All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Setup your own DNS and HAProxy based Netflix/Hulu Tunnel
In this tutorial i will be explaining how to setup your own DNS and HAProxy based Netflix and Hulu Tunnel. You no longer need a VPN or Proxy configured at your device anymore to watch USA based Netflix and Hulu content. This works great in combination with a Chromecast or Apple TV.
What you will need to have: 2 VPS servers, one for the DNS and one for the HAProxy (you can also use 1 VPS, but I have been using 2). You will also need Bind9 and HAProxy installed. I assume that you know how to install that.. If not, use Google.
If you're looking for an affordable and stable host for your VPS, check out http://BudgetVZ.com and http://NanoVZ.com - Use coupon code evoFlix15 for a 15% Recurring discount!
The configuration for Bind9 (The DNS Server).
cd into /etc/bind and modify the following files:
nano named.conf.local:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
include "/etc/bind/rndc.key";
include "/etc/bind/zones.override";
acl "trusted" {
XX.XX.XX.XX; // IP of your VPS
XX.XX.XX.XX; // IP of your own ISP/Home connection
127.0.0.1;
};
logging {
channel bind_log {
file "/var/log/named/named.log" versions 5 size 30m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category default { bind_log; };
category queries { bind_log; };
};
nano zones.override:
zone "hulu.com." {
type master;
file "/etc/bind/db.override";
};
zone "huluim.com." {
type master;
file "/etc/bind/db.override";
};
zone "netflix.com." {
type master;
file "/etc/bind/db.override";
};
Read the rest of the tutorial at https://joodle.nl/setup-your-own-dns-and-haproxy-based-netflix-hulu-tunnel/
Got questions? Send me a PM! 
Comments
Danke!
i love you joodle
so @joodle, after finishing the setup, we just need to change our dns to our vps IP? And do you only use Budgetvz for it? Some US vps provider already blocked by Hulu
Correct, and yes, I used BudgetVZ for Hulu and it's working just fine
This could however change in the future as Hulu keeps blocking more and more non-residential IP's!
Thanks joodle. DigitalOcean, RamNode, HVH, Hosthatch, and some were blocked, so I can't use them for watching Hulu again.
how is this easier than foxyproxy o.o
Does Foxyproxy work on a Chromecast or Apple TV? Nope it doesn't.
@joodle, do you know what this line means?
allow-recursion { any; };(along with specifying forwarders)
lol I guess I don't understand the point of chromecast or apple tv either
Without allow-recursion any i couldn't get the dns to work. And yes, i know what it means.
You could buy 2 http://budgetvz.com servers for 8euro a year ffs xD best DNS tunnel
I smell an open dns waiting to be abused.
I heard that with chrome installed on a pc you can stream anything from the browser to the chromecast. Then FoxyProxy would be useful.
Doesn't work with Netflix..
Updated my Post/Blog post to add trusted IPs to the config.
Why is the configuration posted here different to the one you use on your tutorial website?
On your website you are using ACL for the DNS server. At least some kind of security. But your setup wouldn't work when you got dynamic IPs at home I think..
I posted the same config here... I updated the LET post before i updated it on my blog..
If you have a dynamic IP, just keep changing it at the ACL trusted list.. Can't do anything about that.
another thing I noticed:
For you who want this to work and don't have IPv6 on your home connection, don't go for a LES VPS (including NanoVZ) because the DNS port is not forwarded.
You need a dedicated IPv4 or dns forward.
for the HAProxy setup, a LES (including NanoVZ) is a good option. It need to have a US IP to browse the American content of Netflix and to be allowed by Hulu.
Nice.. Danke Joodle.
Am I able to get this working for other sites by default (without tweaking the configuration)?
Judging from the HAproxy setup and naming, you simple copied most things from https://github.com/skorokithakis/netproxy and just added bind. How lame not to credit the authors.
Nope, i did see that one, but i made my own config, which works better than the one provided right there.
Yeah, right. That's why the proxy naming scheme is 1:1 identical.
Oh really? Where did you find that? https://github.com/skorokithakis/netproxy/blob/master/supervisord/haproxy.conf
Can't see that there bro. Now stop trashing my thread, lot's of people appreciate this tutorial.
You and I we both know its stolen and you got caught red handed. The netproxy generator generates the HAproxy configuration on the fly and once generated, looks exactly like "yours". Just add credit where credit is due, that's all I'm asking for.
I have a similiar setup on one of my VPSs, also acting as a DNS. My approach on securing the box is a little other, I use IPtables. The IP of my home network is dynamic. I setup a Dynamic DNS service (NoIP) with my router. That way, the DynDNS adress gets updated everytime my router gets a new IP adress from my ISP. On the VPS I have a chron running every 5 minutes with the following script:
#!/bin/bash
nslookup myadress.myftp.biz > /tmp/ip.txt
ip=$(sed -n '6p' /tmp/ip.txt)
ip=$(echo ${ip#*:})
iptables --flush
iptables -A INPUT -p tcp --dport 22220 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s $ip/32 -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -s $ip/32 -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -s $ip/32 -p tcp -m tcp --dport 443 -j ACCEPT
iptables -P INPUT DROP
service iptables save
service iptables restart
Basically, it just gets the current IP adress of my home network from the Dynamic DNS service via nslookup, writes it to a file and formats the data that I can use it as a variable for the iptables.
This way I don't have to bother with changing any config files manually. Maybe you like the idea..
One question, how to prevent this one from being a victim in DNS amplification attack?
And also if we already have an Anycast IP like what BuyVM is offering, does that mean we don't have to set up HAProxy and it is automatically going to route to the available DNS?
The ACL Trusted table.
I don't think you understand what HAProxy is doing now xD. HAProxy works as a Proxy (just like squid etc) and proxies all the incoming connections.
U having a laugh? Was talking to joodle as he wrote it. I know he wrote it otherwise he wouldn't have asked me questions
Nah, only used the base (which is also available on the web anyway), and i still made my own version of the config.
Agreed, HAProxy is always confusing to me, I think I understand what you mean now. So with Anycast IP, can I just set up a Squid proxy on each of the VMs and have the outgoing IP automatically to be the anycast IP?
I have no idea.. I don't know much about Anycast