The availability of our products and protecting the security and privacy of our customers are among our top priorities. ServiceNow are performing changes to our DNS (Domain Name Service) configuration as part of our ongoing commitment to continual improvement.
ServiceNow currently use a single DNS provider (with multiple levels of redundancy) to provide access to customer instances. We are now adding an additional DNS provider to further enhance redundancy. We are also rotating our DNSSEC keys (Domain Name System Security Extensions). This will further increase ServiceNow’s ability to defend against DNS attacks and benefits all our customers.
Changes to DNS Configuration
ServiceNow currently utilize Akamai nameservers for DNS resolution.
We use the following nameservers:
When the change is complete, we will utilize a split of two DNS providers:
During the change, we will also rotate our DNSSEC keys. This is a standard maintenance practice.
Determining if access to your instance is affected by this change
All customers utilising the ServiceNow platform will use the enhanced DNS configuration to access their instance. We don't expect any impact for customers that follow standard DNS best practices.
Who could be impacted?
ServiceNow does not anticipate this change will have any impact, however customers who use custom security mechanisms at their locations are potentially impacted. Examples include, but are not limited to: firewall policies with hardcoded Name Server rules, implementing settings that do not follow DNS RFC recommendations.
If you are unsure your network configuration might be impacted, please consult your I.T. department and network administrators.
How do I know if my organisation subscribes to standard DNS practices?
Organizational network configuration is beyond the control of ServiceNow. You should contact your I.T. department. If your I.T. department have any questions, ServiceNow support are available to help.
How do I know if my company use DNSSEC validation?
You should contact your I.T. department and ask if they use or enforce DNSSEC validation.
What to do if I lose access to the ServiceNow platform on 7,8 or 11 December?
ServiceNow does not anticipate customers that follow industry standard DNS practices will be impacted. However, if you are concerned, we recommend you consult your I.T. department to test ahead of time to avoid any potential impact.
If you are impacted on 7,8 or 11 December, you can:
- Clear your local DNS cache (contact your IT dept or ServiceNow support)
- Move your corporate DNS resolver to use publicly available DNS resolvers (For Example: 22.214.171.124 and 126.96.36.199). This should be done by your I.T. department
For further help please contact ServiceNow support quoting CHG7698859