How to block Amazon Fire TV update to ensure Rooting

block-ots-update

Update

This guide is outdated. Please follow the new guide here.

The Amazon Fire TV checks for updates during its initial setup. If an update is found, it downloads and installs the update without prompting for approval. All future updates are installed automatically without approval as well. The only way to block an update on a new or unrooted Fire TV is to block the update server through your router’s filtering or DNS options. This guide will show you how to block Fire TV updates using your router settings.

There are three domains to block:

  1. amzdigitaldownloads.edgesuite.net
  2. softwareupdates.amazon.com
  3. updates.amazon.com

The first domain is where the updates are downloaded from, while the other two domains are accessed by the Fire TV to check if an update is available.

Different router models will handle domain blocking differently, so I can’t give you exact instructions. If you don’t know how to do it for your particular router, refer to your router’s user guide for exact instructions. The router setting you want to look for will likely be labeled as one of the following: Firewall, Filtering, Blocking, or Parenting.

Here is what the setting looks like in my Netgear router.
router-block-ota-update
If your router does not have blocking capabilities, or you do not have access to the settings, you can alternately block the domains by setting up your router to use a services like OpenDNS and blocking the domain within their DNS options. OpenDNS has detailed guides to help you set it up.

Additional sample router configuration screens:

DD-WRT

DD-WRT

Netgear

Netgear

Asus

Asus

Tomato

Tomato

Untangle

Untangle

Comtrend

Comtrend

ShareTweetShare+1

70 comments
  1. frank says:

    Did Amazon add another updater domain? I have both the above domains blocked through roughter and the other night I got a notification about an update available. The dialog box gave me 60 seconds to se an update reminder or force the update. Of course I postponed it and have yet to receive another reminder. I also lost root on September 22, due to a ninja update. Would like to add the new domain for future rooting of boxes.

    • AFTVnews says:

      I haven’t heard of any new domains used, but it’s certainly possible. I have read some people say their router has a delay before the blocking starts working. I believe they said that when their router restarts/boots there is a minute or so when updates can get through before they get blocked. Perhaps your router is the same.

  2. Max says:

    really quick so i blocked the names on my router and it def is blocked i turned on my ftv and its stuck on the checking for updates screen. Will this timeout after sometime?

  3. Kevin says:

    I blocked the sites and today when setting up my 5th aftv it still found a download. I think they may have changed something because it worked great the other 4 times.

  4. Leghorn says:

    I got a new box today from Amazon Germany and I blocked the 2 domains before running the first set up.
    Now its stuck after gathering network information right after language selection.
    It tells me ‘the internet connection is interupted, check cabeling and router settings’.
    What can I do now?

    • bimbo says:

      same problem here but blocked 3 domains. it seems that these domains also seem to provide the fire tv with data in general, not only update data. someone needs to improve this guide as it is not working at least in Germany.

  5. Andy Falk says:

    For a dd-wrt router the restriction page doesn’t work very well. It will only block http:// URL access. I found that entering this under the Services -> DNSMasq section works much better:

    address=/amzdigitaldownloads.edgesuite.net/127.0.0.1
    address=/softwareupdates.amazon.com/127.0.0.1
    address=/firs-ta-g7g.amazon.com/127.0.0.1

  6. Jouni says:

    i managed to get rootable FTV and am trying to block the domains mentioned in this article. How do i do this with my apple airport time capsule? If cant do this with my apple router is there another good way to block the domains? I also use the unotelly DNS service so can i do any filtering with unotelly?

  7. Dusty Lunn says:

    thanls for all your efforts

  8. Joe says:

    Anyone know how to block these sites on a virgin super hub 2 ??
    Can’t see any options in firewall section

    Thanks

  9. doug says:

    amazon must have a new domain because my FTV just downloaded an update and I had these 3 loaded.

  10. paul says:

    I am seeing the same thing about update servers on xda forum as well

    http://forum.xda-developers.com/fire-tv/general/android-tv-rom-t2977252/page6

    Topic 57

    Going to try my newly acquired Christmas gift and will report back if these links are still valid.

  11. AG says:

    will blocking these also prevent other amazon devices like kindles from updating?

  12. ken dahl says:

    Please add for pfSense. Should this be a floating rule with Quick apply?

  13. Lol says:

    For pfsense you can add these in Services, DNS Forwarder. Add in the host override section towards the bottom with IP 127.0.0.1 for each.

  14. james says:

    when i try to block amzdigitaldownloads.edgesuite.net on an asus router i get

    amzdigitaldownloads.edgesuite.ne

    any ideas how i can still block it?

    • Lenore says:

      I ran into this too. The available character space for the url entry is 1 short of needed. ie available characters on your rtr is 10, this shows up as ‘amzdigital’

      OpenDNS or replacing the rtr is the only options I know

  15. Patrick says:

    How do I know that my router has succesfully blocked the domain?

    If i go to update and press it, it wil say no update with the date of today.

    Is this right?

  16. Flaark says:

    For me its only possible to block ip addresses at my router. I already blocked 127.0.0.1 but FireTV still starts to download the update.
    Which ip adresses should blocked,too? Any ideas?

  17. paco says:

    This guide is useless. I just blocked the 3 domain suggested, and the Fire TV went ahead and updated to the latest software. Now I can’t root the device or downgrade. Thanks.

  18. snorkel says:

    I can confirm the 3 addresses no longer work to block updates. They must have added another update server.
    I just got a rootable version from best buy and it started to update even though I had those three addresses in my router. If I blocked all traffic using the Mac address it would not update. I was able to root and disable the update package in time though.

    • anthony says:

      i blocked all these….but it still went through…any thought?

      amzdigitaldownloads.edgesuite.net
      softwareupdates.amazon.com
      updates.amazon.com
      atv-ext.amazon.com
      amzdigitaldownloads.edgesuite.net
      a1910.d.akamai.net

    • wildcard says:

      add your voice to request the WHITELIST of addresses.

      Block ALL
      Allow list

  19. Snorkel says:

    Looks like this needs to be blocked as well:
    (a1910.d.akamai.net)

    C:\Users\tony>ping amzdigitaldownloads.edgesuite.net

    Pinging a1910.d.akamai.net [23.216.11.120] with 32 bytes of data:
    Reply from 23.216.11.120: bytes=32 time=66ms TTL=55
    Reply from 23.216.11.120: bytes=32 time=70ms TTL=55
    Reply from 23.216.11.120: bytes=32 time=70ms TTL=55
    Reply from 23.216.11.120: bytes=32 time=71ms TTL=55

    they appear to have added a dynamic DNS resolver

  20. anthony says:

    amzdigitaldownloads.edgesuite.net
    softwareupdates.amazon.com
    updates.amazon.com
    atv-ext.amazon.com
    amzdigitaldownloads.edgesuite.net
    a1910.d.akamai.net
    i blocked all these, but still went through..any idea?

  21. FiredUp says:

    So, I just got me a Fire TV today and the serial # is rootable. Scared to plug it in.

    • RayP says:

      Just follow the guide…a LOT of steps but it works!

      Just did mine which I also bought yesterday which required a partition upgrade also.

  22. RayP says:

    I blocked these at the router and OpenDNS.

    I was able to root the new Fire TV but now I cannot play any Amazon Media (Movie,TV etc) anymore. Get the circle icon looking for media.

    However other media works in other Apps not coming from Amazon origination.

    Which URL do I need to unblock for Prime Media to play?

  23. RayP says:

    amzdigitaldownloads.edgesuite.net
    softwareupdates.amazon.com
    updates.amazon.com
    atv-ext.amazon.com
    a1910.d.akamai.net

    Forgot to add the URLS in post above….here they are.

  24. Chris says:

    I have also blocked all the links posted here and got the update. It’s not working anymore folks. :(
    Are all us unrooted people doomed? I don’t want to get an update that kills my sideloaded kodi.

  25. mcfly says:

    Does anyone know which app is the one that is grabbing the update off amazon servers?

    If so, then afwall+ can be used to block updates.

  26. Pet4 says:

    My FireTv tried to contact following ip-addresses.

    54.231.17.113
    54.231.10.25
    54.231.33.1
    54.231.18.185
    54.231.12.177
    54.231.96.81
    54.231.8.241
    54.231.65.17

    Maybe a general blockig of all 54.231.* for the fire tv will keep you save from updating.

  27. jason says:

    i blocked them but it just sits forever on checking for updates. I think you have to be on a certain version for this to work. Mine had the screen where it was asking language upon boot so maybe to new.

  28. Pet4 says:

    I have the version 51.1.4.2 installed on my fire tv. The yellow light is blinking and the amazon services are not accessable. But i can use all apps trough the settingsmenue.

  29. Joe says:

    Is there a way to render a firmware backup while in rooted state,so even if its updated and overwritten it could be restored?

  30. demonovsv says:

    mikrotik
    ip-dns-statik
    add the wrong ip address
    or terminal ip dns static – add name http://www.example.com address=ip

  31. J says:

    Guys just use open DNS to block updates!

    The 5 RayP has posted

    You should also us adb to enter code commands to block updates after rooting every time, and after updating the rooted Roma as well. Don’t forget to install su, rooted box too! Very important.

  32. Dave says:

    Are these https urls? I’ve done some testing and blocking via the router does NOT work for https urls. I’m using Tomato. I believe same goes for dd-wrt. From what I’ve read, “https is encrypted from the moment the TCP connection is established, so not blockable using the router block rules”. As someone else suggested, either block via OpenDNS or the following command in DNSmasq as posted by Andy :

    address=/amzdigitaldownloads.edgesuite.net/127.0.0.1
    address=/softwareupdates.amazon.com/127.0.0.1

    Following also works :
    iptables -I FORWARD 1 -m string –string “softwareupdates.amazon.com” –algo bm –from 1 –to 600 -j REJECT

  33. terri says:

    My router does not work with OpenDNS and I don’t understand DNSmasq. I have the 5 websites blocked in my Firewall Parental Controls but I’m afraid to connect my AFTV based on what others said about the updates coming through anyway. Is this definitely true?

  34. Rafael says:

    Instructions can you please add the At&t Uverse router model 5031NV to block the AFTV updates, It looks nothing like any of the ones on the list you have now.
    Thanks

  35. Graf Zahl says:

    It seems to me that blocking a bunch of known suspicious sites is not completely reliable.
    Why don’t you consider working with a whitelist for the FireTV in your router?
    At the moment I only need kodi which is automatically started by llama when the stick reboots.
    I had already reached that kodi was on the amazon startscreen but after I cancelled trial subscription of prime
    it had disappeared shortly there after from the start screen.
    With my learning-by-doing whitelist I managed to ban amazon from my TV screen. A slight problem persists
    because when I leave kodi accidentally (e.g. by pressing the home button), then I cannot start kodi again
    via settings apps cause the stick likes to validate my PIN which is impossible because of the successful amazon block.
    I can capture internet traffic of my wlan within my router. So after something in kodi does not work, e.g. a TV-Station-app hangs,
    I can see which site was unreachable. Then I put it on the whitelist.
    Building up the whitelist means more work than using a blacklist but you can be sure that you control the action.

  36. Sonik says:

    I bought this a couple days ago and I’m seriously considering sending it back if a future update blocks Kodi. I’m not interested in any of the Amazon apps and only use it for Kodi.
    Hopefully somebody might find
    a way of rooting the newer firmwares in future, but it’s not looking good so far. :(

  37. Steve b says:

    Can it still block sideloded kodi with abdfire

  38. andPS2 says:

    doesnt seem to work anymore as i get home is currently unavailable

  39. andPS2 says:

    ok false alert
    my raspi with archlinux somehow emptied the /etc/resolv.conf
    so dnsmasq didnt work anymore ;)

  40. jeff says:

    I would suggest talking about “ping” in this article so that users can test make sure that these services are actually blocked before rooting. I bought 3 units back a while ago and just about to root the other two that were still new in box ., figured good to get it out of the way before Fire 5 rolls out completely.

  41. chelle says:

    I have multiple android device names on my router. Could someone tell me how I know which android-xxxxx device name is my firestick? Thx

  42. Stanley says:

    how do i find the spot to block these on a Motorola Arris SBG6782-AC?

  43. seneca says:

    with pfSense I block these four on my (non-root’d) generation_1 FireTV:

    firs-ta-g7g.amazon.com
    amzdigitaldownloads.edgesuite.net
    softwareupdates.amazon.com
    updates.amazon.com

    This has the desired effect of preventing installation of apps… as troglodyte like to install adware — not acceptable.

    Last week someone was able to install apps.

    Perhaps something new needs blocking.

    On my root’d FireTV stick (not 4k) I disabled updates by freezing (or deleting where appropriate) OTA services. This allows the device to be portable without too much risk of updates allowing me to lend my subscriptions of Netflix, and The Blaze TV.

    All my amazon devices have Jabber texting apps installed ;)

Leave a Reply

Your email address will not be published. Required fields are marked *

*