Hacking DNS to block the updates of the switch!

[Mr. Wizard]

I have a Netgear C6250-100NAS

Unfortunately that router doesn't support blocking https and there doesn't seem to be any support for custom firmware since it's a router/modem combo.

Your best bet would be to do some research and get a router that is compatible with custom firmware then set your old router to bridge mode.

https://advancedtomato.com/downloads
http://www.dd-wrt.com/site/support/router-database

https://kb.netgear.com/20831/How-to-set-up-Bridge-mode-on-R6300-R6250-R6200

 

[studio1b]

I use advanced tomato on my routers

You go to ADVANCED - ADBLOCK
add add this

This will block the system update.

 

[jt_1258]

Disclaimer: URLs are subject to change, I will not be held responsible if nintendo suddenly starts using, for eg. deathstar.hac.lp1.d4c.nintendo.net for updates. Also some of those addresses seem region specific cdn.nintendo.net. Your mileage may vary.

so a deathstar to destroy homebrew ehh, never thought Nintendo would come down to this XD

 

[DayVeeBoi]

Also some of those addresses seem region specific cdn.nintendo.net.

Thanks for the research into URL's. It made what couldve been several hours of work to create DD-WRT filter to about 3 minutes, I appreciate it. Anyways, I think "CDN" stands for Content Delivery Network or somesuch. I don't think it's related to location. I was wondering the same with 3DS URL's a few years ago and googled around a bit. Not trying to nit-pick or anything, just FYI.

 

[MSco]

This weekend I played MK8DX online on my 2.0.0 Switch.
I simply used the DNS: 173.255.238.217

It works perfectly! Online Gaming is possible and the 2.1 Update is blocked.

This did not work with the other DNS (205. ...) This blocks the update, but also blocks everything else (online gaming, eshop). So what was the intention of this DNS? For me, it was the same, as if I would completely disconnect from wifi.

So, should we now use 173. ... permantly instead of the 205. ... ?

 

[EpicLPer]

Hello, here is the dns to block the updates of the switch. Sorry if I said ca too late because the firmware 2.1.0 is out. Well ... Here's the dns: 205.166.76.187 primary and secondary.


Edit from Cyan :
check post#9 to get a list of URLs and their purpose !

New dns for eshop : 173.255.238.217

Well, the new DNS doesn't seem to block the update nag tho...

--------------------- MERGED ---------------------------

Thanks for the research into URL's. It made what couldve been several hours of work to create DD-WRT filter to about 3 minutes, I appreciate it. Anyways, I think "CDN" stands for Content Delivery Network or somesuch. I don't think it's related to location. I was wondering the same with 3DS URL's a few years ago and googled around a bit. Not trying to nit-pick or anything, just FYI.

Do you know how to filter them on OpenWRT?

 

[DayVeeBoi]

Well, the new DNS doesn't seem to block the update nag tho...

--------------------- MERGED ---------------------------


Do you know how to filter them on OpenWRT?

Yeah, I found the same thing regarding the DNS not blocking the update nag anymore. I don't use openWRT, but I am familiar with it. There will be several different ways to block domains depending on your setup. If you are using DNSmasq you could add the SUN and MOON addresses to /etc/dnsmasq.conf and a quick google search tells me there's a package for openWRT available called "Privoxy" that would be well suited to the purpose.

That's about all I can tell ya, like I said I don't use openWRT. I would also suggest you take a look at installing dd-wrt on the device as it seems to be more user-friendly than openWRT and if you don't need it for something that's not possible with dd-wrt, that may be something to look into.

 

[Cava]

Hi @Mr. Wizard i have a DD-WRT fw router but at the access restriction menu it can't block the URL's with or without the port or the https tag. Now i used the DNSMasq section to block the beach and sun urls.

 

[fokouethan]

oh Sorry dns dont work

--------------------- MERGED ---------------------------

Very sorry...

--------------------- MERGED ---------------------------

But work if you reboot your switch

 

[Tilde88]

If you want to block everything then here:

NOTE: These URLs are encrypted hence port 443. Some consumer routers do not let you enter a port in your blocking interface you may have to use HTTPS:// instead. If using Site blocking you don't need the HTTP or PORT, Just the name.

MUST BLOCK:
http://sun.hac.lp1.d4c.nintendo.net:443 - System Update Server/Nag
http://beach.hac.lp1.eshop.nintendo.net:443 - System Update Nag/Eshop lockout

OPTIONAL (May cause system instability):
http://aauth-lp1.ndas.srv.nintendo.net:443
http://accounts.nintendo.com:443 - Nintendo Account
http://api.accounts.nintendo.com:443 - Add Friends API
http://app-a04.lp1.npns.srv.nintendo.net:443
http://aqua.hac.lp1.d4c.nintendo.net:443
http://atum.hac.lp1.d4c.nintendo.net:443 - Game download server
http://bcat-data-lp1.cdn.nintendo.net:443
http://bcat-list-lp1.cdn.nintendo.net:443
http://broker.lp1.npns.srv.nintendo.net:443
http://bugyo.hac.lp1.eshop.nintendo.net:443 - eshop
http://consumer.lp1.npns.srv.nintendo.net:443 - eshop
http://dauth-lp1.ndas.srv.nintendo.net:443
http://e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com:443 - Friends list
http://ecs-lp1.hac.shop.nintendo.net:443
http://pushmo.hac.lp1.eshop.nintendo.net:443 - eshop
http://receive-lp1.dg.srv.nintendo.net:443
http://receive-lp1.er.srv.nintendo.net:443 - error reporting
http://scontent.xx.fbcdn.net:443 - Facebook
http://superfly.hac.lp1.d4c.nintendo.net:443 - Game updates server
http://tagaya.hac.lp1.eshop.nintendo.net:443
http://web-lp1.share.srv.nintendo.net:443 - Facebook Image Posting
http://www.google-analytics.com:443 - Fsck you google! Stay out of my shit!
http://www.googletagmanager.com:443 - Google again? Really?

Game Related:

http://snake.sumo-services.co.uk:443 - Snake Pass
http://g2785c501-lp1.s.n.srv.nintendo.net:443 - Disgaea 5
http://ngs-2785c5-live.s3.amazonaws.com:443 - Disgaea 5

Disclaimer: URLs are subject to change, I will not be held responsible if nintendo suddenly starts using, for eg. deathstar.hac.lp1.d4c.nintendo.net for updates.
Your mileage may vary.

Thanks for this. What I did was PING the 2 MUST BLOCK hosts, and nab their IPs in case the domain changes in the future. Then, on my router, i did a full port forward (all ports on all protocols). I used the IPs, and forwarded them from WAN to LAN (local static IP within my network), and set the rule to DENY. Then, I also set from LAN to WAN to be forwarded the same way, with my local static IP as the source this time.

Now, even if the port, and/or host change, their will be no problem. They would have to change the public static IP, which isn't common at all, and they would have to use a non-standard port, like 10443 or a random, which the system is not coded for.

Also, I set a DHCP reservation on my router based on the MAC to always give the same static IP to the MAC of the Switch. Additionally, I gave my Switch a static IP config just to be redundant.

Anywho, thanks for the list. Hopefully this will help those without advanced firewall settings, and who cannot use a CFW on their router. All routers can do this that I've explained.

(Also, I used 173.255.238.217 as the DNS for the static IP info on the Switch (Primary and Secondary). Just in case :-p.

After doing this, I was able to link a Nintendo Account, download all the demos, downloaded the Disgaea 5 update from USA eShop --it's a Japanese Switch and a Japanese game cart. Everything works fine.
(Just bought this Switch in Japan during my trip)

Switch has not offered a System Update, and is still on 2.1.0 (came this way).

I don't know how I failed to realize... They have multiple public IPs registered to domains... Derp lol. Anyway, yea DNSMasq and/or adblock on router works great

 

[Yanda]

Today I got a Switch and checked the method of DNS block using OpenDNS.
I am using OpenDNS for WiiU. It has been blocking update for a long time.
At the time of purchase my switch FW was 2.1.0. And still I keep it now.

First, I checked the FW. It's 2.1.0.
Next I set a WiFi connection.
Next I set a DNS option.
When I looked at FW, it says "update is possible". "FW2.1.0" was dissappeared.
I thought I had failed, but it was fine.

I attempted to connect to eshop and got error code:2137-8060.
I attempted to update main system and got error code:2137-8060.
I confirmed the method of using OpenDNS is functioning.
After rebooted, It was written FW 2.1.0 at system information. "update is possible" was dissappeared.

To use this method your network needs to be a static IP address.
Here is the tutorial.

These are my newly added address lists.
atum.hac.lp1.d4c.nintendo.net
sun.hac.lp1.d4c.nintendo.net
beach.hac.lp1.eshop.nintendo.net
superfly.hac.lp1.d4c.nintendo.net
receive-lp1.er.srv.nintendo.net

 

[SembraNonBuono]

I need help.
I blocked with Fiddler both "beach..." and "sun..." but the e-shop is asking me too update. Switch's fw is 2.0.0.
I'm using fiddler for Mac OS with mono, as the official Fiddler's site says.
I followed this guide --> https://gbatemp.net/threads/tutorial-fiddler-setup-guide-for-blocking-update-server.466328/

 

[thedetire]

I need help.
I blocked with Fiddler both "beach..." and "sun..." but the e-shop is asking me too update. Switch's fw is 2.0.0.
I'm using fiddler for Mac OS with mono, as the official Fiddler's site says.
I followed this guide --> https://gbatemp.net/threads/tutorial-fiddler-setup-guide-for-blocking-update-server.466328/

You can't visit the eshop, only on the latest update.
You actually can't do anything online unless you update.

 

[SembraNonBuono]

You can't visit the eshop, only on the latest update.
You actually can't do anything online unless you update.

So this guide is no longer working?

 

[thedetire]

So this guide is no longer working?

Exactly, maybe it works for 3.0 but with changes. Not sure about that.
But for 2.0 all you can do is block access to the server (blocks online access), but you will get an error saying that something went wrong. Tried it myself out before updating.

It's either updating or not using online stuff.

 

[SembraNonBuono]

Exactly, maybe it works for 3.0 but with changes. Not sure about that.
But for 2.0 all you can do is block access to the server (blocks online access), but you will get an error saying that something went wrong. Tried it myself out before updating.

It's either updating or not using online stuff.

Ok, I'll update too

 

[Yanda]

I noticed that the art posts of Splatoon 2 were not displayed.
If you block Error Reporting server, the art post is not displayed in the game.
http://receive-lp1.er.srv.nintendo.net:443 [error reporting]
If you want to display art posts remove it from the block list.

 

[Domineu]

I'm on 3.0.0 and blocked Sun and Beach but I am still getting the update nag. Can anyone help me please?

 

[Deleted User]

deleted

 

[Deleted User]

I'm on 3.0.0 and blocked Sun and Beach but I am still getting the update nag. Can anyone help me please?

thats my issue