How do I craft the SRV BIND DNS record for custom ports?

I am using Portainer which uses port 9443 for its administration.

How do I write the SRV BIND DNS record such that it will “translate” “https://portainer.example.home:9443” to “https://admin.example.home”?

I am using SLES12 SP4’s DNS Server to help with writing the DNS records (for now, until I get the hang of it).

I have my master zone set up along with the A record:
portainer.example.home A 10.0.1.172
admin.example.home SRV 0 0 9443 portainer.example.home

But when I try nslookup admin.example.home, it should return 10.0.1.172 (which is the IP address for portainer.example.home) but instead, it says that the record can’t be found.

Your help is greatly appreciated.

Thank you.

Have you considered using an http proxy, such as nginx-proxy?

The use of such a service allows simple creation of subdomains for any new service (portainer, pihole, etc.) and and accessing the service via CNAME records in BIND.

I have read a few reddit and/or other forum-esque comments talking about nginx reverse proxy, but I haven’t found an “idiot’s” (me) way to deploy it (e.g. via turnkey linux as a LXC container template) or something along those lines.

Right now, the closest thing that I have gotten to it is by using the DNS server out of SLES12 SP4, where I am able to specify A records and SRV records (but I don’t think that the SRV records are working, to be honest), so I am using the A records with :9443 appended to the end of the local service domain name to get to the admin page, etc.

Still a little bit easier for the rest of my family to memorise a bunch of different IP addresses.

edit
When I read the IANA and BIND documentation, at least on the surface, it sounded like that since SRV records are supposed to be able to define port numbers and then you point it to a hostname or fully qualified domain name (FQDN) as the target, that I thought that you would be able to create the A record for the FQDN and then create the SRV record which points the port to the FQDN so that I would be able to “translate” “https://portainer.example.home:9443” to “https://admin.example.home”.

I don’t really know if it works that way because there aren’t a lot of great examples which shows it working the way I was thinking that it would work and from googling (a LOT lately), it also doesn’t sound like that very many network admins use SRV records, especially, given, that I have come to learn, web browsers don’t/can’t (really) handle/process SRV records. (Requires specific SRV record aware applications, with email (exchanges) being the most prominent example, but now there are the specific MX records for said email exchanges.

So, this is a part of the other reason why I haven’t really looked into something like an nginx reverse proxy.

Other people have commented about paying digital ocean ~$5/month for this service, but I assume that this is because they’re trying to get access to their systems from outside of their network, trying to find a way to get back in, whereas what I am trying to do resides exclusively on my LAN. (Nothing is opened to the outside world/internet.)

So those solutions weren’t something that I could adopt on my LAN.

It’s also an app in TrueNAS Scale. Here deployment is literally a few clicks.

Thank you!

SRV records indeed don’t work this way, they’re specific to individual services - HTTP notably is not one that’s supported.

There’s no generic solution to this because DNS operates at a different layer to the applications themselves - DNS maps hostnames to IP addresses, and applications communicate via TCP/UDP ports separately to that. SRV records (and similar) exist because the world doesn’t fit into OSI layer buckets and it’s useful to store that in DNS, but it’s kind of overloading/extending the existing system.

In HTTP, SRV isn’t supported (although it has been proposed!), and when you don’t specify a port, the default is 80 for HTTP and HTTPS. If both hostnames A to the same IP address, you will need a reverse proxy (and with HTTPS, one that understands SNI) - there’s no alternative.

One alternative to nginx-proxy is Traefik which is Docker-native - haven’t used nginx-proxy personally.

The linked nginx-proxy container provides a nice gui interface and integrates a very easy-to-use LetsEncrypt integration for HTTPS certificates that can be used across the internet or just for purely internal services.

I’m not aware of Traefik having something similar and fiddling with yml files may not fit the OPs comfort level with this tech.

Thank you both, for thinking of solutions and also taking my comfort level into consideration when proposing potential, possible solutions.

I came across “Traefik” in my searches as well, but I haven’t dive deep into at all yet.

The same goes with ngnix proxy/reverse proxy (as it would appear that many of the people who are asking about the same or similar thing, is more closely related to them wanting to be able to get access to services they host at home, but from outside of their home network) whereas what I am trying to do is entirely from within my home network (where I do not open nor expose any of the services (nor make them available) outside of my home network, so that they’ll be accessible from said outside of my home network).

I appreciate all of the input and the feedback.

(Sidebar: So I have deployed the solution to the wife and she said that trying to remember blah.example.home:# is quote “I’m never going to remember that.” (She’s not a tech savvy person.) So I’ve created a Safari bookmark on the iPhone instead, whereby if she isn’t willing to put in the effort to remember blah (and then remember anything that follows after that is “example.home” (or what it actually is, in our actual case)), then welp – there is really only so much that I can do from a “grossly unqualified sysadmin” perspective where no amount of nginx proxy/reverse proxy is going to solve the human aspect to this.)

But I do appreciate everybody’s input.

Thank you.