NetFlix、Disney+都是全球知名流媒体网站,因其对IP有所限制导致大部分VPS服务器无法完整观看其视频内容,所以有了DNS解锁技术,通过修改服务器上的DNS来达成解锁观看包括Netflix、HBO、TVB、台湾bilibili、动画疯等流媒体内容,以及ChatGPT等限制地区的服务,目前市面上有很多成熟的DNS解锁服务、通过DNS解锁可以比直接购买原生IP服务器成本更低。
前言:流媒体解锁不能作为衡量服务器是否原生IP的依据,能解锁流媒体的服务器不一定是原生IP、也可能是商家在路由出口做了DNS解锁、原生IP多数能解锁大部分流媒体,可以作为参考但具体以实际业务为准。
DNS解锁配置
说明:本文以已经购买好DNS解锁服务为例,具体怎么买、买哪家可以通过谷歌找到很多商家,价格从几元到上百元不等,当然也可以通过已解锁的服务器自建DNS解锁、来给未解锁的服务器使用,篇幅有限这里不过多说明,但可以通过后面的多出口分流达到同样目的。
1、直接修改系统DNS配置解锁,此方式适合个人简单操作,Debian/Centos系统,执行下列命令,把4.4.4.4修改成在DNS解锁商家那边获取到的IP地址;
##解锁修改
echo -e "nameserver 4.4.4.4" > /etc/resolv.conf
chattr +i /etc/resolv.conf
##移除修改
chattr -i /etc/resolv.conf
echo -e "nameserver 8.8.8.8" > /etc/resolv.conf
2、配置DNS分流解锁,此方式比较灵活且不会影响系统DNS解析;以XUI面板为例,它上面运行的xray内核,不管是vme、vle、ss、sk5等协议都是用面板内的xray配置文件,所以在添加完节点后,直接转到面板设置-xray相关设置中进行修改;xui面板安装参考:【网络工具】X-UI多协议管理面板-基础配置教程
2.1、配置文件主要有三段,分别是入口(inbounds)、出口(outbounds)、路由(routing),在入口配置中添加一段开启流量识别功能,如下;
"inbounds": [
{
"listen": "127.0.0.1",
"port": 62789,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"sniffing": {
"enabled": true, //一定要开启 sniffing,才能识别 Netflix 的流量
"destOverride": ["http", "tls"]
},
"tag": "api"
}
]
2.2、在出口配置中把domainStrategy 设置为 UseIP 以使用内置的DNS功能,如果没有就添加一段;
"outbounds": [
{
"protocol": "freedom",
"settings": {"domainStrategy": "UseIP"}
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
]
2.3、在配置文件末尾的括号内添加要走DNS解锁的分流网站域名规则等;
"dns": {
"servers": [
"8.8.8.8",
{
"address": "x.x.x.x", //DNS提供的解锁IP
"port": 53,
"domains": ["geosite:netflix"]
}
]
}
3、修改好后的完整配置如下,注意其中的标点符号等,修改时对照完整;
{
"api": {
"services": [
"HandlerService",
"LoggerService",
"StatsService"
],
"tag": "api"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 62789,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "api"
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {"domainStrategy": "UseIP"}
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"policy": {
"system": {
"statsInboundDownlink": true,
"statsInboundUplink": true
}
},
"routing": {
"rules": [
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
},
{
"ip": [
"geoip:private"
],
"outboundTag": "blocked",
"type": "field"
},
{
"outboundTag": "blocked",
"protocol": [
"bittorrent"
],
"type": "field"
}
]
},
"stats": {},
"dns": {
"servers": [
"8.8.8.8",
{
"address": "x.x.x.x",
"port": 53,
"domains": ["geosite:netflix","geosite:disney"]
}
]
}
}
按出口分流配置
说明:按出口分流适用于自己有多台服务器的情况,或采用http/socks代理配置,用途不仅限于解锁流媒体,比DNS解锁更像是中转流量,同样以xray配置举例,出口协议多样化,具体可以看xray文档支持的协议;
1、以socks协议做出口的完整配置,如果复制照搬记得删掉中文注释;
{
"api": {
"services": [
"HandlerService",
"LoggerService",
"StatsService"
],
"tag": "api"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 62789,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "api"
}
],
"outbounds": [
{
"tag": "socks-hk", //自定义出口路由tag标识
"protocol": "socks",
"settings": {
"servers": [
{
"address": "x.x.x.x", //连接IP
"ota": false,
"port": xxxx, //sock5监听端口
"users": [
{
"user": "xxx", //socks5用户名
"pass": "xxx" //密码
}
]
}
]
}
},
{
"protocol": "freedom",
"settings": {}
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"policy": {
"system": {
"statsInboundDownlink": true,
"statsInboundUplink": true
}
},
"routing": {
"rules": [
{
"type": "field",
"outboundTag": "socks-hk",
"domain": ["geosite:netflix","geosite:disney"]
},
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
},
{
"ip": [
"geoip:private"
],
"outboundTag": "blocked",
"type": "field"
},
{
"outboundTag": "blocked",
"protocol": [
"bittorrent"
],
"type": "field"
}
]
},
"stats": {}
}
2、以shadowsocks协议做出口的完整配置,如果复制照搬记得删掉中文注释;
{
"api": {
"services": [
"HandlerService",
"LoggerService",
"StatsService"
],
"tag": "api"
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 62789,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"tag": "api"
}
],
"outbounds": [
{
"tag": "ss-hk", //自定义出口路由tag标识
"protocol": "shadowsocks",
"settings": {
"servers": [
{
"address": "x.x.x.x", //解锁鸡IP
"method": "aes-128-gcm", //ss加密方式
"ota": false,
"password": "xxxxxx", //ss密码
"port": xxxx //ss监听端口
}
]
}
},
{
"protocol": "freedom",
"settings": {}
},
{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}
],
"policy": {
"system": {
"statsInboundDownlink": true,
"statsInboundUplink": true
}
},
"routing": {
"rules": [
{
"type": "field",
"outboundTag": "ss-hk",
"domain": ["geosite:netflix","geosite:disney"]
},
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
},
{
"ip": [
"geoip:private"
],
"outboundTag": "blocked",
"type": "field"
},
{
"outboundTag": "blocked",
"protocol": [
"bittorrent"
],
"type": "field"
}
]
},
"stats": {}
}
常用的解锁域名
1、目前已知的geo文件自带流媒体分组域名
"geosite:netflix","geosite:bahamut","geosite:hulu","geosite:hbo","geosite:disney","geosite:bbc","geosite:4chan","geosite:fox","geosite:abema","geosite:dmm","geosite:niconico","geosite:pixiv","geosite:bilibili","geosite:viu"
部分不在geo文件的域名,则直接写域名地址,这种在很多dns商家的文档中都有搜集,也可以自己抓包获取;
2、解锁验证
本地验证:https://www.netflix.com/title/70143836 连接上配置好的线路在浏览器访问,适用分流方式;
服务器验证,适用直接修改系统DNS,执行下列脚本:
apt-get install -y curl
bash <(curl -L -s https://git.io/JRw8R)