Update
This guide is outdated. Please follow the new guide here.
The Amazon Fire TV checks for updates during its initial setup. If an update is found, it downloads and installs the update without prompting for approval. All future updates are installed automatically without approval as well. The only way to block an update on a new or unrooted Fire TV is to block the update server through your router’s filtering or DNS options. This guide will show you how to block Fire TV updates using your router settings.
There are three domains to block:
- amzdigitaldownloads.edgesuite.net
- softwareupdates.amazon.com
- updates.amazon.com
The first domain is where the updates are downloaded from, while the other two domains are accessed by the Fire TV to check if an update is available.
Different router models will handle domain blocking differently, so I can’t give you exact instructions. If you don’t know how to do it for your particular router, refer to your router’s user guide for exact instructions. The router setting you want to look for will likely be labeled as one of the following: Firewall, Filtering, Blocking, or Parenting.
Here is what the setting looks like in my Netgear router.
If your router does not have blocking capabilities, or you do not have access to the settings, you can alternately block the domains by setting up your router to use a services like OpenDNS and blocking the domain within their DNS options. OpenDNS has detailed guides to help you set it up.
Additional sample router configuration screens:
DD-WRT
Netgear
Asus
Tomato
Untangle
Comtrend
@AFTVnews
AFTVnews
Did Amazon add another updater domain? I have both the above domains blocked through roughter and the other night I got a notification about an update available. The dialog box gave me 60 seconds to se an update reminder or force the update. Of course I postponed it and have yet to receive another reminder. I also lost root on September 22, due to a ninja update. Would like to add the new domain for future rooting of boxes.
I haven’t heard of any new domains used, but it’s certainly possible. I have read some people say their router has a delay before the blocking starts working. I believe they said that when their router restarts/boots there is a minute or so when updates can get through before they get blocked. Perhaps your router is the same.
really quick so i blocked the names on my router and it def is blocked i turned on my ftv and its stuck on the checking for updates screen. Will this timeout after sometime?
I blocked the sites and today when setting up my 5th aftv it still found a download. I think they may have changed something because it worked great the other 4 times.
I got a new box today from Amazon Germany and I blocked the 2 domains before running the first set up.
Now its stuck after gathering network information right after language selection.
It tells me ‘the internet connection is interupted, check cabeling and router settings’.
What can I do now?
same problem here but blocked 3 domains. it seems that these domains also seem to provide the fire tv with data in general, not only update data. someone needs to improve this guide as it is not working at least in Germany.
For a dd-wrt router the restriction page doesn’t work very well. It will only block http:// URL access. I found that entering this under the Services -> DNSMasq section works much better:
address=/amzdigitaldownloads.edgesuite.net/127.0.0.1
address=/softwareupdates.amazon.com/127.0.0.1
address=/firs-ta-g7g.amazon.com/127.0.0.1
i managed to get rootable FTV and am trying to block the domains mentioned in this article. How do i do this with my apple airport time capsule? If cant do this with my apple router is there another good way to block the domains? I also use the unotelly DNS service so can i do any filtering with unotelly?
I use openDNS and created an account there. it has worked for me twice now
thanls for all your efforts
Anyone know how to block these sites on a virgin super hub 2 ??
Can’t see any options in firewall section
Thanks
Sorry meant domains
It doesn’t look like it’s possible with that moden. According to the manual (https://my.virginmedia.com/content/dam/virgoBrowse/docs/Discover_Broadband_quick_guide.pdf) the parental controls on it is called “WebSafe” and according to this page (http://community.virginmedia.com/t5/Internet-Security/Virgin-Websafe/td-p/2264885) it is not capable of blocking individual domains.
You’re going to need to buy a cheap router if you want to block updates.
amazon must have a new domain because my FTV just downloaded an update and I had these 3 loaded.
I am seeing the same thing about update servers on xda forum as well
http://forum.xda-developers.com/fire-tv/general/android-tv-rom-t2977252/page6
Topic 57
Going to try my newly acquired Christmas gift and will report back if these links are still valid.
will blocking these also prevent other amazon devices like kindles from updating?
Please add for pfSense. Should this be a floating rule with Quick apply?
+1
For pfsense you can add these in Services, DNS Forwarder. Add in the host override section towards the bottom with IP 127.0.0.1 for each.
or correctly use Aliases in blocking rules
when i try to block amzdigitaldownloads.edgesuite.net on an asus router i get
amzdigitaldownloads.edgesuite.ne
any ideas how i can still block it?
I ran into this too. The available character space for the url entry is 1 short of needed. ie available characters on your rtr is 10, this shows up as ‘amzdigital’
OpenDNS or replacing the rtr is the only options I know
How do I know that my router has succesfully blocked the domain?
If i go to update and press it, it wil say no update with the date of today.
Is this right?
block something else and try to use it
block search.yahoo.com
test
confirm
For me its only possible to block ip addresses at my router. I already blocked 127.0.0.1 but FireTV still starts to download the update.
Which ip adresses should blocked,too? Any ideas?
You can’t block 127.0.0.1 that’s the local host loop back address.
This guide is useless. I just blocked the 3 domain suggested, and the Fire TV went ahead and updated to the latest software. Now I can’t root the device or downgrade. Thanks.
I can confirm the 3 addresses no longer work to block updates. They must have added another update server.
I just got a rootable version from best buy and it started to update even though I had those three addresses in my router. If I blocked all traffic using the Mac address it would not update. I was able to root and disable the update package in time though.
i blocked all these….but it still went through…any thought?
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
atv-ext.amazon.com
amzdigitaldownloads.edgesuite.net
a1910.d.akamai.net
add your voice to request the WHITELIST of addresses.
Block ALL
Allow list
Looks like this needs to be blocked as well:
(a1910.d.akamai.net)
C:\Users\tony>ping amzdigitaldownloads.edgesuite.net
Pinging a1910.d.akamai.net [23.216.11.120] with 32 bytes of data:
Reply from 23.216.11.120: bytes=32 time=66ms TTL=55
Reply from 23.216.11.120: bytes=32 time=70ms TTL=55
Reply from 23.216.11.120: bytes=32 time=70ms TTL=55
Reply from 23.216.11.120: bytes=32 time=71ms TTL=55
they appear to have added a dynamic DNS resolver
https://robtex.com/?dns=amzdigitaldownloads.edgesuite.net
overkill:
92.123.140.0/22
why has that not been added to the official docs? @AFTVnews
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
atv-ext.amazon.com
amzdigitaldownloads.edgesuite.net
a1910.d.akamai.net
i blocked all these, but still went through..any idea?
So, I just got me a Fire TV today and the serial # is rootable. Scared to plug it in.
Just follow the guide…a LOT of steps but it works!
Just did mine which I also bought yesterday which required a partition upgrade also.
I blocked these at the router and OpenDNS.
I was able to root the new Fire TV but now I cannot play any Amazon Media (Movie,TV etc) anymore. Get the circle icon looking for media.
However other media works in other Apps not coming from Amazon origination.
Which URL do I need to unblock for Prime Media to play?
^ which FQDN
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
atv-ext.amazon.com
a1910.d.akamai.net
Forgot to add the URLS in post above….here they are.
I have also blocked all the links posted here and got the update. It’s not working anymore folks. :(
Are all us unrooted people doomed? I don’t want to get an update that kills my sideloaded kodi.
Does anyone know which app is the one that is grabbing the update off amazon servers?
If so, then afwall+ can be used to block updates.
My FireTv tried to contact following ip-addresses.
54.231.17.113
54.231.10.25
54.231.33.1
54.231.18.185
54.231.12.177
54.231.96.81
54.231.8.241
54.231.65.17
Maybe a general blockig of all 54.231.* for the fire tv will keep you save from updating.
http://jodies.de/ipcalc
i blocked them but it just sits forever on checking for updates. I think you have to be on a certain version for this to work. Mine had the screen where it was asking language upon boot so maybe to new.
I have the version 51.1.4.2 installed on my fire tv. The yellow light is blinking and the amazon services are not accessable. But i can use all apps trough the settingsmenue.
Is there a way to render a firmware backup while in rooted state,so even if its updated and overwritten it could be restored?
for some versions
mikrotik
ip-dns-statik
add the wrong ip address
or terminal ip dns static – add name http://www.example.com address=ip
Guys just use open DNS to block updates!
The 5 RayP has posted
You should also us adb to enter code commands to block updates after rooting every time, and after updating the rooted Roma as well. Don’t forget to install su, rooted box too! Very important.
Are these https urls? I’ve done some testing and blocking via the router does NOT work for https urls. I’m using Tomato. I believe same goes for dd-wrt. From what I’ve read, “https is encrypted from the moment the TCP connection is established, so not blockable using the router block rules”. As someone else suggested, either block via OpenDNS or the following command in DNSmasq as posted by Andy :
address=/amzdigitaldownloads.edgesuite.net/127.0.0.1
address=/softwareupdates.amazon.com/127.0.0.1
Following also works :
iptables -I FORWARD 1 -m string –string “softwareupdates.amazon.com” –algo bm –from 1 –to 600 -j REJECT
Sorry! Ignore the last suggestion with iptables as it also blocks this page!
Wield iptables less poorly
> Are these https urls
No. They are FQDN.
My router does not work with OpenDNS and I don’t understand DNSmasq. I have the 5 websites blocked in my Firewall Parental Controls but I’m afraid to connect my AFTV based on what others said about the updates coming through anyway. Is this definitely true?
> My router does not work with OpenDNS
False
Instructions can you please add the At&t Uverse router model 5031NV to block the AFTV updates, It looks nothing like any of the ones on the list you have now.
Thanks
It seems to me that blocking a bunch of known suspicious sites is not completely reliable.
Why don’t you consider working with a whitelist for the FireTV in your router?
At the moment I only need kodi which is automatically started by llama when the stick reboots.
I had already reached that kodi was on the amazon startscreen but after I cancelled trial subscription of prime
it had disappeared shortly there after from the start screen.
With my learning-by-doing whitelist I managed to ban amazon from my TV screen. A slight problem persists
because when I leave kodi accidentally (e.g. by pressing the home button), then I cannot start kodi again
via settings apps cause the stick likes to validate my PIN which is impossible because of the successful amazon block.
I can capture internet traffic of my wlan within my router. So after something in kodi does not work, e.g. a TV-Station-app hangs,
I can see which site was unreachable. Then I put it on the whitelist.
Building up the whitelist means more work than using a blacklist but you can be sure that you control the action.
for everyone wisely not-using a sh!tbox router that would be
block all
allow these
What is your exhaustive list of allowed FQDN and respective explanation of services?
Without this list your comment is close to frippery
I bought this a couple days ago and I’m seriously considering sending it back if a future update blocks Kodi. I’m not interested in any of the Amazon apps and only use it for Kodi.
Hopefully somebody might find
a way of rooting the newer firmwares in future, but it’s not looking good so far. :(
https://exploitee.rs/index.php/Amazon_FireTV
Can it still block sideloded kodi with abdfire
doesnt seem to work anymore as i get home is currently unavailable
ok false alert
my raspi with archlinux somehow emptied the /etc/resolv.conf
so dnsmasq didnt work anymore ;)
Control that upstream LAN
I would suggest talking about “ping” in this article so that users can test make sure that these services are actually blocked before rooting. I bought 3 units back a while ago and just about to root the other two that were still new in box ., figured good to get it out of the way before Fire 5 rolls out completely.
UDP/TCP blocking is not ICMP blocking.
I have multiple android device names on my router. Could someone tell me how I know which android-xxxxx device name is my firestick? Thx
MAC address
how do i find the spot to block these on a Motorola Arris SBG6782-AC?
with pfSense I block these four on my (non-root’d) generation_1 FireTV:
firs-ta-g7g.amazon.com
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
This has the desired effect of preventing installation of apps… as troglodyte like to install adware — not acceptable.
Last week someone was able to install apps.
Perhaps something new needs blocking.
On my root’d FireTV stick (not 4k) I disabled updates by freezing (or deleting where appropriate) OTA services. This allows the device to be portable without too much risk of updates allowing me to lend my subscriptions of Netflix, and The Blaze TV.
All my amazon devices have Jabber texting apps installed ;)
I cannot download media apps (hbo, netflix, et al) with this blocklist:
firs-ta-g7g.amazon.com
amzdigitaldownloads.edgesuite.net
softwareupdates.amazon.com
updates.amazon.com
atv-ext.amazon.com
a1910.d.akamai.net
amzdigital-a.akamaihd.net
amzdigital-b.akamaihd.net
amzdigital.akamaihd.net
which ones ought be removed?
Amazon Prime Video arrived here in Italy and I had to unblock atv-ext.amazon.com to make it work. Make this info can be useful to others.
Make -> Maybe (can’t edit)
Hi I’m having this problem also where it’s stuck on unable to update right from the box I have a modem from a Local cable company idk if this is gonna work i have no access to the settings could you help me please , I’m computer savey, but not enough to be a whiz !!