Smart DNS Endpoints
Smart DNS service management including streaming unblocking, Iranian domestic services, regional resolvers, DNS rules, IP whitelisting, statistics, and DNS-over-HTTPS configuration on OrbMesh servers.
Get Available Streaming Services
Returns the list of streaming services that can be unblocked through Smart DNS, including their supported regions.
/dns/servicesGet available streaming services and their supported regions for Smart DNS unblocking
Smart DNS Overview
Smart DNS lets users reach geo-restricted services without routing all traffic through the VPN tunnel -- only DNS queries for supported services are redirected, so streaming runs at full speed while everything else is unaffected. Smart DNS works in two directions: it unblocks foreign streaming libraries (Netflix, Disney+, BBC iPlayer) and, just as importantly, keeps domestic services reachable -- routing Iranian banking, payment, and government domains through an in-country resolver so users on a foreign exit are not locked out. See Get Iranian Services and Get Regional Proxy Servers.
Code Examples
curl -X GET https://198.51.100.1:8443/dns/services \
-H "Authorization: Bearer DEVICE_TOKEN"Response
{
"success": true,
"services": [
{
"id": "netflix",
"name": "Netflix",
"icon": "netflix-icon",
"description": "Stream Netflix content from different regional libraries",
"regions": [
{ "code": "us", "name": "United States" },
{ "code": "gb", "name": "United Kingdom" },
{ "code": "jp", "name": "Japan" },
{ "code": "de", "name": "Germany" }
],
"defaultRegion": "us"
},
{
"id": "disney-plus",
"name": "Disney+",
"icon": "disney-icon",
"description": "Access Disney+ libraries from supported regions",
"regions": [
{ "code": "us", "name": "United States" },
{ "code": "gb", "name": "United Kingdom" }
],
"defaultRegion": "us"
},
{
"id": "bbc-iplayer",
"name": "BBC iPlayer",
"icon": "bbc-icon",
"description": "Watch BBC iPlayer from outside the UK",
"regions": [
{ "code": "gb", "name": "United Kingdom" }
],
"defaultRegion": "gb"
}
]
}Get Iranian Services
Returns OrbMesh's catalogue of Iranian domestic services -- banking, payment, government, and healthcare portals that geo-fence themselves to Iranian IP addresses. Smart DNS resolves these domains through an in-country resolver so users connected to a foreign VPN exit can still reach their bank, the Shaparak payment gateway, or e-government portals. Each entry carries a requiresIranIP flag.
/dns/iranian-servicesGet the catalogue of Iranian domestic services with category and Iran-IP requirement flags
Why This Exists
Iranian banks, the Shaparak payment network, and government portals reject connections from non-Iranian IPs. A user abroad (or routed through a foreign VPN exit) is normally locked out. Smart DNS recognises these domains and steers their resolution to an Iranian resolver, so the VPN can carry everything else while local services keep working.
Code Examples
curl -X GET https://198.51.100.1:8443/dns/iranian-services \
-H "Authorization: Bearer DEVICE_TOKEN"Response
{
"success": true,
"services": [
{
"id": "mellat",
"name": "Bank Mellat",
"icon": "bank-icon",
"description": "Bank Mellat online banking",
"category": "banking",
"requiresIranIP": true
},
{
"id": "shaparak",
"name": "Shaparak Payment Network",
"icon": "payment-icon",
"description": "National card-payment switch",
"category": "payment",
"requiresIranIP": true
},
{
"id": "dolat",
"name": "E-Government Portal",
"icon": "gov-icon",
"description": "Iranian e-government services",
"category": "government",
"requiresIranIP": true
}
]
}Response Fields
| Field | Type | Description |
|---|---|---|
services[].id | string | Service identifier (e.g. mellat, shaparak, dolat) |
services[].name | string | Human-readable service name |
services[].icon | string | Icon identifier for the app UI |
services[].description | string | Short description of the service |
services[].category | string | One of banking, payment, government, healthcare |
services[].requiresIranIP | boolean | Whether the service rejects non-Iranian IPs and must be resolved through an Iranian resolver |
Get Regional Proxy Servers
Returns the available regional DNS proxy servers that Smart DNS can route through -- for example an in-country resolver for services that require a specific national IP. Each entry reports its location, health, and selection priority.
/dns/regional-serversList available regional DNS proxy servers with health and priority
Code Examples
curl -X GET https://198.51.100.1:8443/dns/regional-servers \
-H "Authorization: Bearer DEVICE_TOKEN"Response
{
"success": true,
"servers": [
{
"code": "ir",
"name": "Iran Domestic Resolver",
"location": "Tehran",
"healthy": true,
"priority": 10
},
{
"code": "tr",
"name": "Turkey Edge Resolver",
"location": "Istanbul",
"healthy": true,
"priority": 20
}
]
}Response Fields
| Field | Type | Description |
|---|---|---|
servers[].code | string | Region code (e.g. ir, tr) |
servers[].name | string | Resolver display name |
servers[].location | string | Physical location of the resolver |
servers[].healthy | boolean | Current health of the resolver |
servers[].priority | integer | Selection priority; lower is preferred |
Get DNS Configuration
Returns the current DNS configuration for the authenticated user, including primary and secondary DNS servers, DNS-over-HTTPS settings, whitelisted IP, and platform-specific setup instructions.
/dns/configGet the user's DNS configuration with setup instructions for all platforms
Code Examples
curl -X GET https://198.51.100.1:8443/dns/config \
-H "Authorization: Bearer DEVICE_TOKEN"Response
{
"success": true,
"dns": {
"primary": "198.51.100.1",
"secondary": "198.51.100.2",
"port": 53
},
"doh": {
"enabled": true,
"url": "https://198.51.100.1:8443/dns-query"
},
"whitelistedIP": "203.0.113.42",
"instructions": {
"router": "Set your router's primary DNS to 198.51.100.1 and secondary to 198.51.100.2.",
"smartTV": "Go to Network Settings > DNS > Manual. Enter 198.51.100.1 as the DNS server.",
"android": "Go to Settings > Network > Private DNS. Enter the DoH URL.",
"ios": "Install the DNS profile from your OrbVPN app or manually set DNS in Wi-Fi settings."
}
}Get User DNS Rules
Returns the user's current DNS routing rules, showing which streaming services are enabled and their selected regions.
/dns/rulesGet the user's DNS routing rules for streaming services
Code Examples
curl -X GET https://198.51.100.1:8443/dns/rules \
-H "Authorization: Bearer DEVICE_TOKEN"Response
{
"success": true,
"dnsEnabled": true,
"serviceRules": [
{ "serviceId": "netflix", "enabled": true, "region": "us" },
{ "serviceId": "disney-plus", "enabled": true, "region": "gb" },
{ "serviceId": "bbc-iplayer", "enabled": false, "region": "gb" }
],
"lastUpdated": "2026-02-08T12:00:00Z"
}Set DNS Rule
Creates or updates a DNS routing rule for a specific streaming service. Enables or disables unblocking and sets the target region.
/dns/rules/setCreate or update a DNS routing rule for a streaming service
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
serviceId | string | Required | The streaming service identifier (e.g., "netflix", "disney-plus"). Must match an ID from the /dns/services response. |
enabled | boolean | Required | Whether to enable or disable DNS unblocking for this service. |
region | string | Required | Target region code (e.g., "us", "gb"). Must be a supported region for the service. |
Code Examples
curl -X POST https://198.51.100.1:8443/dns/rules/set \
-H "Authorization: Bearer DEVICE_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"serviceId": "netflix",
"enabled": true,
"region": "us"
}'Response
{
"success": true,
"message": "DNS rule updated successfully"
}Toggle DNS
Enables or disables the entire Smart DNS service for the authenticated user. When disabled, all DNS queries use standard resolution without any streaming service routing.
/dns/enabledEnable or disable the Smart DNS service for the current user
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
enabled | boolean | Required | Set to true to enable Smart DNS, false to disable it. |
Code Examples
curl -X POST https://198.51.100.1:8443/dns/enabled \
-H "Authorization: Bearer DEVICE_TOKEN" \
-H "Content-Type: application/json" \
-d '{"enabled": true}'Response
{
"success": true,
"message": "Smart DNS enabled"
}Get Whitelisted IPs
Returns the list of IP addresses whitelisted for Smart DNS access. Only whitelisted IPs are allowed to use the DNS servers for streaming service unblocking.
/dns/whitelistGet the list of IP addresses whitelisted for Smart DNS
Code Examples
curl -X GET https://198.51.100.1:8443/dns/whitelist \
-H "Authorization: Bearer DEVICE_TOKEN"Response
{
"success": true,
"ips": ["203.0.113.42", "198.51.100.88"]
}Add IP to Whitelist
Adds an IP address to the Smart DNS whitelist. If no IP is provided, the client's current public IP address is used automatically.
/dns/whitelist/addAdd an IP address to the Smart DNS whitelist
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
ip | string | Optional | The IP address to whitelist. If omitted, the client's current public IP is used automatically. |
Code Examples
# Whitelist a specific IP
curl -X POST https://198.51.100.1:8443/dns/whitelist/add \
-H "Authorization: Bearer DEVICE_TOKEN" \
-H "Content-Type: application/json" \
-d '{"ip": "203.0.113.42"}'
# Whitelist current IP (auto-detect)
curl -X POST https://198.51.100.1:8443/dns/whitelist/add \
-H "Authorization: Bearer DEVICE_TOKEN" \
-H "Content-Type: application/json" \
-d '{}'Response
{
"success": true,
"message": "IP 203.0.113.42 added to whitelist"
}Remove IP from Whitelist
Removes an IP address from the Smart DNS whitelist.
/dns/whitelist/removeRemove an IP address from the Smart DNS whitelist
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
ip | string | Required | The IP address to remove from the whitelist. |
Code Examples
curl -X POST https://198.51.100.1:8443/dns/whitelist/remove \
-H "Authorization: Bearer DEVICE_TOKEN" \
-H "Content-Type: application/json" \
-d '{"ip": "203.0.113.42"}'Response
{
"success": true,
"message": "IP 203.0.113.42 removed from whitelist"
}DNS Statistics (Admin)
Returns aggregate Smart DNS resolver statistics -- query volumes, cache performance, and per-service routing counts. Requires an admin device token; non-admin callers receive 403 Forbidden.
/dns/statsGet aggregate Smart DNS resolver statistics (admin only)
Admin Only
The token's role must be ADMIN. This endpoint is for operators and dashboards, not end-user clients.
Code Examples
curl -X GET https://198.51.100.1:8443/dns/stats \
-H "Authorization: Bearer ADMIN_DEVICE_TOKEN"Response
{
"success": true,
"stats": {
"total_queries": 4821934,
"cache_hits": 4112880,
"cache_misses": 709054,
"blocked_queries": 38211,
"service_hits": {
"netflix": 184021,
"shaparak": 9120
}
}
}"Admin access required"Invalidate User Cache (Internal)
Clears the cached DNS rules for a single user, forcing a re-fetch from the OrbNET backend on the user's next request. Called by the OrbNET backend whenever a user changes their streaming-service rules so the change takes effect immediately.
/dns/cache/invalidate/{userId}Clear cached DNS rules for a specific user (called by OrbNET)
Internal Backend Endpoint
This endpoint takes the user ID as the final path segment (/dns/cache/invalidate/10421). It is invoked server-to-server by OrbNET, not by client apps.
Code Examples
curl -X POST https://198.51.100.1:8443/dns/cache/invalidate/10421Response
{
"success": true,
"message": "Cache invalidated for user 10421"
}Refresh Whitelist (Internal)
Triggers an asynchronous reload of the Smart DNS IP whitelist from the OrbNET backend. Called by the backend whenever the global whitelist changes. The reload runs in the background and the endpoint returns immediately.
/dns/whitelist/refreshTrigger a background reload of the Smart DNS whitelist from OrbNET (called by OrbNET)
Code Examples
curl -X POST https://198.51.100.1:8443/dns/whitelist/refreshResponse
{
"success": true,
"message": "Whitelist refresh initiated"
}DNS Service Health
Returns the health status of the Smart DNS resolver. This is a public endpoint for monitoring.
/dns/healthCheck the health of the Smart DNS resolver service
Code Examples
curl -X GET https://198.51.100.1:8443/dns/healthResponse
{
"success": true,
"status": "healthy",
"resolver": "active",
"cached_entries": 12847,
"upstream_latency_ms": 12
}IP Whitelisting for Smart DNS
Smart DNS only works for whitelisted IP addresses. When a user connects from a new network, they must add their IP to the whitelist using /dns/whitelist/add (or let it auto-detect). This prevents unauthorized use of the DNS unblocking service.
Related Endpoints
- Health & Monitoring -- Server health and protocol status
- Smart Connect -- Server recommendations and telemetry
- Protocol Mimicry -- Traffic disguise profiles (includes DoH endpoint)