Computers & Electronics

Comparing U.S. DNS unblocking services

  • Last Updated:
  • Jun 7th, 2016 11:20 am
[OP]
Deal Fanatic
User avatar
Mar 20, 2009
8862 posts
2654 upvotes
Vancouver

Comparing U.S. DNS unblocking services

A lot of people are using location-changing DNS services to access geo-blocked sites these days. With recent events including the demise of Tunlr.net’s popular free service and the free beta-test phase of Unlocator now ended, many of us are probably looking for new alternatives. We don’t seem to have a single thread consolidating and comparing information about these services here on RFD, so I thought I’d create one, with links to the individual threads.

These are all the DNS services I know of. If you know of others, please add a post to the thread and I’ll add the basic information to this initial post. I have personally tested as many of these services as I can, but obviously not with every site and every device. I will add any useful information that users or operators of these services can provide.

This list is only for DNS services offering U.S. geo-unblocking, not VPNs, not DNS services that are only available bundled with a more expensive VPN service, not browser extensions.

Update Jan 2016: As has been widely reported, Netflix is now blocking the use of proxy services (VPN and DNS) more aggressively. Sadly this blocking is pretty much 100% effective and most people have stopped using VPN and DNS services. Netflix probably doesn't even need to bother maintaining their blocking. ;)
    523 replies
    [OP]
    Deal Fanatic
    User avatar
    Mar 20, 2009
    8862 posts
    2654 upvotes
    Vancouver
    Additional information on using DNS services:

    How is a DNS service different from a VPN?

    A VPN sends all your internet traffic via a gateway in another country, concealing your home IP address and making it appear that you are located in the gateway country. The advantage is that it automatically works with any web site in that country since it re-routes all your traffic via the in-country gateway. The disadvantage is that it slows down your internet response time and throughput because everything has to be relayed through the distant gateway site. Media streaming or file sharing can use a lot of bandwidth that has to be provided by the VPN gateway site, and they charge you correspondingly for a high-performance VPN.

    A DNS service does not interfere with most of your internet traffic. For most address lookups it returns exactly the same IP address information as your regular ISP DNS. It only jumps in and redirects your traffic via their gateway when you access one of the supported media sites for which geo-unblocking is required. It does that by returning their gateway address instead of the media site address in response to the DNS lookup. The DNS service gateway acts as your proxy whenever the media site checks your geo location, but the rest of the time it stays out of the way and lets the media site stream directly to your home IP address. That way the stream is not slowed down by needing to be relayed via the gateway, and the DNS service provider doesn’t have to pay for all that gateway bandwidth.

    Obviously this trick relies on the media sites not noticing that the IP address they are streaming to is not the same as the IP address that responded to their geo-location check. It works because the standard design is to hand off streaming to a separate high-performance server (e.g., Netflix uses Amazon’s cloud servers). Obviously this loophole could be closed if the media sites really wanted, so one of our constraints as users of these services is to keep them from becoming too prominent in the news and attracting too much unwelcome attention.

    Why use a DNS service instead of a VPN?

    3 reasons:
    - Easier to use with your devices that don’t support VPN settings, like TV media players. Most devices allow you to set the preferred DNS addresses directly in their internet settings, and those that don’t usually allow you to set them via DHCP from your router.
    - Cheaper. The service provider doesn’t have to pay for the streaming bandwidth you are using, and so their price to you is cheaper than a VPN.
    - Faster streaming since it's direct instead of relayed through another site.

    How do I use a DNS service?

    You can get specific instructions for specific operating systems and devices in the support sections of the sites listed above, but as a simple overview:
    - The network connection settings on every computer and device has one or more fields for "DNS", where you list the IP addresses of the Domain Name Server(s) that you want to use to look up the IP addresses of domain names.
    - Most often there is a separate setting that specifies "DHCP" or "Automatic", which means that the DNS addresses are obtained automatically form the DHCP server on the network you connect to (normally your router or ISP).
    - Sometimes the DNS addresses are hidden or locked if DHCP/Automatic is selected, but usually you can simply type in a different DNS address to override the default. If not, you can change the setting to "Manual" to unhide the DNS addresses and allow you to override them.
    - One DNS address is actually sufficient, but usually there are two in order to provide some backup and load balancing. They are usually provided from the same source - they don't have to be, but there's a danger of randomly inconsistent results if the two sources differ.
    - Normally all you have to do to use an unblocking DNS is to find the DNS address entries for your network connection, and replace them with the two provided by your DNS unblocking service.
    - Unfortunately some devices like media players may be hard-coded to always use DHCP/Auto and don't provide any access to the DNS settings. In that case you must either put the unblocking DNS addresses in your router, from where the device will obtain them via DHCP when it initializes its connection, or you must use a custom DHCP server. It's fine to put the unblocking DNS addresses in your router instead of in your computer or device, but be aware that when you do so it affects all of the devices on the network. That's not normally a problem because the unblocking DNS acts just like any regular DNS except for the few specific media sites that it recognizes. However it may be slightly slower than your regular DNS.
    - A few devices now are hard-coded to ignore your specified DNS and always use something like Google DNS. However you can still get around them by blocking or redirecting the Google DNS addresses in your router. Badly-behaved as those devices are, they will still grudgingly revert to DHCP/Auto if their preferred DNS is unreachable.

    How long have these services been around?

    As far as I can tell, Uno Telly is the oldest, starting out in 2005. Unblock-us first appeared in 2007. Some of the others are relative newcomers. AdFreeTime appears to be about 2 years old. Unlocator just started last year.

    Where are they based?

    As you might expect, these companies are not based in the U.S. because geo-blocking isn't a big problem in the U.S.. The majority of them are Canadian or Australian, although several of the Canadian companies are incorporated in tax-haven jurisdictions like Barbados.

    Is it legal?

    Currently yes. It’s equivalent to buying a CD/book/DVD from a U.S. store and having it shipped to Canada. They may not have the right to sell that copyrighted media outside the U.S., but that’s not your problem in Canada if you bought it legitimately and they sent it to you.

    That’s not to say that it will always be legal: Canada and the U.S. and several other countries are engaged in secret treaty negotiations which would potentially make circumventing geo-blocking a criminal act (see https://www.eff.org/issues/tpp). It remains to be seen what the outcome will be.

    How safe is it?

    It may be legal, but as far as privacy goes it's not very secure. The DNS service provider can certainly record all your accesses to media sites. In theory they could intercept any site lookup you do and substitute a fake site - not that I've ever heard of anything like that happening with any of the services listed here. In any case you shouldn’t be using the geo-unblocking DNS service for all your lookups from your computers anyway – it’s not only insecure, it puts an unnecessary burden on their DNS servers, which will eventually be passed on in the form of higher prices to everyone. If possible just use it for accessing foreign media streaming sites in the devices that need it. If you have a router running DD-WRT firmware you may want to use dnsmasq to control which DNS is used for which sites.

    How is paid access authorized? Can it be used with more than one device?

    All the paid DNS services authorize access to their DNS servers by your IP address. You have to log in to your account on their web site with your username/password and update your authorized IP address if it changes. Most of them allow only one IP address at a time to be authorized on your account, but all the devices on your home network behind your router share the same external IP address. This is really the only way they can do it because the only information provided by DNS lookups is the originating IP address.

    Do they work with all geo-blocked web sites?

    No, only with the specific ones they list. They all try to support the basics like Netflix U.S., Hulu/Hulu+, Pandora, and the major U.S. broadcast network web sites, but beyond that there are significant differences. Check the links to the supported-site list for each service, and the comparison table a couple of posts down. If a site isn't listed, you would need a different DNS service or a VPN to access it.

    What's the region-switching feature about?

    Some sites like Netflix are accessed through a common url no matter where you are located, but offer different content depending on the country of your IP address. The DNS service may allow you to pre-set which country gateway you want to be redirected to when you access that site. You have to do that on their online settings page before you access the site in question. It's most commonly used with Netflix - for example new movie releases are sometimes available on Netflix in Mexico or Brazil (in English) before they are in the U.S. or Canada due to easier licencing in a secondary market. You might think that Netflix would notice if you switch countries, but keep in mind that a standard Netflix account allows 2 simultaneous users who can be at 2 different IP addresses, presumably to allow for traveling family members. It has always been allowed to access local Netflix content in the country that you are currently traveling in.

    How reliable are they?

    The geo-blocking media web sites make frequent changes, and the DNS service providers have to make changes just as frequently to keep up. Normally they are reasonably reliable, but access to any given site might be temporarily broken with any given service on any given night. A service that isn’t diligently maintained will soon cease to be useful. DNS services that are more popular and better funded are probably able to spend more on keeping up to date, and more likely to be around for a while.

    Do these DNS services work with any device?

    Theoretically it works with any device as long as you can get at the DNS settings. In practice though it turns out that there are many variations between devices in how they access internet services. For example there are several generations of the standard Netflix app, and some special variations used on some devices, and each one is slightly different in how it interacts with the geo-blocking check. A popular and well-funded service might be able to test all of them and provide support and customized instructions for all of them, while other cheaper services might not. YMMV.

    What do I do if my device doesn’t let me specify the DNS?

    If you have a device like a Roku or Chromecast that won't let you change the DNS settings, it probably obtains them via DHCP query to your router. That means you can change the DNS setting in your router and then refresh the connection on your devices to make it work, as long as you don’t mind it affecting all the devices on your network.

    If you don't want to change the DNS settngs in your router because it will affect everything on your network, you can use an alternative DHCP server offering finer control over which devices get which DNS addresses. For example here's how you can use dhcpsrv for Windows, a simple free DHCP utility program:

    1. Download dhcpsrv for Windows and run the setup wizard to create custom DNS settings for each individual device according to its MAC address.

    2. When you want to change the DNS setting in your device, temporarily disable the DHCP service in your router and run dhcpsrv in Windows.

    3. Turn on or reset the network connection for all the devices you want to get custom DNS settings. dhcpsrv will report issuing settings to each of them in a screen message popup as they each query via DHCP.

    4. Terminate dhcpsrv and turn the default DHCP server in your router back on. None of the other devices on your network will be affected.

    The custom DNS settings will last until the lease period you set expires, the device is reset again, or some internal process causes it to refresh the network connection again (on Roku that happens after an hour or so of inactivity).

    With the Chromecast and with some Netflix clients (like Roku) you also have to block or redirect the Google DNS addresses in your router in order to make it use the DNS addresses obtained via DHCP.

    Could I make my own DNS unblocking service?


    Yes, the basic code has been published, for example: https://github.com/trick77/dockerflix
    You do need a gateway system located in the destination country though. The examples assume that you are renting a VPS in that country.

    For more information

    As mentioned above, the unblock-us tech support site is a great information resource for using DNS services with different sites and devices: http://support.unblock-us.com/. If you want some insight into how unblocking actually works with a given site, try the DNS Log function of dns4me.
    [OP]
    Deal Fanatic
    User avatar
    Mar 20, 2009
    8862 posts
    2654 upvotes
    Vancouver
    Comparison of the site support for 6 services. Selected sites only to give you an idea - there are many more not mentioned. This is a snapshot from early March 2014, and there may have been changes since.

    Darned if I can figure out how to make these spreadsheet columns line up easily on RFD without posting as an image:

    [IMG]http://i.imgur.com/0e7vUJx.png[/IMG]

    * New additions not yet listed on the web site. Other DNS services may have similar unlisted additions.

    Disney has several channels, including Disney Channel, Disney Movies, Disney Junior, and Disney XD. No single service lists all of them as supported.
    Deal Addict
    Nov 11, 2009
    1944 posts
    335 upvotes
    Might be worth noting that Unblock-us was created by former Research in Motion (Blackberry) developers as well as former Oracle developers.

    Also in regards to:

    [QUOTE]you shouldn’t be using the geo-unblocking DNS service for all your lookups from your computers anyway – it’s not only insecure, it puts an unnecessary burden on their DNS servers.[/QUOTE]

    Not all traffic is routed. I obviously don't know the inner working of all these services but I can say from experience that only matching domains get routed.

    So for example if you go to example.com and it's not part of their list of domains and has no effect of their server load.

    Also AdFreeTime hasn't been around all that long. 2 years tops, though I think it started about a year ago. http://www.reddit.com/r/adfreetime/

    Thanks for taking the time to write this up.
    [OP]
    Deal Fanatic
    User avatar
    Mar 20, 2009
    8862 posts
    2654 upvotes
    Vancouver
    All traffic isn't routed via the DNS service, but all domain name lookups are, even when you're looking up a site that doesn't get redirected. In theory the DNS service could return a false site IP address for any lookup. For example if you enter http://www.mybank.ca to go to your banking website, you're asking the DNS for the corresponding IP address, and you have to trust that it returns the right one.
    Deal Addict
    Nov 11, 2009
    1944 posts
    335 upvotes
    JamesA1 wrote:
    Mar 1st, 2014 7:25 pm
    All traffic isn't routed via the DNS service, but all domain name lookups are, even when you're looking up a site that doesn't get redirected. In theory the DNS service could return a false site IP address for any lookup. For example if you enter http://www.mybank.ca to go to your banking website, you're asking the DNS for the corresponding IP address, and you have to trust that it returns the right one.
    The point is saying it's not secure isn't really the case. I could rent out a shared server that isn't secure.. I could use a VPN or dedicated host that isn't secure... Heck even my home network might not be secure.

    Some are secure some might not be... You can't say as a whole they are all insecure.
    Sr. Member
    Nov 29, 2006
    655 posts
    114 upvotes
    Thanked for the effort and the writeup.. I'm sure a lot of people including myself appreciate and are interested to see which ones are the better ones to go with... A big one would be NFL Gamepass. Do you know which of the services actually allow for free access to their live NFL games? I know Adfreetime used to, but they stopped their support with Gamepass (at least to that extent). Another channel a lot of people may be interested in is UFC? It would be nice if that could be included as well (not a demand by any means though)!
    Deal Guru
    Dec 26, 2010
    14075 posts
    3100 upvotes
    Got a couple on my devices like Cyberghost and SlickVPN as well. Getting to be a crowded market for these things. I wanted to test some out but you sure done a service by doing the grunt work for us. Thanks. Now if only I could get the old lappie to accept the DNS change you wrote about some time ago and OT, I'm still having a lot of problems with Plex, the Roku and these DNS services. Ah well...
    [OP]
    Deal Fanatic
    User avatar
    Mar 20, 2009
    8862 posts
    2654 upvotes
    Vancouver
    Some additional information from AdFreeTime:

    "We do support Syfy, ESPN and Disney. They are just not on our website yet.
    ...we don't have a free trial anymore... if you're unhappy with our service after a couple of days and ask us for a refund, we will issue a refund.
    ... we are the only DNS provider that has an iPhone and Android app for region switching.
    We are also the only DNS unblocker that allows you to disable forced Netflix subtitles.
    And as the name suggests, we also offer a DNS based ad-blocking solution."

    Top