Safety of pointing Nintendo servers to 95.216.149.205

[sven7777]

Pretty much all of the instructions on the net for setting up your switch for running CFW (e.g. Atmosphere) indicate the following DNS redirects:

95.216.149.205 *conntest.nintendowifi.net
95.216.149.205 *ctest.cdn.nintendo.net

My question is - who owns 95.216.149.205 and is it safe to rely on that person/entity to not do something malicious in the future with whatever is running on 95.216.149.205? I understand this DNS redirect has worked fine for everyone over several years and is the generally-accepted process to follow, but I'm a bit leery relying on any external server. Is there any way we can get the source code to what is running on 95.216.149.205 so that we could install that same software in our private networks and then we can point the above to our local server instead of 95.216.149.205? That way we know it will always be available and will always be non-malicious.

 

[binkinator]

Pretty much all of the instructions on the net for setting up your switch for running CFW (e.g. Atmosphere) indicate the following DNS redirects:

95.216.149.205 *conntest.nintendowifi.net
95.216.149.205 *ctest.cdn.nintendo.net

My question is - who owns 95.216.149.205 and is it safe to rely on that person/entity to not do something malicious in the future with whatever is running on 95.216.149.205? I understand this DNS redirect has worked fine for everyone over several years and is the generally-accepted process to follow, but I'm a bit leery relying on any external server. Is there any way we can get the source code to what is running on 95.216.149.205 so that we could install that same software in our private networks and then we can point the above to our local server instead of 95.216.149.205? That way we know it will always be available and will always be non-malicious.

There’s a lot of brewha about the “safety” of it. I’ve seen absolutely zero reason to be concerned. In the even they go offline then you can’t look up addresses at all so there’s no danger there…you’d essentially be offline.

e: there have also been concerns about speed where a GSLB balance site might infer that you are in a geodistant location. If you see this effect and it bothers you, you’re free to change. It’s not the end of the world.

e2: there’s also been the concern of “malicious admin” or “negligent admin” but they have been up for years without incident. I think they have a pretty proven track record.

e3: for the record I have switched to dns:mitm and exosphere.ini to that are built in to Atmosphere now. But I don’t discourage anyone who prefers 90DNS and incognito_RCM…I just include the information so people can. Make their own informed decisions.

e4: the authors of 90DNS include instructions for building your own and include the zone files. they are good people IMO.

 

[sven7777]

There’s a lot of brewha about the “safety” of it. I’ve seen absolutely zero reason to be concerned. In the even they go offline then you can’t look up addresses at all so there’s no danger there…you’d essentially be offline.

Thanks for replying - my concern is less about them going offline and more about them changing their server so that it does something malicious. I don't know what that "something malicious" might be - but perhaps there would be a way to reshape the traffic in-transit so that every request gets redirected to an actual nintendo server which would allow them to instantly know/target which switches are hacked. Or somehow Nintendo seizes control of the IP for the same end-goal.

 

[binkinator]

Thanks for replying - my concern is less about them going offline and more about them changing their server so that it does something malicious. I don't know what that "something malicious" might be - but perhaps there would be a way to reshape the traffic in-transit so that every request gets redirected to an actual nintendo server which would allow them to instantly know/target which switches are hacked.

I added some edits…

Or somehow Nintendo seizes control of the IP for the same end-goal.

Think about that for a second…Nintendo goes online, grabs a DNS server and forces you to connect to their servers and break their TOS in spite of you specifically using it to avoid connecting to them? Lawyers would have a hey day with that shit!

e: here’s what I’m currently using…it’s built into AMS
https://rentry.org/ExosphereDNSMITM

 

[sven7777]

I added some edits…

Think about that for a second…Nintendo goes online, grabs a DNS server and forces you to connect to their servers and break their TOS in spite of you specifically using it to avoid connecting to them? Lawyers would have a hey day with that shit!

Nintendo isn't forcing anyone to connect to 95.216.149.205. Virtually everyone who is running a hacked switch is connecting to 95.216.149.205. If Nintendo takes control of it (which isn't far-fetched because we know how litigious they are), they instantly know who is running a hacked switch. I see no legal entanglements whatsoever.

Question still stands - who is running that IP and can we get the source code to what's running on it? That's the safest method regardless of how reliable/benevolent the owners have been in the past.

 

[binkinator]

Nintendo isn't forcing anyone to connect to 95.216.149.205. Virtually everyone who is running a hacked switch is connecting to 95.216.149.205. If Nintendo takes control of it (which isn't far-fetched because we know how litigious they are), they instantly know who is running a hacked switch. I see no legal entanglements whatsoever.

No entrapment? No liability? I think it would be a fiasco…creating a situation that didn’t exist prior just so they could cut off services that weren’t in use prior.

Question still stands - who is running that IP and can we get the source code to what's running on it? That's the safest method regardless of how reliable/benevolent the owners have been in the past.

90DNS was brought to us by @AveSatanas

source code is here: https://gitlab.com/a/90dns

https://gbatemp.net/threads/90dns-dns-server-for-blocking-all-nintendo-servers.516234/

 

[sven7777]

No entrapment? No liability? I think it would be a fiasco…creating a situation that didn’t exist prior just so they could cut off services that weren’t in use prior.

90DNS was brought to us by @AveSatanas

source code is here: https://gitlab.com/a/90dns

https://gbatemp.net/threads/90dns-dns-server-for-blocking-all-nintendo-servers.516234/

How is it entrapment? Nintendo did not entice people to use 95.216.149.205 - everyone is doing it of their own accord. What would be Nintendo's liability? I'm certain their TOS (which we all click through to use the switch) covers/protects them for anything the Switch does during its operation.

90DNS owners/creators is not necessarily the same thing as who owns/operates 95.216.149.205. Are you asserting it's running a version of 90DNS? I have not seen any evidence that proves what 95.216.149.205 is running.

 

[Dragon91Nippon]

Also unless I'm missing something these are connection test URLs, they don't contain or receive any data from you, they're just there for pings and an HTML test page.

 

[MichaelW1980]

I'm sorry to bring back up this rather old topic, but it keeps coming up if you ask google the same question, as @sven7777 did. I noticed something, that might give the more concerned users of that IP address some peace of mind.

Apparently whatever IP address you sent those two entries of your host file to is merely used for a ping, as far as connecting to a local network goes.

So if you are concerned about 95.216.149.205 being safe, you might want to give the (local) IPV4 adress of your internet router a try. As long as it allows you to ping it, you can establish WIFI / wired connections that way and nothing ever even leaves your home network.

 

[duckbill007]

I prefer to blank prodinfo and do not think about all that DNS stuff. No certificate = nothing to ban.