Wednesday, 21 January 2015

Mikrotik Netflix selective Routing

16:45 Posted by Jurgens Krause , , , 11 comments

If you live in a country without Netflix, you are forced to use a VPN to get Netflix access. Unfortunately there is no easy way to route Netflix traffic exclusively. The scripts below will help to build an address list of IP's to route through the tunnel. It should work with any VPN provider

Please note that these scripts are very cpu intensive, I tend to run them for a day or so, and then I switch them off.

They work by analyzing the DNS cache in order to create the route list, and since some of the domains have very short expiry times, they need to run often. You have to use the mikrotik as your network DNS server.

Under System->Scripts create the following scripts, they will search through the Mikrotik DNS cache, looking for Netflix entries, and add them to the address list.:

Name: NetflixDNS
:local myServers { "nflx";"nflximg";"unodns";"uno"}
/ip dns cache all {
  :foreach i in=$myServers do={
    :foreach j in=[find where (name~$i)] do={
      :local myName [get $j name]
      :local myType [get $j type]
      :local myData [get $j data]
      :if ($myType = "A") do={
         :if ([/ip route find dst-address="$myData/32"] != "") do {:log info "Route $myData exists, skipping."} else {
         /ip route add dst-address=$myData gateway=NetflixTunnel comment="Netflix DNS-Name=$myName"
      :if ($myType = "CNAME") do={
                :local currentName $j
                :local nextName [find where (name=$myData && type="CNAME")]
                :local startName $myName
                :while ($nextName != "") do={
                    :set currentName $nextName
                    :set nextName [find where (name=[get $nextName data] && type="CNAME")]

                :resolve [get $currentName data]
                :set startName [get $currentName name]
                :foreach k in=[find where (name=[get $currentName data] && type="A")] do={
                    :set myData [get $k data]
                    :set myName [get $k name]
:do {
  :if ([/ip route find dst-address="$myData/32"] != "") do {:log info "Route $myData exists, skippings."} else {
  /ip route add dst-address=$myData gateway=NetflixTunnel comment="Netflix-DNS-Name=$startName CNAME=$myName"
                                                                                  :log info "CNAME ADDED"

/ip dns cache flush
:log info "Completed"

Once you have created the script, you need to go and schedule it under System->Scheduler

Name: Netflix DNS Lookups
Start Date: Startup
Start Time: 00:00:00
Interval: 00:00:30 (you can make this lower if your Routerboard can handle it)
On Event:
/system script run NetflixDNS

That's it, you should now be able to enjoy Netflix, without having all your internet traffic running through the tunnel.

Let me know in the comments if you have any ideas on how to improve the script, or if you find any bugs.


  1. When I run these scripts, I get numerous IPs listed in the NetflixViaDNS address list, as well as and others (including very few netflix addresses, such as as well as the Mikrotik router itself I can see traffic to these servers heading out across the Witopia VPN connection (pptp in seattle), but nothing from Netflix heads out the VPN - I just get the Netflix Australia site, not the Netflix US site.

    Methinks something is rather broken in these scripts...

    Mikrotik CRS125-24G-1S-2HnD running 6.27.

    1. Hi Hilton,

      I have updated the blog, my new iteration only uses a single script, and instead of mangle rules, it creates static routes for the correct ip's

      Let me know if it works

  2. It works good.Thanks for scripts.
    Visit this site.

  3. This comment has been removed by the author.

  4. Thanks a lot for your job.Cool solution for VPN.
    It works perfect.

  5. yay, i am succeed, thanks for the script.

  6. I couldn't get this to work for love nor money. But found this one that works. Hope it helps someone.

  7. Thats because unotelly doesn't work anymore for netflix

  8. And does this apply to VPNs as well?

  9. It does, VPN usually capable of doing more thing that it's intended to do, like bestvpnrating.cоm