How to stream Netflix to Chromecast using pfSense
In this guide I will teach you how to stream US Netflix using a smart DNS service in pfSense WITHOUT setting your entire network to use the smart DNS servers. There are many ‘security’ implications of sending all your DNS traffic over a rogue/less trusted network, and quite frankly, you don’t know if they’re logging and or selling your lookups or similar.
Chromecast by default uses Google DNS instead of your router for DNS lookups and bypasses your router entirely. This is a problem because we cannot manipulate the DNS lookups without first tricking Chromecast into using our routers DNS.
This guide assumes:
You have a Netflix account
You are using pfSense
You have a Smart DNS provider (e.g. getflix.com.au)
Step 1 – Setting up DNS Overrides
- Navigate to Services > DNS Forwarder.
- Ensure your DNS Forwarder is enabled.
- Scroll down to “Domain Overrides” and add a new entry.
The domains that we need to override are:
You will need to obtain the Smart DNS IP address from your DNS provider. For example, Getflix operates the servers listed on this page. You should pick the closest server and use this as the override IP. Mine is 220.127.116.11.
This is enough to access Netflix on other services such as your PC or Mac. However, because Chromecast is hard wired to use Google DNS instead of your router DNS, we need to perform one extra step.
Step 2 – Redirecting Chromecast DNS requests to pfSense
- Navigate to Firewall > NAT > Port Forward.
- Add a new entry with the following details:
Source: any (or Chromecast LAN IP in ‘Single host or alias’)
Source Port: any
Destination port: DNS
Redirect Target IP: IP address of your pfSense router/gateway
Redirect Target Port: DNS
Filter Rule Association: None
What step 2 does is redirect all DNS requests within your network to your router. This means that any manually set servers on a device will always forward to the router. In my case, I have only redirected the Chromecast IP to pfSense. If I manually set my DNS on another computer, this will not be re-routed to pfSense.