I decided to create an SRV record to eliminate the problem of port proxy and more convenient interaction.
Now with the command “dig _minecraft._tcp.DOMAIN SRV”
attackers can calculate my REAL IP
[email protected]:~# dig _minecraft._tcp.hitech.<DOMAIN> SRV
; <<>> DiG 9.10.3-P4-Debian <<>> _minecraft._tcp.hitech. SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 895
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_minecraft._tcp.hitech.. IN SRV
;; ANSWER SECTION:
_minecraft._tcp.hitech.. 300 IN SRV 0 0 25561 dc-568364c96a4b..
;; Query time: 12 msec
;; SERVER: 213.133.98.98#53(213.133.98.98)
;; WHEN: Sun Mar 01 12:32:55 MSK 2020
;; MSG SIZE rcvd: 112
[email protected]:~# dig dc-568364c96a4b.
; <<>> DiG 9.10.3-P4-Debian <<>> dc-568364c96a4b.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65340
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dc-568364c96a4b.. IN A
;; ANSWER SECTION:
dc-568364c96a4b.. 300 IN A
;; Query time: 10 msec
;; SERVER: 213.133.98.98#53(213.133.98.98)
;; WHEN: Sun Mar 01 12:33:34 MSK 2020
;; MSG SIZE rcvd: 73