Services Record (SRV)

Defined in RFC 2782. The SRV RR identifies the host(s) that will support particular services. The MX RR is a specialised example of service discovery while the SRV RR is a general purpose RR to discover any service. The SRV RR allows control over prioritisation of delivery and usage. It is not widely supported except notably by OpenLDAP and increasingly by VoIP systems in conjunction with the NAPTR RR. Ugly format may not be helping!

The theory behind SRV is that given a domain name, for instance,, and a service name, for example, web (http) which runs on a protocol (tcp in the web case case), a DNS query may be issued to find the host name that provides such a service for the domain - and which may, or may not, be within the domain - see example 2 below.

SRV Syntax  ttl  class   rr  pri  weight port target IN      SRV 0    5      80
Field Description
srvce Defines the symbolic service name (see IANA port-numbers) prepended with a '_' (underscore). Case insensitive. Common values are:
  • _http - web service
  • _ftp - file transfer service
  • _ldap - LDAP service
  • _imap - IMAP mail service
  • _PKIXREP - PKIX Repository (X.509 certificates)
prot Defines the protocol name (see IANA service-names) prepended with a '_' (underscore). Case insensitive. Common values are
  • _tcp - TCP protocol
  • _udp - UDP protocol
Notes: Use of SRV in PKIX (X.509) handing. RFC 4210 defines service names of certificates, crls, pgpkeys, pgprevokations all with a protocol of tcp to indicate the use of the CMP protocol over HTTP/HTTPS. Thus a certificate store supporting CMP may be discovered for the domain by a query for In a slightly bizarre variation, RFC 4386 (INFORMATIONAL status), also defines the use of the _PKIXREP service for discovery of X.509 certificate repositories and other PKIX services, the protocol field, contains what other users of the SRV define as the service name. Thus for the service name _PKIXREP the protocol values would be:
  • _ldap - The certificate respository server uses LDAP
  • _http - The certificate respository server uses HTTP
  • _ocsp - The server provides an Online Certificate Status Protocol service
One assumes that additional values such as _cmp, _svcp or _crl (X.509/PKIX protocols) could also be used to describe alternative PKIX services even though these are not mentioned in RFC 4386. Finally OCSP (RFC 2560) suggests the service can run over many transport protocols such as LDAP, HTTP or SMTP and thus the SVR definition proposed for PKIXREQ service would not contain enough information - because it does not differentiate between a number of possible transports - to allow true service discovery. Altogether a strange RFC.
name Incomprehensible description in RFC 2782. This RR obeys the normal name rules such that leaving the entry blank (without a dot) will substitute the current the zone root (or the current $ORIGIN), or you can explicitly add it as in the above (with a dot).
ttl Optional. Standard TTL parameter. For more information about TTL values.
class Optional. Standard CLASS parameter. Normally IN for Internet class. For more information.
pri The relative Priority of this service (range 0 - 65535). Lowest is highest priority, usage is the same as the MX pref field.
weight Used when more than one service has the same priority. A 16 bit unsigned integer in the range 0 - 65535. The value 0 indicates no weighting should be applied. If the weight is 1 or greater it is a relative number in which the highest is most frequently delivered, that is, given two SRV records both with Priority = 0, one with weight = 1 the other weight = 6, the one with weight 6 will have its RR delivered first 6 times out of 7 by the name server.
port Normally the port number assigned to the symbolic service but this is not a requirement, for instance, it is permissible to define a _http service with a port number of 8100 rather than the more normal port 80.
target The name of the host that will provide this service. Does not have to be in the same zone (domain). May be just a host name or a FQDN.


This example is taken from the RFC and is designed to make everything clear(!). The second example shows a real world LDAP service definition. The third shows a mythical IMAP server example.

@               SOA (
                          1995032001 3600 3600 604800 86400 )
; foobar - use old-slow-box or new-fast-box if either is
; available, make three quarters of the logins go to
; new-fast-box.
_foobar._tcp    SRV 0 1 9
                SRV 0 3 9
; if neither old-slow-box or new-fast-box is up, switch to
; using the sysdmin's box and the server
                SRV 1 0 9
                SRV 1 0 9
server           A
old-slow-box     A
sysadmins-box    A
new-fast-box     A
; NO other services are supported
*._tcp          SRV  0 0 0 .
*._udp          SRV  0 0 0 .

Example 2

This example is taken from the OpenLDAP site and allows a simple discovery process of the LDAP server for the zone by interrogation of the DNS.

; defines an ldap service available at the host    SRV 0 0 389 jim
; if the service (LDAP) were hosted by another organization
; the reference could be external
; in this case the host hosts the LDAP service for
;    SRV 0 0 389

OpenLDAP publish an SRV RR which may be obtained by issuing an SRV query to

Example 3

An MX RR defines the name of the host that will receive incoming mail for a domain using an SMTP service. This example would allow a mail client (assuming it supported such a service) to find an IMAP server for a domain in order to read the mail using the IMAP protocol in this case (it could equally have been pop3):

; defines an IMAP service available at the host
; using the normal imap port number    SRV 0 0 143 imap
; above could have written as
; _imap._tcp    SRV 0 0 143 imap
; OR even
;    SRV 0 0 143
; the imap service could be hosted on a non-standard 
; port number - in the case below port 8800
_imap._tcp    SRV 0 0 8800 imap
; if the service (IMAP) were hosted by another organization
; the reference could be external
; in the case below the host provides 
; the IMAP service for 
_imap._tcp    SRV 0 0 143

To use such an SRV would require that the mail client support the feature. As far as we know none do. But it is a nifty idea.

Example 4

The next example shows the use of the SRV for provision of SIP (VoIP) services for a domain.

; defines an SIP service available at the host
; using a port number of 6201 with the normal sip udp protocol    SRV 0 0 6201 sip
; above could have written as
; _sip._udp    SRV 0 0 6201 sip
; OR even
;    SRV 0 0 6201
; adding a second SRV RR with a lower priority allows failover
; to sip2 in the case that sip is not available
_sip._udp    SRV 1 0 5523

Pro DNS and BIND by Ron Aitchison


tech info
guides home
dns articles
1 objectives
big picture
2 concepts
3 reverse map
4 dns types
5 install bind
6 samples
7 named.conf
8 dns records
9 howtos
10 tools
11 trouble
12 bind api's
13 dns security
bits & bytes
15 messages
notes & tips
registration FAQ
dns resources
dns rfc's
change log