Dynatrace will update internal communication endpoints after June 30, 2021.
The domain used for internal communication by ActiveGates and OneAgents that send data to Dynatrace SaaS will be changed from
Who does this affect?
In a typical scenario, this change will be completely transparent and no manual action is required.
- The addresses are used only internally by ActiveGates and OneAgents
- The change will happen automatically
- There will be no changes to underlying IP addresses
This change might affect Dynatrace SaaS customers if one of the following is true:
- Domain allowlisting is enabled on outbound proxy
- AWS PrivateLink is used to connect OneAgents to Dynatrace
You use allowlisting on outbound proxies or AWS PrivateLink
If you use domain allowlisting on outbound proxies, or AWS PrivateLink to connect your OneAgents to Dynatrace:
- Action may be required by June 30, 2021 at the latest
- Share the information below with the customer.
This information is also available here: Connect to Dynatrace using AWS PrivateLink
You proxy or firewall outbound traffic
If you use domain allowlisting on your proxy, adjust your configuration.
If you limit your outbound traffic on your proxy or firewall to only allowlisted domains, most likely you have rules that would permit connections to:
- Addresses matching
- Specific domain names. Example:
- The address of your Dynatrace environment. Example:
If you have such rules in place, make sure to also permit domains with the suffix
What happens if I don’t update my allowlisting rules to permit live.dynatrace.com?
Starting June 30, 2021, OneAgents and ActiveGates will no longer be able to connect to the Dynatrace direct public endpoints. They will switch to your environment domain (
<environment_id>.live.dynatrace.com) as a fallback. They will still periodically test the connectivity to more direct endpoints, which may result in error entries in log files of OneAgent, ActiveGate, and possibly your proxy server.
In the unlikely event that your
<environment_id>.live.dynatrace.com domain is blocked as well, you may be completely disconnected from Dynatrace service until your proxy configuration is corrected.
For the operation of Dynatrace, there must be connectivity to at least the environment domain. Many Dynatrace services rely on connectivity to the environment domain.
When should I update my allowlisting rules to also permit
You should update your allowlisting rules at the soonest. You don’t have to wait for the switch to happen. Make sure you still leave
live.ruxit.com allowlisting until June 30, 2021.
What should I do if I connect with AWS PrivateLink?
Adjust your configuration. If you use AWS PrivateLink to connect your OneAgent traffic to Dynatrace, you most likely have a DNS override for
Make sure you also have a domain override for your environment domain:
For details on how to configure the override, see Connect to Dynatrace using AWS PrivateLink.
What happens if I don’t update my AWS PrivateLink configuration?
Starting with June 30, 2021, the OneAgents would stop using PrivateLink due to the domain change. The OneAgent may be able to connect via the internet to Dynatrace, but woud not use PrivateLink. Depending on your network configuration, this could also result in the OneAgent not being able to communicate with Dynatrace at all.
Adding the required DNS override will allow OneAgents to report to Dynatrace via PrivateLink.
When should I update my AWS PrivateLink configuration?
You can update your PrivateLink configuration at the soonest. You don’t have to wait for the switch to happen. Make sure to leave
live.ruxit.com override until June 30, 2021.
What if I am still not sure if I need to take action?
Verify the connection. If you are uncertain whether this change could affect you, you can test the connectivity from your hosts currently connecting to Dynatrace.
Verify connectivity for your environment domain:
curl -Is https://<environment_id>.live.dynatrace.com/communication
You should get a response similar to this:
HTTP/1.1 204 No Content
If this domain is not reachable for any of your environments, please adjust your proxy configuration.
Do you have further questions?
Please contact a Dynatrace ONE product specialist by selecting the chat button in the upper-right corner of the Dynatrace menu bar or email us at DynatraceONE.