Redirect Firestick 4k Max hardcoded Google DNS server

yugisop

Hi all,

Recently bought a firestick 4k max however when trying to use the Netflix app, with pfSense (23.01) assigning DHCP and DNS options, Netflix overrides one of the DNS servers IP and replaces it with Google's 8.8.8.8 and thus i'm unable to use the Netflix app as it detects an unblocker / proxy.

Have tried unsuccessfully to intercept the DNS traffic from the firestick and redirect to intended DNS servers using NAT Port fowarding rules as follows:

Grateful for any ideas on how I can intercept / correctly redirect the DNS queries from this device to my preferred DNS server - smartdnsproxy.com.

With thanks.

bmeeks

My first guess is the Firestick may use the hard-coded Google DNS IP to perform lookups over port 443 using the DoH (DNS over HTTPS) protocol. If that is correct, then attempts to bypass/redirect this will be unsuccessful since DoH traffic travels over the same port as regular HTTPS web traffic. Your firewall can't distinguish which packets are DoH versus which are HTTPS. Your only hope would be if you can override the DNS choices inside the device itself, but from what you say that is not working.

Here is the official announcement from Google back in 2019: https://security.googleblog.com/2019/06/google-public-dns-over-https-doh.html.

Actually, I have to tip my hat to the Firestick devs. I'm sure the Netflix folks are constantly urging the device manufacturers that deploy the Netflix app to help them fight attempts by users to get around geo-blocking. Forcing the use of the public Google DNS servers using DoH is pretty effective as the anycast nature of the Google DNS infrastructure makes identifying the general location of a DNS client pretty effective. The geographically nearest Google DNS server is likely to be the one that responds to you because closer to you means lower latency. Here is a brief tutorial from Cloudfare on anycast DNS: https://www.cloudflare.com/learning/dns/what-is-anycast-dns/.