Notakey Authenticator mobile application uses SRV (Service) DNS records to discover the authentication server automatically during user onboarding. This allows the application to dynamically locate the correct server without requiring users to manually enter server details.
What is an SRV record?
An SRV (Service) record is a DNS record used to define the location (hostname and port) of servers for specific services.
The format of an SRV record is:
_service._protocol.domain. TTL IN SRV priority weight port target
For Notakey, an example looks like this:
_notakey2._tcp.example.com. 300 IN SRV 1 10 443 ntk.example.com.
This means:
The service is _notakey2 over TCP.
The service is hosted on ntk.example.com at port 443.
Priority and weight control load balancing and failover behavior (typically only one entry is used).
How should DNS be configured?
1. Create an SRV record under your domain’s DNS configuration:
_notakey2._tcp.example.com. IN SRV 1 10 443 ntk.example.com.
2. Ensure the target hostname (ntk.example.com) also resolves correctly with an A or CNAME record.
3. The port (443) should match the port where your Notakey server is reachable (usually HTTPS).
What does the user need to enter?
Just the domain name (e.g., example.com). The Notakey app will automatically perform an SRV lookup for _notakey2._tcp.example.com to find the server.
Appliance configuration for QR code generation
Appliance generates QR codes for onboarding with application built in QR code scanner. To generate correct QR codes, SRV record domain has to be configured for Notakey Authentication server service:
# configure example.com as service discovery domain ntk cfg setc :auth_domain example.com # apply configuration ntk as restart