Inbound server-to-server XMPP connections fail on dialback when the calling server has a high-priority record that fails. OpenFire gives up on dialback when it fails to contact the first server in the DNS query, instead of falling back to the next record.
Example:
Domain1 has two SRV records: 0 0 5269 server1.domain1.com and 20 0 server2.domain1.com.
Openfire server at domain2 fails dialback because it only tries to verify key with server1.domain1.com instead of trying to contact server2.domain1.com.
Workaround:
Add IP of server2.domain1.com as server1.domain1.com in /etc/hosts file.