk is that they could change DNS entries to sites (say for example even digiex.net) and make it point to their server instead of taking you to the real site. In reality its unlikely they ever would as it wound be found at very quickly (very easy to compare the IP address their DNS gives out over say google's dns) and would effectively destroy there business model quickly as everyone would leave.

    Not saying its impossible, just extremely unlikely. Now I'm more the paranoid person which is why I wrote this guide so you can use Netflix on their service without changing your DNS if really desired. But using their DNS on a games console or apple tv I have no problem with, but on my PC where I do all my work, I'd rather not take the risk.
     
  7. Joherty

    Joherty New Member

    Joined:
    Feb 22, 2013
    Messages:
    2
    Likes Received:
    0
    Hi Nimrod,
    Thanks for your reply and yes I did mean VPN. I guess I am a bit paranoid when it comes to this kind of stuff. I also thought that just hooking it up to my Apple TV would be harmless but if were possible to get my iCloud credentials which are inputted to the Apple TV some significant damage could be done. I could be tracked, my email could be used to reset passwords etc.
     
  8. Nimrod

    Nimrod Exotic Vendor

    Joined:
    Jun 1, 2007
    Messages:
    1,991
    Likes Received:
    533
    Location:
    London, United Kingdom
    It's highly unlikely there doing that as I would assume the Apple ID would be sent over HTTPS which they couldn't fool. However you could always sign out of your apple id on the apple TV. I don't have mine signed in and use Netflix, XBMC and Plex with no problems on it.
     
  9. fracture

    fracture New Member

    Joined:
    Apr 13, 2013
    Messages:
    1
    Likes Received:
    0
    Hi there,

    Excellent bit of info here...one quick question:

    In your OP, you said: "To find out the IP's you just need to switch to their DNS and do a lookup on the domains you need to access, find out the reverse-proxy IP address and then hardcode it into your hosts file and revert back to your normal DNS server."

    Could you please explain to a newbie how to do exactly that?
     
  10. Nimrod

    Nimrod Exotic Vendor

    Joined:
    Jun 1, 2007
    Messages:
    1,991
    Likes Received:
    533
    Location:
    London, United Kingdom
    Couple of ways to do this.

    You can set their DNS in your network config as they suggest, then ping the URL's you want the IP's for and write them down
    Command line > Ping www.netflix.com

    Another way to do it is to use nslookup.
    On my Mac, I just type:
    nslookup netflix.com 208.122.23.22
    Which says to do a look up for netflix.com on the DNS server 208.122.23.22 (Which is Unblock-US's DNS) to get the IP. I believe there is a similar command on Windows.


    Hope that helps! :)
     
  11. dashieler

    dashieler New Member

    Joined:
    Apr 16, 2013
    Messages:
    1
    Likes Received:
    2
    Thanks for the heads-up on how to do this. Unblock-us is great but I was always a bit wary of using them for my DNS on my main PC.


    Had a look yesterday and I'm now using these settings for Rhapsody, Pandora and Hulu. Not 100% checked, but Rhapsody ran fine for most of the day... :)


    204.12.200.34 www.rhapsody.com
    204.12.200.34 playback.rhapsody.com
    204.12.200.34 log.rhapsody.com
    204.12.200.34 rhap-app-4-0.rhapsody.com
    204.12.200.34 c.rhapsody.com


    204.12.200.21 www.pandora.com
    204.12.200.21 stats.pandora.com


    204.12.200.19 www.hulu.com
    204.12.200.19 p.hulu.com
    204.12.200.19 r.hulu.com
    204.12.200.19 s.hulu.com
    204.12.200.19 t.hulu.com
    204.12.200.19 blog.hulu.com
    204.12.200.19 t-ak.hulu.com


    204.12.200.89 abc.go.com


    I used wireshark, filtering for dns and then searched for 204.12 in the log.
     
    Nimrod and InsaneNutter like this.
  12. Nimrod

    Nimrod Exotic Vendor

    Joined:
    Jun 1, 2007
    Messages:
    1,991
    Likes Received:
    533
    Location:
    London, United Kingdom
    Wow, thank you for sharing! :D we now have all the main DNS entries.

    I edited your hashes out for you :)
     
  13. grenada

    grenada New Member

    Joined:
    May 11, 2013
    Messages:
    4
    Likes Received:
    0
    Hi. Thank you for posting this very useful information. I am quite ignorant about network things, so please pardon me. Is it likely possible to add these redirections
    "204.12.200.61 movies.netflix.com
    204.12.200.65 cbp-us.nccp.netflix.com"
    to the router instead of each PC's host file? Also, do you know if the list you have in the first post includes the api that the WD TV Live would use?
    Thank you.
     
  14. Nimrod

    Nimrod Exotic Vendor

    Joined:
    Jun 1, 2007
    Messages:
    1,991
    Likes Received:
    533
    Location:
    London, United Kingdom
    You can add those to the router, though its different with every router (and a lot of low budget home user routers will not support such a feature sadly). If you can't, the only solution is to add the Unblock-Us DNS servers directly into your router then coverage will exist for all devices. Though that then defeats the point of this guide which is a solution to do only the relevant URL's without switching your entire DNS over.

    As for the WD TV Live, as far as Im aware that should cover it. Though please let me know if it doesn't and I can do some more investigation.
     
  15. Yscmjmlw

    Yscmjmlw New Member

    Joined:
    May 12, 2013
    Messages:
    3
    Likes Received:
    0
    Just came across this thread doing a Google search on this topic. It looked like too much manual effort though, so I kept looking and came across this:

    Acrylic DNS Proxy

    It's a DNS proxy that runs on Windows. In the configuration, you can set it up so that it redirects certain requests to certain DNS servers; you can set it so *.netflix.com and *.netflix.net go to Unblock-us' server, and everything else goes to your normal DNS server, for instance.

    Pretty much every non-Windows OS has an available DNS server that you can set up to do the same, and apparently OS X's DNS client can do this itself.
     
  16. grenada

    grenada New Member

    Joined:
    May 11, 2013
    Messages:
    4
    Likes Received:
    0
    Thank you Nimrod, and other posters. I know there are a great number of different manufacturers and interfaces, but what would the setting likely be called in the router? I have a dlink dir-632 with default firmware, and under the "advanced" settings, there's an item called "routing", which I suspect is what I'm looking for, but the individual settings aren't all clear to me, and the dlink help for the item is not completely helpful:
    [TABLE]
    [TR]
    [TD](from dlink help)
    [/TD]
    [/TR]
    [/TABLE]

    Is this the right area to set in the router the redirection I was hoping to perform, and if so, what would I input? Destination IP seems obvious, but others are not.
     
  17. Yscmjmlw

    Yscmjmlw New Member

    Joined:
    May 12, 2013
    Messages:
    3
    Likes Received:
    0
    Like Nimrod said, there's a good chance your router doesn't support the feature. My own doesn't with the default firmware. DD-WRT, Tomato, OpenWRT, and other third-party firmware does.

    Acrylic DNS Proxy, or some other software like it, would work though. You would just set that up on your computer (and with Acrylic, you also need to whitelist your WD TV's IP or your entire LAN subnet), set your WD TV's DNS server to your computer's LAN IP (or change the DNS server your router gives out through DHCP so all devices are affected), and off you go.
     
  18. grenada

    grenada New Member

    Joined:
    May 11, 2013
    Messages:
    4
    Likes Received:
    0
    Yscmjmlw, thank you. While I appreciate your willingness to respond, repeating that there's a chance my router doesn't support a feature doesn't really answer the questions. If you are familiar with the common names of these settings, or perhaps have knowledge of dlink routers of the same era in particular, I would appreciate any comment you would have in that regard. I'm not adverse to installing custom firmware, but it would be swell to know if I can achieve what I'm looking for without changing firmware. Acrylic DNS proxy, while clearly useful for some individuals/applications, is not what I'm looking for. I want the router to do the work, not the connecting devices.

    Regarding the specific settings, please see the following page from dlink, emulating the dir-655 interface, which is very similar to the dir-632 D-LINK SYSTEMS, INC. | WIRELESS ROUTER : Advanced / Routing. Is this "routing" setting what I am looking for, please? Or if not, can someone familiar with this stuff check out the rest of emulated interface to see if there is any likely candidate? Thank you.
     
  19. Yscmjmlw

    Yscmjmlw New Member

    Joined:
    May 12, 2013
    Messages:
    3
    Likes Received:
    0
    No, you don't want the routing interface. You want to control DNS, not routing (routing controls what happens when you try to communicate with a particular IP address; DNS controls the resolution of host names to IP addresses). I can't see any option in there for hosting a DNS server, which is what you need. Tomato firmware, for instance, includes dnsmasq, which is a lightweight DNS server that can probably accomplish what I described using Acrylic for. Most consumer routers don't have any sort of built-in DNS server.
     
  20. grenada

    grenada New Member

    Joined:
    May 11, 2013
    Messages:
    4
    Likes Received:
    0
    Thank you very much. I'll look into the alternate firmware.
     

Share This Page