About a week ago I consistently cannot update apps over Wi-Fi anymore. It will be able to browse the web on Facebook Instagram Snapchat and everything just fine but I cannot download app updates on Wi-Fi. I've reset the app of clear cache everything and it just refuses to update applications. If I go to LTE it will update just fine. Any tips? I have a 1 terabyte unlocked S10 plus Snapdragon model USA
Are you using any ad blockers like adguard or using a dns setting to block ads?
EdinM30 said:
Are you using any ad blockers like adguard or using a dns setting to block ads?
Click to expand...
Click to collapse
Negative. I used static IP on WiFi and specific servers for dns but they are Comcast and Google dns servers
leo72793 said:
Negative. I used static IP on WiFi and specific servers for dns but they are Comcast and Google dns servers
Click to expand...
Click to collapse
Interesting, i'm guessing we're talking about Google play store unable to update apps via wifi but does it perfectly fine over cellular data. If we are talking about Play Store does it download the update but unable to install it or does it flat out cannot download the update at all?
EdinM30 said:
Interesting, i'm guessing we're talking about Google play store unable to update apps via wifi but does it perfectly fine over cellular data. If we are talking about Play Store does it download the update but unable to install it or does it flat out cannot download the update at all?
Click to expand...
Click to collapse
Correct. Itl get to either 49 or 99 percent and stick. I've tried going DHCP and still nada. All other devices can do it easily. I guess a reset may be in order. Stupid Samsung x.x
leo72793 said:
Correct. Itl get to either 49 or 99 percent and stick. I've tried going DHCP and still nada. All other devices can do it easily. I guess a reset may be in order. Stupid Samsung x.x
Click to expand...
Click to collapse
Something in your settings is blocking play store from verifying something look into your dns settings change them to stock original and try. I was using DNS changer on my s10+ to block ads and i had random issues where my play store wouldn't show anything.
I'm 99% sure your dns is blocking something play store needs i just can't put my finger on it
EdinM30 said:
Something in your settings is blocking play store from verifying something look into your dns settings change them to stock original and try. I was using DNS changer on my s10+ to block ads and i had random issues where my play store wouldn't show anything.
I'm 99% sure your dns is blocking something play store needs i just can't put my finger on it
Click to expand...
Click to collapse
i thought that but i have no apps that change DNS. Only app that technically does block ads is kiwi browser. it only happens on wifi so idk. my network is setup using the same DNS servers and nothing else has issues at all. ive reset the play store app, checked all updates firmware software etc. i reset settings too and even enabled unmetered wifi ( which made my wifi 3x faster)
leo72793 said:
i thought that but i have no apps that change DNS. Only app that technically does block ads is kiwi browser. it only happens on wifi so idk. my network is setup using the same DNS servers and nothing else has issues at all. ive reset the play store app, checked all updates firmware software etc. i reset settings too and even enabled unmetered wifi ( which made my wifi 3x faster)
Click to expand...
Click to collapse
If you have a friend or neighbor try using their wifi and see if it lets you update apps that way if it does then there is something in your router a setting that your phone doesn't like if it's the same then it it's something within your android that's blocking it
Didn't get to try that but out of nowhere it suddenly started working again. Updated 3 apps and downloaded new ones just fine with 0 network changes.
Here is instructions of how to block Updates on a Fire TV.
Important!
Recently a Fire TV update released, it blocks any way to disable auto updates, except this one
Some ISP are replacing client DNS requests by their own answers, in that case this method won't work.
DNS configuration saved per access point, if you connect to another Wi-Fi you need to enter the DNS again.
If you connect a VPN, DNS settings will be ignored, so you can use VPN only if it works per app and not system wide.
No PC needed
Step by step instruction
Go to your Fire TV Network settings and remove all networks except one you going to use. (Menu -> OK)
While connected to the Wi-Fi network you use, go to My Fire TV -> About -> Network and save "IP Address", "Gateway", "Subnet Mask" somewhere, or take a picture
Go to Network settings and remove your Wi-Fi connection
Start connecting to your Wi-Fi access point again, enter password but don't press Next
Press "Advanced" button at the bottom center
Enter the IP Address saved in the 2. step and press Next
Enter the Gateway address saved in the 2. step and press Next
Enter Network Prefix Length, get it from this page using "Subnet Mask" saved in the step 2. and press Next
Enter DNS address, pick up nearest one from the list below, and press Next
USA: 104.154.51.7
Europe: 104.155.28.90
Asia: 104.155.220.58
South America: 35.199.88.219
Australia and Oceania: 35.189.47.23
Skip "DNS 2" configuration and press "Connect"
Wait for the Captive Portal opened. If it is opened it will the proof that DNS is working! Either it means that update blocking not work for you.
In the Captive Portal use remote control buttons to navigate Menu -> Settings -> Fire TV -> Close Captive Portal
Press Back button on the remote control
Press Play/Pause button on selected wifi network to check network status, it should show the online status
Go to My Fire TV -> About -> Check for Updates and if you see "Update Error" message, it is working
While the DNS settings are there, you are safe to stay on current firmware, and no updates going to be installed in background.
To test does your ISP/router replacing DNS requests, you can use this command:
nslookup test.idns [DNS SERVER]
In result it should produce the line with 1.2.3.4 address, it means it is working fine for you.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
If you find any issues, please write them in comments.
--------
Disable OTA if you have a root rights, no DNS needed, run as root in shell:
Code:
mount -o rw,remount /system
echo -e '\n0.0.0.0 softwareupdates.amazon.com' > /etc/hosts
Great, thank you.
I'd like to give this a try later.. Excited for it to work. Can you please proofread #11 and clarify, mostly the 2nd half? Seems a critical point in the process.
@Ighor Thanks.
Who's DNS servers are these?
I'm assuming that Amazon update servers have been blocked from these DNS servers, I'm just wondering who's managing them?
Alternatively, you can block updates through your router. Blocking updates on the FireTV itself is best and easiest, second best option is via your router, and last resort is DNS.
An old walkthrough that talks about all the ways of blocking updates and the benefits of each
How to block software updates on the Amazon Fire TV or Fire TV Stick
All versions of the Amazon Fire TV will download and install software updates automatically. There is no option to disable or reject software updates. Whether you have a rooted Fire TV or not, this guide will show you all the methods for blocking software updates on Fire TV devices.
www.aftvnews.com
Finnzz said:
Who's DNS servers are these?
Click to expand...
Click to collapse
It is my servers, running since 2014 for different purposes. Since my DNS engine is very flexible I can create a rules to provide different features for different devices. So Fire TV support is now added.
For example in Open DNS you can't create rules for *amazon*updates*, but my server has those possibilities, it catching regional and any possible new domains also.
Ighor said:
It is my servers, running since 2014 for different purposes. Since my DNS engine is very flexible I can create a rules to provide different features for different devices. So Fire TV support is now added.
For example in Open DNS you can't create rules for *amazon*updates*, but my server has those possibilities, it catching regional and any possible new domains also.
Click to expand...
Click to collapse
Ok, yeah I figured someone needed to be managing the Amazon addresses The more options the better.
Why do you have different servers for different regions? Are your servers physically looking located in different parts of the world?
Are your servers going to be able to handle thousands of FireTV devices?
Finnzz said:
Are your servers physically looking located in different parts of the world?
Click to expand...
Click to collapse
Yes. So you get lower ping if you choose nearest one.
Finnzz said:
Are your servers going to be able to handle thousands of FireTV devices?
Click to expand...
Click to collapse
It handles millions of requests every day with 2% CPU usage, so answer is yes.
Ok thank you!
I have to say I have one big concern. Using the DNS servers of a private individual that you don't know is a bit of a security risk, and can be used in malicious ways.
What Is DNS, and Should I Use Another DNS Server?
However, if your computer or network is pointed at a malicious DNS server set up by a scammer, the malicious DNS server could respond with a different IP address entirely. In this way, it’s possible that you could see “facebook.com” in your browser’s address bar, but you may not actually be at the real facebook.com. Behind the scenes, the malicious DNS server has pointed you to a different IP address.
Click to expand...
Click to collapse
I appreciate the gesture you are making to help everyone out, but I'm also wondering how the average user can determine if the DNS servers are trustworthy?
I don't mean to offend you, but being cautious is always best when it comes to security.
It's similar to recommending that you only install apps from trusted sources, and only give ADB access to very trusted sources.
When a stranger offers you a ride home you take a greater risk than if you use public transportation lol
Finnzz said:
Using the DNS servers of a private individual that you don't know is a bit of a security risk, and can be used in malicious ways.
Click to expand...
Click to collapse
Finnzz said:
I'm also wondering how the average user can determine if the DNS servers are trustworthy?
Click to expand...
Click to collapse
That is fair thing to worry about if you are using unknown DNS on your PC. Since the risk is in you, when you enter the website, you may not notice that you are forgot to add https:// but using http://, or you may mistakenly agree to trust unknown certificate if prompted. In that case someone can see your traffic.
But if you use that with the device, there is no choice, it always uses https:// so if someone will try to catch your traffic, they will fail with ssl errors. So technically you don't have to trust a DNS server or a VPN if you are entering that to your Android/iOS device (and not using Internet browsers).
Anyway if anyone replaces DNS records by malicious IP address, at least some users can notice the certificate warnings and report them. In another cases websites may notify you about unusual logins, from another countries (if someone have catch your unencrypted traffic). I never did anything like that so you won't find any reports about my DNS servers.
Ighor said:
Anyway if anyone replaces DNS records by malicious IP address, at least some users can notice the certificate warnings and report them. I never did anything like that so you won't be able to find any reports about my DNS servers.
Click to expand...
Click to collapse
Yeah sorry, I hate to bring it up. I think everyone knows they take a risk when installing new apps, but far less know the potential of a malicious DNS server. I don't like asking the questions, because just the question insinuates something negative. Nothing against you personally.
Thank you for sharing your DNS. Hopefully you can save a few FireTV users on your arc before the next update that really does some damage.
Ighor said:
Here is instructions of how to block Updates on a Fire TV...
Click to expand...
Click to collapse
Finnzz said:
@Ighor...Alternatively, you can block updates through your router. Blocking updates on the FireTV itself is best and easiest, second best option is via your router, and last resort is DNS.
An old walkthrough that talks about all the ways of blocking updates and the benefits of each
How to block software updates on the Amazon Fire TV or Fire TV Stick
All versions of the Amazon Fire TV will download and install software updates automatically. There is no option to disable or reject software updates. Whether you have a rooted Fire TV or not, this guide will show you all the methods for blocking software updates on Fire TV devices.
www.aftvnews.com
Click to expand...
Click to collapse
Finnzz said:
Ok thank you!
I have to say I have one big concern. Using the DNS servers of a private individual that you don't know is a bit of a security risk, and can be used in malicious ways...
...I appreciate the gesture you are making to help everyone out, but I'm also wondering how the average user can determine if the DNS servers are trustworthy?
I don't mean to offend you, but being cautious is always best when it comes to security...
Click to expand...
Click to collapse
Finnzz said:
...I hate to bring it up. I think everyone knows they take a risk when installing new apps, but far less know the potential of a malicious DNS server. I don't like asking the questions, because just the question insinuates something negative. Nothing against you personally...
Click to expand...
Click to collapse
I certainly appreciate the GENEROSITY of a "Technologically Competent" person offering their services to "Technologically Incompetent" folks, but *WHY* would someone TRUST a stranger to block specific DNS addresses when they could:
Block them locally on THEIR OWN router?
Block them locally on THEIR OWN DHCP server (I use Pi-Hole on a Raspberry Pi 3B)?
Block them with (well-known, established) OpenDNS (Method 4 on the AFTVNews article, as per the LINK posted by @Finnzz )?
TBD...
TakeTheActive said:
I certainly appreciate the GENEROSITY of a "Technologically Competent" person offering their services
Click to expand...
Click to collapse
Yeah, really nice
TakeTheActive said:
but *WHY* would someone TRUST a stranger to block specific DNS addresses when they could:
Block them locally on THEIR OWN router?
Block them locally on THEIR OWN DHCP server (I use Pi-Hole on a Raspberry Pi 3B)?
Block them with (well-known, established) OpenDNS (Method 4 on the AFTVNews article, as per the LINK posted by @Finnzz )?
TBD...
Click to expand...
Click to collapse
If you set up a local proxy server with a program like charles proxy or mitm, you can see all the traffic the fireTV generates on your PC... you see all the data, in listings, well ordered by process.
Almost all of this traffic and data is useless crap, since almost all of this stuff is encrypted.
Only thing readable is advertising sh*t and some meta statistics.
Anyways, a DNS server wont sniff any of this data, it gets only DNS requests, so it will most likely be perfectly fine and a very convenient method for users (users without a pi-hole or a capable router, capable to block encrypted DNS requests).
Btw, it's also a working and very common method to block updates on homebrewed PS4 and nintendo switch devices
Ighor said:
Here is instructions of how to block Updates on a Fire TV.
Important!
Recently a Fire TV update released, it blocks any way to disable auto updates, except this one
Some ISP are replacing client DNS requests by their own answers, in that case this method won't work.
DNS configuration saved per access point, if you connect to another Wi-Fi you need to enter the DNS again.
If you connect a VPN, DNS settings will be ignored, so you can use VPN only if it works per app and not system wide.
No PC needed
Step by step instruction
Go to your Fire TV Network settings and remove all networks except one you going to use. (Menu -> OK)
While connected to the Wi-Fi network you use, go to My Fire TV -> About -> Network and save "IP Address", "Gateway", "Subnet Mask" somewhere, or take a picture
Go to Network settings and remove your Wi-Fi connection
Start connecting to your Wi-Fi access point again, enter password but don't press Next
Press "Advanced" button at the bottom center
Enter the IP Address saved in the 2. step and press Next
Enter the Gateway address saved in the 2. step and press Next
Enter Network Prefix Length, get it from this page using "Subnet Mask" saved in the step 2. and press Next
Enter DNS address, pick up nearest one from the list below, and press Next
USA: 104.154.51.7
Europe: 104.155.28.90
Asia: 104.155.220.58
South America: 35.199.88.219
Australia and Oceania: 35.189.47.23
Skip "DNS 2" configuration and press "Connect"
Wait for the Captive Portal opened. If it is opened it will the proof that DNS is working! Either it means that update blocking not work for you.
In the Captive Portal use remote control buttons to navigate Menu -> Settings -> Fire TV -> Close Captive Portal
Press Back button on the remote control
Press Play/Pause button on selected wifi network to check network status, it should show the online status
Go to My Fire TV -> About -> Check for Updates and if you see "Update Error" message, it is working
While the DNS settings are there, you are safe to stay on current firmware, and no updates going to be installed in background.
To test does your ISP/router replacing DNS requests, you can use this command:
nslookup test.idns [DNS SERVER]
In result it should produce the line with 1.2.3.4 address, it means it is working fine for you.
View attachment 5528199
If you find any issues, please write them in comments.
Click to expand...
Click to collapse
Used the US dns sever listed here, setup my vpn to tunnel per app basis and it still updated anyways. Also most available URLs for Amazon update services have also been blacklisted on my router!
Why is this happening?
ruky23 said:
Why is this happening?
Click to expand...
Click to collapse
VPN is overriding DNS settings by their own
This doesn't seem to work any more. I got a new 4K Max stick and before I plugged it in I made sure your US server was setup as my router's DNS to assign to DHCP clients. It still found an update and rebooted to install it before I could unplug the router.
PeteyNice said:
This doesn't seem to work any more. I got a new 4K Max stick and before I plugged it in I made sure your US server was setup as my router's DNS to assign to DHCP clients. It still found an update and rebooted to install it before I could unplug the router.
Click to expand...
Click to collapse
Are you sure your ISP does not replace dns answers by their own?
Ighor said:
Are you sure your ISP does not replace dns answers by their own?
Click to expand...
Click to collapse
Yes, I am sure. I changed it from a pi hole I setup that I know works.
PeteyNice said:
Yes, I am sure. I changed it from a pi hole I setup that I know works.
Click to expand...
Click to collapse
While DNS server is local, pi hole is, ISP can't replace dns requests.
It is possible only for remote DNS servers, like mine.
What is nslookup answer of the line posted in the picture of this thread?
Ighor said:
While DNS server is local, pi hole is, ISP can't replace dns requests.
It is possible only for remote DNS servers, like mine.
What is nslookup answer of the line posted in the picture of this thread?
Click to expand...
Click to collapse
It worked as expected. One thing I noticed, now that it is setup, is that it is including Google DNS along with my pi hole. I wonder if it tried Google when your server failed to resolve it.
PeteyNice said:
is that it is including Google DNS
Click to expand...
Click to collapse
it is using random, or both at the same time, and of course in my DNS it failed, so it take DNS answer from the second DNS
To get it work, only my DNS server need to be set.
Also please don't set my DNS server to your router, but to Fire TV directly. Because to prevent domain bruteforce by scammers, I made special conditions when it works and when doesn't. And if you turn off your Fire TV for a while, my DNS will stop working next day for your IP.
FireTV OTA firmware updates previously came from:
https://d1s31zyz7dcc2d.cloudfront.net
This has now changed to:
https://prod.ota-cloudfront.net
Another variation:
https://d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net/
For anyone that is blocking updates through their router or via DNS, add the new address to your block list
EDIT: After a day of getting OTA updates from prod.ota-cloudfront.net, OTAs are now coming from d1s31zyz7dcc2d.cloudfront.net again.
prod.ota-cloudfront.net may be a backup address or Amazon is testing out the transition to the new address. Either way, better to keep both blocked
BLOCK THESE:
FireTV contacts this address to request updates:
https://softwareupdates.amazon.com
Then OTA updates are sent to the FireTV from these addresses:
https://d1s31zyz7dcc2d.cloudfront.net
https://prod.ota-cloudfront.net
https://d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net/
Another OTA url variation to add to your blocklist
https://d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net/
Finnzz said:
Another OTA url variation to add to your blocklist
https://d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net/
Click to expand...
Click to collapse
Can you please post your full blacklist of urls? I want to block them.
ForbEx said:
Can you please post your full blacklist of urls? I want to block them.
Click to expand...
Click to collapse
Updated the op, you want to block those 4 addresses.
There are a lot of old block lists that copy each other. They include OTA URL's for FireHD tablets, Kindle and maybe even Echo updates.
It's important that you block the https:// form of the URL. Most routers can only block http:// URLs. DNS blocking can be used for https://
After you block the addresses, go to FireOS settings and check for updates. You should get an error. If not, the block isn't working.
Finnzz said:
Updated the op, you want to block those 4 addresses.
There are a lot of old block lists that copy each other. They include OTA URL's for FireHD tablets, Kindle and maybe even Echo updates.
It's important that you block the https:// form of the URL. Most routers can only block http:// URLs. DNS blocking can be used for https://
After you block the addresses, go to FireOS settings and check for updates. You should get an error. If not, the block isn't working.
Click to expand...
Click to collapse
Ok friend, I Successfully blocked it.
Think this is true on my router. The https is not being blocked.
ktjensen said:
Think this is true on my router. The https is not being blocked.
Click to expand...
Click to collapse
It's pretty rare for a consumer grade routers to be able to block specific https addresses directly. I think it's much more likely you find consumer routers that support DNS based https blocking.
If that's not an option you can use Ighor's DNS to block updates or an app like DNS Rethink that will let you block any app from the internet on your FireTV. You would block the OTA app.
Works like a charm in Pi-hole:
Code:
firetvcaptiveportal.com
d1s31zyz7dcc2d.cloudfront.net
amzdigital-a.akamaihd.net
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
prod.ota-cloudfront.net
d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net
I would like to add, after installing all these URL's into my router, my FS max started the crappy launcher, but only gave three options, and said something like "Home service unavailable". In the Network config, it reported no internet access. The (play/pause) button was inactive, but might be due to some NoBloat setting I had been playing with. At first I was unable to get past it, but I pressed 'home' and the Wolf launcher appeared. All the apps worked too. After I restarted it, the manager launched Wolf after a few seconds. So I guess this blocks a lot more than just the updates, but I'm good with that.
Life is good.
(My first post, please be kind)
@Finnzz Was doing some network checks while clicking the "Check-For-Updates" in settings and got the direct IP addresses for some of the domains that are queried when you do a check for updates using my 2nd gen. Cube.
18.164.160.156 = d1s31zyz7dcc2d.cloudfront.ota-cloudfront.net
18.160.2.68 = server-18-160-2-68.iad12.r.cloudfront.net
52.46.155.120 = softwareupdates.amazon.com
176.32.101.122 ~ my best guess is proxy to softwareupdates.amazon.com
176.32.99.246 ~ my best guess is proxy to softwareupdates.amazon.com
If looking at logs the system app <com.amazon.device.software.ota> will query an AWS domain (arcus-uswest.amazon.com) 4x then error out with domains blocked, or query AWS 4x then query one of the softwareupdates.amazon.com IP's 3x in succession then an additional 4x back to AWS when it can't connect to download updates.
In none of my tests did my device ever try connecting to
https://prod.ota-cloudfront.net
-- but maybe that is only due to there being no full firmware update available at that time of my tests.
Noticed that the set DNS ip's were being Bypassed on my FireHD tablets while running Rethink(DNS), a great DNS+Firewall app @ rethinkdns.com for more info if you don't already know about it; anyways, my router points towards two Adguard DNS ip's and somehow the Android System or FireOS itself was still trying to use a third DNS <net.dns3=8.8.8.8>.
So, to stop some of this extra chatter, I've since routed the third DNS to localhost on two different FireHD tablets and my 2nd Gen. FireTV Cube without any adverse effects.
ADB shell:
Code:
settings put global default_dns_server "127.0.0.1"
reboot
*note: need to reboot for it to wipe out the default third dns.
Question, is there any reason not to do this? Let me know.
What firmware is your FireTV on? Any idea how long it's been using the 3rd DNS?
I wonder if being able to fall back to a 3rd DNS might be one way for Amazon to bypass DNS-based OTA blocks.
Finnzz said:
What firmware is your FireTV on?
Click to expand...
Click to collapse
My Cube2 is on FireOS 7.6.3.3 (PS7633/3445).
Finnzz said:
Any idea how long it's been using the 3rd DNS?
Click to expand...
Click to collapse
I think it has been like this forever. I can't remember where, but in one forum it was mention that Android would try to bypass the set DNS, since that time I have used that ADB command above to point to Cloudflare or Adguard, but recently had the idea that I should just null out the query by sending it the localhost 127.0.0.1 instead.
Finnzz said:
I wonder if being able to fall back to a 3rd DNS might be one way for Amazon to bypass DNS-based OTA blocks.
Click to expand...
Click to collapse
I'm thinking that the usage of the third DNS is just for a "Hello, I'm Here" type of ping query that Google or Amazon added to Android, some type of tracking fallback, or Amazon Alexa's ability to create a third network for Echo/Ring bullsh*t subnet communications.
If you have a FireHD tablet with Google Play Store, install the app SetEdit_SettingsDatabaseEditor, it can quickly query Android Properties and "net.dns1" && "net.dns2" will be your router's default DNS servers and "net.dns3" will be Google's 8.8.8.8 DNS.
Ok, if it's been using that DNS for a long time it may not be anything to worry about.
I always worry about Amazon sneaking in a Trojan and then not activating it for an update or more.
I'm just waiting them to do something about DNS based OTA blocking.