SRV / NAPTR Service Discovery Check

Domain:

Check one service domain, URI, or full SRV owner name.

Service profile:

Pick the discovery path expected by the client or service.

Ignored {{ ignoredExtraCount }} extra line(s). Enable Batch to process all.

Inputs changed after the last check. Re-run to refresh the discovery chain.

Resolver:

Choose the recursive DNS-over-HTTPS view for this run.

Compare resolvers:

Compare public resolver views for drift in the discovery chain.

NAPTR policy:

Refine how strictly the checker treats the NAPTR hop.

Timeout:

Set the per-query timeout for public DNS probes.

{{ header.label }}	Copy
No {{ tab.emptyLabel }}.
{{ row[header.key] }}

Export to PDF Fullscreen

Include query parameters

Embed:

Customize embed code

Include query parameters

Wrap embed in collapsible toggle

Collapse panel by default

Hide card frame (bare iframe)

Loading behavior

Width

Height

Aspect ratio (width : height)

Max height (optional)

Collapsible heading

Collapsible description (optional)

Allow fullscreen

Referrer policy

Sandbox tokens

SRV and NAPTR records tell clients where a service lives before a connection is opened. SIP and SIPS clients can use NAPTR to choose a transport and then follow SRV records to the final host and port. XMPP and LDAP discovery usually starts directly at SRV owner names.

Discovery problems often look like application outages even when the service itself is healthy. A missing SRV answer, unusable NAPTR replacement, CNAME at the terminal host, or disagreement between public recursive resolvers can send clients to the wrong place or make them fall back to a weaker path.

This check is useful for DNS publishing and troubleshooting. It does not test SIP registration, XMPP authentication, LDAP bind behavior, certificate identity, or firewall reachability beyond the DNS answers that describe the path.

DNS service discovery path from a service domain through NAPTR or SRV records to terminal address records

Technical Details:

An SRV record contains priority, weight, port, and target. Lower priority values are preferred; weights distribute traffic among records at the same priority. NAPTR records add an earlier routing step with order, preference, flags, service, regexp, and replacement fields.

The checker normalizes domains, service URIs, URLs, and full SRV owner names into a service domain. It then probes DNS-over-HTTPS resolvers for NAPTR, SRV, A, AAAA, and CNAME data, using the selected profile to decide whether NAPTR is preferred, ignored, or treated as required.

Service profiles and owner names used by the discovery checker
Profile	NAPTR handling	Fallback or direct SRV owners	Default port
SIP endpoint	Preferred services SIP+D2T and SIP+D2U	_sip._tcp and _sip._udp	5060
SIPS endpoint	Preferred service SIPS+D2T	_sips._tcp	5061
XMPP client	Context only	_xmpp-client._tcp	5222
XMPP server	Context only	_xmpp-server._tcp	5269
LDAP service	Context only	_ldap._tcp	389

The decision path is rule-based. Resolver failures become FAIL or WARN depending on whether enough answers remain to build the chain. Missing required NAPTR is FAIL, missing preferred NAPTR with SRV fallback is WARN, usable NAPTR is PASS, and terminal hosts with no A or AAAA answers fail endpoint readiness. CNAME at an SRV terminal host is reported as a failure because SRV targets are expected to name canonical hosts directly.

Everyday Use & Decision Guide:

Start with the service domain or URI that a client would use, then pick the Service profile. For SIP, a URI such as sip:alice@example.com is normalized to example.com. If you paste a full owner such as _sip._tcp.example.com, the owner prefix is removed before the discovery workflow runs.

Leave Resolver on Auto for a general check. Pick Cloudflare, Google Public DNS, or Quad9 when you need one recursive view. Turn on Compare resolvers when a recent DNS change may be cached differently or when users in different networks report different behavior.

Use Profile default for normal behavior.
Use Require usable NAPTR when a SIP or SIPS deployment must publish a NAPTR route.
Use Ignore NAPTR and test SRV only when isolating fallback behavior.
Increase Timeout only when local network conditions make public resolver checks flaky.

PASS does not prove the service accepts connections. It means the published discovery chain has usable DNS answers under the selected profile and resolver lens.

Step-by-Step Guide:

Enter Domain / URI / SRV owner. If the field reports invalid input, remove extra text or paste only the primary service name.
Select Service profile so the checker knows whether to look for SIP, SIPS, XMPP client, XMPP server, or LDAP records.
Open Advanced to choose Resolver, Compare resolvers, NAPTR policy, and Timeout.
Run the check and read Discovery Ledger for the overall PASS, WARN, or FAIL path.
Open NAPTR Routes, Service Targets, Endpoint Addresses, Fallback Posture, and Resolver Drift to locate the exact record that changed the status.

Interpreting Results:

Discovery Ledger is the summary of record health. NAPTR Routes explains whether records were followed, ignored, unusable, or absent. Service Targets shows SRV priority, weight, port, and target readiness. Endpoint Addresses confirms the terminal host has visible A or AAAA answers.

Do not treat Resolver Drift as an authoritative global DNS view. It compares the selected public resolvers only. If drift appears, check authoritative DNS, TTLs, DNSSEC, split-horizon policy, and local recursive resolver behavior before changing application configuration.

Worked Examples:

For sip:alice@example.com with the SIP endpoint profile, usable SIP+D2T or SIP+D2U NAPTR records produce a NAPTR guided path. If no usable NAPTR exists but _sip._tcp.example.com has SRV records, the summary can warn with SRV fallback rather than fail.

For conference.example.com with the XMPP client profile, the check goes to _xmpp-client._tcp.conference.example.com. NAPTR rows may appear as context, but the practical service target comes from SRV.

If Endpoint Addresses shows FAIL because the target has CNAME data, fix the SRV target to point at the canonical host name or publish direct address records for the terminal host, depending on the service design.

FAQ:

Why does the checker remove _sip._tcp from my input?

The workflow needs the service domain so it can construct the profile's NAPTR and SRV lookups consistently. Full owner names are accepted as a convenience and normalized before the run.

What does SRV fallback mean?

The selected profile preferred NAPTR, but no usable matching NAPTR route was followed. The checker then queried the direct SRV owner names for that profile.

Does this send my domain to public resolvers?

Yes. The check performs DNS-over-HTTPS queries against the selected public resolver endpoints, and optionally compares Cloudflare and Google Public DNS.

Why did a timeout become a warning instead of a failure?

If some terminal lookups fail but other address answers are visible, the endpoint can be marked WARN. Complete resolver or endpoint lookup failure becomes FAIL.

Glossary:

NAPTR: A DNS record type used by some protocols to choose a service and transport before SRV lookup.
SRV: A DNS record type that gives a service target host, port, priority, and weight.
Terminal host: The final host name from an SRV or NAPTR path that should resolve to address records.