YURIX

Minecraft Server With FreeDNS Subdomains

April 2024

Some time ago, I set up a minecraft server for me and a few friends. We host it on a machine we already had, and where a few other things run alongside it. One of these other services is a website using a subdomain from FreeDNS. They are a great, free provider of subdomains for projects that don't need their own top-level domain. This other services requires reverse DNS to be set up, which is quite important as it turns out.

After setting up the server, nobody could join it. There was just a connection refused error. Pinging the server with mcstatus did work though, meaning that the server was running and reachable. This looked very strange. Through googling the problem, we found a discussion in the cloudflare forums with the same problem. It turns out that Mojang, the company behind minecraft has banned all subdomains of the FreeDNS top-level domains from being played on in online mode, meaning with verification that the player has actually bought minecraft and is not a cracked account. And this is where it starts to matter that reverse DNS is set up for this server: Using reverse DNS, Mojang can associate the IP address of your server with the domain that has been blocked. Removing the reverse DNS entry luckily fixes the issue, but figuring this out took quite some time and nerves.

Rant about wildcard-bans

Mojang has quite a few reason why they should ban servers, I'm not questioning that. However, I disagree with the way they implement it. Mojang hosts a list of SHA-1 hashes of domains they ban. This list is quite short, and this is due to the way they ban domains: Instead of specifically banning an offending domain, they wildcard-ban the domain and all their subdomains. Wildcard-banning subdomains is an ineffective way to stop banned servers.

First, it is not uncommon that minecraft servers use free subdomains provided by FreeDNS and the like. Most people set up a minecraft server to play with their friends, and not to publicly host a server. It is therefore by no means required to have your own top-level domain, a subdomain provided by FreeDNS is more than enough for your needs. The problem with wildcard-banning is that totally unrelated server that happen to use the same top-level domain are banned aswell.

Expanding on that, the error message given in the client is quite vague and doesn't explain the problem. This makes sense from Mojang's point of view, as they want to pretend the server doesn't even exist, but from the user's point of view, their server doesn't work with no reason give as to why. Only with a lot of googling and a technical understanding that is beyond that of a typical administrator hosting a server for his friends, I was able to pinpoint and resolve the issue. Figuring this out beforehand: No chance, the issue is way to niche and undocumented for this. This is also the reason why I have decided to write this article: To shine some light on the problematic and hopefully help someone with a similar issue.

Lastly, banning domains isn't even an effective way of banning server. I could just remove the reverse DNS entry and was able to join via IP address. The domain name of course still didn't work, but you could still join the server. Additionally, a serious ban evader could just buy a new domain and move over to that. it adds some inconvenience, but in the end, the server admin keeps the upper hand in this game of cat and mouse.

In conclusion, the collateral damage caused by banning free DNS services causes more harm than it prevents banned servers from operating. Free subdomains are commonly used for private minecraft servers, the symptoms of being banned by Mojangs current system are difficult to detect, and a wildcard-subdomain ban can easily be evaded. My hope is that Mojang revises upon its policies and find a better system of banning servers.

Resolving the issue

After this essay-shaped rant (I have to write an essay tommorrow and used this article to get in the right mood), here are a few steps to detect and fix the issue:

  1. Check whether your server has reverse DNS enabled. To do this, resolve the IP of your server by running: host yurix.ch. The result should look like yurix.ch has address 149.126.4.22. Use this to run a reverse DNS lookup: host <IP from above>. This results in a response like 22.4.126.149.in-addr.arpa domain name pointer s013.cyon.net.. As you can see, it does not match with yurix.ch. This is good. It should no match.
  2. If it does match, make sure to check whether you have actually been banned. For this, we need the SHA-1 hash of *.your-top-level-domain.com. The SHA-1 hash can for example be found using this calculator. Next, open the list of banned domains and check whether your hash is in the list of blocked domains. If it is, you are affected by the problem described here.
  3. The easiest way to fix the issue is to remove the reverse DNS entry. I have tested this, and it seems to work, although it did take more than a day for all DNS caches to expire. Alternatively, you could use a different domain that is not banned, or use a IP with no domains pointing to it.