• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Netflix detects Toronto tunnel server as being in the US.

Started by primordial, June 01, 2016, 06:33:48 PM

Previous topic - Next topic

obsessive

#15
Yeah I noticed that.. until I added the last range, streaming would work sporadically. I might have to filter out the AAAA records from the DNS servers to be on the safe side

[edit]

But then again.. I didn't think AWS supported ipv6.. so I guess until they do, i'm kicking the can down the road a bit

sabersix

Quote from: cdhowie on June 02, 2016, 02:54:03 PM
Add me to the list of users affected.  I have sent them a few angry tweets.  Sometimes social media can get a company's attention since it's content they can't control, and has a negative PR impact.  I would suggest everyone affected tweet at them with a summary of the problem.

In the meantime, I'm trying to determine if there is a subnet I can block in my FORWARD chain that will kick Netflix over to IPv4, otherwise my only option is to entirely ditch IPv6 (which, of course, is not going to happen).


Yeah... I just got bit by this yesterday.  I'm using the HE server in LAX.  But my Centurylink DSL I think shows up as some place else in the SW.  <sigh> 
Anyway.. I did tweet them, but so far no reply... not overly shocked on it.   
I will drop Netflix before I do v6.   

I've been trying to figure out how to force v4 DNS for *.netflix.com on OpenWRT on my router but not having much luck (using OpenDNS revolvers).   If anyone can point me in the right direction that would be most appreciated.



cdhowie

Quote from: sabersix on June 03, 2016, 07:54:54 AMI've been trying to figure out how to force v4 DNS for *.netflix.com on OpenWRT on my router but not having much luck (using OpenDNS revolvers).   If anyone can point me in the right direction that would be most appreciated.

I wrote this yesterday and it solved my problem.  It's a DNS proxy that returns empty responses for AAAA requests for *.netflix.com and passes everything else onto another server.  If you cannot install it on your router, you could install it on a different Linux machine on your network and have it proxy DNS requests to your router, assuming you can change the DNS servers advertised by your DHCP server.

sabersix

Quote from: cdhowie on June 03, 2016, 07:57:13 AM
I wrote this yesterday and it solved my problem.  It's a DNS proxy that returns empty responses for AAAA requests for *.netflix.com and passes everything else onto another server.  If you cannot install it on your router, you could install it on a different Linux machine on your network and have it proxy DNS requests to your router, assuming you can change the DNS servers advertised by your DHCP server.


Sweet.  Thanks.  Installing a Ubuntu VM now to give it a shot.

Thanks

sabersix

Just posting a follow up to your DNS proxy.  Works like a charm!  Took a bit to get my DHCPv6 stuff working right to clients to use the proxy.  Once that was figured out.. Windows clients worked like a charm.

Mac... not so much.   I had to put in an option into DHCPv4 setup to over ride the IP that was going out on the LAN interface and use the v4 address of the proxy VM I setup.   Once the Macs rebooted.. they got the v4 of the proxy and v6 of the proxy and Netflix worked on them.   Not overly concerning, but was more for my learning. 

AppleTV only allows for v4 config, but had the v6 proxy addy.  But still didn't work.  Manually configured it to use v4 of the proxy and it started to work. 

My guess is the iPads and what not will work now as well with reboots/renews... but .. ooo.. shiney... netflix on Apple tv..

thanks again for the code/proxy you wrote.

jeremyhu

I just noticed this today as well  >:(

I'm in the SF Bay Area and go through Fremont.

I was on the phone with Netflix for about almost two hours.  The first CSR that I was talking to has absolutely zero knowledge of networking.  After over an hour of waiting on hold, trying to educate the CSR about IPv6, and going through their insane resolution flowchart because it was easier than arguing with them, I finally got a supervisor who was just as unhelpful.  She continued to insist that there is no problem with their systems and that if I was still getting this error after rebooting my computer that I should contact my ISP because it must be the case that my ISP is reporting to Netflix that I'm connecting through an illegal proxy server.  I tried to inform her about how completely ridiculous that statement was, about how ISPs don't report that information and how there is no global geoip database and how multiple customers started reporting these issues in the past 48 hours, but she refused to budge.

I gave up.  So this is me "contacting my ISP".  Can someone at HE please go beat Neflix with a Do-Better-Stick?

sabersix

Quote from: jeremyhu on June 03, 2016, 09:41:52 PM

I gave up.  So this is me "contacting my ISP".  Can someone at HE please go beat Neflix with a Do-Better-Stick?

And a clue bat.    ;)

I called them too before putting in the DNS proxy thing and they kept pointing at my ISP.  I told them that was ridiculous as if it was my ISP, they would get crushed with calls as it's an eyeball network. 

They seem to be acting just like Team Viewer.  "We have no issues, we blame <everything but us>"


aandaluz

I'm also affected by this block, althogh my endpoint is in Paris, so not much would have changed over ipv4 right no(  tunnel server at  Paris).

It is sad to force netflix to work over ipv4 for the time being until my isp deploys ipv6 natively. But is seems that Hollywood and media producers still don't get what global entertaiment consumers really want...

derby

I started getting blocked, too, on Jun 2.  My ISP is Verizon FIOS, so will be a long time before they get IPv6.  I've been running a HE tunnel for years and it has worked perfectly.  Have a CISCO 1921 router but been a long time since I waded through the IOS to set up the router.  If anyone figures out how to tell CISCO IOS to only provide IPv4 on the interface used by the Apple TV ver 4 I can connect the two  Apple TV's to two ethernet interfaces on the CISCO 1921  and get Netflix back without having to drop the IPv6 Tunnel. 

I tried setting DNS on the Apple TV ver 4 to Google's DNS server, 8.8.8.8 but for some reason the Apple TV still defaults to IPv6 and Netflix reports back:

Streaming Error  You seem to be using an unblocker or proxy. Please turn off any of these services and try again. For more help, visit netflix.com/proxy.

broquea

Just because you set a DNS server to an IPv4 address, doesn't mean it won't return AAAA records.
If it returns AAAA records, and you have IPv6 connectivity, your device will try to use IPv6.

There are reddit threads with people listing IPv6 ranges to drop routing to, that force Netflix to fail over to IPv4 when unreachable.
If you try that, then IPv6 should continue working everywhere else but Netflix and anything else in those ranges.
Or you can try the DNS scrubbing proxy someone in here already made.

derby

Agree that normally AAAA records are returned from IPv4 DNS requests, but several postings on the internet indicated Google was only returning IPv4 addresses on their 8.8.8.8 DNS servers.  Obviously this is wrong info.

Shouldn't blocking IPv6 traffic from my CISCO 1921 router to the Apple TV by instructing IOS to not provide IPv6 on the router's interface where the Apple TV is connected solve the problem, too?

If IPv6 traffic is blocked on just that interface, then the Apple TV would think IPv6 was not available and only make IPv4 requests.  That seems pretty straightforward to me.  Maybe I'm missing something.

I was hoping someone had tried this approach.  I searched the web and found other approaches but not this one.  I'll look into the reddit threads for dropping IPv6 ranges.  My understanding is that Netflix is hosted at AWS so dropping routing to IP addresses would be blocking more than just Netflix.

JRMTL

@derby

that's pretty much the approach I'm using. I setup an IPv4 only guest wifi SSID on my AP. Netflix is working fine on my ATV

derby

I found a work around until Netflix figures out a way to not penalize the few of us that are using IPv6 tunnels until our ISP catches up  with their onerous blocking...  (I'm not holding my breath waiting for Verizon FIOS to support IPv6)

I set up an Ubiquiti UniFi AP-AC in "guest" mode.  This Level 2 access point provides IPv4 connectivity to the router, but does not provision the clients with IPv6 addresses in guest mode.  So the Apple TV is now an authorized "guest" for 365 days before having to authorize again to the UniFi Access Point and Netflix now streams to the Apple TV.

cshilton

Thanks for this code cdhowie! I run OpenBSD 5.8 on my router. I was able to get this going by installing the devel/py-twisted port on my machine and then running this code after configuration. I'll generate up an OpenBSD rcctl script for people who are interested.

-- Chris

bjo

I'm also affected (with 2 tunnels in Frankfurt, one running at home and one at my gf's home). Some weeks ago I talked to netflix and they said I'll should talk to my ISP that I'll get a new IP. Well, yeah  >:(