Hacking DNS to block the updates of the switch!

[Switchssb]

Looks like it's being blocked.

yeah but it was also blocking eshop and internet access on the switch.

I've setup fiddler proxy and now have what i want basically, can still update/buy games, and don't get the sys update nag. Thanks Wizz

 

[zero80472]

i have blocked using the DNS methoid but my zelda wont start (i dont want to update to latest version ) due to the fact that i need arrows any ideas

(could it because of my safe files ? ) i was on the update but i uninstalled it (delete the software delete's the patch i think)

 

[Switchssb]

Just opened Eshop and i'm getting a system update prompt even with fiddler, whats the new address's to block?

 

[DarkenedMatter]

DNS method isn't working for me anymore. I just get error codes. I guess it needs updating?

 

[DocAmes1980]

Just opened Eshop and i'm getting a system update prompt even with fiddler, whats the new address's to block?

I'm not getting the nag. I'm blocking:

sun.hac.lp1.d4c.nintendo.net
beach.hac.lp1.eshop.nintendo.net

I'm not using Fiddler though. I'm blocking them by using a DNS emulator.

 

[Mr. Wizard]

I'm using fidder and blocking sun and beach, no problems here for me.

 

[OfficialFBomb]

So for all you that don't know how to use ping and want an equally easy non destructive way of testing to see if your router is blocking the update server you can just enter this url into any browser behind your router:

https://sun.hac.lp1.d4c.nintendo.net/

If it is being blocked you will get this:

If it is NOT being blocked you will get this:

If you get this it means you are accessing the http page, the Switch uses https. Some routers do not block https.

--------------------- MERGED ---------------------------



Have you tried updating your router's firmware?
Unfortunately it seems your router does not support blocking https sites. New firmware might change this.

You can try entering sun.hac.lp1.d4c.nintendo.net into the KEYWORD filter, but it may not work.


You can use:

Fiddler proxy - http://www.telerik.com/fiddler
SimpleDNS - http://simpledns.com/
MaraDNS - http://maradns.samiam.org/

These need to be run on a computer anytime you want internet access for the switch. (This is the method I use, way more advanced control than my routers.)


Also, your router is the one with the cable modem built in. It doesn't support custom firmware such as Tomato or DD-WRT which have more advanced options than the consumer version of Asus-WRT.

You can also bridge your router to basically turn it into just a modem, then buy a more advanced router.

The problem with just blocking an IP address is that it can change at any time.

Remember me, lol my router does keyword blocking, I was updating the key word list when I noticed this post ^ I took two screen shots just to make sure this was right..

 

[Mr. Wizard]

Remember me, lol my router does keyword blocking, I was updating the key word list when I noticed this post ^ I took two screen shots just to make sure this was right..

It's not being blocked on either test.

What you are looking for is the ERR_EMPTY_RESPONSE which mean the packet has been dropped (blocked). ERR_CONNECTION_RESET means you connected to something but it could not handshake and didn't understand you so it reset the connection. This happened because by using http (unsecured) and pointing to port :443 (secured), your browser was still able to connect but it was talking gibberish to the server so the connection was reset. You entered an invalid address, you either need to omit the :443 or add HTTPS. The only one you should really be concerned with is the HTTPS because the switch uses encryption.

If entering https://sun.hac.lp1.d4c.nintendo.net gets you ERR_EMPTY_RESPONSE your router is fully blocking.

The problem is most routers don't seem to be able to block HTTPS, only HTTP. Then again some routers say the don't block HTTPS yet they do.

You just have to test it and in your case your router doesn't seem to be blocking HTTPS or you have entered the wrong information in the site block settings.

 

[naddel81]

why not use "
TitleDNS "The Netherlands" (81.4.127.20) :

(20 ms) Website Charge (Apache2) :

TitleDNS "Los Angeles" (168.235.92.108) :

(202 ms)"

?

 

[DocAmes1980]

why not use "
TitleDNS "The Netherlands" (81.4.127.20) :

(20 ms) Website Charge (Apache2) :

TitleDNS "Los Angeles" (168.235.92.108) :

(202 ms)"

?

Those are for blocking Wii U updates.

 

[Dimensional]

I'm using a router with TomatoUSB, and the only way I know of blocking connections is through the Access Restriction function in the firmware. However, blocking all TCP/UDP connections on port 443 to sun and beach blocks eShop. I've also disabled Auto-Update Software in my Switch settings, under System at the bottom. Right now, I'm unsure if I got it working right, but I've edited my firmware's settings to block all TCP/UDP connections attempts on port 443 that use the Layer 7 DNS connections.

Edit: My attempt to block it using this configuration failed. I'm attempting other methods.

Edit 2: It took me a while, but I managed to configure my router to both block the two domains, redirecting to 0.0.0.0, but also configured the firewall to also redirect the servers IPs to 0.0.0.0. So far I haven't seen any update nags, and I'm connected to eShop.

 

[naddel81]

Those are for blocking Wii U updates.

oh, I thought they would block ninty servers. therefore they work flawlessly on 3DS, too.

 

[DocAmes1980]

oh, I thought they would block ninty servers. therefore they work flawlessly on 3DS, too.

They should be updated to block Switch updates. Maybe they will. It's still better to block updates via your own means. Public DNSes will eventually go down.

 

[naddel81]

They should be updated to block Switch updates. Maybe they will. It's still better to block updates via your own means. Public DNSes will eventually go down.

once you leave wifi on and accidentally connect to a free wifi you are out of luck anyway. the switch will grab an update in no time.

 

[Mr. Wizard]

once you leave wifi on and accidentally connect to a free wifi you are out of luck anyway. the switch will grab an update in no time.

Actually no it won't, not on 2.0 anyway. It will inform you of an update but you still have to tell it to update. Rebooting clears the nag.

 

[OfficialFBomb]

Well trying on my pc to ping https://sun.hac.lp1.d4c.nintendo.net/ i get a privacy error first, i have to tell it to connect to the site and then i get access denied cc problem, so it seems im going to have tot just turn off wifi permanently until i buy a new router

Also this is what i have in my keyword blocker
autm.hac.lp1.d4c.nintendo.net
sun. .net
beach. .eshop .net
superfly. .net
With of course all the filled in text like the first one

 

[Mr. Wizard]

Well trying on my pc to ping https://sun.hac.lp1.d4c.nintendo.net/ i get a privacy error first, i have to tell it to connect to the site and then i get access denied cc problem, so it seems im going to have tot just turn off wifi permanently until i buy a new router

Also this is what i have in my keyword blocker
autm.hac.lp1.d4c.nintendo.net
sun. .net
beach. .eshop .net
superfly. .net
With of course all the filled in text like the first one

You cannot ping https://sun.hac.lp1.d4c.nintendo.net. You can ping sun.hac.lp1.d4c.nintendo.net but that will only tell you if your router is blocking the name for http traffic which it should be capable of. I made the suggestion of using ping before I realized people were having problems with blocking https.

The correct way to test would be to enter https://sun.hac.lp1.d4c.nintendo.net in your browser and see if the packet gets dropped or by using the switch itself since updates are not forced by any means yet, I do not like to recommend using the switch though since some people will blame me for their own stupid actions of selecting "Update Now".

I digress, your autm.hac.lp1.d4c.nintendo.net address is spelled wrong so I'm curious if others are as well. It would be more useful to actually state the full addresses you are using, by copying and pasting from the router interface.

 

[OfficialFBomb]

I misspelled typing here, in the router it's atum. I was trying to copy paste but the router won't let me copy (weird right)

atum.hac.lp1.d4c.nintendo.net
sun.hac.lp1.d4c.nintendo.net
beach.hac.lp1.eshop.nintendo.net
superfly.hac.lp1.d4c.nintendo.net

Also when entering https://sun.hac.lp1.d4c.nintendo.net into a new chrome tab results in Access Denied CC Problem

 

[Mr. Wizard]

results in Access Denied CC Problem

Bummer... What model router do you have, you might be able to just use custom firmware instead of buying a new one.

 

[OfficialFBomb]

I have a Netgear C6250-100NAS