Skip to main content
Avalara Help Center

Avalara DNS Industry Standards for Whitelisting

If you connect to Avalara services with a static IP address and/or by whitelisting of our IPs, this information pertains to you.


On June 30, 2018, Avalara employed industry standards for DNS-based resolution to our service. Most of our customers already follow current industry standards and your network administrator can review your specific network configuration and security policy settings and decide if your company needs to make any adjustments. Your administrator can also tell you how this may impact your company’s network configuration.


DNS and IP address information

  1. If your company’s security practice requires locking down outbound/inbound traffic, use these URLs to resolve any issues:

  2. Determine whether your company has coded a static IP address (either into your host files and/or in the URL or your connector) into API calls made to Avalara. Review the logs of calls to Avalara.
    • Verify that your company isn’t using a host file, or remove any entry in your host files referring to Avalara services.
    • If the logs show // (or one of the URLs listed above), everything’s properly configured. You don’t need to do anything else. If the logs show a numeric IP address (such as, your network administrator needs to make a change. Follow these instructions.

Why does Avalara enforce industry standards for DNS?

It is critical that your company use one of the URLs listed above instead a static IP address when connecting to the Avalara service.

Here’s why: Our web service uses the standard SSL (secure socket layer) on port 443 for our URLs. Each URL is translated into a dynamic IP address by a Domain Name System (DNS) behind the scenes. Avalara sometimes needs to change the IP address associated with the URL without notice to load-balance our services across multiple data centers and Internet Service Providers. Load-balancing ensures uninterrupted access to AvaTax. Transactions destined for an outdated or static IP address (from a hosts file, for example) will fail and are not protected by your service level agreement with Avalara.

Time to live (TTL) settings

  1. Client adapters must respect the Time To Live (TTL) setting associated with the DNS record (normally 60 seconds).
  2. Any adapter, environment variable, or configuration that “caches” the IP address longer than the TTL interval isn’t following best practices for accessing internet-based SaaS products.

Clients deploying security enforced firewall rules

If your company deploys a security practice that requires locking down outbound/inbound traffic, use the DNS URL names listed above to resolve any issues.

  • Was this article helpful?