Homebrew RELEASE 90DNS: DNS server for blocking all Nintendo Servers

Skonikol

Skonikol

Well-Known Member
Member
Level 5
Joined
May 25, 2017
Messages
119
Trophies
0
Age
41
Location
Muhosransk
XP
566
Country
Russia
AveSatanas said:
Follow the OP, use 90DNS. simple.
Click to expand...
Yes, of course I did. Thank you very much for your service. I hope you'll let us know if the server goes down.
It is very frustrating that the console is not able to connect to the network without the Internet.
At home, I can connect all the devices to an empty network, even my cat :whip:, except Switch...

I tried to deal with my own server, but I did not have enough knowledge on macOS, maybe later I will figure it out.
 
Last edited by Skonikol,
N

Naguz

Active Member
Newcomer
Level 3
Joined
May 9, 2008
Messages
44
Trophies
1
XP
255
Country
Norway
I still get notifications about available game updates while using 90dns. This makes me somewhat uncertain if it catches all. Anybody else gets those?
 
Localhorst86

Localhorst86

Robert'); DROP TABLE members;--
Member
Level 15
Joined
Jul 17, 2014
Messages
2,736
Trophies
1
Location
Nintendo works for my dad
XP
5,342
Country
Germany
krptg said:
I'll see how to setup those blocks with PiHole for people who use it like me.
Click to expand...
For using the blocks itself, simply download the 90dns dnsmasq config to /etc/dnsmasq/02-90dns.conf and edit the file to change all instances of 192.168.0.1 (basically all instances of Nintendo.<tld> except the two connection test hostnames) to the ip of your pi-hole.

Now, self hosting the two connection test replies on your pi-hole is possible as well, but a lot more trickier. The basic gist is to assign two ip addresses to your pi-hole, install a secondary web server (nginx) and make the pi-hole admin interface (lighttpd) listen on one of the ip addresses on port 80, the second web server (nginx) on the secondary ip, also port 80, then edit the 02—90dns.conf to point the two connection tests to the second ip. It's tricky and you need a certain amount of Linux and networking knowledge/research to pull it off, though.

Gesendet von meinem Mi A1 mit Tapatalk
 
Skonikol

Skonikol

Well-Known Member
Member
Level 5
Joined
May 25, 2017
Messages
119
Trophies
0
Age
41
Location
Muhosransk
XP
566
Country
Russia
Naguz said:
I still get notifications about available game updates while using 90dns. This makes me somewhat uncertain if it catches all. Anybody else gets those?
Click to expand...
These notifications will also appear when there is no connection, as this information is contained in new games and updates that you install.
 
  • Like
Reactions: Naguz
Rushhour77

Rushhour77

Well-Known Member
Newcomer
Level 4
Joined
Aug 1, 2007
Messages
79
Trophies
0
Location
NL
XP
466
Country
Netherlands
Firstly, great job in helping and hosting everything.
I would like to use 90DNS, but before i do, are there any reports of users who still got banned while using 90DNS? Offcourse I understand it could also be a flagged switch that was banned later. I would just like to know if there are none reports or maybe a few.
Thx!
 
Cyan

Cyan

GBATemp's lurking knight
Former Staff
Level 25
Joined
Oct 27, 2002
Messages
23,749
Trophies
4
Age
45
Location
Engine room, learning
XP
15,649
Country
France
how would you know if you are banned, if you can't connect to nintendo servers because you are blocking the URL?
you can't be banned only for using a DNS, you are banned for any CFW usage. If you unblock access to servers to see if you are banned they will know you did CFW and will ban you for that. if you use CFW and they don't have any way to know about it, they can't ban you.
90DNS is used for that, blocking (most?) all nintendo's domain to prevent sending any data to their servers.

90DNS is based on a black list system, where you put all domain name you want to filter, and if you forget one or if nintendo adds new one, 90DNS will not filter it.
Isn't it better/safer to use a white list system? I'm using CCproxy with white list mode, and only allow LAN, switchbru appstore and nintendo connection test server. I don't know if it blocks IP requests or only URL requests, but I find it safer. so far I saw blocked URL in the log, but I don't know if everything is correctly blocked as it logs only blocked requests, and only http & ftp ? no idea if there are UDP requests.
 
Last edited by Cyan,
  • Like
Reactions: SrTommy, Rushhour77 and Skonikol
Rushhour77

Rushhour77

Well-Known Member
Newcomer
Level 4
Joined
Aug 1, 2007
Messages
79
Trophies
0
Location
NL
XP
466
Country
Netherlands
Cyan said:
how would you know if you are banned, if you can't connect to nintendo servers because you are blocking the URL?
you can't be banned only for using a DNS, you are banned for any CFW usage. If you unblock access to servers to see if you are banned they will know you did CFW and will ban you for that.
Click to expand...
Fair point lol

Cyan said:
90DNS is based on a black list system, where you put all domain name you want to filter, and if you forget one or if nintendo adds new one, 90DNS will not filter it.
Click to expand...
Thats my concern also

Cyan said:
Isn't it better/safer to use a white list system?
Click to expand...
Very interesting. I was really looking into this because i would like to transfer using network or ftp. Whitelist would be pretty safe imo.
 
  • Like
Reactions: SrTommy and Skonikol
AveSatanas

AveSatanas

Well-Known Member
OP
Member
Level 6
Joined
Aug 7, 2018
Messages
153
Trophies
0
XP
950
Country
Chad
Rushhour77 said:
Firstly, great job in helping and hosting everything.
I would like to use 90DNS, but before i do, are there any reports of users who still got banned while using 90DNS? Offcourse I understand it could also be a flagged switch that was banned later. I would just like to know if there are none reports or maybe a few.
Thx!
Click to expand...
I used it for months, did all sorts of unfun things (unfun for N), and after I recovered my clean nand backup I wasn't banned.

Cyan said:
how would you know if you are banned, if you can't connect to nintendo servers because you are blocking the URL?
you can't be banned only for using a DNS, you are banned for any CFW usage. If you unblock access to servers to see if you are banned they will know you did CFW and will ban you for that. if you use CFW and they don't have any way to know about it, they can't ban you.
90DNS is used for that, blocking (most?) all nintendo's domain to prevent sending any data to their servers.

90DNS is based on a black list system, where you put all domain name you want to filter, and if you forget one or if nintendo adds new one, 90DNS will not filter it.
Isn't it better/safer to use a white list system? I'm using CCproxy with white list mode, and only allow LAN, switchbru appstore and nintendo connection test server. I don't know if it blocks IP requests or only URL requests, but I find it safer. so far I saw blocked URL in the log, but I don't know if everything is correctly blocked as it logs only blocked requests, and only http & ftp ? no idea if there are UDP requests.
Click to expand...
As it stands rn, nintendo would need a whole new domain and likely an update. I doubt that they'll get into a cat and mouse game with me.

Blocking IP wouldn't work, because it's a DNS. If N starts using IPs have a solution for that too, but I won't release it just yet.

If you want smth custom like that, you're probably better off using a custom solution like you are doing rn. I might do a whitelist 90DNS one day, but eh.
 
Last edited by AveSatanas,
  • Like
Reactions: Rushhour77
Localhorst86

Localhorst86

Robert'); DROP TABLE members;--
Member
Level 15
Joined
Jul 17, 2014
Messages
2,736
Trophies
1
Location
Nintendo works for my dad
XP
5,342
Country
Germany
I decided to block all outgoing network traffic for my switch. I.e., my Switch device can only communicate inside my local network. No traffic from my switch can leave the house. Thanks to @AveSatanas 's self hosting guide I was able to host the connection test responses on my pi-hole. So I can still connect to my Wifi for FTP or DZ purposes.
 
Cyan

Cyan

GBATemp's lurking knight
Former Staff
Level 25
Joined
Oct 27, 2002
Messages
23,749
Trophies
4
Age
45
Location
Engine room, learning
XP
15,649
Country
France
Someone know which error code is 2160-8056 ?

it's the error I get when using CCProxy in whitelist mode.
I allow this :
Code: 
192.168.0.*;
ctest.cdn.nintendo.net;
conntest.nintendowifi.net;
*switchbru.com*;

It pass the router and internet test. (ctest.cdn.nintendo.net)
it fails when testing the connection (with 90DNS it fails at the same position, but the error is 2160-8007), it tries to connect to aauth, app, and dauth.
internet seems to work in appstore.
I tried dz to see if LAN was accessible, but it crashes right away, maybe it doesn't work on 4.1.0. I'll update to 6.x soon or try another LAN enabled homebrew.

I was just wondering why I have a different error code while it crashes at the same position in the test.
 
Last edited by Cyan,
  • Like
Reactions: sangweb
AveSatanas

AveSatanas

Well-Known Member
OP
Member
Level 6
Joined
Aug 7, 2018
Messages
153
Trophies
0
XP
950
Country
Chad
jelanda said:
Can I update the joycons with this or not
Click to expand...
Uh, sure? It's embedded in switch firmware anyways.

Don't update if you're on 5.1.0 or higher with 9-10 pins soldered in your joycon, that'll break them. Switch to a 10k resistor between 1-10 or 7-10 before updating.

--------------------- MERGED ---------------------------

Cyan said:
Someone know which error code is 2160-8056 ?

it's the error I get when using CCProxy in whitelist mode.
I allow this :
Code: 
192.168.0.*;
ctest.cdn.nintendo.net;
conntest.nintendowifi.net;
*switchbru.com*;

It pass the router and internet test. (ctest.cdn.nintendo.net)
it fails when testing the connection (with 90DNS it fails at the same position, but the error is 2160-8007), it tries to connect to aauth, app, and dauth.
internet seems to work in appstore.
I tried dz to see if LAN was accessible, but it crashes right away, maybe it doesn't work on 4.1.0. I'll update to 6.x soon or try another LAN enabled homebrew.

I was just wondering why I have a different error code while it crashes at the same position in the test.
Click to expand...
Failing connection test is normal ALA internet test passes.
 
J

JCreazy

Member
Newcomer
Level 2
Joined
Jul 26, 2010
Messages
21
Trophies
0
XP
141
Country
United States
Thank you for this. I just found out about it so haven't given it a try. I'm on 6.1.0 though so I will wait until you have a chance to report if it ok to use.
 
Cyan

Cyan

GBATemp's lurking knight
Former Staff
Level 25
Joined
Oct 27, 2002
Messages
23,749
Trophies
4
Age
45
Location
Engine room, learning
XP
15,649
Country
France
6.0.1 yes.
6.1.0 might have added new URLs, you might want to wait until AveSatanas confirms everything is safe.
but most "nintendo.tld" (all domain used by nintendo) are blocked, if nintendo adds new url they would be of that sub domain, so it's almost certain to be safe.
 
Last edited by Cyan,

Site & Scene News

Go to forum More news

Popular threads in this forum

Homebrew Tutorial  Building Pagascape from source to running Self Hosted mode on Windows and MSYS

mig switch not working/updating??

Hacking Homebrew Tutorial  Portable PegaScape (Win32)

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

Fusee.bin with the new Pre-release of Atmoshere 1.7.0

DBI language error

Emulation Homebrew Tutorial  Building SM64 for Nintendo Switch from sm64ex-alo Repository

Homebrew Tutorial  Setup a DevKitPro environment on Windows.

General chit-chat
Help Users
  • No one is chatting at the moment.
    NinStar @ NinStar: It will actually make it worse