How does Tunlr work?

12

5

For those of you not in the US, Tunlr uses DNS witchcraft to allow you to access US-only (and UK-only stuff like BBC radio online) services and Websites like Hulu.com, etc. without using traditional methods like a VPN or Web proxy.

From their FAQ:

Tunlr does not provide a virtual private network (VPN). Tunlr is a DNS (domain name system) unblocking service. We’re using sophisticated technologies (a.k.a. the Tunlr Secret Sauce ©) to re-adress certain data envelopes, tricking the receiver into thinking the envelope originated from within the U.S. For these data envelopes, Tunlr is transparently creating a network tunnel from your location to our U.S.-based servers. Any data that’s not directly related to the video or music content providers which Tunlr supports is not only left untouched, it’s also not even routed through Tunlr. In order to use Tunlr, you will have to change the DNS address. See Get started for more information.

I can't really wrap my head around how this works; I have always assumed that these services performed a geolocation lookup via your client IP.

Just really curious as to how this works.

EDIT 2

I believe they're only proxying the initial geo check and then modifying the data stream request to include your real IP address so that the streaming is direct, not proxied.

gravyface

Posted 2012-08-14T01:54:18.877

Reputation: 1 144

Sounds like ******* to me. – Sirex – 2012-08-14T01:57:12.237

@Sirex: hulu.com works flawlessly. Tested it. – gravyface – 2012-08-14T02:00:30.367

Tunlr is transparently creating a network tunnel from your location to our U.S.-based servers sounds like they're overriding the DNS entries of those services to point to their own systems and proxying. – Shane Madden – 2012-08-14T02:00:53.653

@ShaneMadden yeah, but there's zero lag at all. I think they're just proxying the auth bit. I think the stream itself is direct. I have a 100Mb connection and Squid box in a colo in the US and the buffering is very noticeable; there's no buffering at all with this tunlr. – gravyface – 2012-08-14T02:01:38.777

@ShaneMadden - thats what I thought too, but a quick nslookup shows the same A records against their DNS as against 8.8.8.8. So maybe it really is magic? – Mark Henderson – 2012-08-14T02:04:40.740

I didn't mean it wouldn't work. I meant a company that puts "secret sauce (tm)" in their blurb gets my eyebrow raised. – Sirex – 2012-08-14T02:05:27.407

Answers

10

The DNS lookup is the first part of the process. If you use their DNS, and do a lookup for one of the services they unblock, then they will return the IP address of a proxy server in the right geolocation.

Then when you go to the site you are after, your requests will instead go to their proxy which will access the site on your behalf. This is a "tunnel" in its loosest sense, it is just proxy serving - no magic.

The only part that's proxied is the geo authorization and the initial data stream (which is mangled to include your real IP). This is why it's so fast because they're only man-in-the-middle proxying up until the streaming begins (provided by gravyface in comments).

If your IP address is not registered with their service, you'll get the standard IP address resolution and go directly. So no magic needed there either.

Paul

Posted 2012-08-14T01:54:18.877

Reputation: 52 173

This is partially correct: the only part that's proxied is the geo authorization and the initial data stream (which is mangled to include your real IP). This is why it's so fast because they're only man-in-the-middle proxying up until the streaming begins. – gravyface – 2012-08-14T11:52:45.620

@gravyface Thanks, amended. Feel free to edit answers to increase quality. – Paul – 2012-08-14T13:14:03.843

Asked: 2012-08-14T01:54:18.877

Viewed: 7 209 times

Active: 2014-03-02T07:18:12.960