One of the best things about Netflix is that you get different content depending where you are in the world. Go to the US on holiday, for example, and you suddenly get all of America's content, which is bigger and better than we get here in the UK. It also means that if you can trick Netflix into believing you're in the US when you're really in the UK, you can get all of that great content from the comfort of your own home. There are plenty of ways of doing it and our own how to get American Netflix article shows you all of the safe methods.
However, there are plenty of sites out there that recommend that you use free Netflix DNS codes. Essentially, these services require you to change your network settings and they tunnel your traffic through to the US, so it appears as though you're in America. As good as that sounds, there's a real danger to using random network addresses you find on the internet; we find out what the real issues are.
What is a DNS server?
To put things simply, Domain Name System (DNS) servers are a bit like the phonebook for the internet. Those convenient web addresses you use to get to your favourite websites, such as www.google.com, actually need to get resolved to an IP address that your computer understands before you’re able to access the website itself. For example, Google has an IP address of 216.58.210.68; when you want to visit Google from your web browser, your computer asks its DNS server what its IP address is, before it makes the connection.
Your computer tends to get its DNS server address directly from your ISP, although some people override the setting manually to use an alternative DNS provider, such as Google's public DNS server. This can be helpful avoiding DNS issues, where your ISP's servers stop responding, preventing you from accessing any website: see how to avoid DNS issues for more information. In terms of accessing American Netflix, a key method is to change your DNS settings to use a server provided by a smart Virtual Private Network service.
What are smart VPNs?
Your computer has a unique IP address, which also tells services that you connect to where you're located. Smart VPNs help you overcome that by using a tunnel to make it look as though your computer is located in a different location. They work by using a custom DNS system: for example, your computer asks the smart VPN's DNS server what Netflix's IP address is. The DNS server returns the address of its VPN, and your computer seamlessly connects through this tunnel to the American version of Netflix. The beauty of this system is that you can use practically any device with these VPN services, even those where you can't install VPN client software, such as the Apple TV or PS4.
While there are plenty of legitimate services out there (we use Unblock-US), there are plenty of free DNS servers (called Netflix DNS codes, for some reason) available, claiming to give you access to US Netflix. However, as well as often being unreliable, they can be outright dangerous.
How dangerous is it to use DNS proxies?
By using these third-party, unverified servers you’re taking a very big risk. You’re essentially trusting them to resolve the web addresses you type into your browser with the correct IP address for the website you intend to access. However, there’s nothing to stop them from misdirecting you to a phoney or malicious website instead.
You could enter ‘www.facebook.com’ into your address bar and be presented with a website that looks like Facebook but is in fact a replica of the Facebook page designed to steal your login credentials. Essentially while Facebook might be hosted on 1.2.3.4 (used merely as an example), the dubious DNS server could be directing you to 5.6.7.8 and a website that looks like Facebook. It could be even worse if it’s a website mimicking your online banking website. Webpages you visit could also be injected with ads and banners that aren’t supposed to be there or even malicious code putting your computer at risk. It becomes very difficult to tell which websites you’re able to trust.
Even NetflixDNSCodes, which hosts the most up-to-date servers, has a big warning on its homepage that says, "Recently, hackers have been distributing free DNS codes throughout the web to be used in order to steal your sensitive information. (Credit card numbers, etc)".
Testing DNS servers
To find out what issues there are, we tested a number of different free Netflix DNS servers to see what IP addresses were resolved and to give you a better idea of how dangerous using DNS proxies can be. We first started with a simple Google search of ‘Netflix free DNS’, a common starting point for those looking to access US Netflix from outside of the US.
We then chose a few different DNS servers at random but this took a few goes before we found some that actually worked, as Netflix constantly blocks DNS servers it finds to be circumventing its region-locking. This is another reason why free DNS servers aren’t worth the hassle – you might find yourself having to constantly find new ones.
We then compared these against our ISP’s (in this case Sky Broadband) and Google’s public DNS servers to see how traffic was being routed between the DNS servers. We used the top 10 UK websites according to Alexa for the purpose of the test. To see which IP addresses the DNS servers were returning, we used the nslookup command in a terminal window. You use the command like this: nslookup <website name>. It then performs a DNS lookup and returns the matching IP address. The next step was to plug these IP addresses into the IP Lookup feature of whatismyipaddress.com to see where the servers were actually hosted and if they were in fact genuine.
The results
Not every website in the top 10 was routed suspiciously, due in part to the DNS servers being advertised as being free ways to access Netflix in particular, so many of the other sites were left intact. Here, you can see the address and hosting for Netflix’s UK servers, which are hosted by Amazon Web Services in Ireland. This was what was resolved when using both our ISP’s and Google’s DNS servers, which was to be expected.
Now, here’s when we used an alternative free Netflix DNS that we found on Google. Notice how it’s resolved a server in Colorado, which is how you’re able to trick Netflix into thinking you’re located in the US. For the purpose of accessing US Netflix, it works.
In one instance, the server was actually used to redirect us to sign up for a playmo TV account, which is a paid-for service to circumvent geo-restrictions. It's an example of how a search for free Netflix DNS codes can end up redirecting you a site that you had no intention of visiting.
We found a lot of discrepancies between how IP addresses were resolved for other websites, such as Facebook, as well. Our alternative DNS resolved servers in the US owned by a company named Edge Network Services Ltd rather than using Facebook’s UK servers. Doing a little digging we did at least find these to be genuine Facebook servers, however.
We even saw some differences in the IP addresses used between Google’s DNS servers and our ISP’s when it came to accessing Google. Interestingly it seemed that traffic was being routed through Sky’s servers when accessing Google showing that ISP’s can easily have oversight of your browsing through their DNS servers.
Using Unblock-US has a similar effect when it comes to accessing Netflix, with traffic being routed to servers located in the US as expected. Similarly, traffic to other websites such as Facebook were also routed via the US, albeit to also genuine servers. The main advantage of using the paid-for Unblock-US service is more oversight as to how traffic is being routed. The service promises it doesn’t log or analyse traffic passed through its servers but there’s still a degree of trust involved. You also get the benefit of customer service should things not work, which you won’t with other free DNS proxies you find that might get blocked by Netflix.
Conclusion
While we didn’t find any overtly malicious activity from the alternative DNS servers we tested, we did find some that were re-routing traffic to a paid-for service. There are also stories online of hackers setting up dodgy DNS servers in order to steal your details. As we've shown with our testing, changing DNS servers dramatically changes how you access every site, not just Netflix, and where they're located. It’s easy to see just how dangerous they can be if you’re not paying attention.
Such public DNS servers can also be slow at resolving addresses due to being overloaded with other users and, by not allowing certain websites to know your location, you’ll also end up loading pages from more distant servers that will also be slower. There's no guarantee that you'll get decent VPN performance for Netflix and you may find that you either can't get a connection or that quality suffers. A final problem with free servers is that they tend not to be available for long, meaning that you'll constantly have to search for a new one to use.
In short, we didn't find any free DNS servers that produced malicious results, only redirecting us to an unintended destination, but it doesn't mean that you won't connect to something malicious. Our advice is to sign up for a proper smart VPN service that's run properly: they're cheap, reliable and you put yourself at less risk.
