TL;DR
My ChromeCast was happily using Unblock US for Netflix for months. It stopped working on Friday. Is it a general problem, or is it just with my setup?
The long version:
I got my ChromeCast before Christmas, and I've been happily using it with multiple Netflix regions using Unblock US. On Friday I started getting the "We're having trouble playing this title" error on some titles, and it looks like my ChromeCast can no longer access non-UK titles.
It worries me that this coincides (sortof) with the official availability of ChromeCast in the UK, and I'm wondering if they've released a new build or service which prevents the use of services like Unblock US.
My ChromeCast is using build 16278 (with a worrying 'Country code GB' that I never noticed before). I'm intercepting access to Google's DNS on my router using the following iptables commands:
iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination 208.122.23.22
iptables -t nat -A PREROUTING -d 8.8.4.4 -j DNAT --to-destination 208.122.23.23
And as I said, these have been working fine for months. I'm also fairly confident that they're still OK, because I've set my tablet to use 8.8.8.8 as the DNS and it can access Netflix US content just fine.
So, my questions:
1. Is there anyone else in the UK using Unblock US to access Netflix using official ChromeCast build 16278? Is it still working for you? (If you want a particular title to try, Supernatural season 6 episode 13 is the one that I first noticed the problem with, although many titles refuse to play.)
2. If it's not working for you either, do you know why?
3. If it is working for you, what should I try next? (I've already done a factory reset, and that didn't make a difference.)
I've been happy with Unblock US but I'm equally happy to move to a different provider if there's a better one.
(I hope this is the right forum - it's where ChromeCast region settings and use of iptables have been discussed in the past. I'm a bit worried that the forum says I'm breaking the rules by asking a question, so if there's a better place for this post please don't be offended by my ignorance and please do let me know!)
Many thanks.
Uh oh. You say you have build 16278? That's new. My U.S. Netflix access still works, but I'm still on build 16041.
Maybe there's no cause for concern yet. The new Country Code was there in build 16041, and in any case I would think it's the Netflix app that would have to change to cause a problem rather than the Chromecast build. But obviously there should be some re-testing with build 16278 as it rolls out. Netflix could have already changed their app, but made it dependent on build 16278 or higher since everyone is going to get that sooner or later.
Regardless of the current situation, long term this Country Code is clearly going to be a problem. It can probably be solved by the DNS proxy services eventually, but until then I wouldn't be buying a Chromecast to use from outside the U.S..
DJames1 said:
Uh oh. You say you have build 16278? That's new. My U.S. Netflix access still works, but I'm still on build 16041.
Maybe there's no cause for concern yet. The new Country Code was there in build 16041, and in any case I would think it's the Netflix app that would have to change to cause a problem rather than the Chromecast build. But obviously there should be some re-testing with build 16278 as it rolls out. Netflix could have already changed their app, but made it dependent on build 16278 or higher since everyone is going to get that sooner or later.
Regardless of the current situation, long term this Country Code is clearly going to be a problem. It can probably be solved by the DNS proxy services eventually, but until then I wouldn't be buying a Chromecast to use from outside the U.S..
Click to expand...
Click to collapse
I expect we had better get used to this breakage with things like Netflix due to the fact that Google does a tiered rollout of updates and the Apps must also be updated to work with those new updates from time to time.
Netflix I think may be particularly susceptible because I suspect the Netflix Player app may actually be embedded in the device. It's the only app that does not have a LINK in the App list CCast uses to retrieve players.
Perhaps someone from Team Eureka can comment and confirm if that is true or not.
But what seems to be a pattern is Google releases an update, Something breaks and then you see a flood of CCast compat app updates a week or so later. Hopefully once the CCast OS is more mature this breakage will happen less frequently.
Just wanted to point out, sometimes if you change settings on your router or the connection is disrupted randomly, the iptables may get reset and stop intercepting Chromecast DNS requests. Rebooting the router to start the script again helps.
Sent from my Nexus 5 using Tapatalk
Asphyx said:
Netflix I think may be particularly susceptible because I suspect the Netflix Player app may actually be embedded in the device. It's the only app that does not have a LINK in the App list CCast uses to retrieve players.
Perhaps someone from Team Eureka can comment and confirm if that is true or not.
Click to expand...
Click to collapse
One of them said that Netflix was a separate binary and the only exception to running in a Chrome sandbox, so seems that is the case. It could still be cleverly coded so it wouldn't require a full update unless there was a low level or architecture change.
Asphyx said:
But what seems to be a pattern is Google releases an update, Something breaks and then you see a flood of CCast compat app updates a week or so later. Hopefully once the CCast OS is more mature this breakage will happen less frequently.
Click to expand...
Click to collapse
Yup... even with the forced updates there's still a period of time when there are units on both old and new versions, DNS caches haven't been updated, etc.
RandomUser6 said:
TL;DR
1. Is there anyone else in the UK using Unblock US to access Netflix using official ChromeCast build 16278? Is it still working for you? (If you want a particular title to try, Supernatural season 6 episode 13 is the one that I first noticed the problem with, although many titles refuse to play.)
Click to expand...
Click to collapse
Yes - though my CC still says country code US.Tried the Supernatural episode as well and that worked too.
RandomUser6 said:
3. If it is working for you, what should I try next? (I've already done a factory reset, and that didn't make a difference.)
Click to expand...
Click to collapse
I'm sure you probably already done this but have you checked your current external IP Address is active on the unblock-us website?
Some updates
Hi all,
Many thanks for all your responses. Some updates:
I checked the external IP address was active on Unblock US, and it was.
I restarted the router, the ChromeCast and the tablet. It made no difference.
I did another factory reset on the ChromeCast. It made no difference.
I managed to change the Country Code to US. It made no difference.
So I still have the problem and I’m not sure what the differences between my setup and Pully’s are.
The Country Code change is worth a bit more explanation. You all may already know this, or know how this mechanism works, but I didn’t.
* After a factory reset, I couldn’t see the ChromeCast on my tablet to set it up. I could see it with my phone. (My tablet is set to use Google’s DNS - intercepted and redirected to Unblock US’s DNS - rather than my ISP’s, location services are off, and ChromeCast has access to location services turned off in App Ops. My phone just uses regular DNS and has location services turned on.)
* I set the ChromeCast up using my phone, and it set the location (automatically) to GB. I’m not certain of this but I’ve no recollection of choosing the location at this point.
* I couldn’t get things to work and posted here. (Just so you know the timeline.)
* I did a factory reset again, and tried to set ChromeCast up using the tablet again. It still couldn’t see the reset ChromeCast. Then I changed App Ops on the tablet to allow access to location services, and it could suddenly see the ChromeCast to set it up. Location services were still turned off on the tablet, but it seems turning it off in App Ops interfered with it seeing the reset ChromeCast.
* When I tried to set it up with the tablet - now that it could see it - as part of the setup process it gave me a drop down to choose the location. I chose US. (I’ve also set it to EST/New York time and language to English (United States).
So the upshot is: I believe you can set the Country Code in build 16278 if you set it up using a device that has location services turned off, but not blocked by App Ops.
Unfortunately I’m still no further on with my Netflix problem and I’m running out of things to try.
How long does the US Country Code stick? Does it reset to GB when you power-cycle the Chromecast?
Maybe it's time to broaden your experiments to identify where the problem lies.
Instead of relying on the iptables commands you could try the static-route-to-nowhere method to block Google DNS and put the DNS addresses in your router fields for the moment. See if that makes a difference.
For an alternative DNS you could sign up for a 1-week trial with one of the others like Unotelly, or else try the free DNS services currently offered by SmartDNSProxy or Tunnelto.us. I have confirmed that they work with Netflix on the Chromecast.
If neither of those things work, at least you have eliminated some possibilities.
Right now tunnelto.us is working for me, whereas unlocater broke some time ago. SmartDNSProxy also not working for me.
Sent from my Nexus 5 using Tapatalk
It works now!
Hi folks,
I have it working now (thanks!) and have a bit more information. Some of this is just my supposition of what’s going on.
First of all, Country Code sticks between power-cycles without any problems. Time zone and language don’t seem to have any impact either. Also, I honestly have no idea whether Country Code has any effect at the minute. It might still be a red herring, or a problem for the future.
The fix was related to an idea DJames1 had. I changed my iptables to use tunnelto.us and it didn’t work either. So I tried setting the router to use Unblock US as the main DNS as well as in iptables, and it worked.
As I said before, this worked fine for months up until Friday. I don’t know if it’s the new build or something else, but I believe that something is now verifying(?) DNS using the DHCP-supplied DNS as well as Google’s hard-coded DNS.
I don’t want all machines on my home network using Unblock US’s DNS, so I updated my router config to supply Unblock US DNS entries via DHCP just to the ChromeCast. This works fine. If you want to do the same, and you’re using DD-WRT, just add this to your Additional DNSMasq Options:
dhcp-option=altdns,6,208.122.23.23,208.122.23.22
dhcp-host=#ChromeCast MAC Address#,net:altdns
Obviously you need to change #ChromeCast MAC Address# to the MAC address of your own ChromeCast. And if you want to use other DNS entries instead of Unblock US, just change the two IP addresses in the first line.
I’m sure there are other ways of achieving the same ends, but this worked for me. And the easiest option is just to use Unblock US as the DNS for your router/DHCP as well as the iptables entries.
I hope this helps anyone else who has the same problem. Many thanks for your help and advice.
RandomUser6 said:
I hope this helps anyone else who has the same problem. Many thanks for your help and advice.
Click to expand...
Click to collapse
Is there any chance that the CC is now using the DHCP given DNS addresses and is NOT hardcoding to 8.8.8.8 any more?
generationgav said:
Is there any chance that the CC is now using the DHCP given DNS addresses and is NOT hardcoding to 8.8.8.8 any more?
Click to expand...
Click to collapse
I can't say but it would make some sense that the DNS used will change depending on the Country Code of the device.
So a CCast in the UK might use a hardcoded DNS for GoogleUK server as opposed to a US server....
You're right!
generationgav said:
Is there any chance that the CC is now using the DHCP given DNS addresses and is NOT hardcoding to 8.8.8.8 any more?
Click to expand...
Click to collapse
Well now that's an incredibly good question! I'm embarrassed that that didn't occur to me and I didn't check it.
So, I deleted my iptables setup, set my tablet to use Unblock US DNS's directly (instead of using 8.8.8.8 and having that translated), and it still works.
It seems you're right. My router is providing Unblock US DNS to the ChromeCast via DHCP, and (I think) that's it. That's the only non-standard bit.
So, yes, it looks to me like it's now just taking the DHCP DNS and using that instead of Google's hardcoded DNS.
Thanks for figuring this out! (I'm still a bit embarrassed I didn't notice it.)
RandomUser6 said:
Well now that's an incredibly good question! I'm embarrassed that that didn't occur to me and I didn't check it.
So, I deleted my iptables setup, set my tablet to use Unblock US DNS's directly (instead of using 8.8.8.8 and having that translated), and it still works.
It seems you're right. My router is providing Unblock US DNS to the ChromeCast via DHCP, and (I think) that's it. That's the only non-standard bit.
So, yes, it looks to me like it's now just taking the DHCP DNS and using that instead of Google's hardcoded DNS.
Thanks for figuring this out! (I'm still a bit embarrassed I didn't notice it.)
Click to expand...
Click to collapse
Interesting. My Chromecast in Canada definitely is still using Google's hard coded DNS, but the firmware version still isn't the newer one you've reported.
Sent from my Nexus 5 using Tapatalk
RandomUser6 said:
So, yes, it looks to me like it's now just taking the DHCP DNS and using that instead of Google's hardcoded DNS.
Click to expand...
Click to collapse
That’s not the case with my chromecast (spanish, not imported, with up-to-date firmware, 16041 IIRC) :
Code:
[email protected]:~# tcpdump -nli br-lan host 10.12.30.1 and port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), capture size 65535 bytes
18:01:05.016228 IP 10.12.30.1.37745 > 8.8.8.8.53: 35107+ A? lh3.googleusercontent.com. (43)
18:01:05.061083 IP 8.8.8.8.53 > 10.12.30.1.37745: 35107 4/0/0 CNAME googlehosted.l.googleusercontent.com., A 173.194.34.235, A 173.194.34.236, A 173.194.34.234 (120)
18:02:12.584606 IP 10.12.30.1.42801 > 8.8.8.8.53: 49188+ A? clients3.google.com. (37)
18:02:12.626840 IP 8.8.8.8.53 > 10.12.30.1.42801: 49188 12/0/0 CNAME clients.l.google.com., A 173.194.41.9, A 173.194.41.0, A 173.194.41.5, A 173.194.41.1, A 173.194.41.4, A 173.194.41.6, A 173.194.41.7, A 173.194.41.2, A 173.194.41.14, A 173.194.41.8, A 173.194.41.3 (237)
18:03:06.852570 IP 10.12.30.1.54056 > 8.8.8.8.53: 18326+ A? lh4.googleusercontent.com. (43)
18:03:06.898487 IP 8.8.8.8.53 > 10.12.30.1.54056: 18326 4/0/0 CNAME googlehosted.l.googleusercontent.com., A 173.194.41.10, A 173.194.41.11, A 173.194.41.12 (120)
18:05:09.640580 IP 10.12.30.1.53769 > 8.8.8.8.53: 61549+ A? clients3.google.com. (37)
18:05:09.687719 IP 8.8.8.8.53 > 10.12.30.1.53769: 61549 12/0/0 CNAME clients.l.google.com., A 173.194.41.224, A 173.194.41.233, A 173.194.41.230, A 173.194.41.229, A 173.194.41.228, A 173.194.41.227, A 173.194.41.238, A 173.194.41.231, A 173.194.41.232, A 173.194.41.225, A 173.194.41.226 (237)
18:05:09.913235 IP 10.12.30.1.43963 > 8.8.8.8.53: 14131+ A? lh5.googleusercontent.com. (43)
18:05:09.954725 IP 8.8.8.8.53 > 10.12.30.1.43963: 14131 4/0/0 CNAME googlehosted.l.googleusercontent.com., A 173.194.41.10, A 173.194.41.12, A 173.194.41.11 (120)
My router’s dhcp server tells the clients on my network (including my chromecast) that they should use 10.12.0.1 as their dns server.
As you can see in tcpdump output above, the chromecast (10.12.30.1) is ignoring that and using 8.8.8.8.
New build?
kpiris said:
That’s not the case with my chromecast (spanish, not imported, with up-to-date firmware, 16041 IIRC) :
Click to expand...
Click to collapse
Interesting. My problems started last Friday, and mine is reporting (stock) build 16278.
Make sure you reboot router and Chromecast at the start of each test for clean results as DNS queries can be cached.
It seems that firmware 16278 has only been reported in the UK. Anyone seeing that outside of the UK?
Restart, restart, restart...
bhiga said:
Make sure you reboot router and Chromecast at the start of each test for clean results as DNS queries can be cached.
Click to expand...
Click to collapse
Yeah, today was a bit of a restart frenzy for me. Both the router and the ChromeCast have been powered off and back on again since the config changes and they continue to work.
cmstlist said:
It seems that firmware 16278 has only been reported in the UK. Anyone seeing that outside of the UK?
Click to expand...
Click to collapse
Yes here in Denmark, my cc has 16278
Hi,
So, since Chromecast updated to 16664 i have been unable to use it in conjunction with Unblock-Us VPN service. This is only the case when attempting to play through chromecast, all other devices work as expected. I have tried routing my primary AP router to Unblock-Us DNS servers and i have also set up a dd-wrt router as a repeater and applied all necessary measures to preroute chromecast dns requests or simply block its dns requests. None od this has worked unfortunately.
The build update for 16664 stated 'dns robustness' which i figure is why this has happened. Does anyone know what this mean? Perhaps, if we knew this info we could figure out a work around.
Usually robustness would mean some sort of protection for it... Like perhaps routing the DNS requests over some sort of secure tunnel/connection so they're invisible to any local DNS caching or rewriting... Someone with Wireshark should be able to see exactly what is (or isn't) happening quite easily though.
I know this won't be very helpful at all, but I got my Chromecast today and it works just fine with my unblock-us account. I have the unblock-us dns servers set in my router (using Tomato rather than dd-wrt) and I was able to switch regions seamlessly.
Sent from my HTC One_M8 using XDA Premium HD app
I checked this latest build to see if it is still necessary to block or redirect Google DNS lookups to use another DNS, and it is. No change there, at least from Canada (UK/Europe firmware may be different).
netflix was not working with build 16664, hulu plus is fine. i had to redirect google DNS to a non existent IP address to get netflix to work. now both are running fine. i'm using adfreetime DNS on my Linksys router.
Is it possible to change the DNS server to such as nord dns to bypass region blocks? I see I can load a vpn to it easily but finding the right server is kinda annoying every time. So it's either this or buy a dedicated vpn up from nord.
does It not take the default from your dhcp server?
Go into network settings, choose static and configure everything there
xqz said:
Go into network settings, choose static and configure everything there
Click to expand...
Click to collapse
In spite of using static ip and setting up DNS numbers provided by my smartdns provider content is not getting unlocked. I think Chromecast is still bypassing the given DNS servers and reaching across to google DNS servers.
Google has been getting pretty overbearing when it comes to DNS lately. They're really pushing for DNS to be served over HTTPS, which makes sense from a "bypass port 53 redirects" perspective, but is terrible from a privacy and control-your-own-destiny perspective, since it basically allows the DNS to be addressed at the application level rather than the system level.
Not that this couldn't be done before, just that its now becoming mainstream, which is nasty.
So basically, what it is going to take to make it *better*, but not perfect, is to implement some fun stuff at the level of your ROUTER;
1) Block port 443 to all known DNS-over-HTTPS public servers; https://en.wikipedia.org/wiki/Public_recursive_name_server
2) Filter and redirect all requests to public servers on port 53 to DNS server of your choice.
Definitely not perfect, because nothing will stop an application from going to an unknown DNS-over-HTTPS server on the public internet.