-
-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
More details on hosting public instance #382
Comments
Could it be because I'm also using port 19132 to host a geyser Java server? |
EDIT: For hosting a public instance, it is recommended to use software like bind (with recursion turned off) See following guide for how to set this up on a Linux server: https://github.com/Pugmatt/BedrockConnect/wiki/Setting-up-on-Linux |
Just wondering whether this method is still working? Just now, I tried to change the DNS server to US, German, restarted the xbox, but I still cannot add a custom server without game pass. |
Sorry to necro this discussion, but I'm a bit concerned that people are discussing about making a DNS server public. I didn't see any in-depth explanation about security in the documentatiob, is BedrockConnect built with mitigations against attempts of misuses for DNS Amplification? (The easiest solution that I know is to setup a VPN server, so that the friend's client are auth'd before accessing the services hosted in your home... but that's becoming overkill to access a Minecraft server.) |
Some of the public servers maybe vulnerable |
Thank you for bringing this up. The BedrockConnect software itself does not supply the DNS connection, it is what a separate DNS server would be directing a hostname to for players on Minecraft to connect to. So there isn't anything built into the software itself per se, as it doesn't touch the DNS step. The DNS connections mentioned in this project would be provided through third-party software. We do though have a install-bind.sh script in the repo for quickly setting up Bind, which is set to disable recursion by default. That being said, there are some improvements I've been meaning to make to the documentation, along with removing some guides that probably are not the most advisable from a security standpoint. I've removed the guide from my previous reply in this issue (along with the similar wiki page), and instead recommend people to follow the existing "Setting up on Linux" guide in the repo wiki if they really want to host a public instance. (Which uses the install-bind.sh script previously mentioned) I've also gone in and edited this wiki page to specify that its recommended for recursion should stay off for public instances. Inside our README, under the "Publicly available BedrockConnect instances", as @Xavierhorwood mentioned those two IPs may be vulnerable. My main instance, 104.238.130.180, has always had mitigations in place such as having recursion off, but for my alternate one 45.55.68.52 had recursion on (with other mitigations such as rate limiting), as an alternative solution for PS4/PS5 users (As that appeared to be the only way for the DNS to work on PS4/PS5 consoles) I've been meaning though to remove this, as again it's still not the most secure, and going forward the alternate solution will instead be to join through a new "Add Friend" method. (Which has been added now here: https://github.com/Pugmatt/BedrockConnect?tab=readme-ov-file#add-friend-method) 45.55.68.52 has been removed from the public list, @hasankayra04 For your DNS instance, do you know if NextDNS has anything in place that mitigates against attacks? |
I don't think so. But i have rate-limiting in place to prevent abuse. |
Hey how's it going?
I've followed the video for setting up on windows and I'm pretty technically inclined but was unable to get it working.
What exactly do you need to do in order to use a public ip for friends to use my instance to join
The text was updated successfully, but these errors were encountered: