DNS problem with PFGEUXM 11.0.6.0 - Xiaomi Redmi Note 7 Questions & Answers

Hello
Since the latest PFGEUXM 11.0.6.0 update it happens that all DNS based adblock apps including DNS based VPNs with adblock features, do not work. Apps like Blockada, AdGuard etc completely block internet access due to unresolved hosts, VPNs only provide IP spoofing while they let ads popping up on web pages and apps. I submitted the problem to my VPN customer service and after their analysis looks like the device doesn't allow connections to different DNS servers other than that set by system firmware.
This has started since latest update release. PFGEUXM 11.0.6.0. No problem with former 11.0.4.0.
It's there a way to fix it without rooting the device? I'm using several banking apps that do not work on rooted devices.
Thanks

Related

Wifi Adblocker not working.

I can't get it to work no matter how many times I hit Overwrite/Repair network.
The 0.10.1_beta update was supposed to fix Lollipop issues,but it still fails.
https://app.usb0.net/wifiadblock.en.html
Wifi Adblocker doesn't require root and works way better (rooted 1st-gen FireTV on 4.2.2 JellyBean) than even the other ad blockers that need root.
It even works on the Sony NSZ-GS7 GoogleTV,the first device I had it on.
AdblockPlus is abyssmally slow without root when on the proxy server and causes frequent SSL errors.
Damn you Lollipop troubles! :crying:
Is there any other ad blocker that doesn't require root and also doesn't immensely bog down internet performance?
Mainly one that uses a DNS server to block the ads would be the most useful.
Edit: Found a workaround by changing my DNS manually to the one I have on my FireTV.
So if anyone has a device that can successfully use this ad blocker,you can get the dns1 and dns2 numbers by using 7zipper 2.0 to view the information.

Block OTA updates without root

Been using this for a while with older fires but just got a 10 HD with 5.3.1. Was poking around here seeing if a rooting method already exists and noticed a lot of people stuck on 5.3.1, another update looming and everyone saying you can't block updates without root. Actually it's pretty easy.
Head on over to opendns
Sign up for a Home Free account (completely free)
Login and go to the dashboard and click the "Settings" tab
There will be an area to "add a network" or something similar
Type your WAN ip address here ( whatsmyip.com can help you find that)
Click "Add this network" or whatever it says on the button
Your address will be added to the network list
Click on the drop down menu next to "Settings for:" and select the network you just added
Using the “Manage individual domains” area at the bottom of the page, add the following four domains set to “Always block”:
amzdigital-a.akamaihd.net
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
Now, to use this service, you have to change the DNA settings in your router at home. This step will vary from brand to brand so Google it.
The two DNS IP addresses you need should be listed at the bottom of your OpenDNS dashboard page. Currently, they are 208.67.222.222 and 208.67.220.220
But they might have changed by the time you follow this. Simply add those DNS server names to your router, apply the changes and then check for a system update on your fire. It should say "Update check failed. " Voila!
.!!!!THINGS TO REMEMBER!!!!.
When using OpenDNS, you need to ensure you update the service if your home IP changes. They have utilities you can install on your PC to do this automatically. If your home IP changes and you don’t update OpenDNS, your Fire will be able to access updates.
If you take your Fire with you somewhere and connect to another network, your file will have access to updates.
There may be an app that lets you set DNS servers on the Fire itself or block domains, but since mine stays home, I've never looked into it.
Remember, not updating is half the battle.!
you can change the DNS in the device vs the router for those that want to do it that way (do for each access point)
https://support.opendns.com/hc/en-u...ndroid-Configuration-instructions-for-OpenDNS
If my Kindle says "No updates found" did I do it properly? I changed settings on my android, not the router itself, since I don't have access to the router's settings
Note: This method will no longer work on devices with version 5.3.3.0. Amazon will let you input the information, but won't allow you to save it.
You can use something like the NetGuard app below to block the necessary Amazon OTA update services whilst on WiFi, I briefly checked it out and it seemed to work when checking for updates.
https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
Gilly10 said:
You can use something like the NetGuard app below to block the necessary Amazon OTA update services whilst on WiFi, I briefly checked it out and it seemed to work when checking for updates.
https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
Click to expand...
Click to collapse
Since there is no other option to connect to the internet other than WiFi, how else would updates get applied? That might be a dumb question.
EDIT: I use NoRoot Data Firewall. I pretty much have everything related or possibly related to Amazon and/or their OTA updates, blocked. I do see you need to allow Download Manager access to the internet to do any updates in Google Play.
NetGuard looks really awesome. I like I can choose system apps. I need to look at it more to understand the rules, but I am not liking the fact you have to pay to view the logs. Also I maybe missing it, but I didn't see where you can add individual IPs or block domains.
Thanks , it's still working on 5.3.3
Thank you theabsinthehare,
This work like a charm on my brand new (cheap) Amazon Fire HD 8 (7th generation - 2017) with Fire OS 5.3.3.0.
FYI: here are my steps:
follow instructions above from first post,
with my Internet provider , I am unable to change my router's DNS settings, So I connect the tablet to the wifi. I then can see that an update has been downloaded and is ready to be installed.
I capture the IP config manually (IP address , gateway)
I Factory Reset the tablet (brand new), before the update to be installed
I reconnect on the wifi, but this time I go to advanced settings to change DHCP to static, to provide all details manually and change the DNS settings.
Check in Updates that the tablet is unable to download any updates
Perfect,
Thanks
Gilly10 said:
You can use something like the NetGuard app below to block the necessary Amazon OTA update services whilst on WiFi, I briefly checked it out and it seemed to work when checking for updates.
https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
Click to expand...
Click to collapse
How did you do this in netguard? What did you block?
spyrou007 said:
Thank you theabsinthehare,
This work like a charm on my brand new (cheap) Amazon Fire HD 8 (7th generation - 2017) with Fire OS 5.3.3.0.
FYI: here are my steps:
follow instructions above from first post,
with my Internet provider , I am unable to change my router's DNS settings, So I connect the tablet to the wifi. I then can see that an update has been downloaded and is ready to be installed.
I capture the IP config manually (IP address , gateway)
I Factory Reset the tablet (brand new), before the update to be installed
I reconnect on the wifi, but this time I go to advanced settings to change DHCP to static, to provide all details manually and change the DNS settings.
Check in Updates that the tablet is unable to download any updates
Perfect,
Thanks
Click to expand...
Click to collapse
I just block all Amazon apps from the internet. I then watch the IPs that try to connect and block them manually. I also use the host name blocker in NetGuard and the filters. Yes I paid for licenses. It's well worth it.
So with dynamic ip, I allways have to reconfigure the dns once it changed?
Gilly10 said:
You can use something like the NetGuard app below to block the necessary Amazon OTA update services whilst on WiFi, I briefly checked it out and it seemed to work when checking for updates.
https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
Click to expand...
Click to collapse
Which apps did you block?
Can you get rid of intrusive ads in apps this way?
scoy2007 said:
Can you get rid of intrusive ads in apps this way?
Click to expand...
Click to collapse
With netguard? Yes, in the paid version when downloading latest version from github rather than play store
pi hole to the rescue
i just got the Fire 10 from BF sale.
it came with 5.4.1.0. then overnight, it updated itself to 5.6.0.0. i also wanted to block OTA and i have a pi-hole. so i blacklisted these:
aws.amazon.com
s3.amazonaws.com
amzdigital-a.akamaihd.net
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
anything else i should block too?
tung2567 said:
i just got the Fire 10 from BF sale.
it came with 5.4.1.0. then overnight, it updated itself to 5.6.0.0. i also wanted to block OTA and i have a pi-hole. so i blacklisted these:
aws.amazon.com
s3.amazonaws.com
amzdigital-a.akamaihd.net
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
anything else i should block too?
Click to expand...
Click to collapse
Look for DeviceSoftwareOTA.apk as well.
I used No Root Firewall to allow everything except Software OTA, Forced OTA, and Special Offers (not needed to block updates, but I hate lock screen ads). The funky DNS workarounds might work, until I bring my Fire to literally any other wifi network where it can check for updates.
Add System updates as well!
sflesch said:
Which apps did you block?
Click to expand...
Click to collapse
After unboxing, before first connection to the internet, I adb-sideloaded the Netguard apk (from their official github page). Then i enabled blocking system apps, and searched for the keyword OTA. Then I found and blocked:
DeviceSoftwareOTA
Forced OTA
System Updates (<< this is then automatically selected along with DeviceSoftwareOTA, maybe one is an alias for the other)
I then connected to wifi, and checked for new updates. Result: check failed, so I assume all is well.
Merdeke said:
After unboxing, before first connection to the internet, I adb-sideloaded the Netguard apk (from their official github page). Then i enabled blocking system apps, and searched for the keyword OTA. Then I found and blocked:
DeviceSoftwareOTA
Forced OTA
System Updates (<< this is then automatically selected along with DeviceSoftwareOTA, maybe one is an alias for the other)
I then connected to wifi, and checked for new updates. Result: check failed, so I assume all is well.
Click to expand...
Click to collapse
Yeah, I blocked the same and few more. Altogether 6. I may unblock rest and leave only those you have listed.

DNS forwarding not working

I've rooted my first android device yesterday (Samsung J530f) for the purpose of system wide proxyfication through a local network socks proxy. In other words, I have a socks5 client running on my PC to which I connect from my android device using a local IP in Socksdroid. The traffic coming from the android device is then proxified through the socks set in the client on my PC.
I have however huge issues with android getting the DNS server remotely, based on the proxy IP. I've tried different DNS related apps including Override DNS and DNS forwarder, but I get some very strange results. In the same browser on different checkers I get DNS servers from different countries, yet none of them are the servers that I manually set in either Override DNS and DNS forwarder. I've tried 3-4 different apps and none of them seem to work in the way intended and give inconsistent and glitchy results, so I start to suspect that there's something that prevents these apps from functioning properly.
The only way that I managed to get DNS to function like intended is to set network.proxy.socks_remote_dns to true in firefox nightly, but then again, it only uses the right DNS in one browser, and not the entire system.
Does anyone have any suggestions on what I could do to get DNS working consistently and properly?
Thx.

When VPN down, block app - When VPN up, allow app

Hello...
I have a Mi Box S device. It has the lastest updates.
Basically - what I am trying to do is when my VPN is up, an app is allowed to run (so do nothing). When the VPN is down, block the app.
I do not have ROOT.
I have tried various firewalls on the device that do not need ROOT and blocks apps - but they work by creating a separate VPN connection for the device. When I switch on my VPN, the firewall stops working. When I switch my VPN off, the firewall needs to be manually started.
If I had ROOT, I would edit IPTABLES to block everything except the IP \ PORTS needed for my VPN to work, and that would solve the issue. No apps would have Internet access until my VPN was active.
Ideas welcome. I am not against rooting the device - however - for the newest versions of the Android TV boxes, it seems to cause many more issues and does not seem to be worth the risk.
THANK YOU!
I do NOT know the answer to your question and I don't have Android TV, so ignore this if it doesn't help...
On the PC there are various VPN killswitch batch files that simply remove the LAN gateway, which works PERFECTLY to do what you ask on a PC:
Start VPN and then start the VPN killswitch
If the VPN is on, the LAN and WAN are accessed
The instant the VPN drops, the WAN is dropped
But the LAN remains intact
Maybe something like that is available for Android?
Googling, we get a lot of hits for Android VPN-specific killswitches.
Each Android public VPN server seems to have their own killswitch.
For example, here's one for private vpn on Android.
But there should be a killswitch for Android WITHOUT having to use any given VPN public server.
This hit implies it's a part of the Android settings.
But unfortunately my Android 12 doesn't have those VPN killswitch settings.
Does yours?
Solved. Admittedly - this solution works for me but might not work for others.
I host my own VPN server 'in the cloud' and, as part of that server, it's own DNS server.
Manually set the IP and DNS on the Mi Box S. Set the DNS to an INTERNAL DNS address that is only available when the VPN is running.
The app in question needs DNS to function. When the VPN is down, no functioning DNS, app does not function.
When the VPN is up, DNS functions, the app functions.
Good enough for me...

PSA FireTV OTA update URL has changed

FireTV OTA firmware updates previously came from:
https://d1s31zyz7dcc2d.cloudfront.net
This has now changed to:
https://prod.ota-cloudfront.net
Another variation:
https://d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net/
For anyone that is blocking updates through their router or via DNS, add the new address to your block list
EDIT: After a day of getting OTA updates from prod.ota-cloudfront.net, OTAs are now coming from d1s31zyz7dcc2d.cloudfront.net again.
prod.ota-cloudfront.net may be a backup address or Amazon is testing out the transition to the new address. Either way, better to keep both blocked
BLOCK THESE:
FireTV contacts this address to request updates:
https://softwareupdates.amazon.com
Then OTA updates are sent to the FireTV from these addresses:
https://d1s31zyz7dcc2d.cloudfront.net
https://prod.ota-cloudfront.net
https://d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net/
Another OTA url variation to add to your blocklist
https://d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net/
Finnzz said:
Another OTA url variation to add to your blocklist
https://d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net/
Click to expand...
Click to collapse
Can you please post your full blacklist of urls? I want to block them.
ForbEx said:
Can you please post your full blacklist of urls? I want to block them.
Click to expand...
Click to collapse
Updated the op, you want to block those 4 addresses.
There are a lot of old block lists that copy each other. They include OTA URL's for FireHD tablets, Kindle and maybe even Echo updates.
It's important that you block the https:// form of the URL. Most routers can only block http:// URLs. DNS blocking can be used for https://
After you block the addresses, go to FireOS settings and check for updates. You should get an error. If not, the block isn't working.
Finnzz said:
Updated the op, you want to block those 4 addresses.
There are a lot of old block lists that copy each other. They include OTA URL's for FireHD tablets, Kindle and maybe even Echo updates.
It's important that you block the https:// form of the URL. Most routers can only block http:// URLs. DNS blocking can be used for https://
After you block the addresses, go to FireOS settings and check for updates. You should get an error. If not, the block isn't working.
Click to expand...
Click to collapse
Ok friend, I Successfully blocked it.
Think this is true on my router. The https is not being blocked.
ktjensen said:
Think this is true on my router. The https is not being blocked.
Click to expand...
Click to collapse
It's pretty rare for a consumer grade routers to be able to block specific https addresses directly. I think it's much more likely you find consumer routers that support DNS based https blocking.
If that's not an option you can use Ighor's DNS to block updates or an app like DNS Rethink that will let you block any app from the internet on your FireTV. You would block the OTA app.
Works like a charm in Pi-hole:
Code:
firetvcaptiveportal.com
d1s31zyz7dcc2d.cloudfront.net
amzdigital-a.akamaihd.net
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
prod.ota-cloudfront.net
d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net
I would like to add, after installing all these URL's into my router, my FS max started the crappy launcher, but only gave three options, and said something like "Home service unavailable". In the Network config, it reported no internet access. The (play/pause) button was inactive, but might be due to some NoBloat setting I had been playing with. At first I was unable to get past it, but I pressed 'home' and the Wolf launcher appeared. All the apps worked too. After I restarted it, the manager launched Wolf after a few seconds. So I guess this blocks a lot more than just the updates, but I'm good with that.
Life is good.
(My first post, please be kind)
@Finnzz Was doing some network checks while clicking the "Check-For-Updates" in settings and got the direct IP addresses for some of the domains that are queried when you do a check for updates using my 2nd gen. Cube.
18.164.160.156 = d1s31zyz7dcc2d.cloudfront.ota-cloudfront.net
18.160.2.68 = server-18-160-2-68.iad12.r.cloudfront.net
52.46.155.120 = softwareupdates.amazon.com
176.32.101.122 ~ my best guess is proxy to softwareupdates.amazon.com
176.32.99.246 ~ my best guess is proxy to softwareupdates.amazon.com
If looking at logs the system app <com.amazon.device.software.ota> will query an AWS domain (arcus-uswest.amazon.com) 4x then error out with domains blocked, or query AWS 4x then query one of the softwareupdates.amazon.com IP's 3x in succession then an additional 4x back to AWS when it can't connect to download updates.
In none of my tests did my device ever try connecting to
https://prod.ota-cloudfront.net
-- but maybe that is only due to there being no full firmware update available at that time of my tests.

Categories

Resources