Hello from Germany,

Because I don't want that this post gets lost in a thread I put it in it's own thread!

I'm fairly new to the whole switch scene (just since three weeks), and because it is very interesting I started to read many things!

I downloaded a complete "finished" pack and hacked my switch with it, but I also started to "deconstruct" that pack to find out how anything works!

I investigated many time into dns, bans and security to help others and myself to avoid getting banned!

I really don't like 90dns!
The idea is good, don't get me wrong, but I don't like to waste the DNS settings for a service that isn't on my device!
And the next thing is: how secure is it if you change networks or the 90dns service is down?

Atmosphere brings anything we need, to protect our switch (locally) no matter whitch network!

I started to look into the settings of atmosphere and many other files, and now I would really appreciate it if you could take a look into all the files I put together and give me feedback please!
Tell me if it's good, if it's bad and, most importantly, if I missed something to make it better!

I think it would help many others to protect their device from being banned (I really hope it), and I also hope we can work together to make it even better! (FEEDBACK!!!)

OK! What is it doing?

1. Activated many things in system_settings.ini (atmosphere/config/)

2. Exosphere.ini (sd root)

3. override_settings.ini (atmosphere/config/ (set to R-Button))
(I just brought it back because on a new release it has to be set again)

4. "good" hosts file (atmosphere/hosts/ (default.txt and emummc.txt (both contain the same))

Hosts is what I would call "extreme" blocking thanks to the possible usage of "*" !
Example:

127.0.0.1 switch.*
127.0.0.1 switch*.*
127.0.0.1 *switch.*
127.0.0.1 *switch*.*

Same with nintendo! (but take a look yourself)

Made a exception for the HB-AppStore because the url is switchbru(dot) com and is BLOCKED because of the setup I made (see the example above) !
Now the appstore can be opened and used!

BLOCKED also some game servers for online gaming (just in case)

BLOCKED Google tracking and analytics

BLOCKED many YouTube ads servers! (if you use the patched YouTube app in CFW (emuMMC)
"This is still under testing and development)

As I said I'm not a fan of 90dns and now (with dns_mitm) I was able to set both DNS to cloudflare (1.1.1.1 and 1.0.0.1) because I am also no fan of fu... Google!
(what files are all related to 90dns? Would like to get completly rid of it? 90dns tester is deleted in switch folder, but it's there more?)

Well! That's it!

If you want to use it just copy all files out of the zip into the root of your SD and overwrite everything!
Do a reboot and it's set!
If you want to see if it's working just go to sd:/atmosphere/logs/ and open the log file in there!
(you can do that with many explorers from appstore in HBL)

If you want to help! You are welcome!

 

[Slluxx]

what's bullshit is your response. the claim to know how it works yet say it can't slow down connection? LMAO, google and cloudflare pass header info that identifies the geolocation of the person using it for routing, while 90dns doesn't. 90dns absolutely can lower speeds, sometimes significantly, but its a person to person thing. Some people go from 15mb/s down to 1, some are unaffected. How about you do some research into WHY so many people say it throttles connections instead of basing your opinion on your own mileage..

as for incognito. user error doesnt make it bad. its not incognito's fault someone loses there prodinfo backup, or uses on sysnand instead of being smart and using on a emunand. exosphere and incognito are better than 90dns if only for the fact you dont have to configure shit on every new connection...

bruv you dont stream data through cloudflare or any other dns. Even if you fill up the dns packets to its maximum with data, a download stream is not affected by that at all. A DNS can only influence the lookup time which can make a website that loads a bunch of things from different domains appear to load longer, but the actual download speed is not affected. Usually the responses are even stored for a certain amount of time so the lookup doesnt have to be done again.

I dont care what bullshit other people say with speed droppings. Its impossible for a DNS to affect download speeds. Once the name is resolved and a stream is going, nothing is routed through a dns server. please just google it and you get a few million results that will back me up.


I claim to know how it works because thats part of my profession and not just my opinion/mileage

 

[kenlee168]

If you are using legit and cfw on a switch, a ban might be devastating even so if you owned a huge eshop purchases, I have more than 1 switch so it not worth taking the risk and a ban a permanent one.

 

[fennectech]

what's bullshit is your response. the claim to know how it works yet say it can't slow down connection? LMAO, google and cloudflare pass header info that identifies the geolocation of the person using it for routing, while 90dns doesn't. 90dns absolutely can lower speeds, sometimes significantly, but its a person to person thing. Some people go from 15mb/s down to 1, some are unaffected. How about you do some research into WHY so many people say it throttles connections instead of basing your opinion on your own mileage..

as for incognito. user error doesnt make it bad. its not incognito's fault someone loses there prodinfo backup, or uses on sysnand instead of being smart and using on a emunand. exosphere and incognito are better than 90dns if only for the fact you dont have to configure shit on every new connection...

To play devils advocate it can slow down your internet experience. 90DNS is not nearly as fast as google or cloudflare DNS and can be comparatively slower for doing DNS lookups. Which can make things slower overall. It wont impact bandwidth but it can make things take longer to load as it takes longer for DNS lookups to go through.

 

[Slluxx]

To play devils advocate it can slow down your internet experience. 90DNS is not nearly as fast as google or cloudflare DNS and can be comparatively slower for doing DNS lookups. Which can make things slower overall. It wont impact bandwidth but it can make things take longer to load as it takes longer for DNS lookups to go through.

A DNS can only influence the lookup time which can make a website that loads a bunch of things from different domains appear to load longer, but the actual download speed is not affected.

Just as I said?

Although 90dns is very fast. Lookups are not large in packet size and 90dns doesnt has to serve a lot of them (compared to Google etc). Mainly Nintendo telemetry, gameservers and when you download games via tinfoil.

Tbh the main culprit here are the servers you download the games from and/or the connection your switch has to your router. It's always easy to blame someone else for your own deficit.

 

[Takokeshi]

One way in which a dns could slow down or speed up a connection is if there are multiple servers available for accessing a resource, and let's say your default dns from your isp is bad and routes you into a server farther away instead of using a nearer server (using a US server when you live in the EU, for example.) A different dns in this case may be able to force a connection to a nearer server instead (in this case an EU server), which would generally result in much greater speeds.

I don't know how this may or may not apply to 90dns, I know it blocks Nintendo's servers entirely and redirects connection test to a different address. I'm not sure what it does with other non-Nintendo traffic though. But if people are reporting that they consistently get lower speeds when on 90dns vs not using it, then surely that warrants consideration?

I think it doesn't really matter anymore though, because it's always going to be better to just set 90dns hosts directly on the console itself using dns.mitm, instead of setting the dns on a per-connection basis. Then the console itself blocks Nintendo and every other traffic goes through your default dns as always so there is no chance anything could get messed with.

That being said I'd be interested in seeing 90dns redirect ntp queries to a different server at least. Whatever server is doing the connection test redirect, they could host an ntp server at [address]/v1/time and configure the dns so that aauth-%.ndas.srv.nintendo.net redirects to the same server as the connection test. Given that blocking Nintendo prevents internet time from working, it would be nice to have a replacement.

(Yeah, switch-time exists, but it would be nice if the system could just seamlessly sync the clock without having to manually use a homebrew every time. Though I suppose one could adapt switch-time into a sysmodule which would periodically sync the clock in the background... hmmm...)

 

[Slluxx]

One way in which a dns could slow down or speed up a connection is if there are multiple servers available for accessing a resource, and let's say your default dns from your isp is bad and routes you into a server farther away instead of using a nearer server (using a US server when you live in the EU, for example.) A different dns in this case may be able to force a connection to a nearer server instead (in this case an EU server), which would generally result in much greater speeds.

I don't know how this may or may not apply to 90dns, I know it blocks Nintendo's servers entirely and redirects connection test to a different address. I'm not sure what it does with other non-Nintendo traffic though. But if people are reporting that they consistently get lower speeds when on 90dns vs not using it, then surely that warrants consideration?

I think it doesn't really matter anymore though, because it's always going to be better to just set 90dns hosts directly on the console itself using dns.mitm, instead of setting the dns on a per-connection basis. Then the console itself blocks Nintendo and every other traffic goes through your default dns as always so there is no chance anything could get messed with.

That being said I'd be interested in seeing 90dns redirect ntp queries to a different server at least. Whatever server is doing the connection test redirect, they could host an ntp server at [address]/v1/time and configure the dns so that aauth-%.ndas.srv.nintendo.net redirects to the same server as the connection test. Given that blocking Nintendo prevents internet time from working, it would be nice to have a replacement.

(Yeah, switch-time exists, but it would be nice if the system could just seamlessly sync the clock without having to manually use a homebrew every time. Though I suppose one could adapt switch-time into a sysmodule which would periodically sync the clock in the background... hmmm...)

I think you are confusing loadbalancing and Hops?
Lets imagine i request a resource from google.de. My ISP would ask google for the correct ip adress and the google loadbalancing/dns server responds with the ip adress of the server with the least load/closest to me (or whatever is configured on their side).

In this example, the dns request made one more request from "google to google", which is again, such an extreme tiny request that its basically just as neglible as before. And just because the dns request had one more step to do does not mean that the data has to do the same. The route of the data is independent from the route that the DNS request took. Both requests have to flow through Hops though. Basically "knots" or "crossroads" of dataflows, like your ISP or other datacenters to get to a certain destination. But again, a download streams dataflow does not have to take the same hops than the dns request did.

Asking a DNS server in australia what ip google.de is, does not change googles ip adress or the location of the server with that ip adress. Hops (usually) take the shortest route from your location to that ip adress.

I'm not sure what it does with other non-Nintendo traffic though.

Nothing. It just blocks/redicts the nessesary telemetry and connection test. All other requests are handled by DNS servers before or after. Usually your ISP.

[...] so there is no chance anything could get messed with.

If nintendo decides to update telemetry domains, you need to manually change your hostfile. 99% of local hostfile users will fail to do so while 90dns updates the domains for everyone. The only way for 90dns to "mess" with you is by removing their entries. if they shut down their service one day or if it randomly fails, no connection to the internet is made at all. Im calling that pretty safe.

 

[pexel]

@everyone reading this: please please please, don't use that blocklist. it is over blocking sooooooo freaking much.
it is partly an adblock list from a pi-hole. also don't use 90dns. it is slow, creates errors and is generally bad overall.

you should use DNS MITM but with the actual 90dns blocklist. i've included both for sys and emu mmc.
@BeckysFootSlave could you please update your OP? that would be awesome.

Greets also from Germany from a very troubled shop staff

 

[deathblade200]

bruv you dont stream data through cloudflare or any other dns. Even if you fill up the dns packets to its maximum with data, a download stream is not affected by that at all. A DNS can only influence the lookup time which can make a website that loads a bunch of things from different domains appear to load longer, but the actual download speed is not affected. Usually the responses are even stored for a certain amount of time so the lookup doesnt have to be done again.

I dont care what bullshit other people say with speed droppings. Its impossible for a DNS to affect download speeds. Once the name is resolved and a stream is going, nothing is routed through a dns server. please just google it and you get a few million results that will back me up.


I claim to know how it works because thats part of my profession and not just my opinion/mileage

to be fair if you us a dns that blocks ads, analytics, etc it can improve performance even for online switch games that use that shit

 

[Slluxx]

to be fair if you us a dns that blocks ads, analytics, etc it can improve performance even for online switch games that use that shit

When i was saying it doesnt affect speeds, i just thought of negative impact. I would also (somewhat) argue against this because the dns itself didnt "create" improved speeds. its just the result of ad trafic not wasting your bandwidth anymore.
Allthough for the sake of simplicity i guess you are right.

If you play games that are that heavily filled with ads and tracking then theres definitly something wrong with you xd

also don't use 90dns. it is slow, creates errors and is generally bad overall.

another one without a brain.

 

[Zkajavier]

Here been using only incognito for years and years and never been banned.

That's all you need. But if you're paranoid, guess you can try everything else.

 

[deathblade200]

If you play games that are that heavily filled with ads and tracking then theres definitly something wrong with you xd

most online games have telemetry servers running in the background on switch. so this is a rather close minded statement. browsers and apps in general are also loaded with the shit there is no avoiding it. hell even this very site while not a game fits your criteria

 

[Dragon91Nippon]

I'm not going to try but I think that hosts file is too big to load with Atmosphere also many of these domains are unnecessary to block since simply blocking Nintendo servers and having exosphere blanking is more than sufficent to prevent bans from online.

 

[Kallim]

A quick question.

I have a completely clean sysnand.

I have emunand running with incognito. I also have the GitHub emummc.txt fine file working.

Booting atmosphere is actually quite handy as I can easily reboot into sysnand or emu and from the homebrew menu.

I'm also aware just running sysnand with atmosphere shouldn't get a ban (or WiFi safe mods wouldn't work). However would updating the his via Nintendo get a ban?

At the moment I don't leave it to chance I use ofw or stock. But is it safe to update whilst running cfw? I know people have been banned whilst updating using emunand... I'm not so sure about sysnand.

 

[Deleted member 523475]

such bullshit. do you even know what a DNS does? it resolves a hostname (mydomain.com) to an ip adress (132.89.230.32).
After this tiny little request is done, 90dns doesnt do anything anymore. the traffic isnt flowing through them at all. one could argue that the initial lookup, which usually takes just a ms to complete, is slower than if you have this setting turned off but i think you are not aware that your ISP does the exact same thing. Also, they have US and EU servers to choose from, which means that even that tiny little name resolving request is done faster than you can even think.

TLDR; no, it does not throttle your connection - please dont repeat bullshit you have heard other dumb people say

PS: subpar potential reliability?
if 90dns fails for some reason (which it never did), you wont get a connection to the internet at all. there is no "subpar potential reliability" because even if the service fails, you are still protected.

Blawar (incognito creator) and their fanboys spread missinformation about 90dns to boost incognito, which btw is responsible for a huge amount of people fucking up their system forever because people using incognito lost their PRODINFO backups and effectively banned themselves forever with no return (unless they were smart and had a nandbackup).

The issue is that 90DNS causes you to not connect to the nearest servers for any CDN, this is very evident if you aren't right next to the 90DNS server geographically.
And 90DNS fails all the time, I've been getting communication errors to 207.246.121.77 since last month and no fallback to the second DNS.
Tinfoil incognito creates a backup of PRODINFO on the user's NAND, nobody should be losing a tincognito backup unless their NAND corrupts or dies. But I don't see anyone here telling people to use incognito, I just see references to dns.mitm and exosphere blanking.
There are much, much better servers to use for DNS, I don't know why you are spreading misinformation about 90DNS and tinfoil just to try to get people to use it.

 

[MasterJ360]

Incognito is the better option for Emunand b/c even if you did somehow screw up it wont even matter since the whole point is not to go online at all. Anyone using Incognito on their sysnand are already doing it wrong choice-wise. Either disable WIFI or just use 90DNS if your too paranoid of a console ban. The only negative effect 90DNS does is slowdown tinfoil downloads.