DNS to block the updates of the switch!

Discussion in 'Switch - Hacking & Homebrew' started by fokouethan, Mar 28, 2017.

  1. Switchssb

    Switchssb Newbie

    Newcomer
    8
    1
    Apr 1, 2017
    yeah but it was also blocking eshop and internet access on the switch.

    I've setup fiddler proxy and now have what i want basically, can still update/buy games, and don't get the sys update nag. Thanks Wizz
     
    Mr. Wizard likes this.
  2. zero80472

    zero80472 Member

    Newcomer
    41
    0
    Mar 14, 2009
    i have blocked using the DNS methoid but my zelda wont start (i dont want to update to latest version ) due to the fact that i need arrows any ideas

    (could it because of my safe files ? ) i was on the update but i uninstalled it (delete the software delete's the patch i think)
     
  3. Switchssb

    Switchssb Newbie

    Newcomer
    8
    1
    Apr 1, 2017
    Just opened Eshop and i'm getting a system update prompt even with fiddler, whats the new address's to block?
     
  4. DarkenedMatter

    DarkenedMatter GBAtemp Advanced Fan

    Member
    512
    423
    Jul 26, 2013
    United States
    DNS method isn't working for me anymore. I just get error codes. I guess it needs updating?
     
  5. DocAmes1980

    DocAmes1980 GBAtemp Advanced Fan

    Member
    540
    338
    Oct 31, 2016
    United States
    I'm not getting the nag. I'm blocking:

    Code:
    sun.hac.lp1.d4c.nintendo.net
    beach.hac.lp1.eshop.nintendo.net
    I'm not using Fiddler though. I'm blocking them by using a DNS emulator.
     
  6. Mr. Wizard

    Mr. Wizard Ending the spread of bullshit one thread at a time

    Member
    1,113
    429
    Mar 20, 2015
    Canada
    10th Dimension
    I'm using fidder and blocking sun and beach, no problems here for me.
     
  7. OfficialFBomb

    OfficialFBomb GBAtemp Advanced Fan

    Member
    530
    145
    Aug 24, 2015
    United States
    Remember me, lol my router does keyword blocking, I was updating the key word list when I noticed this post ^ I took two screen shots just to make sure this was right..
     

    Attached Files:

  8. Mr. Wizard

    Mr. Wizard Ending the spread of bullshit one thread at a time

    Member
    1,113
    429
    Mar 20, 2015
    Canada
    10th Dimension
    It's not being blocked on either test.

    What you are looking for is the ERR_EMPTY_RESPONSE which mean the packet has been dropped (blocked). ERR_CONNECTION_RESET means you connected to something but it could not handshake and didn't understand you so it reset the connection. This happened because by using http (unsecured) and pointing to port :443 (secured), your browser was still able to connect but it was talking gibberish to the server so the connection was reset. You entered an invalid address, you either need to omit the :443 or add HTTPS. The only one you should really be concerned with is the HTTPS because the switch uses encryption.

    If entering https://sun.hac.lp1.d4c.nintendo.net gets you ERR_EMPTY_RESPONSE your router is fully blocking.

    The problem is most routers don't seem to be able to block HTTPS, only HTTP. Then again some routers say the don't block HTTPS yet they do.

    You just have to test it and in your case your router doesn't seem to be blocking HTTPS or you have entered the wrong information in the site block settings.
     
    Last edited by Mr. Wizard, Apr 18, 2017
  9. naddel81

    naddel81 GBAtemp Advanced Maniac

    Member
    1,507
    186
    Dec 14, 2009
    United States
    why not use "
    TitleDNS "The Netherlands" (81.4.127.20) : [​IMG] (20 ms) Website Charge (Apache2) : [​IMG]
    TitleDNS "Los Angeles" (168.235.92.108) : [​IMG] (202 ms)"

    ?
     
  10. DocAmes1980

    DocAmes1980 GBAtemp Advanced Fan

    Member
    540
    338
    Oct 31, 2016
    United States
    Those are for blocking Wii U updates.
     
    naddel81 likes this.
  11. Dimensional

    Dimensional GBAtemp Advanced Fan

    Member
    614
    93
    Dec 7, 2008
    United States
    Texas
    I'm using a router with TomatoUSB, and the only way I know of blocking connections is through the Access Restriction function in the firmware. However, blocking all TCP/UDP connections on port 443 to sun and beach blocks eShop. I've also disabled Auto-Update Software in my Switch settings, under System at the bottom. Right now, I'm unsure if I got it working right, but I've edited my firmware's settings to block all TCP/UDP connections attempts on port 443 that use the Layer 7 DNS connections.

    Edit: My attempt to block it using this configuration failed. I'm attempting other methods.

    Edit 2: It took me a while, but I managed to configure my router to both block the two domains, redirecting to 0.0.0.0, but also configured the firewall to also redirect the servers IPs to 0.0.0.0. So far I haven't seen any update nags, and I'm connected to eShop.
     
    Last edited by Dimensional, Apr 18, 2017
  12. naddel81

    naddel81 GBAtemp Advanced Maniac

    Member
    1,507
    186
    Dec 14, 2009
    United States
    oh, I thought they would block ninty servers. therefore they work flawlessly on 3DS, too.
     
  13. DocAmes1980

    DocAmes1980 GBAtemp Advanced Fan

    Member
    540
    338
    Oct 31, 2016
    United States
    They should be updated to block Switch updates. Maybe they will. It's still better to block updates via your own means. Public DNSes will eventually go down.
     
  14. naddel81

    naddel81 GBAtemp Advanced Maniac

    Member
    1,507
    186
    Dec 14, 2009
    United States
    once you leave wifi on and accidentally connect to a free wifi you are out of luck anyway. the switch will grab an update in no time.
     
  15. Mr. Wizard

    Mr. Wizard Ending the spread of bullshit one thread at a time

    Member
    1,113
    429
    Mar 20, 2015
    Canada
    10th Dimension
    Actually no it won't, not on 2.0 anyway. It will inform you of an update but you still have to tell it to update. Rebooting clears the nag.
     
    naddel81 likes this.
  16. OfficialFBomb

    OfficialFBomb GBAtemp Advanced Fan

    Member
    530
    145
    Aug 24, 2015
    United States
    Well trying on my pc to ping https://sun.hac.lp1.d4c.nintendo.net/ i get a privacy error first, i have to tell it to connect to the site and then i get access denied cc problem, so it seems im going to have tot just turn off wifi permanently until i buy a new router

    Also this is what i have in my keyword blocker
    autm.hac.lp1.d4c.nintendo.net
    sun. .net
    beach. .eshop .net
    superfly. .net
    With of course all the filled in text like the first one
     
    Last edited by OfficialFBomb, Apr 18, 2017
  17. Mr. Wizard

    Mr. Wizard Ending the spread of bullshit one thread at a time

    Member
    1,113
    429
    Mar 20, 2015
    Canada
    10th Dimension
    You cannot ping https://sun.hac.lp1.d4c.nintendo.net. You can ping sun.hac.lp1.d4c.nintendo.net but that will only tell you if your router is blocking the name for http traffic which it should be capable of. I made the suggestion of using ping before I realized people were having problems with blocking https.

    The correct way to test would be to enter https://sun.hac.lp1.d4c.nintendo.net in your browser and see if the packet gets dropped or by using the switch itself since updates are not forced by any means yet, I do not like to recommend using the switch though since some people will blame me for their own stupid actions of selecting "Update Now".

    I digress, your autm.hac.lp1.d4c.nintendo.net address is spelled wrong so I'm curious if others are as well. It would be more useful to actually state the full addresses you are using, by copying and pasting from the router interface.
     
  18. OfficialFBomb

    OfficialFBomb GBAtemp Advanced Fan

    Member
    530
    145
    Aug 24, 2015
    United States
    I misspelled typing here, in the router it's atum. I was trying to copy paste but the router won't let me copy (weird right)

    atum.hac.lp1.d4c.nintendo.net
    sun.hac.lp1.d4c.nintendo.net
    beach.hac.lp1.eshop.nintendo.net
    superfly.hac.lp1.d4c.nintendo.net

    Also when entering https://sun.hac.lp1.d4c.nintendo.net into a new chrome tab results in Access Denied CC Problem
     
  19. Mr. Wizard

    Mr. Wizard Ending the spread of bullshit one thread at a time

    Member
    1,113
    429
    Mar 20, 2015
    Canada
    10th Dimension
    Bummer... What model router do you have, you might be able to just use custom firmware instead of buying a new one.
     
  20. OfficialFBomb

    OfficialFBomb GBAtemp Advanced Fan

    Member
    530
    145
    Aug 24, 2015
    United States
    I have a Netgear C6250-100NAS