diff --git a/management/dns_update.py b/management/dns_update.py
index 96d503e1..a3cdaeaa 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -17,6 +17,7 @@ import sys, os, os.path, urllib.parse, datetime, re, hashlib, base64
 import ipaddress
 import rtyaml
 import dns.resolver
+import hooks
 
 from utils import shell, load_env_vars_from_file, safe_domain_name, sort_domains
 from ssl_certificates import get_ssl_certificates, check_certificate
@@ -390,6 +391,12 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True)
 	# Sort the records. The None records *must* go first in the nsd zone file. Otherwise it doesn't matter.
 	records.sort(key = lambda rec : list(reversed(rec[0].split(".")) if rec[0] is not None else ""))
 
+	# execute hooks
+	hooks.exec_hooks('dns_update', {
+		'op':'build_zone_end',
+		'records':records
+	})
+
 	return records
 
 def is_domain_cert_signed_and_valid(domain, env):
diff --git a/setup/mods.available/hooks/remote-nextcloud-mgmt-hooks.py b/setup/mods.available/hooks/remote-nextcloud-mgmt-hooks.py
index 7e7fdfd1..51d4a0de 100644
--- a/setup/mods.available/hooks/remote-nextcloud-mgmt-hooks.py
+++ b/setup/mods.available/hooks/remote-nextcloud-mgmt-hooks.py
@@ -27,30 +27,59 @@ log = logging.getLogger(__name__)
 
 
 def do_hook(hook_name, hook_data, mods_env):
-    if hook_name != 'web_update':
-        # we only care about hooking web_update
-        log.debug('hook - ignoring hook %s', hook_name)
-        return False
-    
-    if hook_data['op'] != 'pre-save':
-        log.debug('hook - ignoring hook op %s:%s', hook_name, hook_data['op'])
-        return False
-
     if 'NC_HOST' not in mods_env or mods_env['NC_HOST'].strip() == '':
         # not configured for a remote nextcloud
         log.debug('hook - not configured for a remote nextcloud')
         return False
-    
-    # get the remote nextcloud url and ensure no tailing /
-    
+
+    if hook_name == 'web_update':
+        return do_hook_web_update(hook_name, hook_data, mods_env)
+
+    elif hook_name == 'dns_update':
+        return do_hook_dns_update(hook_name, hook_data, mods_env)
+
+    else:
+        log.debug('hook - ignoring hook %s', hook_name)
+        return False
+
+
+def do_hook_dns_update(hook_name, hook_data, mods_env):
+    if hook_data['op'] != 'build_zone_end':
+        log.debug('hook - ignoring hook op %s:%s', hook_name, hook_data['op'])
+        return False
+    changed = False
+    records = hook_data['records']
+    for idx in range(len(records)):
+        # record format (name, record-type, record-value, "help-text" or False)
+        record = records[idx]
+        rname = record[0]
+        rtype = record[1]
+        if rtype=='SRV' and rname in ('_caldavs._tcp', '_carddavs._tcp'):
+            newrec = list(record)
+            newrec[2] = '10 10 443 %s.' % mods_env['NC_HOST']
+            records[idx] = tuple(newrec)
+            changed = True
+    return changed
+
+
+def get_nc_url(mods_env):
+    # return the remote nextcloud url - ensures no tailing /
     nc_url = "%s://%s:%s%s" % (
         mods_env['NC_PROTO'],
         mods_env['NC_HOST'],
         mods_env['NC_PORT'],
         mods_env['NC_PREFIX'][0:-1] if mods_env['NC_PREFIX'].endswith('/') else mods_env['NC_PREFIX']
     )
+    return nc_url
 
 
+def do_hook_web_update(hook_name, hook_data, mods_env):
+    if hook_data['op'] != 'pre-save':
+        log.debug('hook - ignoring hook op %s:%s', hook_name, hook_data['op'])
+        return False
+    
+    nc_url = get_nc_url(mods_env)
+
     # find start and end of Nextcloud configuration section
     
     str = hook_data['nginx_conf']