Homebrew RELEASE 90DNS: DNS server for blocking all Nintendo Servers

[Skonikol]

Follow the OP, use 90DNS. simple.

Yes, of course I did. Thank you very much for your service. I hope you'll let us know if the server goes down.
It is very frustrating that the console is not able to connect to the network without the Internet.
At home, I can connect all the devices to an empty network, even my cat , except Switch...

I tried to deal with my own server, but I did not have enough knowledge on macOS, maybe later I will figure it out.

 

[Chudy-VR5]

It Works.
Thank you very much for your service.

 

[krptg]

I'll see how to setup those blocks with PiHole for people who use it like me.

 

[Naguz]

I still get notifications about available game updates while using 90dns. This makes me somewhat uncertain if it catches all. Anybody else gets those?

 

[Localhorst86]

I'll see how to setup those blocks with PiHole for people who use it like me.

For using the blocks itself, simply download the 90dns dnsmasq config to /etc/dnsmasq/02-90dns.conf and edit the file to change all instances of 192.168.0.1 (basically all instances of Nintendo.<tld> except the two connection test hostnames) to the ip of your pi-hole.

Now, self hosting the two connection test replies on your pi-hole is possible as well, but a lot more trickier. The basic gist is to assign two ip addresses to your pi-hole, install a secondary web server (nginx) and make the pi-hole admin interface (lighttpd) listen on one of the ip addresses on port 80, the second web server (nginx) on the secondary ip, also port 80, then edit the 02—90dns.conf to point the two connection tests to the second ip. It's tricky and you need a certain amount of Linux and networking knowledge/research to pull it off, though.

Gesendet von meinem Mi A1 mit Tapatalk

 

[Skonikol]

I still get notifications about available game updates while using 90dns. This makes me somewhat uncertain if it catches all. Anybody else gets those?

These notifications will also appear when there is no connection, as this information is contained in new games and updates that you install.

 

[whateverg1012]

was this tested on 6.0.1?

 

[Rushhour77]

Firstly, great job in helping and hosting everything.
I would like to use 90DNS, but before i do, are there any reports of users who still got banned while using 90DNS? Offcourse I understand it could also be a flagged switch that was banned later. I would just like to know if there are none reports or maybe a few.
Thx!

 

[Cyan]

how would you know if you are banned, if you can't connect to nintendo servers because you are blocking the URL?
you can't be banned only for using a DNS, you are banned for any CFW usage. If you unblock access to servers to see if you are banned they will know you did CFW and will ban you for that. if you use CFW and they don't have any way to know about it, they can't ban you.
90DNS is used for that, blocking (most?) all nintendo's domain to prevent sending any data to their servers.

90DNS is based on a black list system, where you put all domain name you want to filter, and if you forget one or if nintendo adds new one, 90DNS will not filter it.
Isn't it better/safer to use a white list system? I'm using CCproxy with white list mode, and only allow LAN, switchbru appstore and nintendo connection test server. I don't know if it blocks IP requests or only URL requests, but I find it safer. so far I saw blocked URL in the log, but I don't know if everything is correctly blocked as it logs only blocked requests, and only http & ftp ? no idea if there are UDP requests.

 

[Rushhour77]

how would you know if you are banned, if you can't connect to nintendo servers because you are blocking the URL?
you can't be banned only for using a DNS, you are banned for any CFW usage. If you unblock access to servers to see if you are banned they will know you did CFW and will ban you for that.

Fair point lol

90DNS is based on a black list system, where you put all domain name you want to filter, and if you forget one or if nintendo adds new one, 90DNS will not filter it.

Thats my concern also

Isn't it better/safer to use a white list system?

Very interesting. I was really looking into this because i would like to transfer using network or ftp. Whitelist would be pretty safe imo.

 

[AveSatanas]

Firstly, great job in helping and hosting everything.
I would like to use 90DNS, but before i do, are there any reports of users who still got banned while using 90DNS? Offcourse I understand it could also be a flagged switch that was banned later. I would just like to know if there are none reports or maybe a few.
Thx!

I used it for months, did all sorts of unfun things (unfun for N), and after I recovered my clean nand backup I wasn't banned.

how would you know if you are banned, if you can't connect to nintendo servers because you are blocking the URL?
you can't be banned only for using a DNS, you are banned for any CFW usage. If you unblock access to servers to see if you are banned they will know you did CFW and will ban you for that. if you use CFW and they don't have any way to know about it, they can't ban you.
90DNS is used for that, blocking (most?) all nintendo's domain to prevent sending any data to their servers.

90DNS is based on a black list system, where you put all domain name you want to filter, and if you forget one or if nintendo adds new one, 90DNS will not filter it.
Isn't it better/safer to use a white list system? I'm using CCproxy with white list mode, and only allow LAN, switchbru appstore and nintendo connection test server. I don't know if it blocks IP requests or only URL requests, but I find it safer. so far I saw blocked URL in the log, but I don't know if everything is correctly blocked as it logs only blocked requests, and only http & ftp ? no idea if there are UDP requests.

As it stands rn, nintendo would need a whole new domain and likely an update. I doubt that they'll get into a cat and mouse game with me.

Blocking IP wouldn't work, because it's a DNS. If N starts using IPs have a solution for that too, but I won't release it just yet.

If you want smth custom like that, you're probably better off using a custom solution like you are doing rn. I might do a whitelist 90DNS one day, but eh.

 

[Skonikol]

Isn't it better/safer to use a white list system?

I'm also interested in the white list option, it seems more logical to me. Unfortunately, I don't have the brains to make my own server. Of all the network functions, I only need FTP.

 

[Localhorst86]

I decided to block all outgoing network traffic for my switch. I.e., my Switch device can only communicate inside my local network. No traffic from my switch can leave the house. Thanks to @AveSatanas 's self hosting guide I was able to host the connection test responses on my pi-hole. So I can still connect to my Wifi for FTP or DZ purposes.

 

[jelanda]

Can I update the joycons with this or not

 

[hippy dave]

Can I update the joycons with this or not

Yeah afaik the joycon update is built in to the Switch firmware you're running.

 

[Cyan]

Someone know which error code is 2160-8056 ?

it's the error I get when using CCProxy in whitelist mode.
I allow this :

192.168.0.*;
ctest.cdn.nintendo.net;
conntest.nintendowifi.net;
*switchbru.com*;

It pass the router and internet test. (ctest.cdn.nintendo.net)
it fails when testing the connection (with 90DNS it fails at the same position, but the error is 2160-8007), it tries to connect to aauth, app, and dauth.
internet seems to work in appstore.
I tried dz to see if LAN was accessible, but it crashes right away, maybe it doesn't work on 4.1.0. I'll update to 6.x soon or try another LAN enabled homebrew.

I was just wondering why I have a different error code while it crashes at the same position in the test.

 

[AveSatanas]

Can I update the joycons with this or not

Uh, sure? It's embedded in switch firmware anyways.

Don't update if you're on 5.1.0 or higher with 9-10 pins soldered in your joycon, that'll break them. Switch to a 10k resistor between 1-10 or 7-10 before updating.

--------------------- MERGED ---------------------------

Someone know which error code is 2160-8056 ?

it's the error I get when using CCProxy in whitelist mode.
I allow this :

192.168.0.*;
ctest.cdn.nintendo.net;
conntest.nintendowifi.net;
*switchbru.com*;

It pass the router and internet test. (ctest.cdn.nintendo.net)
it fails when testing the connection (with 90DNS it fails at the same position, but the error is 2160-8007), it tries to connect to aauth, app, and dauth.
internet seems to work in appstore.
I tried dz to see if LAN was accessible, but it crashes right away, maybe it doesn't work on 4.1.0. I'll update to 6.x soon or try another LAN enabled homebrew.

I was just wondering why I have a different error code while it crashes at the same position in the test.

Failing connection test is normal ALA internet test passes.

 

[JCreazy]

Thank you for this. I just found out about it so haven't given it a try. I'm on 6.1.0 though so I will wait until you have a chance to report if it ok to use.

 

[pcam90]

works on 6.0.1?

 

[Cyan]

6.0.1 yes.
6.1.0 might have added new URLs, you might want to wait until AveSatanas confirms everything is safe.
but most "nintendo.tld" (all domain used by nintendo) are blocked, if nintendo adds new url they would be of that sub domain, so it's almost certain to be safe.