Check DNS SRV records for XMPP

Client records for

XMPP clients will use these when logging in.

TargetPortPriorityWeightNotes 5222 10 0 5223 10 0
This is a Direct TLS port.1

1. The standard method for TLS encryption of XMPP connections is for the connection to begin in plaintext and then switch to TLS via a STARTTLS negotiation. This is described in section 5 of RFC 6120. However, some XMPP servers support an alternative method: Clients connect to an alternative port and do TLS negotiation immediately. This is referred to as "Direct TLS." It's incompatible with the STARTTLS approach so a different port must be used (ages ago it may have been common to use 5223 for client connections and 5270 for server connections). XEP-0368 describes the DNS SRV records for Direct TLS ports and how clients should decide which record to use (also see sections 4 and 6 for some advantages of Direct TLS). This is all totally fine—we just wanted to point it out and share some info.

Server records for

Other XMPP servers will use these when peering with this domain.

TargetPortPriorityWeight 5269 10 0


XMPP clients can determine what host and port to connect to by looking up DNS SRV records. These records are described in section 3.2.1 of the XMPP Core RFC and in XEP-0368. It can be tricky to configure these records. Use this page as a tool to check that your DNS SRV records are correct.

You can also fetch these records yourself with any of the following commands. Change to your domain. Change client to server to look up the port that servers should connect to. Change xmpp to xmpps to look up the port for direct TLS aka XMPP over SSL or XMPP over TLS.

Linux, macOS> host -t SRV
Linux, macOS> dig SRV
Linux, macOS, Windows> nslookup -querytype=SRV

This Page
Created by Mark Doliner
Source available on GitHub

Other Resources
Prosody IM's DNS configuration info
IM Observatory - Can perform various tests of an XMPP server.