On June 30, 2018, Avalara employed industry standards for DNS-based resolution to our service. Any customer that continues to connect to Avalara services with a static IP address and/or by whitelisting of our IPs will experience service disruptions. Most of our customers already follow current industry standards, and your network administrator can review your specific network configuration and security policy settings and decide if your company needs to make any adjustments. Your administrator can also tell you how this may impact your company’s network configuration.
PROVIDE THE FOLLOWING TO YOUR NETWORK ADMINISTRATOR
DNS and IP address information
- If your company’s security practice requires locking down outbound/inbound traffic, use these URLs to resolve any issues:
- development.avalara.net (SOAP API)
- sandbox-rest.avatax.com (v2 REST API)
- restsdk.avalara.net (v1 REST API)
- avatax.avalara.net (SOAP API)
- avatax.avalara.com (v2 REST API)
- rest.avalara.net (v1 REST API)
- Determine whether your company has coded a static IP address (either into your host files and/or in the URL or your connector) into API calls made to Avalara. Review the logs of calls to Avalara.
- Verify that your company isn’t using a host file, or remove any entry in your host files referring to Avalara services.
- If the logs show https://avatax.avalara.net/ (or one of the URLs listed above), everything’s properly configured. You don’t need to do anything else. If the logs show a numeric IP address (e.g., 172.16.254.1), your network administrator needs to make a change. Follow these instructions.
Why is Avalara making this change?
It’s critical that your company use one of the URLs listed above instead of a static IP address when connecting to the Avalara service. Here’s why. Our web service uses the standard SSL (secure socket layer) on port 443 for our URLs. Each URL is translated into a dynamic IP address by a Domain Name System (DNS) behind the scenes. Avalara sometimes needs to change the IP address associated with the URL without notice to load-balance our services across multiple data centers and Internet Service Providers. Load-balancing ensures uninterrupted access to AvaTax. Transactions destined for an outdated or static IP address (from a hosts file, for example) will fail and are not protected by your service level agreement with Avalara.
Time to live (TTL) settings
- Client adapters must respect the Time To Live (TTL) setting associated with the DNS record (normally 60 seconds).
- Any adapter, environment variable, or configuration that “caches” the IP address longer than the TTL interval isn’t following best practices for accessing internet-based SaaS products.
Clients deploying security enforced firewall rules
If your company deploys a security practice that requires locking down outbound/inbound traffic, use the DNS URL names listed above to resolve any issues.