Matthew Evans

Infrastructure and Security Ninja. I know DevOps-fu.

Plex Indirect Server Connection Fix

03 Oct 2018 » plex, dns, security

Pre-requisites needed:

  1. Operational Plex Server w/ working Remote Access
  2. Your Plex Auth Token - find it here.  

The purpose of this article:

  1. If you’re seeing ‘Indirect’ connections from your LAN to your Plex server, it is most likely due to DNS rebinding protection, we’re going to fix that - or at least I’m going to give you a good idea on how to fix it on your local network.  

Phase 1 - Find your plex.direct URL and test for DNS rebinding protection:

  1. Open this URL and append your Plex security token to it: https://plex.tv/pms/resources.xml?includeHttps=1&X-Plex-Token= .
  2. Find the first Connection protocol that lists a url that ends with plex.direct - you should have at least two, but may have more.
    • We’re interested in the line with local=”1” set.
  3. Perform a dig or nslookup on that URL and see if it resolves:
  [email protected]:~# dig 10-5-22-123.96cbf433b89e4332b1addc9e5a47171c.plex.direct +short
  [email protected]:~#
  • As you can see, I didn’t get a result returned, which means my DNS server is discarding the reply to protect me from DNS rebinds.
  • Here is what a successful query should look like:
  [email protected]:~# dig 10-5-22-123.96cbf433b89e4332b1addc9e5a47171c.plex.direct +short
  10.5.22.123
  [email protected]:~#
  • 10.5.22.123 is the LAN IP of my Plex server.  

Phase 2 - Configuring your DNS to allow rebind for plex.direct:

  1. Here is where it may get tricky, but I will show you how to work-around this. You will need to create what is known as a conditional forward in your DNS server.
    • That is, when the DNS server encounters a plex.direct FQDN, send the query to another DNS server - in our case we’ll use Cloudflare DNS (1.1.1.1) and Google DNS (8.8.8.8) as the backup.
  2. Here are instructions for the Microsoft DNS Server (this applies to Active Directory as well):
    • Open the DNS Management Console (MMC)
    • Right-Click on Conditional Forwarders
    • Choose New Conditional Forwarder
    • DNS Domain: plex.direct
    • IP Address: 1.1.1.1
    • IP Address: 8.8.8.8
       

    Windows DNS Conditional Forwarder

  3. Now, test your dig or nslookup against the plex.direct FQDN from Phase 1 and you should get an IP returned. If so, check your Plex Web Interface (hit refresh if it was already open) and Indirect should be gone.
    • Voilà - you have just fixed local LAN access to your Plex server, so all traffic doesn’t have to be routed through Plex proxies, improving performance drastically.  

If you don’t use the Microsoft DNS server, here are links to a few popular DNS servers and routing platforms for creating conditional forwarders: