An alternate DNS solution to try if you were relying on Al-Azif’s DNS Servers
Al-Azif‘s DNS servers have been down for a while and there’s no guarantee they’re coming back. In the meantime, many of us have been using Nomadic’s DNS instead (62.210.38.117). In parallel, Al-Azif has also published details on a DYI solution using docker (here). I’m also providing alternate suggestions, as well as an explanation of what these DNS servers actually do and why they’re useful to you, if you’re running a Jailbreak on your PS4 or PS5.
The takeaway from the current situation is that having options is always good, and you should try and learn about why we use this or that service on the scene, to understand why it’s useful to you and what alternatives you have.
NextDNS: Free DNS Service with Denylist and Domain Rewrite
Today, fellow scene member Xer0 came to me with a new suggestion to replace your DNS server, which I think would work well for a lot of people. In particular if you don’t want to deal with a complicated setup on your end. Introducing: NextDNS.
Disclaimer: links to NextDNS in this article are affiliate links. But to be 100% clear I only get a commission if you subscribe to their paid service, which I don’t think you’ll need: their free service is more than enough for our use case IMO.
NextDNS is basically a DNS that you can setup quickly. It is free up to 300’000 requests per month, which will be way more than ok if you only use it for your PS4/PS5 hacking needs. The service offers redirection and denylist as well, which will basically let you enable the two most important features you want for your PS4/PS5 DNS: 1) redirect the user’s manual to your local exploit and 2) block Sony’s telemetry.
I still recommend learning how to self-host the exploit and make your own DNS locally (details here), however if you want to try a simple solution that works out of the box, check NextDNS.
How to set up NextDNS for your hacked PS4/PS5:
- Create a free account on NextDNS (note, there’s even a free “no sign-in” 7 day version if you don’t want to create an account there)
- in the Denylist section of NextDNS, add “playstation.com”. This will block most of the telemetry.
- In the “Settings” section of NextDNS, scroll down to “Rewrites”, and add a Rewrite entry for playstation.net to your local exploit host (this is to redirect the manual to your exploit)
- In your Internet settings on the PS4/PS5, set the DNS (primary and secondary) to the ones provided by NextDNS
You’re good to go!
Results
- In my tests, the DNS from NextDNS worked as advertised. It is worth mentioning that the “Rewrite” only takes IPs or Domain names as input and output. Because of this, I wasn’t able to use any of the public hosts I know of as targets (they all require a redirect, not a simple domain swap), but I’m sure if this method becomes widely used, some solution will arise. In the meantime, using a local IP on my domain worked perfectly fine with a self hosted host.
- With a 30 minutes test drive on my PC, I performed about 400 DNS requests with just regular browsing (but with a lot of cache clearing, so there’s that…). Bottom line, I think the 300’000 request limit is more than fine if you simply use this for your hacked PS4/PS5.
Conclusion
If you have a solution that works for you when it comes to running the PS4/PS5 hacks and blocking telemetry, by all means, keep it. But if you’re looking for a simple solution that works reasonably well out of the box, NextDNS seems to be an ok solution!
Thanks to Xer0 for the tip!
After many years, first one
This is pretty sweet, simple enough and I’m sure Al-Azif’s DNS Servers will come back but it’s always good to have options like you said
thank you, wololo!
I’ve personally started using PiHole on a Raspberry Pi as my DNS blocker. Works perfectly once you configure it.
the NextDNS page says if you use the 7 day free sign-up, it only works on the browser you signed up with…
The ‘Pro’ plan is $19.90 a year or $1.99 a month. This gives unlimited queries.
Finally, does anyone know if ‘Quad9’, which is totally free, will function as a satisfactory alternative?
There is an unlimited free version as well, with 300k queries per month. The 7 days trial is if you don’t want to register to their service. Registration is free
But if it’s 300,000 queries each month, that is not unlimited… It is free, and as you point out, if you use it for the ps4 only, you will probably be ok.
Sorry, yes, I mean unlimited *in time*, by opposition to the 7-day trial
wololo –
can you point to or post an article that talks about why the jailbreak must be hosted on a wireless dongle or some other device, other than plugging in and using a usb stick on the ps4/ps5…
It seems it must be associated with a web address to be useful.
Some background on the subject would be interesting.
I did read your self host (ps5) posting, and I assume it works the same for ps4.
thanks.
Most of the currently known exploits rely on webkit as their entry point: they use a vulnerability in webkit (the console’s browser), which is triggered by loading a webpage. Loading that webpage is trickier than it seems, but generally is achieved by redirecting the console’s user guide (which we know loads and displays a particular webpage) to a “malicious” page that you control. The redirection is achieved with simple DNS trickery (which is why you need a fake DNS). You then need to host the page somewhere (and ask your DNS to redirect the user manual to that url). Some of us choose to use one of the many public hosts that have the page in question. Others, like me, just host the exploit locally, e.g. on a portable server such as the esp8266.
The jailbreak doesn’t “need to” be hosted on a wireless dongle, but 1) it needs to be hosted somewhere, 2) your console must have a technical way to access it (network access, even if limited) and 3) you need a way to tell your console where to access it (the Fake DNS). The Wireless dongles such as ESP8266 solve all 3 problems in an elegant way, but are certainly not the only solution.
A USB stick/dongle as you mention would require a usb-based exploit. This has happened in the past, but browser based exploits are more frequent, simply because more eyeballs are looking at Webkit.
thanks wololo.
I also did some research on what DNS does, and that helps explain things. Also signed up for NextDNS and it works well. I like the idea of not using the DNS servers my ISP wants me to use. None of their biz where I surf…
My netgear X6 router lets me add isp addresses to a blocked list maintained in the router. I added all the websites AlAzif listed and you reproduced in another article… Surprised to see EA* and Akamai* on the list!
Do you think this will take care of Sony telemetry efforts if I reconnect my ps4 back up to the internet?
I have an old usb wifi dongle (sandisk wireless flash drive SDWS2)… It shows an address on my router when it is powered on. Do you think it would be possible to launch the web exploit from that?
thanks, again for the info.
Yes, I think your router will be effective at blocking the addresses, this is probably the best way to maintain internet access while effectively blocking urls you consider “unwanted” (better than a DNS actually, since it will really block them instead of “pretending they don’t exist”). The downside is that if all your devices use the same router, then all of them will be blocked.
I believe EA and Akamai are in Al-Azif’s DNS from an earlier period when the goal of the DNS was to be more generic and block all kinds of telemetry from all kinds of services. There are urls for Nintendo in there as well, which are definitely not relevant for PlayStation. I personally block only playstation.* urls, but it might be worth asking Al-Azif and other folks on the scene what the definitive list is.
Funny that you mention the SDWS2, I’m convinced somebody else already asked about that particular device. I think the problem with those is that they are not open source, and unless they get reverse engineered, it might not be possible to run your own server, etc… on them. Don’t quote me on that but that’s how I remember it.
My Netgear Nighthawk router lets me bypass the blocked url list for one device – I must list the IP address of the device, so I used my go-to laptop.
I tried SCEA.com in the browser and I could connect to no site. I just googled it and didn’t see anything either. BUT do we need to also block *sony.com* (google search) and *sonyinteractive.com* as well? These are not in Al-Azif’s list…
The sandisk device was used back a whle ago to allow several devices to log onto it and share files, like movies or music. You can connect like 3 devices (?) to stream media at the same time. Two drawbacks are in needed an app AND it acts like a usb drive when you plug it into a computer (to load files) and you cannot run the wifi at the same time, it has a button internal battery which is all but dead (mine is like 8 y.o.). Device is so old, not likely anyone will reverse engineer.
Guess I’ll wait for the LILYGO to arrive from China and flash that… Hopefuly before X-mas. 😉
I appreciate the info!
Can it spoof firmware?
I don’t think so? Doesn’t spoofing firmware require more than a DNS Server? Like something actually running on the console?