TZO Helpdesk

[ Register ] [ Submit Request ] [ Track Request ]
[ TZO Knowledge Base ] [ TZO Control Panel ]

HELP DESK: KNOWLEDGE BASE

View Entry


Subject	OMR and SAF: Whitelisting TZO.COM IP addresses so you can blacklist most other IP addresses
Author	Scott Prive


Whitelisting TZO.COM IP addresses When operating any type of network, if the security policies you use are restrictive you may need to whitelist the TZO IP addresses. Example configurations which require whitelisting include: Any firewall which 'blocks non-web traffic by default' (Microsoft IIS, other firewalls) Anti-spam appliances and SMTP firewalls AMailserver based anti-spam and spam-reporting software Older (and less secure) mailservers you run, which you want to 'hide' from direct Internet traffic (funneling inbound and outbound traffic through SAF and OMR) Obtaining a list of TZO.COM IP addresses TZO is growing and adding geographic redundancy to our networks (5 datacenters as of this technote). Therefore it makes sense to document how you can retrieve the TZO IP address range, which is stored in a DNS TXT record for 'systems.tzo.com'. An example using 'nslookup' follows; do not type the 'quotes' just what is within them. Open a Command Prompt or system shell. ( In Windows, this is done using START-->RUN then type 'cmd.exe'< [press Enter] ) In the command prompt, type 'nslookup' [press Enter]. Type 'set type=txt' [press Enter] (This sets the DNS record type to 'text', which is a custom/documentation record type we use.) 'server ns.tzo.com' ( For this nslookup session only, makes nslookup perform DNS queries directly at the TZO nameservers. ) 'systems.tzo.com' [press Enter] These are the results -- the address space of TZO. In the middle of the TXT record output, you should see a paragraph titled 'Answer'. The paragraph contains a commment that confirms 'this is the TZO IP address space', followed by the actual TZO IP address space. Notes about Addresses Note that these values are 'IP blocks with a netmask` (as there are too many individual IP addresses to list). The purpose of listing ALL TZO IP addresses (and using them in your whitelist) is to 'future-proof' your configuration if TZO brings online additional backup servers, or simply swap server IP addresses). If unsure how to enter IP blocks with a netmask (or range) into your firewall or server application, please consult your firewall or server support/documentation. These settings are fundamental to any whitelist or firewall, however TZO Support is not likely to know exactly where you input these in your hardware and software applications.

Copyright 1998-2008, Tzolkin Corporation. All rights reserved.