Related
Hi everyone,
Simple question ... I've installed Ad free to download (I guess) a host file containing ad sources so browsing is less frustrating and probably faster.
Is there a similar way to add a list of porn websites to the host file? If it's not similar, how difficult could it be? I know a bit of Java and linux, but doing this on a phone might be out of my reach at this point.
Some direction would be welcome. Thanks!
If you know the sites you'd like to block, you could pull the hosts file yourself, edit it with notepad, and then repush it.
Just want to make sure I'm reading this right.... 3shirtlessmen wants to modify his hosts file to block pornography.
Sounds like a great setup for a joke.
timmins said:
Just want to make sure I'm reading this right.... 3shirtlessmen wants to modify his hosts file to block pornography.
Sounds like a great setup for a joke.
Click to expand...
Click to collapse
Look at the nick...
on wifi you can set the DNS server to openDNS I've never used it but from what i understand you can configure it to block sites, also i believe there was a script that could be run on rooted phones to change the 3g DNS server as well but i don't know if it works on the nexus or where to find it other than on the g1 board.
godsfilth said:
on wifi you can set the DNS server to openDNS I've never used it but from what i understand you can configure it to block sites, also i believe there was a script that could be run on rooted phones to change the 3g DNS server as well but i don't know if it works on the nexus or where to find it other than on the g1 board.
Click to expand...
Click to collapse
I use opendns on my router to block filesharing and proxies - it works well (though someone fairly technical will always find a way around it). The issue I have is that it does not play nice with vpn's (even when I have configured the opendns account for the vpn) and I can't change the dns settings on my nexus to use google dns (even with the settings in the dns field), as it still seems to pick up the settings from the router. If you don't use vpn, and are happy for all devices to be subject to the same restrictions, then opendns may be the answer (or at least it will block that content on your internet connection).
OpenDNS is used on my home network, and it does block pornography. This is meaningless on a phone when you can disable wireless though. Thanks for the tip.
How do I push and pull the host file from the phone?
Nesousx said:
Look at the nick...
Click to expand...
Click to collapse
I literally mention the nick in my post.
Haha, yeah. No joke here. Though it is kinda ironic . . .
Been using this for a while with older fires but just got a 10 HD with 5.3.1. Was poking around here seeing if a rooting method already exists and noticed a lot of people stuck on 5.3.1, another update looming and everyone saying you can't block updates without root. Actually it's pretty easy.
Head on over to opendns
Sign up for a Home Free account (completely free)
Login and go to the dashboard and click the "Settings" tab
There will be an area to "add a network" or something similar
Type your WAN ip address here ( whatsmyip.com can help you find that)
Click "Add this network" or whatever it says on the button
Your address will be added to the network list
Click on the drop down menu next to "Settings for:" and select the network you just added
Using the “Manage individual domains” area at the bottom of the page, add the following four domains set to “Always block”:
amzdigital-a.akamaihd.net
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
Now, to use this service, you have to change the DNA settings in your router at home. This step will vary from brand to brand so Google it.
The two DNS IP addresses you need should be listed at the bottom of your OpenDNS dashboard page. Currently, they are 208.67.222.222 and 208.67.220.220
But they might have changed by the time you follow this. Simply add those DNS server names to your router, apply the changes and then check for a system update on your fire. It should say "Update check failed. " Voila!
.!!!!THINGS TO REMEMBER!!!!.
When using OpenDNS, you need to ensure you update the service if your home IP changes. They have utilities you can install on your PC to do this automatically. If your home IP changes and you don’t update OpenDNS, your Fire will be able to access updates.
If you take your Fire with you somewhere and connect to another network, your file will have access to updates.
There may be an app that lets you set DNS servers on the Fire itself or block domains, but since mine stays home, I've never looked into it.
Remember, not updating is half the battle.!
you can change the DNS in the device vs the router for those that want to do it that way (do for each access point)
https://support.opendns.com/hc/en-u...ndroid-Configuration-instructions-for-OpenDNS
If my Kindle says "No updates found" did I do it properly? I changed settings on my android, not the router itself, since I don't have access to the router's settings
Note: This method will no longer work on devices with version 5.3.3.0. Amazon will let you input the information, but won't allow you to save it.
You can use something like the NetGuard app below to block the necessary Amazon OTA update services whilst on WiFi, I briefly checked it out and it seemed to work when checking for updates.
https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
Gilly10 said:
You can use something like the NetGuard app below to block the necessary Amazon OTA update services whilst on WiFi, I briefly checked it out and it seemed to work when checking for updates.
https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
Click to expand...
Click to collapse
Since there is no other option to connect to the internet other than WiFi, how else would updates get applied? That might be a dumb question.
EDIT: I use NoRoot Data Firewall. I pretty much have everything related or possibly related to Amazon and/or their OTA updates, blocked. I do see you need to allow Download Manager access to the internet to do any updates in Google Play.
NetGuard looks really awesome. I like I can choose system apps. I need to look at it more to understand the rules, but I am not liking the fact you have to pay to view the logs. Also I maybe missing it, but I didn't see where you can add individual IPs or block domains.
Thanks , it's still working on 5.3.3
Thank you theabsinthehare,
This work like a charm on my brand new (cheap) Amazon Fire HD 8 (7th generation - 2017) with Fire OS 5.3.3.0.
FYI: here are my steps:
follow instructions above from first post,
with my Internet provider , I am unable to change my router's DNS settings, So I connect the tablet to the wifi. I then can see that an update has been downloaded and is ready to be installed.
I capture the IP config manually (IP address , gateway)
I Factory Reset the tablet (brand new), before the update to be installed
I reconnect on the wifi, but this time I go to advanced settings to change DHCP to static, to provide all details manually and change the DNS settings.
Check in Updates that the tablet is unable to download any updates
Perfect,
Thanks
Gilly10 said:
You can use something like the NetGuard app below to block the necessary Amazon OTA update services whilst on WiFi, I briefly checked it out and it seemed to work when checking for updates.
https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
Click to expand...
Click to collapse
How did you do this in netguard? What did you block?
spyrou007 said:
Thank you theabsinthehare,
This work like a charm on my brand new (cheap) Amazon Fire HD 8 (7th generation - 2017) with Fire OS 5.3.3.0.
FYI: here are my steps:
follow instructions above from first post,
with my Internet provider , I am unable to change my router's DNS settings, So I connect the tablet to the wifi. I then can see that an update has been downloaded and is ready to be installed.
I capture the IP config manually (IP address , gateway)
I Factory Reset the tablet (brand new), before the update to be installed
I reconnect on the wifi, but this time I go to advanced settings to change DHCP to static, to provide all details manually and change the DNS settings.
Check in Updates that the tablet is unable to download any updates
Perfect,
Thanks
Click to expand...
Click to collapse
I just block all Amazon apps from the internet. I then watch the IPs that try to connect and block them manually. I also use the host name blocker in NetGuard and the filters. Yes I paid for licenses. It's well worth it.
So with dynamic ip, I allways have to reconfigure the dns once it changed?
Gilly10 said:
You can use something like the NetGuard app below to block the necessary Amazon OTA update services whilst on WiFi, I briefly checked it out and it seemed to work when checking for updates.
https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
Click to expand...
Click to collapse
Which apps did you block?
Can you get rid of intrusive ads in apps this way?
scoy2007 said:
Can you get rid of intrusive ads in apps this way?
Click to expand...
Click to collapse
With netguard? Yes, in the paid version when downloading latest version from github rather than play store
pi hole to the rescue
i just got the Fire 10 from BF sale.
it came with 5.4.1.0. then overnight, it updated itself to 5.6.0.0. i also wanted to block OTA and i have a pi-hole. so i blacklisted these:
aws.amazon.com
s3.amazonaws.com
amzdigital-a.akamaihd.net
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
anything else i should block too?
tung2567 said:
i just got the Fire 10 from BF sale.
it came with 5.4.1.0. then overnight, it updated itself to 5.6.0.0. i also wanted to block OTA and i have a pi-hole. so i blacklisted these:
aws.amazon.com
s3.amazonaws.com
amzdigital-a.akamaihd.net
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
anything else i should block too?
Click to expand...
Click to collapse
Look for DeviceSoftwareOTA.apk as well.
I used No Root Firewall to allow everything except Software OTA, Forced OTA, and Special Offers (not needed to block updates, but I hate lock screen ads). The funky DNS workarounds might work, until I bring my Fire to literally any other wifi network where it can check for updates.
Add System updates as well!
sflesch said:
Which apps did you block?
Click to expand...
Click to collapse
After unboxing, before first connection to the internet, I adb-sideloaded the Netguard apk (from their official github page). Then i enabled blocking system apps, and searched for the keyword OTA. Then I found and blocked:
DeviceSoftwareOTA
Forced OTA
System Updates (<< this is then automatically selected along with DeviceSoftwareOTA, maybe one is an alias for the other)
I then connected to wifi, and checked for new updates. Result: check failed, so I assume all is well.
Merdeke said:
After unboxing, before first connection to the internet, I adb-sideloaded the Netguard apk (from their official github page). Then i enabled blocking system apps, and searched for the keyword OTA. Then I found and blocked:
DeviceSoftwareOTA
Forced OTA
System Updates (<< this is then automatically selected along with DeviceSoftwareOTA, maybe one is an alias for the other)
I then connected to wifi, and checked for new updates. Result: check failed, so I assume all is well.
Click to expand...
Click to collapse
Yeah, I blocked the same and few more. Altogether 6. I may unblock rest and leave only those you have listed.
Hello there, I run several services locally on my network and need a DNS server local to my network to access them. I have a DHCP and DNS server setup to handle everything I need and this works for everything on my network except my new HD 10. The tablet will get the IP/Subnet Mask/Gateway and DNS server, but then it will add googles 8.8.8.8 as well. That'd fine and all, except that the tablet/Silk will never use my 192.168.1.1 DNS to resolve my internal servers, it just uses the google DNS. I have installed a nslookup tool and it resolves everything just fine. Next, I went in and statically set the DNS server and even added a second, which works for a few minutes, but then the tablet adds 8.8.8.8 again. The hosts it's resolving are there, every computer/tablet/phone on my network can resolve it and so can nslookup. My home DNS server can resolve whatever is needed, but this tablet is forcing stuff I don't need.
What can I do, I bought this tablet to use with things on my network (specifically) and it seems to have a mind of its own.
you might try editing the hosts file on our tablets I dunno if this will apply to us but here's a site that claims to show how to edit the hosts file on non rooted devices... This may also work in your reverse lookup zone with a manual entry for 8.8.8.8 sent to your dns server as well
https://www.techrepublic.com/article/edit-your-rooted-android-hosts-file-to-block-ad-servers/
Dunno why you're having this issue though as you mentioned DHCP is adding both yours and Google's NS and the 192 range is non routable and Google is not authoritative for that range anyways
What's your DNS/DHCP setup like? Window or Linux?
Lastly, you may also try using NAT to redirect all traffic bound for 8.8.8.8 to your DNS servers ip but this may have the added effect of any other devices on the network headed to 8.8.8.8 to return to your DNS and be unable to resolve internet addresses
You may want to do a bit of research in that regard
bladerunnernexus said:
you might try editing the hosts file on our tablets I dunno if this will apply to us but here's a site that claims to show how to edit the hosts file on non rooted devices... This may also work in your reverse lookup zone with a manual entry for 8.8.8.8 sent to your dns server as well
https://www.techrepublic.com/article/edit-your-rooted-android-hosts-file-to-block-ad-servers/
Dunno why you're having this issue though as you mentioned DHCP is adding both yours and Google's NS and the 192 range is non routable and Google is not authoritative for that range anyways
What's your DNS/DHCP setup like? Window or Linux?
Lastly, you may also try using NAT to redirect all traffic bound for 8.8.8.8 to your DNS servers ip but this may have the added effect of any other devices on the network headed to 8.8.8.8 to return to your DNS and be unable to resolve internet addresses
You may want to do a bit of research in that regard
Click to expand...
Click to collapse
Thanks, I'll try some of what you suggested. I run pfsense for my router and it has a dns resolver I use. I run some docker stuff with traefik as the reverse proxy so I need the DNS to route to stuff internally.
Dns with tls is what it wanted. I got that configured and now it works. Thanks
Noticed this as well when I added my own DNS servers for accessing work. Is there anyway to remove the 3rd DNS server entry of 8.8.8.8?
I posted this on another forum as well but I wanted to post it here for anyone who might find this. This is a hidden option in the Fire OS so I had to use ADB to turn it off. So far it appears to persist across reboots.
adb shell settings put global private_dns_mode OPTION (off was what I used) FYI no quotes just private_dns_mode off
Options are
* - opportunistic (Auto)
* - off (disabled)
There is also a "private_dns_default_mode" as well that I set to off but i'm not sure if that did anything.
jwoodard80 said:
I posted this on another forum as well but I wanted to post it here for anyone who might find this. This is a hidden option in the Fire OS so I had to use ADB to turn it off. So far it appears to persist across reboots.
adb shell settings put global private_dns_mode OPTION (off was what I used) FYI no quotes just private_dns_mode off
Options are
* - opportunistic (Auto)
* - off (disabled)
There is also a "private_dns_default_mode" as well that I set to off but i'm not sure if that did anything.
Click to expand...
Click to collapse
Oh you wonderful, wonderful person, you. This did the trick, although, it took a bit of time to make out what the exact command you were referring to was. So, to make it clearer to anybody else want to try this, it's
Code:
adb shell settings put global private_dns_mode off
Of course, the prerequisites of enabling developer options and enabling debugging as well as having a pc with adb installed and set up are assumed to be already fulfilled.
Hey guys,
I just read your posts here and treid to deactivate this pretty strange behaviour. Unfortunately, it didn't work as expected. I ran the command after enabling developer options and confirming the new connection. ADB worked without any error but still, the Fire HD10 added the 8.8.8.8 DNS server on my WiFi connection. I deactivated the connection and even deleted it to set it up again, nothing worked..
Is there anything I missed?
Thanks,
Matthias
Persistent 8.8.8.8
I also changed both parameters to OFF using adb but without any results on the FIRE 7. My guess is that they used the 8.8.8.8 DNS for their ad-based servers and as this tablet is ad-enabled (which actually makes them less expensive to buy) they wont allow changing this without rooting the device. Any suggestions ???
Well, I finally solved it on network side: I used a NAT firewall rule to ensure all traffic via port 53 (=DNS queries without encryption) goes to my internal DNS server. Of course, if the server is within your network, you'll have to add an exception for traffic to port 53 for the server.
The main qustion is if your router will support custom NAT rules.
BR,
Matthias
The adb shell settings stuff did not work for me either.
Instead of adding a nat rule I simply deny all traffic to 8.8.8.8 and 8.8.4.4. As the fires use my local dns servers as fallback everythimg now works as expected - including blocked adds in browsers.
egalus said:
The adb shell settings stuff did not work for me either.
Instead of adding a nat rule I simply deny all traffic to 8.8.8.8 and 8.8.4.4. As the fires use my local dns servers as fallback everythimg now works as expected - including blocked adds in browsers.
Click to expand...
Click to collapse
Yeah, I have taken to doing the same thing, although I'd be interested to know if anyone finds a solution rather than a workaround, as firewalling 8.8.8.8 isn't exactly elegant.
BTW: My OnePlus 6 does the same thing and adds 8.8.8.8 no matter what the DNS distributed by DHCP was - at least when DHCP only providers one DNS.
matmike said:
BTW: My OnePlus 6 does the same thing and adds 8.8.8.8 no matter what the DNS distributed by DHCP was - at least when DHCP only providers one DNS.
Click to expand...
Click to collapse
It adds 8.8.8.8 for me whether DHCP provides 1 or multiple DNS entries
So it might not be a Kindle specific topic but also affect other Android devices.
matmike said:
So it might not be a Kindle specific topic but also affect other Android devices.
Click to expand...
Click to collapse
Yeah, I found a reddit thread saying it is affecting android in general
---------- Post added at 05:43 PM ---------- Previous post was at 04:43 PM ----------
Saw someone said it doesn't add it if you pass through 3 DNS entries, but my Unifi box only seems to allow 2 (not tried overriding from command line though)
Jimsef said:
Yeah, I found a reddit thread saying it is affecting android in general
---------- Post added at 05:43 PM ---------- Previous post was at 04:43 PM ----------
Saw someone said it doesn't add it if you pass through 3 DNS entries, but my Unifi box only seems to allow 2 (not tried overriding from command line though)
Click to expand...
Click to collapse
That's interesting! I also use a UniFi network and the controller allows me to pass 4 different DNS servers via DHCP - although I only have one, I tried to put in the same address 4 times and will check if it works.
BR,
Matthias
matmike said:
That's interesting! I also use a UniFi network and the controller allows me to pass 4 different DNS servers via DHCP - although I only have one, I tried to put in the same address 4 times and will check if it works.
BR,
Matthias
Click to expand...
Click to collapse
Interesting, can you remind me where you set it, as I’m only seeing 2? Just want to check I’m looking in the right place.
Yes, sure. I'm using the UniFi controller in version 5.12.35.
The options for the DNS to-be-distributed can be found under Setting->Networks->Edit (your specific network)->DHCP-Nameserver to manual and then 4 possible entries appear. All options translated from German so it might be a bit different.
BR,
Matthias
Any solution update? fir non-unifi owners?
Here is instructions of how to block Updates on a Fire TV.
Important!
Recently a Fire TV update released, it blocks any way to disable auto updates, except this one
Some ISP are replacing client DNS requests by their own answers, in that case this method won't work.
DNS configuration saved per access point, if you connect to another Wi-Fi you need to enter the DNS again.
If you connect a VPN, DNS settings will be ignored, so you can use VPN only if it works per app and not system wide.
No PC needed
Step by step instruction
Go to your Fire TV Network settings and remove all networks except one you going to use. (Menu -> OK)
While connected to the Wi-Fi network you use, go to My Fire TV -> About -> Network and save "IP Address", "Gateway", "Subnet Mask" somewhere, or take a picture
Go to Network settings and remove your Wi-Fi connection
Start connecting to your Wi-Fi access point again, enter password but don't press Next
Press "Advanced" button at the bottom center
Enter the IP Address saved in the 2. step and press Next
Enter the Gateway address saved in the 2. step and press Next
Enter Network Prefix Length, get it from this page using "Subnet Mask" saved in the step 2. and press Next
Enter DNS address, pick up nearest one from the list below, and press Next
USA: 104.154.51.7
Europe: 104.155.28.90
Asia: 104.155.220.58
South America: 35.199.88.219
Australia and Oceania: 35.189.47.23
Skip "DNS 2" configuration and press "Connect"
Wait for the Captive Portal opened. If it is opened it will the proof that DNS is working! Either it means that update blocking not work for you.
In the Captive Portal use remote control buttons to navigate Menu -> Settings -> Fire TV -> Close Captive Portal
Press Back button on the remote control
Press Play/Pause button on selected wifi network to check network status, it should show the online status
Go to My Fire TV -> About -> Check for Updates and if you see "Update Error" message, it is working
While the DNS settings are there, you are safe to stay on current firmware, and no updates going to be installed in background.
To test does your ISP/router replacing DNS requests, you can use this command:
nslookup test.idns [DNS SERVER]
In result it should produce the line with 1.2.3.4 address, it means it is working fine for you.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
If you find any issues, please write them in comments.
--------
Disable OTA if you have a root rights, no DNS needed, run as root in shell:
Code:
mount -o rw,remount /system
echo -e '\n0.0.0.0 softwareupdates.amazon.com' > /etc/hosts
Great, thank you.
I'd like to give this a try later.. Excited for it to work. Can you please proofread #11 and clarify, mostly the 2nd half? Seems a critical point in the process.
@Ighor Thanks.
Who's DNS servers are these?
I'm assuming that Amazon update servers have been blocked from these DNS servers, I'm just wondering who's managing them?
Alternatively, you can block updates through your router. Blocking updates on the FireTV itself is best and easiest, second best option is via your router, and last resort is DNS.
An old walkthrough that talks about all the ways of blocking updates and the benefits of each
How to block software updates on the Amazon Fire TV or Fire TV Stick
All versions of the Amazon Fire TV will download and install software updates automatically. There is no option to disable or reject software updates. Whether you have a rooted Fire TV or not, this guide will show you all the methods for blocking software updates on Fire TV devices.
www.aftvnews.com
Finnzz said:
Who's DNS servers are these?
Click to expand...
Click to collapse
It is my servers, running since 2014 for different purposes. Since my DNS engine is very flexible I can create a rules to provide different features for different devices. So Fire TV support is now added.
For example in Open DNS you can't create rules for *amazon*updates*, but my server has those possibilities, it catching regional and any possible new domains also.
Ighor said:
It is my servers, running since 2014 for different purposes. Since my DNS engine is very flexible I can create a rules to provide different features for different devices. So Fire TV support is now added.
For example in Open DNS you can't create rules for *amazon*updates*, but my server has those possibilities, it catching regional and any possible new domains also.
Click to expand...
Click to collapse
Ok, yeah I figured someone needed to be managing the Amazon addresses The more options the better.
Why do you have different servers for different regions? Are your servers physically looking located in different parts of the world?
Are your servers going to be able to handle thousands of FireTV devices?
Finnzz said:
Are your servers physically looking located in different parts of the world?
Click to expand...
Click to collapse
Yes. So you get lower ping if you choose nearest one.
Finnzz said:
Are your servers going to be able to handle thousands of FireTV devices?
Click to expand...
Click to collapse
It handles millions of requests every day with 2% CPU usage, so answer is yes.
Ok thank you!
I have to say I have one big concern. Using the DNS servers of a private individual that you don't know is a bit of a security risk, and can be used in malicious ways.
What Is DNS, and Should I Use Another DNS Server?
However, if your computer or network is pointed at a malicious DNS server set up by a scammer, the malicious DNS server could respond with a different IP address entirely. In this way, it’s possible that you could see “facebook.com” in your browser’s address bar, but you may not actually be at the real facebook.com. Behind the scenes, the malicious DNS server has pointed you to a different IP address.
Click to expand...
Click to collapse
I appreciate the gesture you are making to help everyone out, but I'm also wondering how the average user can determine if the DNS servers are trustworthy?
I don't mean to offend you, but being cautious is always best when it comes to security.
It's similar to recommending that you only install apps from trusted sources, and only give ADB access to very trusted sources.
When a stranger offers you a ride home you take a greater risk than if you use public transportation lol
Finnzz said:
Using the DNS servers of a private individual that you don't know is a bit of a security risk, and can be used in malicious ways.
Click to expand...
Click to collapse
Finnzz said:
I'm also wondering how the average user can determine if the DNS servers are trustworthy?
Click to expand...
Click to collapse
That is fair thing to worry about if you are using unknown DNS on your PC. Since the risk is in you, when you enter the website, you may not notice that you are forgot to add https:// but using http://, or you may mistakenly agree to trust unknown certificate if prompted. In that case someone can see your traffic.
But if you use that with the device, there is no choice, it always uses https:// so if someone will try to catch your traffic, they will fail with ssl errors. So technically you don't have to trust a DNS server or a VPN if you are entering that to your Android/iOS device (and not using Internet browsers).
Anyway if anyone replaces DNS records by malicious IP address, at least some users can notice the certificate warnings and report them. In another cases websites may notify you about unusual logins, from another countries (if someone have catch your unencrypted traffic). I never did anything like that so you won't find any reports about my DNS servers.
Ighor said:
Anyway if anyone replaces DNS records by malicious IP address, at least some users can notice the certificate warnings and report them. I never did anything like that so you won't be able to find any reports about my DNS servers.
Click to expand...
Click to collapse
Yeah sorry, I hate to bring it up. I think everyone knows they take a risk when installing new apps, but far less know the potential of a malicious DNS server. I don't like asking the questions, because just the question insinuates something negative. Nothing against you personally.
Thank you for sharing your DNS. Hopefully you can save a few FireTV users on your arc before the next update that really does some damage.
Ighor said:
Here is instructions of how to block Updates on a Fire TV...
Click to expand...
Click to collapse
Finnzz said:
@Ighor...Alternatively, you can block updates through your router. Blocking updates on the FireTV itself is best and easiest, second best option is via your router, and last resort is DNS.
An old walkthrough that talks about all the ways of blocking updates and the benefits of each
How to block software updates on the Amazon Fire TV or Fire TV Stick
All versions of the Amazon Fire TV will download and install software updates automatically. There is no option to disable or reject software updates. Whether you have a rooted Fire TV or not, this guide will show you all the methods for blocking software updates on Fire TV devices.
www.aftvnews.com
Click to expand...
Click to collapse
Finnzz said:
Ok thank you!
I have to say I have one big concern. Using the DNS servers of a private individual that you don't know is a bit of a security risk, and can be used in malicious ways...
...I appreciate the gesture you are making to help everyone out, but I'm also wondering how the average user can determine if the DNS servers are trustworthy?
I don't mean to offend you, but being cautious is always best when it comes to security...
Click to expand...
Click to collapse
Finnzz said:
...I hate to bring it up. I think everyone knows they take a risk when installing new apps, but far less know the potential of a malicious DNS server. I don't like asking the questions, because just the question insinuates something negative. Nothing against you personally...
Click to expand...
Click to collapse
I certainly appreciate the GENEROSITY of a "Technologically Competent" person offering their services to "Technologically Incompetent" folks, but *WHY* would someone TRUST a stranger to block specific DNS addresses when they could:
Block them locally on THEIR OWN router?
Block them locally on THEIR OWN DHCP server (I use Pi-Hole on a Raspberry Pi 3B)?
Block them with (well-known, established) OpenDNS (Method 4 on the AFTVNews article, as per the LINK posted by @Finnzz )?
TBD...
TakeTheActive said:
I certainly appreciate the GENEROSITY of a "Technologically Competent" person offering their services
Click to expand...
Click to collapse
Yeah, really nice
TakeTheActive said:
but *WHY* would someone TRUST a stranger to block specific DNS addresses when they could:
Block them locally on THEIR OWN router?
Block them locally on THEIR OWN DHCP server (I use Pi-Hole on a Raspberry Pi 3B)?
Block them with (well-known, established) OpenDNS (Method 4 on the AFTVNews article, as per the LINK posted by @Finnzz )?
TBD...
Click to expand...
Click to collapse
If you set up a local proxy server with a program like charles proxy or mitm, you can see all the traffic the fireTV generates on your PC... you see all the data, in listings, well ordered by process.
Almost all of this traffic and data is useless crap, since almost all of this stuff is encrypted.
Only thing readable is advertising sh*t and some meta statistics.
Anyways, a DNS server wont sniff any of this data, it gets only DNS requests, so it will most likely be perfectly fine and a very convenient method for users (users without a pi-hole or a capable router, capable to block encrypted DNS requests).
Btw, it's also a working and very common method to block updates on homebrewed PS4 and nintendo switch devices
Ighor said:
Here is instructions of how to block Updates on a Fire TV.
Important!
Recently a Fire TV update released, it blocks any way to disable auto updates, except this one
Some ISP are replacing client DNS requests by their own answers, in that case this method won't work.
DNS configuration saved per access point, if you connect to another Wi-Fi you need to enter the DNS again.
If you connect a VPN, DNS settings will be ignored, so you can use VPN only if it works per app and not system wide.
No PC needed
Step by step instruction
Go to your Fire TV Network settings and remove all networks except one you going to use. (Menu -> OK)
While connected to the Wi-Fi network you use, go to My Fire TV -> About -> Network and save "IP Address", "Gateway", "Subnet Mask" somewhere, or take a picture
Go to Network settings and remove your Wi-Fi connection
Start connecting to your Wi-Fi access point again, enter password but don't press Next
Press "Advanced" button at the bottom center
Enter the IP Address saved in the 2. step and press Next
Enter the Gateway address saved in the 2. step and press Next
Enter Network Prefix Length, get it from this page using "Subnet Mask" saved in the step 2. and press Next
Enter DNS address, pick up nearest one from the list below, and press Next
USA: 104.154.51.7
Europe: 104.155.28.90
Asia: 104.155.220.58
South America: 35.199.88.219
Australia and Oceania: 35.189.47.23
Skip "DNS 2" configuration and press "Connect"
Wait for the Captive Portal opened. If it is opened it will the proof that DNS is working! Either it means that update blocking not work for you.
In the Captive Portal use remote control buttons to navigate Menu -> Settings -> Fire TV -> Close Captive Portal
Press Back button on the remote control
Press Play/Pause button on selected wifi network to check network status, it should show the online status
Go to My Fire TV -> About -> Check for Updates and if you see "Update Error" message, it is working
While the DNS settings are there, you are safe to stay on current firmware, and no updates going to be installed in background.
To test does your ISP/router replacing DNS requests, you can use this command:
nslookup test.idns [DNS SERVER]
In result it should produce the line with 1.2.3.4 address, it means it is working fine for you.
View attachment 5528199
If you find any issues, please write them in comments.
Click to expand...
Click to collapse
Used the US dns sever listed here, setup my vpn to tunnel per app basis and it still updated anyways. Also most available URLs for Amazon update services have also been blacklisted on my router!
Why is this happening?
ruky23 said:
Why is this happening?
Click to expand...
Click to collapse
VPN is overriding DNS settings by their own
This doesn't seem to work any more. I got a new 4K Max stick and before I plugged it in I made sure your US server was setup as my router's DNS to assign to DHCP clients. It still found an update and rebooted to install it before I could unplug the router.
PeteyNice said:
This doesn't seem to work any more. I got a new 4K Max stick and before I plugged it in I made sure your US server was setup as my router's DNS to assign to DHCP clients. It still found an update and rebooted to install it before I could unplug the router.
Click to expand...
Click to collapse
Are you sure your ISP does not replace dns answers by their own?
Ighor said:
Are you sure your ISP does not replace dns answers by their own?
Click to expand...
Click to collapse
Yes, I am sure. I changed it from a pi hole I setup that I know works.
PeteyNice said:
Yes, I am sure. I changed it from a pi hole I setup that I know works.
Click to expand...
Click to collapse
While DNS server is local, pi hole is, ISP can't replace dns requests.
It is possible only for remote DNS servers, like mine.
What is nslookup answer of the line posted in the picture of this thread?
Ighor said:
While DNS server is local, pi hole is, ISP can't replace dns requests.
It is possible only for remote DNS servers, like mine.
What is nslookup answer of the line posted in the picture of this thread?
Click to expand...
Click to collapse
It worked as expected. One thing I noticed, now that it is setup, is that it is including Google DNS along with my pi hole. I wonder if it tried Google when your server failed to resolve it.
PeteyNice said:
is that it is including Google DNS
Click to expand...
Click to collapse
it is using random, or both at the same time, and of course in my DNS it failed, so it take DNS answer from the second DNS
To get it work, only my DNS server need to be set.
Also please don't set my DNS server to your router, but to Fire TV directly. Because to prevent domain bruteforce by scammers, I made special conditions when it works and when doesn't. And if you turn off your Fire TV for a while, my DNS will stop working next day for your IP.
Noticed that the set DNS ip's were being Bypassed on my FireHD tablets while running Rethink(DNS), a great DNS+Firewall app @ rethinkdns.com for more info if you don't already know about it; anyways, my router points towards two Adguard DNS ip's and somehow the Android System or FireOS itself was still trying to use a third DNS <net.dns3=8.8.8.8>.
So, to stop some of this extra chatter, I've since routed the third DNS to localhost on two different FireHD tablets and my 2nd Gen. FireTV Cube without any adverse effects.
ADB shell:
Code:
settings put global default_dns_server "127.0.0.1"
reboot
*note: need to reboot for it to wipe out the default third dns.
Question, is there any reason not to do this? Let me know.
What firmware is your FireTV on? Any idea how long it's been using the 3rd DNS?
I wonder if being able to fall back to a 3rd DNS might be one way for Amazon to bypass DNS-based OTA blocks.
Finnzz said:
What firmware is your FireTV on?
Click to expand...
Click to collapse
My Cube2 is on FireOS 7.6.3.3 (PS7633/3445).
Finnzz said:
Any idea how long it's been using the 3rd DNS?
Click to expand...
Click to collapse
I think it has been like this forever. I can't remember where, but in one forum it was mention that Android would try to bypass the set DNS, since that time I have used that ADB command above to point to Cloudflare or Adguard, but recently had the idea that I should just null out the query by sending it the localhost 127.0.0.1 instead.
Finnzz said:
I wonder if being able to fall back to a 3rd DNS might be one way for Amazon to bypass DNS-based OTA blocks.
Click to expand...
Click to collapse
I'm thinking that the usage of the third DNS is just for a "Hello, I'm Here" type of ping query that Google or Amazon added to Android, some type of tracking fallback, or Amazon Alexa's ability to create a third network for Echo/Ring bullsh*t subnet communications.
If you have a FireHD tablet with Google Play Store, install the app SetEdit_SettingsDatabaseEditor, it can quickly query Android Properties and "net.dns1" && "net.dns2" will be your router's default DNS servers and "net.dns3" will be Google's 8.8.8.8 DNS.
Ok, if it's been using that DNS for a long time it may not be anything to worry about.
I always worry about Amazon sneaking in a Trojan and then not activating it for an update or more.
I'm just waiting them to do something about DNS based OTA blocking.