An alternate DNS solution to try if you were relying on Al-Azif’s DNS Servers


We are constantly looking for guest bloggers at If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

15 Responses

  1. Jorge says:

    After many years, first one

  2. Tom says:

    This is pretty sweet, simple enough and I’m sure Al-Azif’s DNS Servers will come back but it’s always good to have options like you said

  3. americanpie says:

    thank you, wololo!

  4. Dudewalker says:

    I’ve personally started using PiHole on a Raspberry Pi as my DNS blocker. Works perfectly once you configure it.

  5. AmPie says:

    the NextDNS page says if you use the 7 day free sign-up, it only works on the browser you signed up with…
    The ‘Pro’ plan is $19.90 a year or $1.99 a month. This gives unlimited queries.
    Finally, does anyone know if ‘Quad9’, which is totally free, will function as a satisfactory alternative?

    • wololo says:

      There is an unlimited free version as well, with 300k queries per month. The 7 days trial is if you don’t want to register to their service. Registration is free

  6. AP says:

    But if it’s 300,000 queries each month, that is not unlimited… It is free, and as you point out, if you use it for the ps4 only, you will probably be ok.

  7. Curious says:

    wololo –

    can you point to or post an article that talks about why the jailbreak must be hosted on a wireless dongle or some other device, other than plugging in and using a usb stick on the ps4/ps5…

    It seems it must be associated with a web address to be useful.

    Some background on the subject would be interesting.

    I did read your self host (ps5) posting, and I assume it works the same for ps4.


    • wololo says:

      Most of the currently known exploits rely on webkit as their entry point: they use a vulnerability in webkit (the console’s browser), which is triggered by loading a webpage. Loading that webpage is trickier than it seems, but generally is achieved by redirecting the console’s user guide (which we know loads and displays a particular webpage) to a “malicious” page that you control. The redirection is achieved with simple DNS trickery (which is why you need a fake DNS). You then need to host the page somewhere (and ask your DNS to redirect the user manual to that url). Some of us choose to use one of the many public hosts that have the page in question. Others, like me, just host the exploit locally, e.g. on a portable server such as the esp8266.
      The jailbreak doesn’t “need to” be hosted on a wireless dongle, but 1) it needs to be hosted somewhere, 2) your console must have a technical way to access it (network access, even if limited) and 3) you need a way to tell your console where to access it (the Fake DNS). The Wireless dongles such as ESP8266 solve all 3 problems in an elegant way, but are certainly not the only solution.

      A USB stick/dongle as you mention would require a usb-based exploit. This has happened in the past, but browser based exploits are more frequent, simply because more eyeballs are looking at Webkit.

  8. Kitt says:

    thanks wololo.

    I also did some research on what DNS does, and that helps explain things. Also signed up for NextDNS and it works well. I like the idea of not using the DNS servers my ISP wants me to use. None of their biz where I surf…
    My netgear X6 router lets me add isp addresses to a blocked list maintained in the router. I added all the websites AlAzif listed and you reproduced in another article… Surprised to see EA* and Akamai* on the list!

    Do you think this will take care of Sony telemetry efforts if I reconnect my ps4 back up to the internet?
    I have an old usb wifi dongle (sandisk wireless flash drive SDWS2)… It shows an address on my router when it is powered on. Do you think it would be possible to launch the web exploit from that?
    thanks, again for the info.

    • wololo says:

      Yes, I think your router will be effective at blocking the addresses, this is probably the best way to maintain internet access while effectively blocking urls you consider “unwanted” (better than a DNS actually, since it will really block them instead of “pretending they don’t exist”). The downside is that if all your devices use the same router, then all of them will be blocked.

      I believe EA and Akamai are in Al-Azif’s DNS from an earlier period when the goal of the DNS was to be more generic and block all kinds of telemetry from all kinds of services. There are urls for Nintendo in there as well, which are definitely not relevant for PlayStation. I personally block only playstation.* urls, but it might be worth asking Al-Azif and other folks on the scene what the definitive list is.

      Funny that you mention the SDWS2, I’m convinced somebody else already asked about that particular device. I think the problem with those is that they are not open source, and unless they get reverse engineered, it might not be possible to run your own server, etc… on them. Don’t quote me on that but that’s how I remember it.

  9. Kitt says:

    My Netgear Nighthawk router lets me bypass the blocked url list for one device – I must list the IP address of the device, so I used my go-to laptop.

    I tried in the browser and I could connect to no site. I just googled it and didn’t see anything either. BUT do we need to also block ** (google search) and ** as well? These are not in Al-Azif’s list…

    The sandisk device was used back a whle ago to allow several devices to log onto it and share files, like movies or music. You can connect like 3 devices (?) to stream media at the same time. Two drawbacks are in needed an app AND it acts like a usb drive when you plug it into a computer (to load files) and you cannot run the wifi at the same time, it has a button internal battery which is all but dead (mine is like 8 y.o.). Device is so old, not likely anyone will reverse engineer.

    Guess I’ll wait for the LILYGO to arrive from China and flash that… Hopefuly before X-mas. 😉

    I appreciate the info!

  10. axeax says:

    Can it spoof firmware?

    • wololo says:

      I don’t think so? Doesn’t spoofing firmware require more than a DNS Server? Like something actually running on the console?