{"id":2452,"date":"2020-03-01T23:24:21","date_gmt":"2020-03-02T04:24:21","guid":{"rendered":"https:\/\/blog.jonesling.us\/?p=2452"},"modified":"2020-04-24T07:25:42","modified_gmt":"2020-04-24T11:25:42","slug":"accessing-netflix-when-you-have-an-ipv6-address-via-a-tunnel-broker","status":"publish","type":"post","link":"https:\/\/blog.jonesling.us\/?p=2452","title":{"rendered":"Bypassing a Tunnel-Broker IPv6 Address For Netflix"},"content":{"rendered":"\r\n

My ISP is pretty terrible but living in the United States, as I do, effectively makes internet service a regional monopoly.\u00a0 In my case, not only do I pay too much for service but certain websites (cough<\/em> google.com cough<\/em>) are incredibly slow for no reason other than my ISP is a dick and won’t peer with them properly.<\/p>\r\n\r\n\r\n\r\n

This particular ISP, despite being very large, has so far refused to roll out IPv6.\u00a0 This was annoying until I figured out that I could use this to my advantage.\u00a0 If they won’t peer properly over IPv4, maybe I can go through a tunnel broker<\/a> to get IPv6 and route around them.\u00a0 Surprisingly, it worked beautifully.\u00a0 GMail has never loaded so fast at home.<\/p>\r\n\r\n\r\n\r\n

It was beautiful, that is, until I discovered an unintended side effect: Netflix stopped working.<\/p>\r\n\r\n\r\n\r\n

\r\n
\"netflix\r\n
Despite my brokered tunnel terminating inside the United States, Netflix suspects me of coming from outside the United States.<\/figcaption>\r\n<\/figure>\r\n<\/div>\r\n\r\n\r\n\r\n

A quick Google search confirmed my suspicion.\u00a0 Netflix denies access to known proxies, VPNs, and, sadly, IPv6 tunnel brokers.\u00a0 My brave new world was about to somewhat less entertaining if I couldn’t fix this.<\/p>\r\n\r\n\r\n\r\n

Background<\/h1>\r\n\r\n\r\n\r\n

Normally a DNS lookup returns both A (IPv4) and AAAA (IPv6) records together:<\/p>\r\n\r\n\r\n\r\n

$ nslookup google.com\r\nServer:     192.168.1.2\r\nAddress:    192.168.1.2#53\r\n\r\nNon-authoritative answer:\r\nName:   google.com\r\nAddress: 172.217.12.142\r\nName:   google.com\r\nAddress: 2607:f8b0:4006:819::200e<\/pre>\r\n\r\n\r\n\r\n
Some services will choose to provide multiple addresses for redundancy; if the first address doesn’t answer then your computer will automatically try the next in line.<\/p>\r\n\r\n\r\n\r\n
Netflix in particular will return a large number of addresses:<\/p>\r\n\r\n\r\n\r\n
$ nslookup netflix.com 8.8.8.8\r\nServer: 8.8.8.8\r\nAddress: 8.8.8.8#53\r\n\r\nNon-authoritative answer:\r\nName: netflix.com\r\nAddress: 54.152.239.3\r\nName: netflix.com\r\nAddress: 52.206.122.138\r\nName: netflix.com\r\nAddress: 35.168.183.177\r\nName: netflix.com\r\nAddress: 54.210.113.65\r\nName: netflix.com\r\nAddress: 52.54.154.226\r\nName: netflix.com\r\nAddress: 54.164.254.216\r\nName: netflix.com\r\nAddress: 54.165.157.123\r\nName: netflix.com\r\nAddress: 107.23.222.64\r\nName: netflix.com\r\nAddress: 2406:da00:ff00::3436:9ae2\r\nName: netflix.com\r\nAddress: 2406:da00:ff00::6b17:de40\r\nName: netflix.com\r\nAddress: 2406:da00:ff00::34ce:7a8a\r\nName: netflix.com\r\nAddress: 2406:da00:ff00::36a5:f668\r\nName: netflix.com\r\nAddress: 2406:da00:ff00::36a5:9d7b\r\nName: netflix.com\r\nAddress: 2406:da00:ff00::23a8:b7b1\r\nName: netflix.com\r\nAddress: 2406:da00:ff00::36d2:7141\r\nName: netflix.com\r\nAddress: 2406:da00:ff00::36a4:fed8<\/pre>\r\n\r\n\r\n\r\n
The Solution<\/h1>\r\n\r\n\r\n\r\n
The key is to have your local DNS resolver return A records, but not AAAA, if (and only if) it’s one of Netflix’s hostnames.<\/p>\r\n\r\n\r\n\r\n
Before I document the solution, it helps to know my particular setup and assumptions:<\/p>\r\n\r\n\r\n\r\n