Happy Business Starts Here

Support SME

Notice from Avalara: Employ industry standards for Domain Name System (DNS)

I received the following notice from Avalara and would like to know if any action is required on my end or Zuora.

 

On June 30, 2018, Avalara will employ industry standards for Domain Name System (DNS) based resolution to our service. Any customer that continues to connect to Avalara AvaTax with a static IP address and/or by whitelisting of our IPs after this date will experience service disruptions. Most of our customers already follow current industry standards. Your network administrator can review your specific network configuration and security policy settings and decide if your company needs to make any adjustments. Your administrator can also tell you how this may impact your company’s network configuration. 
PROVIDE THE FOLLOWING TO YOUR NETWORK ADMINISTRATOR

Why is Avalara making this change?

It’s critical that your company use our specified URLs instead of a static IP address when connecting to the Avalara service. Here’s why. Our web service uses the standard secure socket layer (SSL) on port 443 for our URLs. Each URL is translated into a dynamic IP address by a DNS behind the scenes. Avalara sometimes needs to change the IP address associated with the URL without notice to load-balance our services across multiple data centers and Internet Service Providers. Load-balancing ensures uninterrupted access to AvaTax. Transactions destined for an outdated or static IP address (from a host file, for example) will fail and are not protected by your service level agreement with Avalara.

DNS and IP address information 

If your company’s security practice requires locking down outbound/inbound traffic, use these URLs to resolve any issues: 
• Sandbox 
o development.avalara.net (SOAP API) 
o sandbox-rest.avatax.com (v2 REST API) 
o restsdk.avalara.net (v1 REST API) 
• Production 
o avatax.avalara.net (SOAP API) 
o rest.avatax.com (v2 REST API) 
o rest.avalara.net (v1 REST API) 

Determine whether your company has coded a static IP address (either into your host files and/or in the URL or your connector) into API calls made to Avalara. Review the logs of calls to Avalara. 
• Verify that your company isn’t using a host file, or remove any entry in your host files referring to Avalara services. 
• If the logs show https://avatax.avalara.net/ (or one of the URLs listed above), everything is configured properly. You don’t need to do anything else. If the logs show a numeric IP address (e.g., 172.16.254.1), your network administrator needs to make a change. 
Time to Live (TTL) settings 

Client adapters must respect the TTL settings associated with the DNS record (normally 60 seconds). 

Any adapter, environment variable, or configuration that “caches” the IP address longer than the TTL interval isn’t following best practices for accessing internet-based SaaS products.

Clients deploying security enforced firewall rules 
If your company deploys a security practice that requires locking down outbound/inbound traffic, use the DNS URL names listed above to resolve any issues.

If you have questions, contact Avalara Support at support@avalara.com.

Sincerely, 
Avalara Support






If you found my answer helpful, please give me a kudo ↑
Help others find answers faster by accepting my post as a solution √

1 REPLY 1
Highlighted
Support SME

Re: Notice from Avalara: Employ industry standards for Domain Name System (DNS)

Our internal team confirmed no further action is required regarding this notification from Avalara. The changes do not impact Zuora since we access Avalara via domain name and not by IP address.






If you found my answer helpful, please give me a kudo ↑
Help others find answers faster by accepting my post as a solution √