I had been happily using HE’s tunnel broker to gain access to the IPv6 internet for some time.\u00a0 A side effect of this was that I would quite often get the US version of the Netflix catalogue.\u00a0 Back in June of 2016, Netflix started actively blocking HE’s subnets because of people using them explicitly to avoid their geo blocking.\u00a0 Consequently, I would get an error when trying to watch Netflix. The solution I had been using was to reject all IPv6 traffic at the firewall for any device that I used to access Netflix.\u00a0 It bothered me to essentially turn off IPv6 for those devices, and I recently found a better solution.\u00a0 I use unbound as my recursive dns resolver, and I found by adding the following code to its configuration file, Netflix has been working without rejecting the IPv6 traffic.<\/p>\n
local-zone: “netflix.com” typetransparent
\nlocal-data: “netflix.com AAAA ::1”
\nlocal-data: “android-appboot.netflix.com AAAA ::1”
\nlocal-data: “android.nccp.netflix.com AAAA ::1”
\nlocal-data: “android.prod.cloud.netflix.com AAAA ::1”
\nlocal-data: “api-global.latency.prodaa.netflix.com AAAA ::1”
\nlocal-data: “api-global.netflix.com AAAA ::1”
\nlocal-data: “api-global.us-east-1.prodaa.netflix.com AAAA ::1”
\nlocal-data: “api-global.us-west-2.prodaa.netflix.com AAAA ::1”
\nlocal-data: “api.netflix.com AAAA ::1”
\nlocal-data: “appboot.netflix.com AAAA ::1”
\nlocal-data: “appboot.us-east-1.prodaa.netflix.com AAAA ::1”
\nlocal-data: “appboot.us-west-2.prodaa.netflix.com AAAA ::1”
\nlocal-data: “cast-uiboot.prod.http1.netflix.com AAAA ::1”
\nlocal-data: “cast.netflix.com AAAA ::1”
\nlocal-data: “cast.prod.http1.netflix.com AAAA ::1”
\nlocal-data: “customerevents.netflix.com AAAA ::1”
\nlocal-data: “dockhand.netflix.com AAAA ::1”
\nlocal-data: “ichnaea.geo.netflix.com AAAA ::1”
\nlocal-data: “ichnaea.latency.prodaa.netflix.com AAAA ::1”
\nlocal-data: “ichnaea.netflix.com AAAA ::1”
\nlocal-data: “ichnaea.us-east-1.prodaa.netflix.com AAAA ::1”
\nlocal-data: “ichnaea.us-west-2.prodaa.netflix.com AAAA ::1”
\nlocal-data: “ios.nccp.netflix.com AAAA ::1”
\nlocal-data: “ios.prod.http1.netflix.com AAAA ::1”
\nlocal-data: “nintendo.nccp.netflix.com AAAA ::1”
\nlocal-data: “nrdp.nccp.netflix.com AAAA ::1”
\nlocal-data: “presentationtracking.netflix.com AAAA ::1”
\nlocal-data: “prod.http1.us-west-2.prodaa.netflix.com AAAA ::1”
\nlocal-data: “secure.netflix.com AAAA ::1”
\nlocal-data: “uiboot.netflix.com AAAA ::1”
\nlocal-data: “www.geo.netflix.com AAAA ::1”
\nlocal-data: “www.latency.prodaa.netflix.com AAAA ::1”
\nlocal-data: “www.netflix.com AAAA ::1”
\nlocal-data: “www.us-east-1.prodaa.netflix.com AAAA ::1”
\nlocal-data: “www.us-west-2.prodaa.netflix.com AAAA ::1”<\/p>\n
Essentially, any request for AAAA records returns localhost, but all other records are resolved normally.\u00a0 I created the list by checking the unbound log file while devices were trying to access Netflix.\u00a0 If I find any more hostnames to redirect, I will add them to the list.<\/p>\n
Latest update July 6 2018<\/p>\n","protected":false},"excerpt":{"rendered":"
I had been happily using HE’s tunnel broker to gain access to the IPv6 internet for some time.\u00a0 A side effect of this was that I would quite often get the US version of the Netflix catalogue.\u00a0 Back in June of 2016, Netflix started actively blocking HE’s subnets because of people using them explicitly to … Continue reading Hurricane Electric IPv6 Tunnel, Netflix & Unbound<\/span>