WARNING: Vodafone customers in Spain might not be blocking updates

Discussion in 'Wii U - Hacking & Backup Loaders' started by Garfieldo_Menkjel, Oct 26, 2016.

  1. Garfieldo_Menkjel
    OP

    Garfieldo_Menkjel Newbie

    Newcomer
    7
    5
    Oct 26, 2016
    UPDATE:
    At least for some of its customers' home routers Vodafone Spain is activating a non user modifiable setting which prevents specified DNS servers to take effect.
    The net effect in this situation is that just using
    Tubehax/Chncdcksn dns servers DOES NOT BLOCK SYSTEM UPDATES

    Solutions include
    • Calling Vodafone and asking for "proxy dns" removed from your router (@xabier). Absolutely try this!!!
    • Setting up you own local dns proxy (@FAST6191).
    • Removing dns proxy from the router yourself via admin-level configuration web pages. I might help attain admin access to the router, just send a PM.


    Original post, for context

    TL;DR

    If your home Vodafone service includes a SERCOM VD1018 model router, server names in CDN urls are resolved regardless of how you configure DNS settings on your WiiU. See below for further information and workaround.

    This might affect other Spanish (non Spanish too?) Vodafone customers with similar routers so if you're one of them I recommend actually checking eshop access on your console while having Tubehax/Chncdcksn DNS servers setup.

    What the hell?
    This shitty router is intercepting outgoing DNS requests and servicing them by its own means. I doesn't matter what servers you put into your WiFi client setup. Even if you put invalid ip addresses, or private ones for that matter, FQDNs are going to be resolved no sweat.

    Workaround
    There's just one exception to this behavior: although all DNS requests must pass though the WiFi router, only the ones leaving the local network are intercepted. DNS requests addressed to a host in the local LAN are left alone.

    This opens the door to setting up a local DNS server somewhere in your LAN and have it forward all requests upstream except for CDN ones.

    Other than this, I can only recommend removing your console form the net by configuring some unused/free local ip in your DNS settings. You won't have internet access but at least you wont be creating/deleting connections every time you want temporary internet access.

    Further investigation
    This router's user-level admin interface is severely limited. There's nothing in it of any help regarding this issue. Latter today I'll be unlocking the admin-level interface and report back any findings.
     
    Last edited by Garfieldo_Menkjel, Oct 27, 2016
  2. EmanueleBGN

    EmanueleBGN GBAtemp Advanced Fan

    Member
    721
    353
    Jul 22, 2015
    Italy
    Yes, in old routers of Vodafone is impossible to change DNS.
    I have a "Vodafone Station 2" and I have this problem too; but seems that with the "Vodafone Station 3" is possible to change the DNS with the app - obviously I don't want spend other 100€ to buy the new router...
    I think that the best option is directly change operator and go with the bigger of your Country (Telefónica for Spain, Telecom for Italy)
     
  3. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,366
    9,169
    Nov 21, 2005
    Though I am fully prepared to hear the ISP branded and foisted router/modem is awful, mainly by virtue of never having seen a good one unless it was hacked to DDWRT or something, I do have to ask if you first cleared the cached stuff. DNS requests are a tiered thing so if it somehow knew what went otherwise then it might pass that along.

    That said DNS is hard and the average consumer would not be fiddling with this, or at least they think so, so I would not be surprised to see it do its own requests or something rather than properly implement protocols.

    On running your own DNS I am sort of surprised more people don't. I have no expectation of malice and certainly no evidence of it but should I or another IT type propose using some random DNS for something, much less one purposely offered by those inclined to hack, then fired on the spot would be the result. Might have to go look how easy it is to do on a raspberry pi or something.
     
  4. Garfieldo_Menkjel
    OP

    Garfieldo_Menkjel Newbie

    Newcomer
    7
    5
    Oct 26, 2016
    This is one of those combined IPTV/VoIP/Internet services most operators are pushing over here. For Vodafone al userids, passwords, VLAN tags for the different services, etc. is considered secret and never shared with its customers. The router is configured via TR69 and that's it.

    Admittedly you can gain privileged access to the device and replicate these configs in openwrt (as I do). Then adjust every time the ISP changes something. That's in fact what I was doing when I found this issue.
    At any rate all of that is not really feasible for everyone, not easily explainable in layman's terms.

    No cache involved except for the localhost one (of course cleared). You tell your dhcp client to not use provided nameserver, your host resolves fqdns using your configured nameserver.

    As said before this router intercepts dns requests going to the internet and forwards to its own configured nameserver. It does it for any non local nameserver ip address, even invalid or private ones!!

    Say your local LAN addressing is 192.168.0.24, and configure nameserver 172.16.0.1 (non internet routeable) as nameserver. Your host will be seemingly receiving dns responses from a private address host over the internet.

    Setting a forwarding, non internet facing, dns server at home is quite easy even with pre-packaged software. The moment said server has to do something else dns related, it becomes nearly impossible to do it well..

    — Posts automatically merged - Please don't double post! —

    Surely changing router's dns server is an option (not doable by regular user means :-().
    At any rate I don't think having everyone directing all of their network's dns traffic though Tubehax/Chncdcksn servers is a good idea.

    Switching operators here is geo-constrained. Movistar has no FTTH coverage at my location, just 2 Mbps ADSL.
     
  5. Carl Lord

    Carl Lord Member

    Newcomer
    11
    1
    Dec 6, 2015
    its the same for movistar as well i am unable to access the router i am using Eurona at the moment with the same problem i just block all sites using a second router pluged in to the main router
     
  6. xabier

    xabier GBAtemp Regular

    Member
    171
    5
    Dec 10, 2006
    Call vodafone and tell them to allow you using your own dns servers (desactivar proxy DNS_). I did it some months ago, it took less than 10 minutes. Then you can set your own dns servers on your computer, console, phone... you dont need to access the router for this.
     
  7. Garfieldo_Menkjel
    OP

    Garfieldo_Menkjel Newbie

    Newcomer
    7
    5
    Oct 26, 2016
    hmm.. getting a tad out of topic here but.. I had Movistar until recently at a previous address and they're more open regarding configuration SIP credentials and such. Don't use a second router, that gives you double nat and few other benefits. There are templates for autoconfiguring openwrt for Movistar quite easily.

    That's surely the best solution for people using Vodafone's router :-)
    The point of my post was just to alert people that they might not be actually blocking updates while believing they were.
     
  8. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,366
    9,169
    Nov 21, 2005
    Calling works? I am stunned. Calling BT, virgin, talktalk or whatever in this country is a nightmare and trying to get people to so much as deviate from the script.
     
  9. Garfieldo_Menkjel
    OP

    Garfieldo_Menkjel Newbie

    Newcomer
    7
    5
    Oct 26, 2016
    Not in my previous experiences with Movistar/Vodafone/Orange. It always took forever to get past canned-answer-spiting service representatives to get anything done.

    That said, I have no reason to doubt @xabier. Maybe this particular request is one of the few level 1 support agents are empowered to directly act on.
     
  10. GreenLink

    GreenLink Newbie

    Newcomer
    7
    5
    Jul 25, 2016
    Gambia, The
    Same with Unitymedia here in Germany...
    Their routers accept only IPv6-DNS servers....
     
  11. jsa

    jsa GBAtemp Regular

    Member
    209
    193
    Oct 21, 2015
    United Kingdom
    Devon, UK
    I have an /64 of IPv6 addresses so I could setup a proxy to TubeHax DNS / whatever, if you'd like.
     
  12. Garfieldo_Menkjel
    OP

    Garfieldo_Menkjel Newbie

    Newcomer
    7
    5
    Oct 26, 2016
    Doesn't the router just let pass through IPv4-DNS requests sent from your wiiu?
    Or does it tamper/translate-to-ipv6 them?

    Those ISPs are out of their mind with stuff like this..
     
  13. GreenLink

    GreenLink Newbie

    Newcomer
    7
    5
    Jul 25, 2016
    Gambia, The
    @Garfieldo_Menkjel nope, it doesn't allow IPv4-DNS requests to pass through, it's because of dual stack lite, which means: the Wii U can access IPv4 and IPv6, but someone with IPv4 can't access my Wii U, only with IPv6. I know, really annoying. But I've got my RasPi for things like that ;).

    @jsa Thanks for the offer, but I still need to access NUS on my computer :D
     
    Last edited by GreenLink, Oct 27, 2016
    jsa likes this.
  14. xabier

    xabier GBAtemp Regular

    Member
    171
    5
    Dec 10, 2006
    Vodafone doesnt allow you to change your dns to protect you from malware, even using another router doesnt work. They ignore your DNS settings unless you tell them to stop doing it.
     
  15. Garfieldo_Menkjel
    OP

    Garfieldo_Menkjel Newbie

    Newcomer
    7
    5
    Oct 26, 2016
    in the context of this thread:
    • It has been told here that if you ask VF they'll kindly remove dns proxy. Cannot confirm myself, didn't try.
    • Setting a second router as a dmz host wont prevent dns proxying but will allow filtering update servers name resolution
    • Setting a dns proxy on the local LAN will allow the same.
    • Installing a different router *istead of* that of Vodafone will allow you do anything you feel fancy
    • Accessing VF's router at admin level will allow you to remove dns proxy yourself.
    • If none of the above things is done, updates are not blocked by just setting up Tubehax/Chncdcksn name servers
     
    CreeperMario likes this.
  16. MikeLDN

    MikeLDN Newbie

    Newcomer
    1
    1
    Nov 28, 2016
    Hi Garfieldo_Menkjel , how can I send you a PM on this forum, O would like to access my router as every ti,e they push an update, I need to call them again not only that, but on level 1 they don't know what to do so have to pass it to level 2 so it's another 24-48 hours.

    would love to have control of my Advanced Equipment.

    Rgds
    Mike
     
    Subtle Demise likes this.
  17. Patxinco

    Patxinco Riding a Shooting Star

    Member
    664
    265
    Apr 18, 2011
    Just finished talking with them, now DNS-U works flawless. They guy who i was talking didn't even know/wanted to know what i was talking about, but he finally deactivated it!!!!
     
  18. Garfieldo_Menkjel
    OP

    Garfieldo_Menkjel Newbie

    Newcomer
    7
    5
    Oct 26, 2016
    Sorry it took so long to come back to you.
    Don't really know how to PM here, cannot see an option for that.

    Accessing the admin interface is the only real option as the configuration VF techs do per request is overriden every time a TR69 update is rolled out.
    Not willing to share personal info in the forum so not sure howe to proceed from here..
     
  19. Marko76

    Marko76 GBAtemp Psycho!

    Member
    3,519
    1,978
    Aug 19, 2015
    United Kingdom
    Clydebank
    To pm someone simply click on their name then there will be an option to pm them just bellow where their name is.
     
  20. exelix11

    exelix11 GBAtemp Advanced Fan

    Member
    542
    384
    Feb 25, 2015
    Italy
    C:\users\exelix11\
    Just passing by: While i was a Vodafone costumer I had this problem too, to solve it i made this tool and even published it here on gbatemp, but quite a few people know about it, the only downside is that you need a pc every time you want to go online, you can run it on a raspberry pi too.
    I switched to another isp now but i still use it cause i don't really trust the public dns services