Escaping Region Locking from Media Sites

In the early years of the internet there were very few restrictions on what you could see and download. If you started a web browser in the US you’d get pretty much the same experience as someone who started in Cairo. Obviously there might be some variation in speed of course, but what you could see and do was almost identical.

That’s changed a lot now with the growing popularity of region locking and control. It started off fairly helpfully – your search engines would switch you to the appropriate location based on your IP address. This meant that if you were searching from London for electricians you wouldn’t get directed to results in Sydney which would obviously be useful. We’ve got used to this and it generally makes everyone’s life much easier.

However the use of region locking has extended greatly in the last few years, in fact any major web site will usually operate some level of control. Often it’s again beneficial, Amazon will make sure you go to the UK site, Costco will direct you to your local store and so on. However for many of the world’s biggest media sites it’s a much different story – region locking usually means region blocking.

Ever tried to access Pandora from outside the US? Well it doesn’t work, the wonderful music site is only accessible for those located in the US. Want to watch the BBC News, sorry if you’re outside the UK it’s not going to happen. Those are just two but the list is extensive, in fact it’s unlikely you’ll now find a large media site which doesn’t lock down access based on the location of your IP address.

It’s crazy when you think about it, a global communication medium deliberately trying to segregate and restrict our world. Worse too that in a time when many of us travel extensively, we are blocked and filtered at every turn when we’re online.

So What’s the Solution?
Well to take back control and stop being blocked you need to be able to control your IP address. Unfortunately for most of us that’s not possible, the IP address is assigned when you connect to the internet and there is no way of modifying it. You can of course modify your local address but that’s not important, region locking uses your external internet facing IP address.

However although you cannot modify your address, you can hide it by using VPN servers to protect your connection. If you connect to a UK VPN server for example, it will look as though your have a UK IP address and watching the BBC works without problems. You can use a US VPN to gain a US IP address for Netflix irrespective of where you actually are. Many firms have developed services to support this demand and the top VPN providers will allow access to a network of servers in different countries.

This means that although you cannot change your real IP address, you can hide it behind a VPN server. It gives you back control and neatly sidesteps the pervasive region locking and filtering which seems likely to keep expanding.

Further Reading – British VPN

DNS Lookups on Web Proxies

Proxy servers will commonly be required to perform two kinds of DNS lookups those to resolve IP addresses from the hostnames and reverse lookups to find the hostname given the IP address. The DNS lookups will normally require contacting the DNS service and therefore there will be an impact on speed and some latency. It is therefore important to optimize these lookups in order to minimize the impact on the proxy performance.

The main goal in optimizing DNS lookups of all sorts is to actually avoid doing external lookups whenever possible. The more DNS lookups that are performed the bigger the impact on the performance of the proxy server. DNS lookups are of course pretty much essential in running any sort of proxy, without a method to determine IP addresses and hostnames they will be unable to retrieve the information and URLs requested. Unfortunately there’s no way to completely replace these requests however one method can reduce the number that is required – DNS caching.

Reverse DNS lookups will be utilised when the IP address is available but we need the DNS Hostname. This is usually the situation when the connection is inbound and the receiver wants to find out which host the connection is coming from. In this situation the socket can actually be queried to obtain the IP address (that the connection is from) however the DNS Hostname would not be available in that information. This is because the TCP/IP protocol works with IP address and not DNS hostnames.

Reverse DNS requests are commonly needed to apply access rights and controls. This is because these are usually assigned by client hostname or domain name not IP addresses. For example it is typical to assign internet rights based on physical clients or membership of a domain group, the IP address is not typically used to control rights in this way. Also most logs store information on proxies in hostname format as they are much easier to track and follow than simply numerical addresses. This makes it easier to troubleshoot things like people using external Dns servers to watch American version of Netflix from their office!

If there is no requirement for DNS host names to be used for access control, then it is often feasible to turn reverse DNS lookups off – doing so will heavily boost the performance of any internet connected proxy server. Although having hostnames in logs is convenient, it is not alone worth the performance impact. The logs can be updated after with hostnames if required by resolving the IP addresses afterwards if required.

The updating of logs with hostname resolution is actually much more efficient if done in a single batch. This is because it is likely that there are individual IP addresses repeated in the logs and these can be resolved with a single request. Especially on proxy servers this can be a significant reduction because there will likely be a fixed number of IP addresses which are repeatedly requested.

John Halliwell
http://www.iplayerabroad.com/2016/07/20/bbc-vpn-block-real/

Take Control of your IP Address

On a computer network, much like in real life, there are different levels of access dependent on a variety of reasons. It may be due rights assigned to username or account, perhaps an access token or often simply your physical location. These rights are assigned in different ways but the most popular method across the internet is based on your IP address.

The IP address is that unique number which is assigned to every single device which is connected to the internet, from computers and laptops to phones and tablets and even your internet enabled fridge. Every single device that is accessible online has a unique IP address and can be tracked by this number. Although you IP address can ultimately be traced back to a specific location and owner, this information is not available to any website that it visits. However even without access to an ISP record the IP address can be used to determine two pieces of information very easily – classification and location.


The first classification refers to the type of connection the IP address is registered to specifically residential or commercial. This piece of information is not always used as there can be some overlaps with this classification. The physical location however is used extensively by the vast majority of major web sites. Some may use it to help serve relevant content, perhaps supplying specific language versions depending on your location or serving up adverts which are more applicable to you. This is usually helpful although it can be very annoying if you are genuinely trying to access different content.

The most common use though is to block access based on this location, a practice used by virtually every large media site on the web. If you are in the USA for example, you will not be able to watch any of the UK media sites such as the BBC iPlayer or ITV Hub. Similarly every single one of the big American media sites will block non-US addresses. These blocks and controls are growing exponentially every year for instance there are now thousands of YouTube videos only accessible to specific locations.

Fortunately for the enlightened it isn’t such a big problem, because using VPNs and proxies you can actually control your own IP address. A simple method of using a British VPN server can give you access to the BBC iPlayer in the USA like this. It merely hides your physical location and instead the web site sees only the address of the VPN and it works with the vast majority of web sites.

Searching for a VPN with Residential IP ?

So why would anyone be trying to find a VPN with a residential IP? Well, for the sake of clarity, there are certain distinct classifications of IP addresses which are becoming more and more important.  It refers to the actual categorisation of their use rather than any complicated technical property.  The fact is that there are only two of these categories –

  • Commercial IP Addresses – allocated to private companies and datacentres
  • Residential IP Addresses  – allocated to individuals usually through Internet Service Providers (ISPs)

There’s no technical distinction, no difference in structure or allocation – you can’t tell simply by looking at an IP address which is commercial and which is residential address.   In fact it’s entirely possible for addresses to switch between the two categories if they are reallocated.  However the classification is being used increasingly by web sites and services to distinguish between customers.

Is VPN Safe

Take for example a standard residential IP address assigned from a small ISP, any website can determine that this is likely to be a private individual likely to be surfing from their home computer.   The origin of a commercial IP address is much more difficult to determine –  it could be from a commercial organisation, from a wireless access point, directly from a server or bot or perhaps a standard user who is using a VPN or proxy server.   If you’re a website owner looking for customers for example, it’s the residential traffic that is going to interest you most not the commercial stuff.

It’s a classification which is now being used by many websites to block traffic from specific sources.  You can see in this post about VPNs being blocked by Netflix that the media giant is using this classification to stop people bypassing the region blocks by using proxy type servers to hide their locations.  Netflix has simply decided that if you are originating from a commercial based IP address then you can’t access their service irrespective of whether you have a subscription or not.   Which is why people are becoming increasingly desperate to find a VPN with a residential IP address.

It’s not just the media companies who are starting this, other sites are increasingly looking to block all non-residential based addresses too.  There are advertising sites like Craigslist and Gumtree who want to isolate their services to specific local home markets and people using VPNs or commercial servers to access them globally aren’t in that category.   There are casualties of course, VPNs are important ways to maintain the security of your internet connection and privacy yet using one is likely to get you blocked from certain sites.  Additionally there are many countries where it’s not safe to post openly and a VPN is essential to use the internet securely.

There are a few VPN services which now offer residential IP addresses included, like this one at Identity Cloaker which routes Netflix traffic through residential address to avoid being blocked.  However they are quite rare simply because the addresses are very difficult to obtain and cost much more than standard commercial IP addresses available from a datacenter.

Introduction to DNS Recursion

The Internet’s DNS structure is often (accurately) described as hierarchical with authoritative servers sitting at the top of the structure.  However because of this setup it is essential that all DNS servers are able to communicate with each other in order to supply response to the name queries which are submitted by clients.

This is because although we would expect our companies internal DNS server to know all the addresses of internal clients and servers, we wouldn’t expect it’s database to contain every external server on the the internet.     Although in the early days of the internet, most DNS servers did contain an entire list of connected server addresses, nowadays that would simply not be feasible or in fact very sensible.

When a DNS server needs to find an address which is not in it’s database, it will query another DNS server on behalf of the requesting client in order to find the answer.    The server in this instance is actually acting in the same way as a client by making a request to another DNS server for the information, this process is known as recursion.

It’s actually quite difficult to detect whether a query is answered by recursion or by directly when troubleshooting DNS queries.    You need to be able to listen to all a DNS servers traffic in order to identify a recursive query.   The additional query (recursive one) is generated after the DNS serverc has checked it’s local database in order to resolve the query.  If this isn’t successful the DNS server will generate the additional request before replying to the client.   This is also dependent on the recursion bit being set in the initial query from the client too, as this allows the server to ask another server if the answer is not in it’s own database.

The recursive query is merely a copy of the initial DNS request and it has the effect of turning the server into a client. You can notice if you analyse the traffic that the transaction ID numbers will change in order to differentiate the initial query from the recursive query sent by the DNS server.   It’s important to keep a note of these transaction IDs when troubleshooting DNS traffic as it’s easy to get confused as many of the packets will look very similar.  If you are trying to analyze something more complicated like the modern, intelligent Smart DNS servers like these – http://www.proxyusa.com/smart-dns-netflix-its-back then it’s even more important to keep track of these transactions.  This is because these DNS servers actually make decisions on how to route the traffic in addition to resolving queries.

 

Domain Name System Packet Structure

The Domain Name System (DNS) is one of the most vital protocols used on the internet, it basically holds everything together. DNS links all the web friendly names to IP addresses without DNS you’d need to memorize the IP address of every server or resource you wanted to visit online.

DNS servers hold databases of resource records which contain the mappings that allow devices to resolve IP addresses to DNS names and vice versa. These databases are generally made accessible to any device that requests them or other DNS servers. If you’ve ever had anything to do with DNS you’ll know that although the basic principles of DNS are quite straight forward the overall architecture can be very complicated particularly with regards to the internet.

In this initial article we’re going to cover some of the basics of the DNS packet structure, which is in many ways very different to other protocols used to communicate online.

DNS Packet Structure

  • DNS ID – Associates DNS responses with corresponding queries.
  • (QR) Query/Response – Simply identifies whether packet is a query or response packet.
  • (AA) Authoritative Answers – When this value is set it indicates that the Name server is the ultimate authority for that domain.
  • (RD) Recursion Desired – DNS client requires a recursive query if answer not available.
  • (RA) Recursion Available – DNS Server supports recursive queries.
  • (RC) Response Code – Used to identify any errors
  • Questions Section – Variable section which contains all the queries to be resolved
  • Answers Section – Variable section which contains responses to queries.
  • Authority Section – Variable section which contains records pointing to authoritative name servers if required.

There are more components of the DNS packet but these are the important ones which contain the bulk of the information i.e. the query and answer. This is how a simple DNS query will be performed – a client wishes to know an IP address (or DNS Name) will send the query to a DNS server, the server will send the answer in it’s response.

The simplest DNS transaction will take place in just two packets i.e the query and the response. You can see it quite easily by using a packet capture program like wireshark and in fact DNS exchanges are a very good way to start packet analysis because the majority are relatively straight forward. There are exceptions of course, indeed we are increasingly seeing modified DNS services used to access US media sites like Netflix like this article – http://www.onlineanonymity.org/proxies/the-return-of-us-dns-netflix/ describes.

There are a few things to remember when studying and troubleshooting DNS traffic and one of the most important is that DNS relies on UDP as it’s transport mechanism. This is useful to know because if you do use something like Wireshark to analyse you’ll notice lots of UDP traffic and that it condenses the beginnings of the packet into a single flags section which can be difficult to follow initially.

Remember though the vast majority of DNS traffic is very simple, consisting of a query and a response. There is more information in the packet but essentially it’s a question and an answer – if you need to see all the data and resource record types they are here – DNS Resource Parameters.

Residential IP Gateways

For anyone with a significant interest in working online, your IP address is important, it’s a vital part of your online presence.     Most people don’t really care about their address, as long as you have a valid IP address you can get online.   However there are distinctions about these addresses which can make a huge difference to your online experience.

Often the first indication people have that their IP address is of any relevance is when they find themselves getting blocked somewhere.   You might click on a video or website and get redirected to a message ‘sorry not available in  your country’ or you might try and view a website and get redirected somewhere else.   What’s generally to blame is where your IP address is registered and this behaviour is called ‘region locking’.  It’s extremely common and annoying especially if you’re settling down to watch the BBC News live while on holiday outside the UK for example.

This is all factored around the geographical location where you’re IP address is assigned to.  Which is why it usually becomes evident when people travel or go on their holidays, suddenly they find they can’t access the websites that they used to.  Watching domestic TV, streaming videos or accessing their online banking and things like that suddenly become very difficult when you’re outside your usual location.

People have found ways around this, normally you can hide your location by using a proxy or VPN service.  However this only works on a basic level, because there are other restrictions which stop these working mainly centered around the IP classification.   You see many websites now also look one step further than simply location – they look at the classification of the address and whether it originates from a commercial or residential origin.

Anyone who makes their living online is likely to need a little more control.  After all operating in a global market like the internet, getting blocked all the time because of location and what sort of IP address you have is going to be extremely inconvenient.   Sure you can use traditional proxies which are mostly run from datacentres but they too have significant problems.  The issue is that websites increasingly block access to all but residential IP addresses, they just want ordinary home users which means none of these proxy solutions actually work.  The alternative is to use VPNs that have residential IP addresses and gateways built in (read more here)

However it’s much, much harder to set up a residential IP gateway than it is a commercial one.  For instance you can’t just roll up to Comcast or BT and ask it to assign you a few hundred IP addresses, they use those for domestic customers only.   They are appearing but at the moment they are fairly hard to find and extremely expensive.  You have to be careful though as some of these ‘solutions’ actually piggy back domestic customers computers like the not recommended Hola which is a huge security risk to use.

Classification of IP Addresses

If you’re looking for a VPN or proxy solution to switch your IP address, then there’s certain information you should be aware of regarding the classification of these addresses.   Most people who use VPNs to change their addresses are normally concerned with only one factor – the country that the IP address is registered too.

This is because many of these services are used specifically to bypass the growing trend of region locking operated media sites.  Sites like Hulu, BBC, NBC and in reality most of the major entertainment sites usually restrict access to their home countries – so for example you would have to be in the UK to watch all the British TV channels, whereas the US stations like ABC are only accessible to American IP addresses.   So people will use a US VPN to watch US sites, and UK ones to watch UK channels and so on.   In fact this is so important that most services provide servers located in most larger countries to allow their users the most flexibility in their web browsing.   Not all companies do this, but if you want to access a particular website you should determine that they have a server in the same country if you want to access it.

The above video demonstrates some of the options available and how region locking can be accessed, but it has recently become even more complicated. The problem lies not in the location of the IP address but in the classification. Most IP addresses are listed as either being commercial or residential. Commercial ones are used mostly by companies and run from datacentres or corporate networks whereas residential addresses are assigned usually from ISPs to home computers. Increasingly media sites are choosing to block all access from commercial IP addresses primarily to try and enforce their region locking attempts.

Netflix where the latest company to do this, and overnight nearly all commercial VPN services stopped working with this website much to the annoyance of thousands of users who access Netflix with a VPN. Now you need to use a residential VPN to access any of the Netflix global sites. That is the IP address assigned to the VPN server you connect to must be classified as a residential one or it simply won’t work.

A few of the VPN services have adapted to this change and offer residential IP addresses although they are more expensive to obtain that the more plentiful commercial addresses. If you want to access something like Netflix though it is essential they have these classified addresses or they just won’t work.

Configuring VPN Routers for a Small Office

There are various models from various manufacturers are offered on the market. Geared toward internet providers, this specific model gives a complete universal services solution. The main reason is that several models have some extra features that might be helpful for you, but they’re also expensive with regard to budget. There are many diverse models of Cisco soho routers to select, and you’ll need to look into the differences before purchasing the one that you will need.

fast USA proxy

Lots of people say they’re likely to acquire their CCNA, they begin studying, but because they never specify a date, they never ever seem to choose the exam. A CCNA or CCNP candidate who would like to be totally ready for their exams is likely to collect a house lab to practice on. Honestly, the moment you cover your exam, a magical thing will take place! It is fairly necessary for you to learn about this exam. The CCNA exam does not have any pre requisites. Cisco certification supplies you quality assurance and dependability. Determining individual network requirements together with a bit of research will be certain the resources supplied by Cisco are beneficial.

There are a number of different review sites, and a wide array of information about the different models of router. To locate the suitable place to buy the refurbished equipment, you will need to do a little bit of research online where you’ll find several businesses that offer used Cisco equipment. It is possible to now use the web to make calls throughout the world instaed of utilizing a normal phone. Because of this, you ought to carefully design your network prior to starting deploying OSPF. A safe network is important to any businesses. It is typically employed for connection to the world wide web and other computer network. The very first step you will need is an online connection, you have to make sure it’s one which allows resale so that you will probably need a business online connection.

One concern that any corporate network has is security, the owner of the network is ultimately responsible for it’s traffic.   So if anyone is downloading anything they shouldn’t, perhaps pirated movies using anonymous torrenting sites then these will be tracked down to the company network.  There are two aspects that should concern the network owner – traceability and prevention.   The latter is by far the best option, make sure the router has the facility to block specific sites, in a bigger company you’re going to need a dedicated proxy or firewall but for a few clients there are routers which will supply these functions.  Content filters should be used if you have any number of clients and want to allow internet access,

You will need to check that the chief router have an active web connection before it is linked to the secondary router. You’ll need to get the perfect router to be certain that several distinct computers may be used. Establishing a wireless router is very simple. Today wireless routers act as the optimal/optimally solution for internet connection. Configuring this new router is now effortless in comparison to the old Linksys interface, since it let’s you manage the fundamental security settings easily. Cisco’s 1841 router was made with the more compact branch office in mind. Cisco soho routers are the perfect answer to your business needs and will guarantee that you’ve got a dependable source whatsoever times.

Cisco provides a high degree of support and data for their devices. Cisco can be thought to be a top name within the IT industry. Cisco supplies a high degree of support and data for their devices.

Switches will surely help your network get the most out of your resources. There are two kinds of managed switches. Fully managed switches enable the user full charge of the settings.

Switching Digital Identities Through VPNs

Once upon a time, no-one really used VPNs (Virtual private Networks) outside the corporate environment.  IT Support staff would use them to dial into networks to restart servers or reset some user accounts from home and laptop users would use a VPN to tunnel back to download email or a documents from their home share.   Nobody would really use this technology in their private life, except perhaps those who really understood how completely insecure the internet was.   This has now changed and now literally millions of people use virtual private networks every single day of their lives.

The main focus of the VPN is of course security, when you are using the internet via a VPN then all your data travels through an encrypted connection between you and the server.  Without this protection the majority of your data flies across the shared hardware of the internet mainly in clear text.   It stops your emails being intercepted, hides your login details and keeps your web destinations private however this has not been the primary driver in the use of this technology.

The real attraction is due to the way that the internet has become segmented over the last decade or so.  During the inception years of the internet, your location was largely irrelevant – if you were online you were exactly the same as any other user.  Of course some people were browsing over fast computers on dedicated data lines, whereas others where logging on to an ancient computer coupled to a standard telephone line and modem.   Yet  the principles of what people could access were exactly the same, there was no discrimination or segregation based on your physical location.

This is not now the case, in fact where you are located will heavily influence your online experience.  Browsing the  web from China is very different from downtown Chicago and I’m not talking about language localizations, but what you can access.  China is of course an extreme example as they heavily control what you can access over the internet, but even if you’re in a country who’s Government doesn’t filter the web – you’ll still find blocks and controls all over the place.   Your digital identity is effectively linked with  the physical location of your IP address and is used by web site owner to determine what you can see or not.  Ever tried to play a YouTube video and found that ‘this is not available in your country’? More often than not it will be down to a copyright or licensing issue. The same will happen, on thousands of websites across the world – your location will determine your access.

This can become tiresome, it’s not so bad if your digital identity is based on an American IP address for example because you’ll mostly get access to all the biggest media sites. However even then, there are loads of popular sites your location will deny you like the BBC iPlayer for example.
However if you’re somewhere a little more remote or obscure you’ll find yourself blocked from millions of web pages and treated somewhat like a web pariah.

It’s frustrating, yet it all is easily bypassed by simply hiding your real IP address. Most people aren’t able to modify their address because it is controlled by their ISP but if you connect to a VPN then your address will be determined by the location of the VPN server. Which is why companies like IPVanish and Identity Cloaker have produced VPN software which allows you to click any country and choose the IP address you want.