DNS · SRV
SRV record lookup
SRV records advertise which host serves a given service on a given port — used by SIP, XMPP, LDAP, Kerberos, Microsoft AD, and Matrix. Format: `_service._proto.<domain>`.
intermediate
SRV
How to look it up
Four ways to query — pick by what's available on your machine.
dig (XMPP)dig SRV _xmpp-server._tcp.example.com +short
dig (LDAP)dig SRV _ldap._tcp.example.com +short
dotdigdotdig srv _xmpp-server._tcp.example.com
Sample response
10 5 5269 xmpp.example.com.
Format
Format: `<priority> <weight> <port> <target>.`. Priority lower = preferred. Weight = tiebreaker among same priority (proportional). Target must point to A/AAAA, NOT CNAME.
Common pitfalls
- SRV target must be a hostname (A/AAAA), not a CNAME — same rule as MX. Many clients fail silently with CNAME targets.
- Service prefix is hardcoded per protocol. Get one wrong (e.g. `_xmpp._tcp` vs `_xmpp-server._tcp`) and the entire SRV is invisible to the client.
- Priority + weight combination is per-CHURCH — DNS doesn't track which servers are healthy. Health checks belong in the application layer.
Why it matters for security
security relevance
SRV records expose your internal service infrastructure. Large enterprises hide critical SRV (Active Directory) behind split-horizon DNS to prevent reconnaissance.
Use cases
- Discovering Active Directory domain controllers
- Federating XMPP / Matrix services
- SIP softphone provisioning
- Kerberos KDC discovery
Look up DNS without flag soup
dotdig is a friendly DNS resolver — formatted output, custom resolver support, DNSSEC validation. Zero-config alternative to dig.
Open dotdig
Related DNS lookups
TXT · MX · NS · TXT (DMARC)