DNS – Valid Zone Name or Service Name for SRV Records

domain-name-systemsrv-record

I've been following a few guides/questions on how to use A records and SRV records to map a domain to a specific ip and port like 1.1.1.1:1889:

https://stackoverflow.com/questions/11433570/how-to-use-srv-or-any-other-record-do-redirect-a-domain

https://stackoverflow.com/questions/19015138/how-to-redirect-dns-to-different-ports

In questions like the ones above, they recommend using SRV records. The only part I'm not clear on is how to determine the correct service name to use in my SRV record? For example, let's say I have these records

mysql.example.com.  86400 IN A 1.1.1.1
mongo.example.com.  86400 IN A 1.1.1.1
www.example.com.  86400 IN A 1.1.1.1
mosquitto.example.com.  86400 IN A 1.1.1.1
_mysql._tcp.example.com. 86400 IN SRV 10 20 3306 mysql.example.com.
_mongo._tcp.example.com. 86400 IN SRV 10 20 27017 mongo.example.com.
_http._tcp.example.com. 86400 IN SRV 10 20 3306 www.example.com.
_mqtt._tcp.example.com. 86400 IN SRV 10 20 3306 mosquitto.example.com.

Are the _mysql, _mongo, _http and _mqtt the correct service names to use in my SRV records? I completely guessed these service names because I wasn't able to find a website that lists all the acceptable service names that can be used.

Best Answer

First web browsers do not follow SRV records at all, so even if you can design them, they are useless.

Now given the generic process to know what goes into any record, taking SRV as an example.

IANA is the guardian of things so go to https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4 where you can see for SRV that it is defined in RFC 2782

There it is defined as such:

Here is the format of the SRV RR, whose DNS type code is 33:
   _Service._Proto.Name TTL Class SRV Priority Weight Port Target

with then respectively:

Service

   The symbolic name of the desired service, as defined in Assigned
   Numbers [STD 2] or locally.  An underscore (_) is prepended to
   the service identifier to avoid collisions with DNS labels that
   occur in nature.

and

Proto

   The symbolic name of the desired protocol, with an underscore
   (_) prepended to prevent collisions with DNS labels that occur
   in nature.  _TCP and _UDP are at present the most useful values
   for this field, though any name defined by Assigned Numbers or
   locally may be used (as for Service).  The Proto is case
   insensitive.

[STD 2] reference is RFC 1700 but RFC 3232 obsoleted it to make a database online of possible values... which is again administered by IANA.

It is now there: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml and do note that it is basically what you find in file /etc/services in any Unix box.

So taking back your examples (your port numbers are wrong in multiple SRV records depicted though):

mysql is indeed defined for port 3306 so it is valid as service name and hence in an SRV record
for port 27017, the service name is mongodb, not mongo (but do Mongo clients honor SRV records?)
http is indeed defined for port 80 so it is a valid service name (and https for port 443)
mqtt is defined as valid port name, for port 1883. But same question as above, do clients use SRV records at all?

Do note also that there are in the wild various SRV records not following the above. If they can be published they "work", that is nothing will prevent resolution of them at the DNS level even if they don't use a registered service name as above, as long as some application of course do read them.

For example, you can find lots of example with _sip._tls or _sipfederationtls._tcp online, which are both wrong: tls is not a valid protocol, and sipfederantiontls is not a valid service name (and is in fact too long, as https://www.rfc-editor.org/rfc/rfc6335.html#section-5.1 specifies it should be at most 15 characters long). So some tool/UI may prevent creating those records in a zonefile, and some nameservers may refuse to load them, but in most cases they will work (if applications do consume them).

Related Solutions

Active Directory DNS – Should ‘A’ Record Point to Domain Controller?

You're learning why you shouldn't use the same domain name for your Active Directory as you're using for your external Internet presence.

The "A" records for the domain referring to the domain controllers are used for DFS to resolve the name of the domain to a domain controller (primarily for client computers to access the SYSVOL). If you delete those "A" records you're going to see group policy break, amongst other things.

If you can't rename the AD domain, I think you're stuck putting IIS (or some other HTTP server) up on those boxes to redirect client computers to the right host.

This is why I name my AD domains "ad.domain.com". You should have a really, really good reason before you create a DNS zone on a private DNS server that matches a zone that the Internet has authoritative DNS servers for already. You've done that, and added Active Directory into the mix.

What are the main differences between SRV records and TXT records

TXT records are free-form text records and can be used for things like describing hosts. Can also be used for application specific goals, like DNSBL and SPF. Nowadays, they're widely used to accomplish both these goals.

SRV records are service records and are a kind of extension of MX records and are a little more complex than TXT records. While MX records are used to define which servers will handle the e-mail for a specific domain, giving different weights to different records, SRV records are used to provide things such as the protocol and the port. A SRV record has the following form:

_Service._Proto.Name TTL Class SRV Priority Weight Port Target

Service: the symbolic name of the desired service.

Proto: the transport protocol of the desired service; this is usually either TCP or UDP.

Name: the domain name for which this record is valid.

TTL: standard DNS time to live field.

Class: standard DNS class field (this is always IN).

Priority: the priority of the target host, lower value means more preferred.

Weight: A relative weight for records with the same priority.

Port: the TCP or UDP port on which the service is to be found.

Target: the canonical hostname of the machine providing the service.

One typical example of usage of SRV records is when using the XMPP protocol. For instance, if you have a foobar.com domain, the A record would be used to define the servers where your web contents are and the SRV records would be used to define where your XMPP server is. Typically, they will be located in different addresses.

More info about SRV records here.

Best Answer

Related Solutions

Active Directory DNS – Should ‘A’ Record Point to Domain Controller?

What are the main differences between SRV records and TXT records

Related Topic