How to redirect DNS to different ports

Question

TL DR  DNS resolution of a domain s  must map to IP port s   instead of just IP  Example  sub1 example com  1 2 3 4 567 sub2 example com  1 2 3 4 678 I CAN modify DNS records   I own the domain  quot Arboristal com quot   I also own all sub domains privately on arboristal com  Such as lg arboristal or ft arboristal com  Under my DNS settings  Arboristal com is set to go to our web host who is currently hosting our website  I have three servers running at my house all running under one public IP address   71 82 237 27  I also have three subdomains of Arboristal com pointing towards my IP address  Each of the three servers run on their own ports  25565  25566  25567  I want for each subdomain to point to each open port on my IP Address  Unfortunately when you try to connect to one of these servers using one of the subdomains it only connects to the server that you type the port for  My situation  Three servers  each running on a different port   All portforwarded and working as servers   Minecraft server one  25565   Minecraft server two  25566   Minecraft server three  25567    I have three subdomains running on my DNS provider  webs com   mc arboristal com  tekkit arboristal com  pvp artboristal com   When you use Minecraft to connect to one of these it does automatically through port 25565  meaning that no matter what URL you attempt to connect to it always goes to my IP with the port 25565  Connecting you to Minecraft server one  You CAN type in the port manually  but I would rather keep this as good looking and professional as possible  So  now that you know my situation  is there any possible way I can make mc arboristal com  tekkit arboristal com  and pvp arboristal com all go to my IP address under different ports without having to specify each port in the provided URL to connect to on the users end  I can add MX  A  Using this one to connect to the server   CNAME  and TXT records to DNS settings I can also add Name Servers to DNS settings if I need to use a third party as my DNS provider   Am willing to do if necessary  I also have full access to my router at 192 168 0 1 if anything needs to be configured there  I have only just learned how the internet really functions in the last week so I am unsure if anything here is actually possible  I also may not have the right information about how the internet actually works  Please forgive me for any false information that I may assume about the internet

User · Accepted Answer

You can use SRV records    service  proto name  TTL class SRV priority weight port target       Service  the symbolic name of the desired service       Proto  the transport protocol of the desired service  this is usually either TCP or UDP       Name  the domain name for which this record is valid  ending in a dot       TTL  standard DNS time to live field       Class  standard DNS class field  this is always IN        Priority  the priority of the target host  lower value means more preferred       Weight  A relative weight for records with the same priority       Port  the TCP or UDP port on which the service is to be found       Target  the canonical hostname of the machine providing the service  ending in a dot    Example    sip  tcp example com  86400 IN SRV 0 5 5060 sipserver example com    So what I think you re looking for is to add something like this to your DNS hosts file    sip  tcp arboristal com  86400 IN SRV 10 40 25565 mc arboristal com   sip  tcp arboristal com  86400 IN SRV 10 30 25566 tekkit arboristal com   sip  tcp arboristal com  86400 IN SRV 10 30 25567 pvp arboristal com    On a side note  I highly recommend you go with a hosting company rather than hosting the servers yourself  It s just asking for trouble with your home connection  DDoS and Bandwidth Connection Speed   but it s up to you

User · Answer

Possible solutions    Use nginx on the server as a proxy that will listen to port A and multiplex to port B or C  If you use AWS you can use the load balancer to redirect the request to specific port based on the host

User · Answer

It s been a while since I did this stuff  Please don t blindly assume that all the details below are correct  But I hope I m not too embarrassingly wrong         As the previous answer stated  the Minecraft client  as of 1 3 1  supports SRV record lookup using the service name  minecraft and the protocol name  tcp  which means that if your zone file looks like this     arboristal com                  86400 IN A    lt your IP address gt   minecraft  tcp arboristal com  86400 IN SRV 10 20 25565 arboristal com   minecraft  tcp arboristal com  86400 IN SRV 10 40 25566 arboristal com   minecraft  tcp arboristal com  86400 IN SRV 10 40 25567 arboristal com       then Minecraft clients who perform SRV record lookup as hinted in the changelog will use ports 25566 and 25567 with preference  40  of the time each  over port 25565  20  of the time   We can assume that Minecraft clients who do not find and respect these SRV records will use port 25565 as usual     However  I would argue that it would actually be more  clean and professional  to do it using a load balancer such as Nginx   I pick Nginx just because I ve used it before  I m not claiming it s uniquely suited to this task  It might even be a bad choice for some reason   Then you don t have to mess with your DNS  and you can use the same approach to load-balance any service  not just ones like Minecraft which happen to have done the hard client-side work to look up and respect SRV records  To do it the Nginx way  you d run Nginx on the arboristal com machine with something like the following in  etc nginx sites-enabled arboristal com   upstream minecraft servers       ip hash      server 127 0 0 1 25566 weight 1      server 127 0 0 1 25567 weight 1      server 127 0 0 1 25568 weight 1    server       listen 25565      proxy pass minecraft servers      Here we are controlling the load-balancing ourselves on the server side  via Nginx   so we no longer need to worry that badly behaved clients might prefer port 25565 to the other two ports  In fact  now all clients will talk to arboristal com 25565  But the listener on that port is no longer a Minecraft server  it s Nginx  secretly proxying all the traffic onto three other ports on the same machine   We load-balance based on a hash of the client s IP address  ip hash   so that if a client disconnects and then reconnects later  there s a good chance that it ll get reconnected to the same Minecraft server it had before   I don t know how much this matters to Minecraft  or how SRV-enabled clients are programmed to deal with this aspect    Notice that we used to run a Minecraft server on port 25565  I ve moved it to port 25568 so that we can use port 25565 for the load-balancer   A possible disadvantage of the Nginx method is that it makes Nginx a bottleneck in your system  If Nginx goes down  then all three servers become unreachable  If some part of your system can t keep up with the volume of traffic on that single port  25565  all three servers become flaky  And not to mention  Nginx is a big new dependency in your ecosystem  Maybe you don t want to introduce yet another massive piece of software with a complicated config language and a huge attack surface  I can respect that   A possible advantage of the Nginx method is    that it makes Nginx a bottleneck in your system  You can apply global policies via Nginx  such as rejecting packets above a certain size  or responding with a static web page to HTTP connections on port 80  You can also firewall off ports 25566  25567  and 25568 from the Internet  since now they should be talked to only by Nginx over the loopback interface  This reduces your attack surface somewhat   Nginx also makes it easier to add new Minecraft servers to your backend  now you can just add a server line to your config and service nginx reload  Using the old port-based approach  you d have to add a new SRV record with your DNS provider  and it could take up to 86400 seconds for clients to notice the change  and then also remember to edit your firewall  e g   etc iptables rules  to permit external traffic over that new port   Nginx also frees you from having to think about DNS TTLs when making ops changes  Suppose you decide to split up your three Minecraft servers onto three different physical machines with different IP addresses  Using Nginx  you can do that completely via config changes to your server lines  and you can keep those new machines inside your firewall  connected only to Nginx over a private interface   and the changes will take effect immediately  by definition  Whereas  using SRV records  you ll have to rewrite your zone file to something like this     arboristal com                  86400 IN CNAME mc1 arboristal com  mc1 arboristal com              86400 IN A    lt a new machine s IP address gt  mc2 arboristal com              86400 IN A    lt a new machine s IP address gt  mc3 arboristal com              86400 IN A    lt a new machine s IP address gt   minecraft  tcp arboristal com  86400 IN SRV 10 20 25565 mc1 arboristal com   minecraft  tcp arboristal com  86400 IN SRV 10 40 25565 mc2 arboristal com   minecraft  tcp arboristal com  86400 IN SRV 10 40 25565 mc3 arboristal com       and you ll have to leave all three new machines poking outside your firewall so that they can receive connections from the Internet  And you ll have to wait up to 86400 seconds for your clients to notice the change  which could affect the complexity of your rollout plan  And if you were running any other services  such as an HTTP server  on arboristal com  now you have to move them to the mc1 arboristal com machine because of how I did that CNAME  I did that only for the benefit of those hypothetical Minecraft clients who don t respect SRV records and will still be trying to connect to arboristal com 25565     So  I think both ways  SRV records and Nginx load-balancing  are reasonable  and your choice will depend on your personal preferences  I caricature the options as    SRV records   I just need it to work  I don t want complexity  And I know and trust my DNS provider   Nginx   I foresee arboristal com taking over the world  or at least moving to a bigger machine someday  I m not scared of learning a new tool  What s a zone file

User · Answer

Use SRV record  If you are using freenom go to cloudflare com and connect your freenom server to cloudflare  freenom doesn t support srv records  use  minecraft as service tcp as protocol and your ip as target  you need  quot a quot  record to use your ip  I recommend not using your  quot Arboristal com quot  domain as  quot a quot  record  If you use  quot Arboristal com quot  as your  quot a quot  record hackers can go in your router settings and hack your network  priority - 0  weight - 0 and port - the port you want to use  i know this because i was in the same situation  Do the same for any domain provider   sorry if i made spell mistakes

User · Answer

Since I had troubles understanding this post here is a simple explanation for people like me  It is useful if    You DO NOT need Load Balacing  You DO NOT want to use nginx to do port forwarding  You DO want to do PORT FORWARDING according to specific subdomains using SRV record    Then here is what you need to do   SRV records    minecraft  tcp 1 12          IN SRV    1 100 25567 1 12  lt your-domain-name com gt    minecraft  tcp 1 13          IN SRV    1 100 25566 1 13  lt your-domain-name com gt      I did not need a srv record for 1 14 since my 1 14 minecraft server was already on the 25565 port which is the default port of minecraft    And the A records   1 12                          IN A       lt your server IP gt  1 13                          IN A       lt your server IP gt  1 14                          IN A       lt your server IP gt

[networking] How to redirect DNS to different ports

Examples related to networking

Examples related to dns

Examples related to minecraft