How Connect uses DNS¶
CyberHive Connect creates DNS A records for each approved Endpoint by mapping the record to the Endpoint's TAN address.
An Endpoint's DNS record can be used by other peers instead of the TAN address.
The benefits of using DNS are that it is easier to read and more memorable than an IP address.
How to use DNS with Connect
For guidance on how to use DNS with Connect, see our how-to guide.
Disabling DNS
If you require an environment without automatic DNS record creation, please contact us to see how we can support this.
Endpoint approval¶
When an Endpoint is approved, a DNS A record is created for it. The record structure will look like:
Top-level zone
The top-level zone (dns.zone.com
above) can be customised
per-environment, but not per-Organisation. Please contact us if you require
a custom zone name.
For example, assuming a top-level zone of dns.earth.com
, an Endpoint called
File-Server
in an Organisation with a code of Acme-corp
would have a DNS
record of:
Note that the Endpoint hostname and Organisation code are both converted to lower case.
Hostnames
Endpoint hostnames can contain only letters, numbers, and hyphens and must
be 63 characters or less in length.
Valid hostnames look like desktop-pc
, DESKTOP-PC
, or DesktopPC
.
Invalid hostnames look like desktop_pc
, DESKTOP PC
,
desktop--pc
, or -DesktopPC
.
Hostnames are also case-insensitive unique within an Organisation. For
example, desktop-pc
, Desktop-PC
, and DESKTOP-PC
are identical in
Connect.
The same rules apply for Organisation codes, except the maximum length is 30 characters.
Changing an Organisation's code
If an Organisation's code is changed after Endpoints have been approved, the DNS records of those Endpoints will contain the old code whereas newly-enrolled (or newly-approved) Endpoints will use the new code.
This should not affect DNS functionality. However, such differences between DNS records may cause confusion for users and administrators.
Endpoint unapproval¶
When an Endpoint is unapproved, its DNS record is left in-tact in case the Endpoint is re-approved in the future.
However, unapproved Endpoints cannot communicate with other Endpoints, neither via TAN address nor via DNS.
Endpoint deletion¶
When an Endpoint is deleted, its DNS record is also deleted from Connect and from the remote DNS registry.