0

I'm having trouble setting up an office with one public IP and multiple web services running on separate ports. One of the services is a media server and I'm trying to add an SRV record to godaddy in order to avoid confusing the staff with ports. Additionally I've been clearing my DNS cache and trying more than 1/2 hour at a time just to confirm the cache is cleared from my DNS prefs (I've also tried other DNS servers not just manually having my system lookup the domain). The fields are filled in like so:

  • Service: _https
  • Protocol: _tcp
  • Name: @ (I've also tried domain.ca here)
  • Target: media (I've also tried media.domain.ca here)
  • Priority: 1
  • Weight: 1
  • Port: 12322
  • TTL: 1/2 hour (Though this hardly matters)

Dig output looks like so: (Output modified to remove actual domain name)

; <<>> DiG 9.10.6 <<>> media.domain.ca
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7098
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;media.domain.ca.       IN  A

;; AUTHORITY SECTION:
domain.ca.  590 IN  SOA ns45.domaincontrol.com. dns.jomax.net. 2019112603 28800 7200 604800 600

;; Query time: 28 msec
;; SERVER: 2001:568:ff09:10a::55#53(2001:568:ff09:10a::55)
;; WHEN: Sat Nov 30 11:18:01 PST 2019
;; MSG SIZE  rcvd: 122

Someone please smack me, this can't be so hard. Yes the port is forwarded in their router (works if I enter https://media.domain.ca:12322) but I can't dig or reach media.domain.ca or https://media.domain.ca as it doesn't appear to be appending the right port. Thanks everyone,

Tmanok
  • 247
  • 1
  • 11
  • 1
    What is the client? If it is a browser, then `SRV` records would be useless, commong browsers do not consult them at all. – Patrick Mevzek Nov 30 '19 at 20:20
  • I was not even aware that browsers ignore SRV, yes a browser and an app for their media. I would also like to implement this with other services but this seemed simplest. TY for the FYI. But shouldn't dig acknowledge it? I'll consider a reverse proxy if SRV is truly useless. – Tmanok Nov 30 '19 at 20:34
  • 2
    Any application can use `SRV` records if programmed to do so of course. Browsers don't and won't they were always very clear about that. It may change in the future if `HTTPSSVC` record types get standardized, dicussion is ongoing. – Patrick Mevzek Nov 30 '19 at 20:52
  • As for the rest you do not show your dig query exactly (do you query the authoritative nameservers or some recursive ones?), and you obfuscate names which I think is a bad idea, especially to get fast and relevant help. In general for DNS troubleshooting use online tools like DNSviz or Zonemaster, but they won't specifically help you for `SRV` records. – Patrick Mevzek Nov 30 '19 at 20:53
  • This may be useful: https://jdebp.eu/FGA/dns-srv-record-use-by-clients.html also the protocol may be `_http` in fact, not `_https` – Patrick Mevzek Nov 30 '19 at 20:55
  • Hey Patrick thanks for the comments, very clarifying regarding web browsers. I only obfuscated the main domain name, nothing else changed btw. The dig output was from "dig media.domain.ca" where domain has been changed from a real domain name, it asked 1.1.1.1 in the example, though I've manually done recursion as indirectly noted in my question (don't take me wrong, I appreciate you for asking for clarification). @PatrickMevzek I will try _http thank you. – Tmanok Nov 30 '19 at 22:41

1 Answers1

1

1) Web browsers don't use service records for HTTP (only delegated kerberos afaik)

2) your dig command isn't shown, but the correct lookup would be dig SRV _https._tcp.media.domain.ca or dig SRV _https._tcp.domain.ca

3) you should be using a reverse proxy with multiple domains (virtual hosts), which is explained many times on SO, here's one example tutorial https://geekflare.com/multiple-domains-on-one-server-with-apache-nginx/

TLDR: one public IP and multiple web services running on separate ports can only be accomplished by specifying the port in the browser/uri

Jacob Evans
  • 7,636
  • 3
  • 25
  • 55
  • Fun fact I am using a reverse proxy. The idea of the SRV was to simplify their network and I was not aware of HTTP not using SRV until Patrick M. commented that information. Thank you for the info on dig lookups. – Tmanok Dec 03 '19 at 18:09
  • yeah I wish SRV records were used more, haproxy was the most recent to support it for doing backend service discovery but currently browser developers seem opposed. I think it makes a lot of sense to support it but community adoption is lower than IPv6 imho. – Jacob Evans Dec 03 '19 at 18:19