I’ve setup 6in4 tunnel which works good, but Netflix doesn’t allow a tunnel to be used. one of the suggestions was to use an ad blocker to block the quad A dns query for Netflix domains to force IPv4 can this be done with adblock? I wasn’t seeing any examples of the format for the blacklist or whitelist.
Any adblocker can do it. You can take a look at the readme for adblock-lean (currently I'm the maintainer of this project) which explains how to use a local blocklist.
1 Like
I don’t see an IPv6 example
Is it :: example.com
Example of local allowlist/blocklist? It's just a file containing newline-separated domains, no IP addresses needed:
example1.com
www.example2.net
etc.
I understand the domain format and the IPv4 format.
0.0.0.0 example.com
But is the IPv6
:: example.com
This only applies to hosts-format lists. IPv6 hosts-format lists seem to be very rare but if you find one then yes, it would have lines like
:: example.com
This has nothing to do with local blocklists though. Those should always be in raw-domains format, i.e. simple list of domains. You do not need to be concerned with IPv4 or IPv6 in this context.
I tried the block list thing to avoid the Netflix 6in4 tunnel issue but it still gave issues with seeing the tunnel even when turning off IPv6 on one of the devices using Netflix it still was detecting the 6in4 tunnel.
I am not a Netflix user and I have no idea what you mean by "block list thing" or by "Netflix 6in4 tunnel issue". If you can not explain what issue you are trying to solve, what guide you are following (if any) and what specifically you tried, I can not help you.
When your are using Netflix it doesn’t allow you to use a use a vpn or proxy, after detecting it, you are stopped with a warning that you are using a vpn or proxy, but when you using a 6in4 tunnel it detects it like a vpn. When I searched on google it said to use a popup blocker to block AAAA (IPv6) DNS queries for Netflix domains (like netflix.com), and so I did this under the adblock-lean, but it still detected the 6in4 tunnel. I even turned off IPv6 on a device using Netflix but it still detects the 6in4 tunnel.
adblock-lean (as any other adblocker for OpenWrt) works by configuring the DNS resolver (in this case it is dnsmasq). While technically it is possible to selectively block only IPv6 requests for certain domains and allow IPv4 requests through, adblock-lean is not designed for this and can not block requests for a specific IP family - it's either block certain domains for both families or for none. Possibly a different utility (like banip) could do this but without a link to some specific source of information (rather than "it said"), I have no way to judge whether what you found on Google can work even in theory and if so then specifically what method is required.
Pls, provide link to detailed info about this feature. Having an (ad-)blocker on openwrt, which is NOT based on dnsmasq, but a customized resolver instead, configured via a DB, practically any DNS-tricks can be implemented via some custom code (I.e. doing client-specific blocking, based on clients MAC. Used for parental control). Not using netflix myself, I need some background info.
There might be a simple solution for you, to block AAAA requests:
Append following lines into /etc/dnsmasq.conf on your openwrt:
…
server=/netflix.com/#
address=/netflix.com/::
server=/netflix.net/#
address=/netflix.net/::
server=/nflxext.com/#
address=/nflxext.com/::
server=/nflximg.net/#
address=/nflximg.net/::
server=/nflximg.com/#
address=/nflximg.com/::
server=/nflxvideo.net/#
address=/nflxvideo.net/::
server=/nflxso.net/#
address=/nflxso.net/::
server=/nflxsearch.net/#
address=/nflxsearch.net/::
#May be, these ones as well:
server=/amazonaws.com/#
address=/amazonaws.com/::
UPDATE:
For a very first try, ONLY insert
filter-AAAA
into /etc/dnsmasq.conf. Although this will disable all AAAA answers, it will be a good “Proof of Concept”, before trying the more selective block, mentioned above.
Give it a try.