Related
Hi,
Just got my Nexus Player, very sad to find Play Store was limited to regional apps, requesting anyone who has a Nexus Player to upload the leanback Neflix APK.
I will love ya forever!
(Not sure about rules on this) - but willing to donate etc. just really desperate for the APK)...
Regards -hasamoder
EDIT: Thanks to XDA Member "Elrondolio" the APK has been pulled and can be manually installed -
http://forum.xda-developers.com/showpost.php?p=56995564&postcount=23
All Good Now!
Hey,
does this APK mean you will get the US Netflix selection? I am trying to find a solution to this... in Canada, so get Canadian content. I have s subscription to blockless, but am unable to set the DNS settings on the device itself. Apparently the Nexus devices have the google DNS servers baked in.
psxp said:
Hey,
does this APK mean you will get the US Netflix selection? I am trying to find a solution to this... in Canada, so get Canadian content. I have s subscription to blockless, but am unable to set the DNS settings on the device itself. Apparently the Nexus devices have the google DNS servers baked in.
Click to expand...
Click to collapse
Yes they do have the DNS baked in, same with the Chromecast as well, it is offered as the Google DNS servers often offer faster resolving than ISP DNS's do. It is a shame however they do not offer an easy setting to change the DNS. In your case the Netflix APK is not useful, the APK is the same offered through the Canadian Play Store - I only wanted it as Australia has no Netflix at all.
In terms of switching your DNS to a DNS unblocking service you have two options-
1. Root you Nexus Player and Manually change the reference to the DNS.
This method would require you to root your nexus player and install a file browser capable of modifying the system partition.Then simply modify the reference to the DNS and switch it to you're own unblocking service. A big negative to this method however is that every time you upgrade you're Nexus Player it will switch back to the old DNS and thus is not recommended.
2. Add alternative DNS Routing on you Router
This method would require you to add a setting to your router which would push all requests to 8.8.8.8 to an alternative DNS. Here are the instructions: You need a router that either supports DD-WRT, OpenWrt, Tomato or Open Linux Firmware, otherwise this will not be possible. I'll omit the precise menus you have to go to in either of the interfaces; however what you want to do is change the iptables to route elsewhere (in commands it looks like this)-
iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination x.x.x.x
iptables -t nat -A PREROUTING -d 8.8.4.4 -j DNAT --to-destination x.x.x.x
If you are uncomfortable with these options, I am sorry to say you will have to live with Canadian Netflix. If you need more detail on either of these options, let me know and I'll be happy to help out...
EDIT : Turns out the DNS is changeable look here - http://forum.xda-developers.com/nexus-player/general/how-to-change-dns-ip-t2953282 and end of Page 1 of this Thread.
hasamoder said:
1. Root you Nexus Player and Manually change the reference to the DNS.
This method would require you to root your nexus player and install a file browser capable of modifying the system partition.Then simply modify the reference to the DNS and switch it to you're own unblocking service. A big negative to this method however is that every time you upgrade you're Nexus Player it will switch back to the old DNS and thus is not recommended.
Click to expand...
Click to collapse
I'd love more info on this option. I did some quick searching and I see people mentioning it but no one explaining what needs to be done. I'm fairly confident in my abilities to modify files and really just need to know what I need to edit.
hasamoder said:
In terms of switching your DNS to a DNS unblocking service you have two options-
Click to expand...
Click to collapse
Great information. There is also a third, simpler option. In your router's WAN section, if you change the DNS from automatic to manual you can put in your unblocking service's DNS instead of it automatically grabbing your ISPs. Almost all routers have that simple option. For a Chromecast, this wouldn't work at you'd indeed need to also add the iptables static routing since the DNS is hard coded, as stated, on the Chromecast. The way the Chromecast works, using an internal hidden Chrome browser to display all cast content puts DNS in Google's control. However, DNS isn't hard coded in Netflix or most any other standalone app outside of Google's on the Nexus Player, so a simple DNS change will work for Hulu, Netflix, etc. on the NP.
I'd still recommend getting a router with customizable firmware, however, as in addition to using iptables static routing you can also use dnsmasq to route only specific web sites through your unblocking DNS service and leave the rest to your standard ISP's DNS service (or any other DNS service you'd choose). For privacy reasons, this'd be the ultimate solution but all of the above work as well.
As a final aside, you can actually change the DNS service on the Nexus Player pretty easily by choosing a static IP in it's Wifi section... unfortunately this somehow interferes with Netflix and makes it inoperable. Strange, but needs more eye's on the issues to find a solution. The option is there, however, and easy to access.
---------- Post added at 09:06 AM ---------- Previous post was at 08:58 AM ----------
LecheConCarnie said:
I'd love more info on this option. I did some quick searching and I see people mentioning it but no one explaining what needs to be done. I'm fairly confident in my abilities to modify files and really just need to know what I need to edit.
Click to expand...
Click to collapse
Hit your router's configuration page (192.168.1.1 or 0.1 or whatever yours is) and change it's WAN or internet setup to define which DNS server it uses - it usually gets your ISP's DNS automatically. You'll of course need AdFreeTime, UnblockUS, etc service to put in the correct DNS entries, but it should be pretty straight forward. Here in Canada, at least, that's more than enough to get Netflix, Hulu, Pandora, etc working on the NP.
Just be aware that doing this means any and all internet traffic on every device that connects through your router will be routed through your unblocking service's DNS servers so be comfortable with the outfit you use as it'd be trivial for them to direct you to phishing sites for banking, etc or to sniff your communications. Most people don't worry about these things, but more probably should.
@Elrondolio, changing the router config doesn't work since the values are hardcoded on the device like the Chromecast is. I'm already well aware of using a service similar to AdFreeTime. I think that a file needs to change on the NP, but I'm not sure what. That is what @hasamoder is referring to.
LecheConCarnie said:
@Elrondolio, changing the router config doesn't work since the values are hardcoded on the device like the Chromecast is. I'm already well aware of using a service similar to AdFreeTime. I think that a file needs to change on the NP, but I'm not sure what. That is what @hasamoder is referring to.
Click to expand...
Click to collapse
The only hard coded DNS use on the Nexus Player is for Googles apps (play store, etc). I'm not sure why it's not working for you, but changing the DNS at the router works just fine here for Netflix, Hulu, Pandora, etc. What is the issue when you try it?
psxp said:
Hey,
does this APK mean you will get the US Netflix selection? I am trying to find a solution to this... in Canada, so get Canadian content. I have s subscription to blockless, but am unable to set the DNS settings on the device itself. Apparently the Nexus devices have the google DNS servers baked in.
Click to expand...
Click to collapse
RE DNS settings:
The DNS servers are not hard coded in. Via the network settings, I was able to assign a static IP, gateway, and a DNS IP. I had to do it a couple of times. Even though it said settings were saved, the connection didn't change from DNS to STATIC.
I gave up. But then then the next day I noticed the connection kicked over to STATIC and Netflix region switched over to US EN.
hasamoder said:
Yes they do have the DNS baked in, same with the Chromecast as well, it is offered as the Google DNS servers often offer faster resolving than ISP DNS's do. It is a shame however they do not offer an easy setting to change the DNS. In your case the Netflix APK is not useful, the APK is the same offered through the Canadian Play Store - I only wanted it as Australia has no Netflix at all.
In terms of switching your DNS to a DNS unblocking service you have two options-
1. Root you Nexus Player and Manually change the reference to the DNS.
This method would require you to root your nexus player and install a file browser capable of modifying the system partition.Then simply modify the reference to the DNS and switch it to you're own unblocking service. A big negative to this method however is that every time you upgrade you're Nexus Player it will switch back to the old DNS and thus is not recommended.
2. Add alternative DNS Routing on you Router
This method would require you to add a setting to your router which would push all requests to 8.8.8.8 to an alternative DNS. Here are the instructions: You need a router that either supports DD-WRT, OpenWrt, Tomato or Open Linux Firmware, otherwise this will not be possible. I'll omit the precise menus you have to go to in either of the interfaces; however what you want to do is change the iptables to route elsewhere (in commands it looks like this)-
iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination x.x.x.x
iptables -t nat -A PREROUTING -d 8.8.4.4 -j DNAT --to-destination x.x.x.x
If you are uncomfortable with these options, I am sorry to say you will have to live with Canadian Netflix. If you need more detail on either of these options, let me know and I'll be happy to help out...
Click to expand...
Click to collapse
Thank you so much for this information. This is exactly what I've been looking for !
Most answers I see on comments sections on websites/blogs have been "just root it" or similar. Thank you so much for the detailed answer.
So, I looked at option 2 and I do indeed have a Router that OpenWrt supports.. the TP-Link Archer C7 but mine is version v1 firmware so I dont get any support of the 5GHZ frequency. I'm willing to get a new v2 router if need be.. but the other thing is that these new firmwares are all command line based right? The front end isnt like using the nice web based front end on the Tp-link?
Option 1 might have to be the one for now. Here's my situtation.
I have a blockless DNS so I can use Netflix US. I also would like to run XBMC and Plex along with youTube. Thats the main requirements.
I have a Apple TV 2 jailbroken and running netflix US on it, with XBMC, and youtube. I havent installed the PlexConnect hack yet.. maybe I should give it a go. The thing was AppleTV 2 is only 720p and Nexus Player is 1080p and seems more responsive (faster etc) than the aging Apple TV.
If you had more details on what to do for option 1, that would be handy. I would then just avoid updating the Nexus Player unless I had to. I would then have to install the apss (ES Explorer, XBMC + plug in scripts, Chainfire launcher) each time.
The other crazy Idea I had was to use a cheap tablet with HDMI out as a Netflix media player .. but thats starting to get "clunky". I would like a "smoother" solution.
---------- Post added at 02:46 PM ---------- Previous post was at 02:41 PM ----------
Elrondolio said:
The only hard coded DNS use on the Nexus Player is for Googles apps (play store, etc). I'm not sure why it's not working for you, but changing the DNS at the router works just fine here for Netflix, Hulu, Pandora, etc. What is the issue when you try it?
Click to expand...
Click to collapse
Hi,
so you just changed your router DNS to user Blockless, unlock-us etc DNS? With the cavet that ALL traffic is now routed to the DNS service?
And Netflix shows Netflix US content? But now Chromecast will break?
---------- Post added at 02:51 PM ---------- Previous post was at 02:46 PM ----------
habskilla said:
RE DNS settings:
The DNS servers are not hard coded in. Via the network settings, I was able to assign a static IP, gateway, and a DNS IP. I had to do it a couple of times. Even though it said settings were saved, the connection didn't change from DNS to STATIC.
I gave up. But then then the next day I noticed the connection kicked over to STATIC and Netflix region switched over to US EN.
Click to expand...
Click to collapse
really? I didnt see any settings there for assigning IP address/DNS??!.. I'll try again tonight.
What settings/service are you using?
I assume you gave the Nexus player a static IP on your network, then gateway is IP of router? then DNS IP is IP of the DNS service?
psxp said:
really? I didnt see any settings there for assigning IP address/DNS??!.. I'll try again tonight.
What settings/service are you using?
I assume you gave the Nexus player a static IP on your network, then gateway is IP of router? then DNS IP is IP of the DNS service?
Click to expand...
Click to collapse
Took some crummy pics:
Home -> WIFI connection:
image (1).jpg
Device Network -> Wi-Fi Connected
image (2).jpg
Network Wi-Fi -> {select your active connection} In my case it is Leafs RULE!!_5G
image (3).jpg
Select Advanced options
image (4).jpg
Then select IP settings. In your case it'll say IP settings DNS. In my pic it says IP settings Static.
image (5).jpg
IP settings -> STATIC
image (6).jpg
Go through the IP settings and enter in a static IP, gateway, and DNS settings. Press save and then hope it saves.
You know it saved properly when IP settings DNS changes to IP settings Static. In my case, it didn't pick up the new settings till the next day. Maybe after you save your settings, power cycle NP; go back into settings and see if it changed over to static.
I didn't change or add anything to my router. My router is still using my ISP DNS IPs.
hth
habskilla said:
Go through the IP settings and enter in a static IP, gateway, and DNS settings. Press save and then hope it saves.
You know it saved properly when IP settings DNS changes to IP settings Static. In my case, it didn't pick up the new settings till the next day. Maybe after you save your settings, power cycle NP; go back into settings and see if it changed over to static.
I didn't change or add anything to my router. My router is still using my ISP DNS IPs.
hth
Click to expand...
Click to collapse
THANKS!! Dunno how I missed that.
Anyway, just changed it... and exited screens. Powered off and on.. and shows as STATIC but netflix gives an error and not internet data coming ie. no Recommendations..
will double check settings..
---------- Post added at 06:48 PM ---------- Previous post was at 06:42 PM ----------
just a quick reply.. seems the settings screens have bugs.. some settings for gateway and IP are showing up on incorrect screens,
gone through slowly again with the NP remote this time. (Last time I used Android App remote on my phone)..
My apologies, I thought there were no DNS settings from my brief search - looks like it is changable - Good Find habskilla.
Hope this solution works out for everybody
Awesome!! thanks!!
Okay! We're cooking with gas now!!
Just checked my settings, fixed them (see previous post) and the NP booted up and got internet data. Netflix opened ok and I just looked for a US only selection (I used this website : http://netflixcanadavsusa.blogspot.com/2014/11/alphabetical-list-j-sun-nov-23-2014.html#more )
and hooray its working!!!
Nice. !
Maybe one day there will be an app or something to make the setting change like a toggle. - ie. turn back to Canadian content.. but I can live with this as I start playing around with Nexus/Android and Root etc .
Actually, I can just switch the target country on my Blockless subscription if I dont want to change the NP. My preference is to have the DNS set on a per device setting rather than my whole network.
just been testing (we use netflix mainly for kids shows) so I picked "The 100". Wouldnt play.. then I realised that's actually Canadian only content.. so Netflix still caches recommendations or other data. lol!
thanks so much habskilla. I appreciate you posting here. (maybe I should have started a new thread) . Also I'm glad I refrained in making any jokes about the Maple Leafs too
(I dont follow hockey anyway - lol)
cheers!
BTW - if anyone's interested I am using Blockless to connect to US Netflix. You can use that it to connect to many other Netflix regions like UK, Canada etc.
Here is my referal link (hope thats allowed here? ) Blockless
I'm glad it's working for you.
I still get an occasional cannot load Netflix error, but then again I get those sometimes with my other devices.
I created a new post in Nexus Player General so it's visible to everyone and not just buried here.
habskilla said:
I'm glad it's working for you.
I still get an occasional cannot load Netflix error, but then again I get those sometimes with my other devices.
I created a new post in Nexus Player General so it's visible to everyone and not just buried here.
Click to expand...
Click to collapse
Your could not load could be because you accessed Netflix as a "Canadian account" . Later when tyring to show you titles it remembers - perhaps cache's your choices and will still show you them even if you are in your "US account" . When you play the content you get blocked. I have seen this happen for me ie. "The 100" is Canadian only content but I see it on my "US Account". See the link to the website I posted earlier that shows US vs Canadian content.
cheers
With chromecast anyone could cast netflix to the available TV. It doesn't work that way with the nexus player, it requires each person to log into the Nexus Player instead of just using their account. I have this problem also with different profiles on the same netflix account.
The account and profile on the casting device should match the one on the nexus player.
Been using this for a while with older fires but just got a 10 HD with 5.3.1. Was poking around here seeing if a rooting method already exists and noticed a lot of people stuck on 5.3.1, another update looming and everyone saying you can't block updates without root. Actually it's pretty easy.
Head on over to opendns
Sign up for a Home Free account (completely free)
Login and go to the dashboard and click the "Settings" tab
There will be an area to "add a network" or something similar
Type your WAN ip address here ( whatsmyip.com can help you find that)
Click "Add this network" or whatever it says on the button
Your address will be added to the network list
Click on the drop down menu next to "Settings for:" and select the network you just added
Using the “Manage individual domains” area at the bottom of the page, add the following four domains set to “Always block”:
amzdigital-a.akamaihd.net
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
Now, to use this service, you have to change the DNA settings in your router at home. This step will vary from brand to brand so Google it.
The two DNS IP addresses you need should be listed at the bottom of your OpenDNS dashboard page. Currently, they are 208.67.222.222 and 208.67.220.220
But they might have changed by the time you follow this. Simply add those DNS server names to your router, apply the changes and then check for a system update on your fire. It should say "Update check failed. " Voila!
.!!!!THINGS TO REMEMBER!!!!.
When using OpenDNS, you need to ensure you update the service if your home IP changes. They have utilities you can install on your PC to do this automatically. If your home IP changes and you don’t update OpenDNS, your Fire will be able to access updates.
If you take your Fire with you somewhere and connect to another network, your file will have access to updates.
There may be an app that lets you set DNS servers on the Fire itself or block domains, but since mine stays home, I've never looked into it.
Remember, not updating is half the battle.!
you can change the DNS in the device vs the router for those that want to do it that way (do for each access point)
https://support.opendns.com/hc/en-u...ndroid-Configuration-instructions-for-OpenDNS
If my Kindle says "No updates found" did I do it properly? I changed settings on my android, not the router itself, since I don't have access to the router's settings
Note: This method will no longer work on devices with version 5.3.3.0. Amazon will let you input the information, but won't allow you to save it.
You can use something like the NetGuard app below to block the necessary Amazon OTA update services whilst on WiFi, I briefly checked it out and it seemed to work when checking for updates.
https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
Gilly10 said:
You can use something like the NetGuard app below to block the necessary Amazon OTA update services whilst on WiFi, I briefly checked it out and it seemed to work when checking for updates.
https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
Click to expand...
Click to collapse
Since there is no other option to connect to the internet other than WiFi, how else would updates get applied? That might be a dumb question.
EDIT: I use NoRoot Data Firewall. I pretty much have everything related or possibly related to Amazon and/or their OTA updates, blocked. I do see you need to allow Download Manager access to the internet to do any updates in Google Play.
NetGuard looks really awesome. I like I can choose system apps. I need to look at it more to understand the rules, but I am not liking the fact you have to pay to view the logs. Also I maybe missing it, but I didn't see where you can add individual IPs or block domains.
Thanks , it's still working on 5.3.3
Thank you theabsinthehare,
This work like a charm on my brand new (cheap) Amazon Fire HD 8 (7th generation - 2017) with Fire OS 5.3.3.0.
FYI: here are my steps:
follow instructions above from first post,
with my Internet provider , I am unable to change my router's DNS settings, So I connect the tablet to the wifi. I then can see that an update has been downloaded and is ready to be installed.
I capture the IP config manually (IP address , gateway)
I Factory Reset the tablet (brand new), before the update to be installed
I reconnect on the wifi, but this time I go to advanced settings to change DHCP to static, to provide all details manually and change the DNS settings.
Check in Updates that the tablet is unable to download any updates
Perfect,
Thanks
Gilly10 said:
You can use something like the NetGuard app below to block the necessary Amazon OTA update services whilst on WiFi, I briefly checked it out and it seemed to work when checking for updates.
https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
Click to expand...
Click to collapse
How did you do this in netguard? What did you block?
spyrou007 said:
Thank you theabsinthehare,
This work like a charm on my brand new (cheap) Amazon Fire HD 8 (7th generation - 2017) with Fire OS 5.3.3.0.
FYI: here are my steps:
follow instructions above from first post,
with my Internet provider , I am unable to change my router's DNS settings, So I connect the tablet to the wifi. I then can see that an update has been downloaded and is ready to be installed.
I capture the IP config manually (IP address , gateway)
I Factory Reset the tablet (brand new), before the update to be installed
I reconnect on the wifi, but this time I go to advanced settings to change DHCP to static, to provide all details manually and change the DNS settings.
Check in Updates that the tablet is unable to download any updates
Perfect,
Thanks
Click to expand...
Click to collapse
I just block all Amazon apps from the internet. I then watch the IPs that try to connect and block them manually. I also use the host name blocker in NetGuard and the filters. Yes I paid for licenses. It's well worth it.
So with dynamic ip, I allways have to reconfigure the dns once it changed?
Gilly10 said:
You can use something like the NetGuard app below to block the necessary Amazon OTA update services whilst on WiFi, I briefly checked it out and it seemed to work when checking for updates.
https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012
Click to expand...
Click to collapse
Which apps did you block?
Can you get rid of intrusive ads in apps this way?
scoy2007 said:
Can you get rid of intrusive ads in apps this way?
Click to expand...
Click to collapse
With netguard? Yes, in the paid version when downloading latest version from github rather than play store
pi hole to the rescue
i just got the Fire 10 from BF sale.
it came with 5.4.1.0. then overnight, it updated itself to 5.6.0.0. i also wanted to block OTA and i have a pi-hole. so i blacklisted these:
aws.amazon.com
s3.amazonaws.com
amzdigital-a.akamaihd.net
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
anything else i should block too?
tung2567 said:
i just got the Fire 10 from BF sale.
it came with 5.4.1.0. then overnight, it updated itself to 5.6.0.0. i also wanted to block OTA and i have a pi-hole. so i blacklisted these:
aws.amazon.com
s3.amazonaws.com
amzdigital-a.akamaihd.net
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
anything else i should block too?
Click to expand...
Click to collapse
Look for DeviceSoftwareOTA.apk as well.
I used No Root Firewall to allow everything except Software OTA, Forced OTA, and Special Offers (not needed to block updates, but I hate lock screen ads). The funky DNS workarounds might work, until I bring my Fire to literally any other wifi network where it can check for updates.
Add System updates as well!
sflesch said:
Which apps did you block?
Click to expand...
Click to collapse
After unboxing, before first connection to the internet, I adb-sideloaded the Netguard apk (from their official github page). Then i enabled blocking system apps, and searched for the keyword OTA. Then I found and blocked:
DeviceSoftwareOTA
Forced OTA
System Updates (<< this is then automatically selected along with DeviceSoftwareOTA, maybe one is an alias for the other)
I then connected to wifi, and checked for new updates. Result: check failed, so I assume all is well.
Merdeke said:
After unboxing, before first connection to the internet, I adb-sideloaded the Netguard apk (from their official github page). Then i enabled blocking system apps, and searched for the keyword OTA. Then I found and blocked:
DeviceSoftwareOTA
Forced OTA
System Updates (<< this is then automatically selected along with DeviceSoftwareOTA, maybe one is an alias for the other)
I then connected to wifi, and checked for new updates. Result: check failed, so I assume all is well.
Click to expand...
Click to collapse
Yeah, I blocked the same and few more. Altogether 6. I may unblock rest and leave only those you have listed.
Hello there, I run several services locally on my network and need a DNS server local to my network to access them. I have a DHCP and DNS server setup to handle everything I need and this works for everything on my network except my new HD 10. The tablet will get the IP/Subnet Mask/Gateway and DNS server, but then it will add googles 8.8.8.8 as well. That'd fine and all, except that the tablet/Silk will never use my 192.168.1.1 DNS to resolve my internal servers, it just uses the google DNS. I have installed a nslookup tool and it resolves everything just fine. Next, I went in and statically set the DNS server and even added a second, which works for a few minutes, but then the tablet adds 8.8.8.8 again. The hosts it's resolving are there, every computer/tablet/phone on my network can resolve it and so can nslookup. My home DNS server can resolve whatever is needed, but this tablet is forcing stuff I don't need.
What can I do, I bought this tablet to use with things on my network (specifically) and it seems to have a mind of its own.
you might try editing the hosts file on our tablets I dunno if this will apply to us but here's a site that claims to show how to edit the hosts file on non rooted devices... This may also work in your reverse lookup zone with a manual entry for 8.8.8.8 sent to your dns server as well
https://www.techrepublic.com/article/edit-your-rooted-android-hosts-file-to-block-ad-servers/
Dunno why you're having this issue though as you mentioned DHCP is adding both yours and Google's NS and the 192 range is non routable and Google is not authoritative for that range anyways
What's your DNS/DHCP setup like? Window or Linux?
Lastly, you may also try using NAT to redirect all traffic bound for 8.8.8.8 to your DNS servers ip but this may have the added effect of any other devices on the network headed to 8.8.8.8 to return to your DNS and be unable to resolve internet addresses
You may want to do a bit of research in that regard
bladerunnernexus said:
you might try editing the hosts file on our tablets I dunno if this will apply to us but here's a site that claims to show how to edit the hosts file on non rooted devices... This may also work in your reverse lookup zone with a manual entry for 8.8.8.8 sent to your dns server as well
https://www.techrepublic.com/article/edit-your-rooted-android-hosts-file-to-block-ad-servers/
Dunno why you're having this issue though as you mentioned DHCP is adding both yours and Google's NS and the 192 range is non routable and Google is not authoritative for that range anyways
What's your DNS/DHCP setup like? Window or Linux?
Lastly, you may also try using NAT to redirect all traffic bound for 8.8.8.8 to your DNS servers ip but this may have the added effect of any other devices on the network headed to 8.8.8.8 to return to your DNS and be unable to resolve internet addresses
You may want to do a bit of research in that regard
Click to expand...
Click to collapse
Thanks, I'll try some of what you suggested. I run pfsense for my router and it has a dns resolver I use. I run some docker stuff with traefik as the reverse proxy so I need the DNS to route to stuff internally.
Dns with tls is what it wanted. I got that configured and now it works. Thanks
Noticed this as well when I added my own DNS servers for accessing work. Is there anyway to remove the 3rd DNS server entry of 8.8.8.8?
I posted this on another forum as well but I wanted to post it here for anyone who might find this. This is a hidden option in the Fire OS so I had to use ADB to turn it off. So far it appears to persist across reboots.
adb shell settings put global private_dns_mode OPTION (off was what I used) FYI no quotes just private_dns_mode off
Options are
* - opportunistic (Auto)
* - off (disabled)
There is also a "private_dns_default_mode" as well that I set to off but i'm not sure if that did anything.
jwoodard80 said:
I posted this on another forum as well but I wanted to post it here for anyone who might find this. This is a hidden option in the Fire OS so I had to use ADB to turn it off. So far it appears to persist across reboots.
adb shell settings put global private_dns_mode OPTION (off was what I used) FYI no quotes just private_dns_mode off
Options are
* - opportunistic (Auto)
* - off (disabled)
There is also a "private_dns_default_mode" as well that I set to off but i'm not sure if that did anything.
Click to expand...
Click to collapse
Oh you wonderful, wonderful person, you. This did the trick, although, it took a bit of time to make out what the exact command you were referring to was. So, to make it clearer to anybody else want to try this, it's
Code:
adb shell settings put global private_dns_mode off
Of course, the prerequisites of enabling developer options and enabling debugging as well as having a pc with adb installed and set up are assumed to be already fulfilled.
Hey guys,
I just read your posts here and treid to deactivate this pretty strange behaviour. Unfortunately, it didn't work as expected. I ran the command after enabling developer options and confirming the new connection. ADB worked without any error but still, the Fire HD10 added the 8.8.8.8 DNS server on my WiFi connection. I deactivated the connection and even deleted it to set it up again, nothing worked..
Is there anything I missed?
Thanks,
Matthias
Persistent 8.8.8.8
I also changed both parameters to OFF using adb but without any results on the FIRE 7. My guess is that they used the 8.8.8.8 DNS for their ad-based servers and as this tablet is ad-enabled (which actually makes them less expensive to buy) they wont allow changing this without rooting the device. Any suggestions ???
Well, I finally solved it on network side: I used a NAT firewall rule to ensure all traffic via port 53 (=DNS queries without encryption) goes to my internal DNS server. Of course, if the server is within your network, you'll have to add an exception for traffic to port 53 for the server.
The main qustion is if your router will support custom NAT rules.
BR,
Matthias
The adb shell settings stuff did not work for me either.
Instead of adding a nat rule I simply deny all traffic to 8.8.8.8 and 8.8.4.4. As the fires use my local dns servers as fallback everythimg now works as expected - including blocked adds in browsers.
egalus said:
The adb shell settings stuff did not work for me either.
Instead of adding a nat rule I simply deny all traffic to 8.8.8.8 and 8.8.4.4. As the fires use my local dns servers as fallback everythimg now works as expected - including blocked adds in browsers.
Click to expand...
Click to collapse
Yeah, I have taken to doing the same thing, although I'd be interested to know if anyone finds a solution rather than a workaround, as firewalling 8.8.8.8 isn't exactly elegant.
BTW: My OnePlus 6 does the same thing and adds 8.8.8.8 no matter what the DNS distributed by DHCP was - at least when DHCP only providers one DNS.
matmike said:
BTW: My OnePlus 6 does the same thing and adds 8.8.8.8 no matter what the DNS distributed by DHCP was - at least when DHCP only providers one DNS.
Click to expand...
Click to collapse
It adds 8.8.8.8 for me whether DHCP provides 1 or multiple DNS entries
So it might not be a Kindle specific topic but also affect other Android devices.
matmike said:
So it might not be a Kindle specific topic but also affect other Android devices.
Click to expand...
Click to collapse
Yeah, I found a reddit thread saying it is affecting android in general
---------- Post added at 05:43 PM ---------- Previous post was at 04:43 PM ----------
Saw someone said it doesn't add it if you pass through 3 DNS entries, but my Unifi box only seems to allow 2 (not tried overriding from command line though)
Jimsef said:
Yeah, I found a reddit thread saying it is affecting android in general
---------- Post added at 05:43 PM ---------- Previous post was at 04:43 PM ----------
Saw someone said it doesn't add it if you pass through 3 DNS entries, but my Unifi box only seems to allow 2 (not tried overriding from command line though)
Click to expand...
Click to collapse
That's interesting! I also use a UniFi network and the controller allows me to pass 4 different DNS servers via DHCP - although I only have one, I tried to put in the same address 4 times and will check if it works.
BR,
Matthias
matmike said:
That's interesting! I also use a UniFi network and the controller allows me to pass 4 different DNS servers via DHCP - although I only have one, I tried to put in the same address 4 times and will check if it works.
BR,
Matthias
Click to expand...
Click to collapse
Interesting, can you remind me where you set it, as I’m only seeing 2? Just want to check I’m looking in the right place.
Yes, sure. I'm using the UniFi controller in version 5.12.35.
The options for the DNS to-be-distributed can be found under Setting->Networks->Edit (your specific network)->DHCP-Nameserver to manual and then 4 possible entries appear. All options translated from German so it might be a bit different.
BR,
Matthias
Any solution update? fir non-unifi owners?
Here is instructions of how to block Updates on a Fire TV.
Important!
Recently a Fire TV update released, it blocks any way to disable auto updates, except this one
Some ISP are replacing client DNS requests by their own answers, in that case this method won't work.
DNS configuration saved per access point, if you connect to another Wi-Fi you need to enter the DNS again.
If you connect a VPN, DNS settings will be ignored, so you can use VPN only if it works per app and not system wide.
No PC needed
Step by step instruction
Go to your Fire TV Network settings and remove all networks except one you going to use. (Menu -> OK)
While connected to the Wi-Fi network you use, go to My Fire TV -> About -> Network and save "IP Address", "Gateway", "Subnet Mask" somewhere, or take a picture
Go to Network settings and remove your Wi-Fi connection
Start connecting to your Wi-Fi access point again, enter password but don't press Next
Press "Advanced" button at the bottom center
Enter the IP Address saved in the 2. step and press Next
Enter the Gateway address saved in the 2. step and press Next
Enter Network Prefix Length, get it from this page using "Subnet Mask" saved in the step 2. and press Next
Enter DNS address, pick up nearest one from the list below, and press Next
USA: 104.154.51.7
Europe: 104.155.28.90
Asia: 104.155.220.58
South America: 35.199.88.219
Australia and Oceania: 35.189.47.23
Skip "DNS 2" configuration and press "Connect"
Wait for the Captive Portal opened. If it is opened it will the proof that DNS is working! Either it means that update blocking not work for you.
In the Captive Portal use remote control buttons to navigate Menu -> Settings -> Fire TV -> Close Captive Portal
Press Back button on the remote control
Press Play/Pause button on selected wifi network to check network status, it should show the online status
Go to My Fire TV -> About -> Check for Updates and if you see "Update Error" message, it is working
While the DNS settings are there, you are safe to stay on current firmware, and no updates going to be installed in background.
To test does your ISP/router replacing DNS requests, you can use this command:
nslookup test.idns [DNS SERVER]
In result it should produce the line with 1.2.3.4 address, it means it is working fine for you.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
If you find any issues, please write them in comments.
--------
Disable OTA if you have a root rights, no DNS needed, run as root in shell:
Code:
mount -o rw,remount /system
echo -e '\n0.0.0.0 softwareupdates.amazon.com' > /etc/hosts
Great, thank you.
I'd like to give this a try later.. Excited for it to work. Can you please proofread #11 and clarify, mostly the 2nd half? Seems a critical point in the process.
@Ighor Thanks.
Who's DNS servers are these?
I'm assuming that Amazon update servers have been blocked from these DNS servers, I'm just wondering who's managing them?
Alternatively, you can block updates through your router. Blocking updates on the FireTV itself is best and easiest, second best option is via your router, and last resort is DNS.
An old walkthrough that talks about all the ways of blocking updates and the benefits of each
How to block software updates on the Amazon Fire TV or Fire TV Stick
All versions of the Amazon Fire TV will download and install software updates automatically. There is no option to disable or reject software updates. Whether you have a rooted Fire TV or not, this guide will show you all the methods for blocking software updates on Fire TV devices.
www.aftvnews.com
Finnzz said:
Who's DNS servers are these?
Click to expand...
Click to collapse
It is my servers, running since 2014 for different purposes. Since my DNS engine is very flexible I can create a rules to provide different features for different devices. So Fire TV support is now added.
For example in Open DNS you can't create rules for *amazon*updates*, but my server has those possibilities, it catching regional and any possible new domains also.
Ighor said:
It is my servers, running since 2014 for different purposes. Since my DNS engine is very flexible I can create a rules to provide different features for different devices. So Fire TV support is now added.
For example in Open DNS you can't create rules for *amazon*updates*, but my server has those possibilities, it catching regional and any possible new domains also.
Click to expand...
Click to collapse
Ok, yeah I figured someone needed to be managing the Amazon addresses The more options the better.
Why do you have different servers for different regions? Are your servers physically looking located in different parts of the world?
Are your servers going to be able to handle thousands of FireTV devices?
Finnzz said:
Are your servers physically looking located in different parts of the world?
Click to expand...
Click to collapse
Yes. So you get lower ping if you choose nearest one.
Finnzz said:
Are your servers going to be able to handle thousands of FireTV devices?
Click to expand...
Click to collapse
It handles millions of requests every day with 2% CPU usage, so answer is yes.
Ok thank you!
I have to say I have one big concern. Using the DNS servers of a private individual that you don't know is a bit of a security risk, and can be used in malicious ways.
What Is DNS, and Should I Use Another DNS Server?
However, if your computer or network is pointed at a malicious DNS server set up by a scammer, the malicious DNS server could respond with a different IP address entirely. In this way, it’s possible that you could see “facebook.com” in your browser’s address bar, but you may not actually be at the real facebook.com. Behind the scenes, the malicious DNS server has pointed you to a different IP address.
Click to expand...
Click to collapse
I appreciate the gesture you are making to help everyone out, but I'm also wondering how the average user can determine if the DNS servers are trustworthy?
I don't mean to offend you, but being cautious is always best when it comes to security.
It's similar to recommending that you only install apps from trusted sources, and only give ADB access to very trusted sources.
When a stranger offers you a ride home you take a greater risk than if you use public transportation lol
Finnzz said:
Using the DNS servers of a private individual that you don't know is a bit of a security risk, and can be used in malicious ways.
Click to expand...
Click to collapse
Finnzz said:
I'm also wondering how the average user can determine if the DNS servers are trustworthy?
Click to expand...
Click to collapse
That is fair thing to worry about if you are using unknown DNS on your PC. Since the risk is in you, when you enter the website, you may not notice that you are forgot to add https:// but using http://, or you may mistakenly agree to trust unknown certificate if prompted. In that case someone can see your traffic.
But if you use that with the device, there is no choice, it always uses https:// so if someone will try to catch your traffic, they will fail with ssl errors. So technically you don't have to trust a DNS server or a VPN if you are entering that to your Android/iOS device (and not using Internet browsers).
Anyway if anyone replaces DNS records by malicious IP address, at least some users can notice the certificate warnings and report them. In another cases websites may notify you about unusual logins, from another countries (if someone have catch your unencrypted traffic). I never did anything like that so you won't find any reports about my DNS servers.
Ighor said:
Anyway if anyone replaces DNS records by malicious IP address, at least some users can notice the certificate warnings and report them. I never did anything like that so you won't be able to find any reports about my DNS servers.
Click to expand...
Click to collapse
Yeah sorry, I hate to bring it up. I think everyone knows they take a risk when installing new apps, but far less know the potential of a malicious DNS server. I don't like asking the questions, because just the question insinuates something negative. Nothing against you personally.
Thank you for sharing your DNS. Hopefully you can save a few FireTV users on your arc before the next update that really does some damage.
Ighor said:
Here is instructions of how to block Updates on a Fire TV...
Click to expand...
Click to collapse
Finnzz said:
@Ighor...Alternatively, you can block updates through your router. Blocking updates on the FireTV itself is best and easiest, second best option is via your router, and last resort is DNS.
An old walkthrough that talks about all the ways of blocking updates and the benefits of each
How to block software updates on the Amazon Fire TV or Fire TV Stick
All versions of the Amazon Fire TV will download and install software updates automatically. There is no option to disable or reject software updates. Whether you have a rooted Fire TV or not, this guide will show you all the methods for blocking software updates on Fire TV devices.
www.aftvnews.com
Click to expand...
Click to collapse
Finnzz said:
Ok thank you!
I have to say I have one big concern. Using the DNS servers of a private individual that you don't know is a bit of a security risk, and can be used in malicious ways...
...I appreciate the gesture you are making to help everyone out, but I'm also wondering how the average user can determine if the DNS servers are trustworthy?
I don't mean to offend you, but being cautious is always best when it comes to security...
Click to expand...
Click to collapse
Finnzz said:
...I hate to bring it up. I think everyone knows they take a risk when installing new apps, but far less know the potential of a malicious DNS server. I don't like asking the questions, because just the question insinuates something negative. Nothing against you personally...
Click to expand...
Click to collapse
I certainly appreciate the GENEROSITY of a "Technologically Competent" person offering their services to "Technologically Incompetent" folks, but *WHY* would someone TRUST a stranger to block specific DNS addresses when they could:
Block them locally on THEIR OWN router?
Block them locally on THEIR OWN DHCP server (I use Pi-Hole on a Raspberry Pi 3B)?
Block them with (well-known, established) OpenDNS (Method 4 on the AFTVNews article, as per the LINK posted by @Finnzz )?
TBD...
TakeTheActive said:
I certainly appreciate the GENEROSITY of a "Technologically Competent" person offering their services
Click to expand...
Click to collapse
Yeah, really nice
TakeTheActive said:
but *WHY* would someone TRUST a stranger to block specific DNS addresses when they could:
Block them locally on THEIR OWN router?
Block them locally on THEIR OWN DHCP server (I use Pi-Hole on a Raspberry Pi 3B)?
Block them with (well-known, established) OpenDNS (Method 4 on the AFTVNews article, as per the LINK posted by @Finnzz )?
TBD...
Click to expand...
Click to collapse
If you set up a local proxy server with a program like charles proxy or mitm, you can see all the traffic the fireTV generates on your PC... you see all the data, in listings, well ordered by process.
Almost all of this traffic and data is useless crap, since almost all of this stuff is encrypted.
Only thing readable is advertising sh*t and some meta statistics.
Anyways, a DNS server wont sniff any of this data, it gets only DNS requests, so it will most likely be perfectly fine and a very convenient method for users (users without a pi-hole or a capable router, capable to block encrypted DNS requests).
Btw, it's also a working and very common method to block updates on homebrewed PS4 and nintendo switch devices
Ighor said:
Here is instructions of how to block Updates on a Fire TV.
Important!
Recently a Fire TV update released, it blocks any way to disable auto updates, except this one
Some ISP are replacing client DNS requests by their own answers, in that case this method won't work.
DNS configuration saved per access point, if you connect to another Wi-Fi you need to enter the DNS again.
If you connect a VPN, DNS settings will be ignored, so you can use VPN only if it works per app and not system wide.
No PC needed
Step by step instruction
Go to your Fire TV Network settings and remove all networks except one you going to use. (Menu -> OK)
While connected to the Wi-Fi network you use, go to My Fire TV -> About -> Network and save "IP Address", "Gateway", "Subnet Mask" somewhere, or take a picture
Go to Network settings and remove your Wi-Fi connection
Start connecting to your Wi-Fi access point again, enter password but don't press Next
Press "Advanced" button at the bottom center
Enter the IP Address saved in the 2. step and press Next
Enter the Gateway address saved in the 2. step and press Next
Enter Network Prefix Length, get it from this page using "Subnet Mask" saved in the step 2. and press Next
Enter DNS address, pick up nearest one from the list below, and press Next
USA: 104.154.51.7
Europe: 104.155.28.90
Asia: 104.155.220.58
South America: 35.199.88.219
Australia and Oceania: 35.189.47.23
Skip "DNS 2" configuration and press "Connect"
Wait for the Captive Portal opened. If it is opened it will the proof that DNS is working! Either it means that update blocking not work for you.
In the Captive Portal use remote control buttons to navigate Menu -> Settings -> Fire TV -> Close Captive Portal
Press Back button on the remote control
Press Play/Pause button on selected wifi network to check network status, it should show the online status
Go to My Fire TV -> About -> Check for Updates and if you see "Update Error" message, it is working
While the DNS settings are there, you are safe to stay on current firmware, and no updates going to be installed in background.
To test does your ISP/router replacing DNS requests, you can use this command:
nslookup test.idns [DNS SERVER]
In result it should produce the line with 1.2.3.4 address, it means it is working fine for you.
View attachment 5528199
If you find any issues, please write them in comments.
Click to expand...
Click to collapse
Used the US dns sever listed here, setup my vpn to tunnel per app basis and it still updated anyways. Also most available URLs for Amazon update services have also been blacklisted on my router!
Why is this happening?
ruky23 said:
Why is this happening?
Click to expand...
Click to collapse
VPN is overriding DNS settings by their own
This doesn't seem to work any more. I got a new 4K Max stick and before I plugged it in I made sure your US server was setup as my router's DNS to assign to DHCP clients. It still found an update and rebooted to install it before I could unplug the router.
PeteyNice said:
This doesn't seem to work any more. I got a new 4K Max stick and before I plugged it in I made sure your US server was setup as my router's DNS to assign to DHCP clients. It still found an update and rebooted to install it before I could unplug the router.
Click to expand...
Click to collapse
Are you sure your ISP does not replace dns answers by their own?
Ighor said:
Are you sure your ISP does not replace dns answers by their own?
Click to expand...
Click to collapse
Yes, I am sure. I changed it from a pi hole I setup that I know works.
PeteyNice said:
Yes, I am sure. I changed it from a pi hole I setup that I know works.
Click to expand...
Click to collapse
While DNS server is local, pi hole is, ISP can't replace dns requests.
It is possible only for remote DNS servers, like mine.
What is nslookup answer of the line posted in the picture of this thread?
Ighor said:
While DNS server is local, pi hole is, ISP can't replace dns requests.
It is possible only for remote DNS servers, like mine.
What is nslookup answer of the line posted in the picture of this thread?
Click to expand...
Click to collapse
It worked as expected. One thing I noticed, now that it is setup, is that it is including Google DNS along with my pi hole. I wonder if it tried Google when your server failed to resolve it.
PeteyNice said:
is that it is including Google DNS
Click to expand...
Click to collapse
it is using random, or both at the same time, and of course in my DNS it failed, so it take DNS answer from the second DNS
To get it work, only my DNS server need to be set.
Also please don't set my DNS server to your router, but to Fire TV directly. Because to prevent domain bruteforce by scammers, I made special conditions when it works and when doesn't. And if you turn off your Fire TV for a while, my DNS will stop working next day for your IP.
FireTV OTA firmware updates previously came from:
https://d1s31zyz7dcc2d.cloudfront.net
This has now changed to:
https://prod.ota-cloudfront.net
Another variation:
https://d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net/
For anyone that is blocking updates through their router or via DNS, add the new address to your block list
EDIT: After a day of getting OTA updates from prod.ota-cloudfront.net, OTAs are now coming from d1s31zyz7dcc2d.cloudfront.net again.
prod.ota-cloudfront.net may be a backup address or Amazon is testing out the transition to the new address. Either way, better to keep both blocked
BLOCK THESE:
FireTV contacts this address to request updates:
https://softwareupdates.amazon.com
Then OTA updates are sent to the FireTV from these addresses:
https://d1s31zyz7dcc2d.cloudfront.net
https://prod.ota-cloudfront.net
https://d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net/
Another OTA url variation to add to your blocklist
https://d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net/
Finnzz said:
Another OTA url variation to add to your blocklist
https://d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net/
Click to expand...
Click to collapse
Can you please post your full blacklist of urls? I want to block them.
ForbEx said:
Can you please post your full blacklist of urls? I want to block them.
Click to expand...
Click to collapse
Updated the op, you want to block those 4 addresses.
There are a lot of old block lists that copy each other. They include OTA URL's for FireHD tablets, Kindle and maybe even Echo updates.
It's important that you block the https:// form of the URL. Most routers can only block http:// URLs. DNS blocking can be used for https://
After you block the addresses, go to FireOS settings and check for updates. You should get an error. If not, the block isn't working.
Finnzz said:
Updated the op, you want to block those 4 addresses.
There are a lot of old block lists that copy each other. They include OTA URL's for FireHD tablets, Kindle and maybe even Echo updates.
It's important that you block the https:// form of the URL. Most routers can only block http:// URLs. DNS blocking can be used for https://
After you block the addresses, go to FireOS settings and check for updates. You should get an error. If not, the block isn't working.
Click to expand...
Click to collapse
Ok friend, I Successfully blocked it.
Think this is true on my router. The https is not being blocked.
ktjensen said:
Think this is true on my router. The https is not being blocked.
Click to expand...
Click to collapse
It's pretty rare for a consumer grade routers to be able to block specific https addresses directly. I think it's much more likely you find consumer routers that support DNS based https blocking.
If that's not an option you can use Ighor's DNS to block updates or an app like DNS Rethink that will let you block any app from the internet on your FireTV. You would block the OTA app.
Works like a charm in Pi-hole:
Code:
firetvcaptiveportal.com
d1s31zyz7dcc2d.cloudfront.net
amzdigital-a.akamaihd.net
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
prod.ota-cloudfront.net
d1s31zyz7dcc2d.cloudfront.prod.ota-cloudfront.net
I would like to add, after installing all these URL's into my router, my FS max started the crappy launcher, but only gave three options, and said something like "Home service unavailable". In the Network config, it reported no internet access. The (play/pause) button was inactive, but might be due to some NoBloat setting I had been playing with. At first I was unable to get past it, but I pressed 'home' and the Wolf launcher appeared. All the apps worked too. After I restarted it, the manager launched Wolf after a few seconds. So I guess this blocks a lot more than just the updates, but I'm good with that.
Life is good.
(My first post, please be kind)
@Finnzz Was doing some network checks while clicking the "Check-For-Updates" in settings and got the direct IP addresses for some of the domains that are queried when you do a check for updates using my 2nd gen. Cube.
18.164.160.156 = d1s31zyz7dcc2d.cloudfront.ota-cloudfront.net
18.160.2.68 = server-18-160-2-68.iad12.r.cloudfront.net
52.46.155.120 = softwareupdates.amazon.com
176.32.101.122 ~ my best guess is proxy to softwareupdates.amazon.com
176.32.99.246 ~ my best guess is proxy to softwareupdates.amazon.com
If looking at logs the system app <com.amazon.device.software.ota> will query an AWS domain (arcus-uswest.amazon.com) 4x then error out with domains blocked, or query AWS 4x then query one of the softwareupdates.amazon.com IP's 3x in succession then an additional 4x back to AWS when it can't connect to download updates.
In none of my tests did my device ever try connecting to
https://prod.ota-cloudfront.net
-- but maybe that is only due to there being no full firmware update available at that time of my tests.