Sub-Sub-Domains with SRV records

Hey guys,

I have a TeamSpeak server running behind Cloudflare. It works well without any issues.
I am following the guide documented here to set up the SRV records so I can keep Cloudflare enabled.

I can get it working when following the guide. (DNS for TeamSpeak3 - #2 by sdayman)

but I wish to have my SRV record point to a sub-sub-domain instead of just a single subdomain.
I have played about using different configurations of my SRV records but can not get it working correctly.

Working Example.

Not Working Example (current config)

When looking at the client logs after connecting it looks like it is still getting the Cloudflare proxied IP and not the true IP unlike the first example with the single subdomain of just

Any help/advice would be apearated. I spent some time on this last night and could not get anything working.


What’s the actual domain and host names?

Here is my DNS setup.

I have two records this points to in my SRV record.
This is the current working option. My 2nd record which I want to point to (

However, when using a subsub-domain ( inside the SRV record this does not work and it does not let you connect.

I don’t understand why the SRV record does not work with a sub-sub-domain but will work with just a single sub-domain.

When doing an NSLOOKUP I noticed that it looks like it gets a custom value assigned.


Not Working:

As you can see from the SRV HOSTNAME value it shows differently from the top screenshot (that is working)



Try unproxying both records.

Having it unproxied allows it connect but it still doesn’t explain why having an SRV record with just a single subdomain ( works but a sub-sub-domain ( wont work.

The default Cloudflare Universal SSL only covers *.domain.tld and domain.tld - so a.b.domain.tld isn’t covered and receives SSL_ERROR_NO_CYPHER_OVERLAP or ERR_SSL_VERSION_OR_CIPHER_MISMATCH. Visiting gives this error.

I’m not too sure how this would relate to TeamSpeak, but if you’re certain that your configuration is correct and it’s caused by the subdomain being too deep, that’s the only thing that comes to mind.

@KianNH Ahhh that makes sense. Yeah, it’s defiantly not an issue with the config as they are identical.

Thanks for linking that post. That explains it a lot more. I guess I will have to go down the route of ( using hypens instead of sub-sub-domains.

I have been scratching my head for the last two days trying to make sense of it. Never thought of trying the URL in a browser.

I’ll mark your answer as the solution.
Thanks again for your help on this guys.

That is not the issue here. For starters, the certificate only applies to web requests, which obviously do not work in an SRV context. Secondly, it’s about the proxying status, so unproxying will work.