Use Getflix or Unblock-Us servers selectively with DnsmasqMay 16, 2014 | Technology
I subscribe to Getflix, which is quite similar to Unblock-Us in that it allows users to access geo-blocked content. The basic method to use these services is to set one’s device to use their provided DNS servers, but this sends all DNS requests their way. I wanted only to use their DNS servers to resolve specific geo-blocked URLs.
There are a couple of reasons you might want to do this - you may be concerned about yet another party being privy to your site visits, and in my case I wanted to retain the faster, closer DNS servers provided by my ISP for the majority of my web requests.
Dnsmasq is present in several flavours of custom firmware available for many consumer routers, but since that was unavailable to me I have set it up on my NAS, which runs the Ubuntu-server linux distro. There are many guides for setting up Dnsmasq on many systems (for me it was as easy as “sudo apt-get install dnsmasq”), so I’ll just stick to explaining why I’ve configured it as I have.
Here is my Dnsmasq configuration file. Much of this isn’t necessary for this goal but I’ve kept it intact for context. I’ll go through why I’ve made certain decisions and it may help someone else.
# /etc/dnsmasq.conf # regular dns servers (IPs redacted) server=x.x.x.x server=x.x.x.x server=x.x.x.x server=x.x.x.x # getflix primary dns server=/getflix.com.au/220.127.116.11 server=/netflix.com/18.104.22.168 server=/watchafl.afl.com.au/rightster.com/22.214.171.124 server=/hulu.com/a248.e.akamai.net/126.96.36.199 server=/pbs.org/188.8.131.52 server=/bbc.co.uk/cp143012-i.akamaihd.net/184.108.40.206 server=/itv.com/220.127.116.11 server=/channel4.com/18.104.22.168 # getflix secondary dns server=/getflix.com.au/22.214.171.124 server=/netflix.com/126.96.36.199 server=/watchafl.afl.com.au/rightster.com/188.8.131.52 server=/hulu.com/a248.e.akamai.net/184.108.40.206 server=/pbs.org/220.127.116.11 server=/bbc.co.uk/cp143012-i.akamaihd.net/18.104.22.168 server=/itv.com/22.214.171.124 server=/channel4.com/126.96.36.199 # settings interface=em1 # accept requests from the em1 interface bogus-priv # don't forward non-routable (local) addresses domain-needed # don't forward incomplete hostnames (names without dots) no-resolv # don't read /etc/resolv.conf to get upstream servers all-servers # use all servers, use the first returned #strict-order # query servers in the order they appear domain=local # set the domain name of this network local=/local/ # set selected domains to only resolve locally expand-hosts # add our domain name to our local hostnames cache-size=10000 # increase the cache to 10k records no-hosts # don't use the regular hosts file addn-hosts=/etc/dnsmasq.hosts # use alternate hosts file # dhcp: set range, netmask and lease time for unidentified clients dhcp-range=192.168.1.100,192.168.1.199,255.255.255.0,168h read-ethers # read the /etc/ethers file for static assignment dhcp-option=3,192.168.1.1 # set the gateway (router) # logging log-facility=/var/log/dnsmasq # log file #log-queries # log dns queries #log-dhcp # log dhcp activity # disable a bunch of windows stuff filterwin2k # block certain unnecessary windows requests dhcp-option=19,0 # set ip-forwarding off dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP (WINS) nameserver(s) dhcp-option=45,0.0.0.0 # netbios datagram distribution server dhcp-option=46,8 # netbios node type dhcp-option=252,"\n" # tell windows not to ask for proxy info dhcp-option=vendor:MSFT,2,1i # tell windows to release lease on shutdown
While troubleshooting my setup I was logging DHCP and DNS activity on top of the standard Dnsmasq reporting, but I’ve turned both off now. The final block of the config turns off a bunch of stuff related to Windows clients, which I do have, but my network is so small that they are pointless overheads.
That’s about it! Let me know if you have any questions about my configuration, or if you can help me improve upon it. My thanks to these articles, which pointed me in the right direction:
- Setting up dnsmasq with Ubuntu 10.04 for home networking
- Dnsmasq For Easy LAN Name Services
17 May 2014: Since posting this I’ve changed router, and the new one doesn’t support DHCP relaying. So I’m now doing DHCP on the router itself and am simply using Dnsmasq for DNS. I have commented out all of the DHCP lines in
/etc/dnsmasq.conf and therefore no longer use
/etc/ethers, but everything still works as before.