In this tutorial, I will show you how to create a Smart DNS also known as a DNS Proxy to be able to watch Netflix from the country based on the IP Address of your server.
1. Installation of HAProxy
apt-get install haproxy
1.1 Configuration of HAProxy
Put the content below in /etc/haproxy/haproxy.cfg
The example below will only unblock Netflix. If you want to unblock more websites I suggest to use this repository
Don’t forget to change SERVER_IP by your server ip in the content below as well as USERNAME and PASSWORD by the creditentials you want to use to monitor HAProxy.
global
daemon
maxconn 20000
user haproxy
group haproxy
stats socket /var/run/haproxy.sock mode 0600 level admin
log /dev/log local0 debug
pidfile /var/run/haproxy.pid
spread-checks 5
defaults
maxconn 19500
log global
mode http
option httplog
option abortonclose
option http-server-close
option persist
timeout connect 20s
timeout client 120s
timeout server 120s
timeout queue 120s
timeout check 10s
retries 3
listen stats
bind SERVER_IP:27199
mode http
stats enable
stats realm Protected\ Area
stats uri /
stats auth USERNAME:PASSWORD
frontend f_catchall_http
bind SERVER_IP:80
mode http
option httplog
capture request header Host len 50
capture request header User-Agent len 150
default_backend b_deadend_http
use_backend b_catchall_http if { hdr_dom(host) -i wdtvlive.com }
use_backend b_catchall_http if { hdr_dom(host) -i www.wdtvlive.com }
use_backend b_catchall_http if { hdr_dom(host) -i signup.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i www.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i appboot.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i cbp-us.nccp.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i cbp-eu.nccp.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i a248.e.akamai.net }
use_backend b_catchall_http if { hdr_dom(host) -i api-global.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i movies.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i movies1.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i secure.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i moviecontrol.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i api.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i api-us.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i uiboot.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i cbp.nccp.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i ios.nccp.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i xbox.nccp.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i nccp-nrdp-31.cloud.netflix.net }
use_backend b_catchall_http if { hdr_dom(host) -i nintendo.nccp.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i nrdp.nccp.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i android.nccp.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i htmltvui-api.netflix.com }
use_backend b_catchall_http if { hdr_dom(host) -i netflix.com }
backend b_catchall_http
mode http
option httplog
option accept-invalid-http-response
use-server www.wdtvlive.com if { hdr_dom(host) -i www.wdtvlive.com }
server www.wdtvlive.com www.wdtvlive.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server wdtvlive.com if { hdr_dom(host) -i wdtvlive.com }
server wdtvlive.com wdtvlive.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server signup.netflix.com if { hdr_dom(host) -i signup.netflix.com }
server signup.netflix.com signup.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server www.netflix.com if { hdr_dom(host) -i www.netflix.com }
server www.netflix.com www.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server appboot.netflix.com if { hdr_dom(host) -i appboot.netflix.com }
server appboot.netflix.com appboot.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server cbp-us.nccp.netflix.com if { hdr_dom(host) -i cbp-us.nccp.netflix.com }
server cbp-us.nccp.netflix.com cbp-us.nccp.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server cbp-eu.nccp.netflix.com if { hdr_dom(host) -i cbp-eu.nccp.netflix.com }
server cbp-eu.nccp.netflix.com cbp-eu.nccp.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server a248.e.akamai.net if { hdr_dom(host) -i a248.e.akamai.net }
server a248.e.akamai.net a248.e.akamai.net:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server api-global.netflix.com if { hdr_dom(host) -i api-global.netflix.com }
server api-global.netflix.com api-global.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server movies.netflix.com if { hdr_dom(host) -i movies.netflix.com }
server movies.netflix.com movies.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server movies1.netflix.com if { hdr_dom(host) -i movies1.netflix.com }
server movies1.netflix.com movies1.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server secure.netflix.com if { hdr_dom(host) -i secure.netflix.com }
server secure.netflix.com secure.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server moviecontrol.netflix.com if { hdr_dom(host) -i moviecontrol.netflix.com }
server moviecontrol.netflix.com moviecontrol.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server api.netflix.com if { hdr_dom(host) -i api.netflix.com }
server api.netflix.com api.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server api-us.netflix.com if { hdr_dom(host) -i api-us.netflix.com }
server api-us.netflix.com api-us.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server uiboot.netflix.com if { hdr_dom(host) -i uiboot.netflix.com }
server uiboot.netflix.com uiboot.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server cbp.nccp.netflix.com if { hdr_dom(host) -i cbp.nccp.netflix.com }
server cbp.nccp.netflix.com cbp.nccp.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server ios.nccp.netflix.com if { hdr_dom(host) -i ios.nccp.netflix.com }
server ios.nccp.netflix.com ios.nccp.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server xbox.nccp.netflix.com if { hdr_dom(host) -i xbox.nccp.netflix.com }
server xbox.nccp.netflix.com xbox.nccp.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server nccp-nrdp-31.cloud.netflix.net if { hdr_dom(host) -i nccp-nrdp-31.cloud.netflix.net }
server nccp-nrdp-31.cloud.netflix.net nccp-nrdp-31.cloud.netflix.net:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server nintendo.nccp.netflix.com if { hdr_dom(host) -i nintendo.nccp.netflix.com }
server nintendo.nccp.netflix.com nintendo.nccp.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server nrdp.nccp.netflix.com if { hdr_dom(host) -i nrdp.nccp.netflix.com }
server nrdp.nccp.netflix.com nrdp.nccp.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server android.nccp.netflix.com if { hdr_dom(host) -i android.nccp.netflix.com }
server android.nccp.netflix.com android.nccp.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server htmltvui-api.netflix.com if { hdr_dom(host) -i htmltvui-api.netflix.com }
server htmltvui-api.netflix.com htmltvui-api.netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
use-server netflix.com if { hdr_dom(host) -i netflix.com }
server netflix.com netflix.com:80 check inter 10s fastinter 2s downinter 2s fall 1800
fall 1800
frontend f_catchall_https
bind SERVER_IP:443
mode tcp
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
default_backend b_deadend_https
use_backend b_catchall_https if { req_ssl_sni -i signup.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i www.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i appboot.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i cbp-us.nccp.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i cbp-eu.nccp.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i a248.e.akamai.net }
use_backend b_catchall_https if { req_ssl_sni -i api-global.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i movies.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i movies1.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i secure.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i moviecontrol.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i api.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i api-us.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i uiboot.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i cbp.nccp.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i ios.nccp.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i xbox.nccp.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i nccp-nrdp-31.cloud.netflix.net }
use_backend b_catchall_https if { req_ssl_sni -i nintendo.nccp.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i nrdp.nccp.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i android.nccp.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i bivl.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i htmltvui-api.netflix.com }
use_backend b_catchall_https if { req_ssl_sni -i netflix.com }
backend b_catchall_https
mode tcp
option tcplog
use-server signup.netflix.com if { req_ssl_sni -i signup.netflix.com }
server signup.netflix.com signup.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server www.netflix.com if { req_ssl_sni -i www.netflix.com }
server www.netflix.com www.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server appboot.netflix.com if { req_ssl_sni -i appboot.netflix.com }
server appboot.netflix.com appboot.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server cbp-us.nccp.netflix.com if { req_ssl_sni -i cbp-us.nccp.netflix.com }
server cbp-us.nccp.netflix.com cbp-us.nccp.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server cbp-eu.nccp.netflix.com if { req_ssl_sni -i cbp-eu.nccp.netflix.com }
server cbp-eu.nccp.netflix.com cbp-eu.nccp.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server a248.e.akamai.net if { req_ssl_sni -i a248.e.akamai.net }
server a248.e.akamai.net a248.e.akamai.net:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server api-global.netflix.com if { req_ssl_sni -i api-global.netflix.com }
server api-global.netflix.com api-global.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server movies.netflix.com if { req_ssl_sni -i movies.netflix.com }
server movies.netflix.com movies.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server movies1.netflix.com if { req_ssl_sni -i movies1.netflix.com }
server movies1.netflix.com movies1.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server secure.netflix.com if { req_ssl_sni -i secure.netflix.com }
server secure.netflix.com secure.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server moviecontrol.netflix.com if { req_ssl_sni -i moviecontrol.netflix.com }
server moviecontrol.netflix.com moviecontrol.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server api.netflix.com if { req_ssl_sni -i api.netflix.com }
server api.netflix.com api.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server api-us.netflix.com if { req_ssl_sni -i api-us.netflix.com }
server api-us.netflix.com api-us.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server uiboot.netflix.com if { req_ssl_sni -i uiboot.netflix.com }
server uiboot.netflix.com uiboot.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server cbp.nccp.netflix.com if { req_ssl_sni -i cbp.nccp.netflix.com }
server cbp.nccp.netflix.com cbp.nccp.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server ios.nccp.netflix.com if { req_ssl_sni -i ios.nccp.netflix.com }
server ios.nccp.netflix.com ios.nccp.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server xbox.nccp.netflix.com if { req_ssl_sni -i xbox.nccp.netflix.com }
server xbox.nccp.netflix.com xbox.nccp.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server nccp-nrdp-31.cloud.netflix.net if { req_ssl_sni -i nccp-nrdp-31.cloud.netflix.net }
server nccp-nrdp-31.cloud.netflix.net nccp-nrdp-31.cloud.netflix.net:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server nintendo.nccp.netflix.com if { req_ssl_sni -i nintendo.nccp.netflix.com }
server nintendo.nccp.netflix.com nintendo.nccp.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server nrdp.nccp.netflix.com if { req_ssl_sni -i nrdp.nccp.netflix.com }
server nrdp.nccp.netflix.com nrdp.nccp.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server android.nccp.netflix.com if { req_ssl_sni -i android.nccp.netflix.com }
server android.nccp.netflix.com android.nccp.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server bivl.netflix.com if { req_ssl_sni -i bivl.netflix.com }
server bivl.netflix.com bivl.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server htmltvui-api.netflix.com if { req_ssl_sni -i htmltvui-api.netflix.com }
server htmltvui-api.netflix.com htmltvui-api.netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
use-server netflix.com if { req_ssl_sni -i netflix.com }
server netflix.com netflix.com:443 check inter 10s fastinter 2s downinter 2s fall 1800
backend b_deadend_http
mode http
option httplog
option accept-invalid-http-response
option http-server-close
backend b_deadend_https
mode tcp
option tcplog
2. Installation of bind9
apt-get install bind9
2.1 Configuration of bind9
You only need to create 2 files.
2.1.1 Create the file /etc/bind/db.override and put the content below inside.
Don’t forget to change SERVER_IP by your server ip in the content below otherwise you will not be able to proxy.
;
; BIND data file for overridden IPs
;
$TTL 86400
@ IN SOA ns1 root (
2012100401 ; serial
604800 ; refresh 1w
86400 ; retry 1d
2419200 ; expiry 4w
86400 ; minimum TTL 1d
)
; need atleast a nameserver
@ IN NS ns1
; specify nameserver IP address
ns1 IN A SERVER_IP ; external IP from eth0
; provide IP address for domain itself
@ IN A SERVER_IP ; external IP from eth0
; resolve everything with the same IP address as ns1
* IN A SERVER_IP ; external IP from eth0
2.1.2 Create the file /etc/bind/zones.override and put the content below inside.
zone "netflix.com." {
type master;
file "/etc/bind/db.override";
};
2.1.3 Make sure the file /etc/bind/named.conf contains the following content
Don’t forget to change SERVER_IP by your server ip in the content below otherwise bind9 might not have permission to read your zones.
include "/etc/bind/rndc.key";
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
controls {
inet 127.0.0.1 port 953 allow {127.0.0.1;SERVER_IP;localhost;} keys { "rndc-key"; };
};
2.1.4 Append include "/etc/bind/zones.override"; at the end of the file /etc/bind/named.conf.local
2.1.5 Override the content of the file /etc/bind/named.conf.options by the following content.
options {
directory "/var/cache/bind";
allow-new-zones yes;
auth-nxdomain no;
listen-on-v6 { any; };
version none;
listen-on { any; };
forwarders { //Put inside this block dns addresses you would like to use when not proxying.
69.28.67.83; //OpenNIC DNS
8.8.8.8; //Google public dns
};
//Dont't forget to change YOUR_HOME_IP by the IP address you will use to connect to the proxy
//This prevent other people to access your proxy and use it
//This also prevent DNS DDOS attack with your server
allow-query-cache { 10.0.0.0/24; 127.0.0.1; YOUR_HOME_IP; };
additional-from-cache no;
allow-query { 10.0.0.0/24; 127.0.0.1; YOUR_HOME_IP; };
allow-recursion { 10.0.0.0/24; 127.0.0.1; YOUR_HOME_IP; };
recursion yes;
};
3. Restart services
service bind9 restart
service haproxy restart
Now your DNS proxy is ready to go!
2 Comments
Ravi · 9 July 2020 at 8 h 52 min
Hi, is a good tutorial, I need your guidance, please help me.
I want to setup smart DNS to watch shows/movies etc from India in Australia. I am new to this technology and am trying to learn it.
How to change home IP address to dynamic DNS as my ISP keeps changing IP address.
How to add Indian websites ?
I have Linux VPC (AWS & DO)
Also you mentioned about user name and password, how does that work ?
Any more information you like to provide is most welcome.
Thanks & Regards
The GrimmChester · 29 August 2020 at 13 h 24 min
Hello, sorry for the laaaate reply, I hope you found your answer.
I don’t think this is possible to use dynamic IPs as DNS and it will require that you change it manually every time but you could setup a dynamic domain to track your IP changes.
The username and password are not releated to the dynamic DNS thing, it is only here to protect the access of HAProxy which is the proxy manager and they will only be asked if you visit the management interface 127.0.0.1:27199.