DNS to block the updates of the switch!

Discussion in 'Switch - Hacking & Homebrew' started by fokouethan, Mar 28, 2017.

Mar 28, 2017
  1. fokouethan
    OP

    Newcomer fokouethan Newbie

    Joined:
    May 25, 2016
    Messages:
    2
    Country:
    France
    Hello, here is the dns to block the updates of the switch. Sorry if I said ca too late because the firmware 2.1.0 is out. Well ... Here's the dns: 205.166.76.187 primary and secondary.


    Edit from Cyan :
    check post#9 to get a list of URLs and their purpose !

    New dns for eshop : 173.255.238.217
     
    Last edited by fokouethan, Apr 25, 2017 at 12:16 PM


  2. Risingdawn

    Member Risingdawn Tempallica

    Joined:
    May 22, 2010
    Messages:
    444
    Country:
    United Kingdom
    Why have the same primary and secondary dns?
     
  3. fokouethan
    OP

    Newcomer fokouethan Newbie

    Joined:
    May 25, 2016
    Messages:
    2
    Country:
    France
    I was given this as. Do not worry, he walks.
     
    Last edited by fokouethan, Mar 28, 2017
  4. Cyan

    Global Moderator Cyan GBATemp's lurking knight

    Joined:
    Oct 27, 2002
    Messages:
    17,237
    Location:
    Engine room, learning
    Country:
    France
    the secondary DNS address is used in case the first one can't be reached. I guess some device even alternate it? but I'm not sure.
    you can use 0.0.0.0 instead if you want to block internet completely if the first DNS fails.
     
  5. Sonic Angel Knight

    Member Sonic Angel Knight GBAtemp Guru

    Joined:
    May 27, 2016
    Messages:
    7,896
    Location:
    New York
    Country:
    United States
    I'm not entirely educated how this works or what DNS does besides inserting a number like IP address, so i mean i guess i dunno what to do with this info. :ninja:
     
  6. gnmmarechal

    Member gnmmarechal Priest of Serielism

    Joined:
    Jul 13, 2014
    Messages:
    4,081
    Location:
    Somewhere waiting for the end
    Country:
    Portugal
  7. Cyan

    Global Moderator Cyan GBATemp's lurking knight

    Joined:
    Oct 27, 2002
    Messages:
    17,237
    Location:
    Engine room, learning
    Country:
    France
    for people who don't like reading too much text and technical data :
    (well, I wrote too much too, sorry :P)

    all connected devices on internet have an IP address, but it would be too hard to remember them all when you want to connect to a server.
    So, you use URLs instead.
    DNS server provides servers IP based on server's URL.

    example, you type : "nintendo.com", your browser ask the DNS server "what is the IP of nintendo.com?" and he gets "nintendo.com IP is 199.227.51.26"
    then your browser can connect to server's IP http://199.227.51.26 and display it's content to you, without you knowing it did something in the background.


    What happens when you use a DNS to block nintendo's updates on your console?
    when the console checks if there's a new update it uses nintendo's URL (instead of fixed IP hardcoded in the firmware, in case they change their server's IP), the DNS server reply a different IP than the real one for all Nintendo's update server's URL.

    "please give me nintendo's update server" .... nah, you'll get a bad IP instead so you can't connect !
    usually it replies "127.0.0.1" which is a loopback IP (the device itself, it's like "connect to yourself!")
    sometime, it's giving a different IP, like how tubehax DNS sent youtube request to another website with a homebrew app.

    Your ISP could use the same trick to restrict internet usage, blocking torrents, p2p, etc., using a different DNS unlock these websites.
     
    Last edited by Cyan, Mar 28, 2017
  8. Garou

    Member Garou GBAtemp Fan

    Joined:
    Jan 13, 2015
    Messages:
    432
    Country:
    Antarctica
    Can anyone just provide the url list to be blocked? Or is it the same with Wii U?
    My ISP doesn't allow changing DNS so I have to block it manually on my router
     
  9. Mr. Wizard

    Member Mr. Wizard Ending the spread of bullshit one thread at a time

    Joined:
    Mar 20, 2015
    Messages:
    1,112
    Location:
    10th Dimension
    Country:
    Canada
    If you want to block everything then here:

    NOTE: These URLs are encrypted hence port 443. Some consumer routers do not let you enter a port in your blocking interface you may have to use HTTPS:// instead. If using Site blocking you don't need the HTTP or PORT, Just the name.

    MUST BLOCK:
    http://sun.hac.lp1.d4c.nintendo.net:443 - System Update Server/Nag
    http://beach.hac.lp1.eshop.nintendo.net:443 - System Update Nag/Eshop lockout

    OPTIONAL (May cause system instability):
    http://aauth-lp1.ndas.srv.nintendo.net:443
    http://accounts.nintendo.com:443 - Nintendo Account
    http://api.accounts.nintendo.com:443 - Add Friends API
    http://app-a04.lp1.npns.srv.nintendo.net:443
    http://aqua.hac.lp1.d4c.nintendo.net:443
    http://atum.hac.lp1.d4c.nintendo.net:443 - Game download server
    http://bcat-data-lp1.cdn.nintendo.net:443
    http://bcat-list-lp1.cdn.nintendo.net:443
    http://broker.lp1.npns.srv.nintendo.net:443
    http://bugyo.hac.lp1.eshop.nintendo.net:443 - eshop
    http://consumer.lp1.npns.srv.nintendo.net:443 - eshop
    http://dauth-lp1.ndas.srv.nintendo.net:443
    http://e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com:443 - Friends list
    http://ecs-lp1.hac.shop.nintendo.net:443
    http://pushmo.hac.lp1.eshop.nintendo.net:443 - eshop
    http://receive-lp1.dg.srv.nintendo.net:443
    http://receive-lp1.er.srv.nintendo.net:443 - error reporting
    http://scontent.xx.fbcdn.net:443 - Facebook
    http://superfly.hac.lp1.d4c.nintendo.net:443 - Game updates server
    http://tagaya.hac.lp1.eshop.nintendo.net:443
    http://web-lp1.share.srv.nintendo.net:443 - Facebook Image Posting
    http://www.google-analytics.com:443 - Fsck you google! Stay out of my shit!
    http://www.googletagmanager.com:443 - Google again? Really?

    Game Related:

    http://snake.sumo-services.co.uk:443 - Snake Pass
    http://g2785c501-lp1.s.n.srv.nintendo.net:443 - Disgaea 5
    http://ngs-2785c5-live.s3.amazonaws.com:443 - Disgaea 5

    Disclaimer: URLs are subject to change, I will not be held responsible if nintendo suddenly starts using, for eg. deathstar.hac.lp1.d4c.nintendo.net for updates. Also some of those addresses seem region specific cdn.nintendo.net. Your mileage may vary.
     
    Last edited by Mr. Wizard, Apr 21, 2017 at 11:16 PM
    Cyan, RemixDeluxe and Garou like this.
  10. Cyan

    Global Moderator Cyan GBATemp's lurking knight

    Joined:
    Oct 27, 2002
    Messages:
    17,237
    Location:
    Engine room, learning
    Country:
    France
    oh, they are still using tagaya's name?
    that's probably the one which has a list of latest version of every titles and determines if you need to update or not.

    anyone sniffed that address to get the full URL and filename that the console is downloading?
    that would be interesting to see how the internal titles are managed. Wii, 3DS and WiiU uses TitleID High/low

    URL on wiiu :
    tagaya.wup.shop.nintendo.net/tagaya/versionlist/<REGION3>/<LANG2>/latest_version
    tagaya.wup.shop.nintendo.net/tagaya/versionlist/<REGION3>/<LANG2>/list/<version>.versionlist
     
    Last edited by Cyan, Mar 29, 2017
  11. fwrudiger

    Newcomer fwrudiger Newbie

    Joined:
    Jan 14, 2016
    Messages:
    9
    Country:
    United Kingdom
    I done this on y one and its blocked the update. Online was working before the new update came out too but not now.
     
  12. Garou

    Member Garou GBAtemp Fan

    Joined:
    Jan 13, 2015
    Messages:
    432
    Country:
    Antarctica
    nice, thanks
    will try adding these to my router later on the weekend and report back
     
  13. Mr. Wizard

    Member Mr. Wizard Ending the spread of bullshit one thread at a time

    Joined:
    Mar 20, 2015
    Messages:
    1,112
    Location:
    10th Dimension
    Country:
    Canada
    Ya but you have no access to eshop now...

    Only blocking http://sun.hac.lp1.d4c.nintendo.net:443 stops the update and update nag but doesn't break anything else. At least, it does for me.
     
    fwrudiger likes this.
  14. Cyan

    Global Moderator Cyan GBATemp's lurking knight

    Joined:
    Oct 27, 2002
    Messages:
    17,237
    Location:
    Engine room, learning
    Country:
    France
    blocking tagaya (at least on WiiU) is enough to prevent the console from wanting to update, as it doesn't know there's a new version available. (as long as you blocked it before the update release)
    it's also preventing games from knowing that a new update is available (I played Xenoblade X online without issue on an old version, while an update was on eShop, but the game never knew that, and never asked me to update)
    the console is making a list of latest version of everything, if it can't get that list it acts as if it was up to date.

    I don't know how the switch is working, I don't have one yet.
     
  15. OfficialFBomb

    Member OfficialFBomb GBAtemp Regular

    Joined:
    Aug 24, 2015
    Messages:
    258
    Country:
    United States
    Wouldnt you just set this dns in the switch not the router to block the update?
     
  16. Mr. Wizard

    Member Mr. Wizard Ending the spread of bullshit one thread at a time

    Joined:
    Mar 20, 2015
    Messages:
    1,112
    Location:
    10th Dimension
    Country:
    Canada
    Depends on your setup. If you want to use the Dev DNS then yea you should probably only change it on the Switch. That will block everything.

    In my case, I use a proxy on my lan that filters the DNS so I can just set a single address for redirection. That only blocks the update server, not eshop, etc.

    If your router has a URL blocker you can also set it there. Mine has this option but I find I have a lot more control using a proxy.

    If you have an actual DNS server running on your lan you can also block it with that.

    I guess my point is there are many ways you can do it.
     
  17. DocAmes1980

    Member DocAmes1980 GBAtemp Fan

    Joined:
    Oct 31, 2016
    Messages:
    389
    Country:
    United States
    I'm not sure that's how it works on the Switch. I've been using a DNS emulator to resolve "sun.hac.lp1.d4c.nintendo.net" to NXDOMAIN for about a week now. I've also been blocking "receive-lp1.dg.srv.nintendo.net" and "receive-lp1.er.srv.nintendo.net" as they appear to be for telemetry and error reporting respectively. I'm not blocking "tagaya.hac.lp1.eshop.nintendo.net". Manually checking for updates fails as well as automatic updates. I'm still on 2.0.0 and have seen no nag screen. Also, game updates work as expected. There is a curiosity though. I didn't pay close attention to traffic before the 2.1.0 update went live but I noticed the Switch checked for updates (attempted to connect to sun.hac.lp1.d4c.nintendo.net) somewhat infrequently. A day after the 2.1.0 update came out I checked traffic and noticed it was attempting to contact "sun.hac.lp1.d4c.nintendo.net" every minute. I wonder if after it fails to contact the update server after X number of days it starts to check every minute. If the Switch was aware of a newer version I'd think I would be presented with the nag screen.
     
    Last edited by DocAmes1980, Mar 30, 2017 - Reason: Updating games works as expected.
    RemixDeluxe likes this.
  18. OfficialFBomb

    Member OfficialFBomb GBAtemp Regular

    Joined:
    Aug 24, 2015
    Messages:
    258
    Country:
    United States
    Mine does do site blocking but the address with the http does not work for me at least, idk why.. So I set this dns in the switch.. And don't mind the block, I haven't used e shop and won't for quite a while.. Until I can figure out how to just block sys updates with my router
     
  19. DocAmes1980

    Member DocAmes1980 GBAtemp Fan

    Joined:
    Oct 31, 2016
    Messages:
    389
    Country:
    United States
    I also have a router that has URL blocking, but doesn't work for blocking Wii U/Switch updates. In my case my router can't block HTTPS sites. You might have the same issue. Nintendo's servers use port 443 (HTTPS).

    Try blocking an HTTPS site like "https://www.facebook.com". Also block an HTTP site like "http://www.speedtest.net". See if the router blocks both of them.
     
  20. Mr. Wizard

    Member Mr. Wizard Ending the spread of bullshit one thread at a time

    Joined:
    Mar 20, 2015
    Messages:
    1,112
    Location:
    10th Dimension
    Country:
    Canada
    Site blocking usually only accepts wildcards not the actual url.

    Here is a blurb from TomatoUSB that explains it better than I can.

    The blocklist uses regex sub-string matching to decide which sites to block as follows:

     
    Last edited by Mr. Wizard, Mar 30, 2017

Share This Page