diff --git a/CHANGELOG.md b/CHANGELOG.md
index c6ef3e84..b1690853 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,7 @@ and this project adheres to
 
 ### Fixed
 
+- Incorrectly invalidated service domains ([#4120]).
 - Poor testing of domain-specific upstream servers ([#4074]).
 - Omitted aliases of hosts specified by another line within the OS's hosts file
   ([#4079]).
@@ -40,6 +41,7 @@ and this project adheres to
 [#3057]: https://github.com/AdguardTeam/AdGuardHome/issues/3057
 [#4074]: https://github.com/AdguardTeam/AdGuardHome/issues/4074
 [#4079]: https://github.com/AdguardTeam/AdGuardHome/issues/4079
+[#4120]: https://github.com/AdguardTeam/AdGuardHome/issues/4120
 
 
 
diff --git a/go.mod b/go.mod
index 1114d4b0..5a7e0bb1 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.16
 
 require (
 	github.com/AdguardTeam/dnsproxy v0.40.6-0.20220121135315-cfe909a98cf0
-	github.com/AdguardTeam/golibs v0.10.3
+	github.com/AdguardTeam/golibs v0.10.4
 	github.com/AdguardTeam/urlfilter v0.15.1
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.2.3
diff --git a/go.sum b/go.sum
index 6b3a486f..36fbb5f1 100644
--- a/go.sum
+++ b/go.sum
@@ -12,8 +12,9 @@ github.com/AdguardTeam/dnsproxy v0.40.6-0.20220121135315-cfe909a98cf0/go.mod h1:
 github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.9.2/go.mod h1:fCAMwPBJ8S7YMYbTWvYS+eeTLblP5E04IDtNAo7y7IY=
-github.com/AdguardTeam/golibs v0.10.3 h1:FBgk17zf35ESVWQKIqEUiqqB2bDaCBC8X5vMU760yB4=
 github.com/AdguardTeam/golibs v0.10.3/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
+github.com/AdguardTeam/golibs v0.10.4 h1:TMBkablZC0IZOpRgg9fzAKlxxNhSN2YJq7qbgtuZ7PQ=
+github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
 github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU=
 github.com/AdguardTeam/urlfilter v0.15.1 h1:dP6S7J6eFAk8MN4IDpUq2fZoBo8K8fmc6pXpxNIv84M=
 github.com/AdguardTeam/urlfilter v0.15.1/go.mod h1:EwXwrYhowP7bedqmOrmKKmQtpBYFyDNEBFQ+lxdUgQU=
diff --git a/internal/dnsforward/dns.go b/internal/dnsforward/dns.go
index 5c3db14f..d9e04b80 100644
--- a/internal/dnsforward/dns.go
+++ b/internal/dnsforward/dns.go
@@ -352,9 +352,22 @@ func (s *Server) processRestrictLocal(ctx *dnsContext) (rc resultCode) {
 
 	ip, err := netutil.IPFromReversedAddr(q.Name)
 	if err != nil {
-		log.Debug("dns: reversed addr: %s", err)
+		log.Debug("dns: parsing reversed addr: %s", err)
 
-		return resultCodeError
+		// DNS-Based Service Discovery uses PTR records having not an ARPA
+		// format of the domain name in question.  Those shouldn't be
+		// invalidated.  See http://www.dns-sd.org/ServerStaticSetup.html and
+		// RFC 2782.
+		name := strings.TrimSuffix(q.Name, ".")
+		if err = netutil.ValidateSRVDomainName(name); err != nil {
+			log.Debug("dns: validating service domain: %s", err)
+
+			return resultCodeError
+		}
+
+		log.Debug("dns: request is for a service domain")
+
+		return resultCodeSuccess
 	}
 
 	// Restrict an access to local addresses for external clients.  We also