Skip to content

Instantly share code, notes, and snippets.

@Al-Azif

Al-Azif/DNS and Update FAQ.md

Last active January 5, 2024 00:56
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save Al-Azif/6982e30a9653f48c88d0f5a6a8778d05 to your computer and use it in GitHub Desktop.
Save Al-Azif/6982e30a9653f48c88d0f5a6a8778d05 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
DNS and Update FAQ.md

DNS and Update FAQ

So I feel like I need to address this specifically because there is an incredible amount of incorrect info being passed around, especially here.

DNS

My Internet isn't working using the DNS, is the DNS your host down?

No, the DNS server are both up and running. Request forwarding is disabled for non-sponsors, due to it being abused. You can read more info about the situation that caused open forwarding to be removed here. For non-sponsors connection tests will pass and will allow access to the exploit host that's running on the same server. You can also access resources directly by IP address.

Will my console update if I'm using a DNS and it's down?

No, domain names simply won't resolve. You'll essentially be unable to visit any website via a named domain (Vs a raw IP).

The DNS isn't working. Updates come through, the user's manual is the official one, etc. what gives?

If you are sure you have the IP addresses set correctly, then your ISP is hijacking your DNS requests before it reaches the desired DNS server and is redirected to servers your ISP control. There are multiple reasons they do this: Trying to make your name resolution faster, censorship, spying, etc. You can call and ask them to stop, believe it or not some do so on request. If that doesn't work you will have to self host. You can try the following commands on a computer on the same network to confirm your ISP is hijacking requests:

Windows: nslookup manuals.playstation.net 165.227.83.145

Linux/OSX: dig manuals.playstation.net @165.227.83.145 +short

If the replies for these commands aren’t the same IP address then your ISP is hijacking your requests.

You can also use this application to check to see if the DNS is working as expected.

Why use the DNS?

Lots of reasons:

  1. The internet appears to function normally for connection tests.
  2. It blocks updates, both games and system updates.
  3. Blocks telemetry, revoking licenses, syncing data, etc.
  4. You can still use the console to browse the internet, stream, etc.

What about self hosting?

Self hosting is by far the best option even if it's less convenient that just putting in a few numbers on your PlayStation. You can host on an ESP device, RaspberryPi, PC, etc. The best solution for 9.00 is an SBC (Like ESP) that supports USB-OTG so it can emulate a flash drive for the exploit to remove the need to plug/unplug a device manually. You can easily host on your PC using one of these methods as well, Docker is better, Python if you have to, and between the two you should have all the information you need to make a custom solution:

Docker: https://gist.github.com/Al-Azif/44e610be1b020b6414dd5d4c36cd6fa1

Python: https://github.com/Al-Azif/ps4-exploit-host

Updates

What about other update blocking methods?

There is way more than one way to block updates... All of them have pros and cons and there isn't a "one size fits all. You should likely use more than one method.

  1. "Broken BD Drive" If you’re Blu-ray Disc Drive is broken the console will refuse to update to any firmware greater than 4.74. While this is annoying for some people it can be used as an update blocker itself. Your console cannot update if you unhook the BD drive, you can’t even restore from safemode with a broken BD drive. It literally requires an exploit with a purpose built payload to update from a console with a broken BD drive. Obviously you don’t want this if you have disc based games you still use and you need to open your console to do it. This also doesn’t stop game updates, which will break FPKGs as you’re installing a retail patch PKG on a FPKG.
  2. Stay offline completely. If you cannot connect to the internet you cannot update... That simple. However if you do connect it will automatically start doing stuff. You also can't use the internet for anything else, you'll have to connect at least once to cache an exploit. Within this category is using a SBC (ESP/RPi/etc) as a stand alone access point (No bridging).
  3. Block WAN access from an individual device (Your PS) on your router. Again no internet, but you can access your local IPs for hosting and can still FTP to the device from another local device.
  4. Selfhost, on a PC/SBC connected to the same network or using it as a bridge. This is basically the same as using the DNS, but you don’t have to worry about your ISP hijacking it and you’re in complete control of it. Using a SBC as a bridge you’ll likely run into an issue with upload/download speed unless you’re using something more beefy like a RPi.
  5. Using a DNS. Good, as long as your ISP isn’t hijacking your requests. Should allow you to use the device as normal while blocking updates, includes game updates (But you can still use PatchInstaller now). You should use in conjunction with at least one other method in case your ISP decides to be shitty one day as that’s out of your control. If you’re not selfhosting the DNS you’re at the mercy of whoever hosts it. Hosting an DNS service that’s open to the public can become a full time job to prevent abuse so don’t be surprised if they don’t last.
  6. Update blocker payload (Also applied every time GoldHEN runs). Prior to the 6.72 exploit this was a great option as it prevented the console from even downloading the update in the first place to the point some safe mode options wouldn’t even let you install PUPs. Now the console will delete the dummy files (After a KP, periodically, etc). Because you’re not actually looking at these dummy files constantly, you won’t know when they are gone. Doesn’t block game updates.
  7. Disabling updates in the official settings. This does not stop updates from downloading or nagging you to install said update after the download is complete. There is no reason not to disable updates from the official settings, but it honestly doesn’t do a lot. Doesn’t block game updates.
  8. Setting the environment to “sp-int” will “block” updates. The console has some sort of trigger that will set this back to “np” if this happens you’re console will try to update again. There are also other behind the scene issues you may run into periodically if you change this setting, for example game saves... It seems like a good option but honestly it’s not.

People normally do 5, 6, 7 or 4, 6, 7 as these combos stack protection while allowing “normal” use of the internet.

Do you just have a list of domains I should block?

Kinda, you can see a file with a list of domains that I use to generate the real list here. You need to have some sort of wildcard blocking to block entire domains, while allowing other to be redirected/pass through. Not all routers/systems allow this. Currently I use Bind and it can be configured to function 100% as desired. I’ll work on adding options for the list compiler script to make configuration files for other applications like PiHole (Temporary, 99% working PiHole config here).

Why not just wildcard block everything?

If you were going to wildcard block everything you may as well just stay offline. The purpose of selectively blocking/hijacking is to allow the most usability while blocking only what’s necessary.

I used an old blocklist (or a blocklist someone else posted) am I still good to go?

No, a majority of the published blocklists do not block certain domains by wildcard, yet do not list every domain individually. Like literally not one is actually correct. Depending on region/language they don’t even block updates properly. Add to this they block CDNs that may break streaming apps or online features that may otherwise work, or domains that aren’t even actually contacted as they are part of a chain. Even after giving feedback every time I see them posted the same people keep re-posting them. THEY ARE WRONG, please fix them or at least stop linking them.

Changelog

2023-12-03: First Draft

2024-01-04: Add sponsors info

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment