# DNS Rebind

{% hint style="success" %}
DNS Rebind **automatic** resolution is implemented starting from v3.8.4, older version can solve this by following the troubleshooting guide: [Connector Connection Issues](/t1c-js-guide-v3/miscellaneous/troubleshooting/connector-connection-issues.md)
{% endhint %}

## Introduction

The connector is using a DNS (depending on the connector partner), with a default value of:&#x20;

> [https://t1c.t1t.io](https:t1c.t1t.io)

The given URL is registered with DNSSEC enabled, and resolves to a 'localhost' domain.&#x20;

Although the connector can run in a different mode (http, localhost, custom domain name, etc.), to solve the above issue, the following causes are probable:

* DNS Rebind is enforced from your router or ISP (Internet Service Provider)
* The domain name is not whitelisted in your internal network
* A local proxy is running and prevents the internal connector communication
* An antivirus is blocking the connector communication
* Your (custom) DNS server does not contain resolution for localhost and t1c.t1t.io

The functionality for automatic DNS Rebind resolutation solves the local connectivity issue by adding the DNS used by the connector to the host file of the device.&#x20;

As the connector is running in user-mode, and thus not have elevated rights, a separate process will be started on the operating system, asking the user to enter the \`admin password\` only with the purpose of adding the record to the host file of the system.&#x20;

When a user does not have \`administrator\` access to his device, and IT administrator can solve the issue (an apply it to all users from that domain).&#x20;

{% hint style="info" %}
When installing the Trust1Connector in an owned system network, by default we ask to:

* allow the outbound DNS for the Distribution Server
* whitelist the local DNS used (t1c.t1t.io) on the router(s) or firewall(s)
* allow or whitelist the local DNS in anti-virus agents

Typically when one of the above apply, and is not executed, the connector will run, but may not be reachable.
{% endhint %}

### Logical Flow

The following diagram show the logic begin the one-time check. The process runs on startup on a seperate system thread, and when executed succesfully, persists a marker file (.dnsrebind) in the installation directory of the connector.

<figure><img src="/files/O4OLGOgHYMMQKFNj4biJ" alt=""><figcaption><p>DNS Rebind logical flow</p></figcaption></figure>

```mermaid
flowchart LR
    AA((Start)) --> A
    A[Check connectivity] --> B{Is connected?}
    B -->|yes| D((END))
    
    B -->|no| F{Marker exists?}
    F -->|yes| G[Check connectivity]
    
    F -->|no| H{Host file updated?}
    H -->|yes| G[Check connectivity]
    H -->|no| J[Append domain to hostfile]
    
    J --> K{Marker exists?}
    K -->|no| M[Create marker]
    
    M --> G[Check connectivity]
    K -->|yes| G[Check connectivity]
    
    G --> O{Is connected?}
    O -->|yes| P[End]
    O -->|no| Q[Error message]
    Q --> P((END))
```

### Process States

#### Clean

Starting from from a clean installation, it will go trough the flow above and based on the outcome of the DNS resolving, the process will update the hostfile and create the markerfile

#### Success - marker present&#x20;

The process will go trough the flow above and when successful, a DNS check is executed which a successful response.

#### Success - no marker present&#x20;

The process will go trough the flow above and when successful, the process will create the marker file without the need of updating the hostfile

#### Failure - marker present&#x20;

The process will go trough the flow above and when \`failure\`, the process will see the marker file, resulting in a error message that it could not resolve the domain. In this scenario, the markerfile indicates that the hostfile has been updated so the problem must be elsewhere.

#### Failure - no marker present&#x20;

The process will go trough the flow above and when \`failure\`, the process will create the marker file and update the hostfile. When the final DNS check fails and it will return an error message.

Here the markerfile also indicates that the hostfile has been updated so the problem must be elsewhere.

{% hint style="info" %}
When the markerfile \`.dnsrebind\` is present in the connector directory, this means that the DNS entry has been added (or is already present) in the local host file.

Adding the .dnsrebind file in the user folder, prevents the logic to be executed at service startup.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://t1t.gitbook.io/t1c-js-guide-v3/core/dns-rebind.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.