Skip to content

How Connect uses DNS

CyberHive Connect creates DNS A records for each approved Endpoint by mapping the record to the Endpoint's TAN address.

An Endpoint's DNS record can be used by other peers instead of the TAN address.

The benefits of using DNS are that it is easier to read and more memorable than an IP address.

How to use DNS with Connect

For guidance on how to use DNS with Connect, see our how-to guide.

Disabling DNS

If you require an environment without automatic DNS record creation, please contact us to see how we can support this.

Endpoint approval

When an Endpoint is approved, a DNS A record is created for it. The record structure will look like:

endpoint-hostname.organisation-code.dns.zone.com.

Top-level zone

The top-level zone (dns.zone.com above) can be customised per-environment, but not per-Organisation. Please contact us if you require a custom zone name.

For example, assuming a top-level zone of dns.earth.com, an Endpoint called File-Server in an Organisation with a code of Acme-corp would have a DNS record of:

file-server.acme-corp.dns.earth.com.

Note that the Endpoint hostname and Organisation code are both converted to lower case.

Hostnames

Endpoint hostnames can contain only letters, numbers, and hyphens and must be 63 characters or less in length. Valid hostnames look like desktop-pc, DESKTOP-PC, or DesktopPC.

Invalid hostnames look like desktop_pc, DESKTOP PC, desktop--pc, or -DesktopPC.

Hostnames are also case-insensitive unique within an Organisation. For example, desktop-pc, Desktop-PC, and DESKTOP-PC are identical in Connect.

The same rules apply for Organisation codes, except the maximum length is 30 characters.

Changing an Organisation's code

If an Organisation's code is changed after Endpoints have been approved, the DNS records of those Endpoints will contain the old code whereas newly-enrolled (or newly-approved) Endpoints will use the new code.

This should not affect DNS functionality. However, such differences between DNS records may cause confusion for users and administrators.

Endpoint unapproval

When an Endpoint is unapproved, its DNS record is left in-tact in case the Endpoint is re-approved in the future.

However, unapproved Endpoints cannot communicate with other Endpoints, neither via TAN address nor via DNS.

Endpoint deletion

When an Endpoint is deleted, its DNS record is also deleted from Connect and from the remote DNS registry.