Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


how does smartdns work?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

how does smartdns work?

Is it the same as a proxy which is only activated at certain sites?
does netflix know my real ip when I am using it via smartdns?
If it does know my real ip why doesnt it block it?

Comments

  • @muneebrocks said:
    Is it the same as a proxy which is only activated at certain sites?

    Similar

    does netflix know my real ip when I am using it via smartdns?

    No

    If it does know my real ip why doesnt it block it?

    Because it doesn't know your real IP

  • ah okay because they keep saying no speed loss and your ip will not change so got confused
    thank you

  • The DNS directory that matches name to numbers isn’t located all in one place in some dark corner of the internet. With more than 332 million domain names listed at the end of 2017, a single directory would be very large indeed. Like the internet itself, the directory is distributed around the world, stored on domain name servers (generally referred to as DNS servers for short) that all communicate with each other on a very regular basis to provide updates and redundancies

  • @sumeethannurkar said:
    The DNS directory that matches name to numbers isn’t located all in one place in some dark corner of the internet. With more than 332 million domain names listed at the end of 2017, a single directory would be very large indeed. Like the internet itself, the directory is distributed around the world, stored on domain name servers (generally referred to as DNS servers for short) that all communicate with each other on a very regular basis to provide updates and redundancies.

    I can smell a cut and paste like a fart in a car.

    https://www.networkworld.com/article/3268449/what-is-dns-and-how-does-it-work.html

  • KousakaKousaka Member
    edited February 2021

    The science behind that is: when you access netflix, netflix.com will be resolved to their servers, where sniproxy or haproxy is transparently forwarding traffic. Then netflix will only see their ip. Technically it's possible for netflix to know your real ip as long as they really want to.

  • farsighterfarsighter Member
    edited February 2021

    I'll try to explain in a nutshell.

    SmartDNS serves as a proxy between you and the streaming site until content is delivered.
    You enter Netflix or Hulu URL for example then instead of sending you to the real IP of those sites you're sent to a different IP the SmartDNS forged for you through which there are no geo restrictions.
    All your content streaming requests are mediated by this IP until the final stage where the CDN sends you the requested file to play. At this advanced stage there are no more geographical screenings and the SmartDNS proxy ( which is founded on this fact) is getting out of the picture so the media is sent directly to your real IP and played at normal speed.

    Companies still find out about this activity (not hard. Too many people through a certain IP is suspicious) so this is a cat and mouse game where IP addresses are swapped regularly. A reliable paid SmartDNS service should ensure that there are always options that work.

    The SmartDNS by the way does not encrypt your traffic at all. It's completely different from a VPN.
    Also, you should be very careful and stay away from "free" SmartDNS services which (if at all work) can easily fake your connection to other sites like PayPal and Gmail and steal credentials in an easy phishing.

    Thanked by 1yoursunny
  • You're asking someone who plagiarizes what the point of plagiarizing is?

    Anyway, it's not the first time that he has plagiarized. Consider

    https://www.lowendtalk.com/discussion/comment/3193953/#Comment_3193953

    This is copied verbatim from the first answer of

    https://www.digitalocean.com/community/questions/how-can-i-point-subdomain-to-ip-port

  • @farsighter said:
    I'll try to explain in a nutshell.

    SmartDNS serves as a proxy between you and the streaming site until content is delivered.
    You enter Netflix or Hulu URL for example then instead of sending you to the real IP of those sites you're sent to a different IP the SmartDNS forged for you through which there are no geo restrictions.
    All your content streaming requests are mediated by this IP until the final stage where the CDN sends you the requested file to play. At this advanced stage there are no more geographical screenings and the proxy ( which is founded on this fact) is getting out of the picture so the media is sent directly to your real IP and played at normal speed.

    Companies still find out about this activity (not hard. Too many people through a certain IP is suspicious) so this is a cat and mouse game where IP addresses are swapped regularly. A reliable paid SmartDNS service should ensure that there are always options that work.

    The SmartDNS by the way does not encrypt your traffic at all. It's completely different from a VPN.
    Also, you should be very careful and stay away from "free" SmartDNS services which (if at all work) can easily fake your connection to other sites like PayPal and Gmail and steal credentials in an easy phishing.

    thank you this was really useful

  • @farsighter said: Also, you should be very careful and stay away from "free" SmartDNS services which (if at all work) can easily fake your connection to other sites like PayPal and Gmail and steal credentials in an easy phishing.

    MitM for PayPal and Gmail (and indeed most sites these days) is actually very hard due to TLS and HSTS. A large portion of sites use HTTPS and HSTS now, so even if a SmartDNS service were to reroute PayPal or Gmail traffic to their own servers, you'd see a scary security warning that's often not bypassable (depending on how the 'real' server is configured)

    Because of that, I don't actually understand how these SmartDNS services still work. I'm fairly sure Netflix uses HTTPS, but perhaps they don't use it for their CDN nodes?

  • yoursunnyyoursunny Member, IPv6 Advocate

    @Daniel15 said:
    Because of that, I don't actually understand how these SmartDNS services still work. I'm fairly sure Netflix uses HTTPS, but perhaps they don't use it for their CDN nodes?

    HTTPS can be proxied. However, the proxy would not be able to see or modify HTTP requests and responses.
    Given the purpose is bypassing IP geo restriction, you can think of the proxy as some sort of port forwarding - it passes whatever you send them to the origin site at TCP level, without decrypting.
    The origin site would see the connecting IP being the exit IP of the proxy, instead of the client IP.

    Thanked by 1Daniel15
  • @yoursunny said:

    @Daniel15 said:
    Because of that, I don't actually understand how these SmartDNS services still work. I'm fairly sure Netflix uses HTTPS, but perhaps they don't use it for their CDN nodes?

    HTTPS can be proxied. However, the proxy would not be able to see or modify HTTP requests and responses.
    Given the purpose is bypassing IP geo restriction, you can think of the proxy as some sort of port forwarding - it passes whatever you send them to the origin site at TCP level, without decrypting.
    The origin site would see the connecting IP being the exit IP of the proxy, instead of the client IP.

    Ahh, right, so it just tunnels the connection unmodified. That makes sense. Thanks!

  • @Daniel15 said: MitM for PayPal and Gmail (and indeed most sites these days) is actually very hard due to TLS and HSTS. A large portion of sites use HTTPS and HSTS now, so even if a SmartDNS service were to reroute PayPal or Gmail traffic to their own servers, you'd see a scary security warning that's often not bypassable (depending on how the 'real' server is configured)

    You don't need to break HSTS/TLS for this, they just resolve certain hostnames like nflxcdn to their own IPs that then reverse proxy it to the backend. No MITM.

    The proxies come with ACLs to only pass traffic to Netflix or Hulu or whatever and have host header and IP destination restrictions.

    Thanked by 1Daniel15
  • @Jio said:
    You don't need to break HSTS/TLS for this, they just resolve certain hostnames like nflxcdn to their own IPs that then reverse proxy it to the backend. No MITM.

    Wouldn't DNSSEC defeat that custom resolution?

  • DNSSEC requires that your client wants to enable dnssec and respect it

Sign In or Register to comment.