What Is an SRV Record in DNS?
Many DNS records help run services across the Internet. One common type in the list of your DNS records is the SRV record, which is responsible for pointing the device towards the appropriate server with the right port configuration. In this article, learn what an SRV record is, how to create one, and why, sometimes, you might need to change them.
What is an SRV record?
An SRV domain record, or service record, is a custom DNS record that defines the location of servers for specified services, such as Voice over IP. It maps a service to the hostname and port number of the server offering that service.
Unlike A records that return an IP address for a given hostname, SRV records for a particular service name return a port number, the port on which the service runs.
SRV records can also include a symbolic name and the transport protocol (such as TCP or UDP) that the service uses. If a server provides multiple services, the SRV record will subsequently provide the appropriate protocol for the service and the device IP.
Additionally, all SRV records are versatile for different network configurations. They can point to either an A record for IPv4 addresses or an AAAA record for IPv6 addresses.
Having SRV records configured can save time when setting up compatible applications. For example, the email client can query the DNS for SRV records related to the email service.
However, without service records, the client may have to guess the server and port settings. Because this often leads to incorrect settings, the process requires user input.
There’s also a benefit of error reduction. Automatically pulling the correct settings from SRV records minimizes the risk of configuration errors that can occur with manual setup.
In general, service records reduce your input when querying DNS records. You no longer need to input a port at the end of the domain, much like the default port, where you don’t enter a port if the server runs on port 25565.
Structure of a service record
An SRV record is made up of different parts, which are broken down below.
| Service | Protocol | Name | Priority | Weight | Port | Target | TTL |
|---|---|---|---|---|---|---|---|
| _imaps._ | tcp. | example.com. | 10 | 5 | 993 | Mail.example.com. | 3600 |
_imaps._tcp.example.com. 10 5 993 mail.example.com. 3600
Service
Each SRV record begins with an underscore (_) followed by the service name. This part specifies the service for which the service record is providing information, like imaps.
IMAPS refers to the Internet Message Access Protocol Secure (IMAPS), which is used for email.
Protocol
Protocol follows the service name, and is preceded by an underscore (_) e.g. tcp. It indicates the transport protocol the service uses. Common protocols include TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).
Domain name
It specifies the domain name to which the service record applies. The service’s domain name is listed after the service and protocol, separated by periods, such as example.com.
Priority
Next, priority is listed. This value helps select a server among potentially multiple servers listed for the same service. A lower number indicates higher priority. A higher number, therefore, indicates lower priority.
In scenarios with server redundancy, clients might prioritize connecting to servers with a lower priority value. 10 is the priority of the server in the above example.
Weight
5, which is the weight, distributes the load between servers with the same priority. Higher weight values receive preference. If two servers have the same priority, the one with the higher weight is used more frequently.
Priority and weight can be used together for a more nuanced selection process.
Target
mail.example.com is the hostname of the server that actually provides the service. The service record ultimately points to another DNS record – it can be a CNAME record, A record, or AAAA record of this server.
Port
This defines the specific port number on which the service operates. For instance, in the case of IMAP protocol, it could be 993.
TTL
It indicates how long the record can cache. You should leave the default TTL value.
How does an SRV record work?
DNS SRV records play a role in helping clients connect to specific services within a domain. When a client wants to access a service, it sends a request to the DNS server to retrieve the SRV record associated with that service.
This SRV record provides essential details such as the hostname of the server, the port number on which the service is running, the protocol used, and the priority of the service.
Here's a practical example: imagine a company that hosts both its email and instant messaging services on the same domain, but on different servers. When an email client needs to find the email server, then it queries the DNS for the email service's SRV record.
The DNS server responds with the specific hostname and port number of the email server. Similarly, when a messaging client looks for the messaging server, it queries for the corresponding SRV record and receives the details needed to connect to the messaging server.
The goal is to ensure clients are directed to the correct servers for their services.
Practical applications of SRV records
SRV records are useful in several ways, including the following practical applications.
- VoIP services. An organization can offer several VoIP services hosted on different servers within the same domain. When a client wants to use a specific VoIP service, it queries the DNS for the corresponding SRV record. The DNS then provides the details of the correct VoIP server.
- Instant messaging services. Similarly, if an organization provides multiple instant messaging services under the same domain but on different servers, DNS service records help direct clients to the appropriate server. The DNS response includes the server details necessary for the client to connect to the correct messaging service.
- Email services. For organizations hosting email services on various servers within the same domain, DNS SRV records are crucial. When an email client needs to send or receive emails, it queries the DNS for the SRV record associated with the email service.
- Service discovery. Technologies like SIP used for voice and video calls often leverage service records for service discovery. Service records enable clients to locate services dynamically, such as email servers or databases, without needing to pre-configure IP addresses.
- Load balancing. By directing traffic to multiple servers, service records facilitate effective load balancing. This ensures that no single server bears too much load, thereby enhancing the network's responsiveness.
Prevention tips for protecting DNS SRV records
To safeguard DNS SRV records from unauthorized access or tampering, organizations should implement the following strategies.
- Monitor DNS records regularly. Organizations should consistently review their DNS records to identify any unauthorized changes. To achieve this, use DNS monitoring tools or audit services that alert administrators to any modifications. By keeping a close watch on these records, organizations can quickly detect and respond to potential security breaches.
- Apply DNSSEC. DNSSEC is a set of protocols that enhances the security of the DNS by ensuring the authenticity of the data. It helps protect against threats like DNS spoofing and cache poisoning. By deploying DNSSEC, organizations can verify that the information in their DNS records is accurate and hasn't been altered maliciously.
- Implement MFA. It's crucial for organizations to enforce robust access controls for their DNS management systems. Implementing multi-factor authentication adds an extra layer of security, requiring users to provide additional verification, such as a one-time password or biometric data, beyond just a username and password. This significantly reduces the risk of unauthorized access to DNS management interfaces.
How to create an SRV record
Creating a service record involves configuring DNS settings to define the location, priority, and port of servers for specified services within your domain. Follow these steps to create a record.
- Access the DNS management interface. Log into your domain registrar or DNS hosting provider.
- Locate the DNS management section. Navigate to the DNS management area. This is where you can manage your domain's DNS settings. The interface might differ slightly between providers.
- Choose the desired domain. If you have multiple domains, ensure you select the one for which you want to add the service record.
- Add a new SRV record. Look for an option to add a new DNS record. The label could read "Add Record" or "Create Record.” Select "SRV" as the record type from the drop down menu or list of options.
- Enter service record details. Enter the required details like priority, service, target, and so on.
- Save and verify. Save the service record. Ensure you entered it correctly and saved it in the DNS settings.
Common issues with SRV records
Configuring SRV records can sometimes lead to connectivity problems. Here are a few potential factors that might be causing issues and steps to troubleshoot them.
- Incorrect syntax. SRV record errors often stem from incorrect syntax. Be sure to double-check the syntax of the SRV record.
- Incorrect target domain. Check for misspellings in the target domain in the SRV record. Verify the target domain specified in the SRV record is accurate and thus points to the correct service location.
- Firewall configuration. Ensure that firewalls are configured to allow traffic on the specified ports. Otherwise, it can cause connectivity issues.
Frequently asked questions
Are there any security risks associated with SRV records?
While not inherently risky, incorrect service records could potentially redirect traffic to unintended servers.
Can SRV records be weighted?
Yes, service records can have a "weight" attribute, which indicates a relative priority among multiple SRV records with the same priority value.
Are SRV records supported by all DNS servers?
Yes. Most modern types of DNS servers support SRV records.
