Hacking DNS to block the updates of the switch!

[softwareengineer]

this way doesn't work anymore. are there any new ways to play online on 4.1.0?

If this isn't working for you anymore, you could try my dns application: https://gbatemp.net/threads/release...caching-and-proxying-dns.501441/#post-7924204

It'll let you even see which servers it's trying to access in it's initial mode, without risking connecting to the wrong thing that updates. Then for example if you see a new url it's trying to access you can block it too. It supports blocking or whitelisting full domain names or domain names with wildcards.
It's for Windows + Mac + Android and Linux so you probably have at least one of those to use it on.

I should also think about building one for the switch itself, so you could run it from your switch using it on your switch

Note: Like instead of using those ips, use the listening ip shown for example below in the screenshot as your switch's dns.

It also supports encrypting your dns requests so you can be sure they are correct and from your dns server of choice and not anywhere else.

d

And why is no one saying anything about what Nah3DS posted?
-> "If you open on your browser the DNS listed here: https://reswitched.tech/info/faq

173.255.238.217

this appears.... -> crunch bit mining details page image"

That better not be what I think it is... Reswitched, it says it's a way for you and your friends to using your computers to make money mining bitcoin with your browser, NOT a way for YOU to make money with your friends computers or random people's computers that happen to use your DNS!

Someone should investigate, input reswitched dns servers into my application as it's dns servers delete the opendns ones and disable dnscrypt, then see what servers and ips it's redirecting you to and if it's trying to insert miners into your browser if you happen to use it on one. Or maybe read their terms of use agreement maybe it says it right there they'll use your computers for mining if you use their service...

Well either way to not risk it whether that's happening or not, take the other option, locally run your own dns server and you can be sure it's safe to use and that you aren't being used instead... !

 

[bytar]

thank you but it is impossible to use for me. i have no brain for this kind of software thing man. i don't understand how to use and even anything about it. btw, what is the bitcoin thing inside? what is the connection between nintendo switch and bitcoin?

 

[mmajunkie77]

Are we still recommended to stay offline? Is this super nag fixed with any particular DNS? I still haven't connected my 4.1 to any network since I've purchased it, but I'm afraid of this mandatory update lol

 

[XaneTenshi]

Hey guys
I just read through the thread to try and find out how to block updates using URL blocking.

However, I am unsure whether or not it actually works, because a character limit in the URL blocking section of my router means that:

I can add "sun.hac.lp1.d4c.nintendo.net:443" but not with "http" protocol at the start

I cannot add the http protocol or the port number 443 to "beach.hac.lp1.eshop.nintendo.net",

The full URL's are supposed to look like this:

http://sun.hac.lp1.d4c.nintendo.net:443
http://beach.hac.lp1.eshop.nintendo.net:443

Would it still work regardless of this?

 

[DayVeeBoi]

Hey guys
I just read through the thread to try and find out how to block updates using URL blocking.

However, I am unsure whether or not it actually works, because a character limit in the URL blocking section of my router means that:

I can add "sun.hac.lp1.d4c.nintendo.net:443" but not with "http" protocol at the start

I cannot add the http protocol or the port number 443 to "beach.hac.lp1.eshop.nintendo.net",

The full URL's are supposed to look like this:

http://sun.hac.lp1.d4c.nintendo.net:443
http://beach.hac.lp1.eshop.nintendo.net:443

Would it still work regardless of this?

I think it may depend on the router. Mine only works without the http/s part. You can test it by trying to use the site from your browser. I imagine you would get a message that says something like "forbidden" if the firewall isnt working and if it is you will get a message like "site cant be reached check firewall/proxy"

 

[XaneTenshi]

I think it may depend on the router. Mine only works without the http/s part. You can test it by trying to use the site from your browser. I imagine you would get a message that says something like "forbidden" if the firewall isnt working and if it is you will get a message like "site cant be reached check firewall/proxy"

I tried pinging the urls using CMD, and I still get a connection...crap

Guess ill try my browser, but should be the same:/

 

[DayVeeBoi]

I tried pinging the urls using CMD, and I still get a connection...crap

Guess ill try my browser, but should be the same:/

No pinging it is a better way to test. I just wasn't sure if you were able to do so, so I gave the simplest way for someone to test.Did you try cycling your router in between to allow it to load the new parameters?

 

[XaneTenshi]

No pinging it is a better way to test. I just wasn't sure if you were able to do so, so I gave the simplest way for someone to test.Did you try cycling your router in between to allow it to load the new parameters?

No, I don't think I did, is that a dns flush? Or just a simple "switch router on/off" thing?

Strangely enough, if I try in my browser, I get a "connection reset" message, so that indicates it works, but it still pings fine in CMD. But I guess that's because I didn't cycle my router then?

EDIT: I'm no expert on this kinda thing, I just know how to use the ping command in CMD, that's all XD

 

[DayVeeBoi]

No, I don't think I did, is that a dns flush? Or just a simple "switch router on/off" thing?

Strangely enough, if I try in my browser, I get a "connection reset" message, so that indicates it works, but it still pings fine in CMD. But I guess that's because I didn't cycle my router then?

EDIT: I'm no expert on this kinda thing, I just know how to use the ping command in CMD, that's all XD

I'm no expert either (especially with networking). I think connection reset means that it connection was denied by their server.So it sounds to me like it isn't working. What kind of router/AP are you using? is it fairly common? You may be able to find the answer quite easily as there are lots of guides for setting up routers of every make. The other option is if it isn't supported and you feel confident enough you may be able to use 3rd party firmware on your router. Just as an aside, I think that there are DNS servers available that are blocking the nintendo servers. Are you interested in this, rather than messing with router settings? Or are you not using a DNS for other reasons?

 

[XaneTenshi]

I'm no expert either (especially with networking). I think connection reset means that it connection was denied by their server.So it sounds to me like it isn't working. What kind of router/AP are you using? is it fairly common? You may be able to find the answer quite easily as there are lots of guides for setting up routers of every make. The other option is if it isn't supported and you feel confident enough you may be able to use 3rd party firmware on your router. Just as an aside, I think that there are DNS servers available that are blocking the nintendo servers. Are you interested in this, rather than messing with router settings? Or are you not using a DNS for other reasons?

My router is an Airlink59300. I think it's pretty old by todays standards. I already tried searching for manuals about. Best I've found was a collection of screenshots detailing each router setting, which didn't help much.

That aside though, if there is a working DNS server, I'd actually prefer that. It just seemed like the URL blocking was actually confirmed still working

 

[DayVeeBoi]

My router is an Airlink59300. I think it's pretty old by todays standards. I already tried searching for manuals about. Best I've found was a collection of screenshots detailing each router setting, which didn't help much.

That aside though, if there is a working DNS server, I'd actually prefer that. It just seemed like the URL blocking was actually confirmed still working

Is your router a Jensen-Scandinavia Airlink 59300?

I have not been following Switch stuff very closely for a few months. Is there now some concern that using DNS servers that block Nintendo URL's are not working? I haven't heard anything about that, but that doesn't mean much.

There are several other ways to block it. I believe that Al-Azif's ps4 DNS server (108.61.128.158 & 165.227.83.145) may be blocking Nintendo's update servers (his local host version seems to, you could also just run it locally). You can use a proxy running on a computer (raspberry pi, laptop, any computer). You can also use this python based mini-dns server running on any computer. It is pretty simple to setup with a bit of experimentation.

 

[XaneTenshi]

I have not been following Switch stuff very closely for a few months. Is there now some concern that using DNS servers that block Nintendo URL's are not working? I haven't heard anything about that, but that doesn't mean much.

There are several other ways to block it. I believe that Al-Azif's ps4 DNS server (108.61.128.158 & 165.227.83.145) may be blocking Nintendo's update servers (his local host version seems to, you could also just run it locally). You can use a proxy running on a computer (raspberry pi, laptop, any computer). You can also use this python based mini-dns server running on any computer. It is pretty simple to setup with a bit of experimentation.

Thanks, i'll take a look at it later and see if I can work something out. My brain needs a timeout for now.

I'm sure the right DNS will block the updates. It's just that, looking through this thread, several different DNS have been suggested, and if you look through the pages, you'll see that later on people are reporting that they no longer work. Cyan last edited the Opening Post as of the 14th of march. But if you take a look at the site where the suggested DNS came from, that site was last updated more than a year ago!

If I choose a DNS that doesn't block every required site, this will all have been for nothing:/

 

[DayVeeBoi]

Thanks, i'll take a look at it later and see if I can work something out. My brain needs a timeout for now.

I'm sure the right DNS will block the updates. It's just that, looking through this thread, several different DNS have been suggested, and if you look through the pages, you'll see that later on people are reporting that they no longer work. Cyan last edited the Opening Post as of the 14th of march. But if you take a look at the site where the suggested DNS came from, that site was last updated more than a year ago!

If I choose a DNS that doesn't block every required site, this will all have been for nothing:/

Well if your router is the Jensen-Scandinavia one (or has similar firmware) it appears to block URL's using a keyword based system. So you don't need the protocol part, just the domain part and it should work. So for

sun.hac.lp1.d4c.nintendo.net:443

you only need the

nintendo.net

portion. Then I would reboot the router and try to ping it and if it's blocked I would do the same for any other URL's you can find that seem to be related to updates.

 

[naddel81]

with a custom DNS in the switch internet settings, can we still update games?

 

[DayVeeBoi]

with a custom DNS in the switch internet settings, can we still update games?

I haven't used mine since firmware 3.0.1 came out, but at the time you could so long as the dns wasn't blocking the game update servers as well. I can't answer whether that's still the situation today, or for firmwares above 3.0.0.

--------------------- MERGED ---------------------------

Hey @XaneTenshi you should take a look at the application by @softwareengineer above--> https://gbatemp.net/threads/release...ndroid-local-caching-and-proxying-dns.501441/

It seems to be a nice polished open source way to not only block DNS but also sniff what URL's your switch is trying to contact. I haven't visited this thread in a long time so I never noticed it until just now.

 

[XaneTenshi]

@DayVeeBoi Thanks for your help so far, I really appreciate it. Unfortunately things just aren't working out for me atm. Here goes....


So after our troubleshooting yesterday, I tried to find a working DNS I could use. I tried both "104.236.106.125", which according to a recent post here https://gbatemp.net/threads/blocking-switch-updates.503770/ still works, and 173.255.238.217 found here https://reswitched.tech/info/faq, and neither of them works. I get a timeout when I try to connect using either of these. I guess because the servers are either not running anymore, or they are simply too far away from my location.

So I decided to try your other suggestion. Yes, my Router is the Jensen Scandinavia one. I wasn't much for using the keyword system, because it heavily limits my control over what I am blocking but I tried just entering "Nintendo.net" as a keyword. There were some issues with this at first, but to try and keep this post as short as possible (yeah right-.-) let's just say that it works now.

So with this working I tried to simply connect the Switch to the internet through automatic settings and it just WON'T work. My Switch will connect to my network device, but not the internet.

I have tried this multiple times now. I've gotten the error code: 2110-3150, which just says that "an error occurred during communication with the server" as well as the error code: 2110-2963 "unable to obtain IP-address".

I'm seriously tempted to just disable the URL blocking and see if this fixes it, but if it does fix it, with nothing in place to protect the system, I'm positive my Switch will just immediately download and update the system firmware. I also don't see why the url blocking would prevent my Switch from getting an IP-address. I am seriously stuck here:/

I can provide screenshots of anything I do if that will help clear things up BTW.

EDIT: So I decided to try and remove the keyword blocking and put back the 2 urls I initially tried to block and just cross my fingers. This did the trick and my Switch is now connected to the internet. I'm not yet quite sure if the url blocking is actually working, but at the very least my Switch hasn't automatically updated itself. Haven't tried entering the E-shop though, so that might be my next move. For now though, even just trying to create a Nintendo Account to access my friend list prompts me to do a system update. Damnit Nintendo:/

 

[tatundria]

Does anyone know how to block nintendo switch updates on an ASUS router?

 

[ichibaka]

Use traceroute on those urls you want to block, get its destination IPs, then route them to your router's IP address and they will never go anywhere.

 

[intellettuanale]

What about dauth?
Are there any url to block after the 6.0.0 update? Such as this http://dauth-lp1.ndas.srv.nintendo.net

 

[JustBrandonT]

What about dauth?
Are there any url to block after the 6.0.0 update? Such as this http://dauth-lp1.ndas.srv.nintendo.net

You can just add that URL to your router or whatever blocker you're using.