WIN FIFA World Cup™ tickets! Raffle closes in:

WIN FIFA World Cup 2026™ tickets! Enter now

Sign up now
Wc2026 Mobile
  • Glossary
  • What is a DNS SRV record? | ExpressVPN Glossary

Expressvpn Glossary

DNS SRV record

DNS SRV record

What is a DNS SRV record?

A Domain Name System (DNS) service (DNS SRV) record maps a specific service to a server hostname and port. It helps clients find and connect to services without needing a fixed server address. For example, it can help an app locate a service such as Voice over Internet Protocol (VoIP), instant messaging, or email access.

Some services run on multiple servers, so DNS SRV records can return multiple valid options at once.

How does a DNS SRV record work?

A DNS SRV record query and response process works as follows:

  1. Client sends request: The client asks DNS about a service using the format _service._proto.name. In this format, "service" specifies what the client needs, "proto" indicates the connection protocol, usually Transmission Control Protocol (TCP) or User Datagram Protocol (UDP), and "name" is the domain that hosts the service.
  2. DNS returns response: DNS returns one or more matching SRV records. Each record includes a priority, weight, port, and target hostname.
  3. Record lists details: The port shows where to connect, while the target provides the server’s hostname. Priority sets the order in which the client tries each server.
  4. Client checks priority and weight: The client tries servers with lower values first. When servers share the same priority, the client uses weight to decide how often each server is selected.
  5. Client connects: It selects a server, looks up the target hostname's IP address via standard DNS lookup (e.g., A or AAAA records), and connects on the listed port.

How DNS SRV records work.

Why are DNS SRV records important?

DNS SRV records support service discovery, improve resilience, and help distribute client connections across servers.

They allow clients to find where a service runs without storing fixed hostnames or ports. Clients query for SRV records and use the returned priority, weight, port, and target details to choose where to connect.

DNS SRV records also separate services from individual hosts. This allows systems to run the same service on multiple servers or move it as needed, making it easier to distribute requests and letting clients try another server if one fails. This behavior depends on DNS caching, time to live (TTL) settings, and client support for SRV records.

Where is it used?

DNS SRV records are common in applications that need service discovery by hostname and port, such as:

  • Communication protocols: Systems like Session Initiation Protocol (SIP) for VoIP, Extensible Messaging and Presence Protocol (XMPP), and some email submission or access services use DNS SRV records to locate services.
  • Identity and directory services: Active Directory (AD) uses DNS SRV records to help clients locate domain controllers and related services, including Lightweight Directory Access Protocol (LDAP) and Kerberos authentication.
  • Internal service discovery: Enterprises use DNS SRV records to enable automatic discovery of internal services, especially when clients need to find the correct hostname and port without hard-coding service locations.

Risks and privacy concerns

DNS SRV records rely on standard DNS behavior, which brings some risks. Without additional protections such as DNS over Transport Layer Security (DoT) or DNS over HTTPS (DoH), SRV queries can travel unencrypted between the client and resolver and may expose service and server names.

If the DNS zone isn't signed with DNS Security Extensions (DNSSEC), clients and resolvers may not be able to cryptographically verify that DNS responses are authentic and unchanged. DNSSEC adds cryptographic signatures, including Resource Record Signature (RRSIG) records, that validating resolvers use to check that a response hasn’t been tampered with. The two protections are complementary: DoH and DoT encrypt DNS traffic in transit, while DNSSEC authenticates DNS data itself.

Configuration errors can also cause issues. Incorrect priority or weight values can disrupt failover or client-side traffic distribution, while missing records can stop service discovery. Systems that depend on SRV records may also fail if DNS is unavailable.

Further reading

FAQ

What is the difference between an SRV record and an A record?

A Domain Name System (DNS) service (DNS SRV) record maps a service to a hostname and port, while an address (A) record maps a domain directly to an IPv4 address. SRV records support service discovery, whereas A records provide basic address resolution.

How do priority and weight work in an SRV record?

In a Domain Name System (DNS) service (DNS SRV) record, priority indicates which server to try first, with lower values taking precedence. Weight indicates how likely each server is to be selected when several servers share the same priority.

Do SRV records replace port numbers?

Domain Name System (DNS) service (DNS SRV) records don’t replace port numbers. They publish the correct port for a service in DNS, so SRV-aware clients can discover it during lookup instead of relying on a hard-coded port.

Which services commonly use SRV records?

Service (SRV) records are commonly used by communication and directory systems such as Session Initiation Protocol (SIP), Extensible Messaging and Presence Protocol (XMPP), Lightweight Directory Access Protocol (LDAP), and Active Directory (AD) to dynamically locate service endpoints.

Are SRV records secure by default?

Domain Name System (DNS) service (DNS SRV) records rely on standard DNS behavior, so they aren’t encrypted or authenticated by default. Without protections such as DNS over HTTPS (DoH), DNS over Transport Layer Security (DoT), or DNS Security Extensions (DNSSEC), queries may reveal service names, and attackers may be able to spoof or alter DNS responses.
Get Started