Hello i,ve got very interesting problem and i need your help
on my job i have windows 2003 server with active directory,DNS and DHCP servers on it.
problem persists in wifi (2 TP link routers connected to server to broadcast wifi signal) connection, every laptop and tablet can connect to wifi
only the phones cant connect or use internet
android smartphones cant even connect to routers,my iphone connects to router,but has DNS problem,even if i enter external DNS server IP like 8.8.8.8
encruption on routers, wpa2 personal
any ideas?
3Dmaniac said:
Hello i,ve got very interesting problem and i need your help
on my job i have windows 2003 server with active directory,DNS and DHCP servers on it.
problem persists in wifi (2 TP link routers connected to server to broadcast wifi signal) connection, every laptop and tablet can connect to wifi
only the phones cant connect or use internet
android smartphones cant even connect to routers,my iphone connects to router,but has DNS problem,even if i enter external DNS server IP like 8.8.8.8
encruption on routers, wpa2 personal
any ideas?
Click to expand...
Click to collapse
Not sure if this is your problem, but WPA2 is for wireless N devices, I would suggest running WPA and see if that will work for ya.
travisray2004 said:
Not sure if this is your problem, but WPA2 is for wireless N devices, I would suggest running WPA and see if that will work for ya.
Click to expand...
Click to collapse
Incorrect. My personal home router and my wife's Droid 3 work just fine thanks.
travisray2004 said:
Not sure if this is your problem, but WPA2 is for wireless N devices, I would suggest running WPA and see if that will work for ya.
Click to expand...
Click to collapse
i tried to even disable security on router
,
nand also i've never had problems with wpa2
Is it all kinds of Android phones or just one kind? Is your server the DNS and DHCP server as well?
MrObvious said:
Is it all kinds of Android phones or just one kind? Is your server the DNS and DHCP server as well?
Click to expand...
Click to collapse
have to try another android phones, yes,my server is DNS server and DHCP server also.
even if i enter google DNS or other free dns server IP my phone cant get site names again
Have you disabled NAT in the routers?
MistaBojangles said:
Have you disabled NAT in the routers?
Click to expand...
Click to collapse
will have option to try at the end of the day,but if laptops and other devices work why migh it be the problem?
3Dmaniac said:
will have option to try at the end of the day,but if laptops and other devices work why migh it be the problem?
Click to expand...
Click to collapse
Having a double NAT will cause sporadic DNS issues because both devices, the routers and server in your case are trying to perform the Network Address Translation, which basically means converting friendly URLs into IP addresses, and IP addresses into friendly URLs. It does not completely take down the internet, and the issues are sporadic. I had the same situation with my Gateway (eMTA with built in router) running my own router. I could get to most sites, but others I could not. I had to have the Gateway placed into bridged mode, disabling the internal router and NAT functions. It solved my issues. So just because some devices can browse doesn't mean that isn't the issue.
Your server should be the only thing performing the DHCP and DNS functions, and if the routers are configured to do the same, you have a double NAT, and will cause the issue you are describing.
MrObvious said:
Is it all kinds of Android phones or just one kind? Is your server the DNS and DHCP server as well?
Click to expand...
Click to collapse
android i777 worked perfectly
MistaBojangles said:
Have you disabled NAT in the routers?
Click to expand...
Click to collapse
TP link
DHCP server is dasabled in router and network>lan is configured to smart IP
is it enough?
3Dmaniac said:
TP link
is it enough
DHCP server is dasabled in router and network>lan is configured to smart IP
Click to expand...
Click to collapse
What model TP-Link?
MistaBojangles said:
What model TP-Link?
Click to expand...
Click to collapse
Model No. TL-WA830RE
using as access point
3Dmaniac said:
Model No. TL-WA830RE
using as access point
Click to expand...
Click to collapse
Standby, I have quite an extensive list of screenshots here:
http://screenshots.portforward.com/
MistaBojangles said:
Standby, I have quite an extensive list of screenshots here:
http://screenshots.portforward.com/
Click to expand...
Click to collapse
and + this access point which also has disabled DHCP and has same problems
Model No. TL-WA901N / TL-WA901ND 2.0
I want you to try two things. It is OK to have the DHCP server enabled, but not the DNS server. Leave Default Gateway, Default Domain, Primary and Secondary DNS blank
Leaving the DHCP enabled, you will essentially have two subnets. Will that pose a problem?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Also, leave it on SmartIP
and try:
Disable the DHCP
Use a static IP and the servers Default Gateway, Default Domain, and DNS addresses
Clone the server's MAC
MistaBojangles said:
I want you to try two things. It is OK to have the DHCP server enabled, but not the DNS server. Leave Default Gateway, Default Domain, Primary and Secondary DNS blank
Leaving the DHCP enabled, you will essentially have two subnets. Will that pose a problem?
Also, leave it on SmartIP
and try:
Disable the DHCP
Use a static IP and the servers Default Gateway, Default Domain, and DNS addresses
Clone the server's MAC
Click to expand...
Click to collapse
on both access points i get
Try this:
On your server open a command prompt and type ipconfig /all
Enable DHCP
Use static IP
Fill in all information with the info from the servers ipconfig
Clone the servers MAC
MistaBojangles said:
Try this:
On your server open a command prompt and type ipconfig /all
Enable DHCP
Use static IP
Fill in all information with the info from the servers ipconfig
Clone the servers MAC
Click to expand...
Click to collapse
enable dhcp and static IP on access point right?
3Dmaniac said:
enable dhcp and static IP on access point right?
Click to expand...
Click to collapse
Did you set that 169 IP address yourself on the server? A 169 is typically a self-assigned IP address when the device couldn't obtain one from the DHCP server, and a connection isn't possible. If that is what your configuration is, and internet works on that particular machine, that's the info you need.
So on both of the access point, assign a Static IP, but not the same one listed there because that is the server's IP, but since it is a DHCP server you should be able to give one of the AP 169.254.1.51 and the other 169.254.1.52, and configuration in the server to issue those may be necessary since they are static. The Subnet Mask, Default Gateway, and DNS Servers, use the same info in both AP's
Please let me know if this works for you.
Related
I am having the following problem:
Totally at random I receive this error message!!! I saw that I also get this message after using active sync, but also at various other moments!
I really don't know what to do about it anymore!
Can anyone help me out?
do what the thing says, enable your dhcp server. Or use a fixed ip.
Doezel said:
do what the thing says, enable your dhcp server. Or use a fixed ip.
Click to expand...
Click to collapse
Yeah, but HowTo...? Trying for a while now and still having the same problem...
Ip for Active Sync
I had exactly the same problem on my Prophet,
Basically this used to occur whenever I tried to connect with active sync.
Solution: Start-Settings-connections-network cards-remoteNDIS host
I have assigned fixed ip to both the device & my comp.
Device
fixed IP 169.254.2.1
Netmask 255.255.255.0
Gateway 169.254.2.1
PC
Ip 169.254.2.2
Netmask 255.255.255.0
Gateway 169.254.2.1
I am trying to find file explorer with vpn support. I have tried gsfinder+ but it seems there's no support for vpn.
Does someone know any file explorer with vpn support?
-Matti-
What exactly do you mean by file explorer with vpn support?
Meaning that,
when try to use my firm shared resource/network folder. I first need vpn to connect inner network. Vpn works great but I cant somehow use shared resources.
Tested:
I connect vpn. Now I can show firm intranet web site so it means vpn works. I open gsfinder. try to connect network folder \\server\share but some error occurs.
And the question was, is there any file explorer that support vpn connections?
sorry my bad english...
the only apps that seem to work properly over a vpn are exchange active sync, pocket ie and the terminal services client.
maybe i'm missing something but i can't find any file explorer that will let me access the office network over vpn.
surely this is kind of the point of a vpn connection? to (securely) access the network's resources as if you were physically connected to it.
not being able to access fileshares is more than a bit rubbish!
I'm new in this forum, and I'm also quite newbie in windows mobile world, but here is how I managed to get PPTP VPN work with resco explorer:
1) Setup your VPN connection to "Settings -> connections -> connections"
2) Setup "Settings -> connections -> advanced -> Select Networks" as shown in pic 1
3) Add LAN addresses to "Settings -> connections -> advanced -> exceptions" (ie. 192.168.0.*/*)
You need to open the VPN connection first and then use resco explorer, it does not open the connection automatically.
I noticed from my firewall (m0n0wall) logs that it always tries to use my ISP:s "fake" WINS server, even if I try to map the share using IP address. So I put my WINS servers LAN IP address manually to connection settings and then it starts to work. Now I can securely access my local network folders anywhere using computer name i.e. \\SERVER\SHARE.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
P.S: Because windows mobile lacks basic network tools, I found VxUtils very useful.
Thanks a lot joksanen. I get it working now with gsfinder, so happy
Only thing I needed to do was that I add intranet addresess to exception list and vola its working...
Your instructions were great!!!
Finally got it working!!!
The missing link for me was setting up a WINS server.
Thanks for the tip
Where I need to write the WINS server?
I didn't have a WINS Server.
Does this mean I need to write the
IP Adress from the Computer, I would like to connect?
I got the same problem connecting with VPN a LAN-drive.
After connecting with OpenVPN or L2TP I can ping the Computer,
but I can't map a drive.
Does somebody have a Idea for me?
Thank you for any help in advance.
Namaste
Elena
Elena said:
Where I need to write the WINS server?
I didn't have a WINS Server.
Does this mean I need to write the
IP Adress from the Computer, I would like to connect?
I got the same problem connecting with VPN a LAN-drive.
After connecting with OpenVPN or L2TP I can ping the Computer,
but I can't map a drive.
Does somebody have a Idea for me?
Thank you for any help in advance.
Namaste
Elena
Click to expand...
Click to collapse
You can use the Cisco VPN Client for menelola coneksi on the device and also on computer
You can download it at http://tools.cisco.com/search/JSP/search-results.get?strQueryText=Cisco VPN Client for smartphone&Search All cisco.com = cisco.com&language = en&country = US&thissection = f&accessLevel = Guest
Hakim Rahman said:
You can use the Cisco VPN Client for menelola coneksi on the device and also on computer
You can download it at http://tools.cisco.com/search/JSP/search-results.get?strQueryText=Cisco VPN Client for smartphone&Search All cisco.com = cisco.com&language = en&country = US&thissection = f&accessLevel = Guest
Click to expand...
Click to collapse
Hi Hakim
Thank you very much for your respond.
But this is a alternative option and not the solution for me.
I have Firewall from Astaro with PPTP, L2TP, SSL VPN function.
With the Computer works like a charm, only my mobile device makes me problem.
There is a VPN issue with the Windows Mobile Devices, I have seen google many users that don't work correctly.
Namaste
Elena
Hi folks!
I just got my Touch Pro and i'm wondering, if anyone managed to access network shares by a vpn over 3G connection.
My settings:
VPN Server PPTP Windows XP (yeah, the built-in, because its easier than openvpn) set to 192.168.77.1 and DHCP disabled
PPC:
To make things clearer, here's a picture:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
i've set them ips static and disabled access to the local gateway on my homeserver, so the PPC doesn't connect to the internet over the VPN
If you want your homeserver to scramble your traffic (for VoIP, etc.) you can enable the gateway which is 192.168.0.1 in my setup and use a second IP-Address range for the VPN INSIDE (!) 192.168.0. (like 20-30 or so).
No Proxies set, but an Exception for "*/*.*" IF i want internet-traffic routed over the vpn.
Now as i search with resco explorer for network shares it sees:
- only the server when set to an own IP-Subnet (192.168.77.)
- every computer at my home when set to the SAME IP-Subnet (192.168.0.)
- every computer at the 3G network which share the same IP (maybe this is the tricky part?)
But i just cannot connect to share, neither by entering the computername (\\PCNAME\C$), nor by entering an IP (\\192.168.77.1\C$). I can ping them though and accessmy local webserver by their vpn-IP with Opera. FTP is working too.
I already tried forwarding 135-139 and 445 to connect directly without a VPN, but this somehow ain't working for me, even not with another computer, maybe you have a sugg
I'd really like to know myself inside my home even if i step out of it (you guys will understand, my gf doesn't). Maybe you guys have an idea how to "simplify" the vpn-setup at my PPC, too. It's kind a mess what you have to do to force a vpn on every connection to the internet. A switch (All traffic through VPN, only local traffic through VPN and no VPN at all) would come in handy.
Second Part is:
I've managed to connect my modem to a landline and start making a call with my computer at home. I'd like to know if there is ANY way to use my landline over the vpn on my PPC, just imagine how much money you could save. I already tried a stupid way (Remote Computer with sound on the ppc) but this isn't very comfortable.
Call forwarding features enabled at home are NOT an option, because you would be charged...
sorry i dont have a solution for you but i suffer similar problem.
Setup incoming connection in vista network manager.
Set 1723 port forward in router to vista machine
setup VPN in WM6.1 with correct details.
PPC connects to vista machine, i can see it connected in network manager.
Using resco explorer, map network drive shows no shared folders.
also activating VPN requires alot of steps and clicks everytime you wish to use it.
I am maybe missing somthing obvious, maybe some tips to help us out? or a hint of where to start looking for the problem.
ps i can map network shares when connected to me local network via WIFI, just not possible over the internet
Thanks for the reply, nice to hear i'm not the only one.
I think this is related to the IP. I assume, you SHARE your IP with other users around you. I was reading this somewhere, here's another link:
http://mybroadband.co.za/vb/showthread.php?t=30837
check the last post.
The network provider uses NAT, so we have to find a workaround. Maybe your computer at home only sees the public IP address (the one you share...) and is unable to reply to the share request.
To prove this:
connect to 3G without VPN enabled. Then search for other network shares in Resco, you should see a bunch of other computers.
I will try to access a network share with windows xp over the 3G and post the results.
Interesting idea, ill give it a try later.
i am starting to think my router is having trouble forwarding the GRE packets, i have tried forwarding port 47 but its made no difference. i need to get home and check my router logs see if i can find out if the data is going where is should.
I may attempt to VPN via L2TP instead of PPTP, but im unsure of how to setup the incoming connection on the vista machine. Maybe it requires some 3rd party software, it did not seem obvious in vista how to choose L2TP instead of PPTP!!! But this should prove if the GRE packets are the problem
OK, i got VPN over 3G working with a laptop using the ICS of my Touch Pro.
So, next step, compare the settings!
On my Laptop (Connection --> Details)
Server Type: PPP
Transports: TCP/IP
Authentication: MS CHAP V2
Encryption: MPPE 128
Compression: MPPC
PPP multilink framing: Off
Server IP address: 192.168.5.50
Client IP address: 192.168.5.51
On the PPC:
Server Type: PPP
Transports: TCP/IP
Authentication: MS CHAP V2
Compression: MPPC
Server IP address: 192.168.5.50
Client IP address: 192.168.5.52
WHO could have thought of this? They're the same.
I will keep looking into "SLIP" (whatever this is) an The L2TP VPN Type
Reports will follow.
For Your GRE-Problem. You REALLY need a router who gets this right. I have a WRT54GL with DD-WRT which is very simple to set up. I also know of some Fritz!Box (es) that they forward this right. Maybe try to set up the vpn between 2 computers first. btw, IF you already see your PPC in "connected clients", the forwarding is working!
Hi!
Does anybody know a trick on Froyo to set a port number for VPN servers?
My VPN connection requires port 443, but if I set the VPN server address with ":443" at the end, when I try to connect to it, I have "ATTENTION: server name cannot be resolved"
It looks like it only like VPN server addresses without any port i.e. it used port 80 by default. I'm really surprised it cannot be added.
I tried L2TP, PPTP and L2TP/IPSec. Same issue.
FYI: I can connect without problem to other VPN servers that use port 80.
thanks a lot for your comments.
[I'm running Froyo on HTC Desire]
Hi!
Isn't there anybody that faced/faces this problem?
It's unbelievable that one cannot specify the port of a VPN server in Android settings!
Thanks for any tips.
How can I connect an Android phone with a Fritz Box. VPN
yeahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
Android VPN
hi,
all i request please tellme i am using android vpn service frome http://www.purevpn.com/vpn-service/android-vpn.php and i want to know that is that my android how to connect with ssl vpn connection and is this service providing ssl vpn.
thnaks.
try Port Scanner 4.4 from the market place.
Omnichron said:
try Port Scanner 4.4 from the market place.
Click to expand...
Click to collapse
yes. this works. thanks
lavive said:
Hi!
Does anybody know a trick on Froyo to set a port number for VPN servers?
My VPN connection requires port 443, but if I set the VPN server address with ":443" at the end, when I try to connect to it, I have "ATTENTION: server name cannot be resolved"
It looks like it only like VPN server addresses without any port i.e. it used port 80 by default. I'm really surprised it cannot be added.
I tried L2TP, PPTP and L2TP/IPSec. Same issue.
FYI: I can connect without problem to other VPN servers that use port 80.
thanks a lot for your comments.
[I'm running Froyo on HTC Desire]
Click to expand...
Click to collapse
was this ever answered? I would like to know myself-
lavive said:
Hi!
Does anybody know a trick on Froyo to set a port number for VPN servers?
My VPN connection requires port 443, but if I set the VPN server address with ":443" at the end, when I try to connect to it, I have "ATTENTION: server name cannot be resolved"
It looks like it only like VPN server addresses without any port i.e. it used port 80 by default. I'm really surprised it cannot be added.
I tried L2TP, PPTP and L2TP/IPSec. Same issue.
FYI: I can connect without problem to other VPN servers that use port 80.
thanks a lot for your comments.
[I'm running Froyo on HTC Desire]
Click to expand...
Click to collapse
As far as i know you cannot set the port used by PPTP or L2TP.
Isn't there anybody that faced/faces this problem?
It's unbelievable that one cannot specify the port of a VPN server in Android settings!
Thanks for any tips.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Hi,
Tada! I've found out how to force the use of a port number in L2TP and PPTP VPN configurations:
after you've input the server's IP address do not use ":" but just a space character before imputing the port number
e.g. 10.245.123.456 443
It also works with iOS VPN config, and of course any kind of ports which are supported by your VPN service provider's servers (443, 8000, 1194, 8292...).
Enjoy!
Hi, there is some solution for android 6?
Space is not suitable.
Same problem. Android pie
The reason why you're getting the "ATTENTION: server name cannot be resolved" error is because Froyo is trying to resolve the VPN server address as a hostname, but the port number is preventing it from doing so. If you remove the port number from the VPN server address, Froyo will be able to resolve the hostname and connect to the VPN server.
Here is instructions of how to block Updates on a Fire TV.
Important!
Recently a Fire TV update released, it blocks any way to disable auto updates, except this one
Some ISP are replacing client DNS requests by their own answers, in that case this method won't work.
DNS configuration saved per access point, if you connect to another Wi-Fi you need to enter the DNS again.
If you connect a VPN, DNS settings will be ignored, so you can use VPN only if it works per app and not system wide.
No PC needed
Step by step instruction
Go to your Fire TV Network settings and remove all networks except one you going to use. (Menu -> OK)
While connected to the Wi-Fi network you use, go to My Fire TV -> About -> Network and save "IP Address", "Gateway", "Subnet Mask" somewhere, or take a picture
Go to Network settings and remove your Wi-Fi connection
Start connecting to your Wi-Fi access point again, enter password but don't press Next
Press "Advanced" button at the bottom center
Enter the IP Address saved in the 2. step and press Next
Enter the Gateway address saved in the 2. step and press Next
Enter Network Prefix Length, get it from this page using "Subnet Mask" saved in the step 2. and press Next
Enter DNS address, pick up nearest one from the list below, and press Next
USA: 104.154.51.7
Europe: 104.155.28.90
Asia: 104.155.220.58
South America: 35.199.88.219
Australia and Oceania: 35.189.47.23
Skip "DNS 2" configuration and press "Connect"
Wait for the Captive Portal opened. If it is opened it will the proof that DNS is working! Either it means that update blocking not work for you.
In the Captive Portal use remote control buttons to navigate Menu -> Settings -> Fire TV -> Close Captive Portal
Press Back button on the remote control
Press Play/Pause button on selected wifi network to check network status, it should show the online status
Go to My Fire TV -> About -> Check for Updates and if you see "Update Error" message, it is working
While the DNS settings are there, you are safe to stay on current firmware, and no updates going to be installed in background.
To test does your ISP/router replacing DNS requests, you can use this command:
nslookup test.idns [DNS SERVER]
In result it should produce the line with 1.2.3.4 address, it means it is working fine for you.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
If you find any issues, please write them in comments.
--------
Disable OTA if you have a root rights, no DNS needed, run as root in shell:
Code:
mount -o rw,remount /system
echo -e '\n0.0.0.0 softwareupdates.amazon.com' > /etc/hosts
Great, thank you.
I'd like to give this a try later.. Excited for it to work. Can you please proofread #11 and clarify, mostly the 2nd half? Seems a critical point in the process.
@Ighor Thanks.
Who's DNS servers are these?
I'm assuming that Amazon update servers have been blocked from these DNS servers, I'm just wondering who's managing them?
Alternatively, you can block updates through your router. Blocking updates on the FireTV itself is best and easiest, second best option is via your router, and last resort is DNS.
An old walkthrough that talks about all the ways of blocking updates and the benefits of each
How to block software updates on the Amazon Fire TV or Fire TV Stick
All versions of the Amazon Fire TV will download and install software updates automatically. There is no option to disable or reject software updates. Whether you have a rooted Fire TV or not, this guide will show you all the methods for blocking software updates on Fire TV devices.
www.aftvnews.com
Finnzz said:
Who's DNS servers are these?
Click to expand...
Click to collapse
It is my servers, running since 2014 for different purposes. Since my DNS engine is very flexible I can create a rules to provide different features for different devices. So Fire TV support is now added.
For example in Open DNS you can't create rules for *amazon*updates*, but my server has those possibilities, it catching regional and any possible new domains also.
Ighor said:
It is my servers, running since 2014 for different purposes. Since my DNS engine is very flexible I can create a rules to provide different features for different devices. So Fire TV support is now added.
For example in Open DNS you can't create rules for *amazon*updates*, but my server has those possibilities, it catching regional and any possible new domains also.
Click to expand...
Click to collapse
Ok, yeah I figured someone needed to be managing the Amazon addresses The more options the better.
Why do you have different servers for different regions? Are your servers physically looking located in different parts of the world?
Are your servers going to be able to handle thousands of FireTV devices?
Finnzz said:
Are your servers physically looking located in different parts of the world?
Click to expand...
Click to collapse
Yes. So you get lower ping if you choose nearest one.
Finnzz said:
Are your servers going to be able to handle thousands of FireTV devices?
Click to expand...
Click to collapse
It handles millions of requests every day with 2% CPU usage, so answer is yes.
Ok thank you!
I have to say I have one big concern. Using the DNS servers of a private individual that you don't know is a bit of a security risk, and can be used in malicious ways.
What Is DNS, and Should I Use Another DNS Server?
However, if your computer or network is pointed at a malicious DNS server set up by a scammer, the malicious DNS server could respond with a different IP address entirely. In this way, it’s possible that you could see “facebook.com” in your browser’s address bar, but you may not actually be at the real facebook.com. Behind the scenes, the malicious DNS server has pointed you to a different IP address.
Click to expand...
Click to collapse
I appreciate the gesture you are making to help everyone out, but I'm also wondering how the average user can determine if the DNS servers are trustworthy?
I don't mean to offend you, but being cautious is always best when it comes to security.
It's similar to recommending that you only install apps from trusted sources, and only give ADB access to very trusted sources.
When a stranger offers you a ride home you take a greater risk than if you use public transportation lol
Finnzz said:
Using the DNS servers of a private individual that you don't know is a bit of a security risk, and can be used in malicious ways.
Click to expand...
Click to collapse
Finnzz said:
I'm also wondering how the average user can determine if the DNS servers are trustworthy?
Click to expand...
Click to collapse
That is fair thing to worry about if you are using unknown DNS on your PC. Since the risk is in you, when you enter the website, you may not notice that you are forgot to add https:// but using http://, or you may mistakenly agree to trust unknown certificate if prompted. In that case someone can see your traffic.
But if you use that with the device, there is no choice, it always uses https:// so if someone will try to catch your traffic, they will fail with ssl errors. So technically you don't have to trust a DNS server or a VPN if you are entering that to your Android/iOS device (and not using Internet browsers).
Anyway if anyone replaces DNS records by malicious IP address, at least some users can notice the certificate warnings and report them. In another cases websites may notify you about unusual logins, from another countries (if someone have catch your unencrypted traffic). I never did anything like that so you won't find any reports about my DNS servers.
Ighor said:
Anyway if anyone replaces DNS records by malicious IP address, at least some users can notice the certificate warnings and report them. I never did anything like that so you won't be able to find any reports about my DNS servers.
Click to expand...
Click to collapse
Yeah sorry, I hate to bring it up. I think everyone knows they take a risk when installing new apps, but far less know the potential of a malicious DNS server. I don't like asking the questions, because just the question insinuates something negative. Nothing against you personally.
Thank you for sharing your DNS. Hopefully you can save a few FireTV users on your arc before the next update that really does some damage.
Ighor said:
Here is instructions of how to block Updates on a Fire TV...
Click to expand...
Click to collapse
Finnzz said:
@Ighor...Alternatively, you can block updates through your router. Blocking updates on the FireTV itself is best and easiest, second best option is via your router, and last resort is DNS.
An old walkthrough that talks about all the ways of blocking updates and the benefits of each
How to block software updates on the Amazon Fire TV or Fire TV Stick
All versions of the Amazon Fire TV will download and install software updates automatically. There is no option to disable or reject software updates. Whether you have a rooted Fire TV or not, this guide will show you all the methods for blocking software updates on Fire TV devices.
www.aftvnews.com
Click to expand...
Click to collapse
Finnzz said:
Ok thank you!
I have to say I have one big concern. Using the DNS servers of a private individual that you don't know is a bit of a security risk, and can be used in malicious ways...
...I appreciate the gesture you are making to help everyone out, but I'm also wondering how the average user can determine if the DNS servers are trustworthy?
I don't mean to offend you, but being cautious is always best when it comes to security...
Click to expand...
Click to collapse
Finnzz said:
...I hate to bring it up. I think everyone knows they take a risk when installing new apps, but far less know the potential of a malicious DNS server. I don't like asking the questions, because just the question insinuates something negative. Nothing against you personally...
Click to expand...
Click to collapse
I certainly appreciate the GENEROSITY of a "Technologically Competent" person offering their services to "Technologically Incompetent" folks, but *WHY* would someone TRUST a stranger to block specific DNS addresses when they could:
Block them locally on THEIR OWN router?
Block them locally on THEIR OWN DHCP server (I use Pi-Hole on a Raspberry Pi 3B)?
Block them with (well-known, established) OpenDNS (Method 4 on the AFTVNews article, as per the LINK posted by @Finnzz )?
TBD...
TakeTheActive said:
I certainly appreciate the GENEROSITY of a "Technologically Competent" person offering their services
Click to expand...
Click to collapse
Yeah, really nice
TakeTheActive said:
but *WHY* would someone TRUST a stranger to block specific DNS addresses when they could:
Block them locally on THEIR OWN router?
Block them locally on THEIR OWN DHCP server (I use Pi-Hole on a Raspberry Pi 3B)?
Block them with (well-known, established) OpenDNS (Method 4 on the AFTVNews article, as per the LINK posted by @Finnzz )?
TBD...
Click to expand...
Click to collapse
If you set up a local proxy server with a program like charles proxy or mitm, you can see all the traffic the fireTV generates on your PC... you see all the data, in listings, well ordered by process.
Almost all of this traffic and data is useless crap, since almost all of this stuff is encrypted.
Only thing readable is advertising sh*t and some meta statistics.
Anyways, a DNS server wont sniff any of this data, it gets only DNS requests, so it will most likely be perfectly fine and a very convenient method for users (users without a pi-hole or a capable router, capable to block encrypted DNS requests).
Btw, it's also a working and very common method to block updates on homebrewed PS4 and nintendo switch devices
Ighor said:
Here is instructions of how to block Updates on a Fire TV.
Important!
Recently a Fire TV update released, it blocks any way to disable auto updates, except this one
Some ISP are replacing client DNS requests by their own answers, in that case this method won't work.
DNS configuration saved per access point, if you connect to another Wi-Fi you need to enter the DNS again.
If you connect a VPN, DNS settings will be ignored, so you can use VPN only if it works per app and not system wide.
No PC needed
Step by step instruction
Go to your Fire TV Network settings and remove all networks except one you going to use. (Menu -> OK)
While connected to the Wi-Fi network you use, go to My Fire TV -> About -> Network and save "IP Address", "Gateway", "Subnet Mask" somewhere, or take a picture
Go to Network settings and remove your Wi-Fi connection
Start connecting to your Wi-Fi access point again, enter password but don't press Next
Press "Advanced" button at the bottom center
Enter the IP Address saved in the 2. step and press Next
Enter the Gateway address saved in the 2. step and press Next
Enter Network Prefix Length, get it from this page using "Subnet Mask" saved in the step 2. and press Next
Enter DNS address, pick up nearest one from the list below, and press Next
USA: 104.154.51.7
Europe: 104.155.28.90
Asia: 104.155.220.58
South America: 35.199.88.219
Australia and Oceania: 35.189.47.23
Skip "DNS 2" configuration and press "Connect"
Wait for the Captive Portal opened. If it is opened it will the proof that DNS is working! Either it means that update blocking not work for you.
In the Captive Portal use remote control buttons to navigate Menu -> Settings -> Fire TV -> Close Captive Portal
Press Back button on the remote control
Press Play/Pause button on selected wifi network to check network status, it should show the online status
Go to My Fire TV -> About -> Check for Updates and if you see "Update Error" message, it is working
While the DNS settings are there, you are safe to stay on current firmware, and no updates going to be installed in background.
To test does your ISP/router replacing DNS requests, you can use this command:
nslookup test.idns [DNS SERVER]
In result it should produce the line with 1.2.3.4 address, it means it is working fine for you.
View attachment 5528199
If you find any issues, please write them in comments.
Click to expand...
Click to collapse
Used the US dns sever listed here, setup my vpn to tunnel per app basis and it still updated anyways. Also most available URLs for Amazon update services have also been blacklisted on my router!
Why is this happening?
ruky23 said:
Why is this happening?
Click to expand...
Click to collapse
VPN is overriding DNS settings by their own
This doesn't seem to work any more. I got a new 4K Max stick and before I plugged it in I made sure your US server was setup as my router's DNS to assign to DHCP clients. It still found an update and rebooted to install it before I could unplug the router.
PeteyNice said:
This doesn't seem to work any more. I got a new 4K Max stick and before I plugged it in I made sure your US server was setup as my router's DNS to assign to DHCP clients. It still found an update and rebooted to install it before I could unplug the router.
Click to expand...
Click to collapse
Are you sure your ISP does not replace dns answers by their own?
Ighor said:
Are you sure your ISP does not replace dns answers by their own?
Click to expand...
Click to collapse
Yes, I am sure. I changed it from a pi hole I setup that I know works.
PeteyNice said:
Yes, I am sure. I changed it from a pi hole I setup that I know works.
Click to expand...
Click to collapse
While DNS server is local, pi hole is, ISP can't replace dns requests.
It is possible only for remote DNS servers, like mine.
What is nslookup answer of the line posted in the picture of this thread?
Ighor said:
While DNS server is local, pi hole is, ISP can't replace dns requests.
It is possible only for remote DNS servers, like mine.
What is nslookup answer of the line posted in the picture of this thread?
Click to expand...
Click to collapse
It worked as expected. One thing I noticed, now that it is setup, is that it is including Google DNS along with my pi hole. I wonder if it tried Google when your server failed to resolve it.
PeteyNice said:
is that it is including Google DNS
Click to expand...
Click to collapse
it is using random, or both at the same time, and of course in my DNS it failed, so it take DNS answer from the second DNS
To get it work, only my DNS server need to be set.
Also please don't set my DNS server to your router, but to Fire TV directly. Because to prevent domain bruteforce by scammers, I made special conditions when it works and when doesn't. And if you turn off your Fire TV for a while, my DNS will stop working next day for your IP.