Recently I’ve tested a few Android TV devices: Nvidia Shield, Amazon Fire TV Stick and a no-name TV box running Android TV.
The tests were focused on streaming capabilities on Netflix, Amazon Prime and BBC iPlayer when connected to a VPN, but also by using a Smart DNS service. The VPN connection being set directly on the Android TV using the VPN provider’s VPN app, the DNS servers from the Smart DNS service also set statically on the device.
The interesting part is that using the same VPN or Smart DNS service, the streaming was working fine on PC’s browser. Yet on the Android TV device, I was getting the infamous proxy/unblocker detected error.
I was obviously not the first to face this problem so I’ve made a bit of research and gathered some working solutions.
The problem is that streaming apps like Netflix have hard-coded DNS servers from Google DNS (8.8.8.8 and 8.8.4.4) and they are being used to resolve the streaming hostnames. Normally, it shouldn’t be a problem if the VPN service takes care of blocking or overwriting such DNS requests going to Google DNS, but what makes it even more interesting is that the specific DNS requests to Google DNS are by-passing the VPN connection. That’s a behavior similar to what is called “DNS leaks”.
Before you start, make sure that the service you’re using is actually unblocking Netflix and the other streaming services. Use the service on computer/Mac and check it on your browser. If it works, proceed to the solutions to make it work on your Android TV.
The solutions
Blocking Google DNS on router
This seems to be the easiest fix, as long as you have a decent router which supports either firewall rules or adding static routes.
Firewall blocking: If your router has a firewall, add two rules to block all traffic to the IP addresses 8.8.8.8 and 8.8.4.4. Preferably both UDP and TCP traffic should be blocked, port 53 or any port.
Black hole routes: This might be even easier than firewall blocking, check on the router if it supports static routes and add two, for both 8.8.8.8 and 8.8.4.4 via the gateway 0.0.0.0. This will make both 8.8.8.8 and 8.8.4.4 unreachable.
If the DNS servers are not reachable when the streaming app tries to use them, it will fall-back to the “working” DNS servers, such as those provided by the VPN service or the Smart DNS. A simple solution to a complicated problem.
Rolling back the streaming app to an older version
I’ve tested with the Netflix app for Android TV only, and it seems that the hard-coded Google DNS servers have been added in versions newer than 5.4.1. So, if you can uninstall the Netflix app on your Android TV, do so and side-load version 5.4.1. You can get it from APKMirror.
It’s worth noting that if you side-load the older version instead of using the up-to-date one, you must disable the auto-updates for it. Also, this isn’t possible on NVidia Shield devices as the Netflix app can’t be removed, so you need to rely on the firewall/route black hole methods. The same applies to other Android TV devices which won’t let you uninstall and side-load an older version of the streaming app.
Other devices, same solutions
It applies to Chromecast devices, Smart TVs, Roku and likely many more. Even if the streaming would work on your phone/tablet/browser directly connected to the VPN, if you use the Cast feature it will just “tell” the streaming device to load the specific source using its native service apps. So in case you face a similar problem, the firewall and route blocking measures applied on the router should do the trick.
Don’t break your Internet connection!
Just a reminder in case you you didn’t take it into account yet. In case you are already using the Google DNS servers for your Internet connection, blocking their servers would get the obvious result: a broken Internet connection.
There are two ways to solve that.
1) if you use the firewall rules, you can define the source IP being your LAN IP address of your Android TV device. Assuming it is fixed and won’t change on reboot. You can set it as a static IP by locking up its MAC address, again – if your router supports it.
2) the simpler and more effective solution: don’t use Google DNS servers for your Internet connection. There are several other good or even better public DNS services to use. My recommendations: NextDNS (check our NextDNS review), Quad9 DNS (9.9.9.9, it has security capabilities like blocking malware domains and more), AdGuard DNS, CloudFlare.
Thanks for the guide! Now I finally got Netflix to work on my NVidia Shield with the VPN.
I’m struggling to get the google DNS IPs blocked on my ubiquity EdgeRouter X router. Any idea is welcome
open the web GUI, then in the Routing tab “Add Static Route”. Add 8.8.8.8/32 and 8.8.4.4./32, gateway 0.0.0.0, route type “Black Hole”.
My router is Asus N66U. If I use OpenVPN with it, is it possible to block Google DNS as you recommend in this guide?
I am interested to get Netflix on my Samsung TV. I’ve tried a couple of VPNs and I am still getting the proxy block error.
Thanks in advance.
Here is a guide to check: https://support.overplay.net/hc/en-us/articles/360000172213-Blocking-Public-DNS-Asus-Router
Interesting information. Btw, I succeeded with the method you wrote. Thank you
I have a Deco WiFi mesh and I’ve setup pptp/lt2p on my router but using Dynamic IP as a secondary source. Do I need to switch to static? I have the IP. Coming from PIA VPN servers in the states but it still shows my browsing location, thus locking my geo locations on my nvidia shield
I suggest to check that out with their help desk.
1st of all you need to make sure that the VPN is working by checking your IP and location online. Once that is confirmed, look into the Google DNS servers blocking as described on this article.