XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
It is currently Tue Sep 13, 2016 8:01 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 8 posts ] 
Author Message
PostPosted: Wed Sep 17, 2014 11:53 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5511
Location: NYC
1.1GB DL/5.7GB unpacked!!!!

If turns out 8 is like 7, I want to preemptively block it from downloading automatically. Reading here and there to block mesu.apple.com (and maybe appldnld.apple.com) from Access Restriction in Router. When I do a trace route to that address, I'm told it has multiple IPs. Tried setting a rule in Access Restrictions, but don't think I did it properly, then couldn't delete or edit the rule. (I'm seeing that that's been reported as a bug in Tomato Shibby.) Restored Tomato entirely from a backup to get rid of it.

Anyway, having trouble getting the IP addresses or range of addresses for mesu.apple.com, and would like instructions for blocking those IPs in Tomato, until I'm ready for the update, which I'm not hearing great things about for an older iPad 2.

Just put the IPs, separated by commas, or the full range IP-IP, into the field and save?

Image


Top
 Profile  
 
PostPosted: Wed Sep 17, 2014 2:01 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 8657
Location: Suburbia
I replied to the old thread with how I blocked automatic ios updates. You create a custom DNS record under Advanced->DNS/DHCP for the domain name. It still gets notifications of updates, but will fail to download the update.

When an update gets on my device (normally only occurs when I free up too much space when I'm on someone's else's network), I get it off by going home (where I have the domain blocked), perform an iCloud backup, then reset all data & settings. When it resets the update is off my device, then I restore from the backup, then I sync using iTunes to get my music, photos, videos back on. I have some smart/dumb groups in iTunes that I use to sync music, photos, & video, so those aren't included in my iCloud backup.


Top
 Profile  
 
PostPosted: Wed Sep 17, 2014 2:14 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 8657
Location: Suburbia
Oh. I guess I didn't add it to the old thread. I guess I didn't want to necropost or something.

My router at home is still in a box someplace, but I think the domain is mesu.apple.com. So you would want to stick the following line into Advanced->DHCP/DNS:
address=/mesu.apple.com/10.255.255.1

The actual IP address can be anything (so long as it's not a server that Apple uses for mesu), I just stick it on a 10 net because I setup my router to drop all unused 10. addresses.


Top
 Profile  
 
PostPosted: Wed Sep 17, 2014 2:34 pm 
Online
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 13807
Quote:
I guess I didn't want to necropost or something.

Well, I look at it like the threads are more like a repository, so no problem with me at keeping things together or even duplicating in another thread. :)


Top
 Profile  
 
PostPosted: Wed Sep 17, 2014 2:52 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 8657
Location: Suburbia
I may have just forgotten to hit submit to be honest. I figured this out months later once I got unlucky enough to re-download that damn iOS 7 update.


Top
 Profile  
 
PostPosted: Wed Sep 17, 2014 3:43 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5511
Location: NYC
So just this:

#Block iOS update
address=/mesu.apple.com/10.255.255.1

Please explain: I don't understand why just entering that will tell the router to block that address? And why can it be any IP?

Quote:
I just stick it on a 10 net because I setup my router to drop all unused 10. addresses.

But mine isn't set up like that. It will still work with that IP?


Top
 Profile  
 
PostPosted: Wed Sep 17, 2014 4:07 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 8657
Location: Suburbia
So long as you're using the DNS server built into the router, that means when any attached device that's using the router as a DNS server attempts to ask it what the IP address for mesu.apple.com is, the router will reply it's address is 10.255.255.1. Since that address isn't actually mesu.apple.com, when the client attempts to connect to 10.255.255.1 the connection will fail.

Your ISP will, within a couple hops, block all traffic coming from your router sent to 10.255.255.1 since they technically can't send that traffic anywhere. There's no public server on the internet at 10.255.255.1. As a result connections to it will fail. If your router is using the default subnet, 192.168.1.x, you could just as easily make the line address=/mesu.apple.com/192.168.2.1 and it'd do the exact same thing.

The idea here is that if a client device attempts to connect to mesu.apple.com and they're directed to any IP address that can't handle mesu.apple.com traffic (meaning not an Apple server) then the client device will fail to connect to mesu.apple.com.

It's like using a hosts file but it applies to all clients using a DNS server. You can think of it as a specially formatted hosts file for the DNS server in the router, its just that clients connect up to the DNS server and get fed the exact same information (so instead of having to edit all the hosts files on all clients, you just change it in one place and clients get fed it as part of their normal DNS lookup).


Top
 Profile  
 
PostPosted: Wed Sep 17, 2014 4:11 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5511
Location: NYC
Got it. Beautiful. I'm already using the router for all clients' DNS.

From the iPad, getting "Error: Unable to check for updates" Will leave it like that for a few days, until I'm pretty sure it's not an automatic download, which it might not be this time.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group