cdhowie · July 17, 2019 02:27 · Jun 7, 2016 · Jun 7, 2016 · Jun 5, 2016 · Jun 5, 2016
diff --git a/README.md b/README.md
@@ -1,49 +1 @@
-# fix-netflix-dns
-
-This is a DNS server that intentionally returns an empty result set for any
-AAAA query for netflix.com or any subdomain thereof.  The intent is to force
-Netflix to use IPv4 in cases where Netflix has blocked IPv6 access --
-specifically, for [Hurricane Electric users who find Netflix giving them the
-error](https://forums.he.net/index.php?topic=3564.0):
-
-> You seem to be using an unblocker or proxy. Please turn off any of these
-> services and try again. For more help, visit netflix.com/proxy.
-
-Note that this server **does not** in any way circumvent Netflix's block
-against these IPv6 address ranges; all it does is force Netflix to use the IPv4
-Internet.
-
-I also considered null-routing the Netflix IPv6 address ranges, but many (all?)
-Netflix services are deployed in Amazon Web Services, so there's no good way to
-reliably null-route Netflix without null-routing all of AWS.  Dealing with the
-problem in the DNS process allows us to precisely block exactly what we want
-blocked (\*.netflix.com) and nothing that we don't want blocked.
-
-## Dependencies
-
-The only dependency is Twisted Names for Python.
-
-## Configuration
-
-Open `server.py` and configure the `OPTIONS` dict according to the comments.
-Here you will be able to configure which address and port this server binds to,
-as well as which DNS server it will forward requests to.
-
-Note that if you are using dnsmasq and its built-in DHCP server, and you
-reconfigure it to listen on a port other than 53 for DNS, it will stop
-advertising itself as a DNS server to DHCP clients.  Put `dhcp-option=6,$IP` in
-`dnsmasq.conf` (changing `$IP` to the server's LAN IP) to fix this.  Note that
-this will not work when dnsmasq is serving multiple different DHCP ranges,
-unless you use an IP address that is reachable from all of those networks.
-
-## Installation
-
-Clone this repository into `/opt/fix-netflix-dns`.  (You can clone as any user,
-but the server must be run as root in order to bind to port 53.)
-
-Run the following commands to install the systemd service:
-
-    cd /etc/systemd/system
-    ln -s /opt/fix-netflix-dns/fix-netflix-dns.service
-    systemctl enable fix-netflix-dns.service
-    systemctl start fix-netflix-dns.service
+This project has moved to https://github.com/cdhowie/netflix-no-ipv6-dns-proxy
diff --git a/fix-netflix-dns.service b/fix-netflix-dns.service
@@ -1,12 +0,0 @@
-[Unit]
-Description=DNS server that intentionally fails to resolve AAAA for Netflix
-After=network.target
-Wants=network.target
-
-[Service]
-ExecStart=/opt/fix-netflix-dns/server.py
-Restart=always
-RestartSec=5
-
-[Install]
-WantedBy=default.target

diff --git a/server.py b/server.py
@@ -1,62 +0,0 @@
-#!/usr/bin/env python
-
-OPTIONS = {
-    # Port to bind to.
-    'listen-port': 53,
-
-    # Address to bind to.  '::' will bind IPv6; make sure bindv6only is 0 in
-    # your sysctl configuration for this binding to service IPv4 clients, too.
-    # ("cat /proc/sys/net/ipv6/bindv6only" to verify.)
-    'listen-address': '::',
-
-    # Here is where you configure what DNS server to proxy to.  You must
-    # specify exactly one of the following options; comment out the other.
-
-    # Specify one or more servers to proxy to.  Note that Twisted may not be
-    # happy if you use an IPv6 address.
-    # 'upstream-dns': [('127.0.0.1', 10053)],
-
-    # Specify a resolv.conf file from which to read upstream nameservers.  As
-    # noted above, if you have any upstream IPv6 servers, Twisted may not be
-    # happy about that.
-    # 'resolv-conf': '/etc/resolv.conf',
-}
-
-from twisted.internet import reactor, defer
-from twisted.names import client, dns, error, server
-
-class BlockNetflixAAAAResolver(object):
-    def __shouldBlock(self, query):
-        domainParts = query.name.name and query.name.name.split('.')
-
-        if not domainParts or len(domainParts) < 2:
-            return False
-
-        return query.type == dns.AAAA and domainParts[-2] in ('netflix', 'nflximg')
-
-    def query(self, query, timeout=None):
-        if self.__shouldBlock(query):
-            return defer.succeed(([], [], []))
-        else:
-            return defer.fail(error.DomainError())
-
-def main():
-    factory = server.DNSServerFactory(
-        clients=[
-            BlockNetflixAAAAResolver(),
-            client.Resolver(
-                servers=OPTIONS.get('upstream-dns', None),
-                resolv=OPTIONS.get('resolv-conf', None)
-            )
-        ]
-    )
-
-    protocol = dns.DNSDatagramProtocol(controller=factory)
-
-    reactor.listenUDP(OPTIONS['listen-port'], protocol, interface=OPTIONS['listen-address'])
-    reactor.listenTCP(OPTIONS['listen-port'], factory, interface=OPTIONS['listen-address'])
-
-    reactor.run()
-
-if __name__ == '__main__':
-    raise SystemExit(main())

diff --git a/server.py b/server.py
@@ -27,9 +27,12 @@
 
 class BlockNetflixAAAAResolver(object):
     def __shouldBlock(self, query):
-        penultimateDomainPart = query.name.name.split('.')[-2]
+        domainParts = query.name.name and query.name.name.split('.')
 
-        return query.type == dns.AAAA and penultimateDomainPart in ('netflix', 'nflximg')
+        if not domainParts or len(domainParts) < 2:
+            return False
+
+        return query.type == dns.AAAA and domainParts[-2] in ('netflix', 'nflximg')
 
     def query(self, query, timeout=None):
         if self.__shouldBlock(query):

diff --git a/server.py b/server.py
@@ -25,7 +25,7 @@
 from twisted.internet import reactor, defer
 from twisted.names import client, dns, error, server
 
-class NoAAAAResolver(object):
+class BlockNetflixAAAAResolver(object):
     def __shouldBlock(self, query):
         penultimateDomainPart = query.name.name.split('.')[-2]
 
@@ -40,7 +40,7 @@ def query(self, query, timeout=None):
 def main():
     factory = server.DNSServerFactory(
         clients=[
-            NoAAAAResolver(),
+            BlockNetflixAAAAResolver(),
             client.Resolver(
                 servers=OPTIONS.get('upstream-dns', None),
                 resolv=OPTIONS.get('resolv-conf', None)

diff --git a/server.py b/server.py
@@ -26,17 +26,16 @@
 from twisted.names import client, dns, error, server
 
 class NoAAAAResolver(object):
-    def __shouldForward(self, query):
-        if query.type == dns.AAAA and (query.name.name == 'netflix.com' or query.name.name.endswith('.netflix.com')):
-            return False
+    def __shouldBlock(self, query):
+        penultimateDomainPart = query.name.name.split('.')[-2]
 
-        return True
+        return query.type == dns.AAAA and penultimateDomainPart in ('netflix', 'nflximg')
 
     def query(self, query, timeout=None):
-        if self.__shouldForward(query):
-            return defer.fail(error.DomainError())
-        else:
+        if self.__shouldBlock(query):
             return defer.succeed(([], [], []))
+        else:
+            return defer.fail(error.DomainError())
 
 def main():
     factory = server.DNSServerFactory(

diff --git a/README.md b/README.md
@@ -29,14 +29,18 @@ Open `server.py` and configure the `OPTIONS` dict according to the comments.
 Here you will be able to configure which address and port this server binds to,
 as well as which DNS server it will forward requests to.
 
+Note that if you are using dnsmasq and its built-in DHCP server, and you
+reconfigure it to listen on a port other than 53 for DNS, it will stop
+advertising itself as a DNS server to DHCP clients.  Put `dhcp-option=6,$IP` in
+`dnsmasq.conf` (changing `$IP` to the server's LAN IP) to fix this.  Note that
+this will not work when dnsmasq is serving multiple different DHCP ranges,
+unless you use an IP address that is reachable from all of those networks.
+
 ## Installation
 
 Clone this repository into `/opt/fix-netflix-dns`.  (You can clone as any user,
 but the server must be run as root in order to bind to port 53.)
 
-Configure your existing DNS server/forwarder to listen on port 10053, and
-restart it.
-
 Run the following commands to install the systemd service:
 
     cd /etc/systemd/system

diff --git a/server.py b/server.py
@@ -12,10 +12,13 @@
     # Here is where you configure what DNS server to proxy to.  You must
     # specify exactly one of the following options; comment out the other.
 
-    # Specify one or more servers to proxy to.
-    # 'upstream-dns': [('::1', 10053)],
+    # Specify one or more servers to proxy to.  Note that Twisted may not be
+    # happy if you use an IPv6 address.
+    # 'upstream-dns': [('127.0.0.1', 10053)],
 
-    # Specify a resolv.conf file from which to read upstream nameservers.
+    # Specify a resolv.conf file from which to read upstream nameservers.  As
+    # noted above, if you have any upstream IPv6 servers, Twisted may not be
+    # happy about that.
     # 'resolv-conf': '/etc/resolv.conf',
 }
 

diff --git a/README.md b/README.md
@@ -23,6 +23,12 @@ blocked (\*.netflix.com) and nothing that we don't want blocked.
 
 The only dependency is Twisted Names for Python.
 
+## Configuration
+
+Open `server.py` and configure the `OPTIONS` dict according to the comments.
+Here you will be able to configure which address and port this server binds to,
+as well as which DNS server it will forward requests to.
+
 ## Installation
 
 Clone this repository into `/opt/fix-netflix-dns`.  (You can clone as any user,

diff --git a/server.py b/server.py
@@ -1,5 +1,24 @@
 #!/usr/bin/env python
 
+OPTIONS = {
+    # Port to bind to.
+    'listen-port': 53,
+
+    # Address to bind to.  '::' will bind IPv6; make sure bindv6only is 0 in
+    # your sysctl configuration for this binding to service IPv4 clients, too.
+    # ("cat /proc/sys/net/ipv6/bindv6only" to verify.)
+    'listen-address': '::',
+
+    # Here is where you configure what DNS server to proxy to.  You must
+    # specify exactly one of the following options; comment out the other.
+
+    # Specify one or more servers to proxy to.
+    # 'upstream-dns': [('::1', 10053)],
+
+    # Specify a resolv.conf file from which to read upstream nameservers.
+    # 'resolv-conf': '/etc/resolv.conf',
+}
+
 from twisted.internet import reactor, defer
 from twisted.names import client, dns, error, server
 
@@ -18,13 +37,19 @@ def query(self, query, timeout=None):
 
 def main():
     factory = server.DNSServerFactory(
-        clients=[NoAAAAResolver(), client.Resolver(servers=[('127.0.0.1', 10053)])]
+        clients=[
+            NoAAAAResolver(),
+            client.Resolver(
+                servers=OPTIONS.get('upstream-dns', None),
+                resolv=OPTIONS.get('resolv-conf', None)
+            )
+        ]
     )
 
     protocol = dns.DNSDatagramProtocol(controller=factory)
 
-    reactor.listenUDP(53, protocol, interface='::')
-    reactor.listenTCP(53, factory, interface='::')
+    reactor.listenUDP(OPTIONS['listen-port'], protocol, interface=OPTIONS['listen-address'])
+    reactor.listenTCP(OPTIONS['listen-port'], factory, interface=OPTIONS['listen-address'])
 
     reactor.run()
 

diff --git a/README.md b/README.md
@@ -19,6 +19,10 @@ reliably null-route Netflix without null-routing all of AWS.  Dealing with the
 problem in the DNS process allows us to precisely block exactly what we want
 blocked (\*.netflix.com) and nothing that we don't want blocked.
 
+## Dependencies
+
+The only dependency is Twisted Names for Python.
+
 ## Installation
 
 Clone this repository into `/opt/fix-netflix-dns`.  (You can clone as any user,
@@ -33,6 +37,3 @@ Run the following commands to install the systemd service:
     ln -s /opt/fix-netflix-dns/fix-netflix-dns.service
     systemctl enable fix-netflix-dns.service
     systemctl start fix-netflix-dns.service
-
-Note that you need the Twisted Names for Python package installed on your
-system.
diff --git a/README.md b/README.md
@@ -33,3 +33,6 @@ Run the following commands to install the systemd service:
     ln -s /opt/fix-netflix-dns/fix-netflix-dns.service
     systemctl enable fix-netflix-dns.service
     systemctl start fix-netflix-dns.service
+
+Note that you need the Twisted Names for Python package installed on your
+system.
diff --git a/README.md b/README.md
@@ -15,7 +15,9 @@ Internet.
 
 I also considered null-routing the Netflix IPv6 address ranges, but many (all?)
 Netflix services are deployed in Amazon Web Services, so there's no good way to
-reliably null-route Netflix without null-routing all of AWS.
+reliably null-route Netflix without null-routing all of AWS.  Dealing with the
+problem in the DNS process allows us to precisely block exactly what we want
+blocked (\*.netflix.com) and nothing that we don't want blocked.
 
 ## Installation
 

diff --git a/README.md b/README.md
@@ -13,11 +13,17 @@ Note that this server **does not** in any way circumvent Netflix's block
 against these IPv6 address ranges; all it does is force Netflix to use the IPv4
 Internet.
 
+I also considered null-routing the Netflix IPv6 address ranges, but many (all?)
+Netflix services are deployed in Amazon Web Services, so there's no good way to
+reliably null-route Netflix without null-routing all of AWS.
+
 ## Installation
 
-Clone this repository into `/opt/fix-netflix-dns`.  (You can clone as any user, but the server must be run as root in order to bind to port 53.)
+Clone this repository into `/opt/fix-netflix-dns`.  (You can clone as any user,
+but the server must be run as root in order to bind to port 53.)
 
-Configure your existing DNS server/forwarder to listen on port 10053, and restart it.
+Configure your existing DNS server/forwarder to listen on port 10053, and
+restart it.
 
 Run the following commands to install the systemd service:
 

diff --git a/README.md b/README.md
@@ -1,3 +1,5 @@
+# fix-netflix-dns
+
 This is a DNS server that intentionally returns an empty result set for any
 AAAA query for netflix.com or any subdomain thereof.  The intent is to force
 Netflix to use IPv4 in cases where Netflix has blocked IPv6 access --
@@ -10,3 +12,16 @@ error](https://forums.he.net/index.php?topic=3564.0):
 Note that this server **does not** in any way circumvent Netflix's block
 against these IPv6 address ranges; all it does is force Netflix to use the IPv4
 Internet.
+
+## Installation
+
+Clone this repository into `/opt/fix-netflix-dns`.  (You can clone as any user, but the server must be run as root in order to bind to port 53.)
+
+Configure your existing DNS server/forwarder to listen on port 10053, and restart it.
+
+Run the following commands to install the systemd service:
+
+    cd /etc/systemd/system
+    ln -s /opt/fix-netflix-dns/fix-netflix-dns.service
+    systemctl enable fix-netflix-dns.service
+    systemctl start fix-netflix-dns.service
diff --git a/README.md b/README.md
@@ -1,5 +1,12 @@
-This is a DNS server that intentionally returns an empty result set for any AAAA query for netflix.com or any subdomain thereof.  The intent is to force Netflix to use IPv4 in cases where Netflix has blocked IPv6 access -- specifically, for Hurricane Electric users who find Netflix giving them the error:
+This is a DNS server that intentionally returns an empty result set for any
+AAAA query for netflix.com or any subdomain thereof.  The intent is to force
+Netflix to use IPv4 in cases where Netflix has blocked IPv6 access --
+specifically, for [Hurricane Electric users who find Netflix giving them the
+error](https://forums.he.net/index.php?topic=3564.0):
 
-> You seem to be using an unblocker or proxy. Please turn off any of these services and try again. For more help, visit netflix.com/proxy.
+> You seem to be using an unblocker or proxy. Please turn off any of these
+> services and try again. For more help, visit netflix.com/proxy.
 
-Note that this server **does not** in any way circumvent Netflix's block against these IPv6 address ranges; all it does is force Netflix to use the IPv4 Internet.
+Note that this server **does not** in any way circumvent Netflix's block
+against these IPv6 address ranges; all it does is force Netflix to use the IPv4
+Internet.
diff --git a/README.md b/README.md
@@ -0,0 +1,5 @@
+This is a DNS server that intentionally returns an empty result set for any AAAA query for netflix.com or any subdomain thereof.  The intent is to force Netflix to use IPv4 in cases where Netflix has blocked IPv6 access -- specifically, for Hurricane Electric users who find Netflix giving them the error:
+
+> You seem to be using an unblocker or proxy. Please turn off any of these services and try again. For more help, visit netflix.com/proxy.
+
+Note that this server **does not** in any way circumvent Netflix's block against these IPv6 address ranges; all it does is force Netflix to use the IPv4 Internet.
diff --git a/server.py b/server.py
diff --git a/fix-netflix-dns.service b/fix-netflix-dns.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=DNS server that intentionally fails to resolve AAAA for Netflix
+After=network.target
+Wants=network.target
+
+[Service]
+ExecStart=/opt/fix-netflix-dns/server.py
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=default.target
diff --git a/server.py b/server.py
@@ -1,4 +1,4 @@
-#!/bin/env python
+#!/usr/bin/env python
 
 from twisted.internet import reactor, defer
 from twisted.names import client, dns, error, server
@@ -23,8 +23,8 @@ def main():
 
     protocol = dns.DNSDatagramProtocol(controller=factory)
 
-    reactor.listenUDP(53, protocol)
-    reactor.listenTCP(53, factory)
+    reactor.listenUDP(53, protocol, interface='::')
+    reactor.listenTCP(53, factory, interface='::')
 
     reactor.run()
 

diff --git a/server.py b/server.py
@@ -18,7 +18,7 @@ def query(self, query, timeout=None):
 
 def main():
     factory = server.DNSServerFactory(
-        clients=[NoAAAAResolver(), client.Resolver(servers=[('127.0.0.1', 53)])]
+        clients=[NoAAAAResolver(), client.Resolver(servers=[('127.0.0.1', 10053)])]
     )
 
     protocol = dns.DNSDatagramProtocol(controller=factory)

diff --git a/server.py b/server.py
@@ -0,0 +1,32 @@
+#!/bin/env python
+
+from twisted.internet import reactor, defer
+from twisted.names import client, dns, error, server
+
+class NoAAAAResolver(object):
+    def __shouldForward(self, query):
+        if query.type == dns.AAAA and (query.name.name == 'netflix.com' or query.name.name.endswith('.netflix.com')):
+            return False
+
+        return True
+
+    def query(self, query, timeout=None):
+        if self.__shouldForward(query):
+            return defer.fail(error.DomainError())
+        else:
+            return defer.succeed(([], [], []))
+
+def main():
+    factory = server.DNSServerFactory(
+        clients=[NoAAAAResolver(), client.Resolver(servers=[('127.0.0.1', 53)])]
+    )
+
+    protocol = dns.DNSDatagramProtocol(controller=factory)
+
+    reactor.listenUDP(53, protocol)
+    reactor.listenTCP(53, factory)
+
+    reactor.run()
+
+if __name__ == '__main__':
+    raise SystemExit(main())
No results found