Hacker News new | ask | show | jobs
by 0x00cl 81 days ago
You could run a DNS server and configure the server with a whitelist of allowed IPs on the network level, so connections are dropped before even reaching your DNS service.

For example, any red-hat based linux distro comes with Firewalld, you could set rules that by default will block all external connections and only allow your kids and their friends IP addresses to connect to your server (and only specifically on port 53). So your DNS server will only receive connections from the whitelisted IPs. Of course the only downside is that if their IP changes, you'll have to troubleshoot and whitelist the new IP, and there is the tiny possibility that they might be behind CGNAT where their IPv4 is shared with another random person, who is looking to exploit DNS servers.

But I'd say that is a pretty good solution, no one will know you are even running a DNS service except for the whitelisted IPs.
1 comments
Xylakant 81 days ago
They're all playing from home, connected to their residential internet. I don't know their IP addresses.
link
simoncion 81 days ago
Correct me if I misunderstand what you're trying to do:

What you want to do is -on each LAN that has a Switch that you want to play on your specific Minecraft server- report that the IP for the hostname of the Minecraft server the Switch would ordinarily connect to is the server that you're hosting?

If you're using OpenWRT, it looks like you can add the relevant entries to '/etc/hosts' on the system and dnsmasq will serve up that name data. [0] I'd be a little shocked (but only a little) if something similar were impossible on all non-OpenWRT consumer-grade routers.

My Switch 1 is more than happy to use the DNS server that DHCP tells it to. I assume the Switch 2 is the same way.

[0] <https://openwrt.org/docs/guide-user/base-system/dhcp.dnsmasq>

link
Xylakant 81 days ago
I can do that for my network - but the group is multiple kids that play from their home. I'm not going to teach all of those parents how to mess with their network. There's just way too many things that can go wrong. Also, won't work if the kid is traveling.
link