Types of alerts
You can configure IBM® NS1 Connect® to send alerts when account usage reaches a certain limit, when certificates for single sign-on (SSO) requires updating, when certificates for URL redirects fail to automatically renew, and if there are issues with incoming zone transfers.
Alerts for account usage
To make sure that you are aware of the amount of resources that your organization uses over your billing cycle, you can create alerts to notify stakeholders or systems when your account reaches a certain percentage of your plan limit.
You can create alerts for the following resources:
- DNS records
- Incoming queries, for both Managed DNS and Managed DNS for China
- Pulsar decisions
- Filter Chain configurations
- Monitors
For each usage alert that you create, NS1 Connect sends one notification when the defined threshold is met in each billing cycle.
Alerts for SAML certificate expiration for SSO
Security Assertion Markup Language (SAML) certificates are used in SSO and the certificates expire at defined periods. To make sure that you know when certificates are about to expire or if any have expired, you can create alerts to notify stakeholders or systems of those events. In this way, you can update the certificates and prevent any of your users from being locked out of NS1 Connect.
NS1 Connect checks the status of SAML certificates daily and sends a first notification 89 days before the expiry date. If the certificate isn't updated or if any issues with the certificate persist, NS1 Connect sends notifications at the following intervals before the expiry date: 59 days, 29 days, 21 days, 14 days, 7 days, 5 days, 3 days, 2 days, 1 day, and on the day of expiry.
Alerts for URL redirects certificate expiration
NS1 Connect uses Secure Sockets Layer/Transfer Layer Security (SSL/TLS) certificates for URL redirects to secure connections in HTTPS URL redirects. To make sure that NS1 Connect can issue certificates before they expire, you can create alerts to notify stakeholders or systems when the certificates are about to expire. In this way, you can take any action to prevent service disruptions over HTTPS.
The notifications also alert you to any issues that could prevent NS1 Connect from automatically renewing the certificates. Issues can be related to Domain Name System Security Extensions (DNSSEC) configuration, Certification Authority Authorization (CAA) records, rate limit exceeded, configuration issues with the zones, or authoritative transfer (AXFR) configurations.
If NS1 Connect is your primary DNS provider and you have another primary DNS provider, make sure that you resolve any misconfigurations that could affect the renewal of the certificates.
NS1 Connect checks the status of certificates daily and sends a first notification 29 days before the expiry date. If the certificate isn't updated or if any issues with the certificate persist, NS1 Connect sends notifications at the following intervals before the expiry date: 21 days, 14 days, 7 days, 5 days, 3 days, 2 days, 1 day, and on the day of expiry.
Alerts for incoming zone transfers
Two types of alerts are available: Incoming zone transfer failed and Issue with an external primary, both of which might indicate a misconfiguration or a network issue.
An alert for Incoming zone transfer failed is triggered if none of the primary servers can be reached; therefore, the incoming zone transfer fails and the secondary zone data is potentially outdated.
An alert for an Issue with an external primary is triggered whenever there is an issue connecting with one of the primary servers, even if the zone transfer was successful. If there are multiple primary servers associated with a secondary zone, NS1 Connect sends a zone transfer request to the first server listed. If the request fails, NS1 Connect sends a request to the next primary server listed, and so on, until it is successful.