Posted: Sun Oct 03, 2021 16:15 Post subject: [SOLVED] Netflix is given local lan address (192.0.0.69)
Hi Everyone,
I'm using DD-WRT v3.0-r47474 std (09/20/21) on my Dlink 882 A1. I have openvpn client service running (NordVPN), with Policy based routing rule defined so that only some devices are "behind" the VPN. Some of those devices xbox and smart tv) are used for netflix streaming and everything is ok. However, when i tried to access Netflix on my computer (exluded from policy based routing) to manage my account it failed. It was the same issue with all other devices that were not using the vpn (ping command on router also point netflix to 192.0.0.69).
I discovered later, when i tried to ping www.netflix.com, netflix.com on all the devices excluded from PBR, that they try to access Netflix on 192.0.0.69 address and obviously that's the cause of the issue and it may be linked to NordVPN DNS configured in 'Network Address Server Settings (DHCP)'. An information that may help is that, when i connect to nordvpn app installed on my computer on whatever server in the world, netflix is accessible again.
After removing Nord DNS servers, problem was solved.
192.0.0.69 seemed to me abnormal for Netflix, no matter how we call or classify this ip address. i'm wondering if it's safe to use other DNS server than those recommended by Nord ? Are google public DNS servers safe ?
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Mon Oct 04, 2021 22:43 Post subject:
Milax wrote:
Thanks for the answers that meant to help.
After removing Nord DNS servers, problem was solved.
192.0.0.69 seemed to me abnormal for Netflix, no matter how we call or classify this ip address. i'm wondering if it's safe to use other DNS server than those recommended by Nord ? Are google public DNS servers safe ?
Perfectly safe if you don't mind them keeping a permanent record of your DNS lookups and analyzing it to decide what to market to you. I don't actually know that they do this, but of course they are Google, so...
Safest free, nonlogging (beyond your general geographic area so they can accumulate stats) public DNS is Quad9 (9.9.9.9), because they screen out some vast number of malware domains. See quad9.net. They are one of several popular choices among dd-wrt users. My main router runs 3 VPN clients to two different providers and using both protocols, OpenVPN and wireguard, but I use Quad9 for DNS for all of them (dd-wrt runs a common DNS system, so "all" is ordinary), and the only issue is a few AirDNS domain names that only resolve through their DNS system. Those names are minor convenience features only though, so everything works fine.
Simpler answer: try changing your DNS server to a non-Nord choice and see what happens. By default you won't be running those DNS queries through Nord's VPN, but if you want to do that (after you try the plain-vanilla version for a bit) you can: add a "route 9.9.9.9" line to the OpenVPN client's Additional Config window, and when the VPN connects, it will tweak the dd-wrt routing table to route Quad9 access through the VPN. The change will be undone when the VPN is taken offline.
If you like that but want to go further and encrypt DNS queries between Nord's server and Quad9's server, see my sig (new method) below for a discussion of a bit of a hack that is working great on six routers for me. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Tue Oct 05, 2021 3:11 Post subject:
Been awhile (2 years?) but when I last used Nord, their DNS servers (nameservers) were accessible outside the tunnel. Back then it was not so easy to get dd-wrt to use them through the tunnel, actually, so I set them up as I would have any public nameserver.
And yes, there are many internet lists of public nameservers, many tests (usually for latency/speed) and comparisons, and of course lots of opinions. Thanks for pointing to one list to get people rolling. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Tue Oct 05, 2021 4:16 Post subject:
SurprisedItWorks wrote:
And yes, there are many internet lists of public nameservers, many tests (usually for latency/speed) and comparisons, and of course lots of opinions. Thanks for pointing to one list to get people rolling.
back in my day there was no dns ... there were not enough computers on the network... You young fangled people with your dns.... get off my series of tubes that al gore invtented