[Art Doyle]

And even gambled with "lifetime activated" Ebay purchases for spares ....



So how do I lock these jokers out? So they can never mess with our units again?



Can it be as simple as blocking their IP address on our router?




Hope someone at DNNA loses their job over this (normally sympathetic to anyone in this economy)......

 

[brobin]

As stated in many threads already, if you're using WiRNS 3.0 there is no connection to DNNA servers involved and there is nothing to block.

 

[mlloyd]

Quote:

Originally Posted by brobin As stated in many threads already, if you're using WiRNS 3.0 there is no connection to DNNA servers involved and there is nothing to block.

There's the unintended connections when something goes wrong (with the Replay), when you do a 'factory reset', and when installing a new software image. I have a filter to block access to *.replaytv.net AND local DNS to send the expected domains to WiRNS.

 

[Art Doyle]

Quote:

Originally Posted by mlloyd There's the unintended connections when something goes wrong (with the Replay), when you do a 'factory reset', and when installing a new software image. I have a filter to block access to *.replaytv.net AND local DNS to send the expected domains to WiRNS.

Mark,


Could you expand on this? It would be much appreciated.


I'm assuming your filter is a simple router entry? But are you also actually running your own DNS server?


Any of you gurus know how to permanently alter the replay so that it can never call home? Believe that's an appropriate response given the provocation.

 

[mlloyd]

Quote:

Originally Posted by Art Doyle Mark, Could you expand on this? It would be much appreciated. I'm assuming your filter is a simple router entry? But are you also actually running your own DNS server? Any of you gurus know how to permanently alter the replay so that it can never call home? Believe that's an appropriate response given the provocation.

As to the filter, it's a simple router entry.


My router (Linksys with Tomato firmware) includes a combined DHCP and DNS program called "dnsmasq". It can be used to assign static DHCP and/or do DNS redirection. There seems to be no wildcards here, so I set the DNS for all domain names I've heard of (all end with replaytv.net). The current list is:


replaytv.net

production.replaytv.net

production-1.replaytv.net

production-2.replaytv.net

production-backup.replaytv.net

ntp-production.replaytv.net

rddns-production.replaytv.net

rddns-production-1.replaytv.net

rddns-production-2.replay.tvnet

rns.replay.tvnet

rns-1.replaytv.net

rns-2.replaytv.net


If you can redirect only one of those, choose 'production.replaytv.net'.


I suppose someone could change the software to eliminate those URLs. What would you change them to? Perhaps it could have an option to specify what server you're using.

 

[Art Doyle]

Quote:

Originally Posted by mlloyd As to the filter, it's a simple router entry. My router (Linksys with Tomato firmware) includes a combined DHCP and DNS program called "dnsmasq". It can be used to assign static DHCP and/or do DNS redirection. There seems to be no wildcards here, so I set the DNS for all domain names I've heard of (all end with replaytv.net). The current list is: replaytv.net production.replaytv.net production-1.replaytv.net production-2.replaytv.net production-backup.replaytv.net ntp-production.replaytv.net rddns-production.replaytv.net rddns-production-1.replaytv.net rddns-production-2.replay.tvnet rns.replay.tvnet rns-1.replaytv.net rns-2.replaytv.net If you can redirect only one of those, choose 'production.replaytv.net'. I suppose someone could change the software to eliminate those URLs. What would you change them to? Perhaps it could have an option to specify what server you're using.

Thanks for the quick response! Pretty certain I'll be able to duplicate your list exactly.

 

[Space]

Quote:

Originally Posted by mlloyd As to the filter, it's a simple router entry. My router (Linksys with Tomato firmware) includes a combined DHCP and DNS program called "dnsmasq". It can be used to assign static DHCP and/or do DNS redirection. There seems to be no wildcards here, so I set the DNS for all domain names I've heard of (all end with replaytv.net). The current list is: replaytv.net production.replaytv.net production-1.replaytv.net production-2.replaytv.net production-backup.replaytv.net ntp-production.replaytv.net rddns-production.replaytv.net rddns-production-1.replaytv.net rddns-production-2.replay.tvnet rns.replay.tvnet rns-1.replaytv.net rns-2.replaytv.net If you can redirect only one of those, choose 'production.replaytv.net'. I suppose someone could change the software to eliminate those URLs. What would you change them to? Perhaps it could have an option to specify what server you're using.

You are missing some, check out this link.


Namely:


production.hd.pcdvr.replaytv.net

production-1.hd.pcdvr.replaytv.net

production-2.hd.pcdvr.replaytv.net


Also, if you get a chance, could you post the dnsmasq rules you use in Tomato? I am looking at setting up DD-WRT and those would be helpful.


Thanks!

 

[kuoh]

If you have a windows PC that is on most of the time, you can run this free DNS server. You might even be able to run it on the wirns PC, if you can disable its DNS proxy. It works best if you give the PC a static IP or DHCP reservation from the router. Otherwise, you'll have to update the ReplayTV each time the PC's IP changes.

http://sourceforge.net/projects/dhcp-dns-server/


Only a few changes are needed to the default config to make it intercept all DNS lookups for replaytv.net. Leave all other settings unchanged, restart the service if necessary, change the Replays to use this PC as the DNS server and you should be good to go.


--------------------------

[SERVICES]

#DNS only

DNS


[DNS-ALLOWED-HOSTS]

#These are permitted hosts for DNS Query. Should be your local subnet.

192.168.0.1-192.168.255.254


[WILD-HOSTS]

#This should be the IP of your wirns server.

*.replaytv.net=192.168.0.253


----------------------------


KuoH


Quote:

Originally Posted by mlloyd My router (Linksys with Tomato firmware) includes a combined DHCP and DNS program called "dnsmasq". It can be used to assign static DHCP and/or do DNS redirection. There seems to be no wildcards here...

 

[Space]

Quote:

Originally Posted by kuoh If you have a windows PC that is on most of the time, you can run this free DNS server. You might even be able to run it on the wirns PC, if you can disable its DNS proxy. It works best if you give the PC a static IP or DHCP reservation from the router. Otherwise, you'll have to update the ReplayTV each time the PC's IP changes. http://sourceforge.net/projects/dhcp-dns-server/ Only a few changes are needed to the default config to make it intercept all DNS lookups for replaytv.net. Leave all other settings unchanged, restart the service if necessary, change the Replays to use this PC as the DNS server and you should be good to go. -------------------------- [SERVICES] #DNS only DNS [DNS-ALLOWED-HOSTS] #These are permitted hosts for DNS Query. Should be your local subnet. 192.168.0.1-192.168.255.254 [WILD-HOSTS] #This should be the IP of your wirns server. *.replaytv.net=192.168.0.253 ---------------------------- KuoH

Why run this when WiRNS already does this?


I mean if you plan to run a PC all the time anyway, and you are running WiRNS on it, why bother installing a different DNS server? WiRNS already has a DNS server that intercepts the *.replaytv.net requests.


The point of putting this in the router is that you DON'T need to run a PC all day. Since the router does run all day, you might as well put it in there. With the router serving these up, you can keep the Replays on your LAN using DHCP without having to use static addressing.

 

[kuoh]

I thought wirns only intercepted specific hosts, not the entire domain. If that is not correct, then feel free to ignore my comments above. In my case, I already am running a file server with my own DNS, so it was simpler for me to add the wildcard and let the replays continue using DHCP on my network.


KuoH

Quote:

Originally Posted by Space Why run this when WiRNS already does this? I mean if you plan to run a PC all the time anyway, and you are running WiRNS on it, why bother installing a different DNS server?

 

[Space]

Quote:

Originally Posted by kuoh I thought wirns only intercepted specific hosts, not the entire domain. If that is not correct, then feel free to ignore my comments above. In my case, I already am running a file server with my own DNS, so it was simpler for me to add the wildcard and let the replays continue using DHCP on my network. KuoH

I think you are right that it only intercepts specific replaytv.net domains. But those domains are the only ones that the ReplayTV currently uses. I suppose it is possible for those domains to be changed (and they have been in the past). But if they are changed, there is no guarantee that they will be in the same domain, or that they won't be changed to just IP addresses (assuming they were purposely trying to circumvent being intercepted).


So I would say that covering the whole *.replaytv.net domain does have its' merits, but it is not a complete solution.


Actually, thinking about it, the complete solution would be to return the WiRNS IP address for ANY DNS query coming from the ReplayTV's IP or (even better) MAC address.

 

[mlloyd]



Quote:
Originally Posted by Space /forum/post/20764016


You are missing some, check out this link.


Namely:


production.hd.pcdvr.replaytv.net

production-1.hd.pcdvr.replaytv.net

production-2.hd.pcdvr.replaytv.net


Also, if you get a chance, could you post the dnsmasq rules you use in Tomato? I am looking at setting up DD-WRT and those would be helpful.


Thanks!

I was going to add them, but I seem to have found a wildcard solution. It returns the WiRNS IP for any subdomain of replaytv.net. I added the following line to the dnsmasq configuration:


address=/. replaytv.net/192.168.1.80


where the IP at the end is the IP of my PC running WiRNS. Note that there are NO spaces in the above line.

 

[mlloyd]



Quote:
Originally Posted by kuoh /forum/post/20764113


If you have a windows PC that is on most of the time, you can run this free DNS server. You might even be able to run it on the wirns PC, if you can disable its DNS proxy. It works best if you give the PC a static IP or DHCP reservation from the router. Otherwise, you'll have to update the ReplayTV each time the PC's IP changes.

http://sourceforge.net/projects/dhcp-dns-server/


Only a few changes are needed to the default config to make it intercept all DNS lookups for replaytv.net. Leave all other settings unchanged, restart the service if necessary, change the Replays to use this PC as the DNS server and you should be good to go.


--------------------------

[SERVICES]

#DNS only

DNS


[DNS-ALLOWED-HOSTS]

#These are permitted hosts for DNS Query. Should be your local subnet.

192.168.0.1-192.168.255.254


[WILD-HOSTS]

#This should be the IP of your wirns server.

*.replaytv.net=192.168.0.253


----------------------------


KuoH

The above should be a solution for people who don't already have the capability, and can figure out how to set it up. I find it easier to use what's already in my router.

 

[mlloyd]



Quote:
Originally Posted by Space /forum/post/20764132


Why run this when WiRNS already does this?


[snip]

There's a problem with this. If you configure your router to return the WiRNS IP for DNS you'd completely lose internet access. Any DNS would go through WiRNS. When IT tries to get an IP, it's just told to talk to itself.


Maybe you mean just to set each Replay to use WiRNS for DNS. That's the same INFERIOR solution I was trying to get away from. For one thing, it makes it really complicated to set up a new HD using WiRNS only.

 

[replayrob]



Quote:
Originally Posted by mlloyd /forum/post/20765068


I was going to add them, but I seem to have found a wildcard solution. It returns the WiRNS IP for any subdomain of replaytv.net. I added the following line to the dnsmasq configuration:


address=/. replaytv.net/192.168.1.80


where the IP at the end is the IP of my PC running WiRNS. Note that there are NO spaces in the above line.

h

That's great!

Thanks mlloyd

DD-WRT firmware has DNSMASQ feature too- just populated with your solution.

 

[mlloyd]



Quote:
Originally Posted by replayrob /forum/post/20765097


That's great!

Thanks mlloyd

DD-WRT firmware has DNSMASQ feature too- just populated with your solution.

That was fast. Thanks for acknowledging my help.


I suppose I no longer need the connection filter too, but it's not hurting anything.

 

[mlloyd]



Quote:
Originally Posted by Space /forum/post/20764332


I think you are right that it only intercepts specific replaytv.net domains. But those domains are the only ones that the ReplayTV currently uses. I suppose it is possible for those domains to be changed (and they have been in the past). But if they are changed, there is no guarantee that they will be in the same domain, or that they won't be changed to just IP addresses (assuming they were purposely trying to circumvent being intercepted).


So I would say that covering the whole *.replaytv.net domain does have its' merits, but it is not a complete solution.


Actually, thinking about it, the complete solution would be to return the WiRNS IP address for ANY DNS query coming from the ReplayTV's IP or (even better) MAC address.

I haven't found out how to do that yet, but I do have a filter that blocks internet access from the Replays. That'd stop anything the ".replay.net" DNS redirection misses.

 

[Crunchy Doodle]

For what it's worth . . . . . my solution . . . . .


In part because the WiRNS DNS server didn't work for me - I tried WiRNS on two different machines - I set up the DNS server on the Windows Server 2003 machine I ended up using for WiRNS. I configured it for no DNS forwarding - if it couldn't satisfy the DNS request, return an error to the caller. I gave it one DNS record: *.replaytv.net pointing to the WiRNS Server IP address on the same machine (it has three IP addresses). With all of the ReplayTV boxes in the house set for using the DNS I just set up, they would be satisfied for any request they should normally make and be sent to my WiRNS server. If they somehow asked for some other domain, they would get an error and go nowhere. It's been working well for some days now. Even my wife likes it.

Bye.

 

[mlloyd]



Quote:
Originally Posted by Crunchy Doodle /forum/post/20765367


For what it's worth . . . . . my solution . . . . .


In part because the WiRNS DNS server didn't work for me - I tried WiRNS on two different machines - I set up the DNS server on the Windows Server 2003 machine I ended up using for WiRNS. I configured it for no DNS forwarding - if it couldn't satisfy the DNS request, return an error to the caller. I gave it one DNS record: *.replaytv.net pointing to the WiRNS Server IP address on the same machine (it has three IP addresses). With all of the ReplayTV boxes in the house set for using the DNS I just set up, they would be satisfied for any request they should normally make and be sent to my WiRNS server. If they somehow asked for some other domain, they would get an error and go nowhere. It's been working well for some days now. Even my wife likes it.

Bye.

So you still have to use manual addressing on the Replays. That's what I was wanting to avoid. This leads to problems when setting up a new image.

 

[Crunchy Doodle]

Ideally, it would be best for some sort of arrangement where your router would recognize that a ReplayTV was making the DNS request and answer with your WiRNS Server IP. As with all network devices, the first part of the MAC address on all ReplayTV boxes are the same with only the last third of the address being unique to the specific ReplayTV box.


Being that I'm just getting started with WiRNS in the last week, I'm not expert on all of its ins and outs. I thought I had read that WiRNS would allow you to bring up a fresh image properly. The obvious precaution was to not plug in the network cable until you could be sure it was pointing to the right DNS to get WiRNS and not the "real" ReplayTV servers. I expect that I will face this issue one day as I have five 5000 ReplayTV boxes in service and it's amazing they can run so well for so many years - and then one day a hard drive goes out.

Bye.

Quote:
Originally Posted by mlloyd /forum/post/20765381


So you still have to use manual addressing on the Replays. That's what I was wanting to avoid. This leads to problems when setting up a new image.