• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Windows Server 2016 DNS Filter for Netflix and others

Started by DJX, October 25, 2017, 07:52:47 AM

Previous topic - Next topic


As many are aware, Netflix does not allow its customers to stream through HE.
I tried a few different approaches to force machines over to IPv4.
My final solution was to filter out AAAA records from DNS queries.
If anyone else out there has Server 2016, here is an example PowerShell command that you can run against a server running DNS:

Add policy:
Add-DnsServerQueryResolutionPolicy -Name "Filter AAAA Requests" -action deny -fqdn "EQ,*.netflix.com" -QType "EQ,AAAA

Verify policy:
Get-DnsServerQueryResolutionPolicy -Name "Filter AAAA Requests" | fl
$Policy = Get-DnsServerQueryResolutionPolicy -Name "Filter AAAA Requests"

You can also modify an existing policy to add or remove domains if you find other services not working correctly over IPv6:

Set-DnsServerQueryResolutionPolicy -Name "Filter AAAA Requests" -fqdn "EQ,*.netflix.com,*.youtube.com,*.1e100.net" -QType "EQ,AAAA"