My router too dumb to block nintendo servers?

Discussion in '3DS - Homebrew Development and Emulators' started by naddel81, Dec 24, 2016.

  1. naddel81
    OP

    naddel81 GBAtemp Maniac

    Member
    1,488
    176
    Dec 14, 2009
    United States
    Hi everybody,

    I noticed that even though I have blocked all the nintendo servers via router I can access eshop and update emunand just fine. That wasn't possible a year ago.

    I noticed two exceptions in the router settings. First is HTTPS and the second website that use compression. Those two exceptions cannot be filtered.

    Is that a router flaw or a general technical problem that those cannot be filtered?

    [​IMG]


    I am currently using the two DNS servers provided on loadiine.ovh to block nintendo servers, but what if I want to add something via freeshop? then I have to deactivate it and my Wii U is vulnerable to updating. How do I prevent that?

    Best wishes!
     


  2. SirHaxALot

    SirHaxALot Yum Cookies! :3

    Member
    132
    41
    Nov 22, 2016
    Gambia, The
    Nintendo services are using SSL (HTTPS), so they can't be filtered by it. It tells about it in 2.) „HTTPS-Websites can not be filtered“

    EDIT: Why is this message in german, if you are located in US according to your profile? xD
     
    Last edited by SirHaxALot, Dec 24, 2016
  3. naddel81
    OP

    naddel81 GBAtemp Maniac

    Member
    1,488
    176
    Dec 14, 2009
    United States
    I am german. Dunno why I selected US 7 years ago.

    So can nintendo servers be filtered with another router or is it just my router that cannot filter the nintendo servers?
     
  4. Ryccardo

    Ryccardo WiiUaboo

    Member
    3,025
    1,455
    Feb 13, 2015
    Italy
    Imola
    Don't try to block anything on the router, and set your Wii U only to the custom DNS :)
     
  5. naddel81
    OP

    naddel81 GBAtemp Maniac

    Member
    1,488
    176
    Dec 14, 2009
    United States
    I did set my N3DS, o3DS and Wii U to custom primary AND secondary DNS servers that are supposed to block nintendo updates. I just hope they keep blocking those updates and do not let us down one day by NOT blocking them anymore.

    what do I do if I want to install a eShop game in the future? then I have to unblock it again and use the automatic DNS. will I be updated immediately?
     
  6. Captain_N

    Captain_N GBAtemp Advanced Fan

    Member
    760
    248
    Mar 29, 2010
    United States
    my router will block any url i type in.... i used it to block 3ds update servers
     
  7. Ryccardo

    Ryccardo WiiUaboo

    Member
    3,025
    1,455
    Feb 13, 2015
    Italy
    Imola
    Yes, using any DNS means trusting them. But you trust the makers of Decrypt9, A9LH and your CFW to not brick your system either (while a DNS by itself can't cause that) :)

    No idea why you're blocking updates on 3DS anyway, not only CFW is usually updated very quickly, but there are no forced automatic updates either!

    As for the Wii U, you can temporarily disable custom DNS by using the NNUPatcher homebrew; if you then immediately go to the eshop, you will notice if you can go in (so 5.5.1 is still current) or not (turn it off to block updates again, and get your titles with a computer and Wupinstaller instead)
     
  8. naddel81
    OP

    naddel81 GBAtemp Maniac

    Member
    1,488
    176
    Dec 14, 2009
    United States
    thanks for your help. so on the 3DS I want to avoid the annoying update-nag and on wii U I want to avoid auto-updating. that's why I use the two DNS servers provided by loadiine.ovh in both systems.
     
  9. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,790
    4,976
    Mar 17, 2010
    Norway
    Alola
    I have an ASUS router as well, and it has the same message, but in my case it blocks updates perfectly fine. I assume it's blocking them at the DNS level (so it still works with HTTPS)
    By the way, only these 6 addresses need to be blocked:
    nus.cdn.shop.wii.com
    nus.cdn.wup.shop.nintendo.net
    nus.c.shop.nintendowifi.net
    nus.cdn.c.shop.nintendowifi.net
    nus.wup.shop.nintendo.net
    cbvc.cdn.nintendo.net
    It still allows me to update games and access eShop but firmware updates are blocked.
    Maybe you have a custom DNS set on emuNAND that is not blocking the update servers, and is bypassing the DNS block in the router?
     
    Last edited by The Real Jdbye, Dec 24, 2016
    naddel81 likes this.
  10. naddel81
    OP

    naddel81 GBAtemp Maniac

    Member
    1,488
    176
    Dec 14, 2009
    United States

    which asus router do you have and does it tell you the same as mine about not being able to block HTTPS and so on?
     
  11. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,790
    4,976
    Mar 17, 2010
    Norway
    Alola
    ASUS RT-AC68U
    [​IMG]
    Maybe you have a custom DNS set on emuNAND that is not blocking the update servers, and is bypassing the DNS block in the router?
     
  12. Minasodrom

    Minasodrom GBAtemp Regular

    Member
    101
    29
    Jun 17, 2015
    Australia
    i dont think thats how ip filtering works.
     
  13. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,790
    4,976
    Mar 17, 2010
    Norway
    Alola
    It's the only way filtering HTTPS addresses can work. And they're filtered just fine by my router, so it's a safe assumption that that's how they're filtered.
     
  14. naddel81
    OP

    naddel81 GBAtemp Maniac

    Member
    1,488
    176
    Dec 14, 2009
    United States
    mine looks the same. when I only use the routers filter list then the 3DS can update just fine (which it shouldn't be able to). and when I use the DNS block in the 3DS it is not updating. so clearly the asus blocking list is not working as stated above: Nintendo is using HTTPS and so it cannot be filtered. :(

    — Posts automatically merged - Please don't double post! —

    try it yourself: just use the automatic DNS and the block list in router and go to "system settings - system update". it will say "you are on the newest system software". this shows the block list does not work. I am not relying on that so I use the blocking DNS service in the DNS settings of my devices.

    — Posts automatically merged - Please don't double post! —

    it says HTTPS cannot be blocked. so why should it? please test using only the block list and AUTOMATIC dns and then try to update using 3ds system settings. it will show you the message that it has the latest software.
     
  15. Minasodrom

    Minasodrom GBAtemp Regular

    Member
    101
    29
    Jun 17, 2015
    Australia
    no home class router can do https filtering, but since it works on you im a bit baffled.. but setting a different dns on your device cant bypass your ip filtering. that would make it useless on every device with manual set dns.
     
    naddel81 likes this.
  16. naddel81
    OP

    naddel81 GBAtemp Maniac

    Member
    1,488
    176
    Dec 14, 2009
    United States
    I guess he has a custom DNS set up on his device and forgot about it. or he hasn't tested updating lately. I am sure it will work without a custom DNS. that's what it does on my asus router with latest firmware.
     
  17. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,790
    4,976
    Mar 17, 2010
    Norway
    Alola
    You are right, it does say that.
    But I'm not able to actually update the console when a new update comes out, unless I remove the blocks. I've went through multiple updates and I had to disable the block every time.
    The blocks block the servers updates are download from, but they don't actually block the server the update check is sent to. That's why you're getting that message.
    If you need proof, try downloading a system update with 3DNUS on your PC (enter 11.2.0-35 in the title ID box and USA in the version box and hit download, it'll fail)
    And yes, I did have Tubehax DNS set up at one point. I forgot about it and then wondered why eShop wouldn't work, and eventually had to remove it. My blocks still work fine. Wii U shows an error trying to download the latest update (though I already am on 5.5.1, it still shows that error, as it's supposed to when the update servers are properly blocked)

    Edit: And I was wrong, it's not DNS filtering after all - I'm able to ping the addresses just fine from my PC. 3DNUS still fails though and so do updates. At some point the update process must use regular HTTP, even if HTTPS is used for the majority of it, because I'm definitely not able to update without disabling the block.
    I've had the router block for ages, ever since I first got a Gateway and a 4.3 3DS, and I've verified many times that I'm not able to update. This was before Tubehax DNS even existed.

    @naddel81 Even though the update check says you have the latest version, that doesn't mean the block isn't working. It has been working for me, and I get the same message when checking for updates on 11.2.
     
    Last edited by The Real Jdbye, Dec 24, 2016
    Minasodrom likes this.
  18. naddel81
    OP

    naddel81 GBAtemp Maniac

    Member
    1,488
    176
    Dec 14, 2009
    United States
    ok, lesson learned. but I'd rather have DNS block in my devices because that works. URL blocking is a nice fall back, but nothing I would put my money on when a new system update arrives...
     
  19. Minasodrom

    Minasodrom GBAtemp Regular

    Member
    101
    29
    Jun 17, 2015
    Australia
    you could see if your router offers any type of parental controls which should work (netgear uses opendns for example)
     
    naddel81 likes this.
  20. 0x40

    0x40 GBAtemp Regular

    Member
    224
    63
    Apr 20, 2013
    Can't you just route traffic through a computer running a firewall that isn't broken?