Reverse_proxy dynamic srv ignores A record

ffxx · May 28, 2026, 9:51am

1. The problem I’m having:

Im trying to make Caddy work as a reverse_proxy with dynamic srv.
Caddy is able to make the SRV Request and gets the right port but ignores the additional A Record for the IP.

2. Error messages and/or full log output:

this is the dig output i get from my coredns.

as you can see it returns an SRV record and an additional A record.

dig @127.0.0.1 -p 1053 beszel1.default.service.nomad SRV

; <<>> DiG 9.18.39-0ubuntu0.24.04.5-Ubuntu <<>> @127.0.0.1 -p 1053 beszel1.default.service.nomad SRV
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27092
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: e43fdf8f3ec99f91 (echoed)
;; QUESTION SECTION:
;beszel1.default.service.nomad. IN      SRV

;; ANSWER SECTION:
beszel1.default.service.nomad. 10 IN    SRV     10 10 25697 beszel1.default.service.nomad.

;; ADDITIONAL SECTION:
beszel1.default.service.nomad. 10 IN    A       127.0.0.1

;; Query time: 8 msec
;; SERVER: 127.0.0.1#1053(127.0.0.1) (UDP)
;; WHEN: Thu May 28 11:52:34 CEST 2026
;; MSG SIZE  rcvd: 19

Full Caddy Log:

2026/05/28 09:56:41.249 INFO    maxprocs: Leaving GOMAXPROCS=16: CPU quota undefined
2026/05/28 09:56:41.249 INFO    GOMEMLIMIT is updated   {"GOMEMLIMIT": 14327879270, "previous": 9223372036854775807}
2026/05/28 09:56:41.249 INFO    using adjacent Caddyfile
2026/05/28 09:56:41.249 INFO    adapted config to JSON  {"adapter": "caddyfile"}
2026/05/28 09:56:41.249 WARN    Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies    {"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2026/05/28 09:56:41.264 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//127.0.0.1:2019", "//localhost:2019", "//[::1]:2019"]}
2026/05/28 09:56:41.264 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0x1ac8290f8280"}
2026/05/28 09:56:41.264 DEBUG   http.auto_https adjusted config {"tls": {"automation":{"policies":[{}]}}, "http": {"servers":{"srv0":{"listen":[":8080"],"routes":[{"handle":[{"dynamic_upstreams":{"name":"beszel1.default.service.nomad","resolver":{"addresses":["127.0.0.1:1053"]},"source":"srv"},"handler":"reverse_proxy"}]}],"automatic_https":{}}}}}
2026/05/28 09:56:41.264 DEBUG   http    starting server loop    {"address": "[::]:8080", "tls": false, "http3": false}
2026/05/28 09:56:41.264 WARN    http    HTTP/2 skipped because it requires TLS  {"network": "tcp", "addr": ":8080"}
2026/05/28 09:56:41.264 WARN    http    HTTP/3 skipped because it requires TLS  {"network": "tcp", "addr": ":8080"}
2026/05/28 09:56:41.264 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2026/05/28 09:56:41.264 DEBUG   events  event   {"name": "started", "id": "a6c6e35b-696e-4d3c-8ffa-7b5b27078c55", "origin": "", "data": null}
2026/05/28 09:56:41.266 INFO    autosaved config (load with --resume flag)      {"file": "C:\\Users\\XaverFischer\\AppData\\Roaming\\Caddy\\autosave.json"}
2026/05/28 09:56:41.266 INFO    serving initial configuration
2026/05/28 09:56:41.266 INFO    tls     storage cleaning happened too recently; skipping for now        {"storage": "FileStorage:C:\\Users\\XaverFischer\\AppData\\Roaming\\Caddy", "instance": "62b6be9f-1ab6-4657-a27d-2cd3f8706813", "try_again": "2026/05/29 09:56:41.266", "try_again_in": 86400}
2026/05/28 09:56:41.266 INFO    tls     finished cleaning storage units
2026/05/28 09:56:44.238 DEBUG   http.reverse_proxy.upstreams.srv        refreshing SRV upstreams        {"service": "", "proto": "", "name": "beszel1.default.service.nomad"}
2026/05/28 09:56:44.242 DEBUG   http.reverse_proxy.upstreams.srv        discovered SRV record   {"target": "beszel1.default.service.nomad.", "port": 25697, "priority": 10, "weight": 10}
2026/05/28 09:56:44.242 DEBUG   http.handlers.reverse_proxy     provisioned dynamic upstreams   {"count": 1}
2026/05/28 09:56:44.242 DEBUG   http.handlers.reverse_proxy     selected upstream       {"dial": "beszel1.default.service.nomad.:25697", "total_upstreams": 1}
2026/05/28 09:56:44.277 DEBUG   http.handlers.reverse_proxy     upstream roundtrip      {"upstream": "beszel1.default.service.nomad.:25697", "duration": 0.0345862, "request": {"remote_ip": "127.0.0.1", "remote_port": "58677", "client_ip": "127.0.0.1", "proto": "HTTP/1.1", "method": "GET", "host": "localhost:8080", "uri": "/", "headers": {"Accept-Language": ["de,en;q=0.9,en-US;q=0.8"], "X-Forwarded-For": ["127.0.0.1"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], "Via": ["1.1 Caddy"], "X-Forwarded-Host": ["localhost:8080"], "Sec-Fetch-Dest": ["document"], "Priority": ["u=0, i"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:151.0) Gecko/20100101 Firefox/151.0"], "Sec-Fetch-Mode": ["navigate"], "Cookie": ["REDACTED"], "Upgrade-Insecure-Requests": ["1"], "Sec-Fetch-Site": ["none"], "Accept-Encoding": ["gzip, deflate, br, zstd"], "Sec-Fetch-User": ["?1"], "X-Forwarded-Proto": ["http"]}}, "error": "dial tcp: lookup beszel1.default.service.nomad.: no such host"}
2026/05/28 09:56:44.277 ERROR   http.log.error  dial tcp: lookup beszel1.default.service.nomad.: no such host   {"request": {"remote_ip": "127.0.0.1", "remote_port": "58677", "client_ip": "127.0.0.1", "proto": "HTTP/1.1", "method": "GET", "host": "localhost:8080", "uri": "/", "headers": {"Accept-Language": ["de,en;q=0.9,en-US;q=0.8"], "Connection": ["keep-alive"], "Sec-Fetch-Mode": ["navigate"], "Upgrade-Insecure-Requests": ["1"], "Sec-Fetch-Site": ["none"], "Accept-Encoding": ["gzip, deflate, br, zstd"], "Cookie": ["REDACTED"], "Sec-Fetch-Dest": ["document"], "Sec-Fetch-User": ["?1"], "Priority": ["u=0, i"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:151.0) Gecko/20100101 Firefox/151.0"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"]}}, "duration": 0.0390412, "status": 502, "err_id": "jhqvsf3ed", "err_trace": "reverseproxy.statusError (reverseproxy.go:1525)"}

As you can see the problem is here:

2026/05/28 09:56:44.238 DEBUG   http.reverse_proxy.upstreams.srv        refreshing SRV upstreams        {"service": "", "proto": "", "name": "beszel1.default.service.nomad"}
2026/05/28 09:56:44.242 DEBUG   http.reverse_proxy.upstreams.srv        discovered SRV record   {"target": "beszel1.default.service.nomad.", "port": 25697, "priority": 10, "weight": 10}

caddy is able to do the SRV request and gets the correct port. the problem is that it ignores the A record for the IP.

It should try to connect to 127.0.0.1 instead it tries to use the dns name.

3. Caddy version:

v2.11.2 h1:iOlpsSiSKqEW+SIXrcZsZ/NO74SzB/ycqqvAIEfIm64=

4. How I installed and ran Caddy:

standard caddy binary no extra plugins.

a. System environment:

windows 11 amd64

b. Command:

caddy run

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

{
    debug
}

:8080 {
    reverse_proxy {
        dynamic srv {
            name beszel1.default.service.nomad 
            resolvers 127.0.0.1:1053
        }
    }
}

5. Links to relevant resources:

francislavoie · May 29, 2026, 6:18am

Well, Caddy isn’t able to resolve your host to an IP, because it’s using the default system reoslvers to try to do so.

I think you need to also configure resolvers also inside of transport http. There’s resolver config for SRV (which is to do the SRV lookup itself) and resolver config for the transport (which is to do the actual HTTP connection upstream, including resolving the name to an A record).

Add this in your reverse_proxy config:

transport http {
    resolvers 127.0.0.1:1053
}

ffxx · June 1, 2026, 6:28am

Thank you that worked straight away!