How to configure a smart DNS proxy service on a DD-WRT router

Published by Jon Watson on October 4, 2017 in VPN

Many media streaming services will only allow certain content in specific countries. The most common way to enforce those restrictions is to examine the viewer’s IP address and attempt to geo-locate it to a region. VPNs are a common way to circumvent these geo-location tactics, but VPNs can slow down traffic. That’s fine for normal web use, but it makes streaming difficult. SmartDNS has another method of handling this.

What is a smart DNS proxy?

Smart DNS is a combination of Domain Name Server (DNS) servers and tactically located proxies. The DNS system resolves human-readable domain names to computer-readable Internet Protocol (IP) addresses. Using Netflix as an example: your Netflix app makes a DNS query to find out the IP address of the Netflix server it should connect to. The app then uses that information to request content from that IP address. Under normal operations, this allows the Netflix server to see your real IP address. This is a necessary piece of information that the server needs in order to send the stream back to your app. If the Netflix server sees a Canadian IP requesting United States content, it will not allow that.

How does a smart DNS proxy work?

Smart DNS servers reply with different IP addresses for specific queries. For example, a device running a Netflix app starts by requesting the IP address for the Netfilx service from your DNS servers. When using smart DNS, the DNS servers will return the IP address of a smart proxy server rather than a Netflix IP. That smart DNS proxy IP will exist in the same country as the service you want to access; in my case – the United States, allowing access to the restricted content.

That means the flow of traffic is from my device -> to a smart DNS proxy that is allowed to access the Netflix content -> to the Netflix servers. The video stream comes back in reverse order; it is sent from Netflix -> to the smart DNS proxy -> to my device. Since the Netflix server can only see the proxy’s IP address, it doesn’t know to restrict the content. Note that only sites the smart DNS service is configured for use the proxies. For example, queries to a search engine like Google would cause the smart DNS servers to respond with Google’s real IP and your subsequent visit to Google would not go through the smart DNS proxies. I’ve tried to illustrate that concept in the diagram below.

smart dns proxy flow

Are smart dns proxies better than a VPN?

Security and anonymity have many layers. There is no silver bullet and different technologies address different problems. A VPN is not inherently better or worse than a proxy, it’s just different.

VPNs provide superior privacy over proxies because VPNs encrypt traffic and hide your real IP address. Proxies, on the other hand, allow for much higher speeds but the downside is that speed comes by sacrificing privacy. Your ISP will know that you’re streaming from a smart DNS proxy whereas it is much harder for your ISP to see what you’re doing inside an encrypted VPN tunnel.

How private is a smart DNS proxy service?

Once you switch to a smart DNS set of nameservers, all of your DNS queries will be sent to those DNS servers. Even when you’re not intending to stream and just carrying on with your day-to-day business, the smart DNS service can see all your DNS queries. Privacy conscious people will naturally need to trust services that have access to this much information about their browsing habits.

In order to use most smart DNS proxy services, your current IP address has to be registered in the system. This is how you are authorized to use its nameservers in lieu of the fact that DNS servers don’t support authentication.

You can infer from this that at least your current IP address is recorded in the system. Some smart DNS providers seem to keep previous IPs, at least for a while. When I changed my IP address in the SmartDNSProxy service, this message was displayed:

Please note: We have detected that you were previously using a VPN service/Data Center IP, please disconnect from the VPN/Data Center and use your own IP address to activate our services.

It does not explicitly say what my previous IP was, but it’s definitely tracking the fact that it changed. However, since your current IP address will be included in any DNS query to its system, there’s no obvious additional downside to this.

How to configure your DD-WRT router to use a smart DNS proxy

The advantage to configuring your router to use smart DNS is you will no longer need to configure each individual device on your internal network. As long as all those devices are connected to the same router, configuring it to send DNS queries to the smart DNS servers will cover you.

The first step is to get the IP address of the smart proxy DNS servers that you want to use. Each service provides DNS server IP addresses somewhere on their site, although you may have to be logged in to your account to see them. Some providers, like SmartDNSProxy, have DNS servers all around the world that can improve DNS query speeds. In general, you’ll want to choose a DNS server as close to your physical location as possible. My DD-WRT router supports up to three static DNS entries, but most smart DNS services provide only two DNS servers.

Access your DD-WRT administrator interface and log in. This is usually at http://192.168.0.1 but you may have changed that during setup. Navigate to the Setup -> Basic Setup tab.

dd-wrt basic setup tab

Scroll down to find the Network Address Server Settings (DHCP) and enter your chosen smart DNS IP address(es) into the Static DNS 1/2/3 fields.

dd-wrt static dns settings

Click the Apply Settings button at the bottom of the page. At this point you should be using the new DNS servers. If you’re still blocked, you may find that you have to reboot the router. To do this, navigate to the Administration tab and click the Reboot Router button at the bottom of the page.

Test your new settings to ensure it is working

The definitive test would be to access the content that was previously unavailable. If it loads, then it’s working. If you’d like some hard data on it, you can use the Comparitech DNS leak test to check which nameservers your system is using. It should report the smart DNS servers.

Smart dns is an innovative service that makes use of DNS poisoning. Typically, DNS poisoning is an attack mechanism to reroute people from legitimate sites to malicious sites. But, in this case the same techniques are used to provide a service useful to many people.

Leave a Reply

Your email address will not be published. Required fields are marked *