vivicate fermack davies

0 views

Skip to first unread message

Karon Howey

unread,

Aug 2, 2024, 2:53:00 AM8/2/24

to tamiphohe

Netflix doesn't work - error "NW-2-5" (network issues) - started about four or five days ago.
When the TV's DNS is manually set to 8.8.8.8 Netflix works, set back to 192.168.20.254 (pihole) it stops.
BUT Netflix works on ALL other devices that go through the Pihole...?? PC, phones, Xbox... they all work, except the TV.

OK here's something weird. To try and narrow down the issue a little I went to the blocklists page in the console and unchecked ALL the lists, planning to enable them one-by-one to see which one is doing it.

I am having the same exact issue but not only with Netflix but Disney Plus and Hulu. Main difference is every Netflix app on my network will not launch unless pointed to a outside DNS server. 4 Rokus, PS4, TVs and Bluray players. Doesn't matter if Pihole is enabled or not. I have also disabled all block lists just like you but still won't launch. Only way around it for me so far is with Cascading Routers. Have the pihole on the forward facing router and all devices on the back router. Set the back router DNS server to the IP of the forward router.

I have the same error code as you and just like you I have disabled pihole, and removed all blocklists. Netflix still wont launch but like I said the main difference is all of my devices are having issues.

Hm, interesting. I have an Asus RT-86U with Merlin, there was a Merlin update recently too. The Asus provides ethernet/wifi to the house, and gets its WAN from the router that was supplied by my telco.

But somehow, Netflix doesn't like talking to a DNS server that is not public, with the router being the only exception (as demonstrated by @JonnyB's router cascade). This is probably due to Netflix seeming to be excruciatingly rigorous at shutting out access via VPN or through a proxy.

Now, I don't have a Netflix account, an Asus Router or an LG TV, so the following paragraphs are kind of a blind shot attempt to apply a mildly related solution to a different problem. You have to decide whether it's worth a try.

When trying to fence my TV from leaving my home network in ways I didn't approve of, I ultimately resorted to putting it into a separate WLAN raised by a separate Zero W where all DNS traffic was forced to Pi-hole, regardless which DNS server my TV was using. To that end, I had to alter the Zero's prerouting table.

As far as I am aware of, Asus routers allow ssh login, so you could give that approach a try by extending your router's iptables. I won't post them, as there is an easier way in your case: You happen to run your router with Merlin, so you can set up DNS Filters.
From the UI, find LAN DNS Filter, switch "Enable DNS-based Filtering" to ON, and select "Router" from Global Filter Mode. Assuming you have defined Pi-hole as local DNS server via the DHCP settings, leave the custom entries blank.
(I am assuming Merlin's documentation as well as a corresponding screenshot are up to date)

Both approaches - iptables via ssh or DNS filters via UI - should produce the same result:
They force any(*) DNS traffic on your network to reroute through Pi-hole.
So when your TV requests to resolve api-global.netflix.com through Google's 8.8.8.8, your router will show that request friendly but firmly to your Pi-hole instead, while your TV thinks it is still talking to Google.