diff --git a/conf/nginx-primaryonly.conf b/conf/nginx-primaryonly.conf
index bde1c641..6d65291d 100644
--- a/conf/nginx-primaryonly.conf
+++ b/conf/nginx-primaryonly.conf
@@ -63,16 +63,24 @@
 		internal;
 		alias /;
 	}
-	location ~ ^/((caldav|carddav|webdav).*)$ {
+	location ~ ^/(dav|caldav|carddav)(.*)$ {
 		# Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either.
 		# Properly proxying like this seems to work fine.
-		proxy_pass https://127.0.0.1/cloud/remote.php/$1;
+		proxy_pass https://127.0.0.1/cloud/remote.php/dav$2;
+	}
+	location ~ ^/(webdav)(.*)$ {
+		# Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either.
+		# Properly proxying like this seems to work fine.
+		proxy_pass https://127.0.0.1/cloud/remote.php/webdav$2;
 	}
 	rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last;
 	rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last;
-	rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect;
-	rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;
-        rewrite ^/.well-known/webfinger /cloud/index.php/.well-known/webfinger redirect;
-        rewrite ^/.well-known/nodeinfo /cloud/index.php/.well-known/nodeinfo redirect;
+
+	# https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html#nginx
+	rewrite ^/.well-known/carddav /cloud/remote.php/dav/ redirect;
+	rewrite ^/.well-known/caldav /cloud/remote.php/dav/ redirect;
+
+	rewrite ^/.well-known/webfinger /cloud/index.php/.well-known/webfinger redirect;
+	rewrite ^/.well-known/nodeinfo /cloud/index.php/.well-known/nodeinfo redirect;
 
 	# ADDITIONAL DIRECTIVES HERE
diff --git a/management/dns_update.py b/management/dns_update.py
index 45ea94fa..ec266a9c 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -301,6 +301,7 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True)
 			records.append(("_dmarc", "TXT", 'v=DMARC1; p=quarantine', "Recommended. Specifies that mail that does not originate from the box but claims to be from @%s or which does not have a valid DKIM signature is suspect and should be quarantined by the recipient's mail system." % domain))
 
 	if domain_properties[domain]["user"]:
+		# https://sabre.io/dav/service-discovery/
 		# Add CardDAV/CalDAV SRV records on the non-primary hostname that points to the primary hostname
 		# for autoconfiguration of mail clients (so only domains hosting user accounts need it).
 		# The SRV record format is priority (0, whatever), weight (0, whatever), port, service provider hostname (w/ trailing dot).
@@ -309,6 +310,8 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True)
 				qname = "_" + dav + "davs._tcp"
 				if not has_rec(qname, "SRV"):
 					records.append((qname, "SRV", "0 0 443 " + env["PRIMARY_HOSTNAME"] + ".", "Recommended. Specifies the hostname of the server that handles CardDAV/CalDAV services for email addresses on this domain."))
+				if not has_rec(qname, "TXT"):
+					records.append((qname, "TXT", "path=/cloud/remote.php/dav", "Recommended. Specifies the path to the CardDAV/CalDAV services for email addresses on this domain."))
 
 	# If this is a domain name that there are email addresses configured for, i.e. "something@"
 	# this domain name, then the domain name is a MTA-STS (https://tools.ietf.org/html/rfc8461)