Check DNS SRV records for XMPP
Client records for member.fsf.org
XMPP clients will use these when logging in.
| Target | Port | Priority | Weight | Notes |
|---|---|---|---|---|
| jabber.member.fsf.org | 5222 | 0 | 0 | |
| jabber.member.fsf.org | 5223 | 0 | 0 |
This is a Direct TLS port.1
|
Footnotes
1. The standard method for TLS encryption of XMPP connections is for the connection to begin in plaintext and then switch to TLS via a STARTTLS negotiation. This is described in section 5 of RFC 6120. However, some XMPP servers support an alternative method: Clients connect to an alternative port and do TLS negotiation immediately. This is referred to as "Direct TLS." It's incompatible with the STARTTLS approach so a different port must be used (ages ago it may have been common to use 5223 for client connections and 5270 for server connections). XEP-0368 describes the DNS SRV records for Direct TLS ports and how clients should decide which record to use (also see sections 4 and 6 for some advantages of Direct TLS). This is all totally fine—we just wanted to point it out and share some info.
Server records for member.fsf.org
Other XMPP servers will use these when peering with this domain.
| Target | Port | Priority | Weight | Notes |
|---|---|---|---|---|
| jabber.member.fsf.org | 5269 | 0 | 0 |
ERROR:This host+port is also advertised as a Direct TLS record for servers.1
|
| jabber.member.fsf.org | 5269 | 0 | 0 |
This is a Direct TLS port.2
ERROR:This host+port is also advertised as a STARTTLS record for servers.1
|
Footnotes
1. The STARTTLS method and the Direct TLS method are not compatible with each other. It is not possible for a single hostname+port to be used for both. One of them should be changed or removed.
2. The standard method for TLS encryption of XMPP connections is for the connection to begin in plaintext and then switch to TLS via a STARTTLS negotiation. This is described in section 5 of RFC 6120. However, some XMPP servers support an alternative method: Clients connect to an alternative port and do TLS negotiation immediately. This is referred to as "Direct TLS." It's incompatible with the STARTTLS approach so a different port must be used (ages ago it may have been common to use 5223 for client connections and 5270 for server connections). XEP-0368 describes the DNS SRV records for Direct TLS ports and how clients should decide which record to use (also see sections 4 and 6 for some advantages of Direct TLS). This is all totally fine—we just wanted to point it out and share some info.
About
XMPP clients can determine what host and port to connect to by looking up DNS SRV records. These records are described in section 3.2.1 of the XMPP Core RFC and in XEP-0368. It can be tricky to configure these records. Use this page as a tool to check that your DNS SRV records are correct.
You can also fetch these records yourself with any of the following
commands. Change example.com to your domain. Change
client to server to look up the port that
servers should connect to. Change xmpp to
xmpps to look up the port for direct TLS aka XMPP over
SSL or XMPP over TLS.
Linux, macOS> host -t SRV _xmpp-client._tcp.example.com
Linux, macOS> dig _xmpp-client._tcp.example.com SRV
Linux, macOS, Windows> nslookup -querytype=SRV _xmpp-client._tcp.example.com
This Page
Created by Mark Doliner
Source available on GitHub
Other Resources
Prosody IM's DNS configuration info
IM Observatory - Can perform various tests of an XMPP server.